CN105075306B - The method and the network equipment of the safety certification of mobile communication system - Google Patents
The method and the network equipment of the safety certification of mobile communication system Download PDFInfo
- Publication number
- CN105075306B CN105075306B CN201380070865.9A CN201380070865A CN105075306B CN 105075306 B CN105075306 B CN 105075306B CN 201380070865 A CN201380070865 A CN 201380070865A CN 105075306 B CN105075306 B CN 105075306B
- Authority
- CN
- China
- Prior art keywords
- access network
- network elements
- lte
- ciphering key
- sgsn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a kind of method of the safety certification of mobile communication system and the network equipments.A kind of method of the safety certification of mobile communication system, HSS receive the request for the special Ciphering Key of requirement that access network elements are sent, and send after the request of the requirement Ciphering Key for requiring the request of special Ciphering Key to receive SGSN transmission by the access network elements;The HSS requires the request of special Ciphering Key according to this, generates special Ciphering Key;The special Ciphering Key is sent to the access network elements by the HSS, so that the access network elements, SGSN the and LTE UE complete safety certification.The method and the network equipment of the safety certification of mobile communication system disclosed by the embodiments of the present invention can make LTE UE use 2G/3G network.
Description
Technical field
The present embodiments relate to the methods and network of the communications field more particularly to the safety certification of mobile communication system to set
It is standby.
Background technique
Long term evolution (Long Term Evolution, referred to as " LTE ")/System Architecture Evolution (System
Architecture Evolution, referred to as " SAE ") network is normal structure third generation partner program (3rd
Generation Partnership Project, referred to as " 3GPP ") formulate new mobile communication system.This network will
Be it is existing include wideband code division multiple access (Wideband Code Division Multiple Access, referred to as
" WCDMA ") network, Time Division-Synchronous Code Division Multiple Access (Time Division-Synchronous Code Division
Multiple Access, referred to as " TD-SCDMA ") network, CDMA 2000 (Code Division Multiple
Access 2000, referred to as " CDMA2000 ") 3G network including network next step evolution tendency.At present in certain countries,
The LTE/SAE network for having had business to dispose is currently running.Safety is the essential characteristic of mobile communication system commercial operation,
Certification is a key property in security feature.Universal Mobile Communication System (Universal Mobile
Telecommunication System, referred to as " UMTS ") network and LTE/SAE network formulated Authentication and Key Agreement
(Authentication and Key Agreement, referred to as " AKA ") mechanism two-way is recognized execute between UE and network
Card.The bidirectional authentication mechanism of UMTS network is known as UMTS AKA, and the bidirectional authentication mechanism of LTE/SAE network is known as evolution grouping system
Unite (Evolved Packet System, referred to as " EPS ") AKA.Under certain special screnes, there is LTE user equipmenies
The case where (User Equipment, referred to as " UE ") accesses net access 2G/3G core net by LTE.Due to 2G/3G core net
UMTS AV can only be obtained from HSS, and LTE UE can refuse to be authenticated using UMTS AV when accessing by LTE network, because
This LTE UE can not access net access 2G/3G core net by LTE.
Summary of the invention
In view of this, the embodiment of the invention provides a kind of methods of the safety certification of mobile communication system and network to set
It is standby, LTE UE can be made to use 2G/3G network.
In a first aspect, providing a kind of safety certifying method of mobile communication system, comprising:
HSS receives the request for the special Ciphering Key of requirement that access network elements are sent, this requires asking for special Ciphering Key
It is sent after asking the request for the requirement Ciphering Key for receiving SGSN transmission by the access network elements;
The HSS requires the request of special Ciphering Key according to this, generates special Ciphering Key;
The special Ciphering Key is sent to the access network elements by the HSS, so as to the access network elements, the SGSN and LTE
UE completes safety certification.
In the first possible implementation, it is that the SGSN is receiving the access net that this, which requires the request of Ciphering Key,
It is sent after the UMTS attach request message that network element is sent, which is the access net net
Attach request message is converted gained by member, which is sent by the LTE UE.
In the second possible implementation, with reference to first aspect or the first possible realization side of first aspect
Formula is somebody's turn to do so that the access network elements, SGSN and LTE UE completion safety certification include:
The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN send UMTS AKA authentication challenge to
The access network elements, the access network elements are sent to this after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
LTE UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will
LTE AKA authentication response comprising the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE
UE further completes safety certification.
In the third possible implementation, with reference to first aspect or first aspect the first to second it is possible
Implementation includes XRES, CK, IK in the special Ciphering Key;
Should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the SGSN, which compares the RES and whether the XRES is identical, should when the comparison result is identical
The CK and/or IK are sent to the access network elements by SGSN, which generates K according to the CK and/or IKASME, the access
Network element and the LTE UE share the KASME。
In the fourth possible implementation, with reference to first aspect the third possible implementation, the SGSN ratio
Compared with the RES and whether the XRES is identical further includes, and when the comparison result is not identical, stops to carry out safety certification.
In a fifth possible implementation, with reference to first aspect or first to fourth any possibility of first aspect
Implementation, this require the request of special Ciphering Key by the access network elements receive SGSN transmission requirement Ciphering Key
Request after send include:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
In a sixth possible implementation, with reference to first aspect or first to the 5th any possibility of first aspect
Implementation, which requires the request of special Ciphering Key according to this, and generating special Ciphering Key includes:
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
In the 7th kind of possible implementation, the 6th kind of possible implementation with reference to first aspect, which should
EPS AV is converted into UMTS AV format
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
In the 8th kind of possible implementation, third with reference to first aspect to the 7th any possible realization side
Formula, the access network elements generate K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
Second aspect provides a kind of safety certifying method of mobile communication system, comprising:
SGSN receives access network elements and sends UMTS attach request message, which disappears
Breath is the attach request message conversion gained that the access network elements send LTE UE;
The SGSN sends the request for requiring Ciphering Key to the access network elements, wants so that the access network elements receive this
After the request for seeking Ciphering Key, the request for requiring special Ciphering Key is sent, and then to HSS so that the HSS is according to requirement spy
The request of different Ciphering Key is sent to the access network elements after generating the special Ciphering Key;
The SGSN receive after the special Ciphering Key of the access network elements, send UMTS AKA authentication challenge to
The access network elements, so that the SGSN, the access network elements and the LTE UE complete safety certification.
In the first possible implementation, safety should be completed so as to the SGSN, the access network elements and the LTE UE
Certification includes:
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will include
The LTE AKA authentication response of the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE UE into
One step completes safety certification.
In the second possible implementation, in conjunction with the possible realization side of the first of second aspect or second aspect
Formula, the special Ciphering Key include XRES, CK, IK;
Should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the SGSN, which compares the RES and whether the XRES is identical, should when the comparison result is identical
The CK and/or IK are sent to the access network elements by SGSN, which generates K according to the CK and/or IKASME, the access
Network element and the LTE UE share the KASME。
In the third possible implementation, second of possible implementation of second aspect is tied, which compares
The RES and whether the XRES is identical further includes, when the comparison result is not identical, stops to carry out safety certification.
In the fourth possible implementation, in conjunction with the first of second aspect or second aspect to the third it is any can
The implementation of energy, after should receiving the request for requiring Ciphering Key so as to the access network elements, it is special to require to HSS transmission
The request of Ciphering Key includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
In a fifth possible implementation, in conjunction with the first of second aspect or second aspect to the 4th kind it is possible
Implementation, this include: so that the HSS requires the request of special Ciphering Key to generate the special Ciphering Key according to this
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
In a sixth possible implementation, in conjunction with the 5th kind of possible implementation of second aspect, which should
EPS AV is converted into UMTS AV format
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
In the 7th kind of possible implementation, in conjunction with second to the 6th kind any possible realization side of second aspect
Formula, the access network elements generate K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
The third aspect provides a kind of safety certifying method of mobile communication system, comprising:
Access network elements will be converted to UMTS attach request from the attach request message of LTE UE
Message;
The UMTS attach request message is sent to SGSN by the access network elements, so that the SGSN receives this
Sending after UMTS attach request message requires the request of Ciphering Key to give the access network elements;
Transmission requires the request of special Ciphering Key to this after the access network elements receive the request for requiring Ciphering Key
HSS, so that the HSS is according to requiring the request of special Ciphering Key to generate the special Ciphering Key, and then so that the HSS is by the spy
Different Ciphering Key is sent to the access net network element;
The access network elements receive UMTS AKA authentication challenge, which is that the access network elements should
Special Ciphering Key is sent after being sent to the SGSN by the SGSN;
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
In the first possible implementation, safety should be completed so as to the access network elements, the SGSN and the LTE UE
Certification includes:
The LTE UE generates RES and key K after verifying the LTE AKA authentication challengeASME;
The access network elements receive the LTE AKA authentication response comprising the RES of LTE UE transmission, so as to the access net
Network element, the SGSN and the LTE UE further complete safety certification.
In the second possible implementation, in conjunction with the possible realization side of the first of the third aspect or the third aspect
Formula, the special Ciphering Key include XRES, CK and IK;
Should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
LTE AKA authentication response comprising the RES is converted to the certification of the UMTS AKA comprising the RES by the access network elements
Response, which is sent to the SGSN for the UMTS AKA authentication response for including the RES, so that the SGSN compares this
Whether RES and the XRES are identical, and when the comparison result is identical, which is sent to the access net net for the CK and/or IK
Member;
The access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME。
In the third possible implementation, in conjunction with second of possible implementation of the third aspect, the SGSN ratio
Compared with the RES and whether the XRES is identical further includes, and when the comparison result is not identical, stops to carry out safety certification.
In the fourth possible implementation, in conjunction with the third aspect or the third aspect first to any possibility of third
Implementation, the access network elements receive send after the request for requiring Ciphering Key require the request of special Ciphering Key to
The HSS includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
In a fifth possible implementation, in conjunction with the third aspect or first to fourth any possibility of the third aspect
Implementation, should include: according to requiring the request of special Ciphering Key to generate the special Ciphering Key so as to the HSS
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
In a sixth possible implementation, in conjunction with the 5th kind of possible implementation of the third aspect, which should
EPS AV is converted into UMTS AV format
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
In the 7th kind of possible implementation, in conjunction with second to the 6th any possible realization side of the third aspect
Formula, the access network elements generate K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
Fourth aspect provides a kind of HSS, comprising: receiving module, processing module, sending module;
The receiving module is used to receive the request of the special Ciphering Key of requirement of access network elements transmission, this requires special to recognize
The request of syndrome vector by the access network elements receive SGSN transmission requirement Ciphering Key request after send;
The processing module is used to require the request of special Ciphering Key according to this, generates special Ciphering Key;
The sending module is used to the special Ciphering Key being sent to the access network elements, so as to the access network elements, is somebody's turn to do
SGSN and LTE UE completes safety certification.
In the first possible implementation, it is that the SGSN is receiving the access net that this, which requires the request of Ciphering Key,
It is sent after the UMTS attach request message that network element is sent, which is the access net net
Attach request message is converted gained by member, which is sent by the LTE UE.
In the second possible implementation, in conjunction with the possible realization side of the first of fourth aspect or fourth aspect
Formula is somebody's turn to do so that the access network elements, SGSN and LTE UE completion safety certification include:
The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN send UMTS AKA authentication challenge to
The access network elements, the access network elements are sent to this after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
LTE UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will
LTE AKA authentication response comprising the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE
UE further completes safety certification.
In the third possible implementation, in conjunction with the first of fourth aspect or fourth aspect to second it is possible
Implementation includes XRES, CK, IK in the special Ciphering Key;
Should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the SGSN, which compares the RES and whether the XRES is identical, should when the comparison result is identical
The CK and/or IK are sent to the access network elements by SGSN, which generates K according to the CK and/or IKASME, the access
Network element and the LTE UE share the KASME。
In the fourth possible implementation, in conjunction with the third possible implementation of fourth aspect, the SGSN ratio
Compared with the RES and whether the XRES is identical further includes, and when the comparison result is not identical, stops to carry out safety certification.
In a fifth possible implementation, in conjunction with fourth aspect or first to fourth any possibility of fourth aspect
Implementation, this require the request of special Ciphering Key by the access network elements receive SGSN transmission requirement Ciphering Key
Request after send include:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
In a sixth possible implementation, in conjunction with fourth aspect or first to the 5th any possibility of fourth aspect
Implementation, which is used to require the request of special Ciphering Key according to this, and generating special Ciphering Key includes:
The processing module is used to generate EPS AV for the LTE UE;
The processing module is used to the EPS AV being converted into UMTS AV format, this is converted to the EPS AV of UMTS AV format
For the special Ciphering Key.
In the 7th kind of possible implementation, in conjunction with the 6th kind of possible implementation of fourth aspect, the processing mould
Block is used to the EPS AV being converted into UMTS AV format
The processing module is used for using the RAND in the EPS AV as the RAND of the UMTS AV, which is used for will
AUTN of the AUTN as the UMTS AV in the EPS AV, the processing module are used for using the XRES in the EPS AV as this
The XRES of UMTS AV, the processing module are used for the K in the EPS AVASMETwo parts are split as, respectively as the UMTS AV
The CK and the IK.
In the 8th kind of possible implementation, in conjunction with fourth aspect third to the 7th any possible realization side
Formula, the access network elements generate K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
5th aspect, provides a kind of SGSN, comprising: receiving module;Sending module;
The receiving module is used to receive the UMTS attach request message of access network elements transmission, the UMTS
Attach request message is the attach request message conversion gained that the access network elements send LTE UE;
The sending module is used to send the request for requiring Ciphering Key to the access network elements, so that the access network elements connect
After receiving the request for requiring Ciphering Key, sent to HSS and require the request of special Ciphering Key, so so as to the HSS according to
This is sent to the access network elements after requiring the request of special Ciphering Key to generate the special Ciphering Key;
The receiving module is also used to receive the special Ciphering Key from the access network elements, which also uses
UMTS AKA authentication challenge is sent after the receiving module receives the special Ciphering Key and gives the access network elements, so as to this
SGSN, the access network elements and the LTE UE complete safety certification.
In the first possible implementation, safety should be completed so as to the SGSN, the access network elements and the LTE UE
Certification includes:
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will include
The LTE AKA authentication response of the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE UE into
One step completes safety certification.
In the second possible implementation, in conjunction with the first possible realization side of the 5th aspect or the 5th aspect
Formula, the SGSN further include processing module;
The special Ciphering Key includes XRES, CK, IK;
Should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the receiving module, and whether the processing module is identical for comparing the RES and the XRES, when the comparison result is
When identical, which is sent to the access network elements for the CK and/or IK, and the access network elements are raw according to the CK and/or IK
At KASME, the CK and/or IK send by the sending module, and the access network elements and the LTE UE share the KASME。
In the third possible implementation, second of possible implementation of the 5th aspect of knot, the processing module
For comparing the RES and whether the XRES is identical further includes, when the comparison result is not identical, stop to carry out safety certification.
In the fourth possible implementation, in conjunction with the 5th aspect or the 5th aspect the first to the third it is any can
The implementation of energy, after should receiving the request for requiring Ciphering Key so as to the access network elements, it is special to require to HSS transmission
The request of Ciphering Key includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
In a fifth possible implementation, in conjunction with the 5th aspect or the 5th aspect the first to the 4th kind it is possible
Implementation, this include: so that the HSS requires the request of special Ciphering Key to generate the special Ciphering Key according to this
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
In a sixth possible implementation, in conjunction with the 5th kind of possible implementation of the 5th aspect, which should
EPS AV is converted into UMTS AV format
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
In the 7th kind of possible implementation, in conjunction with second to the 6th kind any possible realization side of the 5th aspect
Formula, the access network elements generate K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
6th aspect, provides a kind of access network elements, comprising: receiving module, processing module, sending module;
The receiving module is for receiving the attach request message from LTE UE;The processing module is used for should
Attach request message is converted to UMTS attach request message;
The sending module is used to the UMTS attach request message being sent to SGSN, so that the SGSN receives this
Sending after UMTS attach request message requires the request of Ciphering Key to give the receiving module;The sending module is also used to
Sending after the receiving module receives the request for requiring Ciphering Key requires the request of special Ciphering Key to give the HSS, so as to
The HSS according to requiring the request of special Ciphering Key to generate the special Ciphering Key, and then so as to the HSS by this it is special authenticate to
Amount is sent to the receiving module;
The receiving module is also used to receive UMTS AKA authentication challenge, which will for the sending module
The special Ciphering Key is sent after being sent to the SGSN by the SGSN;The processing module is also used to the UMTS AKA authentication challenge
It is converted into LTE AKA authentication challenge, which is also used to the LTE AKA authentication challenge being sent to the LTE UE, so as to
The access network elements, the SGSN and the LTE UE complete safety certification.
In the first possible implementation, safety should be completed so as to the access network elements, the SGSN and the LTE UE
Certification includes:
The LTE UE generates RES and key K after verifying the LTE AKA authentication challengeASME;
The receiving module is used to receive the LTE AKA authentication response comprising the RES of LTE UE transmission, so as to the access
Network element, the SGSN and the LTE UE further complete safety certification.
In the second possible implementation, in conjunction with the first possible realization side of the 6th aspect or the 6th aspect
Formula, the special Ciphering Key include XRES, CK and IK;
Should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The processing module is also used to the LTE AKA authentication response comprising the RES being converted to the UMTS AKA comprising the RES
Authentication response, which is also used to should include that the UMTS AKA authentication response of the RES is sent to the SGSN, so as to this
SGSN compares the RES and whether the XRES is identical, and when the comparison result is identical, which is sent to this for the CK and/or IK
Access network elements;
The processing module is also used to generate K according to the CK and/or IKASME, the access network elements and the LTE UE are shared and are somebody's turn to do
KASME。
In the third possible implementation, in conjunction with second of possible implementation of the 6th aspect, the SGSN ratio
Compared with the RES and whether the XRES is identical further includes, and when the comparison result is not identical, stops to carry out safety certification.
In the fourth possible implementation, in conjunction with the 6th aspect or the 6th aspect first to any possibility of third
Implementation, the sending module be also used to after the receiving module receives the request for requiring Ciphering Key send require it is special
The request of Ciphering Key includes: to the HSS
The receiving module be used for receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the processing module goes out for identification;
The processing module, which is also used to be added in the Ciphering Key, indicates that information generates this and requires asking for special Ciphering Key
It asks, which is used to indicate the HSS and generates the special Ciphering Key.
In a fifth possible implementation, in conjunction with the 6th aspect or first to fourth any possibility of the 6th aspect
Implementation, should include: according to requiring the request of special Ciphering Key to generate the special Ciphering Key so as to the HSS
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
In a sixth possible implementation, in conjunction with the 5th kind of possible implementation of the 6th aspect, which should
EPS AV is converted into UMTS AV format
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASME(256bits) is split as two parts, respectively as the CK and the IK of the UMTS AV.
In the 7th kind of possible implementation, in conjunction with second to the 6th any possible realization side of the 6th aspect
Formula, the processing module are further used for according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
Through the above scheme, LTE UE can be made to use 2G/3G network.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, will make below to required in the embodiment of the present invention
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the schematic flow chart of the authentication method of mobile communication system according to an embodiment of the present invention;
Fig. 2 is the signal map flow chart of the authentication method of mobile communication system according to another embodiment of the present invention;
Fig. 3 is the schematic flow chart of the authentication method of mobile communication system according to another embodiment of the present invention;
Fig. 4 is the schematic flow chart of the authentication method of mobile communication system according to another embodiment of the present invention;
Fig. 5 is the schematic block diagram of home subscriber server according to an embodiment of the present invention;
Fig. 6 is the schematic block diagram of GPRS Service support node according to an embodiment of the present invention;
Fig. 7 is the schematic block diagram of access network elements according to an embodiment of the present invention;
Fig. 8 is the schematic block diagram of home subscriber server according to another embodiment of the present invention;
Fig. 9 is the schematic block diagram of GPRS Service support node according to another embodiment of the present invention;
Figure 10 is the schematic block diagram of access network elements according to another embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiment is a part of the embodiments of the present invention, rather than whole embodiments.Based on this hair
Embodiment in bright, those of ordinary skill in the art's every other reality obtained without creative labor
Example is applied, all should belong to the scope of protection of the invention.
It should be understood that the technical solution of the embodiment of the present invention can be applied to various 2G or 3G communication systems, and such as: the whole world is moved
Dynamic communication (Global System of Mobile communication, referred to as " GSM ") system, CDMA (Code
Division Multiple Access, referred to as " CDMA ") system, wideband code division multiple access (Wideband Code
Division Multiple Access, referred to as " WCDMA ") system, General Packet Radio Service (General Packet
Radio Service, referred to as " GPRS "), Universal Mobile Communication System (Universal Mobile
Telecommunication System, referred to as " UMTS "), global interconnection inserting of microwave (Worldwide
Interoperability for Microwave Access, referred to as " WiMAX ") communication system etc..
Access network elements in the embodiment of the present invention are a kind of access network elements of enhancing, for supporting LTE UE access
2G/3G core net.In inventing all embodiments, access network elements can have following function: the function of LTE eNB, LTE UE
It can not need to modify and access 2G/3G core net by the access network elements, and LTE UE is made to think that it is being accessed
Be LTE network, rather than 2G/3G core net;Access network elements in the embodiment of the present invention can also realize part mobility
The function of management entity (Mobility Management Entity, referred to as " MME "), such as to the safeguard protection of NAS signaling
Function.
Fig. 1 shows the schematic stream of the method 100 of the safety certification of mobile communication system according to an embodiment of the present invention
Cheng Tu.As shown in Figure 1, this method 100 includes:
S110, HSS receive the request for the special Ciphering Key of requirement that access network elements are sent, this requires special Ciphering Key
Request by the access network elements receive SGSN transmission requirement Ciphering Key request after send;
S120, the HSS require the request of special Ciphering Key according to this, generate special Ciphering Key;
The special Ciphering Key is sent to the access network elements by S130, the HSS, so as to the access network elements, the SGSN
Safety certification is completed with LTE UE.
In embodiments of the present invention, in order to make LTE UE be able to use 2G or 3G network, identifying in access network elements is
After LTE UE access 2G/3G network, HSS is that the LTE UE generates special Ciphering Key, so as to the SGSN, the access network elements and
The LTE UE completes safety certification, makes LTE UE that 2G or 3G core net can be used.
Optionally, it is the SGSN in the UMTS for receiving access network elements transmission that this, which requires the request of Ciphering Key,
It is sent after attach request message, which is the access network elements by attach
Request message conversion gained, the attach request message are sent by the LTE UE.
Optionally, should include: so that the access network elements, SGSN the and LTE UE complete safety certification
The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN send UMTS AKA authentication challenge to
The access network elements, the access network elements are sent to this after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
LTE UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will
LTE AKA authentication response comprising the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE
UE further completes safety certification.
It optionally, include XRES, CK, IK in the special Ciphering Key;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the SGSN, which compares the RES and whether the XRES is identical, should when the comparison result is identical
The CK and/or IK are sent to the access network elements by SGSN, which generates K according to the CK and/or IKASME, the access
Network element and the LTE UE share the KASME。
Optionally, which compares the RES and whether the XRES is identical further includes, when the comparison result is not identical,
Stop to carry out safety certification.
Optionally, this requires the request of special Ciphering Key to be authenticated by the requirement that the access network elements receive SGSN transmission
It is sent after the request of vector and includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
Optionally, which requires the request of special Ciphering Key according to this, generates special Ciphering Key and includes:
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
Optionally, which is converted into UMTS AV format for the EPS AV and includes:
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Optionally, which generates K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
In the embodiment of the present invention, message transmitted by LTE UE is converted to suitable for 2G or 3G by the access network elements
The message of network, after the scene that LTE UE passes through access network elements access 2G or 3G network is identified by access network elements, HSS
Special Ciphering Key is generated, the safety certification between LTE UE and network is completed by the access network elements, SGSN.It does not need
LTE UE is made an amendment, allow LTE UE through this embodiment in access network elements access 2G or 3G core net, complete
Safety certification simultaneously uses 2G or 3G resources of core network.
Fig. 2 shows the schematic streams of the method 200 of the safety certification of mobile communication system according to an embodiment of the present invention
Cheng Tu.Fig. 2 and its revealed method of explanation, can be based on Fig. 1 of the embodiment of the present invention and based on disclosed in Fig. 1 of the embodiment of the present invention
Method.As shown in Fig. 2, this method 200 includes:
S210, SGSN receive access network elements and send UMTS attach request message, the UMTS attach
Request is the attach request message conversion gained that the access network elements send LTE UE;
S220, the SGSN send the request for requiring Ciphering Key to the access network elements, so as to access network elements reception
After the request for requiring Ciphering Key to this, the request for requiring special Ciphering Key is sent, and then to HSS so that the HSS is according to this
It is required that the request of special Ciphering Key is sent to the access network elements after generating the special Ciphering Key;
S230, the SGSN are received after the special Ciphering Key of the access network elements, send UMTS AKA certification
It challenges and gives the access network elements, so that the SGSN, the access network elements and the LTE UE complete safety certification.
In embodiments of the present invention, after the scene that LTE UE access 2G or 3G core net is identified by access network elements,
Access network elements generate special Ciphering Key according to the request of SGSN, make to the special Ciphering Key of HSS request, HSS
SGSN, access network elements and the LTE UE complete safety certification, and being implemented without under conditions of modifying to LTE UE makes LTE
UE uses 2G or 3G core net.
Optionally, should include: so that the SGSN, the access network elements and the LTE UE complete safety certification
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will include
The LTE AKA authentication response of the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE UE into
One step completes safety certification.
Optionally, which includes XRES, CK, IK;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the SGSN, which compares the RES and whether the XRES is identical, should when the comparison result is identical
The CK and/or IK are sent to the access network elements by SGSN, which generates K according to the CK and/or IKASME, the access
Network element and the LTE UE share the KASME。
Optionally, which compares the RES and whether the XRES is identical further includes, when the comparison result is not identical,
Stop to carry out safety certification.
Optionally, it after the request for requiring Ciphering Key should being received so as to the access network elements, is sent to HSS and requires spy
The request of different Ciphering Key includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.Optionally, special certification should be required according to this so as to the HSS
The request of vector generates the special Ciphering Key
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
Optionally, which is converted into UMTS AV format for the EPS AV and includes:
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Optionally, which generates K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
In the embodiment of the present invention, message transmitted by LTE UE is converted to suitable for 2G or 3G by the access network elements
The message of network, after the scene that LTE UE passes through access network elements access 2G or 3G network is identified by access network elements, HSS
Special Ciphering Key is generated, the safety certification between LTE UE and network is completed by the access network elements, SGSN.It does not need
LTE UE is made an amendment, allow LTE UE through this embodiment in access network elements access 2G or 3G core net, complete
Safety certification simultaneously uses 2G or 3G resources of core network.
Fig. 3 shows the schematic stream of the method 300 of the safety certification of mobile communication system according to an embodiment of the present invention
Cheng Tu.Fig. 3 and its revealed method of explanation based on Fig. 1 of the embodiment of the present invention to Fig. 2 and can be based on figure of the embodiment of the present invention
1 to Fig. 2 revealed method.As shown in figure 3, this method 300 includes:
S310, access network elements will be converted to UMTS attach from the attach request message of LTE UE
Request message;
S320, which is sent to SGSN for the UMTS attach request message, so that the SGSN is received
Sending after the UMTS attach request message requires the request of Ciphering Key to give the access network elements;
S330, the access network elements send the request for requiring special Ciphering Key after receiving the request for requiring Ciphering Key
The HSS is given, so that the HSS is according to requiring the request of special Ciphering Key to generate the special Ciphering Key, and then so that the HSS will
The special Ciphering Key is sent to the access net network element;
S340, the access network elements receive UMTS AKA authentication challenge, which is the access net net
The special Ciphering Key is sent to after the SGSN and is sent by the SGSN by member;
S350, the access network elements are sent to this after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
LTE UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
In embodiments of the present invention, the LTE UE information sent is converted to suitable for 2G or 3G net by access network elements
The information of network system identifies the scene for LTE UE access 2G or 3G network by access network elements, and it is special to be generated by HSS
Ciphering Key enables access network elements, SGSN and LTE UE to complete safety certification so that LTE UE can be used existing 2G or
3G core net.
Optionally, the access network elements, the SGSN and LTE UE completion safety certification include:
The LTE UE generates RES and key K after verifying the LTE AKA authentication challengeASME;
The access network elements receive the LTE AKA authentication response comprising the RES of LTE UE transmission, so as to the access net
Network element, the SGSN and the LTE UE further complete safety certification.
Optionally, which includes XRES, CK and IK;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
LTE AKA authentication response comprising the RES is converted to the certification of the UMTS AKA comprising the RES by the access network elements
Response, which is sent to the SGSN for the UMTS AKA authentication response for including the RES, so that the SGSN compares this
Whether RES and the XRES are identical, and when the comparison result is identical, which is sent to the access net net for the CK and/or IK
Member;
The access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE share the KASME。
Optionally, which compares the RES and whether the XRES is identical further includes, when the comparison result is not identical,
Stop to carry out safety certification.Optionally, which receives to send after the request for requiring Ciphering Key and requires special to recognize
The request of syndrome vector includes: to the HSS
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
Optionally, should include: according to requiring the request of special Ciphering Key to generate the special Ciphering Key so as to the HSS
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
Optionally, which is converted into UMTS AV format for the EPS AV and includes:
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Optionally, which generates K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
In the embodiment of the present invention, message transmitted by LTE UE is converted to suitable for 2G or 3G by the access network elements
The message of network, after identifying scene of the LTE UE by access network elements access 2G or 3G core net by access network elements,
HSS generates special Ciphering Key, and the safety certification between LTE UE and network is completed by the access network elements, SGSN.No
Need to make an amendment LTE UE, allow LTE UE through this embodiment in access network elements access 2G or 3G core net,
It completes safety certification and uses 2G or 3G resources of core network.
Fig. 4 shows the schematic stream of the method 400 of the safety certification of mobile communication system according to an embodiment of the present invention
Cheng Tu.Fig. 1 of the embodiment of the present invention to Fig. 3 and be respectively from different angles based on the revealed method of Fig. 1 of the embodiment of the present invention to Fig. 3
It spends description to method disclosed in the embodiment of the present invention, implementation example figure 1 to Fig. 3 and is based on Fig. 1 of the embodiment of the present invention to Fig. 3 institute
The method of announcement can refer to Fig. 4 and its revealed method of explanation.As shown in figure 4, this method 400 includes:
Optionally, LTE UE is linked into 2G/3G core net by access network elements, builds between LTE UE and access network elements
Vertical RRC connection.
LTE UE sends attach request message to access network elements, and access network elements will receive from LTE UE
The attach request message is converted to the identifiable UMTS attach of 2G/3G core net SGSN in UMTS system
UMTS attach request message after conversion is sent to SGSN by request message, access network elements.
SGSN transmission requires the request of Ciphering Key to give the access network elements, which receives SGSN transmission
This requires the request of Ciphering Key;
It is LTE UE access 2G or 3G network that access network elements, which identify, and further, access network elements can identify
By the UE type of the access network elements, i.e. access network elements can recognize that LTE UE access 2G or 3G network;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for access network elements, this refers to
Show that information is used to indicate the HSS and generates the special Ciphering Key.The special Ciphering Key that the HSS is sent according to the access network elements
Request in instruction information identify this scene be LTE UE access 2G/3G network scene.The HSS generates the special certification
Vector, comprising:
Optionally, which is that the LTE UE generates EPS AV;
Further,
0th bit in the AMF of authentication management domain is set as 1 to indicate this Ciphering Key as EPS AV by HSS;
HSS generates RAND, AUTN, CK, IK and XRES;
HSS deduces to obtain KASME according to CK and IK, and rule of inference can be KASME=KDF (CK, IK), KDF pushes away for key
Drill function;
EPS AV is by KASME, AUTN, XRES, RAND composition, wherein the value of the 0th of the AMF parameter in AUTN bit is
1。
Optionally, which is converted into UMTS AV format for the EPS AV, so that EPS AV can be by existing
UMTS authentication response be sent to SGSN.The method that EPS AV is converted into UMTS AV format include: by EPS AV RAND,
RAND, AUTN and the XRES of AUTN and XRES as UMTS AV, by the K in EPS AVASME(256bits) is split as two parts,
Respectively as the CK (128bits) and IK (128bits) of UMTS AV.After the EPS AV is converted into UMTS AV format,
The value of the 0th bit of AMF in AUTN remains as 1.Resulting vector is to be somebody's turn to do after the EPS AV is converted into UMTS AV format
Special Ciphering Key.
The special Ciphering Key is transferred to the access network elements by the HSS, and access network elements are again by the special Ciphering Key
It is sent to the SGSN;
The SGSN executes UMTS AKA identifying procedure according to the special Ciphering Key received from the access network elements.SGSN
UMTS AKA authentication challenge is sent to access network elements, includes RAND and AUTN in the UMTS AKA authentication challenge.
The UMTS AKA authentication challenge received is converted into LTE AKA authentication challenge by access network elements.UMTS AKA recognizes
RAND and AUTN in card challenge are placed in LTE AKA authentication challenge and are sent to LTE UE.
LTE UE verifies AUTN.Further, since the value of the 0th bit of AMF in AUTN is 1, LTE UE meeting
Pass through the inspection to AMF.LTE UE generates RES and key KASME。
LTE UE sends LTE AKA authentication response to access network elements, includes RES in the LTE AKA authentication response.
LTE AKA authentication response is converted to UMTS AKA authentication response by access network elements, will be in LTE AKA authentication response
The RES be placed in UMTS AKA authentication response and be sent to SGSN.
SGSN compares the RES and whether the XRES is identical.
Optionally, if comparison result is that the RES and the XRES be not identical, stop to carry out safety certification;
Optionally, if comparison result is that the RES is identical with the XRES, SGSN initiates safety mode process, in safety
In mode process, CK and/or IK are sent to access network elements.
Optionally, access network elements generate K according to CK and/or IKASME.Optionally, access network elements are raw according to CK and/or IK
At KASMECreate-rule be KASME=CK | | IK, " | | " indicate series connection, i.e., IK is added in behind CK.
Access network elements and LTE UE shared key KASME。
Optionally, LTE NAS SMC process is executed between access network elements and LTE UE and LTE AS SMC process is established
LTE eats dishes without rice or wine safety.
In the embodiment of the present invention, message transmitted by LTE UE is converted to suitable for 2G or 3G by the access network elements
The message of network, after identifying scene of the LTE UE by access network elements access 2G or 3G core net by SGSN, HSS is generated
Special Ciphering Key completes the safety certification between LTE UE and network by the access network elements, SGSN.It does not need pair
LTE UE makes an amendment, allow LTE UE through this embodiment in access network elements access 2G or 3G core net, complete peace
It is complete to authenticate and use 2G or 3G resources of core network.
Fig. 5 shows the home subscriber server 500 of the safety certification of mobile communication system according to an embodiment of the present invention
Schematic block diagram.Fig. 5 and its revealed device of explanation, can be based on Fig. 1 to Fig. 4 of the embodiment of the present invention and based on the present invention
The revealed method of embodiment Fig. 1 to Fig. 4.As shown in figure 5, home subscriber server HSS500 includes: receiving module 510,
Processing module 520, sending module 530;
The receiving module 510 is used to receive the request of the special Ciphering Key of requirement of access network elements transmission, and the requirement is special
The request of different Ciphering Key is sent after receiving the request of the requirement Ciphering Key of SGSN transmission by the access network elements;
The processing module 520 is used to require the request of special Ciphering Key according to this, generates special Ciphering Key;
The sending module 530 is used to the special Ciphering Key being sent to the access network elements, so as to the access network elements,
SGSN the and LTE UE completes safety certification.
In embodiments of the present invention, in order to make LTE UE be able to use 2G or 3G network, identifying in access network elements is
After LTE UE access 2G/3G core net, HSS is that the LTE UE generates special Ciphering Key, so as to the SGSN, the access network elements
Safety certification is completed with the LTE UE, makes LTE UE that 2G or 3G core net can be used.
Optionally, it is the SGSN in the UMTS for receiving access network elements transmission that this, which requires the request of Ciphering Key,
It is sent after attach request message, which is the access network elements by attach
Request message conversion gained, the attach request message are sent by the LTE UE.
Optionally,
Should include: so that the access network elements, SGSN the and LTE UE complete safety certification
The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN send UMTS AKA authentication challenge to
The access network elements, the access network elements are sent to this after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
LTE UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will
LTE AKA authentication response comprising the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE
UE further completes safety certification.
It optionally, include XRES, CK, IK in the special Ciphering Key;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the SGSN, which compares the RES and whether the XRES is identical, should when the comparison result is identical
The CK and/or IK are sent to the access network elements by SGSN, which generates K according to the CK and/or IKASME, the access
Network element and the LTE UE share the KASME。
Optionally, which compares the RES and whether the XRES is identical further includes, when the comparison result is not identical,
Stop to carry out safety certification.
Optionally, this requires the request of special Ciphering Key to be authenticated by the requirement that the access network elements receive SGSN transmission
It is sent after the request of vector and includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
Optionally, which is used to require the request of special Ciphering Key according to this, generates special Ciphering Key
Include:
The processing module 520 is used to generate EPS AV for the LTE UE;
Further,
The processing module 520 is used to the 0th bit in the AMF of authentication management domain being set as 1 to indicate this Ciphering Key as EPS
AV;
The processing module 520 is for generating RAND, AUTN, CK, IK and XRES;
For the processing module 520 for being deduced to obtain KASME according to CK and IK, rule of inference can be KASME=KDF (CK,
IK), KDF is secret key deduction function;
EPS AV is by KASME, AUTN, XRES, RAND composition, wherein the value of the 0th of the AMF parameter in AUTN bit is
1。
Optionally, which is used to the EPS AV being converted into UMTS AV format, so that EPS AV
SGSN can be sent to by existing UMTS authentication response.The method that EPS AV is converted into UMTS AV format includes: by EPS
RAND, AUTN and the XRES of RAND, AUTN and XRES as UMTS AV in AV, by the K in EPS AVASME(256bits) is torn open
It is divided into two parts, respectively as the CK (128bits) and IK (128bits) of UMTS AV.The EPS AV is converted into UMTS AV lattice
After formula format, the value of the 0th bit of the AMF in AUTN remains as 1.After the EPS AV is converted into UMTS AV format
Resulting vector is the special Ciphering Key.Optionally, which generates K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME." | | " indicate
IK, i.e., be added in behind CK by series connection.In the embodiment of the present invention, message transmitted by LTE UE is converted by the access network elements
For the message suitable for 2G or 3G network, identify that LTE UE accesses 2G or 3G net by the access network elements by access network elements
After the scene of network, HSS generates special Ciphering Key, is completed between LTE UE and network by the access network elements, SGSN
Safety certification.Do not need to make an amendment LTE UE, allow LTE UE through this embodiment in access network elements access 2G
Or 3G core net, it completes safety certification and uses 2G or 3G resources of core network.
Fig. 6 shows the GPRS Service support node of the safety certification of mobile communication system according to an embodiment of the present invention
600 schematic block diagram.Fig. 6 and its revealed device of explanation, can be based on Fig. 1 to Fig. 4 of the embodiment of the present invention and based on this
The revealed method of inventive embodiments Fig. 1 to Fig. 4 can also be based on the revealed device of Fig. 5 and Fig. 5 of the embodiment of the present invention.
As shown in fig. 6, GPRS Service support node SGSN600 includes: receiving module 610;Sending module 620;
The receiving module 610 is used to receive the UMTS attach request message of access network elements transmission, the UMTS
Attach request message is the attach request message conversion gained that the access network elements send LTE UE;
The sending module 620 is used to send the request for requiring Ciphering Key to the access network elements, so as to the access net net
After member receives the request for requiring Ciphering Key, the request for requiring special Ciphering Key is sent, and then to HSS so as to the HSS
The access network elements are sent to after requiring the request of special Ciphering Key to generate the special Ciphering Key according to this;
The receiving module 610 is also used to receive the special Ciphering Key from the access network elements, the sending module
620, which are also used to transmission UMTS AKA authentication challenge after the receiving module 610 receives the special Ciphering Key, gives the access net net
Member, so that the SGSN, the access network elements and the LTE UE complete safety certification.
In embodiments of the present invention, it after the scene that LTE UE access 2G or 3G network are identified by access network elements, connects
Network element generates special Ciphering Key according to the request to the special Ciphering Key of HSS request, HSS, makes SGSN, access net
Network element and the LTE UE complete safety certification, be implemented without under conditions of modifying to LTEUE make LTE UE using 2G or
3G core net.
Optionally, should include: so that the SGSN, the access network elements and the LTE UE complete safety certification
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will include
The LTE AKA authentication response of the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE UE into
One step completes safety certification.
Optionally, which further includes processing module 630;
Optionally, which includes XRES, CK, IK;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the receiving module 610, and whether the processing module 630 is identical for comparing the RES and the XRES, when this compares
When being as a result identical, which is sent to the access network elements for the CK and/or IK, and the access network elements are according to the CK
And/or IK generates KASME, the CK and/or IK send by the sending module 620, and the access network elements and the LTE UE share the KASMF。
Optionally, the processing module 630 is for comparing the RES and whether the XRES is identical further includes, when the comparison result
When being not identical, stop to carry out safety certification.
Optionally, it after the request for requiring Ciphering Key should being received so as to the access network elements, is sent to HSS and requires spy
The request of different Ciphering Key includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
Optionally, should include: so that the HSS requires the request of special Ciphering Key to generate the special Ciphering Key according to this
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
Optionally, which is converted into UMTS AV format for the EPS AV and includes:
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Optionally, which generates K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
In the embodiment of the present invention, message transmitted by LTE UE is converted to suitable for 2G or 3G by the access network elements
The message of network, after identifying scene of the LTE UE by access network elements access 2G or 3G core net by SGSN, HSS is generated
Special Ciphering Key completes the safety certification between LTE UE and network by the access network elements, SGSN.It does not need pair
LTE UE makes an amendment, allow LTE UE through this embodiment in access network elements access 2G or 3G core net, complete peace
It is complete to authenticate and use 2G or 3G resources of core network.
Fig. 7 shows showing for the access network elements 700 of the safety certification of mobile communication system according to an embodiment of the present invention
Meaning property block diagram.Fig. 7 and its revealed device of explanation can be implemented based on Fig. 1 to Fig. 4 of the embodiment of the present invention and based on the present invention
The example revealed method of Fig. 1 to Fig. 4, can also be based on the revealed dress of Fig. 5 of the embodiment of the present invention to Fig. 6 and Fig. 5 to Fig. 6
It sets.As shown in fig. 7, the access network elements 700 include: receiving module 710, processing module 720, sending module 730;
The receiving module 710 is for receiving the attach request message from LTE UE;The processing module 720 is used for
The attach request message is converted into UMTS attach request message;
The sending module 730 is used to the UMTS attach request message being sent to SGSN, so that the SGSN is received
Sending after the UMTS attach request message requires the request of Ciphering Key to give the receiving module 710;The sending module
730 are also used to send the request for requiring special Ciphering Key after the receiving module 710 receives the request for requiring Ciphering Key
The HSS is given, so that the HSS is according to requiring the request of special Ciphering Key to generate the special Ciphering Key, and then so that the HSS will
The special Ciphering Key is sent to the receiving module 710;
The receiving module 710 is also used to receive UMTS AKA authentication challenge, which is the transmission mould
The special Ciphering Key is sent to after the SGSN and is sent by the SGSN by block 730;The processing module 720 is also used to the UMTS
AKA authentication challenge is converted into LTE AKA authentication challenge, which is also used to for the LTE AKA authentication challenge being sent to
The LTE UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
In embodiments of the present invention, the LTE UE information sent is converted to suitable for 2G or 3G net by access network elements
The information of network system identifies the scene for LTE UE access 2G or 3G network by access network elements, and it is special to be generated by HSS
Ciphering Key enables access network elements, SGSN and LTE UE to complete safety certification so that LTE UE can be used existing 2G or
3G core net.
Optionally, the access network elements, the SGSN and LTE UE completion safety certification include:
The LTE UE generates RES and key K after verifying the LTE AKA authentication challengeASME;
The receiving module 710 is used to receive the LTE AKA authentication response comprising the RES of LTE UE transmission, so as to this
Access network elements, the SGSN and the LTE UE further complete safety certification.
Optionally, which includes XRES, CK and IK;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The processing module 720 is also used to the LTE AKA authentication response comprising the RES being converted to the UMTS comprising the RES
AKA authentication response, the sending module 730 are also used to should include that the UMTS AKA authentication response of the RES is sent to the SGSN, with
Just the SGSN compares the RES and whether the XRES is identical, and when the comparison result is identical, which sends the CK and/or IK
Give the access network elements;
The processing module 720 is also used to generate K according to the CK and/or IKASME, the access network elements and the LTE UE are shared
The KASME。
Optionally, which compares the RES and whether the XRES is identical further includes, when the comparison result is not identical,
Stop to carry out safety certification.
Optionally, which is also used to send out after the receiving module 710 receives the request for requiring Ciphering Key
The request for requiring special Ciphering Key is sent to include: to the HSS
The receiving module 710 be used for receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the processing module 720 goes out for identification;
The processing module 720, which is also used to be added in the Ciphering Key, indicates that information generates this and requires special Ciphering Key
Request, the instruction information are used to indicate the HSS and generate the special Ciphering Key.
Optionally, should include: according to requiring the request of special Ciphering Key to generate the special Ciphering Key so as to the HSS
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
Optionally, which is converted into UMTS AV format for the EPS AV and includes:
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASME(256bits) is split as two parts, respectively as the CK and the IK of the UMTS AV.
Optionally, which is further used for according to create-rule KASME=CK | | IK, according to the CK and/or IK
Generate the KASME." | | " indicate series connection, i.e., IK is added in behind CK.
In the embodiment of the present invention, message transmitted by LTE UE is converted to suitable for 2G or 3G by the access network elements
The message of network, after the scene that LTE UE passes through access network elements access 2G or 3G network is identified by access network elements, HSS
Special Ciphering Key is generated, the safety certification between LTE UE and network is completed by the access network elements, SGSN.It does not need
LTE UE is made an amendment, allow LTE UE through this embodiment in access network elements access 2G or 3G core net, complete
Safety certification simultaneously uses 2G or 3G resources of core network.
Fig. 8 shows the user attaching server 800 of the safety certification of mobile communication system according to an embodiment of the present invention
Schematic block diagram.Fig. 8 and its revealed device of explanation, can be based on Fig. 1 to Fig. 4 of the embodiment of the present invention and based on the present invention
The revealed method of embodiment Fig. 1 to Fig. 4, and based on Fig. 5 of the embodiment of the present invention to Fig. 7 and it is based on figure of the embodiment of the present invention
5 to Fig. 7 revealed devices.As shown in figure 8, user attaching server HSS800 includes: receiver 810, processor 820,
Transmitter 830;
The receiver 810 is used to receive the request of the special Ciphering Key of requirement of access network elements transmission, this requires special
The request of Ciphering Key by the access network elements receive SGSN transmission requirement Ciphering Key request after send;
The processor 820 is used to require the request of special Ciphering Key according to this, generates special Ciphering Key;
The transmitter 830 is used to the special Ciphering Key being sent to the access network elements, so as to the access network elements, is somebody's turn to do
SGSN and LTE UE completes safety certification.
In embodiments of the present invention, in order to make LTE UE be able to use 2G or 3G network, identifying in access network elements is
After LTE UE access 2G/3G core net, HSS is that the LTE UE generates special Ciphering Key, so as to the SGSN, the access network elements
Safety certification is completed with the LTE UE, makes LTE UE that 2G or 3G core net can be used.
Optionally, it is the SGSN in the UMTS for receiving access network elements transmission that this, which requires the request of Ciphering Key,
It is sent after attach request message, which is the access network elements by attach
Request message conversion gained, the attach request message are sent by the LTE UE.
Optionally,
Should include: so that the access network elements, SGSN the and LTE UE complete safety certification
The special Ciphering Key is sent to the SGSN by the access network elements, the SGSN send UMTS AKA authentication challenge to
The access network elements, the access network elements are sent to this after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
LTE UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will
LTE AKA authentication response comprising the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE
UE further completes safety certification.
It optionally, include XRES, CK, IK in the special Ciphering Key;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the SGSN, which compares the RES and whether the XRES is identical, should when the comparison result is identical
The CK and/or IK are sent to the access network elements by SGSN, which generates K according to the CK and/or IKASME, the access
Network element and the LTE UE share the KASME。
Optionally, which compares the RES and whether the XRES is identical further includes, when the comparison result is not identical,
Stop to carry out safety certification.
Optionally, this requires the request of special Ciphering Key to be authenticated by the requirement that the access network elements receive SGSN transmission
It is sent after the request of vector and includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
Optionally, which is used to require the request of special Ciphering Key according to this, generates special Ciphering Key packet
It includes:
The processor 820 is used to generate EPS AV for the LTE UE;
Further,
The processor 820 is used to the 0th bit in the AMF of authentication management domain being set as 1 to indicate this Ciphering Key as EPS
AV;
The processor 820 is for generating RAND, AUTN, CK, IK and XRES;
For the processor 820 for being deduced to obtain KASME according to CK and IK, rule of inference can be KASME=KDF (CK,
IK), KDF is secret key deduction function;
EPS AV is by KASME, AUTN, XRES, RAND composition, wherein the value of the 0th of the AMF parameter in AUTN bit is
1。
Optionally, which is used to the EPS AV being converted into UMTS AV format, so that EPS AV can
To be sent to SGSN by existing UMTS authentication response.The method that EPS AV is converted into UMTS AV format includes: by EPS AV
In RAND, AUTN and XRES as UMTS AV of RAND, AUTN and XRES, by the K in EPS AVASME(256bits) is split
For two parts, respectively as the CK (128bits) and IK (128bits) of UMTS AV.The EPS AV is converted into UMTS AV format
After format, the value of the 0th bit of the AMF in AUTN remains as 1.The EPS AV is converted into institute after UMTS AV format
The vector obtained is the special Ciphering Key.Optionally, which generates K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME." | | " indicate
IK, i.e., be added in behind CK by series connection.In the embodiment of the present invention, message transmitted by LTE UE is converted by the access network elements
For the message suitable for 2G or 3G network, identify that LTE UE accesses 2G or 3G net by the access network elements by access network elements
After the scene of network, HSS generates special Ciphering Key, is completed between LTE UE and network by the access network elements, SGSN
Safety certification.Do not need to make an amendment LTE UE, allow LTE UE through this embodiment in access network elements access 2G
Or 3G core net, it completes safety certification and uses 2G or 3G resources of core network.
Fig. 9 shows the GPRS Service support node of the safety certification of mobile communication system according to an embodiment of the present invention
900 schematic block diagram.Fig. 9 and its revealed device of explanation, can be based on Fig. 1 to Fig. 4 of the embodiment of the present invention and based on this
The revealed method of inventive embodiments Fig. 1 to Fig. 4 can also be based on the revealed device of Fig. 5 and Fig. 8 of the embodiment of the present invention.
As shown in figure 9, GPRS Service support node SGSN900 includes: receiver 910;Transmitter 920;
The receiver 910 is used to receive the UMTS attach request message of access network elements transmission, the UMTS
Attach request message is the attach request message conversion gained that the access network elements send LTE UE;
The transmitter 920 is used to send the request for requiring Ciphering Key to the access network elements, so as to the access network elements
After receiving the request for requiring Ciphering Key, the request for requiring special Ciphering Key is sent, and then to HSS so as to the HSS root
The access network elements are sent to after requiring the request of special Ciphering Key to generate the special Ciphering Key according to this;
The receiver 910 is also used to receive the special Ciphering Key from the access network elements, and the transmitter 920 is also
Transmission UMTS AKA authentication challenge gives the access network elements after receiving the special Ciphering Key for the receiver 910, so as to
The SGSN, the access network elements and the LTE UE complete safety certification.
In embodiments of the present invention, it after the scene that LTE UE access 2G or 3G network are identified by access network elements, connects
Network element generates special Ciphering Key according to the request to the special Ciphering Key of HSS request, HSS, makes SGSN, access net
Network element and the LTE UE complete safety certification, be implemented without under conditions of modifying to LTEUE make LTE UE using 2G or
3G core net.
Optionally, should include: so that the SGSN, the access network elements and the LTE UE complete safety certification
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, which will include
The LTE AKA authentication response of the RES is sent to the access network elements, so as to the access network elements, the SGSN and the LTE UE into
One step completes safety certification.
Optionally, which further includes processor 930;
Optionally, which includes XRES, CK, IK;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and recognizes the UMTS AKA by the access network elements
Card response is sent to the receiver 910, and whether the processor 930 is identical for comparing the RES and the XRES, when the comparison result
When being identical, which is sent to the access network elements for the CK and/or IK, and the access network elements are according to the CK and/or IK
Generate KASME, the CK and/or IK send by the transmitter 920, and the access network elements and the LTE UE share the KASME。
Optionally, the processor 930 is for comparing the RES and whether the XRES is identical further includes, when the comparison result is
When not identical, stop to carry out safety certification.
Optionally, it after the request for requiring Ciphering Key should being received so as to the access network elements, is sent to HSS and requires spy
The request of different Ciphering Key includes:
The access network elements receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements, should
Instruction information is used to indicate the HSS and generates the special Ciphering Key.
Optionally, should include: so that the HSS requires the request of special Ciphering Key to generate the special Ciphering Key according to this
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
Optionally, which is converted into UMTS AV format for the EPS AV and includes:
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
Optionally, which generates K according to the CK and/or IKASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
In the embodiment of the present invention, message transmitted by LTE UE is converted to suitable for 2G or 3G by the access network elements
The message of network, after identifying scene of the LTE UE by access network elements access 2G or 3G core net by SGSN, HSS is generated
Special Ciphering Key completes the safety certification between LTE UE and network by the access network elements, SGSN.It does not need pair
LTE UE makes an amendment, allow LTE UE through this embodiment in access network elements access 2G or 3G core net, complete peace
It is complete to authenticate and use 2G or 3G resources of core network.
Figure 10 shows the access network elements 1000 of the safety certification of mobile communication system according to an embodiment of the present invention
Schematic block diagram.Figure 10 and its revealed device of explanation, can be based on Fig. 1 to Fig. 4 of the embodiment of the present invention and based on the present invention
The revealed method of embodiment Fig. 1 to Fig. 4, can also be revealed based on Fig. 5 of the embodiment of the present invention to Fig. 9 and Fig. 5 to Fig. 9
Device.As shown in Figure 10, which includes: receiver 1010, processor 1020, transmitter 1030;
The receiver 1010 is for receiving the attach request message from LTE UE;The processor 1020 is used for will
The attach request message is converted to UMTS attach request message;
The transmitter 1030 is used to the UMTS attach request message being sent to SGSN, so that the SGSN is received
Sending after the UMTS attach request message requires the request of Ciphering Key to give the receiver 1010;The transmitter 1030
Being also used to send after the receiver 1010 receives the request for requiring Ciphering Key requires the request of special Ciphering Key to this
HSS, so that the HSS is according to requiring the request of special Ciphering Key to generate the special Ciphering Key, and then so that the HSS is by the spy
Different Ciphering Key is sent to the receiver 1010;
The receiver 1010 is also used to receive UMTS AKA authentication challenge, which is the transmitter
The special Ciphering Key is sent to after the SGSN and is sent by the SGSN by 1030;The processor 1020 is also used to the UMTS AKA
Authentication challenge is converted into LTE AKA authentication challenge, which is also used to the LTE AKA authentication challenge being sent to this
LTE UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
In embodiments of the present invention, the LTE UE information sent is converted to suitable for 2G or 3G net by access network elements
The information of network system identifies the scene for LTE UE access 2G or 3G network by access network elements, and it is special to be generated by HSS
Ciphering Key enables access network elements, SGSN and LTE UE to complete safety certification so that LTE UE can be used existing 2G or
3G core net.
Optionally, the access network elements, the SGSN and LTE UE completion safety certification include:
The LTE UE generates RES and key K after verifying the LTE AKA authentication challengeASME;
The receiver 1010 is used to receive the LTE AKA authentication response comprising the RES of LTE UE transmission, so that this connects
Network element, the SGSN and the LTE UE further complete safety certification.
Optionally, which includes XRES, CK and IK;
Optionally, should include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The processor 1020 is also used to the LTE AKA authentication response comprising the RES being converted to the UMTS comprising the RES
AKA authentication response, the transmitter 1030 are also used to should include that the UMTS AKA authentication response of the RES is sent to the SGSN, with
Just the SGSN compares the RES and whether the XRES is identical, and when the comparison result is identical, which sends the CK and/or IK
Give the access network elements;
The processor 1020 is also used to generate K according to the CK and/or IKASME, the access network elements and the LTE UE are shared and are somebody's turn to do
KASME。
Optionally, which compares the RES and whether the XRES is identical further includes, when the comparison result is not identical,
Stop to carry out safety certification.
Optionally, which is also used to send after the receiver 1010 receives the request for requiring Ciphering Key
It is required that the request of special Ciphering Key includes: to the HSS
The receiver 1010 be used for receive the SGSN transmission this require the request of Ciphering Key;
It is LTE UE access 2G or 3G network that the processor 1020 goes out for identification;
The processor 1020, which is also used to be added in the Ciphering Key, indicates that information generates this and requires special Ciphering Key
Request, the instruction information are used to indicate the HSS and generate the special Ciphering Key.
Optionally, should include: according to requiring the request of special Ciphering Key to generate the special Ciphering Key so as to the HSS
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, which is that this is special
Ciphering Key.
Optionally, which is converted into UMTS AV format for the EPS AV and includes:
The HSS makees the AUTN in the EPS AV for the RAND in the EPS AV as the RAND of the UMTS AV, the HSS
For the AUTN of the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, and the HSS is by the EPS AV
In KASME
(256bits) is split as two parts, respectively as the CK and the IK of the UMTS AV.
Optionally, which is further used for according to create-rule KASME=CK | | IK, according to the CK and/or IK
Generate the KASME." | | " indicate series connection, i.e., IK is added in behind CK.
In the embodiment of the present invention, message transmitted by LTE UE is converted to suitable for 2G or 3G by the access network elements
The message of network, after the scene that LTE UE passes through access network elements access 2G or 3G network is identified by access network elements, HSS
Special Ciphering Key is generated, the safety certification between LTE UE and network is completed by the access network elements, SGSN.It does not need
LTE UE is made an amendment, allow LTE UE through this embodiment in access network elements access 2G or 3G core net, complete
Safety certification simultaneously uses 2G or 3G resources of core network.
Through the above description of the embodiments, it is apparent to those skilled in the art that the present invention can be with
It is realized with hardware realization or firmware realization or their combination mode.It when implemented in software, can be by above-mentioned function
Storage in computer-readable medium or as on computer-readable medium one or more instructions or code transmitted.Meter
Calculation machine readable medium includes computer storage media and communication media, and wherein communication media includes convenient for from a place to another
Any medium of a place transmission computer program.Storage medium can be any usable medium that computer can access.With
For this but be not limited to: computer-readable medium may include RAM, ROM, EEPROM, CD-ROM or other optical disc storages, disk
Storage medium or other magnetic storage apparatus or can be used in carry or store have instruction or data structure form expectation
Program code and can be by any other medium of computer access.Furthermore.Any connection appropriate can become computer
Readable medium.For example, if software is using coaxial cable, optical fiber cable, twisted pair, Digital Subscriber Line (DSL) or such as
The wireless technology of infrared ray, radio and microwave etc is transmitted from website, server or other remote sources, then coaxial electrical
The wireless technology of cable, optical fiber cable, twisted pair, DSL or such as infrared ray, wireless and microwave etc includes in affiliated medium
In fixing.As used in the present invention, disk (Disk) and dish (disc) are logical including compression optical disc (CD), laser disc, optical disc, number
With optical disc (DVD), floppy disk and Blu-ray Disc, the usually magnetic replicate data of which disk, and dish is then with laser come optical duplication
Data.Combination above should also be as including within the protection scope of computer-readable medium.
In short, being not intended to limit of the invention the foregoing is merely the preferred embodiment of technical solution of the present invention
Protection scope.All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in
Within protection scope of the present invention.
Claims (50)
1. a kind of safety certifying method of mobile communication system characterized by comprising
Home subscriber server HSS receive access network elements send the special Ciphering Key of requirement request, it is described require it is special
The request of Ciphering Key is received the requirement Ciphering Key of GPRS Service support node SGSN transmission by the access network elements
It is sent after request;
The HSS generates special Ciphering Key according to the request for requiring special Ciphering Key;
The special Ciphering Key is sent to the access network elements by the HSS, so as to the access network elements, the SGSN
Safety certification is completed with LTE UE.
2. the method according to claim 1, wherein the request for requiring Ciphering Key is that the SGSN is connecing
It is sent after receiving the UMTS attach request message that the access network elements are sent, the UMTS attach request attach
Request message, which is the access network elements, converts gained, the attach for attach request attach request message
Request message is sent by the LTE UE.
3. method according to claim 1 or 2, which is characterized in that it is described so as to the access network elements, the SGSN and
LTE UE completes safety certification
The special Ciphering Key is sent to the SGSN by the access network elements, and the SGSN sends UMTS AKA certification and chooses
It fights to the access network elements, the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge by the access network elements
After be sent to the LTE UE, the LTE UE is verified according to the LTE AKA authentication challenge and is generated RES and key
KASMEAfterwards, the LTE AKA authentication response comprising the RES is sent to the access network elements by the LTE UE, so as to described
Access network elements, the SGSN and the LTE UE further complete safety certification.
4. method according to claim 1 or 2, which is characterized in that
It include XRES, CK, IK in the special Ciphering Key;
It is described to include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and by the UMTS AKA by the access network elements
Authentication response is sent to the SGSN, and whether the SGSN RES and XRES is identical, when the comparison result is
When identical, the CK and/or IK are sent to the access network elements by the SGSN, the access network elements according to the CK and
Or IK generates KASME, the access network elements and the LTE UE share the KASME。
5. according to the method described in claim 4, it is characterized in that, the SGSN RES and the XRES whether phase
It is same to further include, when the comparison result is not identical, stop to carry out safety certification.
6. the method according to claim 1, wherein the request for requiring special Ciphering Key is by the access
Network element receive SGSN transmission requirement Ciphering Key request after send include:
The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements,
The instruction information is used to indicate the HSS and generates the special Ciphering Key.
7. according to the method described in claim 4, it is characterized in that, the HSS requires asking for special Ciphering Key according to described
It asks, generating special Ciphering Key includes:
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, and the EPS AV for being converted to UMTS AV format is described
Special Ciphering Key.
8. the method according to the description of claim 7 is characterized in that the EPS AV is converted into UMTS AV format by the HSS
Include:
For the HSS using the RAND in the EPS AV as the RAND of the UMTS AV, the HSS will be in the EPS AV
AUTN of the AUTN as the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, institute
HSS is stated by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
9. according to the method described in claim 4, it is characterized in that, the access network elements are generated according to the CK and/or IK
KASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
10. a kind of safety certifying method of mobile communication system characterized by comprising
SGSN receives access network elements and sends UMTS attach request message, the UMTS attach request message
It is the attach request message conversion gained that the access network elements send LTE UE;
The SGSN sends the request for requiring Ciphering Key to the access network elements, so that the access network elements receive institute
After stating the request for requiring Ciphering Key, the request for requiring special Ciphering Key is sent, and then to HSS so that the HSS is according to institute
It states and is sent to the access network elements after requiring the request of special Ciphering Key to generate the special Ciphering Key;
The SGSN is received after the special Ciphering Key of the access network elements, sends UMTS AKA authentication challenge
To the access network elements, so that the SGSN, the access network elements and the LTE UE complete safety certification.
11. according to the method described in claim 10, it is characterized in that, it is described so as to the SGSN, the access network elements and
The LTE UE completes safety certification
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, the LTE UE
LTE AKA authentication response comprising the RES is sent to the access network elements, so as to access network elements, described
SGSN and the LTE UE further complete safety certification.
12. method described in 0 or 11 according to claim 1, which is characterized in that
The special Ciphering Key includes XRES, CK, IK;
It is described to include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and by the UMTS AKA by the access network elements
Authentication response is sent to the SGSN, and whether the SGSN RES and XRES is identical, when the comparison result is
When identical, the CK and/or IK are sent to the access network elements by the SGSN, the access network elements according to the CK and
Or IK generates KASME, the access network elements and the LTE UE share the KASME。
13. according to the method for claim 12, which is characterized in that whether the SGSN RES and XRES
It is identical to further include, when the comparison result is not identical, stop to carry out safety certification.
14. according to the method described in claim 10, it is characterized in that, described so that the access network elements receive described want
After the request for seeking Ciphering Key, the request for requiring special Ciphering Key to HSS transmission includes:
The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements,
The instruction information is used to indicate the HSS and generates the special Ciphering Key.
15. according to the method for claim 12, which is characterized in that described so that the HSS requires special to recognize according to described
The request of syndrome vector generates the special Ciphering Key
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, and the EPS AV for being converted to UMTS AV format is described
Special Ciphering Key.
16. according to the method for claim 15, which is characterized in that the EPS AV is converted into UMTS AV lattice by the HSS
Formula includes:
For the HSS using the RAND in the EPS AV as the RAND of the UMTS AV, the HSS will be in the EPS AV
AUTN of the AUTN as the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, institute
HSS is stated by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
17. according to the method for claim 12, which is characterized in that the access network elements are generated according to the CK and/or IK
KASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
18. a kind of safety certifying method of mobile communication system characterized by comprising
Access network elements will be converted to UMTS attach request from the attach request message of LTE UE and disappear
Breath;
The UMTS attach request message is sent to SGSN by the access network elements, so that the SGSN receives institute
Transmission requires the request of Ciphering Key to the access network elements after stating UMTS attach request message;
The access network elements receive send after the request for requiring Ciphering Key require the request of special Ciphering Key to
HSS, so that the HSS generates the special Ciphering Key according to the request for requiring special Ciphering Key, and then with toilet
It states HSS and the special Ciphering Key is sent to the access net network element;
The access network elements receive UMTS AKA authentication challenge, and the UMTS AKA authentication challenge will for the access network elements
The special Ciphering Key is sent after being sent to the SGSN by the SGSN;
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
19. according to the method for claim 18, which is characterized in that it is described so as to the access network elements, the SGSN and
The LTE UE completes safety certification
The LTE UE generates RES and key K after verifying the LTE AKA authentication challengeASME;
The access network elements receive the LTE AKA authentication response comprising the RES that the LTE UE is sent, and connect so as to described
Network element, the SGSN and the LTE UE further complete safety certification.
20. method described in 8 or 19 according to claim 1, which is characterized in that
The special Ciphering Key includes XRES, CK and IK;
It is described to include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
LTE AKA authentication response comprising the RES is converted to the UMTS AKA comprising the RES by the access network elements to be recognized
Card response, the UMTS AKA authentication response comprising the RES is sent to the SGSN by the access network elements, with toilet
Whether identical state the SGSN RES and the XRES, when the comparison result is identical, the SGSN by the CK and
Or IK is sent to the access network elements;
The access network elements generate K according to the CK and/or IKASME, the access network elements and the LTE UE are shared described
KASME。
21. according to the method for claim 20, which is characterized in that whether the SGSN RES and XRES
It is identical to further include, when the comparison result is not identical, stop to carry out safety certification.
22. according to the method for claim 18, which is characterized in that the access network elements, which receive, described requires Ciphering Key
Request after send and require the request of special Ciphering Key to include: to the HSS
The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements,
The instruction information is used to indicate the HSS and generates the special Ciphering Key.
23. according to the method for claim 20, which is characterized in that it is described so as to the HSS according to require it is special authenticate to
The request of amount generates the special Ciphering Key
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, and the EPS AV for being converted to UMTS AV format is described
Special Ciphering Key.
24. according to the method for claim 23, which is characterized in that the EPS AV is converted into UMTS AV lattice by the HSS
Formula includes:
For the HSS using the RAND in the EPS AV as the RAND of the UMTS AV, the HSS will be in the EPS AV
AUTN of the AUTN as the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, institute
HSS is stated by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
25. according to the method for claim 20, which is characterized in that the access network elements are generated according to the CK and/or IK
KASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
26. a kind of HSS characterized by comprising receiving module, processing module, sending module;
The receiving module is used to receive the request of the special Ciphering Key of requirement of access network elements transmission, described to require special to recognize
The request of syndrome vector by the access network elements receive SGSN transmission requirement Ciphering Key request after send;
The processing module is used to generate special Ciphering Key according to the request for requiring special Ciphering Key;
The sending module is used to the special Ciphering Key being sent to the access network elements, so as to the access net net
First, the described SGSN and LTE UE completes safety certification.
27. HSS according to claim 26, which is characterized in that the request for requiring Ciphering Key is that the SGSN exists
It is sent after receiving the UMTS attach request message that the access network elements are sent, the UMTS attach
Request message is the access network elements by attach request message conversion gained, and the attach request disappears
Breath is sent by the LTE UE.
28. the HSS according to claim 26 or 27, which is characterized in that described so as to the access network elements, the SGSN
Completing safety certification with LTE UE includes:
The special Ciphering Key is sent to the SGSN by the access network elements, and the SGSN sends UMTS AKA certification and chooses
It fights to the access network elements, the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge by the access network elements
After be sent to the LTE UE, the LTE UE is verified according to the LTE AKA authentication challenge and is generated RES and key
KASMEAfterwards, the LTE AKA authentication response comprising the RES is sent to the access network elements by the LTE UE, so as to described
Access network elements, the SGSN and the LTE UE further complete safety certification.
29. the HSS according to claim 26 or 27, which is characterized in that
It include XRES, CK, IK in the special Ciphering Key;
It is described to include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and by the UMTS AKA by the access network elements
Authentication response is sent to the SGSN, and whether the SGSN RES and XRES is identical, when the comparison result is
When identical, the CK and/or IK are sent to the access network elements by the SGSN, the access network elements according to the CK and
Or IK generates KASME, the access network elements and the LTE UE share the KASME。
30. HSS according to claim 29, which is characterized in that the SGSN RES and XRES whether phase
It is same to further include, when the comparison result is not identical, stop to carry out safety certification.
31. HSS according to claim 26, which is characterized in that the request for requiring special Ciphering Key is connect by described
Network element receive SGSN transmission requirement Ciphering Key request after send include:
The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements,
The instruction information is used to indicate the HSS and generates the special Ciphering Key.
32. HSS according to claim 29, which is characterized in that the processing module is used to require special to recognize according to described
The request of syndrome vector, generating special Ciphering Key includes:
The processing module is used to generate EPS AV for the LTE UE;
The processing module is used to the EPS AV being converted into UMTS AV format, the EPS for being converted to UMTS AV format
AV is the special Ciphering Key.
33. HSS according to claim 32, which is characterized in that the processing module is for the EPS AV to be converted into
UMTS AV format includes:
The processing module is used for using the RAND in the EPS AV as the RAND of the UMTS AV, and the processing module is used
In using the AUTN in the EPS AV as the AUTN of the UMTS AV, the processing module is used for will be in the EPS AV
XRES of the XRES as the UMTS AV, the processing module are used for the K in the EPS AVASMETwo parts are split as, point
Not as the CK and the IK of the UMTS AV.
34. HSS according to claim 29, which is characterized in that the access network elements are generated according to the CK and/or IK
KASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
35. a kind of SGSN characterized by comprising receiving module;Sending module;
The receiving module is used to receive the UMTS attach request message of access network elements transmission, the UMTS
Attach request message is the attach request message conversion gained that the access network elements send LTE UE;
The sending module is used to send the request for requiring Ciphering Key to the access network elements, so as to the access network elements
After receiving the request for requiring Ciphering Key, the request for requiring special Ciphering Key is sent, and then to HSS so as to described
HSS is sent to the access network elements after generating the special Ciphering Key according to the request for requiring special Ciphering Key;
The receiving module is also used to receive the special Ciphering Key from the access network elements, the sending module
It is also used to send UMTS AKA authentication challenge to the access net net after the receiving module receives the special Ciphering Key
Member, so that the SGSN, the access network elements and the LTE UE complete safety certification.
36. SGSN according to claim 35, which is characterized in that it is described so as to the SGSN, the access network elements and
The LTE UE completes safety certification
The access network elements are sent to the LTE after the UMTS AKA authentication challenge is converted into LTE AKA authentication challenge
UE, the LTE UE are verified and are generated RES and key K according to the LTE AKA authentication challengeASMEAfterwards, the LTE UE
LTE AKA authentication response comprising the RES is sent to the access network elements, so as to access network elements, described
SGSN and the LTE UE further complete safety certification.
37. the SGSN according to claim 35 or 36, which is characterized in that the SGSN further includes processing module;
The special Ciphering Key includes XRES, CK, IK;
It is described to include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The LTE AKA authentication response is converted to UMTS AKA authentication response and by the UMTS AKA by the access network elements
Authentication response is sent to the receiving module, and whether the processing module is identical for the RES and XRES, works as institute
State comparison result be it is identical when, the CK and/or IK are sent to the access network elements, the access net by the sending module
Network element generates K according to the CK and/or IKASME, the CK and/or IK send by the sending module, the access network elements and
The LTE UE shares the KASME。
38. the SGSN according to claim 37, which is characterized in that the processing module is for the RES and described
Whether XRES is identical to further include, and when the comparison result is not identical, stops to carry out safety certification.
39. SGSN according to claim 35, which is characterized in that described so that the access network elements receive described want
After the request for seeking Ciphering Key, the request for requiring special Ciphering Key to HSS transmission includes:
The access network elements receive the request for requiring Ciphering Key that the SGSN is sent;
It is LTE UE access 2G or 3G network that the access network elements, which identify,;
Instruction information is added in the Ciphering Key and generates the request for requiring special Ciphering Key for the access network elements,
The instruction information is used to indicate the HSS and generates the special Ciphering Key.
40. the SGSN according to claim 37, which is characterized in that described so that the HSS requires special to recognize according to described
The request of syndrome vector generates the special Ciphering Key
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, and the EPS AV for being converted to UMTS AV format is described
Special Ciphering Key.
41. SGSN according to claim 40, which is characterized in that the EPS AV is converted into UMTS AV lattice by the HSS
Formula includes:
For the HSS using the RAND in the EPS AV as the RAND of the UMTS AV, the HSS will be in the EPS AV
AUTN of the AUTN as the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, institute
HSS is stated by the K in the EPS AVASMETwo parts are split as, respectively as the CK and the IK of the UMTS AV.
42. the SGSN according to claim 37, which is characterized in that the access network elements are generated according to the CK and/or IK
KASMEInclude:
The access network elements are according to create-rule KASME=CK | | IK generates the K according to the CK and/or IKASME。
43. a kind of access network elements characterized by comprising receiving module, processing module, sending module;
The receiving module is for receiving the attach request message from LTE UE;The processing module is used for will be described
Attach request message is converted to UMTS attach request message;
The sending module is used to the UMTS attach request message being sent to SGSN, so that the SGSN is received
Sending after the UMTS attach request message requires the request of Ciphering Key to the receiving module;The transmission mould
Block is also used to send the request for requiring special Ciphering Key after the receiving module receives the request for requiring Ciphering Key
To HSS, so that the HSS is according to the request generation special Ciphering Key for requiring special Ciphering Key, and then so as to described
The special Ciphering Key is sent to the receiving module by HSS;
The receiving module is also used to receive UMTS AKA authentication challenge, and the UMTS AKA authentication challenge is the sending module
The special Ciphering Key is sent to after the SGSN and is sent by the SGSN;The processing module is also used to the UMTS
AKA authentication challenge is converted into LTE AKA authentication challenge, and the sending module is also used to send the LTE AKA authentication challenge
To the LTE UE, so that the access network elements, the SGSN and the LTE UE complete safety certification.
44. access network elements according to claim 43, which is characterized in that it is described so as to the access network elements, it is described
The SGSN and LTE UE completes safety certification
The LTE UE generates RES and key K after verifying the LTE AKA authentication challengeASME;
The receiving module is used to receive the LTE AKA authentication response comprising the RES that the LTE UE is sent, so as to described
Access network elements, the SGSN and the LTE UE further complete safety certification.
45. the access network elements according to claim 43 or 44, which is characterized in that
The special Ciphering Key includes XRES, CK and IK;
It is described to include: so that the access network elements, the SGSN and the LTE UE further complete safety certification
The processing module is also used to the LTE AKA authentication response comprising the RES being converted to the UMTS comprising the RES
AKA authentication response, the sending module are also used to for the UMTS AKA authentication response comprising the RES being sent to described
SGSN, it is described when the comparison result is identical so that whether the SGSN RES and the XRES are identical
The CK and/or IK are sent to the access network elements by SGSN;
The processing module is also used to generate K according to the CK and/or IKASME, the access network elements and the LTE UE are shared
The KASME。
46. access network elements according to claim 45, which is characterized in that the SGSN RES and described
Whether XRES is identical to further include, and when the comparison result is not identical, stops to carry out safety certification.
47. access network elements according to claim 43, which is characterized in that the sending module is also used in the reception
Module, which receives to send after the request for requiring Ciphering Key, requires the request of special Ciphering Key to include: to the HSS
The receiving module is used to receive the request for requiring Ciphering Key that the SGSN is sent;
It is LTE UE access 2G or 3G network that the processing module goes out for identification;
The processing module, which is also used to be added instruction information in the Ciphering Key and generates, described requires special Ciphering Key
Request, the instruction information are used to indicate the HSS and generate the special Ciphering Key.
48. access network elements according to claim 45, which is characterized in that described special according to requiring so as to the HSS
The request of Ciphering Key generates the special Ciphering Key
The HSS is that the LTE UE generates EPS AV;
The EPS AV is converted into UMTS AV format by the HSS, and the EPS AV for being converted to UMTS AV format is described
Special Ciphering Key.
49. access network elements according to claim 48, which is characterized in that the EPS AV is converted by the HSS
UMTS AV format includes:
For the HSS using the RAND in the EPS AV as the RAND of the UMTS AV, the HSS will be in the EPS AV
AUTN of the AUTN as the UMTS AV, the HSS is using the XRES in the EPS AV as the XRES of the UMTS AV, institute
HSS is stated by the K in the EPS AVASME(256bits) is split as two parts, respectively as the UMTS AV the CK and
The IK.
50. access network elements according to claim 45, which is characterized in that
The processing module is further used for according to create-rule KASME=CK | | IK, according to the CK and/or IK generation
KASME。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2013/070841 WO2014113921A1 (en) | 2013-01-22 | 2013-01-22 | Method and network device for security authentication of mobile communication system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105075306A CN105075306A (en) | 2015-11-18 |
CN105075306B true CN105075306B (en) | 2019-05-28 |
Family
ID=51226806
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201380070865.9A Active CN105075306B (en) | 2013-01-22 | 2013-01-22 | The method and the network equipment of the safety certification of mobile communication system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105075306B (en) |
WO (1) | WO2014113921A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105075306B (en) * | 2013-01-22 | 2019-05-28 | 华为技术有限公司 | The method and the network equipment of the safety certification of mobile communication system |
CN108809903B (en) * | 2017-05-02 | 2021-08-10 | 中国移动通信有限公司研究院 | Authentication method, device and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155126A (en) * | 2006-09-25 | 2008-04-02 | 华为技术有限公司 | System, device and method for implementing mobility management |
CN101600205A (en) * | 2009-07-10 | 2009-12-09 | 华为技术有限公司 | The method and the relevant device of SIM card subscriber equipment cut-in evolution network |
WO2014113921A1 (en) * | 2013-01-22 | 2014-07-31 | 华为技术有限公司 | Method and network device for security authentication of mobile communication system |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101098221A (en) * | 2006-06-26 | 2008-01-02 | 华为技术有限公司 | Network layer safety authentication method in wireless cellular network |
US8094817B2 (en) * | 2006-10-18 | 2012-01-10 | Telefonaktiebolaget Lm Ericsson (Publ) | Cryptographic key management in communication networks |
EP2218270B1 (en) * | 2007-10-29 | 2011-11-23 | Nokia Corporation | System and method for authenticating a context transfer |
CN102238544A (en) * | 2010-05-06 | 2011-11-09 | 中兴通讯股份有限公司 | Mobile network authentication method and system |
-
2013
- 2013-01-22 CN CN201380070865.9A patent/CN105075306B/en active Active
- 2013-01-22 WO PCT/CN2013/070841 patent/WO2014113921A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101155126A (en) * | 2006-09-25 | 2008-04-02 | 华为技术有限公司 | System, device and method for implementing mobility management |
CN101600205A (en) * | 2009-07-10 | 2009-12-09 | 华为技术有限公司 | The method and the relevant device of SIM card subscriber equipment cut-in evolution network |
WO2014113921A1 (en) * | 2013-01-22 | 2014-07-31 | 华为技术有限公司 | Method and network device for security authentication of mobile communication system |
Also Published As
Publication number | Publication date |
---|---|
WO2014113921A1 (en) | 2014-07-31 |
CN105075306A (en) | 2015-11-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10986083B2 (en) | Hardware identification-based security authentication service for IoT devices | |
CN111669276B (en) | Network verification method, device and system | |
US11582602B2 (en) | Key obtaining method and device, and communications system | |
CN105379190B (en) | The system and method for being used to indicate service set identifier | |
US20200162913A1 (en) | Terminal authenticating method, apparatus, and system | |
CN108848502A (en) | A method of SUPI is protected using 5G-AKA | |
CN110235424A (en) | For providing the device and method with managing security information in a communications system | |
WO2020093864A1 (en) | Key agreement method, related apparatus and system | |
WO2020221324A1 (en) | Registration method and communication apparatus | |
CN112219415A (en) | User authentication in a first network using a subscriber identity module for a second, old network | |
CN111630882B (en) | User equipment, authentication server, medium, and method and system for determining key | |
CN109788474A (en) | A kind of method and device of message protection | |
CN107820242A (en) | A kind of machinery of consultation of authentication mechanism and device | |
CN104937965B (en) | The method and the network equipment of the safety certification of mobile communication system | |
CN109788480A (en) | A kind of communication means and device | |
CN109803262A (en) | A kind of transmission method and device of network parameter | |
US10320917B2 (en) | Key negotiation processing method and apparatus | |
CN105357224B (en) | A kind of registration of intelligent domestic gateway, removing method and system | |
CN104602229A (en) | Efficient initial access authentication method for WLAN and 5G integration networking application scenarios | |
CN109428853A (en) | A kind of communication means and relevant device | |
CN115915132A (en) | Key management method, device and system | |
CN105075306B (en) | The method and the network equipment of the safety certification of mobile communication system | |
CN104683981B (en) | A kind of method, equipment and system for verifying security capabilities | |
WO2017075972A1 (en) | Resource sharing method and apparatus | |
CN104937990B (en) | The method and the network equipment of the safety certification of mobile communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |