CN105075306A - Method and network device for security authentication of mobile communication system - Google Patents

Method and network device for security authentication of mobile communication system Download PDF

Info

Publication number
CN105075306A
CN105075306A CN201380070865.9A CN201380070865A CN105075306A CN 105075306 A CN105075306 A CN 105075306A CN 201380070865 A CN201380070865 A CN 201380070865A CN 105075306 A CN105075306 A CN 105075306A
Authority
CN
China
Prior art keywords
access network
network elements
lte
ciphering key
sgsn
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201380070865.9A
Other languages
Chinese (zh)
Other versions
CN105075306B (en
Inventor
陈璟
靳维生
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN105075306A publication Critical patent/CN105075306A/en
Application granted granted Critical
Publication of CN105075306B publication Critical patent/CN105075306B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are a method and a network device for security authentication of a mobile communication system. The method for security authentication of a mobile communication system comprises: an HSS receiving a request for a special authentication vector sent by a network element of an access network, wherein the request for a special authentication vector is sent by the network element of the access network after receiving a request for an authentication vector sent by an SGSN; the HSS generating a special authentication vector according to the request for a special authentication vector; and the HSS sending the special authentication vector to the network element of the access network, so that the network element of the access network, the SGSN, and an LTE UE complete security authentication. The disclosed method and network device for security authentication of a mobile communication system enable an LTE UE to use a 2G/3G network.

