CN106714153B - Key distribution, generation and reception method and related device - Google Patents

Key distribution, generation and reception method and related device Download PDF

Info

Publication number
CN106714153B
CN106714153B CN201510780029.0A CN201510780029A CN106714153B CN 106714153 B CN106714153 B CN 106714153B CN 201510780029 A CN201510780029 A CN 201510780029A CN 106714153 B CN106714153 B CN 106714153B
Authority
CN
China
Prior art keywords
key
network element
service
parameter
management center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510780029.0A
Other languages
Chinese (zh)
Other versions
CN106714153A (en
Inventor
甘露
张博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201510780029.0A priority Critical patent/CN106714153B/en
Priority to PCT/CN2016/080649 priority patent/WO2017080142A1/en
Publication of CN106714153A publication Critical patent/CN106714153A/en
Application granted granted Critical
Publication of CN106714153B publication Critical patent/CN106714153B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a method for distributing, generating and receiving a secret key and a related device. The method provided by the embodiment of the invention comprises the following steps: a first key management center acquires service parameters and a service root key of a first network element, wherein the service parameters are parameters in the first service, and the service root key of the first network element is generated according to key parameters obtained after the first network element is authenticated; the first key management center generates a service key according to the service root key of the first network element and the service parameter, wherein the service key is used for encrypting and/or integrity protecting communication data in a first service between the first network element and a second network element; and sending the service key to a second key management center so that the second key management center encrypts and/or protects the integrity of the service key and then sends the service key to the second network element. The embodiment of the invention can avoid the interception attack of the data in the transmission process.

Description

Key distribution, generation and reception method and related device
Technical Field
The present invention relates to the field of mobile communications technologies, and in particular, to a method and a device for distributing, generating, and receiving a secret key.
Background
In the existing mobile communication security architecture, the security protection of data from a network element to the Internet is in a hop-by-hop form, that is, the protection is completed in a sectional encryption form. In addition, in the existing 2G/3G/4G mobile architecture, the communication data between end to end is also in a segmented encryption mode. Although the segmented encryption is flexible, the intermediate node can obtain the plaintext of the communication data and cannot resist the interception attack of the communication data, so that the security of the segmented encryption method is poor.
For example, referring to fig. 1, fig. 1 is a schematic diagram illustrating a protocol stack architecture of 4G LTE in the prior art. In fig. 1, Data sent by a User Network element (UE) to a Packet Data Network (PDN) Gateway (GW) starts from the UE, and then reaches the PDN GW after sequentially passing through a base station eNodeB and a server Gateway (serving GW). The UE and the eNodeB adopt a security mechanism of a PDCP layer for encryption protection, and the eNodeB and the serving GW as well as the serving GW and the PDN GW adopt IPSec security protocols for protection. Because the base station is in an outdoor scene, an attacker can tap a wire and eavesdrop by breaking the base station so as to obtain the plaintext content decrypted by the PDCP.
Disclosure of Invention
A first aspect of an embodiment of the present invention provides a key distribution method, including:
a first key management center acquires service parameters and a service root key of a first network element, wherein the service parameters are parameters in the first service, and the service root key of the first network element is generated according to key parameters obtained after the first network element is authenticated;
the first key management center generates a service key according to the service root key of the first network element and the service parameter, wherein the service key is used for encrypting and/or performing integrity protection on communication data in a first service between the first network element and a second network element;
the first key management center performs one of the following steps a, B and C:
A. the first key management center obtains a shared key of the second network element, and the shared key of the second network element is used for communication between the first key management center and the second network element;
the first key management center encrypts and/or integrally protects the service key by adopting the shared key of the second network element to generate a first security protection parameter;
the first key management center sends the first security protection parameter to the second network element;
B. a secure channel is established between the first key management center and the second network element, and the first key management center sends the service key to the second network element through the secure channel;
C. and sending the service key to a second key management center so that the second key management center encrypts and/or protects the integrity of the service key and then sends the service key to the second network element.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the obtaining, by the first key management center, a service root key of a first network element includes:
the first key management center acquires a first parameter through AKA authentication with the first network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
the first key management center calculates a dependent variable of a first preset key derivation function, and the service root key of the first network element comprises the dependent variable of the first preset key derivation function; wherein the argument of said first preset key derivation function comprises said first parameter.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the acquiring, by the first key management center, a service root key of a first network element includes:
the first key management center receives a service root key of a first network element sent by a mobile management node (MME), wherein the service root key of the first network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a first network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
With reference to the first aspect, the first possible implementation manner of the first aspect, or the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the generating, by the first key management center, a service key according to a service root key of the first network element and the service parameter includes:
the first key management center calculates a dependent variable of a second preset key derivation function, and the service key comprises the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the first network element and the service parameter.
With reference to the third possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, the method further includes:
the first key management center acquires a service root key of a second network element; the argument of the second preset key derivation function further includes a service root key of the second network element;
the first key management center acquires a shared key of a first network element, wherein the shared key of the first network element is used for communication between the first key management center and the first network element;
the first key management center encrypts and/or integrally protects the service root key of the second network element by adopting the shared key of the first network element to generate a second security protection parameter;
and the first key management center sends the second security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the second security protection parameter, and calculates the service root key according to the service root key of the second network element.
With reference to the first aspect, in a fifth possible implementation manner of the first aspect, the generating, by the first key management center, a service key according to the service root key of the first network element and the service parameter by using a preset method further includes:
the first key management center receives a key request sent by the first network element, the second network element, the gateway or the server, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element and the service parameter.
With reference to the first aspect, in a sixth possible implementation manner of the first aspect, when the first key management center performs step a, the obtaining, by the first key management center, a shared key of the second network element includes:
the first key management center acquires a first parameter through AKA authentication with the second network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
the first key management center calculates a dependent variable of a third preset key derivation function, and the shared key of the second network element comprises the dependent variable of the third preset key derivation function; wherein the argument of said third preset key derivation function comprises said first parameter.
With reference to the first aspect, in a seventh possible implementation manner of the first aspect, when the first key management center performs step a, the obtaining, by the first key management center, a shared key of the second network element includes:
the first key management center receives a shared key of a second network element sent by an MME, wherein the shared key of the second network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a second network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
A second aspect of the embodiments of the present invention provides a method for generating a secret key, including:
a first key management center acquires a service root key of a first network element and a service root key of a second network element;
a first key management center acquires a first shared key and a second shared key, wherein the first shared key is used for communication between the first key management center and a first network element, and the second shared key is used for communication between the first key management center and a second network element;
the first key management center encrypts and/or integrally protects the service root key of the second network element by using the first shared key to generate a first security protection parameter;
the first key management center adopts the second shared key to encrypt and/or protect the integrity of the service root key of the first network element, and generates a second security protection parameter;
the first key management center sends the first security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the first security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element;
the first key management center sends the second security protection parameter to the second network element, so that the second network element obtains a service root key of the second network element according to the second security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element;
the service key is used for encrypting and/or integrity protecting communication data in a first service between the first network element and the second network element.
A third aspect of the embodiments of the present invention provides a method for generating a secret key, including:
a first network element acquires a first parameter by performing AKA authentication, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
the first network element acquires a service root key of the first network element according to the first parameter;
the first network element acquires service parameters, wherein the service parameters are parameters in the first service;
and the first network element generates a service key according to the service root key of the first network element and the service parameter, wherein the service key is used for encrypting and/or integrity protecting communication data in the first service between the first network element and the second network element.
With reference to the third aspect, in a first possible implementation manner of the third aspect, the generating, by the first network element, a service key according to a service root key of the first network element and the service parameter includes:
the first network element calculates a dependent variable of a preset key derivation function, and the service key comprises the dependent variable of the preset key derivation function; wherein the argument of the preset key derivation function includes the service root key of the first network element and the service parameter.
With reference to the first possible implementation manner of the third aspect, in a second possible implementation manner of the third aspect, the method further includes:
the first network element acquires an identity of a second network element;
the argument of said preset key derivation function further comprises an identity of said second network element.
With reference to the third aspect, in a third possible implementation manner of the third aspect, the key receiving method further includes:
the first network element acquires a shared key of the first network element, and the shared key of the first network element is used for communication between the first key management center and the first network element;
the first network element receives a second security protection parameter sent by the first key management center;
the first network element decrypts the second security protection parameter by using the shared key of the first network element to obtain a service root key of a second network element;
the first network element generating a service key according to the service root key of the first network element and the service parameter, including:
and the first network element generates a service key according to the service root key of the first network element, the service root key of the second network element and the service parameter.
With reference to the third aspect, in a fourth possible implementation manner of the third aspect, the generating, by the first network element, a service key according to a service root key of the first network element and the service parameter further includes:
the first network element sends a key request to the first key management center, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and the service parameter.
With reference to the fourth possible implementation manner of the third aspect, in a fifth possible implementation manner of the third aspect, the sending, by the first network element, a key request to the first key management center further includes:
the first network element sends a service request to a service server, wherein the service server is used for executing service management between the first network element and the second network element;
the first network element receives a response message sent by the service server, where the response message includes at least one of an indicator, an identity of the first network element, an identifier of the second network element, and the service parameter, and the indicator is used to indicate that the first service authorization is successful.
With reference to the fourth possible implementation manner of the third aspect, in a sixth possible implementation manner of the third aspect, the sending, by the first network element, a key request to the first key management center further includes:
the first network element receives a service message sent by a service server, a gateway, an MME or a second network element, wherein the service message comprises at least one of an identity of the first network element and an identity of the second network element.
A fourth aspect of the embodiments of the present invention provides a method for obtaining a secret key, including:
the MME acquires a third parameter through AKA authentication with the first network element, wherein the third parameter comprises at least one of Kasme, an integrity key, an encryption key, a non-access stratum integrity key, a non-access stratum encryption key and a base station key;
the MME calculates a dependent variable of a first preset key derivation function, and a key of the first network element comprises the dependent variable of the first preset key derivation function; wherein an argument of said first preset key derivation function includes said first parameter;
and the MME sends the key of the first network element to a key management center corresponding to the first network element.
A fifth aspect of an embodiment of the present invention provides a first key management center, including:
a first obtaining module, configured to obtain a service parameter and a service root key of a first network element, where the service parameter is a parameter in the first service, and the service root key of the first network element is generated according to a key parameter obtained after the first network element is authenticated;
a first generating module, configured to generate a service key according to the service root key of the first network element and the service parameter, where the service key is used to encrypt and/or protect integrity of communication data in a first service between the first network element and a second network element;
the first key management center further comprises a second obtaining module, a second generating module and a first sending module, or comprises a second sending module, and a secure channel is established between the first key management center and the second network element, or comprises a third sending module, wherein,
the second obtaining module is configured to obtain a shared key of the second network element, where the shared key of the second network element is used for communication between the first key management center and the second network element;
the second generating module is configured to encrypt and/or protect integrity of the service key by using the shared key of the second network element, and generate a first security protection parameter;
the first sending module is configured to send the first security protection parameter to the second network element;
the second sending module is configured to send the service key to the second network element through the secure channel;
the third sending module is configured to send the service key to a second key management center, so that the second key management center encrypts and/or integrity-protects the service key and sends the service key to the second network element.
With reference to the fifth aspect, in a first possible implementation manner of the fifth aspect, the first obtaining module is specifically configured to:
acquiring a first parameter by performing AKA authentication with the first network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
calculating a dependent variable of a first preset key derivation function, wherein a service root key of the first network element comprises the dependent variable of the first preset key derivation function; wherein the argument of said first preset key derivation function comprises said first parameter.
With reference to the fifth aspect, in a second possible implementation manner of the fifth aspect, the first obtaining module is specifically configured to:
receiving a service root key of a first network element sent by a mobile management node (MME), wherein the service root key of the first network element is calculated by the MME through a first parameter, the first parameter is obtained by the MME through authentication with a first network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
With reference to the fifth aspect, the first possible implementation manner of the fifth aspect, or the second possible implementation manner of the fifth aspect, in a third possible implementation manner of the fifth aspect, the first generating module is specifically configured to:
calculating a dependent variable of a second preset key derivation function, wherein the service key comprises the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the first network element and the service parameter.
With reference to the third possible implementation manner of the fifth aspect, in a fourth possible implementation manner of the fifth aspect, the first key management center further includes:
a third obtaining module, configured to obtain a service root key of a second network element; the argument of the second preset key derivation function further includes a service root key of the second network element;
a fourth obtaining module, configured to obtain a shared key of a first network element, where the shared key of the first network element is used for communication between the first key management center and the first network element;
a third generating module, configured to encrypt and/or perform integrity protection on the service root key of the second network element by using the shared key of the first network element, so as to generate a second security protection parameter;
a fourth sending module, configured to send the second security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the second security protection parameter, and calculates the service root key according to the service root key of the second network element.
With reference to the fifth aspect, in a fifth possible implementation manner of the fifth aspect, the first key management center further includes:
a first receiving module, configured to receive a key request sent by the first network element, the second network element, the gateway, or the server before the first generating module generates a service key according to a service root key of the first network element and the service parameter, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and the service parameter.
With reference to the fifth aspect, in a sixth possible implementation manner of the fifth aspect, when the first key management center includes the second obtaining module, the second generating module, and the first sending module, the second obtaining module is specifically configured to:
acquiring a first parameter by performing AKA authentication with the second network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
calculating a dependent variable of a third preset key derivation function, wherein the shared key of the second network element comprises the dependent variable of the third preset key derivation function; wherein an argument of said third preset key derivation function includes said first parameter.
With reference to the fifth aspect, in a seventh possible implementation manner of the fifth aspect, when the first key management center includes the second obtaining module, the second generating module, and the first sending module, the second obtaining module is specifically configured to:
receiving a shared key of a second network element sent by an MME, wherein the shared key of the second network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a second network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
A sixth aspect of an embodiment of the present invention provides a first key management center, including:
the first obtaining module is used for obtaining a service root key of a first network element and a service root key of a second network element;
a second obtaining module, configured to obtain a first shared key and a second shared key, where the first shared key is used for communication between the first key management center and a first network element, and the second shared key is used for communication between the first key management center and a second network element;
a first generating module, configured to encrypt and/or perform integrity protection on a service root key of the second network element by using the first shared key, and generate a first security protection parameter;
a second generating module, configured to encrypt and/or perform integrity protection on the service root key of the first network element by using the second shared key, and generate a second security protection parameter;
a first sending module, configured to send the first security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the first security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element;
a second sending module, configured to send the second security protection parameter to the second network element, so that the second network element obtains a service root key of the second network element according to the second security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element;
the service key is used for encrypting and/or integrity protecting communication data in a first service between the first network element and the second network element.
A seventh aspect of the present embodiment provides a first network element, including:
a first obtaining module, configured to obtain a first parameter by performing AKA authentication, where the first parameter includes at least one of a Kasme, an integrity key, and an encryption key;
a second obtaining module, configured to obtain a service root key of the first network element according to the first parameter;
a third obtaining module, configured to obtain a service parameter, where the service parameter is a parameter in the first service;
a first generating module, configured to generate a service key according to the service root key of the first network element and the service parameter, where the service key is used to encrypt and/or protect integrity of communication data in a first service between the first network element and a second network element.
With reference to the seventh aspect, in a first possible implementation manner of the seventh aspect, the first generating module is specifically configured to:
calculating a dependent variable of a preset key derivation function, wherein the service key comprises the dependent variable of the preset key derivation function; wherein the argument of the preset key derivation function includes the service root key of the first network element and the service parameter.
With reference to the first possible implementation manner of the seventh aspect, in a second possible implementation manner of the seventh aspect, the first network element further includes:
a fourth obtaining module, configured to obtain an identity of the second network element;
the argument of said preset key derivation function further comprises an identity of said second network element.
With reference to the seventh aspect, in a third possible implementation manner of the seventh aspect, the first network element further includes:
a fifth obtaining module, configured to obtain a shared key of a first network element, where the shared key of the first network element is used for communication between the first key management center and the first network element;
the first receiving module is used for receiving a second security protection parameter sent by the first key management center;
a sixth obtaining module, configured to decrypt the second security protection parameter with the shared key of the first network element, and obtain a service root key of a second network element;
the first generating module is specifically configured to generate a service key according to the service root key of the first network element, the service root key of the second network element, and the service parameter.
With reference to the seventh aspect, in a fourth possible implementation manner of the seventh aspect, the first network element further includes:
a first sending module, configured to send a key request to the first key management center before the first generating module generates a service key according to the service root key of the first network element and the service parameter, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and the service parameter.
With reference to the fourth possible implementation manner of the seventh aspect, in a fifth possible implementation manner of the seventh aspect, the first network element further includes:
a second sending module, configured to send a service request to a service server before the first sending module sends the key request to the first key management center, where the service server is configured to perform service management between the first network element and the second network element;
a second receiving module, configured to receive a response message sent by the service server, where the response message includes at least one of an indicator, an identity of the first network element, an identifier of the second network element, and the service parameter, and the indicator is used to indicate that the first service authorization is successful.
With reference to the fourth possible implementation manner of the seventh aspect, in a sixth possible implementation manner of the seventh aspect, the first network element further includes:
a third receiving module, configured to receive a service message sent by a service server, a gateway, an MME, or a second network element before the first sending module sends the key request to the first key management center, where the service message includes at least one of an identity of the first network element and an identity of the second network element.
An eighth aspect of the present invention provides a mobility management node, including:
an obtaining module, configured to obtain a third parameter through AKA authentication with the first network element, where the third parameter includes at least one of a Kasme, an integrity key, an encryption key, a non-access stratum integrity key, a non-access stratum encryption key, and a base station key;
a calculation module, configured to calculate a dependent variable of a first preset key derivation function, where a key of the first network element includes the dependent variable of the first preset key derivation function; wherein an argument of said first preset key derivation function includes said first parameter;
and a sending module, configured to send the key of the first network element to a key management center corresponding to the first network element.
According to the technical scheme, the embodiment of the invention has the following advantages:
in the invention, a first key management center acquires a service root key and service parameters of a first network element, and a preset method for generating a service key by adopting the service root key and the service parameters of the first network element is the same as the preset method for generating the service key by the first network element according to the service root key and the service parameters of the first network element, so that the first key management center and the first network element can generate the same service key, and the first key management center does not need to send the service key to the first network element, thereby avoiding the condition that the service key is leaked in the process of sending the service key to the first network element; in addition, the first key management center adopts the shared key of the second network element to encrypt and/or protect the integrity of the service key, and then generates a first security protection parameter which is sent to the second network element, so that the second network element can restore the first security protection parameter into the service key according to the shared key of the second network element, therefore, when the first network element and the second network element send communication data to each other, the service key can be adopted to protect the communication data, and the communication data is prevented from being attacked by eavesdropping in the sending process.
Drawings
Fig. 1 is a schematic diagram of a protocol stack architecture of 4G LTE in the prior art;
fig. 2 is a schematic structural diagram of an embodiment of a communication system according to the present invention;
fig. 3 is a flow diagram of one embodiment of a key distribution flow of the communication system shown in fig. 2;
fig. 4 is a schematic flow chart of another embodiment of a key distribution flow of the communication system shown in fig. 2;
fig. 5 is a schematic flow chart of another embodiment of a key distribution flow of the communication system shown in fig. 2;
FIG. 6 is a flowchart illustrating an embodiment of a key distribution method of the present invention;
FIG. 7 is a flowchart illustrating a key generation method according to an embodiment of the present invention;
FIG. 8 is a schematic flow chart diagram illustrating another embodiment of a key generation method of the present invention;
FIG. 9 is a flowchart illustrating an embodiment of a method for obtaining a key according to the present invention;
FIG. 10 is a block diagram of a first key management center according to an embodiment of the present invention;
FIG. 11 is a schematic structural diagram of another embodiment of a first key management center of the present invention;
FIG. 12 is a schematic diagram of another embodiment of a first key management center of the present invention;
FIG. 13 is a schematic structural diagram of another embodiment of a first key management center of the present invention;
figure 14 is a schematic structural diagram of an embodiment of a first network element of the present invention;
figure 15 is a schematic structural diagram of another embodiment of a first network element of the present invention;
figure 16 is a schematic structural diagram of another embodiment of a first network element of the present invention;
figure 17 is a schematic structural diagram of another embodiment of a first network element of the present invention;
figure 18 is a schematic structural diagram of another embodiment of the first network element of the present invention;
figure 19 is a schematic structural diagram of another embodiment of the first network element of the present invention;
FIG. 20 is a block diagram illustrating an embodiment of a mobility management node;
FIG. 21 is a block diagram of a first key management center according to an embodiment of the present invention;
FIG. 22 is a schematic structural diagram of another embodiment of a first key management center of the present invention;
figure 23 is a schematic structural diagram of an embodiment of a first network element of the present invention;
fig. 24 is a schematic structural diagram of an embodiment of a mobility management node of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, are used for distinguishing between different objects and not necessarily for describing a particular sequential or chronological order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
To facilitate an understanding of the embodiments of the present invention, a communication system that will be introduced in the description of the embodiments of the present invention is first introduced herein. As shown in fig. 2, fig. 2 is a schematic structural diagram of an embodiment of a communication system according to the present invention. The communication System includes a Key Management System (abbreviated as KMS)1, a network element 1, a KMS2, and a network element 2.
The network element 1 and the network element 2 may be any one of a User Equipment (UE), a base station, a server, and a gateway, or other devices that need to encrypt and/or protect integrity when sending data, which is not limited herein. KMS1 and KMS2 may belong to the same operator or different operators, or may be devices in the Internet, without limitation.
In the invention, when the network element 1 sends communication data to the network element 2, the communication data is protected by adopting a service key or a key obtained by deriving the service key and then sent to the network element 2, wherein the protection of the communication data comprises the encryption and/or integrity protection of the communication data by adopting the service key or the key obtained by deriving the service key. The network element 2 restores the received communication data according to the service key or a key derived by using the service key. Therefore, before the network element 1 sends the communication data, the network element 1 and the network element 2 need to obtain the service key respectively.
In the invention, the network element 1 and the KMS1 respectively acquire the same service root key of the network element 1 and respectively acquire the same service parameters. The network element 1 and the KMS1 respectively calculate the service key according to the service root key and the service parameter of the network element 1 by using the same preset method. After the KMS1 calculates the service key, it sends the service key to the network element 2, so that the network element 1 and the network element 2 have the same service key, respectively, and can further use the service key for communication.
Referring to fig. 3, fig. 3 is a flowchart illustrating an embodiment of a key distribution process of the communication system shown in fig. 2. As shown in fig. 3, the key distribution process in this embodiment includes:
s31, network element 1 and KMS1 respectively obtain the same service root key of network element 1 and respectively obtain the same service parameters.
In this embodiment, the service root key of the network element 1 is used to calculate the service keys of all services of the network element 1 and other network elements. Specifically, after the network element 1 and the KMS1 respectively obtain the service root key of the network element 1, when the network element 1 and the KMS1 obtain the service key of each service between the network element 1 and another network element, the service root key of the network element 1 and the parameters in the service are used to calculate the service key of the service.
Specifically, in this embodiment, the network element 1 and the KMS1 respectively obtain the same service root key of the network element 1, and respectively obtain the same service parameter. The service parameter is a specific parameter in a first service, and the first service is a service between the network element 1 and the network element 2.
The KMS1 may acquire the service parameter by receiving the service parameter sent by the network element 1, the network element 2, or the service server; alternatively, the KMS1 may be preset with the service parameter, and the service parameter may be obtained by reading the service parameter, which is not limited herein. The network element 1 may obtain the service parameters by receiving the service parameters sent by the service server; or, the network element 1 is preset with the service parameter, and obtains the service parameter by reading the service parameter, which is not limited herein.
In this embodiment, the network element 1 is a user terminal. There are several ways in which the network element 1 and the KMS1 respectively obtain the same service root key of the first network element, and several of them are exemplified below.
For example, after the network element 1 and the KMS1 perform AKA authentication, the network element 1 and the KMS1 obtain a Kasme, an Integrity Key (IK) and an encryption key (CK), respectively. The process of performing AKA authentication by the network element 1 and the KMS1 is prior art and will not be described herein again. For convenience of the following description, a definition of "parameter 1" is introduced, the parameter 1 including at least one of Kasme, IK, and CK. After the network element 1 and the KMS1 respectively obtain the parameter 1, the same preset method is adopted to calculate the service root key of the network element 1 according to the parameter 1.
For example, after the network element 1 and the Mobility Management node (MME) perform AKA authentication, the network element 1 and the MME respectively obtain Kasme, IK, and CK. After the network element 1 and the MME respectively obtain the parameter 1, the same preset method is adopted to calculate the service root key of the network element 1 according to the parameter 1. The MME sends the traffic root key of network element 1 to KMS 1.
For example three, after the network element 1 and the MME perform AKA authentication, the network element 1 and the MME respectively obtain Kasme, IK and CK. The network element 1 and the MME respectively determine the same parameter 3, wherein the parameter 3 comprises at least one of a Kasme, an IK, a CK, a non-access stratum integrity key, a non-access stratum ciphering key and a base station key, the non-access stratum integrity key is obtained by calculation through a Kasme and NAS integrity protection algorithm, and the non-access stratum ciphering key is obtained by calculation through a Kasme and NAS ciphering algorithm. And the network element 1 and the MME adopt the same preset method to calculate the service root key of the network element 1 according to the parameter 3. The MME sends the service root key for network element 1 to KMS 1.
For example four, after the network element 1 and the MME perform AKA authentication, the network element 1 and the MME respectively obtain Kasme, IK, and CK. The network element 1 and the MME respectively determine a parameter 3, wherein the parameter 3 comprises at least one of Kasme, IK, CK, a non-access stratum integrity key, a non-access stratum encryption key and a base station key, the non-access stratum integrity key is obtained by calculation of Kasme and NAS integrity protection algorithms, and the non-access stratum encryption key is obtained by calculation of Kasme and NAS encryption algorithms. The MME sends the parameter 3 to the KMS1, and the network element 1 and the KMS1 adopt the same preset method to calculate the service root key of the network element 1 according to the parameter 3.
For example, after the network element 1 and the KMS1/MME perform the AKA authentication protocol, the network element 1 and the Home Subscriber Server (HSS) respectively obtain Kasme, IK, and CK. The network element 1 and the HSS are respectively and initially preset with a root key of the network element 1. For convenience of the following description, a definition of "parameter 2" is introduced, the parameter 2 including at least one of Kasme, IK, CK, and a root key of the network element 1. After the network element 1 and the HSS respectively obtain the parameter 2, the same preset method is adopted to calculate the service root key of the network element 1 according to the parameter 2. Further, optionally, the network element 1 and the HSS further obtain a service parameter of the first service, and calculate the service root key of the network element 1 according to the parameter 2 and the service parameter of the first service by using the same preset method. There are various ways for the HSS to obtain the service parameters of the first service, for example, the service parameters may be sent by the KMS1 to the HSS.
For example six, the network element 1 and the KMS1 are respectively preset with a digital certificate or the same key Kx. The network element 1 and the KMS1 may use TLS, IPSec, or an authentication method based on a message authentication code to complete mutual authentication, and obtain the session key Ky between the network element 1 and the KMS1 after authentication. Alternatively, the network element 1 and the KMS1 directly use the shared key Kx as the session key Ky between them. For the convenience of the following description, a definition "parameter 4" is introduced, which parameter 4 comprises the authenticated session key Ky between said network element 1 and the KMS. After the network element 1 and the KMS1 respectively obtain the parameter 4, the same preset method is adopted to calculate the service root key of the network element 1 according to the parameter 4.
In the above six examples, there are various preset methods for calculating the service root key of the network element 1. For example, the dependent variable of the first preset key derivation function may be calculated, where the independent variable of the first preset key derivation function includes a parameter 1 in the first example and the second example, the independent variable of the first preset key derivation function includes a parameter 2 in the fifth example, or includes a parameter 2 and a traffic parameter, the independent variable of the first preset key derivation function includes a parameter 3 in the third example and the fourth example, and the independent variable of the first preset key derivation function includes a parameter 4 in the sixth example; the service root key of the network element 1 comprises a dependent variable of the first preset key derivation function.
Optionally, in some possible embodiments of this embodiment, the argument of the first preset Key derivation function further includes some other relevant parameters, such as at least one of a time indicating a validity period of the service root Key of the network element 1, a current system time, a freshness parameter (Fresh parameter), a RANDom number (nonce, RANDom number), a sequence number exclusive or anonymous Key (SQN [. AK, where SQN is an abbreviation of a sequence number of the sequence number, and AK is an abbreviation of an anonymous Key), RAND (abbreviation of a RANDom number) parameter, SN (serial number of the service root Key of the computing network element 1), a sequence number of the service root Key of the computing network element 1, an ID of the KMS1, an ID of the Kasme, a network ID, a link ID, an APP ID, a service ID, and is not limited herein.
For example, K1 ═ KDF (key, at least one of the above-mentioned relevant parameters). Wherein, K1 is the service root key of network element 1, and K1 ═ KDF () is the first preset key derivation function; in the example one and two, the key includes parameter 1, in the example five, the key includes parameter 2, in the example three and four, the key includes parameter 3, and in the example six, the key includes parameter 4.
S32, network element 2 and KMS2 obtain the same shared key 2, respectively.
The shared key 2 is used to encrypt and/or integrity protect the communication data of the network element 2 and the KMS 2. In this embodiment, the network element 2 is a user terminal. There are several ways in which the network element 2 and the KMS2 respectively obtain the same shared secret key 2, several of which are illustrated below.
For example, after the network element 2 and the KMS2 perform AKA authentication, the network element 2 and the KMS2 respectively obtain Kasme, IK and CK. The process of performing AKA authentication by network element 2 and KMS2 is prior art and will not be described herein. After the network element 2 and the KMS2 respectively obtain the parameter 1, the same preset method is adopted to calculate the shared key 2 according to the parameter 1.
For example two, after the network element 2 and the MME perform AKA authentication, the network element 2 and the MME respectively obtain Kasme, IK, and CK. After the network element 2 and the MME respectively obtain the parameter 1, the same preset method is adopted to calculate the shared secret key 2 according to the parameter 1. The MME sends shared key 2 to KMS 2.
For example three, after the network element 2 and the MME perform AKA authentication, the network element 2 and the MME respectively obtain Kasme, IK, and CK. The network element 2 and the MME respectively determine the same parameter 3, wherein the parameter 3 comprises at least one of a Kasme, an IK, a CK, a non-access stratum integrity key, a non-access stratum ciphering key and a base station key, the non-access stratum integrity key is obtained by calculation through a Kasme and NAS integrity protection algorithm, and the non-access stratum ciphering key is obtained by calculation through a Kasme and NAS ciphering algorithm. The network element 2 and the MME adopt the same preset method to calculate the shared key 2 according to the parameter 3. The MME sends shared key 2 to KMS 1.
For example four, after the network element 2 and the MME perform AKA authentication, the network element 2 and the MME respectively obtain Kasme, IK, and CK. The network element 2 and the MME respectively determine a parameter 3, wherein the parameter 3 comprises at least one of a Kasme, an IK, a CK, a non-access stratum integrity key, a non-access stratum ciphering key and a base station key, the non-access stratum integrity key is obtained by calculation through a Kasme and NAS integrity protection algorithm, and the non-access stratum ciphering key is obtained by calculation through a Kasme and NAS ciphering algorithm. The MME sends parameter 3 to KMS2, and network element 2 and KMS2 calculate shared key 2 from this parameter 3 using the same preset method.
For example, after the network element 2 and the KMS2/MME perform AKA authentication, the network element 2 and the HSS respectively obtain Kasme, IK, and CK. The network element 1 and the HSS are respectively and initially preset with a root key of the network element 2. After the network element 2 and the HSS respectively obtain the parameter 2, the same preset method is adopted to calculate the shared secret key 2 according to the parameter 2.
For example six, a digital certificate or the same key Kx is preset between the network element 2 and the KMS 2. The network element 2 and the KMS2 may use TLS, IPSec, or an authentication method based on a message authentication code to complete mutual authentication, and obtain the session key Ky between the network element 2 and the KMS2 after authentication. Alternatively, network element 2 and KMS2 directly use the shared key Kx as the session key Ky between them. For the convenience of the following description, a definition "parameter 4" is introduced, which parameter 4 comprises the authenticated session key Ky between said network element 1 and the KMS. After the network element 2 and the KMS2 respectively obtain the parameter 4, the same preset method is adopted to calculate the shared key 2 according to the parameter 4.
In the above six examples, there are various preset methods for calculating the shared secret 2. For example, the dependent variable of the second preset key derivation function may be calculated, where the independent variable of the second preset key derivation function includes parameter 1 in example one and example two, the independent variable of the second preset key derivation function includes parameter 2 in example five, the independent variable of the second preset key derivation function includes parameter 3 in example three and example four, and key includes parameter 4 in example six; shared key 2 comprises a dependent variable of the second preset key derivation function.
Optionally, in some possible implementations of this embodiment, the argument of the second preset Key derivation function further includes some other related parameters, such as at least one of time for indicating validity period of the shared Key 2, Fresh parameter (Fresh parameter), RANDom number (nonce/RANDom number), sequence number exclusive or anonymous Key (SQN ≧ AK, where SQN is an abbreviation of sequence number, and AK is an abbreviation of anonymous Key), RAND (abbreviation of RANDom number), current system time, calculation of the sequence number of the shared Key 2, ID of the network element 2, ID of KMS2, ID of Kasme, network ID, link ID, APP ID, service ID, and session ID, which are not limited herein.
Specifically, for example, K2 ═ KDF (key, at least one of the above-mentioned related parameters), where K2 is shared key 2, and K2 ═ KDF () is a second preset key derivation function, where keys in the example one and two include the first parameter, in the example five include parameter 2, in the example three and four include parameter 3, and in the example six include parameter 4.
After the network element 2 and the KMS2 respectively obtain the shared key 2, when the KMS2 sends data to the network element 2, the shared key 2 is used to encrypt and/or protect the integrity of the data.
It should be noted that there is no necessary sequence between step S31 and step S32.
S33, the network element 1 sends a service request to the service server, where the service request is used to apply for the first service by the network element 1 and the network element 2.
In this embodiment, the service server is configured to perform service management between the first network element and the second network element.
In some possible embodiments of the present invention, the network element 2 and the service server are the same network element, and are not limited herein.
In practical applications, in step S33, instead of sending the service request to the service server by the network element 1, other network elements may initiate a service request to the service server, for example, the network element 2, a server, a gateway, or other control network elements, which is not limited herein.
S34, the service server authorizes the first service, and sends a response message to the network element 1 when the authorization is successful.
In this embodiment, the corresponding message includes at least one of an indicator, an identity of the first network element, an identifier of the second network element, and a service parameter of the first service, where the indicator is used to indicate that the first service authorization is successful. For example, the indicator may include at least one of a service ID, an app ID, a SN, a session ID, a gateway ID, a server ID, a link ID, and a network ID.
In this embodiment, how the service server authorizes the first service is the prior art, and details are not described herein.
S35, the network element 1 sends a key request for the first service to the KMS 1.
After receiving the notification that the authorization of the first service is successful, which is sent by the service server, the network element 1 sends a key request to the KMS1, where the key request is used to initiate generation of a service key used by the network element 1 and the network element 2 to perform data communication in the first service. Wherein, the network element 1 is a data sending end, the network element 2 is a data receiving end, and the key request includes an Identity (english: Identity, abbreviation: ID) of the network element 1.
In practical application, the ID of the network element 2 and/or the service parameter of the first service may be stored in the network element 1; or the ID of the network element 2 and/or the service parameter of the first service is received from the service server or the network element 2. In this case, the key request may be a request including at least one of an ID of the network element 1, an ID of the network element 2, and a service parameter of the first service. Since the purpose of steps S36 to S38 is to send the ID of network element 2 to the ID of network element 1, steps S36 to S38 may be omitted in the case that network element 1 already has the ID of network element 2.
Specifically, the identity identifiers of the network element 1 and the network element 2 may respectively include: international Mobile Subscriber Identity (IMSI), Globally Unique Temporary UE Identity (GUTI), IP Multimedia Private Identity (IMPI), Temporary Mobile Subscriber Identity (TMSI), Temporary IP Multimedia Private Identity (TMPI), IP Multimedia Public Identity (IMPU), service ID, session ID, network ID, link ID, App ID, gateway ID. When the network element is a server, the ID of the network element may also include a server ID.
The service parameters of the first service may be various. For example, the service parameter of the first service may include at least one of a sequence number SN in the first service, a relevant time of the service key, a relevant ID in the service, a freshness parameter (Fresh parameter), and a random number (nonce/random number). The relevant ID in the Service may include at least one of an ID of network element 1, an ID of network element 2, an ID of KMS1, a Service ID, a session ID, a network ID, a link ID, an App ID, a server ID, and a PLMN ID. Wherein the relevant time of the service key may include at least one of a time when the first service starts, a time when the first service ends, and a validity period. The IDs of network element 1 and network element 2 may include at least one of IMSI, IMPI, TMSI, IMPU, App ID, network ID, service ID, and GUTI, respectively, without limitation.
In practical applications, the network element 1 may also actively initiate a key request instead of sending the key request to the KMS1 after receiving the notification that the first service authorization sent by the service server is successful. That is, step S33 and step S34 may be omitted.
In practical applications, in step S35, instead of the network element 1 sending the key request of the first service to the KMS1, another network element may send a key request to the KMS1, such as the network element 2, a server, a gateway, or another control network element, without limitation, where the key request includes at least one of the ID of the network element 1, the ID of the network element 2, and the service parameter of the first service.
In practical applications, step S35 may be omitted in case that the service does not need to be authorized.
S36, the network element 2 sends a key request of the first service to the KMS 2.
After receiving the notification that the authorization of the first service is successful, the network element 2 sends a key request to the KMS2, where the key request includes at least one of the ID of the network element 1, the ID of the network element 2, and the service parameter of the first service. Specifically, the ID of network element 1 and the ID of network element 2 may include: at least one of an IMSI, a GUTI, an IMPI, a TMSI, a TMPI, an IMPU, a Service ID, a session ID, a network ID, a link ID, an App ID, and a gateway ID. When the network element is a server, the ID of the network element may also include a server ID.
S37, KMS2 sends the key request of network element 2 to KMS 1.
S38, KMS1 sends the key request of network element 2 to network element 1.
And S39, KMS1 and the network element 1 respectively adopt the same preset method to generate a service key according to the service root key of the network element 1 and the service parameter of the first service.
In this embodiment, the service key is used to encrypt and/or protect integrity of the communication data in the first service, which is applied by the network element 1 and the network element 2 in step S33.
After the network element 1 sends a key request to the KMS1, the network element 1 and the KMS1 generate a service key according to the service root key of the network element 1 and the service parameter of the first service by using the same preset method. In this embodiment, the preset method is various. One of which is exemplified below.
After the KMS1 and the network element 1 respectively obtain the same service root key of the network element 1 and the service parameter of the first service, the KMS1 and the network element 1 respectively calculate a dependent variable of a second preset key derivation function, where the service key includes the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the network element 1 and the service parameter. In this embodiment, the service parameter is the service parameter in the first service applied in step S33, including but not limited to the description of the service parameter in S31.
Specifically, for example, K ═ KDF (key, service parameter in the first service), where K is the service key, and K ═ KDF () is used as the second preset key derivation function. The key comprises the service root key of network element 1.
In practical application, the network element 1 may also obtain the ID of the network element 2 through other manners, for example, the service server or the application server sends the ID of the network element 2 to the network element 1; or the network element 1 already stores the ID of the network element 2; or in the case that the parameters used by the KMS1 and the network element 1 in calculating the service key respectively do not include the ID of the network element 2, the key distribution method of the present embodiment may omit steps S36 to S38.
S310, the KMS1 sends the service key to the KMS 2.
S311 and the KMS2 perform encryption and/or integrity protection on the service key by using the shared key 2, and generate a security protection parameter of the network element 2.
When the KMS2 encrypts the service key with the shared key 2, it encrypts the service key with an encryption algorithm, such as an AES encryption algorithm; when the shared secret key 2 is used for integrity protection of the service secret key, an integrity protection algorithm, such as an HMAC algorithm, is used for integrity protection. And are not intended to be limiting herein.
S312, the KMS2 sends the security protection parameter of the network element 2 to the network element 2.
S313, the network element 2 obtains the service key according to the shared key 2 and the security protection parameter of the network element 2.
Since the security protection parameter of the network element 2 is obtained by encrypting and/or integrity protecting the service key by using the shared key 2, the network element 2 can restore the service key according to the security protection parameter of the network element 2 and the shared key 2.
In the invention, after the network element 1 and the network element 2 respectively obtain the service key, a plurality of methods for using the service key are available.
For example, the network element 1 uses the service key to protect the first communication data, generates the second communication data, and sends the second communication data to the network element 2. Specifically, the network element 1 may directly encrypt and/or integrity-protect the first communication data with the service key to generate the second communication data. Or, the network element 1 generates a service key K 'by using a pre-made method according to the service key K, encrypts and/or integrity-protects the first communication data by using the service key K', generates second communication data, and sends the second communication data to the network element 2.
And the network element 2 receives the second communication data and restores the first communication data according to the service key. Specifically, if the network element 1 encrypts and/or integrity-protects the first communication data according to the service key to generate the second communication data, the network element 2 directly restores the first communication data from the second communication data by using the service key. If the network element 1 encrypts and/or integrity-protects the first communication data according to the service key K to generate the second communication data, the network element 2 generates the service key K 'according to the service key K by using the same preset method as the network element 1, and then reduces the second communication data to the first communication data by using the service key K'.
Of course, the usage of the service key by the network element 1 and the network element 2 may be other methods, and is not limited herein.
In this embodiment, the KMS1 and the network element 1 respectively obtain the same service root key of the network element 1 and the same service parameter of the first service, and the same preset method is adopted to generate the service key from the service root key of the network element 1 and the service parameter, so that the KMS1 and the network element 1 can generate the same service key, and thus, the KMS1 does not need to send the service key to the network element 1, thereby avoiding the condition that the service key is leaked in the process of sending the service key to the network element 1; in addition, the KMS1 and the network element 2 respectively obtain the same shared key of the network element 2, so that when the KMS1 encrypts and/or integrity-protects the service key using the shared key of the network element 2 to generate the security protection parameter of the network element 2 and sends the security protection parameter to the network element 2, the network element 2 can restore the security protection parameter of the network element 2 to the service key according to the shared key of the network element 2, and thus, when the communication data is sent between the network element 1 and the network element 2, the communication data can be protected using the service key, and eavesdropping attack on the communication data in the sending process is avoided.
In the embodiment shown in fig. 3, the network element 2 is a user terminal, and the KMS2 needs to use the shared key 2 to encrypt and/or integrity-protect the service key before sending it to the network element 2. In practical applications, the network element 2 may also be a network element that establishes a secure channel with the KMS 2. The network element 2 is, for example, a server, a gateway or other controlling network element. In this way, KMS2 may send the traffic key directly to network element 2 over a secure channel. Then neither the KMS2 nor the network element 2 needs to acquire the same shared key 2.
Therefore, in case that the network element 2 and the KMS2 establish a secure channel, step S32, step S311 and step S313 in the embodiment shown in fig. 3 can be omitted, and the KMS2 sends the traffic key to the network element 2 in step S312.
In the embodiment shown in fig. 3, the flow after step S35 is triggered by steps S33 and S34. Optionally, in the first possible embodiment of the present invention, in step S33, instead of the network element 1 sending the service request to the service server, the gateway, the MME, or the network element 2 sends a service message to the network element 1, where the service message is used to instruct the network element 1 and the network element 2 to perform the first service, and the service message includes at least one of an ID of the first network element and an ID of the second network element.
In the embodiment shown in fig. 3, the network element 1 and the network element 2 correspond to different KMSs, respectively. Optionally, in a second possible embodiment of the present invention, the network element 1 and the network element 2 may also correspond to the same KMS. For example, the network element 1 and the network element 2 are both user terminals belonging to the same operator, and both the network elements communicate with the same KMS in the process of applying for the service key. Then, in the embodiment shown in fig. 3, the KMS1 and the KMS2 are the same key management center, and step S37 and step S310 may be omitted.
In the embodiment shown in fig. 3, the KMS1 calculates the traffic key from the traffic root key of network element 1. In practical applications, the KMS1 may further obtain the service root key of the network element 2, and calculate the service key according to the service root key of the network element 1, the service root key of the network element 2, and the service parameter of the first service. As described in detail below in conjunction with fig. 4.
Referring to fig. 4, fig. 4 is a schematic diagram illustrating another embodiment of a key distribution process of the communication system shown in fig. 2.
S41, the network element 1 and the KMS1 respectively obtain the same service root key of the network element 1, and respectively obtain the same service parameters.
For a detailed description, reference may be made to the explanation of step S31 in the embodiment shown in fig. 3, which is not repeated herein.
S42, network element 1 and KMS1 obtain the same shared key 1, respectively.
For a detailed description, reference may be made to the method for the network element 2 and the KMS2 to obtain the same shared key 2 in step S32 in the embodiment shown in fig. 3, which is not described herein again.
S43, network element 2 and KMS2 obtain the same service root key of network element 2, respectively.
The method for the network element 2 and the KMS2 to obtain the same service root key of the network element 2 may refer to the explanation of step S31 in the embodiment shown in fig. 3, and is not described herein again.
S44, network element 2 and KMS2 obtain the same shared key 2, respectively.
For a detailed description, reference may be made to the explanation of step S32 in the embodiment shown in fig. 3, which is not repeated herein.
It should be noted that there is no necessary order of sequence between steps S41-42 and steps S43-44. Step S42 may occur before step S41; step S43 may occur before step S44.
S45, the network element 1 sends a service request to the service server, where the service request is used to apply for the first service by the network element 1 and the network element 2.
For a detailed description, reference may be made to the explanation of step S33 in the embodiment shown in fig. 3, which is not repeated herein.
S46, the service server authorizes the first service, and sends a response message to the network element 1 when the authorization is successful.
For a detailed description, reference may be made to the explanation of step S34 in the embodiment shown in fig. 3, which is not repeated herein.
S47, the network element 1 sends a key request for the first service to the KMS 1.
For a detailed description, reference may be made to the explanation of step S35 in the embodiment shown in fig. 3, which is not repeated herein.
In practical applications, the network element 1 may also actively initiate a key request instead of sending the key request to the KMS1 after receiving the notification that the first service authorization sent by the service server is successful. That is, step S45 and step S46 may be omitted.
S48, the network element 2 sends a key request of the first service to the KMS 2.
For a detailed description, reference may be made to the explanation of step S36 in the embodiment shown in fig. 3, which is not repeated herein.
In this embodiment, step S48 is an optional step.
S49, KMS2 sends the service root key of network element 2 to KMS 1.
After receiving the key application of the first service, the KMS2 sends the service root key of the network element 2 to the KMS 1.
S410 and the KMS1 encrypt and/or protect integrity of the service root key of the network element 2 by using the shared key 1, and generate a security protection parameter of the network element 1.
The KMS1 encrypts the service root key of the network element 2 by using an encryption algorithm, such as an AES encryption algorithm, when encrypting the service root key by using the shared key 1; when integrity protection is performed on the service root key of the network element 2 by using the shared key 1, integrity protection is performed by using an integrity protection algorithm, such as an HMAC algorithm. And are not intended to be limiting herein.
S411 and the KMS1 send the security protection parameter of the network element 1 to the network element 1.
S412, the network element 1 obtains the service root key of the network element 2 according to the shared key 1 and the security protection parameter of the network element 1.
Because the security protection parameter of the network element 1 is obtained by encrypting and/or integrity protecting the service root key of the network element 2 by using the shared key 1, the network element 1 can restore the service root key of the network element 2 according to the security protection parameter of the network element 1 and the shared key 1.
S413, KMS2 sends the key request of network element 2 to KMS 1.
Step S413 and step S49 may be the same step, or may be divided into two steps, and the two steps do not have a certain sequence.
S414, KMS1 sends the key request of network element 2 to network element 1.
Step S414 and step S411 may be combined into the same step, or may be divided into two steps, and the two steps do not have a certain sequence.
S415, the KMS1 and the network element 1 respectively adopt the same preset method to generate a service key according to the service root key of the network element 1, the service root key of the network element 2 and the service parameter of the first service.
After the network element 1 sends a key request to the KMS1, the network element 1 and the KMS1 generate a service key according to the service root key of the network element 1, the service root key of the network element 2, and the service parameter of the first service by using the same preset method. In this embodiment, the preset method is various. One of which is exemplified below.
After the KMS1 and the network element 1 respectively obtain the same service root key of the network element 1, the same service root key of the network element 2, and the same service parameter of the first service, the KMS1 and the network element 1 respectively calculate a dependent variable of a second preset key derivation function, where the service key includes the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the network element 1, the service root key of the network element 2, and the service parameter.
In this embodiment, the service parameter is a parameter in the first service requested in step S45. For example, the service parameter may be at least one of a sequence number in the first service, an expiration time of the service key, a current system time, a freshness parameter (Fresh parameter), a nonce/random number, a sequence number of a computed service key, and an associated ID in the service. The relevant ID in the Service may include at least one of an ID of the network element 1, an ID of the network element 2, an ID of the KMS1, a Service ID, a session ID, a network ID, a link ID, an App ID, a server ID, and a PLMN ID. The IDs of network element 1 and network element 2 may include IMSI, IMPI, TMSI, IMPU, App ID, network ID, service ID, GUTI, etc., without limitation.
Specifically, for example, K ═ KDF (key, service parameter of the first service), where K is the service key, and K ═ KDF () is used as the derivation function for the second preset key. The key includes a service root key of the network element 1 and a service root key of the network element 2.
S416, the KMS1 sends the service key to the KMS 2.
S417 and the KMS2 perform encryption and/or integrity protection on the service key by using the shared key 2, and generate a security protection parameter of the network element 2.
S418 and KMS2 send the security protection parameter of the network element 2 to the network element 2.
S419, the network element 2 obtains the service key according to the shared key 2 and the security protection parameter of the network element 2.
In the embodiment shown in fig. 4, the network element 2 is a user terminal, and the KMS2 needs to use the shared key 2 to encrypt and/or integrity-protect the service key before sending it to the network element 2. In practical applications, the network element 2 may also be a network element that establishes a secure channel with the KMS2, for example, the network element 2 is a server, a gateway, or other control network element. In this way, KMS2 may send the traffic key directly to network element 2 over a secure channel. Therefore, in case that the network element 2 and the KMS2 establish a secure channel, step S44, step S417 and step S419 in the embodiment shown in fig. 4 may be omitted, and the KMS2 transmits the traffic key to the network element 2 in step S418.
In the embodiment shown in fig. 3, the network element 1 and the KMS1 obtain the same service root key of the first network element and the same service parameter of the first service through AKA authentication, and generate the service key according to the service root key of the first network element and the service parameter of the first service by using the same preset method, respectively. In practical application, the network element 1 and the KMS1 may also acquire the same service root key of the network element 1 through AKA authentication, the network element 2 may also acquire the same service root key of the network element 2 through AKA authentication with the KMS1, and the KMS1 sends the service root key of the network element 2 to the network element 1 and sends the service root key of the network element 1 to the network element 2. When calculating the service key, the network element 1 and the network element 2 respectively adopt the same preset method to generate the service key according to the service root key of the network element 1 and the service root key of the network element 2. As described in detail below in conjunction with fig. 5.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating another embodiment of a key distribution process of the communication system shown in fig. 2.
As shown in fig. 5, the key distribution process in this embodiment includes:
s51, network element 1 and KMS1 obtain the same service root key of network element 1 and obtain the same shared key 1, respectively.
The method for the network element 1 and the KMS1 to obtain the same service root key of the network element 1 may refer to an explanation of the step of "the network element 1 and the KMS1 obtain the same service root key of the network element 1 respectively" in step S31 in the embodiment shown in fig. 3, and details are not described here again.
The method for the network element 1 and the KMS1 to obtain the same shared key 1 can refer to the explanation of "the network element 2 and the KMS2 respectively obtain the same shared key 2" in step S32 in the embodiment shown in fig. 3, and details are not repeated here.
S52, network element 2 and KMS2 obtain the same service root key of network element 2 and obtain the same shared key 2, respectively.
Specifically, refer to the explanation of step S51, which is not repeated herein.
S53, the network element 1 sends a service request to the service server, where the service request is used to apply for the first service by the network element 1 and the network element 2.
S54, the service server authorizes the first service, and sends a response message to the network element 1 when the authorization is successful.
For a detailed description, reference may be made to the explanation of step S34 in the embodiment shown in fig. 3, which is not repeated herein.
S55, the network element 1 sends a key request for the first service to the KMS 1.
For details, reference may be made to the explanation of step S35 in the embodiment shown in fig. 3, which is not repeated herein.
S56, the network element 2 sends a key request of the first service to the KMS2, where the key request includes the ID of the network element 2.
Specifically, refer to the explanation of step S36 in the embodiment shown in fig. 3, which is not repeated herein.
In this embodiment, step S56 is an optional step.
S57, the KMS1 sends the key request of the network element 1 and the service root key of the network element 1 to the KMS 2.
S58, the KMS2 sends the key request of the network element 2 and the service root key of the network element 2 to the KMS 1.
S59 and KMS1 adopt the shared key 1 to encrypt and/or protect the integrity of the service root key of the network element 2, and generate a security protection parameter 1.
After receiving the service root key of the network element 2 sent by the KMS2, the KMS1 encrypts the service root key of the network element 2 by using an encryption algorithm, such as an AES encryption algorithm; or an integrity protection algorithm is used to perform integrity protection on the service root key of the network element 2, such as an HMAC algorithm, or the service root key of the network element 2 is encrypted and integrity protected, which is not limited herein.
S510, KMS1 sends the security protection parameter 1 and the ID of the network element 2 to the network element 1.
S511, the network element 1 obtains the service root key of the network element 2 according to the shared key 1 and the security protection parameter 1.
Because the security protection parameter 1 is obtained by encrypting and/or integrity protecting the service root key of the network element 2 by using the shared key 1, the network element 1 can restore the service root key of the network element 2 according to the security protection parameter 1 and the shared key 1.
And S512, the network element 1 generates a service key according to the service root key of the network element 1 and the service root key of the network element 2.
In this embodiment, the service key is used to encrypt and/or integrity protect the communication data in the first service, which is applied by the network element 1 and the network element 2 in step S53.
The same preset method is stored in the network element 1 and the network element 2 respectively, so that the network element 1 and the network element 2 can generate the same service key according to the service root key of the network element 1 and the service root key of the network element 2 by adopting the preset method. There are various preset methods, one of which is exemplified below.
After the network element 1 obtains the service root key of the network element 1 and the service root key of the network element 2, the network element also obtains service parameters. The network element 1 calculates a dependent variable of a preset key derivation function, wherein the service key comprises the dependent variable of the preset key derivation function; the independent variable of the preset key derivation function includes a service root key of the network element 1, a service root key of the network element 2 and the service parameter, or the independent variable includes the service parameter and a service root key calculated by the service root key of the network element 1 and the service root key of the network element 2.
In this embodiment, the service parameter is a parameter in the first service requested in step S53. For example, the service parameter may be at least one of a sequence number in the first service, an expiration time of the service key, a current system time, a sequence number of a calculated service key, a freshness parameter (Fresh parameter), a random number (nonce/random number), and an associated ID in the service. The relevant ID in the Service may include at least one of an ID of the network element 1, an ID of the network element 2, an ID of the KMS1, a Service ID, a session ID, a network ID, a link ID, an App ID, a server ID, and a PLMN ID. The IDs of network element 1 and network element 2 may include IMSI, IMPI, GUTI, TMSI, IMPU, App ID, network ID, service ID, etc., without limitation.
Specifically, for example, K ═ KDF (key, service parameter of the first service), where K is the service key, and K ═ KDF () is used as the derivation function for the second preset key. The key includes the service root key of the network element 1 and the service root key of the network element 2, or includes the service root key calculated by the service root key of the network element 1 and the service root key of the network element 2.
In practical applications, in the case that the parameters used by the network element 1 to calculate the service key do not include the ID of the network element 2, the key distribution method of this embodiment may omit step S56, and the KMS2 does not need to send the ID of the network element 2 to the KMS1 in step S58, and the KMS1 does not need to send the ID of the network element 2 to the network element 1 in step S510.
S513 and the KMS2 encrypt and/or protect integrity of the service root key of the network element 1 by using the shared key 2, and generate a security protection parameter 2.
After receiving the service root key of the network element 1 sent by the KMS1, the KMS2 encrypts the service root key of the network element 1 by using an encryption algorithm, such as an AES encryption algorithm; or an integrity protection algorithm is used to perform integrity protection on the service root key of the network element 1, such as an HMAC algorithm, or the service root key of the network element 1 is encrypted and integrity protected, which is not limited herein.
S514, KMS2 sends security protection parameter 2 and the ID of network element 1 to network element 2.
And S515, the network element 2 obtains the service root key of the network element 1 according to the shared key 2 and the security protection parameter 2.
Since the security protection parameter 2 is obtained by encrypting and/or integrity protecting the service root key of the network element 1 by using the shared key 2, the network element 2 can restore the service root key of the network element 1 according to the security protection parameter 2 and the shared key 2.
S516, the network element 2 generates a service key according to the service root key of the network element 1 and the service root key of the network element 2.
The preset method for the network element 2 to generate the service key according to the service root key of the network element 1 and the service root key of the network element 2 may refer to the preset method in step S512, and details are not described here.
In practical applications, in the case that the parameters used by the network element 2 to calculate the service key do not include the ID of the network element 1, the key distribution method of this embodiment may omit step S58, and the KMS1 does not need to send the ID of the network element 1 to the KMS2 in step S58, and the KMS2 does not need to send the ID of the network element 2 to the network element 1 in step S510.
In the embodiment shown in fig. 5, the network element 1 and the network element 2 correspond to different KMSs, respectively. Optionally, in a possible embodiment of the present invention, the network element 1 and the network element 2 may also correspond to the same KMS. For example, the network element 1 and the network element 2 are both user terminals belonging to the same operator, and both the network elements communicate with the same KMS in the process of applying for the service key. Then, in the embodiment shown in fig. 5, the KMS1 and the KMS2 are the same key management center, and step S57 and step S58 may be omitted.
In the embodiment shown in fig. 5, both the network element 1 and the network element 2 obtain the service root key of the network element 1 and the service root key of the network element 2, and obtain the service keys according to the two service root keys by using the same preset method. In practical applications, the network element 2 may receive the service key sent by the KMS1 or the KMS2 without acquiring the two service root keys and calculating the service key according to the two service root keys.
In this embodiment, the KMS encrypts and/or protects the integrity of the service root key of the network element 1 and then sends the encrypted and/or protected integrity of the service root key of the network element 2 to the network element 1, and the network element 1 and the network element 2 respectively calculate the service key according to the service root key of the network element 1 and the service root key of the network element 2 by using the same preset method; therefore, the service key is not sent to the network element by the KMS, so that the condition that the service key is subjected to eavesdropping attack in the process of being sent to the network element is avoided.
Three embodiments of the communication system of the present invention and various embodiments of the workflow in each communication system are described above with reference to fig. 2 to 5. The key distribution method in the present invention is described below.
Referring to fig. 6, an embodiment of the key distribution method of the present invention includes:
601. the first key management center obtains the service parameters and the service root key of the first network element.
In this embodiment, the service parameter is a parameter in the first service, and the service root key of the first network element is generated according to a key parameter obtained after the first network element is authenticated.
The first key management center may be the KMS1 in the embodiment shown in fig. 3, and the first network element may be the network element 1 in the embodiment shown in fig. 3. Alternatively, the first key management center may be the KMS1 in the embodiment shown in fig. 3, and the first network element may be the network element 1 in the embodiment shown in fig. 4. And are not intended to be limiting herein.
The method for acquiring the service parameter and the service root key of the first network element by the first key management center may refer to the explanation of step S31 in the embodiment shown in fig. 3, and is not described herein again.
602. And the first key management center generates a service key according to the service root key of the first network element and the service parameter, wherein the service key is used for encrypting and/or integrity protecting communication data in the first service between the first network element and the second network element.
603. And the first key management center acquires the shared key of the second network element, and the shared key of the second network element is used for communication between the first key management center and the second network element.
604. And the first key management center adopts the shared key of the second network element to encrypt and/or protect the integrity of the service key so as to generate a first security protection parameter.
605. And the first key management center sends the first security protection parameter to the second network element.
The explanation of the present embodiment can be understood with reference to the description of the embodiment shown in fig. 3 and fig. 4, and will not be described in detail herein.
In this embodiment, the first key management center obtains the service root key and the service parameter of the first network element, and the preset method for generating the service key by using the service root key and the service parameter of the first network element is the same as the preset method for generating the service key by using the first network element according to the service root key of the first network element, so that the first key management center and the first network element can generate the same service key, and thus, the first key management center does not need to send the service key to the first network element, thereby avoiding the condition that the service key is leaked in the process of sending the service key to the first network element; in addition, the first key management center adopts the shared key of the second network element to encrypt and/or protect the integrity of the service key, and then generates a first security protection parameter which is sent to the second network element, so that the second network element can restore the first security protection parameter into the service key according to the shared key of the second network element, therefore, when the first network element and the second network element send communication data to each other, the service key can be adopted to protect the communication data, and the communication data is prevented from being attacked by eavesdropping in the sending process.
Optionally, in this embodiment, in a case that a secure channel is established between the first key management center and the second network element, the first key management center may also send the service key to the second network element through the secure channel without using a shared key of the second network element to encrypt and/or protect integrity of the service key, and then the service key is sent to the second network element, so steps 603 to 605 may be omitted.
In this embodiment, the first key management center is configured to manage a key of the second network element, that is, the first key management center corresponds to the second network element, so that the first key management center sends the service key to the second network element. In practical applications, there may be a case that the second network element does not correspond to the first key management center, but corresponds to the second key management center, and then the first key management center sends the service key to the second key management center, so that the second key management center encrypts and/or protects integrity of the service key and sends the service key to the second network element, and then steps 603 to 605 may be omitted.
In this embodiment, there are various methods for the first key management center to obtain the service root key of the first network element.
Optionally, the first key management center obtains a first parameter by performing AKA authentication with the first network element, where the first parameter includes at least one of a Kasme, an integrity key, and an encryption key; the first key management center calculates a dependent variable of a first preset key derivation function, and the service root key of the first network element comprises the dependent variable of the first preset key derivation function; wherein the argument of said first preset key derivation function comprises said first parameter.
Optionally, the first key management center receives a service root key of a first network element sent by a mobility management node MME, where the service root key of the first network element is calculated by the MME through a first parameter, the first parameter is obtained by the MME through authentication with a first network element AKA, and the first parameter includes at least one of a Kasme, an integrity key, and an encryption key.
In this embodiment, there are various methods for the first key management center to generate the service key according to the service root key of the first network element and the service parameter.
Optionally, the first key management center calculates a dependent variable of a second preset key derivation function, where the service key includes the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the first network element and the service parameter.
Further, optionally, the first key management center obtains a service root key of a second network element; the argument of the second preset key derivation function further includes a service root key of the second network element;
the first key management center acquires a shared key of a first network element, wherein the shared key of the first network element is used for communication between the first key management center and the first network element;
the first key management center adopts the shared key of the first network element to encrypt and/or protect the integrity of the service root key of the second network element, and generates a second security protection parameter;
and the first key management center sends the second security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the second security protection parameter, and calculates the service root key according to the service root key of the second network element.
Optionally, in this embodiment, the first key management center generates a service key according to the service root key of the first network element and the service parameter by using a preset method, and before that, the method further includes:
the first key management center receives a key request sent by the first network element, the second network element, the gateway or the server, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element and the service parameter.
In this embodiment, there are multiple methods for the first key management center to obtain the shared key of the second network element.
Optionally, the first key management center obtains a first parameter by performing AKA authentication with the second network element, where the first parameter includes at least one of a Kasme, an integrity key, and an encryption key;
the first key management center calculates a dependent variable of a third preset key derivation function, and the shared key of the second network element comprises the dependent variable of the third preset key derivation function; wherein an argument of said third preset key derivation function includes said first parameter.
Optionally, the first key management center receives a shared key of a second network element sent by an MME, where the shared key of the second network element is calculated by the MME through a first parameter, the first parameter is obtained by the MME through authentication with an AKA of the second network element, and the first parameter includes at least one of a Kasme, an integrity key, and an encryption key.
The explanation of the present embodiment can be understood with reference to the description of the embodiment shown in fig. 2 to fig. 4, and will not be described in detail herein.
Referring to fig. 7, fig. 7 is a flowchart illustrating a key generation method according to an embodiment of the invention. As shown in fig. 7, the key generation method in this embodiment includes:
701. the first key management center obtains a service root key of the first network element and a service root key of the second network element.
In this embodiment, the first key management center may be the KMS1 in the embodiment shown in fig. 5, the first network element may be the network element 1 in the embodiment shown in fig. 5, and the second network element may be the network element 2 in the embodiment shown in fig. 5, which is not limited herein.
702. The method comprises the steps that a first key management center obtains a first shared key and a second shared key, the first shared key is used for communication between the first key management center and a first network element, and the second shared key is used for communication between the first key management center and a second network element.
703. And the first key management center adopts the first shared key to encrypt and/or protect the integrity of the service root key of the second network element, so as to generate a first security protection parameter.
704. And the first key management center encrypts and/or integrally protects the service root key of the first network element by adopting the second shared key to generate a second security protection parameter.
705. And the first key management center sends the first security protection parameter to the first network element, so that the first network element obtains the service root key of the second network element according to the first security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element.
706. And the first key management center sends the second security protection parameter to the second network element, so that the second network element obtains the service root key of the second network element according to the second security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element.
In this embodiment, the service key is used to encrypt and/or protect integrity of communication data in the first service between the first network element and the second network element.
The explanation of the present embodiment can be understood by referring to the description of the embodiment shown in fig. 5, and will not be described in detail herein.
In this embodiment, the first key management center encrypts and/or integrity-protects the service root key of the first network element and then sends the encrypted and/or integrity-protected service root key of the second network element to the first network element, so that the first network element and the second network element respectively calculate the service key according to the service root key of the first network element and the service root key of the second network element by using the same preset method; therefore, the service key is not sent to the network element by the first key management center, so that the condition that the service key is subjected to eavesdropping attack in the process of being sent to the network element is avoided.
Referring to fig. 8, fig. 8 is a flowchart illustrating a key generation method according to another embodiment of the invention. As shown in fig. 8, the key generation method in this embodiment includes:
801. the first network element acquires a first parameter by performing AKA authentication, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
In this embodiment, the first network element may be the network element 1 in the embodiments shown in fig. 3, fig. 4, and fig. 5, which is not limited herein.
802. And the first network element acquires the service root key of the first network element according to the first parameter.
803. And the first network element acquires service parameters, wherein the service parameters are parameters in the first service.
804. And the first network element generates a service key according to the service root key of the first network element and the service parameter, wherein the service key is used for encrypting and/or integrity protecting communication data in the first service between the first network element and the second network element.
In this embodiment, the first network element obtains the service root key of the first network element, and the preset method for generating the service key by using the service root key and the service parameters of the first network element is the same as the preset method for generating the service key by the first key management center according to the service root key of the first network element, so that the first key management center and the first network element can generate the same service key, and thus, the first network element does not need to receive the service key sent by the first key management center, and further, the condition that the service key is leaked in the process of being sent to the first network element is avoided; therefore, when the first network element and the second network element send communication data to each other, the service key can be adopted to protect the communication data, and the communication data is prevented from being attacked by eavesdropping in the sending process.
In this embodiment, there are multiple methods for the first network element to generate the service key according to the service root key of the first network element and the service parameter. Optionally, the first network element calculates a dependent variable of a preset key derivation function, where the service key includes the dependent variable of the preset key derivation function; wherein the argument of the preset key derivation function includes the service root key of the first network element and the service parameter.
Further, optionally, in this embodiment, the first network element further obtains an identity of a second network element; the argument of said preset key derivation function further comprises an identity of said second network element.
In this embodiment, optionally, the key receiving method further includes:
the first network element acquires a shared key of the first network element, and the shared key of the first network element is used for communication between the first key management center and the first network element;
the first network element receives a second security protection parameter sent by the first key management center;
the first network element decrypts the second security protection parameter by adopting the shared key of the first network element to obtain a service root key of a second network element;
the first network element generating a service key according to the service root key of the first network element and the service parameter, including:
and the first network element generates a service key according to the service root key of the first network element, the service root key of the second network element and the service parameter.
In this embodiment, optionally, the generating, by the first network element, a service key according to the service root key of the first network element and the service parameter further includes:
the first network element sends a key request to the first key management center, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and the service parameter.
Further, optionally, the sending, by the first network element, the key request to the first key management center further includes:
the first network element sends a service request to a service server, wherein the service server is used for executing service management between the first network element and the second network element;
the first network element receives a response message sent by the service server, where the response message includes at least one of an indicator, an identity of the first network element, an identifier of the second network element, and the service parameter, and the indicator is used to indicate that the first service authorization is successful.
Or, the first network element sends a key request to the first key management center, and before the sending, the method further includes:
the first network element receives a service message sent by a service server, a gateway, an MME or a second network element, wherein the service message comprises at least one of an identity of the first network element and an identity of the second network element.
Referring to fig. 9, fig. 9 is a flowchart illustrating a method for obtaining a key according to an embodiment of the invention. As shown in fig. 9, the method for obtaining a key in this embodiment includes:
901. and the MME acquires a third parameter through AKA authentication with the first network element, wherein the third parameter comprises at least one of Kasme, an integrity key, an encryption key, a non-access stratum integrity key, a non-access stratum encryption key and a base station key.
902. The MME calculates a dependent variable of a first preset key derivation function, and a key of the first network element comprises the dependent variable of the first preset key derivation function; wherein the argument of said first preset key derivation function comprises said first parameter.
In this embodiment, the key of the first network element may be a service root key of the first network element, or a shared key of the first network element, which is not limited herein.
903. And the MME sends the key of the first network element to a key management center corresponding to the first network element.
In this embodiment, the key management center corresponding to the first network element refers to a key management center for managing a key of the first network element.
The explanation of the present embodiment can be understood with reference to the description of the embodiment shown in fig. 2 to fig. 5, and will not be described in detail herein.
The key distribution method, the key generation method, the key receiving method, and the key obtaining method in the embodiments of the present invention are described above, and the first key management center, the first network element, and the MME in the embodiments of the present invention are described below.
Referring to fig. 10, fig. 10 is a schematic structural diagram of a first key management center according to an embodiment of the present invention. In this embodiment, the first key management center 1000 includes:
a first obtaining module 1001, configured to obtain a service parameter and a service root key of a first network element, where the service parameter is a parameter in the first service, and the service root key of the first network element is generated according to a key parameter obtained after the first network element is authenticated.
A first generating module 1002, configured to generate a service key according to the service root key of the first network element and the service parameter, where the service key is used to encrypt and/or protect integrity of communication data in a first service between the first network element and a second network element.
The first key management center further includes a second obtaining module 1003, a second generating module 1004, and a first sending module 1005, or includes a second sending module (not shown), and a secure channel is established between the first key management center and the second network element, or includes a third sending module (not shown). Wherein:
the second obtaining module 1003 is configured to obtain a shared key of the second network element, where the shared key of the second network element is used for the first key management center and the second network element to communicate.
The second generating module 1004 is configured to encrypt and/or perform integrity protection on the service key by using the shared key of the second network element, so as to generate a first security protection parameter.
The first sending module 1005 is configured to send the first security protection parameter to the second network element.
And the second sending module is configured to send the service key to the second network element through the secure channel.
The third sending module is configured to send the service key to a second key management center, so that the second key management center encrypts and/or integrity-protects the service key and sends the service key to the second network element.
In this embodiment, the first key management center obtains the service root key of the first network element, and the preset method for generating the service key by using the service root key of the first network element is the same as the preset method for generating the service key by using the first network element according to the service root key of the first network element, so that the first key management center and the first network element can generate the same service key, and thus, the first key management center does not need to send the service key to the first network element, thereby avoiding the condition that the service key is leaked in the process of sending the service key to the first network element; in addition, the first key management center adopts the shared key of the second network element to encrypt and/or protect the integrity of the service key, and then generates a first security protection parameter which is sent to the second network element, so that the second network element can restore the first security protection parameter into the service key according to the shared key of the second network element, therefore, when the first network element and the second network element send communication data to each other, the service key can be adopted to protect the communication data, and the communication data is prevented from being attacked by eavesdropping in the sending process.
In some possible embodiments of the present invention, the first obtaining module 1001 is specifically configured to:
acquiring a first parameter by performing AKA authentication with the first network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
calculating a dependent variable of a first preset key derivation function, wherein a service root key of the first network element comprises the dependent variable of the first preset key derivation function; wherein the argument of said first preset key derivation function comprises said first parameter.
In some possible embodiments of the present invention, the first obtaining module 1001 is specifically configured to:
receiving a service root key of a first network element sent by a mobile management node (MME), wherein the service root key of the first network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a first network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
In some possible embodiments of the invention, the first generating module 1002 is specifically configured to:
calculating a dependent variable of a second preset key derivation function, wherein the service key comprises the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the first network element and the service parameter.
As shown in fig. 11, in some possible embodiments of the present invention, the first key management center further includes:
a third obtaining module 1101, configured to obtain a service root key of the second network element; the argument of said second pre-set key derivation function further comprises a service root key of said second network element.
A fourth obtaining module 1102, configured to obtain a shared key of a first network element, where the shared key of the first network element is used for the first key management center to communicate with the first network element.
A third generating module 1103, configured to perform encryption and/or integrity protection on the service root key of the second network element by using the shared key of the first network element, and generate a second security protection parameter.
A fourth sending module 1104, configured to send the second security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the second security protection parameter, and calculates the service root key according to the service root key of the second network element.
As shown in fig. 12, in some possible embodiments of the present invention, the first key management center further includes:
a first receiving module 1201, configured to receive a key request sent by the first network element, the second network element, the gateway, or the server before the first generating module generates a service key according to the service root key of the first network element and the service parameter, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and a service parameter of the first service.
In some possible embodiments of the present invention, when the first key management center includes the second obtaining module 1003, the second generating module 1004, and the first sending module 1005, the second obtaining module 1003 is specifically configured to:
acquiring a first parameter by performing AKA authentication with the second network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
calculating a dependent variable of a third preset key derivation function, wherein the shared key of the second network element comprises the dependent variable of the third preset key derivation function; wherein an argument of said third preset key derivation function includes said first parameter.
In some possible embodiments of the present invention, when the first key management center includes the second obtaining module 1003, the second generating module 1004, and the first sending module 1005, the second obtaining module 1003 is specifically configured to:
receiving a shared key of a second network element sent by an MME, wherein the shared key of the second network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a second network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
Referring to fig. 13, fig. 13 is a schematic structural diagram of a first key management center according to another embodiment of the present invention. In this embodiment, the first key management center 1300 includes:
the first obtaining module 1301 is configured to obtain a service root key of the first network element and a service root key of the second network element.
A second obtaining module 1302, configured to obtain a first shared key and a second shared key, where the first shared key is used for the communication between the first key management center and the first network element, and the second shared key is used for the communication between the first key management center and the second network element.
A first generating module 1303, configured to encrypt and/or integrity-protect the service root key of the second network element by using the first shared key, so as to generate a first security protection parameter.
A second generating module 1304, configured to encrypt and/or perform integrity protection on the service root key of the first network element by using the second shared key, so as to generate a second security protection parameter.
A first sending module 1305, configured to send the first security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the first security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element.
A second sending module 1306, configured to send the second security protection parameter to the second network element, so that the second network element obtains a service root key of the second network element according to the second security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element;
the service key is used for encrypting and/or protecting the integrity of communication data in the first service between the first network element and the second network element.
In this embodiment, the first key management center encrypts and/or integrity-protects the service root key of the first network element and then sends the encrypted and/or integrity-protected service root key of the second network element to the first network element, so that the first network element and the second network element respectively calculate the service key according to the service root key of the first network element and the service root key of the second network element by using the same preset method; therefore, the service key is not sent to the network element by the first key management center, so that the condition that the service key is subjected to eavesdropping attack in the process of being sent to the network element is avoided.
Referring to fig. 14, fig. 14 is a schematic structural diagram of an embodiment of a first network element according to the present invention. In this embodiment, the first network element 1400 includes:
a first obtaining module 1401, configured to obtain a first parameter by performing AKA authentication, where the first parameter includes at least one of a Kasme, an integrity key, and an encryption key;
a second obtaining module 1402, configured to obtain a service root key of the first network element according to the first parameter;
a third obtaining module 1403, configured to obtain a service parameter, where the service parameter is a parameter in the first service;
a first generating module 1404, configured to generate a service key according to the service root key of the first network element and the service parameter, where the service key is used to encrypt and/or integrity protect communication data in a first service between the first network element and a second network element.
In some possible embodiments of the invention, the first generating module 1404 is specifically configured to:
calculating a dependent variable of a preset key derivation function, wherein the service key comprises the dependent variable of the preset key derivation function; wherein the argument of the preset key derivation function includes the service root key of the first network element and the service parameter.
As shown in fig. 15, in some possible embodiments of the present invention, the first network element further includes:
a fourth obtaining module 1501, configured to obtain an identity of the second network element;
the argument of said preset key derivation function further comprises an identity of said second network element.
As shown in fig. 16, in some possible embodiments of the present invention, the first network element further includes:
a fifth obtaining module 1601, configured to obtain a shared key of a first network element, where the shared key of the first network element is used for the first key management center to communicate with the first network element.
A first receiving module 1602, configured to receive the second security protection parameter sent by the first key management center.
A sixth obtaining module 1603, configured to decrypt the second security protection parameter by using the shared key of the first network element, to obtain a service root key of the second network element.
The first generating module 1404 is specifically configured to generate a service key according to the service root key of the first network element, the service root key of the second network element, and the service parameter.
As shown in fig. 17, in some possible embodiments of the present invention, the first network element further includes:
a first sending module 1701, configured to send a key request to the first key management center before the first generating module generates a service key according to the service root key of the first network element and the service parameter, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and a service parameter of the first service.
As shown in fig. 18, in some possible embodiments of the present invention, the first network element further includes:
a second sending module 1801, configured to send a service request to a service server before the first sending module 1701 sends the key request to the first key management center, where the service server is configured to perform service management between the first network element and the second network element;
a second receiving module 1802, configured to receive a response message sent by the service server, where the response message includes at least one of an indicator, an identity of the first network element, an identity of the second network element, and a service parameter of the first service, and the indicator is used to indicate that the first service authorization is successful.
As shown in fig. 19, in some possible embodiments of the present invention, the first network element further includes:
a third receiving module 1901, configured to receive a service message sent by a service server, a gateway, an MME, or a second network element before the first sending module sends the key request to the first key management center, where the service message includes at least one of an identity of the first network element and an identity of the second network element.
Referring to fig. 20, fig. 20 is a schematic structural diagram of a mobility management node according to an embodiment of the present invention. In this embodiment, the mobility management node 2000 includes:
an obtaining module 2001, configured to obtain a third parameter through AKA authentication with the first network element, where the third parameter includes at least one of a Kasme, an integrity key, an encryption key, a non-access stratum integrity key, a non-access stratum encryption key, and a base station key;
a calculating module 2002, configured to calculate a dependent variable of a first preset key derivation function, where a key of the first network element includes the dependent variable of the first preset key derivation function; wherein an argument of said first preset key derivation function includes said first parameter;
a sending module 2003, configured to send the key of the first network element to a key management center corresponding to the first network element.
The first key management center, the first network element, and the MME in the embodiment of the present invention are described above from the perspective of a unitized functional entity, and the first key management center, the first network element, and the MME in the embodiment of the present invention are described below from the perspective of hardware processing.
Referring to fig. 21, fig. 21 is a schematic structural diagram of a first key management center according to an embodiment of the present invention. In this embodiment, the first key management center 2100 includes:
a processor 2101 and a memory 2102 coupled to the processor 2101; wherein the processor 2101 reads the computer program stored in the memory 2102 to perform the following operations:
acquiring a service parameter and a service root key of a first network element, wherein the service parameter is a parameter in the first service, and the service root key of the first network element is generated according to a key parameter obtained after the first network element is authenticated;
generating a service key according to the service root key of the first network element and the service parameter, wherein the service key is used for encrypting and/or integrity protecting communication data in a first service between the first network element and a second network element;
performing one of the following steps A, B and C:
A. the first key management center obtains a shared key of the second network element, and the shared key of the second network element is used for communication between the first key management center and the second network element;
the first key management center encrypts and/or integrally protects the service key by adopting the shared key of the second network element to generate a first security protection parameter;
the first key management center sends the first security protection parameter to the second network element;
B. a secure channel is established between the first key management center and the second network element, and the first key management center sends the service key to the second network element through the secure channel;
C. and sending the service key to a second key management center so that the second key management center encrypts and/or protects the integrity of the service key and then sends the service key to the second network element.
In a first possible implementation manner of the present invention, the acquiring a service root key of a first network element includes:
the first key management center acquires a first parameter through AKA authentication with the first network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
the first key management center calculates a dependent variable of a first preset key derivation function, and the service root key of the first network element comprises the dependent variable of the first preset key derivation function; wherein the argument of said first preset key derivation function comprises said first parameter.
In some possible embodiments of the present invention, the obtaining a service root key of a first network element includes:
the first key management center receives a service root key of a first network element sent by a mobile management node (MME), wherein the service root key of the first network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a first network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
In some possible embodiments of the present invention, the generating a service key according to the service root key of the first network element and the service parameter includes:
the first key management center calculates a dependent variable of a second preset key derivation function, and the service key comprises the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the first network element and the service parameter.
Further, the processor 2101 is further configured to perform the following steps:
acquiring a service root key of a second network element; the argument of the second preset key derivation function further includes a service root key of the second network element;
acquiring a shared key of a first network element, wherein the shared key of the first network element is used for communication between the first key management center and the first network element;
encrypting and/or integrity protecting the service root key of the second network element by adopting the shared key of the first network element to generate a second safety protection parameter;
and sending the second security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the second security protection parameter, and calculates the service root key according to the service root key of the second network element.
In some possible embodiments of the present invention, the processor 2101 is further configured to perform the following steps before generating a service key according to the service root key of the first network element and the service parameter by using a preset method:
receiving a key request sent by the first network element, the second network element, a gateway or a server, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element and a service parameter of the first service.
In some possible embodiments of the present invention, when the processor 2101 executes the step a, the acquiring the shared key of the second network element includes:
acquiring a first parameter by performing AKA authentication with the second network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
calculating a dependent variable of a third preset key derivation function, wherein the shared key of the second network element comprises the dependent variable of the third preset key derivation function; wherein an argument of said third preset key derivation function includes said first parameter.
In some possible embodiments of the present invention, when the processor 2101 executes the step a, the obtaining the shared key of the second network element includes:
receiving a shared key of a second network element sent by an MME, wherein the shared key of the second network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a second network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
Referring to fig. 22, fig. 22 is a schematic structural diagram of a first key management center according to another embodiment of the present invention. In this embodiment, the first key management center 2200 includes:
a processor 2201, and a memory 2202 coupled to the processor 2201; wherein the processor 2201 reads the computer program stored in the memory 2202 for performing the following operations:
acquiring a service root key of a first network element and a service root key of a second network element;
acquiring a first shared key and a second shared key, wherein the first shared key is used for communication between the first key management center and a first network element, and the second shared key is used for communication between the first key management center and a second network element;
encrypting and/or integrity protecting the service root key of the second network element by using the first shared key to generate a first security protection parameter;
encrypting and/or integrity protecting the service root key of the first network element by using the second shared key to generate a second security protection parameter;
sending the first security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the first security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element;
sending the second security protection parameter to the second network element, so that the second network element obtains a service root key of the second network element according to the second security protection parameter, and generates a service key according to the service root key of the first network element and the service root key of the second network element;
the service key is used for encrypting and/or integrity protecting communication data in a first service between the first network element and the second network element.
Referring to fig. 23, fig. 23 is a schematic structural diagram of an embodiment of a first network element according to the present invention. In this embodiment, the first network element 2300 includes:
a processor 2301, and a memory 2302 coupled to the processor 2301; wherein the processor 2301 reads the computer program stored in the memory 2302 to perform the following operations:
acquiring a first parameter by performing AKA authentication, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
acquiring a service root key of the first network element according to the first parameter;
acquiring a service parameter, wherein the service parameter is a parameter in the first service;
and generating a service key according to the service root key of the first network element and the service parameter, wherein the service key is used for encrypting and/or integrity protecting communication data in the first service between the first network element and the second network element.
In some possible embodiments of the present invention, the generating a service key according to the service root key of the first network element and the service parameter includes:
calculating a dependent variable of a preset key derivation function, wherein the service key comprises the dependent variable of the preset key derivation function; wherein the argument of the preset key derivation function includes the service root key of the first network element and the service parameter.
In some possible embodiments of the invention, the processor 2301 is further configured to perform the steps of:
acquiring an identity of a second network element; the argument of said preset key derivation function further comprises an identity of said second network element.
In some possible embodiments of the invention, the processor 2301 is further configured to perform the steps of:
acquiring a shared key of a first network element, wherein the shared key of the first network element is used for communication between the first key management center and the first network element;
receiving a second security protection parameter sent by the first key management center;
decrypting the second security protection parameter by using the shared key of the first network element to obtain a service root key of a second network element;
generating a service key according to the service root key of the first network element and the service parameter, including:
and generating a service key according to the service root key of the first network element, the service root key of the second network element and the service parameter.
In some possible embodiments of the present invention, the processor 2301 is further configured to perform the following steps before generating a traffic key according to a traffic root key of the first network element and the traffic parameter:
and sending a key request to the first key management center, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and a service parameter of the first service.
Further, in some possible embodiments of the invention, the processor 2301 is further configured to perform the following steps before sending the key request to the first key management center:
sending a service request to a service server, wherein the service server is used for executing service management between the first network element and the second network element;
receiving a response message sent by the service server, where the response message includes at least one of an indicator, an identity of the first network element, an identifier of the second network element, and a service parameter of the first service, and the indicator is used to indicate that the first service authorization is successful.
Alternatively, in some possible embodiments of the invention, the processor 2301 is further configured to perform the following steps before sending the key request to the first key management center:
and receiving a service message sent by a service server, a gateway, an MME or a second network element, wherein the service message comprises at least one of the identity of the first network element and the identity of the second network element.
Referring to fig. 24, fig. 24 is a schematic structural diagram of a mobility management node according to an embodiment of the present invention. In this embodiment, the mobility management node 2400 includes:
a processor 2401, and a memory 2402 coupled to the processor 2401; wherein the processor 2401 reads the computer program stored in the memory 2402 for performing the following operations:
acquiring a third parameter by AKA authentication with the first network element, wherein the third parameter comprises at least one of Kasme, an integrity key, an encryption key, a non-access stratum integrity key, a non-access stratum encryption key and a base station key;
calculating a dependent variable of a first preset key derivation function, wherein the key of the first network element comprises the dependent variable of the first preset key derivation function; wherein an argument of said first preset key derivation function includes said first parameter;
and sending the key of the first network element to a key management center corresponding to the first network element.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of hardware, or may also be implemented in the form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (30)

1. A method of key distribution, comprising:
a first key management center acquires service parameters and a service root key of a first network element, wherein the service parameters are parameters in a first service, and the service root key of the first network element is generated according to key parameters obtained after the first network element is authenticated;
the first key management center generates a service key according to a service root key of the first network element and the service parameter, wherein the service key is used for encrypting and/or integrity protecting communication data in a first service between the first network element and a second network element, and a preset method for generating the service key by the first key management center by adopting the service root key and the service parameter is the same as a preset method for generating the service key by the first network element according to the service root key and the service parameter, so that the first network element encrypts and/or integrity protects the first communication data by adopting the service key to generate second communication data and sends the second communication data to the second network element;
the first key management center executes one of the following steps a, B and C, so that when the second network element receives the second communication data, the first communication data is restored according to the service key:
A. the first key management center obtains a shared key of the second network element, and the shared key of the second network element is used for communication between the first key management center and the second network element;
the first key management center encrypts and/or integrally protects the service key by adopting the shared key of the second network element to generate a first security protection parameter;
the first key management center sends the first security protection parameter to the second network element;
enabling the second network element to restore the first security protection parameter to the service key according to the shared key;
B. a secure channel is established between the first key management center and the second network element, and the first key management center sends the service key to the second network element through the secure channel;
C. and sending the service key to a second key management center so that the second key management center encrypts and/or protects the integrity of the service key and then sends the service key to the second network element.
2. The key distribution method of claim 1, wherein the obtaining, by the first key management center, the service root key of the first network element includes:
the first key management center acquires a first parameter through AKA authentication with the first network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
the first key management center calculates a dependent variable of a first preset key derivation function, and the service root key of the first network element comprises the dependent variable of the first preset key derivation function; wherein the argument of said first preset key derivation function comprises said first parameter.
3. The key distribution method of claim 1, wherein the obtaining, by the first key management center, the service root key of the first network element includes:
the first key management center receives a service root key of a first network element sent by a mobile management node (MME), wherein the service root key of the first network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a first network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
4. The key distribution method according to any one of claims 1 to 3, wherein the generating, by the first key management center, the service key according to the service root key of the first network element and the service parameter includes:
the first key management center calculates a dependent variable of a second preset key derivation function, and the service key comprises the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the first network element and the service parameter.
5. The key distribution method of claim 4, wherein the method further comprises:
the first key management center acquires a service root key of a second network element; the argument of the second preset key derivation function further includes a service root key of the second network element;
the first key management center acquires a shared key of a first network element, wherein the shared key of the first network element is used for communication between the first key management center and the first network element;
the first key management center encrypts and/or integrally protects the service root key of the second network element by adopting the shared key of the first network element to generate a second security protection parameter;
and the first key management center sends the second security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the second security protection parameter, and calculates the service root key according to the service root key of the second network element.
6. The key distribution method of claim 1, wherein the first key management center generates a service key according to the service root key of the first network element and the service parameter by using a preset method, and before the method, the method further comprises:
the first key management center receives a key request sent by the first network element, the second network element, the gateway or the server, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element and the service parameter.
7. The key distribution method of claim 1, wherein when the first key management center performs step a, the first key management center obtains the shared key of the second network element, and the method comprises:
the first key management center acquires a first parameter through AKA authentication with the second network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
the first key management center calculates a dependent variable of a third preset key derivation function, and the shared key of the second network element comprises the dependent variable of the third preset key derivation function; wherein an argument of said third preset key derivation function includes said first parameter.
8. The key distribution method of claim 1, wherein when the first key management center performs step a, the first key management center obtains the shared key of the second network element, and the method comprises:
the first key management center receives a shared key of a second network element sent by an MME, wherein the shared key of the second network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a second network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
9. A method of key reception, comprising:
a first network element acquires a first parameter by performing AKA authentication, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
the first network element acquires a service root key of the first network element according to the first parameter;
the first network element acquires a service parameter, wherein the service parameter is a parameter in a first service;
the first network element generates a service key according to the service root key of the first network element and the service parameter, the service key is used for encrypting and/or integrity protecting communication data in a first service between the first network element and a second network element, the preset method for generating the service key by the first network element according to the service root key and the service parameter is the same as the preset method for generating the service key by the first key management center by adopting the service root key and the service parameter, so that the first network element uses the service key to encrypt and/or protect the integrity of the first communication data, generates second communication data and sends the second communication data to the second network element, and when the second network element receives the second communication data, restoring the first communication data according to the service key.
10. The key receiving method of claim 9, wherein the generating, by the first network element, a service key according to the service root key of the first network element and the service parameter comprises:
the first network element calculates a dependent variable of a preset key derivation function, and the service key comprises the dependent variable of the preset key derivation function; the argument of the preset key derivation function includes the service root key of the first network element and the service parameter.
11. The key receiving method of claim 10, wherein the method further comprises:
the first network element acquires an identity of a second network element;
the argument of said preset key derivation function further comprises an identity of said second network element.
12. The key receiving method according to claim 9, wherein the key receiving method further comprises:
the first network element acquires a shared key of the first network element, and the shared key of the first network element is used for communication between the first key management center and the first network element;
the first network element receives a second security protection parameter sent by the first key management center;
the first network element decrypts the second security protection parameter by adopting the shared key of the first network element to obtain a service root key of a second network element;
the first network element generating a service key according to the service root key of the first network element and the service parameter, including:
and the first network element generates a service key according to the service root key of the first network element, the service root key of the second network element and the service parameter.
13. The key receiving method of claim 9, wherein the first network element generates a service key according to a service root key of the first network element and the service parameter, and before further comprising:
the first network element sends a key request to the first key management center, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and the service parameter.
14. The key receiving method of claim 13, wherein the first network element sends a key request to the first key management center, and before the sending, further comprising:
the first network element sends a service request to a service server, wherein the service server is used for executing service management between the first network element and the second network element;
the first network element receives a response message sent by the service server, where the response message includes at least one of an indicator, an identity of the first network element, an identifier of the second network element, and the service parameter, and the indicator is used to indicate that the first service authorization is successful.
15. The key receiving method of claim 13, wherein the first network element sends a key request to the first key management center, and before the sending, further comprising:
the first network element receives a service message sent by a service server, a gateway, an MME or a second network element, wherein the service message comprises at least one of an identity of the first network element and an identity of the second network element.
16. A first key management center, comprising:
the first obtaining module is used for obtaining a service parameter and a service root key of a first network element, wherein the service parameter is a parameter in a first service, and the service root key of the first network element is generated according to a key parameter obtained after the first network element is authenticated;
a first generating module, configured to generate a service key according to a service root key of the first network element and the service parameter, where the service key is used to encrypt and/or protect integrity of communication data in a first service between the first network element and a second network element, and a preset method for generating the service key by using the service root key and the service parameter by the first key management center is the same as a preset method for generating the service key by using the service root key and the service parameter by the first network element, so that the first network element encrypts and/or protects integrity of the first communication data by using the service key to generate second communication data, and sends the second communication data to the second network element;
the first key management center further comprises a second obtaining module, a second generating module and a first sending module, or comprises a second sending module, and a secure channel is established between the first key management center and the second network element, or comprises a third sending module, wherein,
the second obtaining module is configured to obtain a shared key of the second network element, where the shared key of the second network element is used for communication between the first key management center and the second network element;
the second generating module is configured to encrypt and/or protect integrity of the service key by using the shared key of the second network element, and generate a first security protection parameter;
the first sending module is configured to send the first security protection parameter to the second network element, so that the second network element restores the first security protection parameter to the service key according to the shared key, and when the second network element receives the second communication data, the first communication data is restored according to the service key;
the second sending module is configured to send the service key to the second network element through the secure channel;
the third sending module is configured to send the service key to a second key management center, so that the second key management center encrypts and/or integrity-protects the service key and sends the service key to the second network element.
17. The first key management center according to claim 16, wherein the first obtaining module is specifically configured to:
acquiring a first parameter by performing AKA authentication with the first network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
calculating a dependent variable of a first preset key derivation function, wherein a service root key of the first network element comprises the dependent variable of the first preset key derivation function; wherein the argument of said first preset key derivation function comprises said first parameter.
18. The first key management center of claim 16, wherein the first obtaining module is specifically configured to:
receiving a service root key of a first network element sent by a mobile management node (MME), wherein the service root key of the first network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a first network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
19. The first key management center according to any one of claims 16 to 18, wherein the first generation module is specifically configured to:
calculating a dependent variable of a second preset key derivation function, wherein the service key comprises the dependent variable of the second preset key derivation function; the argument of the second preset key derivation function includes the service root key of the first network element and the service parameter.
20. The first key management center according to claim 19, wherein the first key management center further comprises:
a third obtaining module, configured to obtain a service root key of a second network element; the argument of the second preset key derivation function further includes a service root key of the second network element;
a fourth obtaining module, configured to obtain a shared key of a first network element, where the shared key of the first network element is used for communication between the first key management center and the first network element;
a third generating module, configured to encrypt and/or perform integrity protection on the service root key of the second network element by using the shared key of the first network element, so as to generate a second security protection parameter;
a fourth sending module, configured to send the second security protection parameter to the first network element, so that the first network element obtains a service root key of the second network element according to the second security protection parameter, and calculates the service root key according to the service root key of the second network element.
21. The first key management center of claim 16, wherein the first key management center further comprises:
a first receiving module, configured to receive a key request sent by the first network element, the second network element, the gateway, or the server before the first generating module generates a service key according to a service root key of the first network element and the service parameter, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and the service parameter.
22. The first key management center according to claim 16, wherein when the first key management center includes the second obtaining module, the second generating module, and the first sending module, the second obtaining module is specifically configured to:
acquiring a first parameter by performing AKA authentication with the second network element, wherein the first parameter comprises at least one of Kasme, an integrity key and an encryption key;
calculating a dependent variable of a third preset key derivation function, wherein the shared key of the second network element comprises the dependent variable of the third preset key derivation function; wherein an argument of said third preset key derivation function includes said first parameter.
23. The first key management center according to claim 16, wherein when the first key management center includes the second obtaining module, the second generating module, and the first sending module, the second obtaining module is specifically configured to:
receiving a shared key of a second network element sent by an MME, wherein the shared key of the second network element is calculated by the MME through a first parameter, the first parameter is obtained by the authentication of the MME and a second network element AKA, and the first parameter comprises at least one of Kasme, an integrity key and an encryption key.
24. A first network element, comprising:
a first obtaining module, configured to obtain a first parameter by performing AKA authentication, where the first parameter includes at least one of a Kasme, an integrity key, and an encryption key;
a second obtaining module, configured to obtain a service root key of the first network element according to the first parameter;
a third obtaining module, configured to obtain a service parameter, where the service parameter is a parameter in the first service;
a first generating module, configured to generate a service key according to the service root key of the first network element and the service parameter, the service key is used for encrypting and/or integrity protecting communication data in a first service between the first network element and a second network element, the preset method for generating the service key by the first network element according to the service root key and the service parameter is the same as the preset method for generating the service key by the first key management center by adopting the service root key and the service parameter, so that the first network element encrypts and/or integrity-protects the first communication data by using the service key, generates second communication data, and sends the second communication data to the second network element, and when the second network element receives the second communication data, restoring the first communication data according to the service key.
25. The first network element of claim 24, wherein the first generating module is specifically configured to:
calculating a dependent variable of a preset key derivation function, wherein the service key comprises the dependent variable of the preset key derivation function; wherein the argument of the preset key derivation function includes the service root key of the first network element and the service parameter.
26. The first network element of claim 25, wherein the first network element further comprises:
a fourth obtaining module, configured to obtain an identity of the second network element;
the argument of said preset key derivation function further comprises an identity of said second network element.
27. The first network element of claim 24, wherein the first network element further comprises:
a fifth obtaining module, configured to obtain a shared key of a first network element, where the shared key of the first network element is used for communication between the first key management center and the first network element;
the first receiving module is used for receiving a second security protection parameter sent by the first key management center;
a sixth obtaining module, configured to decrypt the second security protection parameter with the shared key of the first network element, and obtain a service root key of a second network element;
the first generating module is specifically configured to generate a service key according to the service root key of the first network element, the service root key of the second network element, and the service parameter.
28. The first network element of claim 24, wherein the first network element further comprises:
a first sending module, configured to send a key request to the first key management center before the first generating module generates a service key according to the service root key of the first network element and the service parameter, where the key request is used to initiate generation of the service key, and the key request includes at least one of an identity of the first network element, an identity of the second network element, and the service parameter.
29. The first network element of claim 28, wherein the first network element further comprises:
a second sending module, configured to send a service request to a service server before the first sending module sends the key request to the first key management center, where the service server is configured to perform service management between the first network element and the second network element;
a second receiving module, configured to receive a response message sent by the service server, where the response message includes at least one of an indicator, an identity of the first network element, an identifier of the second network element, and the service parameter, and the indicator is used to indicate that the first service authorization is successful.
30. The first network element of claim 28, wherein the first network element further comprises:
a third receiving module, configured to receive a service message sent by a service server, a gateway, an MME, or a second network element before the first sending module sends the key request to the first key management center, where the service message includes at least one of an identity of the first network element and an identity of the second network element.
CN201510780029.0A 2015-11-13 2015-11-13 Key distribution, generation and reception method and related device Active CN106714153B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510780029.0A CN106714153B (en) 2015-11-13 2015-11-13 Key distribution, generation and reception method and related device
PCT/CN2016/080649 WO2017080142A1 (en) 2015-11-13 2016-04-29 Key distribution, generation and reception method, and related apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510780029.0A CN106714153B (en) 2015-11-13 2015-11-13 Key distribution, generation and reception method and related device

Publications (2)

Publication Number Publication Date
CN106714153A CN106714153A (en) 2017-05-24
CN106714153B true CN106714153B (en) 2022-06-10

Family

ID=58695661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510780029.0A Active CN106714153B (en) 2015-11-13 2015-11-13 Key distribution, generation and reception method and related device

Country Status (2)

Country Link
CN (1) CN106714153B (en)
WO (1) WO2017080142A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109309566B (en) * 2017-07-28 2021-06-08 中国移动通信有限公司研究院 Authentication method, device, system, equipment and storage medium
CN110417708B (en) * 2018-04-26 2021-04-20 上海华为技术有限公司 Information transmission method and related equipment
CN110830991B (en) * 2018-08-10 2023-02-03 华为技术有限公司 Secure session method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067168A (en) * 2011-10-21 2013-04-24 华为技术有限公司 Method and system of global system for mobile communication (GSM) safety and related equipment
CN104618103A (en) * 2013-11-04 2015-05-13 华为技术有限公司 Key agreement processing method and device
CN104683098A (en) * 2013-11-29 2015-06-03 中国移动通信集团公司 Implementation method, equipment and system of secure communication service
CN104683304A (en) * 2013-11-29 2015-06-03 中国移动通信集团公司 Processing method, equipment and system of secure communication service
CN104935426A (en) * 2014-03-21 2015-09-23 华为技术有限公司 Key negotiation method, user equipment and short-range communication control network element

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102056159B (en) * 2009-11-03 2014-04-02 华为技术有限公司 Method and device for acquiring safe key of relay system
CN102625300B (en) * 2011-01-28 2015-07-08 华为技术有限公司 Generation method and device for key
GB2512595A (en) * 2013-04-02 2014-10-08 Mastercard International Inc Integrated contactless mpos implementation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067168A (en) * 2011-10-21 2013-04-24 华为技术有限公司 Method and system of global system for mobile communication (GSM) safety and related equipment
CN104618103A (en) * 2013-11-04 2015-05-13 华为技术有限公司 Key agreement processing method and device
CN104683098A (en) * 2013-11-29 2015-06-03 中国移动通信集团公司 Implementation method, equipment and system of secure communication service
CN104683304A (en) * 2013-11-29 2015-06-03 中国移动通信集团公司 Processing method, equipment and system of secure communication service
CN104935426A (en) * 2014-03-21 2015-09-23 华为技术有限公司 Key negotiation method, user equipment and short-range communication control network element

Also Published As

Publication number Publication date
WO2017080142A1 (en) 2017-05-18
CN106714153A (en) 2017-05-24

Similar Documents

Publication Publication Date Title
US11700245B2 (en) Key distribution method, key receiving method, first key management system, and first network element
CN107317674B (en) Key distribution and authentication method, device and system
CN107317789B (en) Key distribution and authentication method, device and system
US10742418B2 (en) Authentication method, authentication apparatus, and authentication system
CN106936570B (en) Key configuration method, key management center and network element
CA2496677C (en) Method and apparatus for secure data transmission in a mobile communication system
US11799650B2 (en) Operator-assisted key establishment
JP7248059B2 (en) Network node and communication method
CN113228721B (en) Communication method and related product
CN108809903B (en) Authentication method, device and system
WO2017188895A1 (en) Method and system for authentication with asymmetric key
CN106714153B (en) Key distribution, generation and reception method and related device
US10826688B2 (en) Key distribution and receiving method, key management center, first network element, and second network element
Mathi et al. Prevention of desynchronization attack in 4G LTE networks using double authentication scheme
CN105393567B (en) Method and device for secure transmission of data
Shoniregun TM Daniel Caragata m.
Caragata et al. " Infonomics Society, United Kingdom and Ireland

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant