CN107027117A - A kind of method of dynamic generation root key - Google Patents
A kind of method of dynamic generation root key Download PDFInfo
- Publication number
- CN107027117A CN107027117A CN201610070940.7A CN201610070940A CN107027117A CN 107027117 A CN107027117 A CN 107027117A CN 201610070940 A CN201610070940 A CN 201610070940A CN 107027117 A CN107027117 A CN 107027117A
- Authority
- CN
- China
- Prior art keywords
- root key
- algorithm
- key
- parameter
- terminal iidentification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This application discloses a kind of method of dynamic generation root key, this method is included in the following steps of core net execution:Receive the terminal iidentification that user terminal UE is sent;The terminal iidentification according to receiving determines corresponding static parameter;Using dynamic parameter, the terminal iidentification and the static parameter, the first root key is calculated with predetermined algorithm;The algorithm mark of the dynamic parameter used when calculating first root key and the algorithm is sent to the UE, the UE is set to utilize static parameter, terminal iidentification and the dynamic parameter of its preservation, identifying corresponding algorithm with the algorithm calculates second root key paired with first root key.Present invention effectively prevents the problem of root key easily causes Key Exposure is preserved by software, the security of root key is protected, the labor management to root key and maintenance cost is reduced.
Description
Technical field
The present invention relates to mobile communication technology, more particularly to a kind of method of dynamic generation root key.
Background technology
LTE (Long Term Evolution, Long Term Evolution) is safe and non-access using Access Layer on secure context
Layer two safe floor of safety, its key code system adequately achieves Key-insulated, i.e., on different links and for different mesh
Key it is separate, be that safe key hierarchical Design is more complicated multi-tier systematic structure, i.e. terminal by this system
Calculated first by 1 permanent root key K with core net and obtain 2 cores ciphering key K and IK, then by this 2 cores
Heart ciphering key K and IK produces 1 temporary key Kasme by certain algorithm, spreads out finally by temporary key Kasme
Bear the secondary special sub-key of user data and signaling encryption and integrity protection.As can be seen here, permanent root key K
It is located at the top of spanning tree in key code system, is that core key, temporary key and each this give birth to special sub-key
Basis.
Based on LTE system under SAE (System Architecture Evolution, System Architecture Evolution) framework,
Generally it is made up of terminal, base station, the part of core net three, relative to LTE key code systems, it is necessary to preserve root key K's
Network element includes user terminal (User Equipment, UE) and core net.Core-network side is typically in ownership signing clothes
Being engaged in, device (Home Subscriber Server, HSS) is middle to carry out the storage and protection of root key, and is deposited in terms of terminal
Storage root key K method has following two kinds:
(1) hardware based storage mode
Hardware based storage mode includes two ways, and a kind of is that root key K is stored in independently of terminal device
In hardware USIM (Universal Subscriber Identity Module, USIM) cards, USIM
Block operator and key programming is carried out to usim card by specific equipment;Another is hard using extra special key
Part connects terminal device, and terminal generates root key by the hardware in use.
(2) storage mode based on software
Root key is mainly stored in the nonvolatile memory of terminal inner in terminal by the storage mode based on software
In the nonvolatile memory in portion, root key can carry out flexible read-write operation by software program.
For terminal root key by the storage mode of hardware, be characterized in that terminal needs to load extra hardware to enter
The storage and protection of row root key, root key information need to carry out programming operation ability by special equipment or interface
Preserve within hardware, terminal and user are only capable of obtaining the core key derived by root key in the hardware, so as to protect
The security of mulch key.Due to needing to be additionally provided usim card or key hardware, the program requires network operation
Side provides special hair fastener department and carries out operation maintenance to card, also requires that the terminal device of user is provided specially
Usim card groove or hardware connecting interface, are generally more appropriate for the operation of public network operator and the handheld terminal of standard is set
It is standby.And will be increased greatly there is provided the management of extra usim card and operation for increasing trade Special Network user
Plus the complexity of existing system and safeguard complexity.The form of other private network terminal is varied, can not ensure institute first
There is terminal form to provide usim card groove, secondly in some special industries, such as high ferro track traffic,
Need the stable connection sex chromosome mosaicism of consideration usim card and neck.
For terminal root key by the storage mode of software, be characterized in that terminal writes root key information in terminal
The nonvolatile memory in portion, can be written and read operation by software program to the information in memory.The program is fitted
Together in the terminal device without usim card and additional keys hardware, that is applied in trade Special Network is relatively broad.But
The root key for being due to each terminal can not be identical, different roots is either previously implanted in the production process of terminal close
Still rear scene is implanted into root key to key in terminal reaches client's hand, then the generation and management of root key certainly exist people
For factor, this can bring the security of root key to protect hidden danger, can also be brought to production firm and client than larger
Management and maintenance work.Further, since root key can easily be read and write by software program, it might even be possible to by dividing
Analyse memory content to obtain root key information, further bring threat for security.
The content of the invention
In view of this, it is a primary object of the present invention to provide a kind of method and system of dynamic generation root key, to solve
The problem of root key easily causes Key Exposure is certainly preserved by software.
In order to achieve the above object, technical scheme proposed by the present invention is:
A kind of method of dynamic generation root key, this method is included in the following steps of core net execution:
Receive the terminal iidentification that user terminal UE is sent;
The terminal iidentification according to receiving determines corresponding static parameter;
Using dynamic parameter, the terminal iidentification and the static parameter, the first root key is calculated with predetermined algorithm;
The algorithm mark of the dynamic parameter used when calculating first root key and the algorithm is sent to institute
UE is stated, the UE is utilized Public Key, terminal iidentification and the dynamic parameter of its preservation, is calculated with described
Method identifies corresponding algorithm and calculates second root key paired with first root key.
A kind of system of dynamic generation root key, the system includes:
This method is included in the following steps of user terminal UE execution:
The terminal iidentification of the machine is sent to core net, makes the core net according to static state corresponding with the terminal iidentification
Parameter calculates the first root key;
Receive the core net and calculate the dynamic parameter used during first root key and the algorithm mark of algorithm;
Using the terminal iidentification of the machine, the static parameter that the machine is preserved and the dynamic parameter received, with institute
State algorithm and identify corresponding algorithm calculating second root key paired with first root key.
In summary, the invention provides a kind of method of dynamic generation root key, in this method, core net, which is received, to be used
The terminal iidentification that family terminal is sent, and corresponding static parameter is determined according to the terminal iidentification, according to the user terminal
Terminal iidentification, dynamic parameter and corresponding static parameter, the first root key is calculated with predetermined algorithm, then will be calculated
The dynamic parameter of first root key and the algorithm mark of algorithm are sent to user terminal so that user terminal is preserved using it
Terminal iidentification, static parameter and the dynamic parameter received, corresponding algorithm is identified by the algorithm that receives in terms of
Calculate second root key paired with the first root key, the present invention by user terminal and core net preset unification it is quiet
State parameter, during each core network access of user terminal, is distinguished with static parameter in user terminal and core net
The root key that the dynamic generation user terminal is exclusively enjoyed, realizes that each user terminal obtains the requirement of different root keys, and in fact
Now the security to root key is protected.
Brief description of the drawings
Fig. 1 is the flow chart of the inventive method embodiment one;
Fig. 2 is the flow chart that core net of the present invention calculates the first root key embodiment;
Fig. 3 is the flow chart of the inventive method embodiment two;
Fig. 4 is the flow chart of the inventive method embodiment three.
Embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing and specific implementation
The present invention is described in further detail for example.
The process for generating root key is combined by the present invention with authentication process, is distinguished in UE sides and core-network side
Dynamic generation root key, effectively prevent and easily cause the problem of root key is revealed by software preservation root key,
The security of root key is protected, labor management and maintenance to root key is reduced.
Using technical solution of the present invention, it is necessary to preserve the static parameter for dynamic calculation root key in UE in advance,
And UE terminal iidentification and the corresponding relation of static parameter are pre-saved in the core network.
In the present invention, static parameter is to be pre-stored in UE and core net, used when dynamically calculating root key
The changeless parameter arrived, i.e. UE has pre-saved unified static parameter with core net.UE static state
Parameter can be preset in UE nonvolatile memory, UE in UE production process by production firm
, it is necessary to user's subscribed services device (HSS) in the core network in client's hand is reached and before preparing to come into operation
In pre-save the corresponding relation of the static parameter preserved in the terminal iidentification and UE of the UE.Preferably, it is static
Parameter can be Public Key, different UE Public Key can with identical, can also according to UE production batch,
All UE per batch use same Public Key.Public Key can be disclosed, and can be printed on Public Key
In UE surfaces or specification.The present invention only limits Public Key and the core net preservation and the UE that UE is preserved
The corresponding Public Key of terminal iidentification it is identical, whether Public Key that each UE is preserved identical to be not construed as limiting.
Dynamic parameter is each core network access of UE, when core net calculates root key for static parameter
The parameter of dynamic generation, it does not have static parameter dynamic calculation root during any core network access of UE
Characteristic constant during key, it is preferable that dynamic parameter can be random number, and/or authentication parameter, example
Such as SQN (Sequence Number, sequence number).
Because static parameter and dynamic parameter are that those skilled in the art are readily appreciated that with reference to technical solution of the present invention
Concept, will not enumerate herein.
Embodiment one
Fig. 1 is the flow chart of the embodiment of the present invention, as described in Figure 1, and the present embodiment is included in core net execution
Following steps:
Step 101:Receive the terminal iidentification that user terminal UE is sent.
In this step, core net receives the terminal iidentification that UE is sent, and the terminal iidentification is carried in request message.
Wherein, UE terminal iidentification energy unique mark UE, it is preferable that can be recognized with international mobile subscriber
Code (International Mobile Subscriber Identification Number, IMSI) is used as UE's
Terminal iidentification.
Step 102:The terminal iidentification according to receiving determines corresponding static parameter.
In this step, core net determines corresponding static parameter according to the UE received terminal iidentification, specifically,
Core net has pre-saved UE terminal iidentification and the mapping table of static parameter before step 101, receives
To after UE terminal iidentification, the terminal iidentification pre-saved is searched according to the terminal iidentification corresponding with static parameter
Relation table, so that it is determined that corresponding static parameter.
Step 103:Using dynamic parameter, the terminal iidentification and the static parameter, calculated with predetermined algorithm
First root key.
In this step, core net dynamic generation dynamic parameter, and by the dynamic parameter of generation, the terminal received
The corresponding static parameter for identifying and determining is inputted as algorithm, and the first root key is calculated with predetermined algorithm.
Core-network side preserves at least one algorithm, and every kind of algorithm is to that should have unique algorithm mark.How core net determines
Which kind of algorithm to calculate the first root key with is not emphasis of the present invention, be will not be repeated here.
In this step, core net needs to complete two functions, and one is the generation for completing dynamic parameter, and two be first
The calculating of root key.First root key is calculated according to algorithms of different, two functions might have overlapping, such as Fig. 2
Shown, Fig. 2 is the dynamic parameter in a kind of exemplary embodiments that core net calculates the first root key, the embodiment
It is including random number TK (TempKey, temporary key) and authentication parameter SQN, wherein random number TK
Obtained by original random number RAND and the UE corresponding static parameter of terminal iidentification by f5 algorithmic transformations,
SQN is standard authentication authentication parameter, and the algorithm that the present embodiment the first root key of calculating is used is KDF (Key
Derivation Function, key export algorithm) algorithm, wherein the input data of KDF algorithms include terminal mark
Knowledge, dynamic parameter TK and SQN, static parameter, output data is the first root key.
Step 104:By the dynamic parameter and the algorithm of the algorithm that are used when calculating first root key
Mark is sent to the UE, the UE is utilized the static parameter and the dynamic parameter of its preservation, with
The algorithm identifies corresponding algorithm and calculates second root key paired with first root key.
In this step, the dynamic parameter and the algorithm of algorithm that core net uses the first root key of calculating, which are identified, to be sent
To UE so that static parameter, terminal iidentification and the dynamic parameter received that UE is preserved using itself, to calculate
Method identifies corresponding algorithm and calculates second root key paired with the first root key.
Still by Fig. 2 calculate the first root key embodiment exemplified by, core net by dynamic parameter (TK, SQN),
The algorithm mark of KDF algorithms is sent to UE so that UE determines to calculate the according to the algorithm of KDF algorithms mark
The algorithm (being equally KDF algorithms) of two root keys, and utilize the static parameter, local terminal mark itself preserved
The dynamic parameter (TK, SQN) known and received, the second root key is calculated with KDF algorithms.
Further, core net identifies the dynamic parameter and the algorithm of algorithm that are used when calculating the first root key
It is carried in confirmation message and is sent to UE.
Because UE and core net are when calculating root key, the algorithm of use is identical, algorithm input, i.e. static parameter,
Dynamic parameter, UE terminal iidentification all same, thus UE the second root key and the core net that calculate calculate the
One root key is identical.
Further, the dynamic parameter and the algorithm of algorithm that are used when calculating the first root key are identified and sent out by core net
Deliver to before UE, own key system is set up according to the first root key calculated in step 103, wherein, itself
Key code system is the whole general name for adhering to a whole set of key being related in operation flow specified in agreement, specific bag
Include:Core net calculates according to the first root key and obtains 2 cores ciphering key K1 and IK1, then by this 2 two cores
Heart ciphering key K1 and IK1 produces a temporary key Kasme1 by certain algorithm, finally by temporary key
Kasme1 derives the secondary special sub-key of user data, signaling encryption and integrity protection.Core-network side
After the completion of key code system is set up, the first root key for calculating and obtaining is deleted.Because root key is that whole key code system is set up
It is basic, storage root key can bring root key security protect hidden danger, increase security risk.Due to the present invention's
First root key has dynamic, and has been successfully established whole key code system according to the first root key of generation, therefore
The first root key for calculating and obtaining is deleted, the security of whole system can be caused to greatly improve.Attacker can not steal
One root key, also can not just crack other keys in whole key code system.
Embodiment two
Fig. 3 is another embodiment of the present invention, as described in Figure 3, and the present embodiment is included in user terminal UE execution
Following steps:
Step 301:The terminal iidentification of the machine is sent to core net, make the core net according to the terminal iidentification
Corresponding static parameter calculates the first root key.
In this step, the authentication process between UE initiations and core net is embodied in, by the terminal mark of the machine
Know and send to core net so that core net calculates the first root key according to static parameter corresponding with the terminal iidentification.
Wherein, the step of core net calculates the first root key is referred in embodiment one, and here is omitted.
In actual realization, the terminal iidentification mode that UE can carry the machine by request message sends out the terminal iidentification of the machine
Deliver to core net.
Step 302:Receive the calculation that the core net calculates the dynamic parameter used during first root key and algorithm
Method is identified.
In this step, UE receives core net and calculates the dynamic parameter used during the first root key and the algorithm mark of algorithm.
Wherein, dynamic parameter is the parameter of core net this authentication process dynamics generation initiated for UE.
Specifically, the dynamic parameter and algorithm mark that UE is received are carried in confirmation message.
Step 303:Utilize the terminal iidentification of the machine, the static parameter that the machine is preserved and the dynamic received
Parameter, identifies corresponding algorithm with the algorithm and calculates second root key paired with first root key.
In this step, UE receives the algorithm mark of the algorithm for the root key of calculating first that core net is sent, and UE sides
Algorithm mark and algorithm are pre-saved with shadow relation, the algorithm sent according to core net is identified, and UE can be determined
Go out the algorithm and identify corresponding algorithm, while being also that core net calculates the algorithm that the first root key is used.
Meanwhile, UE sides have pre-saved static parameter, identical with the corresponding static parameter that core net is determined.
The terminal iidentification, the static parameter that the machine is preserved and the dynamic parameter received of the machine are recycled, to determine
Algorithm the second root key of calculating gone out, the algorithm used due to UE the second root keys of calculating, the input data of the algorithm
(terminal iidentification, static parameter, dynamic parameter) calculates the algorithm and input number that the first root key is used with core net
According to identical, therefore the second root key is identical with the first root key.
Further, after UE calculates the second root key, own key body is set up according to the second root key calculated
System, own key system is specifically included:UE is calculated according to the second root key and is obtained 2 cores ciphering key K1 and IK1,
One temporary key Kasme1 is produced by certain algorithm by this 2 two core ciphering key K1 and IK1 again, finally by facing
When key Kasme1 derive the secondary special sub-key of user data, signaling encryption and integrity protection.UE sides
After the completion of key code system is set up, the second root key for calculating and obtaining is deleted.Because the second root key is whole key code system
That sets up is basic, and the second root key of storage can bring the security of the second root key to protect hidden danger, increase security risk.
Because the second root key of the present invention has a dynamic, and it has been successfully established according to the second root key of generation whole close
Key system, therefore the second root key for calculating and obtaining is deleted, the security of whole system can be caused to greatly improve.Attack
Person can not steal the second root key, also can not just crack other keys in whole key code system.
Embodiment three
Fig. 4 is the flow chart of the present embodiment, as shown in figure 4, comprising the following steps:
Step 401:UE sends the request message for carrying the machine IMSI to core net.
Step 402:Core net receives request message, and the IMSI carried according to request message determines corresponding Public Key.
Step 403:Core net dynamic generation original random number R1, R1 and IMSI is calculated by f5 algorithms and obtained
Random number TK1, and determine another dynamic parameter SQN.
Step 404:Using TK1, SQN, the IMSI received and the Public Key determined, with KDF algorithms
Calculate the first root key.
Step 405:The first root key obtained according to calculating sets up own key system.
Step 406:Delete the first root key.
Step 407:Confirmation message is sent to UE, the confirmation message carries the algorithm of TK1, SQN and KDF algorithm
Identify S.
Step 408:UE receives confirmation message, and the algorithm mark S carried according to confirmation message determines corresponding KDF
Algorithm, and TK1, the SQN carried using the machine IMSI, the Public Key itself preserved and confirmation message, to determine
The KDF algorithms gone out calculate the second root key.
Step 409:The second root key obtained according to calculating sets up own key system.
Step 410:Delete the second root key.
In the present embodiment, UE pre-saves Public Key, and core net pre-saves the IMSI and Public Key of the UE
Corresponding relation, after core net receives the request message of UE transmissions, the IMSI carried according to request message is determined
Corresponding Public Key, by UE IMSI, the corresponding Public Key determined, the dynamic parameter generated, with pre-
Fixed algorithm calculates the first root key, and sets up own key system according to the first root key, deletes the first root key,
The dynamic parameter and the algorithm mark of algorithm that the first root key of calculating is used afterwards are sent to UE so that UE is according to calculation
Method mark determines corresponding algorithm, and using itself IMSI, the Public Key preserved, the dynamic parameter received, with
The algorithm determined calculates the second root key, and sets up own key system according to the second root key, finally deletes second
Root key.When starting authentication process every time between UE and core net, it is required to complete the dynamic of a root key
Generating process, because the generation of root key employs dynamic parameter, so the root key generated every time is dynamic, it is real
One-time pad is showed.
Core net and UE in technical solution of the present invention are each according to static parameter, dynamic parameter, terminal iidentification and pre-
Fixed Dynamic building algorithm root key, then respective key code system is set up with the root key of dynamic generation, and delete generation
Root key, effectively prevent and preserve the problem of root key easily causes Key Exposure by software, protect root key
Security, reduces the labor management to root key and maintenance cost.
In summary, presently preferred embodiments of the present invention is these are only, is not intended to limit the scope of the present invention.
Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., should be included in this
Within the protection domain of invention.
Claims (9)
1. a kind of method of dynamic generation root key, it is characterised in that this method is included in the following step of core net execution
Suddenly:
Receive the terminal iidentification that user terminal UE is sent;
The terminal iidentification according to receiving determines corresponding static parameter;
Using dynamic parameter, the terminal iidentification and the static parameter, the first root key is calculated with predetermined algorithm;
The algorithm mark of the dynamic parameter used when calculating first root key and the algorithm is sent to institute
UE is stated, the UE is utilized static parameter, terminal iidentification and the dynamic parameter of its preservation, is calculated with described
Method identifies corresponding algorithm and calculates second root key paired with first root key.
2. according to the method described in claim 1, it is characterised in that the terminal iidentification received is carried on request
In message, also, the dynamic parameter and algorithm mark are carried in confirmation message and sent to the UE.
3. according to the method described in claim 1, it is characterised in that receiving the terminal mark that user terminal UE is sent
Before knowledge, this method further comprises:Set up terminal iidentification and the corresponding relation of static parameter, to determine with it is described
The corresponding static parameter of terminal iidentification.
4. according to the method described in claim 1, it is characterised in that by the dynamic parameter and the algorithm mark
Know and send to before the UE, this method further comprises:
First root key according to calculating sets up own key system;
Delete first root key.
5. according to the method described in claim 1, it is characterised in that the static parameter is preferably Public Key.
6. method according to claim 5, it is characterised in that the dynamic parameter includes random number, and/or
Authentication parameter.
7. a kind of method of dynamic generation root key, it is characterised in that this method is included in user terminal UE execution
Following steps:
The terminal iidentification of the machine is sent to core net, makes the core net according to static state corresponding with the terminal iidentification
Parameter calculates the first root key;
Receive the core net and calculate the dynamic parameter used during first root key and the algorithm mark of algorithm;
Using the terminal iidentification of the machine, the static parameter that the machine is preserved and the dynamic parameter received, with institute
State algorithm and identify corresponding algorithm calculating second root key paired with first root key.
8. method according to claim 7, it is characterised in that the terminal iidentification is carried in request message and sent out
The core net is sent, also, the dynamic parameter received and algorithm mark are carried in confirmation message.
9. method according to claim 7, it is characterised in that after second root key is calculated, should
Method further comprises:
Second root key according to calculating sets up own key system;
Delete second root key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610070940.7A CN107027117A (en) | 2016-02-02 | 2016-02-02 | A kind of method of dynamic generation root key |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610070940.7A CN107027117A (en) | 2016-02-02 | 2016-02-02 | A kind of method of dynamic generation root key |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107027117A true CN107027117A (en) | 2017-08-08 |
Family
ID=59523877
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610070940.7A Pending CN107027117A (en) | 2016-02-02 | 2016-02-02 | A kind of method of dynamic generation root key |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107027117A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109218325A (en) * | 2017-08-11 | 2019-01-15 | 华为技术有限公司 | Data completeness protection method and device |
CN115379445A (en) * | 2022-08-23 | 2022-11-22 | 中国联合网络通信集团有限公司 | Key derivation method and device, and network equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1783777A (en) * | 2004-12-02 | 2006-06-07 | 华为技术有限公司 | Enciphering method and system for fixing communication safety and data and fixing terminal weight discriminating method |
CN101072104A (en) * | 2006-05-09 | 2007-11-14 | 美国博通公司 | Method and system for command authentication to achieve a secure interface |
CN101174942A (en) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | Method and system for implementing cryptographic key protection |
CN101511084A (en) * | 2008-02-15 | 2009-08-19 | 中国移动通信集团公司 | Authentication and cipher key negotiation method of mobile communication system |
CN101990201A (en) * | 2009-07-31 | 2011-03-23 | 中国移动通信集团公司 | Method, system and device for generating general bootstrapping architecture (GBA) secret key |
CN102083064A (en) * | 2009-11-26 | 2011-06-01 | 大唐移动通信设备有限公司 | Method and system for strengthening flexibility of key derivation algorithms |
CN103067168A (en) * | 2011-10-21 | 2013-04-24 | 华为技术有限公司 | Method and system of global system for mobile communication (GSM) safety and related equipment |
-
2016
- 2016-02-02 CN CN201610070940.7A patent/CN107027117A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1783777A (en) * | 2004-12-02 | 2006-06-07 | 华为技术有限公司 | Enciphering method and system for fixing communication safety and data and fixing terminal weight discriminating method |
CN101072104A (en) * | 2006-05-09 | 2007-11-14 | 美国博通公司 | Method and system for command authentication to achieve a secure interface |
CN101174942A (en) * | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | Method and system for implementing cryptographic key protection |
CN101511084A (en) * | 2008-02-15 | 2009-08-19 | 中国移动通信集团公司 | Authentication and cipher key negotiation method of mobile communication system |
CN101990201A (en) * | 2009-07-31 | 2011-03-23 | 中国移动通信集团公司 | Method, system and device for generating general bootstrapping architecture (GBA) secret key |
CN102083064A (en) * | 2009-11-26 | 2011-06-01 | 大唐移动通信设备有限公司 | Method and system for strengthening flexibility of key derivation algorithms |
CN103067168A (en) * | 2011-10-21 | 2013-04-24 | 华为技术有限公司 | Method and system of global system for mobile communication (GSM) safety and related equipment |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109218325A (en) * | 2017-08-11 | 2019-01-15 | 华为技术有限公司 | Data completeness protection method and device |
CN109218325B (en) * | 2017-08-11 | 2020-03-10 | 华为技术有限公司 | Data integrity protection method and device |
US11025645B2 (en) | 2017-08-11 | 2021-06-01 | Huawei Technologies Co., Ltd. | Data integrity protection method and apparatus |
US11818139B2 (en) | 2017-08-11 | 2023-11-14 | Huawei Technologies Co., Ltd. | Data integrity protection method and apparatus |
CN115379445A (en) * | 2022-08-23 | 2022-11-22 | 中国联合网络通信集团有限公司 | Key derivation method and device, and network equipment |
CN115379445B (en) * | 2022-08-23 | 2024-05-14 | 中国联合网络通信集团有限公司 | Key derivation method and device and network equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
RU2480925C2 (en) | Generation of cryptographic key | |
CN103873487B (en) | A kind of household based on the safe suspension member of intelligent home device trusts the implementation method of networking | |
CN102170636B (en) | Methods and devices for computing shared encryption key | |
Diez et al. | Toward self-authenticable wearable devices | |
US20180034635A1 (en) | GPRS System Key Enhancement Method, SGSN Device, UE, HLR/HSS, and GPRS System | |
CN108848495B (en) | User identity updating method using preset key | |
CN102238146A (en) | Authentication method, device, authentication center and system | |
CN101237444B (en) | Secret key processing method, system and device | |
PT1432271E (en) | Integrity check in a communication system | |
CN108683510A (en) | A kind of user identity update method of encrypted transmission | |
CN110505055B (en) | External network access identity authentication method and system based on asymmetric key pool pair and key fob | |
CN103888938A (en) | PKI private key protection method of dynamically generated key based on parameters | |
CN104219650B (en) | Send the method and user equipment of user's ID authentication information | |
CN110121196B (en) | Security identifier management method and device | |
WO2016188053A1 (en) | Wireless network access method, device, and computer storage medium | |
CN105141629B (en) | A kind of method for lifting public Wi Fi internet securities based on the more passwords of WPA/WPA2 PSK | |
CN108683690A (en) | Method for authenticating, user equipment, authentication device, authentication server and storage medium | |
CN101039181B (en) | Method for preventing service function entity of general authentication framework from attack | |
CN103313242A (en) | Secret key verification method and device | |
CN107196917A (en) | A kind of service response method and its middleware | |
CN108768635A (en) | A kind of cipher mark administrative model and method suitable for Internet of things system | |
CN101990201B (en) | Method, system and device for generating general bootstrapping architecture (GBA) secret key | |
CN106465109A (en) | Cellular network authentication | |
CN104468626A (en) | System and method for achieving wireless authentication encryption of mobile terminal | |
CN101895881A (en) | Method for realizing GBA secret key and pluggable equipment of terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170808 |
|
RJ01 | Rejection of invention patent application after publication |