Description

Method and network device for security authentication of mobile communication system
The method and the network equipment of the safe ^ testimony of a witnesies of GSM
Technical field
The present embodiments relate to the communications field, more particularly to GSM safety certification method and the network equipment.
Background technology Long Term Evolution(Long Term Evolution, cylinder is referred to as " LTE ")/System Architecture Evolution (System Architecture Evolution, cylinder is referred to as " SAE ") network is normal structure third generation partner program(3rd Generation Partnership Project, cylinder is referred to as " 3GPP ") formulate new GSM.This network will be existing including WCDMA(Wideband Code Division Multiple Access, cylinder is referred to as " WCDMA ") network, Time Division-Synchronous Code Division Multiple Access(Time Division-Synchronous Code Division Multiple Access, cylinder is referred to as " TD-SCDMA ") network, the next step evolution tendency of 3G network including CDMA 2000 (Code Division Multiple Access 2000, cylinder is referred to as " CDMA2000 ") network.At present in some countries, the LTE/SAE networks for having had business to dispose are currently running.Safety is the essential characteristic of GSM commercial operation, and certification is a key property in security feature.UMTS (Universal Mobile Telecommunication System, cylinder is referred to as " UMTS ") network and LTE/SAE networks have formulated Authentication and Key Agreement(Authentication and Key Agreement, cylinder is referred to as " AKA ") mechanism performs the two-way authentication between UE and network.The bidirectional authentication mechanism of UMTS network is referred to as UMTS AKA, and the bidirectional authentication mechanism of LTE/SAE networks is referred to as evolved packet system(Evolved Packet System, cylinder is referred to as " EPS ") AKA.Under some special screnes, LTE user equipmenies are there is(User Equipment, cylinder is referred to as " UE ") pass through the situation of LTE access networks access 2G/3G core nets.Because 2G/3G core nets can only obtain UMTS AV from HSS, and LTE UE can refuse to be authenticated using UMTS AV when accessing by LTE network, therefore LTE UE can not access 2G/3G core nets by LTE access networks.The content of the invention
In view of this, the embodiments of the invention provide a kind of method of safety certification of GSM and the network equipment, LTE UE can be made to use 2G/3G networks. First aspect there is provided a kind of safety certifying method of GSM, including:
HSS receives the request for the special Ciphering Key of requirement that access network elements are sent, and this requires that the request of special Ciphering Key is sent after the request of the requirement Ciphering Key of SGSN transmissions is received by the access network elements;
The HSS requires the request of special Ciphering Key according to this, generates special Ciphering Key;
The special Ciphering Key is sent to the access network elements by the HSS, so that the access network elements, SGSN the and LTE UE complete safety certification.
In the first possible implementation, this requires that the request of Ciphering Key is that the SGSN is sent after the UMTS attach request message of access network elements transmission is received, the UMTS attach request message is that attach request message is changed gained by the access network elements, and the attach request message is sent by the LTE UE.
In second of possible implementation, with reference to the first possible implementation of first aspect or first aspect, it should include so as to the access network elements, SGSN and LTE UE completions safety certification:The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN sends UMTS AKA authentication challenges and gives the access network elements, the UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
In the third possible implementation, with reference to first aspect or first aspect the first to second of possible implementation, XRES, CK, IK are included in the special Ciphering Key;
It should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the SGSN by the access network elements, the SGSN compares the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and should LTE UE share the KASME
In the 4th kind of possible implementation, with reference to the third possible implementation of first aspect, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
In the 5th kind of possible implementation, with reference to first aspect or first to fourth any possible implementation of first aspect, this, which requires that the request of special Ciphering Key is received to send after the request of the requirement Ciphering Key of SGSN transmissions by the access network elements, includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
In the 6th kind of possible implementation, with reference to first aspect or first to the 5th any possible implementation of first aspect, the HSS requires the request of special Ciphering Key according to this, and generating special Ciphering Key includes:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
In the 7th kind of possible implementation, with reference to the 6th kind of possible implementation of first aspect, the EPS AV are converted into UMTS AV forms by the HSS to be included:
The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
In the 8th kind of possible implementation, with reference to the 3rd to the 7th any possible implementation of first aspect, the access network elements generate K according to CK the and/or Ι ΚASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, should according to the CK and/or IK generations KASME。
Second aspect there is provided a kind of safety certifying method of GSM, including:
SGSN receives access network elements and sends UMTS attach request message, and the UMTS attach request message is that the attach request message that the access network elements send LTE UE changes gained;The SGSN sends the request for requiring Ciphering Key to the access network elements, received so as to the access network elements after the request that this requires Ciphering Key, sent to HSS and require the request of special Ciphering Key, and then be sent to this so that the HSS requires that the request of special Ciphering Key is generated according to this after special Ciphering Key and connect people's network element;
The SGSN, which is received, to be come from after the special Ciphering Key of the access network elements, is sent UMTS AKA authentication challenges and is given the access network elements, so that the SGSN, the access network elements and the LTE UE complete safety certification.
In the first possible implementation, it should include so that the SGSN, the access network elements and the LTE UE complete safety certification:
The UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
In second of possible implementation, with reference to the first possible implementation of second aspect or second aspect, the special Ciphering Key includes XRES, CK, IK;
It should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the SGSN by the access network elements, the SGSN compares the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME。 In the third possible implementation, second of possible implementation of second aspect is tied, should
SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
In the 4th kind of possible implementation, with reference to second aspect or second aspect the first to the third any possible implementation, this is received so as to the access network elements after the request that this requires Ciphering Key, is sent to HSS and is required that the request of special Ciphering Key includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
In the 5th kind of possible implementation, with reference to second aspect or second aspect the first to the 4th kind of possible implementation, should require that the request of special Ciphering Key generated the special Ciphering Key and included according to this so as to the HSS:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
In the 6th kind of possible implementation, with reference to the 5th kind of possible implementation of second aspect, the EPS AV are converted into UMTS AV forms by the HSS to be included:
The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
In the 7th kind of possible implementation, with reference to second to the 6th kind any possible implementation of second aspect, the access network elements generate K according to CK the and/or Ι ΚASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, should according to the CK and/or IK generations
KASME。 The third aspect there is provided a kind of safety certifying method of GSM, including:The attach request message for coming from LTE UE is converted to UMTS attach request message by access network elements;
The UMTS attach request message is sent to SGSN by the access network elements, requires that the access network elements are given in the request of Ciphering Key so that the SGSN receives to send after the UMTS attach request message;
The access network elements, which receive to send after the request that this requires Ciphering Key, requires that the HSS is given in the request of special Ciphering Key, so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key, and then so that the special Ciphering Key is sent to the access network network element by the HSS;
The access network elements receive UMTS AKA authentication challenges, and the special Ciphering Key is sent to after the SGSN and sent by the SGSN by the UMTS AKA authentication challenges for the access network elements;
The UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, so that the access network elements, the SGSN and the LTE UE complete safety certification.
In the first possible implementation, it should include so that the access network elements, the SGSN and the LTE UE complete safety certification:
The LTE UE verify generation RES and key K after the LTE AKA authentication challengesASME;
The access network elements receive the LTE AKA authentication responses comprising the RES of LTE UE transmissions, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
In second of possible implementation, with reference to the first possible implementation of the third aspect or the third aspect, the special Ciphering Key includes XRES, CK and IK;
It should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:The access network elements are converted to the LTE AKA authentication responses comprising the RES UMTS AKA authentication responses comprising the RES, the UMTS AKA authentication responses comprising the RES are sent to the SGSN by the access network elements, so as to the SGSN compare the RES and the XRES it is whether identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN;
The access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE It is early this KASME ° altogether
In the third possible implementation, with reference to second of possible implementation of the third aspect, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
In the 4th kind of possible implementation, with reference to the third aspect or first to the 3rd any possible implementation of the third aspect, the access network elements, which receive to send after the request that this requires Ciphering Key, requires that the request of special Ciphering Key includes to the HSS:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
In the 5th kind of possible implementation, with reference to the third aspect or first to fourth any possible implementation of the third aspect, it should include so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
In the 6th kind of possible implementation, with reference to the 5th kind of possible implementation of the third aspect, the EPS AV are converted into UMTS AV forms by the HSS to be included:
The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
In the 7th kind of possible implementation, with reference to second to the 6th any possible implementation of the third aspect, the access network elements generate K according to CK the and/or Ι ΚASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, should according to the CK and/or IK generations KASME。
Fourth aspect there is provided a kind of HSS, including:Receiving module, processing module, sending module;The receiving module is used for the request for receiving the special Ciphering Key of requirement of access network elements transmission, and this requires that the request of special Ciphering Key is sent after the request of the requirement Ciphering Key of SGSN transmissions is received by the access network elements;
The processing module is used for the request that special Ciphering Key is required according to this, generates special Ciphering Key;The sending module is used to the special Ciphering Key being sent to the access network elements, so that the access network elements, SGSN the and LTE UE complete safety certification.
In the first possible implementation, this requires that the request of Ciphering Key is that the SGSN is sent after the UMTS attach request message of access network elements transmission is received, the UMTS attach request message is that attach request message is changed gained by the access network elements, and the attach request message is sent by the LTE UE.
In second of possible implementation, with reference to the first possible implementation of fourth aspect or fourth aspect, it should include so as to the access network elements, SGSN and LTE UE completions safety certification:The special Ciphering Key is sent to the SGSN by the access network elements, and the SGSN sends UMTS
AKA authentication challenges give the access network elements, the UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
In the third possible implementation, with reference to fourth aspect or fourth aspect the first to second of possible implementation, XRES, CK, IK are included in the special Ciphering Key;
It should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the SGSN by the access network elements, the SGSN compares the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access by the SGSN Network element, the access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME
In the 4th kind of possible implementation, with reference to the third possible implementation of fourth aspect, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
In the 5th kind of possible implementation, with reference to fourth aspect or first to fourth any possible implementation of fourth aspect, this, which requires that the request of special Ciphering Key is received to send after the request of the requirement Ciphering Key of SGSN transmissions by the access network elements, includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
In the 6th kind of possible implementation, with reference to fourth aspect or first to the 5th any possible implementation of fourth aspect, the processing module is used for the request that special Ciphering Key is required according to this, and generating special Ciphering Key includes:
The processing module is used for for LTE UE generation EPS AV;
The processing module is used to the EPS AV being converted into UMTS AV forms, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
In the 7th kind of possible implementation, with reference to the 6th kind of possible implementation of fourth aspect, the processing module includes for the EPS AV to be converted into UMTS AV forms:
The processing module be used for using the RAND in the EPS AV as the UMTS AV RAND, the processing module be used for using the AUTN in the EPS AV as the UMTS AV AUTN, the processing module is used for the XRES in the EPS AV as the XRES of the UMTS AV, and the processing module is used for the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
In the 8th kind of possible implementation, the 3rd to the 7th with reference to fourth aspect is any possible Implementation, the access network elements generate K according to the CK and/or IKASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, should according to the CK and/or IK generations
KASME。
There is provided a kind of SGSN in terms of 5th, including:Receiving module;Sending module;
The receiving module is used for the UMTS attach request message for receiving access network elements transmission, should
UMTS attach request message is that the attach request message that the access network elements send LTE UE changes gained;
The sending module is used to send the request for requiring Ciphering Key to the access network elements, received so as to the access network elements after the request that this requires Ciphering Key, the request for requiring special Ciphering Key is sent to HSS, and then so that the HSS requires that the request of special Ciphering Key is sent to the access network elements after generating the special Ciphering Key according to this;
The receiving module is additionally operable to receive the special Ciphering Key for coming from the access network elements, the sending module be additionally operable to the receiving module receive after the special Ciphering Key send UMTS AKA authentication challenges give the access network elements, so as to the SGSN, the access network elements and the LTE UE complete safety certification.
, should be so as to the SGSN, the access network elements and the LTE in the first possible implementation
UE, which completes safety certification, to be included:
The UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
In second of possible implementation, with reference to the 5th aspect or the first possible implementation of the 5th aspect, the SGSN also includes processing module;
The special Ciphering Key includes XRES, CK, IK;
It should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:The LTE AKA authentication responses are converted to UMTS AKA authentication responses and will by the access network elements The UMTS AKA authentication responses are sent to the receiving module, the processing module is used to compare the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the sending module, and the access network elements are just blunt to generate K according to the CK and/or IKASME, the CK and/or IK send by the sending module, and the access network elements and the LTE UE share the KASME
In the third possible implementation, second of possible implementation of the aspect of knot the 5th, the processing module is used to compare whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
In the 4th kind of possible implementation, with reference to the 5th aspect or the 5th aspect the first to the third any possible implementation, this is received so as to the access network elements after the request that this requires Ciphering Key, is sent to HSS and is required that the request of special Ciphering Key includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
In the 5th kind of possible implementation, with reference to the 5th aspect or the 5th aspect the first to the 4th kind of possible implementation, should require that the request of special Ciphering Key generated the special Ciphering Key and included according to this so as to the HSS:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
In the 6th kind of possible implementation, with reference to the 5th kind of possible implementation of the 5th aspect, the EPS AV are converted into UMTS AV forms by the HSS to be included:
The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV. In the 7th kind of possible implementation, with reference to second to the 6th kind any possible implementation of the 5th aspect, the access network elements generate K according to the CK and/or IKASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, should according to the CK and/or IK generations
KASME。
There is provided a kind of access network elements in terms of 6th, including:Receiving module, processing module, sending module;
The receiving module is used to receive the attach request message from LTE UE;The processing module is used to the attach request message being converted to UMTS attach request message;
The sending module is used to the UMTS attach request message being sent to SGSN, requires that the receiving module is given in the request of Ciphering Key so that the SGSN receives to send after the UMTS attach request message;The sending module, which is additionally operable to send after the receiving module receives the request that this requires Ciphering Key, requires that the HSS is given in the request of special Ciphering Key, so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key, and then so that the special Ciphering Key is sent to the receiving module by the HSS;
The receiving module is additionally operable to receive UMTS AKA authentication challenges, and the special Ciphering Key is sent to after the SGSN and sent by the SGSN by the UMTS AKA authentication challenges for the sending module;The processing module is additionally operable to the UMTS AKA authentication challenges being converted into LTE AKA authentication challenges, the sending module is additionally operable to the LTE AKA authentication challenges being sent to the LTE UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
, should be so as to the access network elements, the SGSN and the LTE in the first possible implementation
UE, which completes safety certification, to be included:
The LTE UE verify generation RES and key K after the LTE AKA authentication challengesASME;
The receiving module is used for the LTE AKA authentication responses comprising the RES for receiving LTE UE transmissions, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
In second of possible implementation, with reference to the 6th aspect or the first possible implementation of the 6th aspect, the special Ciphering Key includes XRES, CK and IK; It should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:The processing module is additionally operable to being converted to the LTE AKA authentication responses comprising the RES into the UMTS AKA authentication responses comprising the RES, the sending module is additionally operable to the UMTS AKA authentication responses comprising the RES being sent to the SGSN, so as to the SGSN compare the RES and the XRES it is whether identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN;
The processing module is additionally operable to according to the CK and/or IK generations KASME, the access network elements and the LTE UE early KASME altogether.
In the third possible implementation, with reference to second of possible implementation of the 6th aspect, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
In the 4th kind of possible implementation, with reference to the 6th aspect or first to the 3rd any possible implementation of the 6th aspect, the sending module, which is additionally operable to send after the receiving module receives the request that this requires Ciphering Key, requires that the request of special Ciphering Key includes to the HSS:
The receiving module be used to receiving SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the processing module, which is used to identify,;
The processing module is additionally operable to the addition configured information in the Ciphering Key and generates the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
In the 5th kind of possible implementation, with reference to the 6th aspect or first to fourth any possible implementation of the 6th aspect, it should include so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
In the 6th kind of possible implementation, with reference to the 5th kind of possible implementation of the 6th aspect, the EPS AV are converted into UMTS AV forms by the HSS to be included: The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASME(256bits) is split as two parts, respectively as the CK and the IK of the UMTS AV.
In the 7th kind of possible implementation, with reference to second to the 6th any possible implementation of the 6th aspect, the processing module is further used for according to create-rule KASME=CKIIIK, the K is generated according to the CK and/or IKASME
By such scheme, LTE UE can be made to use 2G/3G networks.Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, cylinder will be made to the required accompanying drawing used in the embodiment of the present invention below singly to introduce, apparently, drawings in the following description are only some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the indicative flowchart of the authentication method of GSM according to embodiments of the present invention;Fig. 2 is the signal map flow chart of the authentication method of GSM according to another embodiment of the present invention;
Fig. 3 is the indicative flowchart of the authentication method of GSM according to another embodiment of the present invention;
Fig. 4 is the indicative flowchart of the authentication method of GSM according to another embodiment of the present invention;
Fig. 5 is the schematic block diagram of home subscriber server according to embodiments of the present invention;
Fig. 6 is the schematic block diagram of GPRS Service support nodes according to embodiments of the present invention;Fig. 7 is the schematic block diagram of access network elements according to embodiments of the present invention;
Fig. 8 is the schematic block diagram of home subscriber server according to another embodiment of the present invention;Fig. 9 is the schematic block diagram of GPRS Service support nodes according to another embodiment of the present invention; Figure 10 is the schematic block diagram of access network elements according to another embodiment of the present invention.Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art are obtained on the premise of creative work is not made should all belong to the scope of protection of the invention.
It should be understood that the technical scheme of the embodiment of the present invention can apply to various 2G or 3G communication systems, such as:Global system for mobile telecommunications(Global System of Mobile communication, cylinder is referred to as " GSM ") system, CDMA(Code Division Multiple Access, cylinder is referred to as " CDMA ") system, WCDMA(Wideband Code Division Multiple Access, cylinder is referred to as " WCDMA ") system, GPRS(General Packet Radio Service, cylinder be referred to as " GPRS "), UMTS (Universal Mobile Telecommunication System, cylinder is referred to as " UMTS "), global interconnection inserting of microwave (Worldwide Interoperability for Microwave Access, cylinder is referred to as " WiMAX ") communication system etc..
Access network elements in the embodiment of the present invention, are a kind of enhanced access network elements, for supporting LTE UE to access 2G/3G core nets.In all embodiments are invented, access network elements can possess following function:LTE eNB function, LTE UE can need not modify and access 2G/3G core nets by the access network elements, and make that LTE UE think that it is accessing is LTE network, rather than 2G/3G core nets;Access network elements in the embodiment of the present invention can also realize part mobility management entity(Mobility Management Entity, cylinder is referred to as " Μ Μ Ε ") function, such as safety protection function to NAS signaling.
Fig. 1 shows the indicative flowchart of the method 100 of the safety certification of GSM according to embodiments of the present invention.As shown in figure 1, this method 100 includes:
S110, HSS receive the request for the special Ciphering Key of requirement that access network elements are sent, and this requires that the request of special Ciphering Key is sent after the request of the requirement Ciphering Key of SGSN transmissions is received by the access network elements; S120, the HSS require the request of special Ciphering Key according to this, generate special Ciphering Key;
The special Ciphering Key is sent to the access network elements by S130, the HSS, so that the access network elements, SGSN the and LTE UE complete safety certification.
In embodiments of the present invention, in order that LTE UE can use 2G or 3G network, identify it is after LTE UE access 2G/3G networks in access network elements, HSS is that the LTE UE generate special Ciphering Key, so that the SGSN, the access network elements and the LTE UE complete safety certification, LTE UE are allow to use 2G or 3G core nets.
Alternatively, this requires that the request of Ciphering Key is that the SGSN is sent after the UMTS attach request message of access network elements transmission is received, the UMTS attach request message is that attach request message is changed gained by the access network elements, and the attach request message is sent by the LTE UE.
Alternatively, it should include so as to the access network elements, SGSN and LTE UE completions safety certification:The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN sends UMTS AKA authentication challenges and gives the access network elements, the UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
Alternatively, XRES, CK, IK are included in the special Ciphering Key;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the SGSN by the access network elements, the SGSN compares the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and should
LTE UE share the KASME
Alternatively, the SGSN compares whether the RES and XRES identical also includes, when this compares knot Fruit is when differing, termination carries out safety certification.
Alternatively, this, which requires that the request of special Ciphering Key is received to send after the request of the requirement Ciphering Key of SGSN transmissions by the access network elements, includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
Alternatively, the HSS requires the request of special Ciphering Key according to this, and generating special Ciphering Key includes:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
Alternatively, the EPS AV are converted into UMTS AV forms by the HSS includes:
The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Alternatively, the access network elements are just blunt generates K according to CK the and/or Ι ΚASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, the K is generated according to the CK and/or IKASME。
In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G network by access network elements, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G or 3G resources of core network. Fig. 2 shows the indicative flowchart of the method 200 of the safety certification of GSM according to embodiments of the present invention.Fig. 2 and its disclosed method of explanation, can be based on Fig. 1 of the embodiment of the present invention and based on the method disclosed in Fig. 1 of the embodiment of the present invention.As shown in Fig. 2 this method 200 includes:
S210, SGSN receive access network elements and send UMTS attach request message, and the UMTS attach request are that the attach request message that the access network elements send LTE UE changes gained;S220, the SGSN sends the request for requiring Ciphering Key to the access network elements, received so as to the access network elements after the request that this requires Ciphering Key, the request for requiring special Ciphering Key is sent to HSS, and then so that the HSS requires that the request of special Ciphering Key is sent to the access network elements after generating the special Ciphering Key according to this;
S230, the SGSN, which are received, to be come from after the special Ciphering Key of the access network elements, is sent
UMTS AKA authentication challenges give the access network elements, so that the SGSN, the access network elements and the LTE UE complete safety certification.
In embodiments of the present invention, identify that LTE UE are accessed after the scene of 2G or 3G core nets by access network elements, access network elements are to the special Ciphering Key of HSS acquisition requests, HSS generates special Ciphering Key according to the SGSN request, SGSN, access network elements and the LTE UE is completed safety certification, be implemented without making LTE UE use 2G or 3G core nets under conditions of modifying to LTE UE.
Alternatively, it should include so that the SGSN, the access network elements and the LTE UE complete safety certification:The UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
Alternatively, the special Ciphering Key includes XRES, CK, IK;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The LTE AKA authentication responses are converted to UMTS AKA authentication responses and will by the access network elements The UMTS AKA authentication responses are sent to the SGSN, the SGSN compares the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME
Alternatively, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
Alternatively, it should be received so as to the access network elements after the request that this requires Ciphering Key, and be sent to HSS and require that the request of special Ciphering Key includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.Alternatively, it should require that the request of special Ciphering Key generated the special Ciphering Key and included according to this so as to the H S S:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
Alternatively, the EPS AV are converted into UMTS AV forms by the HSS includes:
The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Alternatively, the access network elements are just blunt generates K according to CK the and/or Ι ΚASMEIncluding:
The access network elements are according to create-rule KASME=CKI IIK, the KASME is generated according to the CK and/or IK.
In the embodiment of the present invention, the message transmitted by LTE UE is converted to by the access network elements and is applied to
2G or 3G network message, identify that LTE UE access 2G by the access network elements by access network elements Or after the scene of 3G network, HSS generates special Ciphering Key, the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G or 3G resources of core network.
Fig. 3 shows the indicative flowchart of the method 300 of the safety certification of GSM according to embodiments of the present invention.Fig. 3 and its disclosed method of explanation, can be based on Fig. 1 of the embodiment of the present invention to Fig. 2 and based on the method disclosed in Fig. 1 of the embodiment of the present invention to Fig. 2.As shown in figure 3, this method 300 includes:The attach request message for coming from LTE UE is converted to UMTS attach request message by S310, access network elements;
The UMTS attach request message is sent to SGSN by S320, the access network elements, requires that the access network elements are given in the request of Ciphering Key so that the SGSN receives to send after the UMTS attach request message;
S330, the access network elements, which receive to send after the request that this requires Ciphering Key, requires that the HSS is given in the request of special Ciphering Key, so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key, and then so that the special Ciphering Key is sent to the access network network element by the HSS;
S340, the access network elements receive UMTS AKA authentication challenges, and the special Ciphering Key is sent to after the SGSN and sent by the SGSN by the UMTS AKA authentication challenges for the access network elements;
The UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by S350, the access network elements, so that the access network elements, the SGSN and the LTE UE complete safety certification.
In embodiments of the present invention, the LTE UE information sent is converted to the information suitable for 2G or 3G network system by access network elements, the scene that 2G or 3G network are accessed for LTE UE is identified by access network elements, special Ciphering Key is generated by HSS, access network elements, SGSN and LTE UE are enable to complete safety certification so that LTE UE can use existing 2G or 3G core nets.
Alternatively, the access network elements, the SGSN and the LTE UE, which complete safety certification, includes:The LTE UE verify generation RES and key K after the LTE AKA authentication challengesASME; The access network elements receive the LTE AKA authentication responses comprising the RES of LTE UE transmissions, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
Alternatively, the special Ciphering Key includes XRES, CK and IK;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The access network elements are converted to the LTE AKA authentication responses comprising the RES UMTS AKA authentication responses comprising the RES, the UMTS AKA authentication responses comprising the RES are sent to the SGSN by the access network elements, so as to the SGSN compare the RES and the XRES it is whether identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN;
The access network elements are just blunt to generate K according to the CK and/or IKASME, the access network elements and the LTE UE are early this KASME ° altogether
Alternatively, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.Alternatively, the access network elements, which receive to send after the request that this requires Ciphering Key, requires that the request of special Ciphering Key includes to the HSS:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
Alternatively, it should include so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
Alternatively, the EPS AV are converted into UMTS AV forms by the HSS includes:
The HSS is using the RAND in the EPS AV as the RAND of the UMTS AV, and the HSS is using the AUTN in the EPS AV as the AUTN of the UMTS AV, and the HSS is by the EPS AV In XRES as the XRES of the UMTS AV, the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Alternatively, the access network elements are just blunt generates K according to CK the and/or Ι ΚASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, the ASME is generated according to the CK and/or IK.
In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G core nets by access network elements, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G or 3G resources of core network.
Fig. 4 shows the indicative flowchart of the method 400 of the safety certification of GSM according to embodiments of the present invention.Fig. 1 of the embodiment of the present invention refers to Fig. 4 and its disclosed method of explanation to Fig. 3 and based on Fig. 3 disclosed in Fig. 1 of the embodiment of the present invention to Fig. 3 and based on the method disclosed in Fig. 1 of the embodiment of the present invention to Fig. 3.As shown in figure 4, this method 400 includes:
Alternatively, LTE UE are linked into 2G/3G core nets by access network elements, and RRC connections are set up between LTE UE and access network elements.
LTE UE send attach request message to access network elements, access network elements are converted to the attach request message received at LTE UE UMTS attach request message recognizable 2G/3G core nets SGSN in UMTS system, and the UMTS attach request message after conversion is sent to SGSN by access network elements.
SGSN sends and requires that the access network elements are given in the request of Ciphering Key, the access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is that LTE UE access 2G or 3G network, further, access network elements can identify the UE types by the access network elements that access network elements, which are identified, i.e. access network elements can recognize that LTE UE accesses 2G or 3G network;
Access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.Configured information in the request for the special Ciphering Key that the HSS is sent according to the access network elements identifies that this scene accesses the scene of 2G/3G networks for LTE UE.The HSS generates the special Ciphering Key, including:
Alternatively, the HSS is LTE UE generation EPS AV;
Further,
0th bit in the AMF of authentication management domain is set to 1 to indicate this Ciphering Key as EPS by HSS
AV;
HSS generates RAND, AUTN, CK, IK and XRES;
HSS is deduced according to CK and IK and is obtained KASME, and rule of inference can be KASME=KDF (CK, IK), KDF are secret key deduction function;
EPS AV are by KASME, AUTN, XRES, RAND compositions, the value of the 0th bit of the AMF parameters in wherein AUTN is 1.
Alternatively, the EPS AV are converted into UMTS AV formats by the HSS, to allow EPS AV to be sent to SGSN by existing UMTS authentication responses.The method that EPS AV are converted into UMTS AV forms includes:Using RAND, AUTN and XRES in EPS AV as UMTS AV RAND, AUTN and XRES, by the K in EPS AVASME(256bits) is split as two parts, respectively as UMTS AV CK (128bits) and IK (128bits).The EPS AV are converted into after UMTS AV formats, and the value of the 0th bit of the AMF in AUTN remains as 1.It is the special Ciphering Key by the EPS AV vectors for being converted into gained after UMTS AV forms.
The special Ciphering Key is transferred to the access network elements by the HSS, and the special Ciphering Key is sent to the SGSN by access network elements again;
The SGSN performs UMTS AKA identifying procedures according to the special Ciphering Key received from the access network elements.SGSN sends the war of UMTS AKA certifications 4 to access network elements, and RAND and AUTNo is included in the UMTS AKA authentication challenges The UMTS AKA authentication challenges received are converted into LTE AKA authentication challenges by access network elements.RAND and AUTN in UMTS AKA authentication challenges, which are placed in LTE AKA authentication challenges, is sent to LTE UE.
LTE UE verify AUTN.Further, because the value of AMF the 0th bit in AUTN is 1, therefore LTE UE can pass through the inspection to AMF.LTE UE generate RES and key KASME
LTE UE send LTE AKA authentication responses to access network elements, and RES is included in the LTE AKA authentication responses.
LTE AKA authentication responses are converted to UMTS AKA authentication responses by access network elements, and the RES in LTE AKA authentication responses is placed in UMTS AKA authentication responses and is sent to SGSN.
SGSN compares the RES and whether the XRES is identical.
Alternatively, differed if comparative result is the RES and the XRES, stop to carry out safety certification;
Alternatively, if comparative result is that the RES is identical with the XRES, SGSN initiates safety mode process, and in safety mode process, CK and/or IK are sent to access network elements.
Alternatively, access network elements generate K according to CK and/or IKASME.Alternatively, access network elements generate K according to CK and/or IKASMECreate-rule be KASME=CKIIIK, " II " represents series connection, i.e., IK is added in behind CK.
Access network elements and LTE UE shared keys KASME
Alternatively, LTE NAS SMC flows and LTE AS SMC flows are performed between access network elements and LTE UE set up LTE and eat dishes without rice or wine safety.
In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G core nets by SGSN, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G or 3G resources of core network. Fig. 5 shows the schematic block diagram of the home subscriber server 500 of the safety certification of GSM according to embodiments of the present invention.Fig. 5 and its disclosed device of explanation, can be based on Fig. 1 of the embodiment of the present invention to Fig. 4 and based on the method disclosed in Fig. 1 of the embodiment of the present invention to Fig. 4.As shown in figure 5, home subscriber server HSS500 includes:Receiving module 510, processing module 520, sending module 530;The receiving module 510 is used for the request for receiving the special Ciphering Key of requirement of access network elements transmission, and this requires that the request of special Ciphering Key is sent after the request of the requirement Ciphering Key of SGSN transmissions is received by the access network elements;
The processing module 520 is used for the request that special Ciphering Key is required according to this, generates special Ciphering Key;
The sending module 530 is used to the special Ciphering Key being sent to the access network elements, so that the access network elements, SGSN the and LTE UE complete safety certification.
In embodiments of the present invention, in order that LTE UE can use 2G or 3G network, identify it is after LTE UE access 2G/3G core nets in access network elements, HSS is that the LTE UE generate special Ciphering Key, so that the SGSN, the access network elements and the LTE UE complete safety certification, LTE UE are allow to use 2G or 3G core nets.
Alternatively, this requires that the request of Ciphering Key is that the SGSN is sent after the UMTS attach request message of access network elements transmission is received, the UMTS attach request message is that attach request message is changed gained by the access network elements, and the attach request message is sent by the LTE UE.
Alternatively,
It should include so as to the access network elements, SGSN and LTE UE completions safety certification:The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN sends UMTS AKA authentication challenges and gives the access network elements, the UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification. Alternatively, XRES, CK, IK are included in the special Ciphering Key;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The LTE Α Κ Α authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the SGSN by the access network elements, the SGSN compares the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME
Alternatively, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
Optionally, this, which requires that the request of special Ciphering Key is received to send after the request of the requirement Ciphering Key of SGSN transmissions by the access network elements, includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
Alternatively, the processing module 520 is used for the request that special Ciphering Key is required according to this, and generating special Ciphering Key includes:
The processing module 520 is used for for LTE UE generation EPS AV;
Further,
The processing module 520 is used to the 0th bit in the AMF of authentication management domain being set to 1 to indicate this Ciphering Key as EPS AV;
The processing module 520 is used to generate RAND, AUTN, CK, IK and XRES;
The processing module 520, which is used to be deduced according to CK and IK, obtains KASME, and rule of inference can be KASME=KDF (CK, IK), KDF are secret key deduction function;
EPS AV are by KASME, AUTN, XRES, RAND compositions, the AMF in wherein AUTN The value of 0th bit of parameter is 1.
Alternatively, the processing module 520 is used to the EPS AV being converted into UMTS AV formats, to allow EPS AV to be sent to SGSN by existing UMTS authentication responses.The method that EPS AV are converted into UMTS AV forms includes:Using RAND, AUTN and XRES in EPS AV as UMTS AV RAND, AUTN and XRES, by the K in EPS AVASME(256bits) is split as two parts, respectively as UMTS AV CK (128bits) and IK (128bits).The EPS AV are converted into after UMTS AV formats, and the value of the 0th bit of the AMF in AUTN remains as 1.It is the special Ciphering Key by the EPS AV vectors for being converted into gained after UMTS AV formats.Alternatively, the access network elements generate K according to the CK and/or IKASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, should according to the CK and/or IK generations
KASME.Γ represents series connection, i.e., IK is added in behind CK.In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G network by access network elements, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G or 3G resources of core network.
Fig. 6 shows the schematic block diagram of the GPRS Service support nodes 600 of the safety certification of GSM according to embodiments of the present invention.Fig. 6 and its disclosed device of explanation, can be based on Fig. 1 of the embodiment of the present invention to Fig. 4 and based on the method disclosed in Fig. 1 of the embodiment of the present invention to Fig. 4, can also be based on the device disclosed in Fig. 5 and Fig. 5 of the embodiment of the present invention.As shown in fig. 6, GPRS Service support nodes SGSN600 includes:Receiving module 610;Sending module 620;
The receiving module 610 is used for the UMTS attach request message for receiving access network elements transmission, and the UMTS attach request message is that the attach request message that the access network elements send LTE UE changes gained;
The sending module 620 is used to send the request for requiring Ciphering Key to the access network elements, is received so as to the access network elements after the request that this requires Ciphering Key, is sent to HSS and require special Ciphering Key Request, and then so that the HSS requires that the request of special Ciphering Key is sent to the access network elements after generating the special Ciphering Key according to this;
The receiving module 610 is additionally operable to receive the special Ciphering Key for coming from the access network elements, the sending module 620 be additionally operable to the receiving module 610 receive after the special Ciphering Key send UMTS AKA authentication challenges give the access network elements, so as to the SGSN, the access network elements and the LTE UE complete safety certification.
In embodiments of the present invention, identify that LTE UE are accessed after the scene of 2G or 3G network by access network elements, access network elements are to the special Ciphering Key of HSS acquisition requests, HSS generates special Ciphering Key according to the request, SGSN, access network elements and the LTE UE is completed safety certification, be implemented without making LTE UE use 2G or 3G core nets under conditions of modifying to LTEUE.
Alternatively, it should include so that the SGSN, the access network elements and the LTE UE complete safety certification:The UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
Alternatively, the SGSN also includes processing module 630;
Alternatively, the special Ciphering Key includes XRES, CK, IK;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the receiving module 610 by the access network elements, the processing module 630 is used to compare the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the sending module 620, and the access network elements generate K according to the CK and/or IKASME, the CK and/or IK send by the sending module 620, and the access network elements and the LTE UE share the KASME. Alternatively, the processing module 630 is used to compare whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
Alternatively, it should be received so as to the access network elements after the request that this requires Ciphering Key, and be sent to HSS and require that the request of special Ciphering Key includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
Alternatively, it should require that the request of special Ciphering Key generated the special Ciphering Key and included according to this so as to the HSS:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
Alternatively, the EPS AV are converted into UMTS AV forms by the HSS includes:
The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Alternatively, the access network elements are just blunt generates K according to CK the and/or Ι ΚASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, should according to the CK and/or IK generations
KASME。
In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G core nets by SGSN, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G Or 3G resources of core network.
Fig. 7 shows the schematic block diagram of the access network elements 700 of the safety certification of GSM according to embodiments of the present invention.Fig. 7 and its disclosed device of explanation, can be based on Fig. 1 of the embodiment of the present invention to Fig. 4 and based on the method disclosed in Fig. 1 of the embodiment of the present invention to Fig. 4, can also be based on the device disclosed in Fig. 5 of the embodiment of the present invention to Fig. 6 and Fig. 5 to Fig. 6.As shown in fig. 7, the access network elements 700 include:Receiving module 710, processing module 720, sending module 730;
The receiving module 710 is used to receive the attach request message from LTE UE;The processing module 720 is used to the attach request message being converted to UMTS attach request message;
The sending module 730 is used to the UMTS attach request message being sent to SGSN, requires that the receiving module 710 is given in the request of Ciphering Key so that the SGSN receives to send after the UMTS attach request message;The sending module 730, which is additionally operable to send after the receiving module 710 receives the request that this requires Ciphering Key, requires that the HSS is given in the request of special Ciphering Key, so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key, and then so that the special Ciphering Key is sent to the receiving module 710 by the HSS;
The receiving module 710 is additionally operable to receive UMTS AKA authentication challenges, and the special Ciphering Key is sent to after the SGSN and sent by the SGSN by the UMTS AKA authentication challenges for the sending module 730;The processing module 720 is additionally operable to the UMTS AKA authentication challenges being converted into LTE AKA authentication challenges, the sending module 730 is additionally operable to the LTE AKA authentication challenges being sent to the LTE UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
In embodiments of the present invention, the LTE UE information sent is converted to by access network elements and be applied to
2G or 3G network system information, the scene that 2G or 3G network are accessed for LTE UE is identified by access network elements, special Ciphering Key is generated by HSS, access network elements, SGSN and LTE UE are enable to complete safety certification so that LTE UE can use existing 2G or 3G core nets.
Alternatively, the access network elements, the SGSN and the LTE UE, which complete safety certification, includes:The LTE UE verify generation RES and key K after the LTE AKA authentication challengesASME;The LTE AKA comprising the RES that the receiving module 710 is used to receive LTE UE transmissions recognize Card response, so that the access network elements, the SGSN and the LTE UE further complete safety certification.Alternatively, the special Ciphering Key includes XRES, CK and IK;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The processing module 720 is additionally operable to being converted to the LTE AKA authentication responses comprising the RES into the UMTS AKA authentication responses comprising the RES, the sending module 730 is additionally operable to the UMTS AKA authentication responses comprising the RES being sent to the SGSN, so as to the SGSN compare the RES and the XRES it is whether identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN;
The processing module 720 is additionally operable to just blunt according to the CK and/or IK generations KASME, the access network elements and the LTE UE share the KASME
Alternatively, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
Alternatively, the sending module 730, which is additionally operable to send after the receiving module 710 receives the request that this requires Ciphering Key, requires that the request of special Ciphering Key includes to the HSS:
The receiving module 710 be used to receiving SGSN transmissions this require the request of Ciphering Key;It is LTE UE access 2G or 3G network that the processing module 720, which is used to identify,;
The processing module 720 is additionally operable to the addition configured information in the Ciphering Key and generates the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
Alternatively, it should include so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
Alternatively, the EPS AV are converted into UMTS AV forms by the HSS includes:
The HSS regard the RAND in the EPS AV as the RAND of the UMTS AV, the HSS Using the AUTN in the EPS AV as the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASME(256bits) is split as two parts, respectively as the CK and the IK of the UMTS AV.
Alternatively, the processing module 720 is further used for according to create-rule KASME=CKIIIK, the K is generated according to the CK and/or IKASME.Γ represents series connection, i.e., IK is added in behind CK.
In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G network by access network elements, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G or 3G resources of core network.
Fig. 8 shows the schematic block diagram of the user attaching server 800 of the safety certification of GSM according to embodiments of the present invention.Fig. 8 and its disclosed device of explanation, can be based on Fig. 1 of the embodiment of the present invention to Fig. 4 and based on the method disclosed in Fig. 1 of the embodiment of the present invention to Fig. 4, and based on Fig. 5 of the embodiment of the present invention to Fig. 7 and based on the device disclosed in Fig. 5 of the embodiment of the present invention to Fig. 7.As shown in figure 8, user attaching server HSS800 includes:Receiver 810, processor 820, transmitter 830;
The receiver 810 is used for the request for receiving the special Ciphering Key of requirement of access network elements transmission, and this requires that the request of special Ciphering Key is sent after the request of the requirement Ciphering Key of SGSN transmissions is received by the access network elements;
The processor 820 is used for the request that special Ciphering Key is required according to this, generates special Ciphering Key;The transmitter 830 is used to the special Ciphering Key being sent to the access network elements, so that the access network elements, SGSN the and LTE UE complete safety certification.
In embodiments of the present invention, in order that LTE UE can use 2G or 3G network, identify it is after LTE UE access 2G/3G core nets in access network elements, HSS is that the LTE UE generate special Ciphering Key, so that the SGSN, the access network elements and the LTE UE complete safety certification, LTE UE are allow to use 2G or 3G core nets. Alternatively, this requires that the request of Ciphering Key is that the SGSN is sent after the UMTS attach request message of access network elements transmission is received, the UMTS attach request message is that attach request message is changed gained by the access network elements, and the attach request message is sent by the LTE UE.
Alternatively,
It should include so as to the access network elements, SGSN and LTE UE completions safety certification:The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN sends UMTS AKA authentication challenges and gives the access network elements, the UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
Alternatively, XRES, CK, IK are included in the special Ciphering Key;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the SGSN by the access network elements, the SGSN compares the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME
Alternatively, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
Optionally, this, which requires that the request of special Ciphering Key is received to send after the request of the requirement Ciphering Key of SGSN transmissions by the access network elements, includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements, which add configured information in the Ciphering Key and generate this, requires special Ciphering Key Request, the configured information is used to indicate that the HSS generates the special Ciphering Key.
Alternatively, the processor 820 is used for the request that special Ciphering Key is required according to this, and generating special Ciphering Key includes:
The processor 820 is used for for LTE UE generation EPS AV;
Further,
The processor 820 is used to the 0th bit in the AMF of authentication management domain being set to 1 to indicate this Ciphering Key as EPS AV;
The processor 820 is used to generate RAND, AUTN, CK, IK and XRES;
The processor 820, which is used to be deduced according to CK and IK, obtains KASME, and rule of inference can be KASME=KDF (CK, IK), and KDF is secret key deduction function;
EPS AV are by KASME, AUTN, XRES, RAND compositions, the value of the 0th bit of the AMF parameters in wherein AUTN is 1.
Alternatively, the processor 820 is used to the EPS AV being converted into UMTS AV formats, to allow EPS AV to be sent to SGSN by existing UMTS authentication responses.The method that EPS AV are converted into UMTS AV forms includes:Using RAND, AUTN and XRES in EPS AV as UMTS AV RAND, AUTN and XRES, by the K in EPS AVASME(256bits) is split as two parts, respectively as UMTS AV CK (128bits) and IK (128bits).The EPS AV are converted into after UMTS AV formats, and the value of the 0th bit of the AMF in AUTN remains as 1.It is the special Ciphering Key by the EPS AV vectors for being converted into gained after UMTS AV formats.Alternatively, the access network elements generate K according to the CK and/or IKASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, the K is generated according to the CK and/or IKASME.Γ represents series connection, i.e., IK is added in behind CK.In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G network by access network elements, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can pass through the access network elements in the present embodiment 2G or 3G core nets are accessed, safety certification is completed and uses 2G or 3G resources of core network.Fig. 9 shows the schematic block diagram of the GPRS Service support nodes 900 of the safety certification of GSM according to embodiments of the present invention.Fig. 9 and its disclosed device of explanation, can be based on Fig. 1 of the embodiment of the present invention to Fig. 4 and based on the method disclosed in Fig. 1 of the embodiment of the present invention to Fig. 4, can also be based on the device disclosed in Fig. 5 and Fig. 8 of the embodiment of the present invention.As shown in figure 9, GPRS Service support nodes SGSN900 includes:Receiver 910;Transmitter 920;
The receiver 910 is used for the UMTS attach request message for receiving access network elements transmission, should
UMTS attach request message is that the attach request message that the access network elements send LTE UE changes gained;
The transmitter 920 is used to send the request for requiring Ciphering Key to the access network elements, received so as to the access network elements after the request that this requires Ciphering Key, the request for requiring special Ciphering Key is sent to HSS, and then so that the HSS requires that the request of special Ciphering Key is sent to the access network elements after generating the special Ciphering Key according to this;
The receiver 910 is additionally operable to receive the special Ciphering Key for coming from the access network elements, the transmitter 920 be additionally operable to the receiver 910 receive after the special Ciphering Key send UMTS AKA authentication challenges give the access network elements, so as to the SGSN, the access network elements and the LTE UE complete safety certification.
In embodiments of the present invention, identify that LTE UE are accessed after the scene of 2G or 3G network by access network elements, access network elements are to the special Ciphering Key of HSS acquisition requests, HSS generates special Ciphering Key according to the request, SGSN, access network elements and the LTE UE is completed safety certification, be implemented without making LTE UE use 2G or 3G core nets under conditions of modifying to LTEUE.
Alternatively, it should include so that the SGSN, the access network elements and the LTE UE complete safety certification:The UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, and the LTE UE are verified according to the LTE AKA authentication challenges and generated RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, are recognized so that the access network elements, the SGSN and the LTE UE further complete safety Card.
Alternatively, the SGSN also includes processor 930;
Alternatively, the special Ciphering Key includes XRES, CK, IK;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The LTE Α Κ Α authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the receiver 910 by the access network elements, the processor 930 is used to compare the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the transmitter 920, and the access network elements are just blunt to generate K according to the CK and/or IKASME, the CK and/or IK send by the transmitter 920, and the access network elements and the LTE UE share the KASME
Alternatively, the processor 930 is used to compare whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
Alternatively, it should be received so as to the access network elements after the request that this requires Ciphering Key, and be sent to HSS and require that the request of special Ciphering Key includes:
The access network elements receive SGSN transmissions this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
The access network elements add configured information in the Ciphering Key and generate the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
Alternatively, it should require that the request of special Ciphering Key generated the special Ciphering Key and included according to this so as to the HSS:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
Alternatively, the EPS AV are converted into UMTS AV forms by the HSS includes:
The HSS is using the RAND in the EPS AV as the RAND of the UMTS AV, and the HSS is using the AUTN in the EPS AV as the AUTN of the UMTS AV, and the HSS is by the EPS AV In XRES as the XRES of the UMTS AV, the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Alternatively, the access network elements are just blunt generates K according to CK the and/or Ι ΚASMEIncluding:
The access network elements are according to create-rule KASME=CKIIIK, the ASME is generated according to the CK and/or IK.
In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G core nets by SGSN, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G or 3G resources of core network.
Figure 10 shows the schematic block diagram of the access network elements 1000 of the safety certification of GSM according to embodiments of the present invention.Figure 10 and its disclosed device of explanation, can be based on Fig. 1 of the embodiment of the present invention to Fig. 4 and based on the method disclosed in Fig. 1 of the embodiment of the present invention to Fig. 4, can also be based on the device disclosed in Fig. 5 of the embodiment of the present invention to Fig. 9 and Fig. 5 to Fig. 9.As shown in Figure 10, the access network elements 1000 include:Receiver 1010, processor 1020, transmitter 1030;
The receiver 1010 is used to receive the attach request message from LTE UE;The processor 1020 is used to the attach request message being converted to UMTS attach request message;
The transmitter 1030 is used to the UMTS attach request message being sent to SGSN, requires that the receiver 1010 is given in the request of Ciphering Key so that the SGSN receives to send after the UMTS attach request message;The transmitter 1030, which is additionally operable to send after the receiver 1010 receives the request that this requires Ciphering Key, requires that the HSS is given in the request of special Ciphering Key, so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key, and then so that the special Ciphering Key is sent to the receiver 1010 by the HSS;
The receiver 1010 is additionally operable to receive UMTS AKA authentication challenges, and the special Ciphering Key is sent to after the SGSN and sent by the SGSN by the UMTS AKA authentication challenges for the transmitter 1030; The processor 1020 is additionally operable to the UMTS AKA authentication challenges being converted into LTE AKA authentication challenges, the transmitter 1030 is additionally operable to the LTE AKA authentication challenges being sent to the LTE UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
In embodiments of the present invention, the LTE UE information sent is converted to the information suitable for 2G or 3G network system by access network elements, the scene that 2G or 3G network are accessed for LTE UE is identified by access network elements, special Ciphering Key is generated by HSS, access network elements, SGSN and LTE UE are enable to complete safety certification so that LTE UE can use existing 2G or 3G core nets.
Alternatively, the access network elements, the SGSN and the LTE UE, which complete safety certification, includes:The LTE UE verify generation RES and key K after the LTE AKA authentication challengesASME;
The receiver 1010 is used for the LTE AKA authentication responses comprising the RES for receiving LTE UE transmissions, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
Alternatively, the special Ciphering Key includes XRES, CK and IK;
Alternatively, it should include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
The processor 1020 is additionally operable to be converted to include by the LTE AKA authentication responses comprising the RES to be somebody's turn to do
RES UMTS AKA authentication responses, the transmitter 1030 is additionally operable to the UMTS AKA authentication responses comprising the RES being sent to the SGSN, so as to the SGSN compare the RES and the XRES it is whether identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN;
The processor 1020 is additionally operable to just blunt according to the CK and/or IK generations KASME, the access network elements and the LTE UE share the KASME
Alternatively, the SGSN compares whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
Alternatively, the transmitter 1030, which is additionally operable to send after the receiver 1010 receives the request that this requires Ciphering Key, requires that the request of special Ciphering Key includes to the HSS:
The receiver 1010 be used to receiving SGSN transmissions this require the request of Ciphering Key; It is LTE UE access 2G or 3G network that the processor 1020, which is used to identify,;The processor 1020 is additionally operable to the addition configured information in the Ciphering Key and generates the request for requiring special Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
Alternatively, it should include so that the request of the HSS special Ciphering Key as requested generates the special Ciphering Key:
The HSS is LTE UE generation EPS AV;
The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
Alternatively, the EPS AV are converted into UMTS AV forms by the HSS includes:
The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASME(256bits) is split as two parts, respectively as the CK and the IK of the UMTS AV.
Alternatively, the processor 1020 is further used for according to create-rule KASME=CKIIIK, the K is generated according to the CK and/or IKASME.Γ represents series connection, i.e., IK is added in behind CK.
In the embodiment of the present invention, the message transmitted by LTE UE is converted to the message suitable for 2G or 3G network by the access network elements, identify that LTE UE are accessed by the access network elements after the scene of 2G or 3G network by access network elements, HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.LTE UE need not be made an amendment so that LTE UE can access 2G or 3G core nets by the access network elements in the present embodiment, complete safety certification and use 2G or 3G resources of core network.Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can be realized with hardware, or firmware is realized, or combinations thereof mode is realized.When implemented in software, above-mentioned functions can be stored in computer-readable medium or be transmitted as one or more instructions on computer-readable medium or code.Computer-readable medium include computer-readable storage medium and Communication media, wherein communication media include being easy to any medium that computer program is transmitted from a place to another place.Storage medium can be any usable medium that computer can be accessed.As example but it is not limited to:Computer-readable medium can include RAM, ROM, EEPROM, CD-ROM or other optical disc storages, magnetic disk storage medium or other magnetic storage apparatus or can be used in carrying or store with instruct or data structure form desired program code and can by computer access any other medium.In addition.Any connection can be suitably turn into computer-readable medium.If for example, software is to use coaxial cable, optical fiber cable, twisted-pair feeder, Digital Subscriber Line() or such as wireless technology of infrared ray, radio and microwave etc is transmitted from website, server or other remote sources DSL, then the wireless technology of coaxial cable, optical fiber cable, twisted-pair feeder, DSL or such as infrared ray, wireless and microwave etc be included in belonging to medium it is fixing in.As used in the present invention, disk() and dish Disk(Disc compression laser disc) is included(CD), laser disc, laser disc, Digital Versatile Disc(DVD), floppy disk and Blu-ray Disc, the replicate data of the usual magnetic of which disk, and dish is then with laser come optical replicate data.Above combination above should also be as being included within the protection domain of computer-readable medium.In a word, the preferred embodiment of technical solution of the present invention is the foregoing is only, is not intended to limit the scope of the present invention.Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., should be included in the scope of the protection.

Claims (1)

  1. Claim
    1. a kind of safety certifying method of GSM, it is characterised in that including:
    Home subscriber server HSS receives the request for the special Ciphering Key of requirement that access network elements are sent, and the request for requiring special Ciphering Key is sent after the request of the requirement Ciphering Key of GPRS Service support nodes SGSN transmissions is received by the access network elements;
    The HSS generates special Ciphering Key according to the request for requiring special Ciphering Key;The special Ciphering Key is sent to the access network elements by the HSS, so that the access network elements, SGSN the and LTE UE complete safety certification.
    2. the method according to claim 1, it is characterized in that, the request for requiring Ciphering Key is that the SGSN is sent after the UMTS attach request message that the access network elements are sent is received, the UMTS attach requests attach request message is that attach request attach request message is changed gained by the access network elements, and the attach request message is sent by the LTE UE.
    3. method according to claim 1 or 2, it is characterised in that described so that the access network elements, SGSN and LTE UE completions safety certification include:
    The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN sends UMTS AKA authentication challenges to the access network elements, the UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, the LTE states LTE UE and the LTE AKA authentication responses comprising the RES is sent into the access network elements, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
    4. the method according to any one of claims 1 to 3, it is characterised in that
    XRES, CK, IK are included in the special Ciphering Key;
    It is described to include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
    The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the SGSN by the access network elements, and the SGSN is more described Whether RES and the XRES are identical, and when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME
    5. method according to claim 4, it is characterised in that whether the SGSN RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
    6. the method according to any one of claim 1 to 5, it is characterised in that the request for requiring special Ciphering Key is received to send after the request of the requirement Ciphering Key of SGSN transmissions by the access network elements to be included:
    The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
    The access network elements add the configured information generation request for requiring special Ciphering Key in the Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
    7. the method according to any one of claim 1 to 6, it is characterised in that the HSS is according to the request for requiring special Ciphering Key, and generating special Ciphering Key includes:
    The HSS is LTE UE generation EPS AV;
    The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
    8. method according to claim 7, it is characterised in that the EPS AV are converted into UMTS AV forms by the HSS to be included:
    The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
    9. the method according to any one of claim 4 to 8, it is characterised in that the access network net Member generates K according to the CK and/or IKASMEIncluding:
    The access network elements are according to create-rule KASME=CKIIIK, the KASME O are generated according to the CK and/or IK
    10. a kind of safety certifying method of GSM, it is characterised in that including:
    SGSN receives access network elements and sends UMTS attach request message, and the UMTS attach request message is that the attach request message conversion that the access network elements send LTE UE is paid;
    The SGSN sends the request for requiring Ciphering Key to the access network elements, so that the access network elements are received after the request for requiring Ciphering Key, sent to HSS and require the request of special Ciphering Key, and then be sent to the access network elements after generating the special Ciphering Key according to the request for requiring special Ciphering Key so as to the HSS;
    The SGSN, which is received, to be come from after the special Ciphering Key of the access network elements, UMTS AKA authentication challenges is sent to the access network elements, so that the SGSN, the access network elements and the LTE UE complete safety certification.
    11. method according to claim 10, it is characterised in that described to include so that the SGSN, the access network elements and the LTE UE complete safety certification:
    The UMTS AKA authentication challenges are converted into LTE AKA certifications by the access network elements chooses and verifies and generate RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
    12. the method according to claim 10 or 11, it is characterised in that
    The special Ciphering Key includes XRES, CK, IK;
    It is described to include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
    The LTE AKA authentication responses are converted to UMTS AKA certifications and rung by the access network elements And the UMTS AKA authentication responses should be sent to the SGSN, whether the SGSN RES and XRES are identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME
    13. method according to claim 12, it is characterised in that the SGSN is more described
    Whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
    14. the method according to any one of claim 10 to 13, it is characterised in that described so that the access network elements are received after the request for requiring Ciphering Key, sends to HSS and requires that the request of special Ciphering Key includes:
    The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
    The access network elements add the configured information generation request for requiring special Ciphering Key in the Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
    15. the method according to any one of claim 10 to 14, it is characterised in that described to include so that the HSS generates the special Ciphering Key according to the request for requiring special Ciphering Key:The HSS is LTE UE generation EPS AV;
    The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
    16. method according to claim 15, it is characterised in that the EPS AV are converted into UMTS AV forms by the HSS to be included:
    The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
    17. the method according to any one of claim 12 to 16, it is characterised in that the access network elements generate K according to the CK and/or IKASMEIncluding:
    The access network elements are according to create-rule KASME=CKIIIK, the KASME O are generated according to the CK and/or IK
    18. a kind of safety certifying method of GSM, it is characterised in that including:
    The attach request message for coming from LTE UE is converted to UMTS attach request message by access network elements;
    The UMTS attach request message is sent to SGSN by the access network elements, and the request for requiring Ciphering Key is sent after the UMTS attach request message to the access network elements so that the SGSN is received;
    The access network elements, which are received, sends the request for requiring special Ciphering Key to the HSS after the request for requiring Ciphering Key, so that the HSS generates the special Ciphering Key according to the request for requiring special Ciphering Key, and then so that the special Ciphering Key is sent to the access network network element by the HSS;
    The access network elements receive UMTS AKA authentication challenges, and the special Ciphering Key is sent to after the SGSN and sent by the SGSN by the UMTS AKA authentication challenges for the access network elements;
    The UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, so that the access network elements, the SGSN and the LTE UE complete safety certification.
    19. method according to claim 18, it is characterised in that described to include so that the access network elements, the SGSN and the LTE UE complete safety certification:
    The LTE UE, which are verified, generates RES and key K after the LTE AKA authentication challengesASME;The access network elements receive the LTE AKA authentication responses comprising the RES that the LTE UE are sent, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
    20. the method according to claim 18 or 19, it is characterised in that
    The special Ciphering Key includes XRES, CK and IK;
    It is described to include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
    The access network elements are converted to the LTE AKA authentication responses comprising the RES comprising described
    RES UMTS AKA authentication responses, the UMTS AKA authentication responses comprising the RES are sent to the SGSN by the access network elements, so that whether the SGSN RES and the XRES are identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN;
    The access network elements are just blunt to generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME
    21. method according to claim 20, it is characterised in that whether the SGSN RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
    22. the method according to any one of claim 18 to 21, it is characterised in that the access network elements, which receive to send after the request for requiring Ciphering Key, requires that the request of special Ciphering Key includes to the HSS:
    The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
    The access network elements add the configured information generation request for requiring special Ciphering Key in the Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
    23. the method according to any one of claim 18 to 22, it is characterised in that the request so as to the HSS special Ciphering Key as requested, which generates the special Ciphering Key, to be included:
    The HSS is LTE UE generation EPS AV;
    The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
    24. method according to claim 23, it is characterised in that the EPS AV are converted into UMTS AV forms by the HSS to be included:
    The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
    25. the method according to any one of claim 20 to 24, it is characterised in that the access network elements generate K according to CK the and/or Ι ΚASMEIncluding:
    The access network elements are according to create-rule KASME=CKIIIK, the KASME O are generated according to the CK and/or IK
    26. a kind of HSS, it is characterised in that including:Receiving module, processing module, sending module;The receiving module is used for the request for receiving the special Ciphering Key of requirement of access network elements transmission, and the request for requiring special Ciphering Key is sent after the request of the requirement Ciphering Key of SGSN transmissions is received by the access network elements;
    The processing module is used to, according to the request for requiring special Ciphering Key, generate special Ciphering Key;
    The sending module is used to the special Ciphering Key being sent to the access network elements, so that the access network elements, SGSN the and LTE UE complete safety certification.
    27. HSS according to claim 26, it is characterized in that, the request for requiring Ciphering Key is that the SGSN is sent after the UMTS attach request message that the access network elements are sent is received, the UMTS attach request message is that attach request message is changed gained by the access network elements, and the attach request message is sent by the LTE UE.
    28. the HSS according to claim 26 or 27, it is characterised in that described so that the access network elements, SGSN and LTE UE completions safety certification include:
    The special Ciphering Key is sent to the SGSN, the SGSN hairs by the access network elements UMTS AKA authentication challenges are sent to the access network elements, the UMTS AKA authentication challenges are converted into after LTE AKA authentication challenges being sent to the LTE UE by the access network elements, the LTE states LTE UE and the LTE AKA authentication responses comprising the RES is sent into the access network elements, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
    29. the HSS according to any one of claim 26 to 28, it is characterised in that
    XRES, CK, IK are included in the special Ciphering Key;
    It is described to include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
    The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the SGSN by the access network elements, whether the SGSN RES and XRES are identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN, and the access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME
    30. HSS according to claim 29, it is characterised in that the SGSN is more described
    Whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
    31. the HSS according to any one of claim 26 to 30, it is characterised in that the request for requiring special Ciphering Key is received to send after the request of the requirement Ciphering Key of SGSN transmissions by the access network elements to be included:
    The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;It is LTE UE access 2G or 3G network that the access network elements, which are identified,;
    The access network elements add the configured information generation request for requiring special Ciphering Key in the Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.32. the HSS according to any one of claim 26 to 31, it is characterised in that the processing module is used for according to the request for requiring special Ciphering Key, generating special Ciphering Key includes: The processing module is used for for LTE UE generation EPS AV;
    The processing module is used to the EPS AV being converted into UMTS AV forms, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
    33. HSS according to claim 32, it is characterised in that the processing module includes for the EPS AV to be converted into UMTS AV forms:
    The processing module be used for using the RAND in the EPS AV as the UMTS AV RAND, the processing module be used for using the AUTN in the EPS AV as the UMTS AV AUTN, the processing module is used for the XRES in the EPS AV as the XRES of the UMTS AV, and the processing module is used for the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
    34. the HSS according to any one of claim 29 to 33, it is characterised in that the access network elements generate K according to the CK and/or IKASMEIncluding:
    The access network elements are according to create-rule KASME=CKIIIK, the KASME O are generated according to the CK and/or IK
    35. a kind of SGSN, it is characterised in that including:Receiving module;Sending module;
    The receiving module is used for the UMTS attach request message for receiving access network elements transmission, and the UMTS attach request message is that the attach request message that the access network elements send LTE UE changes gained;
    The sending module is used to send the request for requiring Ciphering Key to the access network elements, so that the access network elements are received after the request for requiring Ciphering Key, sent to HSS and require the request of special Ciphering Key, and then be sent to the access network elements after generating the special Ciphering Key according to the request for requiring special Ciphering Key so as to the HSS;
    The receiving module is additionally operable to receive the special Ciphering Key for coming from the access network elements, the sending module is additionally operable to the receiving module and received send UMTS AKA authentication challenges after the special Ciphering Key to the access network elements, so that the SGSN, the access network elements and the LTE UE complete safety certification.
    36. SGSN according to claim 35, it is characterised in that described to include so that the SGSN, the access network elements and the LTE UE complete safety certification:
    The UMTS AKA authentication challenges are converted into LTE AKA certifications by the access network elements chooses and verifies and generate RES and key KASMEAfterwards, the LTE AKA authentication responses comprising the RES are sent to the access network elements by the LTE UE, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
    37. the SGSN according to claim 35 or 36, it is characterised in that the SGSN also includes processing module;
    The special Ciphering Key includes XRES, CK, IK;
    It is described to include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
    The LTE AKA authentication responses are converted to UMTS AKA authentication responses and the UMTS AKA authentication responses are sent into the receiving module by the access network elements, the processing module is used to compare the RES and whether the XRES is identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the sending module, and the access network elements generate K according to the CK and/or IKASME, the CK and/or IK send by the sending module, and the access network elements and the LTE UE share the KASME.
    38. the SGSN according to claim 37, it is characterised in that the processing module is used to compare whether the RES and XRES identical also includes, when the comparative result for when differing, termination carries out safety certification.
    39. the SGSN according to any one of claim 35 to 38, it is characterised in that described so that the access network elements are received after the request for requiring Ciphering Key, sends to HSS and requires that the request of special Ciphering Key includes:
    The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;It is LTE UE access 2G or 3G network that the access network elements, which are identified,; The access network elements add the configured information generation request for requiring special Ciphering Key in the Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.40. the SGSN according to any one of claim 35 to 39, it is characterised in that described to include so that the HSS generates the special Ciphering Key according to the request for requiring special Ciphering Key:The HSS is LTE UE generation EPS AV;
    The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
    41. SGSN according to claim 40, it is characterised in that the EPS AV are converted into UMTS AV forms by the HSS to be included:
    The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
    42. the SGSN according to any one of claim 37 to 41, it is characterised in that the access network elements generate K according to the CK and/or IKASMEIncluding:
    The access network elements are according to create-rule KASME=CKIIIK, the KASME O are generated according to the CK and/or IK
    43.-kind of access network elements, it is characterised in that including:Receiving module, processing module, sending module;
    The receiving module is used to receive the attach request message from LTE UE;The processing module is used to the attach request message being converted to UMTS attach request message;
    The sending module is used to the UMTS attach request message being sent to SGSN, and the request for requiring Ciphering Key is sent after the UMTS attach request message to the receiving module so that the SGSN is received;The sending module, which is additionally operable to send after the receiving module receives the request for requiring Ciphering Key, requires the request of special Ciphering Key to the HSS, so that the HSS is according to wanting The request of special Ciphering Key is asked to generate the special Ciphering Key, and then so that the special Ciphering Key is sent to the receiving module by the HSS;
    The receiving module is additionally operable to receive UMTS AKA authentication challenges, and the special Ciphering Key is sent to after the SGSN and sent by the SGSN by the UMTS AKA authentication challenges for the sending module;The processing module is additionally operable to the UMTS AKA authentication challenges being converted into LTE AKA authentication challenges, the sending module is additionally operable to the LTE AKA authentication challenges being sent to the LTE UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
    44. access network elements according to claim 43, it is characterised in that described to include so that the access network elements, the SGSN and the LTE UE complete safety certification:
    The LTE UE, which are verified, generates RES and key K after the LTE AKA authentication challengesASME;The receiving module is used to receive the LTE AKA authentication responses comprising the RES that the LTE UE are sent, so that the access network elements, the SGSN and the LTE UE further complete safety certification.
    45. the access network elements according to claim 43 or 44, it is characterised in that
    The special Ciphering Key includes XRES, CK and IK;
    It is described to include so that the access network elements, the SGSN and the LTE UE further complete safety certification:
    The processing module is additionally operable to being converted to the LTE AKA authentication responses comprising the RES into the UMTS AKA authentication responses comprising the RES, the sending module is additionally operable to the UMTS AKA authentication responses comprising the RES being sent to the SGSN, so that whether the SGSN RES and the XRES are identical, when the comparative result is identical, the CK and/or IK are sent to the access network elements by the SGSN;
    The processing module is additionally operable to according to the CK and/or IK generations KASME, the access network elements and the LTE UE share the KASME
    46. access network elements according to claim 45, it is characterised in that whether the SGSN RES and XRES identical also includes, when the comparative result is to differ, Stop to carry out safety certification.
    47. the access network elements according to any one of claim 43 to 46, characterized in that, the sending module, which is additionally operable to send after the receiving module receives the request for requiring Ciphering Key, requires that the request of special Ciphering Key includes to the HSS:
    The receiving module is used to receive the request for requiring Ciphering Key that the SGSN is sent;It is LTE UE access 2G or 3G network that the processing module, which is used to identify,;
    The processing module is additionally operable to add the configured information generation request for requiring special Ciphering Key in the Ciphering Key, and the configured information is used to indicate that the HSS generates the special Ciphering Key.
    48. the access network elements according to any one of claim 43 to 47, it is characterised in that the request so as to the HSS special Ciphering Key as requested, which generates the special Ciphering Key, to be included:The HSS is LTE UE generation EPS AV;
    The EPS AV are converted into UMTS AV forms by the HSS, and the EPS AV for being converted to UMTS AV forms are the special Ciphering Key.
    49. access network elements according to claim 48, it is characterised in that the EPS AV are converted into UMTS AV forms by the HSS to be included:
    The HSS using the RAND in the EPS AV as the UMTS AV RAND, the HSS using the AUTN in the EPS AV as the UMTS AV AUTN, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the K in the EPS AVASME(256bits) is split as two parts, respectively as the CK and the IK of the UMTS AV.
    50. the access network elements according to any one of claim 45 to 49, it is characterised in that the processing module is further used for according to create-rule KASME=CKIIIK, the K is generated according to the CK and/or IKASME
CN201380070865.9A 2013-01-22 2013-01-22 The method and the network equipment of the safety certification of mobile communication system Active CN105075306B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2013/070841 WO2014113921A1 (en) 2013-01-22 2013-01-22 Method and network device for security authentication of mobile communication system

Publications (2)

Publication Number Publication Date
CN105075306A true CN105075306A (en) 2015-11-18
CN105075306B CN105075306B (en) 2019-05-28

Family

ID=51226806

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201380070865.9A Active CN105075306B (en) 2013-01-22 2013-01-22 The method and the network equipment of the safety certification of mobile communication system

Country Status (2)

Country Link
CN (1) CN105075306B (en)
WO (1) WO2014113921A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809903A (en) * 2017-05-02 2018-11-13 中国移动通信有限公司研究院 A kind of authentication method, apparatus and system

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014113921A1 (en) * 2013-01-22 2014-07-31 华为技术有限公司 Method and network device for security authentication of mobile communication system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155126A (en) * 2006-09-25 2008-04-02 华为技术有限公司 System, device and method for implementing mobility management
US20080095362A1 (en) * 2006-10-18 2008-04-24 Rolf Blom Cryptographic key management in communication networks
US20090111428A1 (en) * 2007-10-29 2009-04-30 Nokia Corporation System and Method for Authenticating a Context Transfer
CN101600205A (en) * 2009-07-10 2009-12-09 华为技术有限公司 The method and the relevant device of SIM card subscriber equipment cut-in evolution network
WO2014113921A1 (en) * 2013-01-22 2014-07-31 华为技术有限公司 Method and network device for security authentication of mobile communication system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098221A (en) * 2006-06-26 2008-01-02 华为技术有限公司 Network layer safety authentication method in wireless cellular network
CN102238544A (en) * 2010-05-06 2011-11-09 中兴通讯股份有限公司 Mobile network authentication method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101155126A (en) * 2006-09-25 2008-04-02 华为技术有限公司 System, device and method for implementing mobility management
US20080095362A1 (en) * 2006-10-18 2008-04-24 Rolf Blom Cryptographic key management in communication networks
US20090111428A1 (en) * 2007-10-29 2009-04-30 Nokia Corporation System and Method for Authenticating a Context Transfer
CN101600205A (en) * 2009-07-10 2009-12-09 华为技术有限公司 The method and the relevant device of SIM card subscriber equipment cut-in evolution network
WO2014113921A1 (en) * 2013-01-22 2014-07-31 华为技术有限公司 Method and network device for security authentication of mobile communication system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809903A (en) * 2017-05-02 2018-11-13 中国移动通信有限公司研究院 A kind of authentication method, apparatus and system
CN108809903B (en) * 2017-05-02 2021-08-10 中国移动通信有限公司研究院 Authentication method, device and system

Also Published As

Publication number Publication date
CN105075306B (en) 2019-05-28
WO2014113921A1 (en) 2014-07-31

Similar Documents

Publication Publication Date Title
US9538373B2 (en) Method and device for negotiating security capability when terminal moves
US11582602B2 (en) Key obtaining method and device, and communications system
US10588015B2 (en) Terminal authenticating method, apparatus, and system
WO2021147997A1 (en) Key generation method and device
CN112219415A (en) User authentication in a first network using a subscriber identity module for a second, old network
US10278073B2 (en) Processing method for terminal access to 3GPP network and apparatus
US9386613B2 (en) Wireless network system and connecting method thereof
US20220060896A1 (en) Authentication Method, Apparatus, And System
CN116391378A (en) Subscription access using authentication number identification
WO2018053804A1 (en) Encryption protection method and related device
CN111448814A (en) Indicating a network for a remote unit
CN104937965B (en) The method and the network equipment of the safety certification of mobile communication system
US20160308870A1 (en) Network access method and apparatus
CN105075306A (en) Method and network device for security authentication of mobile communication system
WO2017075972A1 (en) Resource sharing method and apparatus
CN104937990B (en) The method and the network equipment of the safety certification of mobile communication system
CN104303533A (en) Method and network device for security authentication of mobile communication system
WO2022096125A1 (en) Authentication using a digital identifier for ue access
WO2024179262A1 (en) Communication method and communication apparatus
CN101552987B (en) Method, device and system for preventing authentication vector from being abused
CN107005410A (en) Internet protocol security tunnel establishing method, user equipment and base station
CN102378179B (en) Method, device and system for preventing authentication vectors from being abused
WO2021068258A1 (en) Method and apparatus for acquiring security parameters

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant