CN108683510A - A kind of user identity update method of encrypted transmission - Google Patents

A kind of user identity update method of encrypted transmission Download PDF

Info

Publication number
CN108683510A
CN108683510A CN201810482379.2A CN201810482379A CN108683510A CN 108683510 A CN108683510 A CN 108683510A CN 201810482379 A CN201810482379 A CN 201810482379A CN 108683510 A CN108683510 A CN 108683510A
Authority
CN
China
Prior art keywords
supi
user
user identity
identity
rand
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810482379.2A
Other languages
Chinese (zh)
Other versions
CN108683510B (en
Inventor
冯程
叶琅
罗维
刘畅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Data Communication Institute Of Science And Technology
XINGTANG COMMUNICATIONS CO Ltd
Original Assignee
Data Communication Institute Of Science And Technology
XINGTANG COMMUNICATIONS CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Data Communication Institute Of Science And Technology, XINGTANG COMMUNICATIONS CO Ltd filed Critical Data Communication Institute Of Science And Technology
Priority to CN201810482379.2A priority Critical patent/CN108683510B/en
Publication of CN108683510A publication Critical patent/CN108683510A/en
Application granted granted Critical
Publication of CN108683510B publication Critical patent/CN108683510B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a kind of user identity update methods of encrypted transmission, belong to user identity update method field, solve the problems, such as to impact user's charging etc. after the prior art can not prevent the access zone network of malice from taking user identity, there are access zone network since user's permanent identity caused by safety problem itself is revealed.A kind of user identity update method of encrypted transmission receives the user that user terminal is sent and hides identity SUCI;According to the SUCI received, calculates and cache shared master key;Decryption SUCI obtains user identity SUPI, and new user identity SUPI_n is obtained according to the SUPI;Authentication vector AV is generated using shared master key and SUPI_n;AUTN, RAND in the authentication vector is sent to user terminal, feedback information is calculated by user terminal;Judge whether that the authentication is passed according to client feeds back information, if the authentication is passed, update user identity SUPI is SUPI_n.The user identity that realizes encrypted transmission is online, user is noninductive, high efficiency, the update method of the low system reform.

Description

A kind of user identity update method of encrypted transmission
Technical field
The present invention relates to user identity update method field more particularly to a kind of user identity update sides of encrypted transmission Method.
Background technology
In 3G and 4G mobile communication system, when user is attached to cell, user needs to report permanently with clear-text way Identity (IMSI) gives base station, and base station returns to ownership place Identity Management equipment (HLR/HSS).Ownership place is looked for by user identity Long term keys (Ki) are sought, authentication process is started.Since user identity eating dishes without rice or wine to be transmitted with clear-text way, there are quilts The possibility of eavesdropping.
In 5G, in order to solve the Privacy Protection of user identity, user's permanent identity (SUPI) of 5G by using ECIES (elliptic curve confidentiality and integrity protected mode) arranging keys are simultaneously encrypted, and are eating dishes without rice or wine to hide identity with user (SUCI) mode is transmitted, and user identity is avoided to eat dishes without rice or wine directly to be ravesdropping, and user hides identity and decrypted in user identity Decryption in function (SIDF).In the roaming mode, after completing authentication, the user data management (UDM) of belonging area network/ Service Ticket storage and processing function (ARPF) will derive KSEAFAnd by user's permanent identity SUPI and KSEAFIt is sent to visit together The safe anchor point function (SEAF) of ground network.Network security anchor point (SEAF) will use KSEAFContinue to derive with parameters such as SUPI The keys such as KAMF provide the key of the confidentiality and integrity protection algorism of Non-Access Stratum (NAS) and access layer (AS).In UDM, Interim shared key (Ephemeral shared key) is negotiated using the private key of network and the temporary public key of user, and according to Identical process can calculate encryption key and tegrity protection key.Therefore, SIDF/UDM can calculate the true of user Real permanent identity SUPI.
Using elliptic curve cryptography, the protection for user's permanent identity is realized, avoids eating dishes without rice or wine to intercept and capture user's body Part.But user's charging etc. is impacted after can not preventing the access zone network of malice from taking user identity;There is also visits The problem of ground network is revealed due to user's permanent identity caused by safety problem itself.Incredible network is being had accessed, or In the case that system thinks that user identity has exposure, then user identity is needed replacing.It is a kind of protection identity to replace SIM card Mode, but it is very inconvenient, and also cost is higher.
Invention content
In view of above-mentioned analysis, the present invention is intended to provide a kind of user identity update method of encrypted transmission, to solve The prior art can not prevent the access zone network of malice from taking user identity after to user's charging etc. impacts, there are visited places The problem of network is revealed due to user's permanent identity caused by safety problem itself.
The purpose of the present invention is mainly achieved through the following technical solutions:
A kind of user identity update method of encrypted transmission,
It receives the user that user terminal is sent and hides identity SUCI;
According to the SUCI received, calculates and cache shared master key Kmaster
Decryption SUCI obtains user identity SUPI, and new user identity SUPI_n is obtained according to the SUPI;
Use shared master key KmasterAuthentication vector AV is generated with SUPI_n;
AUTN, RAND in the authentication vector is sent to user terminal, feedback information is calculated by user terminal;
Judge whether that the authentication is passed according to client feeds back information, if the authentication is passed, update user identity SUPI is SUPI_ n。
The present invention has the beneficial effect that:The user identity update method of encrypted transmission provided by the invention, can dispatch and Distributing user identity generates the random number used in authentication vector using new user identity, and generates and replace what identity used Authentication vector.The method of the invention can solve after the prior art can not prevent the access zone network of malice from taking user identity User's charging etc. is impacted, there are access zone network since user's permanent identity leakage caused by safety problem itself is asked The problem of topic.
On the basis of said program, the present invention has also done following improvement:
Further, further include that update XRES generates XRES*;The feedback information calculated by user terminal is RES*;
The RES* and XRES* for comparing user terminal transmission, if unanimously, the authentication is passed.
Advantageous effect using above-mentioned further scheme is:By comparing user terminal send RES* and XRES*, if one It causes, the authentication is passed;It provides one kind and completing the newer method of user identity under interaction scenario successively.
Further, the feedback information calculated by user terminal is AUTS, if the SQN in AUTS is verified, and AUTS In MAC-S it is consistent with the MAC in AUTN, then the authentication is passed.
Advantageous effect using above-mentioned further scheme is:Relevant information is directly carried using AUTS directly judges user's body Whether part is updated successfully, and provides another completion newer method of user identity.
Further, the RAND acquisitions step includes:
Utilize shared master key Kmaster, preceding first use user identity SUPI_p, current user identities SUPI, generate Shared key Ksh,
Use KshConfidentiality and integrity protection is carried out to SUPI_n, obtains RAND.
Advantageous effect using above-mentioned further scheme is:A kind of method obtaining RAND is provided, convenient for this field Technical staff's method according to the present invention obtains RAND.
Further, the RAND acquisitions step includes:
A random number rand is generated, K is utilizedmaster, preceding first use user identity SUPI_p, current user identities SUPI generates shared key Ksh,
Use KshConfidentiality and integrity protection is carried out to SUPI_n, the bit stream of regular length is generated together with rand, As RAND.
Advantageous effect using above-mentioned further scheme is:Another method for obtaining RAND is provided, this field is convenient for Technical staff's method according to the present invention obtain RAND.
In another embodiment, a kind of user identity update method of encrypted transmission is disclosed,
It generates user and hides identity SUCI, and send SUCI to network-side;
Receive AUTN, RAND of network-side feedback;
XMAC is generated using preset key and RAND, if XMAC is consistent with the MAC in AUTN, network passes through user authentication;
Decryption obtains new user identity SUPI_n,
Feedback information is calculated according to AUTN, RAND and is sent to network-side.
The present invention has the beneficial effect that:The user identity update method of encrypted transmission provided by the invention, can dispatch and Distributing user identity generates the random number used in authentication vector using new user identity, and generates and replace what identity used Authentication vector.The method of the invention can solve after the prior art can not prevent the access zone network of malice from taking user identity User's charging etc. is impacted, there are access zone network since user's permanent identity leakage caused by safety problem itself is asked The problem of topic.User terminal and network-side can be completed at the same time two-way authentication and the replacement of user identity, not increase additional information Interaction.
Further, the decryption obtains new user identity SUPI_n and includes:
Use shared master key Kmaster, preceding first use user identity SUPI_p, current user identities SUPI, generate Shared key Ksh, utilize KshSUPI_n is calculated, completeness check is carried out to SUPI_n, if passing through, decryption obtains new use Family identity SUPI_n;Update SUPI_p is SUPI, and update SUPI is SUPI_n.
Advantageous effect using above-mentioned further scheme is:The mistake of new user identity SUPI_n is obtained by providing decryption Journey can decrypt in the case where possessing threshold value key and obtain new user identity SUPI_n, have good concealment, institute The method of stating should be readily appreciated that and realize.
Further, the feedback information is RES*,
RES* obtains step:
Initial R ES* is generated using preset key and RAND;
New RES_n* is generated according to the protocol rule with network-side using SUPI_n and Initial R ES*, as final RES*。
Advantageous effect using above-mentioned further scheme is:Using RES* as feedback information, provides one kind and once handing over The newer method of user identity is completed in the case of mutually.
Further, the feedback information is AUTS, and AUTS obtaining steps include:
Pressure thinks that SQN is asynchronous,
AUTS is calculated and updates the MAC-S in AUTS,
Updated MAC-S is generated by SUPI_n and initial MAC-S according to the agreement of network-side.
Advantageous effect using above-mentioned further scheme is:Using AUTS as feedback information, provides another completion and use The newer method of family identity.
In another embodiment, a kind of user identity update method of encrypted transmission is provided, network-side and user are utilized The two-way interactive at end completes user identity more new task jointly.
The present invention has the beneficial effect that:The user identity update method of encrypted transmission provided by the invention, can dispatch and Distributing user identity generates the random number used in authentication vector using new user identity, and generates and replace what identity used Authentication vector.The method of the invention can solve after the prior art can not prevent the access zone network of malice from taking user identity User's charging etc. is impacted, there are access zone network since user's permanent identity leakage caused by safety problem itself is asked The problem of topic.
It in the present invention, can also be combined with each other between above-mentioned each technical solution, to realize more preferred assembled schemes.This Other feature and advantage of invention will illustrate in the following description, also, certain advantages can become from specification it is aobvious and It is clear to, or understand through the implementation of the invention.The purpose of the present invention and other advantages can by specification, claims with And it realizes and obtains in specifically noted content in attached drawing.
Description of the drawings
Attached drawing is only used for showing the purpose of specific embodiment, and is not considered as limitation of the present invention, in entire attached drawing In, identical reference mark indicates identical component.
Fig. 1 is user identity renewal process schematic diagram;
The user identity renewal process schematic diagram that Fig. 2 is feedback information when being RES*.
Specific implementation mode
Specifically describing the preferred embodiment of the present invention below in conjunction with the accompanying drawings, wherein attached drawing constitutes the application part, and It is used to illustrate the principle of the present invention together with embodiments of the present invention, be not intended to limit the scope of the present invention.
Embodiment 1
One embodiment of the present of invention 1, discloses a kind of user identity update method of encrypted transmission, and this method is applied to Network side, the network element being related to include SEAF (SEcurity Anchor Function, network security anchor point function), AUSF (Authentication ServerFunction, authentication service function) and UDM (Unified Data Management, system One data management platform)..As shown in Figure 1, including the following steps:
Step S1, it receives the user that user terminal is sent and hides identity SUCI (SUbscriber Concealed Identity, user hide identity);
The step includes:
According to 3GPP normal process, in attachment, receives the user that user terminal is sent and hide identity SUCI;
According to 3GPP normal process, SEAF initiates authentication request, starts verification process.By SUCI and network name The AUSF for claiming information such as (SN-name) to be sent to belonging area network;
According to 3GPP normal process, the information such as SUPI, SN-name are sent to UDM by the AUSF of belonging area network.
Step S2, it according to the SUCI received, calculates and caches shared master key Kmaster
Step S3, decryption SUCI obtains user identity SUPI, and new user identity SUPI_n is obtained according to the SUPI;
The step includes:
Use ECIES (Elliptic Curve Integrate Encrypt Scheme, the elliptic curve of 3GPP standards Confidentiality and integrity protected mode) process, SUCI is decrypted, new user identity SUPI_n is obtained.
Step S4, using shared master key KmasterAuthentication vector AV is generated with SUPI_n (AuthenticationVector), AV include AUTN (AuthenticationToken, authentication token), RAND (random number), XRES (Expected Response, expected response), CK (Cipher Key, encryption key), IK (Integrity Key, it is complete Whole property protects key);;
Parameter RAND in AV obtains step:
A random number rand is generated, K is utilizedmaster, preceding first use user identity SUPI_p, current user identities SUPI generates shared key Ksh
Those skilled in the art should be understood that, shared key KshExisting various ways may be used to generate, Such as hash, details are not described herein again.
Use KshConfidentiality and integrity protection is carried out to SUPI_n, the bit stream of regular length is generated together with rand, As RAND.
Those skilled in the art should be understood that confidentiality and integrity protection refers to using shared key KshIt is right SUPI_n is encrypted, and encryption can be used existing multiple encryption algorithms and realize, such as SM encryption methods, and details are not described herein again.
Other parameters in AV, AUTN etc., the mode that can be used in existing field realize that acquisition pattern is not belonging to this Where embodiment inventive point, and will not be described here in detail.
Step S5, AUTN, RAND in the authentication vector are sent to user terminal, feedback information is calculated by user terminal;
The step includes:
UDM updates XRES and generates XRES*, generates 5G HEAV (5G Home Environment AV, 5G ownership place certifications Vector), and it is sent to AUSF together with SUPI_n.
According to 3GPP normal process, AUSF stores XRES*, and calculates HXRES* (Hash eXpected RESponse lead to Cross the expected response Hash Value that XRES* is derived), generate 5GAV.
According to 3GPP normal process, AUSF sends 5GAV and SUPI_n to SEAF, and under roaming scence, this SEAF is roaming The SEAF on ground.
According to 3GPP normal process, AUTN, RAND are sent to user terminal by SEAF.
Step S6-1, judge whether that the authentication is passed according to client feeds back information, if the authentication is passed, update user identity SUPI is SUPI_n.
Compared with prior art, the user identity update method of encrypted transmission provided in this embodiment can prevent malice Access zone network take user identity after user's charging etc. is impacted;Also access zone network can be solved since itself pacifies The problem of user's permanent identity caused by full problem is revealed.The risk of identity information leakage is reduced, while in authentication process, used Family end and network-side can be completed at the same time two-way authentication and the replacement of user identity.
Preferably, preset key is the root key of the long term keys individually stored or user terminal storage, what network side used Preset key is consistent with the preset key that user terminal uses.
Optionally, the RAND can also be obtained in the following manner:Utilize shared master key Kmaster, preceding first use User identity SUPI_p, current user identities SUPI, generate shared key Ksh,
Use KshConfidentiality and integrity protection is carried out to SUPI_n, obtains RAND.
The feedback information of user terminal can be by multiple choices mode, and corresponding concrete scheme is referring to embodiment 2,3.
The method for obtaining RAND, the specific implementation process is as follows:
【With reference to realization 1】KmasterFor 256bit, Ksh_ MSB is KshHigh 128bit, Ksh_ LSB is KshLow 128bit, SUPI, SUPI_p and SUPI_n length are 64bit.
Ksh=KDF [Kmaster,SUPI_p,SUPI] (1)
RAND=Cph_SUPIn | | MAC_SUPIn (4)
Explanation:Formula (a-1) can use HMAC or hash function, with Kmaster, SUPI_p and SUPI be as input, meter Calculate Ksh;Formula (a-2) uses Ksh_ LSB generates 64bit key streams and SUPI_n is encrypted, and obtains Cph_SUPIn;(a-3) Using modes such as HMAC, with Ksh_ MSB is as key, with Cph_SUPIn | | SUPI (SUPI is serially connected in behind Cph_SUPIn) makees For input, message authentication code is calculated, and intercept low 64bit as authenticating tag;(a-4) RAND is Cph_SUPIn | | MAC_ SUPIn, wherein | | indicate concatenation.
Note:If using the above method, UDM needs to store the used public key of user within the scope of certain time, detection The randomness that client public key generates.If frequently using regular key, UDM will identify the user, and isolation is taken to arrange It applies.If SUPI_p and SUPI and UDM that user's statement uses are not inconsistent, UDM also needs to record this anomalous event, and will regard feelings Condition takes quarantine measures.
Generate a random number rand.Use Kmaster, the user identity SUPI_p of preceding first use, active user's body Part SUPI, generates shared key Ksh, use KshConfidentiality and integrity protection is carried out to SUPI_n, length is generated together with rand Degree is the bit stream of 128bit, as RAND, such as:
【With reference to realization 2】KmasterFor 256bit, Ksh_ MSB is KshHigh 128bit, Ksh_ LSB is KshLow 128bit, SUPI, SUPI_p and SUPI_n length are considered 64bit.
Ksh=KDF [Kmaster,SUPI_p,SUPI] (5)
RAND=rand | | Cph_SUPIn | | MAC_SUPIn (8)
Explanation:(b-1) HMAC or hash function can be used, with Kmaster, SUPI_p and SUPI as input, calculate Go out Ksh;(b-2) K is usedsh_ LSB generates 64bit key streams and SUPI_n is encrypted, and obtains Cph_SUPIn;(b-3) it uses The modes such as HMAC are with Ksh_ MSB is key, with rand | | Cph_SUPIn | | SUPI is that input generates message authentication code, and interception is low 32bit, as authenticating tag;(b-4) RAND is rand | | Cph_SUPIn | | MAC_SUPIn.
Note:If using the above method, UDM needs to store the used public key of user within the scope of certain time, detection The randomness that client public key generates.If frequently using regular key, UDM will identify the user, and take quarantine measures. If SUPI_p and SUPI and UDM that user's statement uses are not inconsistent, UDM also needs to record this anomalous event, and will optionally adopt Take quarantine measures.
Embodiment 2
In the present embodiment by user terminal calculate feedback information be RES*, as shown in Fig. 2, step 1- steps 5 and embodiment 1 is identical;
Step S6-2, the RES* and XRES* for comparing user terminal transmission, if unanimously, the authentication is passed.
The step includes:
SEAF receives the RES* that user terminal is sent, and SEAF calculates HRES* and is compared with HXRES*;
SEAF sends RES* to AUSF;
AUSF compares the RES* and XRES* of user terminal transmission, if unanimously, the authentication is passed, update user identity SUPI is SUPI_n.If inconsistent, authentication does not pass through, and user identity is not updated successfully, requires to initiate authentication process again.
Embodiment 3
By the feedback information that user terminal calculates it is AUTS in the present embodiment, step S1- steps S5 is same as Example 1;
Step S6-3:UDM receives the AUTS that user terminal is sent, and the SQN in AUTS is verified in UDM, if being verified, And the MAC-S in AUTS is consistent with the MAC in AUTN, then the authentication is passed.
Embodiment 4
Present embodiment discloses a kind of user identity update method of encrypted transmission, this method is applied to user side, is related to To USIM.As shown in Figure 1, including the following steps:
Step 1) generates user and hides identity SUCI, and sends SUCI to network-side, for make network-side calculate authentication to Measure AV;
The step includes:
In attachment, user itself generates a pair of of public private key pair, and it is close that shared master is negotiated together with the network public key to prestore Key Kmaser
According to ECIES workflow managements SUCI as defined in 3GPP;
USIM sends user according to network requirement, to network-side and hides identity SUCI;
Step 2), AUTN, the RAND for receiving network-side feedback;
Step 3) generates XMAC using preset key and RAND, if XMAC is consistent with the MAC in AUTN, network passes through use Family certification;
The step includes:
According to 3GPP normal process, check SQN (SequenceNumber, sequence number), if synchronous, using preset key and RAND generates XMAC, if XMAC is consistent with the MAC in AUTN, network passes through user authentication;
Step 4), decryption obtain new user identity SUPI_n,
Use shared master key Kmaster, preceding first use user identity SUPI_p, current user identities SUPI, generate Shared key Ksh, utilize KshSUPI_n is calculated, completeness check is carried out to SUPI_n, if passing through, decryption obtains new use Family identity SUPI_n;Update SUPI_p is SUPI, and update SUPI is SUPI_n.
Step 5) calculates feedback information according to AUTN, RAND and is sent to network-side.
When the feedback information difference sent to network-side, corresponding specific implementation mode is referring to specific embodiment 5,6.
Embodiment 5
The feedback information sent to network-side in the present embodiment is RES*, as shown in Fig. 2, step 1) is to step 4) and in fact It is identical to apply example 5;
Step 5) calculates RES* according to AUTN, RAND and is sent to network-side,
In the step,
RES* obtains step:
Initial R ES* is generated using preset key and RAND;
New RES_n* is generated according to the protocol rule with network-side using SUPI_n and Initial R ES*, as final RES*。
Embodiment 6
The feedback information sent to network-side in the present embodiment is AUTS, and step 1) is same as Example 5 to step 4);
Step 5) calculates AUTS according to AUTN, RAND and is sent to network-side,
AUTS obtaining steps include:
It is asynchronous to enforce SQN,
AUTS is calculated and updates the MAC-S in AUTS,
Updated MAC-S is generated by SUPI_n and initial MAC-S according to the agreement of network-side.
Embodiment 7
This embodiment disclose a kind of user identity update methods of encrypted transmission, can be completed at the same time two-way authentication and use Family identity update.Involved method is combined and is obtained by embodiment 1, embodiment 4 in the embodiment, as shown in Figure 1, specific mistake Journey is as follows:
Step (1) generates the hiding identity SUCI of user, and sends SUCI to network-side;
The step includes:
In attachment, user itself generates a pair of of public private key pair, and it is close that shared master is negotiated together with the network public key to prestore Key Kmaser
According to ECIES workflow managements SUCI as defined in 3GPP;
USIM sends user according to network requirement, to network-side and hides identity SUPI;
Step (2) receives the hiding identity SUCI of user that user terminal is sent;
The step includes:
According to 3GPP normal process, in attachment, receives the user that user terminal is sent and hide identity SUCI;
According to 3GPP normal process, SEAF initiates authentication request, starts verification process.By SUCI and network name (SN-name) etc. information are sent to the AUSF of belonging area network;
According to 3GPP normal process, the information such as SUPI, SN-name are sent to UDM by the AUSF of belonging area network.
The SUCI that step (3), basis receive, calculates and caches shared master key Kmaster
Step (4), decryption SUCI obtain user identity SUPI, and new user identity SUPI_n is obtained according to the SUPI;
The step includes:
Using the ECIES processes of 3GPP standards, SUCI is decrypted, new user identity SUPI_n is obtained.
Step (5) uses shared master key KmasterAuthentication vector AV is generated with SUPI_n;
The RAND obtains step:
A random number rand is generated, K is utilizedmaster, preceding first use user identity SUPI_p, current user identities SUPI generates shared key Ksh,
Use KshConfidentiality and integrity protection is carried out to SUPI_n, the bit stream of regular length is generated together with rand, As RAND.
AUTN, RAND in the authentication vector is sent to user terminal by step (6), and feedback information is calculated by user terminal;
The step includes:
UDM updates XRES and generates XRES*, generates 5G HE AV, and be connected to SUPI_n and be sent to AUSF.
According to 3GPP normal process, AUSF stores XRES*, and calculates HXRES*, generates 5GAV.
According to 3GPP normal process, AUSF sends 5GAV and SUPI_n to SEAF, and under roaming scence, this SEAF is roaming The SEAF on ground.
According to 3GPP normal process, AUTN, RAND are sent to user terminal by SEAF.
Step (7), AUTN, the RAND for receiving network-side feedback;
Step (8) generates XMAC using preset key and RAND, if XMAC is consistent with the MAC in AUTN, network passes through User authentication;
The step includes:
It checks whether SQN synchronizes, if synchronous, XMAC is generated using preset key and RAND, if the MAC in XMAC and AUTN Unanimously, network passes through user authentication;
The step includes:
According to 3GPP normal process, check SQN, if synchronous, XMAC generated using preset key and RAND, if XMAC with MAC in AUTN is consistent, and network passes through user authentication;
Step (9), decryption obtain new user identity SUPI_n,
Use shared master key Kmaster, preceding first use user identity SUPI_p, current user identities SUPI, generate Shared key Ksh, utilize KshSUPI_n is calculated, completeness check is carried out to SUPI_n, if passing through, decryption obtains new use Family identity SUPI_n;Update SUPI_p is SUPI, and update SUPI is SUPI_n.
Step (10) calculates feedback information according to AUTN, RAND and is sent to network-side.
Step (11) judges whether that the authentication is passed according to client feeds back information, if the authentication is passed, updates user identity SUPI is SUPI_n.
Embodiment 8
This embodiment disclose a kind of user identity update methods of encrypted transmission, can be completed at the same time two-way authentication and use Family identity update.Involved method is combined and is obtained by embodiment 2, embodiment 5 in the embodiment, as shown in Figure 1, specific mistake Journey is as follows:
The present embodiment and the step (1) in embodiment 7 are identical to step (9),
Step (10) calculates feedback information RES* according to AUTN, RAND and is sent to network-side.
The step includes:
Initial R ES* is generated using preset key and RAND;
New RES_n* is generated according to the protocol rule with network-side using SUPI_n and Initial R ES*, as final RES*。
Step (11) judges whether that the authentication is passed according to client feeds back information RES*, if the authentication is passed, updates user's body Part SUPI is SUPI_n.
SEAF receives the RES* that user terminal is sent, and SEAF calculates HRES* and is compared with HXRES*;
SEAF sends RES* to AUSF;
AUSF compares the RES* and XRES* of user terminal transmission, if unanimously, the authentication is passed, update user identity SUPI is SUPI_n。
Embodiment 9
This embodiment disclose a kind of user identity update methods of encrypted transmission, can be completed at the same time two-way authentication and use Family identity update.Involved method is obtained by implementing the combination of 3, embodiment 6 in the embodiment, as shown in Figure 1, detailed process It is as follows:
The present embodiment and the step (1) in embodiment 9 are identical to step (9),
Step (10) calculates feedback information AUTS according to AUTN, RAND and is sent to network-side.
The step includes:
AUTS obtaining steps include:
It is asynchronous to enforce SQN,
AUTS is calculated and updates the MAC-S in AUTS,
Updated MAC-S is generated by SUPI_n and initial MAC-S according to the agreement of network-side.
Step (11) judges whether that the authentication is passed according to client feeds back information AUTS, if the authentication is passed, updates user's body Part SUPI is SUPI_n.
The step includes:
UDM receives the AUTS that user terminal is sent, and the SQN in AUTS is verified in UDM, if it is verified, and in AUTS MAC-S is consistent with the MAC in AUTN, then the authentication is passed.
Than existing, the present invention realizes that online, user is noninductive, inexpensive, high efficiency, the use of the low system reform Family identity is issued, is replaced, and protects subscriber identity information, convenient update user identity to provide after identity disclosure risk occurs for user Powerful measure;When towards incredible access zone network, belonging area network can use temporary identity, avoid incredible Access zone network reveals user real identification.
It will be understood by those skilled in the art that realizing all or part of flow of above-described embodiment method, meter can be passed through Calculation machine program is completed to instruct relevant hardware, and the program can be stored in computer readable storage medium.Wherein, institute It is disk, CD, read-only memory or random access memory etc. to state computer readable storage medium.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Any one skilled in the art in the technical scope disclosed by the present invention, the change or replacement that can be readily occurred in, It should be covered by the protection scope of the present invention.

Claims (10)

1. a kind of user identity update method of encrypted transmission, which is characterized in that
It receives the user that user terminal is sent and hides identity SUCI;
According to the SUCI received, calculates and cache shared master key Kmaster
Decryption SUCI obtains user identity SUPI, and new user identity SUPI_n is obtained according to the SUPI;
Use shared master key KmasterAuthentication vector AV is generated with SUPI_n;
AUTN, RAND in the authentication vector is sent to user terminal, feedback information is calculated by user terminal;
Judge whether that the authentication is passed according to client feeds back information, if the authentication is passed, update user identity SUPI is SUPI_n.
2. according to the method described in claim 1, it is characterized in that, further including that update XRES generates XRES*;It is described by user terminal The feedback information of calculating is RES*;
The RES* and XRES* for comparing user terminal transmission, if unanimously, the authentication is passed.
3. according to the method described in claim 1, it is characterized in that, it is described by user terminal calculate feedback information be AUTS, if SQN in AUTS is verified, and the MAC-S in AUTS is consistent with the MAC in AUTN, then the authentication is passed.
4. according to the method described in claim 1, it is characterized in that, RAND acquisitions step includes:
Utilize shared master key Kmaster, preceding first use user identity SUPI_p, current user identities SUPI, generate shared Key Ksh,
Use KshConfidentiality and integrity protection is carried out to SUPI_n, obtains RAND.
5. according to the method described in claim 1, it is characterized in that, RAND acquisitions step includes:
A random number rand is generated, K is utilizedmaster, preceding first use user identity SUPI_p, current user identities SUPI, Generate shared key Ksh,
Use KshConfidentiality and integrity protection is carried out to SUPI_n, the bit stream of regular length is generated together with rand, as RAND。
6. a kind of user identity update method of encrypted transmission, which is characterized in that
It generates user and hides identity SUCI, and send SUCI to network-side, for making network-side generate authentication vector;
Receive AUTN, RAND of network-side feedback;
XMAC is generated using preset key and RAND, if XMAC is consistent with the MAC in AUTN, network passes through user authentication;
Decryption obtains new user identity SUPI_n,
Feedback information is calculated according to AUTN, RAND and is sent to network-side.
7. user identity delivery method according to claim 6, which is characterized in that the decryption obtains new user identity SUPI_n includes:
Use shared master key Kmaster, preceding first use user identity SUPI_p, current user identities SUPI, generate shared Key Ksh, utilize KshSUPI_n is calculated, completeness check is carried out to SUPI_n, if passing through, decryption obtains new user's body Part SUPI_n;Update SUPI_p is SUPI, and update SUPI is SUPI_n.
8. user identity delivery method according to claim 6, which is characterized in that the feedback information is RES*,
RES* obtains step:
Initial R ES* is generated using preset key and RAND;
New RES_n* is generated according to the protocol rule with network-side using SUPI_n and Initial R ES*, as final RES*.
9. according to the method described in claim 6, it is characterized in that, the feedback information is AUTS, AUTS obtaining steps include:
Pressure thinks that SQN is asynchronous,
AUTS is calculated and updates the MAC-S in AUTS,
Updated MAC-S is generated by SUPI_n and initial MAC-S according to the agreement of network-side.
10. a kind of user identity update method of encrypted transmission, which is characterized in that including method described in claim 1 and power Profit requires the method described in 6.
CN201810482379.2A 2018-05-18 2018-05-18 User identity updating method for encrypted transmission Active CN108683510B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810482379.2A CN108683510B (en) 2018-05-18 2018-05-18 User identity updating method for encrypted transmission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810482379.2A CN108683510B (en) 2018-05-18 2018-05-18 User identity updating method for encrypted transmission

Publications (2)

Publication Number Publication Date
CN108683510A true CN108683510A (en) 2018-10-19
CN108683510B CN108683510B (en) 2021-03-23

Family

ID=63805757

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810482379.2A Active CN108683510B (en) 2018-05-18 2018-05-18 User identity updating method for encrypted transmission

Country Status (1)

Country Link
CN (1) CN108683510B (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020005925A1 (en) * 2018-06-26 2020-01-02 Nokia Technologies Oy Methods and apparatuses for dynamically updating routing identifier(s)
CN110933027A (en) * 2019-10-23 2020-03-27 南京瑞思其智能科技有限公司 Lighting system AKA authentication method based on 5G network
CN111147421A (en) * 2018-11-02 2020-05-12 中兴通讯股份有限公司 Authentication method based on General Bootstrapping Architecture (GBA) and related equipment
WO2020095617A1 (en) * 2018-11-08 2020-05-14 Nec Corporation Procedure to update the parameters related to unified access control
CN111770496A (en) * 2020-06-30 2020-10-13 中国联合网络通信集团有限公司 5G-AKA authentication method, unified data management network element and user equipment
CN111836260A (en) * 2019-04-22 2020-10-27 中国移动通信有限公司研究院 Authentication information processing method, terminal and network equipment
CN111866858A (en) * 2019-04-29 2020-10-30 华为技术有限公司 Registration method and communication device
CN112087746A (en) * 2019-06-14 2020-12-15 中国电信股份有限公司 Communication method, system, terminal and readable storage medium
WO2021036627A1 (en) * 2019-08-27 2021-03-04 华为技术有限公司 Communication system, method, and apparatus
CN112839329A (en) * 2019-11-06 2021-05-25 中国移动通信有限公司研究院 Verification method, device, equipment and computer readable storage medium
CN112866988A (en) * 2019-11-13 2021-05-28 中国电信股份有限公司 Privacy protection method and device for terminal and terminal
CN113141327A (en) * 2020-01-02 2021-07-20 中国移动通信有限公司研究院 Information processing method, device and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820673A (en) * 2010-05-20 2010-09-01 华为技术有限公司 Method, equipment and system of permanent identification of interactive user equipment
CN101959183A (en) * 2010-09-21 2011-01-26 中国科学院软件研究所 A kind of mobile subscriber identification code IMSI guard method based on assumed name
CN103152731A (en) * 2013-02-27 2013-06-12 东南大学 3G accessed IMSI (international mobile subscriber identity) privacy protection method
CN107431916A (en) * 2015-03-05 2017-12-01 高通股份有限公司 Identity privacy in wireless network
WO2018052409A1 (en) * 2016-09-14 2018-03-22 Nokia Solutions And Networks Oy Methods and apparatuses for protecting privacy of international mobile subscriber identity

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820673A (en) * 2010-05-20 2010-09-01 华为技术有限公司 Method, equipment and system of permanent identification of interactive user equipment
CN101959183A (en) * 2010-09-21 2011-01-26 中国科学院软件研究所 A kind of mobile subscriber identification code IMSI guard method based on assumed name
CN103152731A (en) * 2013-02-27 2013-06-12 东南大学 3G accessed IMSI (international mobile subscriber identity) privacy protection method
CN107431916A (en) * 2015-03-05 2017-12-01 高通股份有限公司 Identity privacy in wireless network
WO2018052409A1 (en) * 2016-09-14 2018-03-22 Nokia Solutions And Networks Oy Methods and apparatuses for protecting privacy of international mobile subscriber identity

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
NOKIA: "SUCI and LI – verification hash integrated in 5G AKA", 《3GPP TSG SA WG3 (SECURITY) MEETING #90BIS S3-180769》 *

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11570626B2 (en) 2018-06-26 2023-01-31 Nokia Technologies Oy Methods and apparatuses for dynamically updating routing identifier(s)
WO2020005925A1 (en) * 2018-06-26 2020-01-02 Nokia Technologies Oy Methods and apparatuses for dynamically updating routing identifier(s)
CN111147421A (en) * 2018-11-02 2020-05-12 中兴通讯股份有限公司 Authentication method based on General Bootstrapping Architecture (GBA) and related equipment
JP2022500968A (en) * 2018-11-08 2022-01-04 日本電気株式会社 Steps to update parameters related to unified access control
WO2020095617A1 (en) * 2018-11-08 2020-05-14 Nec Corporation Procedure to update the parameters related to unified access control
JP7088414B2 (en) 2018-11-08 2022-06-21 日本電気株式会社 Steps to update parameters related to unified access control
CN111836260A (en) * 2019-04-22 2020-10-27 中国移动通信有限公司研究院 Authentication information processing method, terminal and network equipment
WO2020216047A1 (en) * 2019-04-22 2020-10-29 中国移动通信有限公司研究院 Authentication information processing method, terminal, and network device
WO2020221324A1 (en) * 2019-04-29 2020-11-05 华为技术有限公司 Registration method and communication apparatus
CN111866858A (en) * 2019-04-29 2020-10-30 华为技术有限公司 Registration method and communication device
CN112087746A (en) * 2019-06-14 2020-12-15 中国电信股份有限公司 Communication method, system, terminal and readable storage medium
WO2021036627A1 (en) * 2019-08-27 2021-03-04 华为技术有限公司 Communication system, method, and apparatus
CN110933027A (en) * 2019-10-23 2020-03-27 南京瑞思其智能科技有限公司 Lighting system AKA authentication method based on 5G network
CN112839329B (en) * 2019-11-06 2022-07-22 中国移动通信有限公司研究院 Verification method, device, equipment and computer readable storage medium
CN112839329A (en) * 2019-11-06 2021-05-25 中国移动通信有限公司研究院 Verification method, device, equipment and computer readable storage medium
CN112866988A (en) * 2019-11-13 2021-05-28 中国电信股份有限公司 Privacy protection method and device for terminal and terminal
CN112866988B (en) * 2019-11-13 2023-03-28 中国电信股份有限公司 Privacy protection method and device for terminal and terminal
CN113141327A (en) * 2020-01-02 2021-07-20 中国移动通信有限公司研究院 Information processing method, device and equipment
CN111770496A (en) * 2020-06-30 2020-10-13 中国联合网络通信集团有限公司 5G-AKA authentication method, unified data management network element and user equipment
CN111770496B (en) * 2020-06-30 2022-08-02 中国联合网络通信集团有限公司 5G-AKA authentication method, unified data management network element and user equipment

Also Published As

Publication number Publication date
CN108683510B (en) 2021-03-23

Similar Documents

Publication Publication Date Title
CN108683510A (en) A kind of user identity update method of encrypted transmission
CN103596173B (en) Wireless network authentication method, client and service end wireless network authentication device
CN101822082B (en) Techniques for secure channelization between UICC and terminal
CN101969638B (en) Method for protecting international mobile subscriber identity (IMSI) in mobile communication
KR101374810B1 (en) Virtual subscriber identity module
EP2341724B1 (en) System and method for secure transaction of data between wireless communication device and server
CN103533539B (en) Virtual SIM card parameter management method and device
KR101038096B1 (en) Secure key authentication method for binary cdma network
CN108848495B (en) User identity updating method using preset key
US20100135491A1 (en) Authentication method
CN107196920B (en) A kind of key generation distribution method towards wireless communication system
Dantu et al. EAP methods for wireless networks
US9608971B2 (en) Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers
KR20130032873A (en) Wireless network authentication apparatus and methods
CN101640886A (en) Authentication method, re-authentication method and communication device
CN108809637A (en) The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher
CN104756458A (en) Method and apparatus for securing a connection in a communications network
CN103152731A (en) 3G accessed IMSI (international mobile subscriber identity) privacy protection method
WO2018076740A1 (en) Data transmission method and related device
CN101926188A (en) Security policy distribution to communication terminals
EP3883279A1 (en) Communication method and related product
CN101895881B (en) Method for realizing GBA secret key and pluggable equipment of terminal
CN101192927B (en) Authorization based on identity confidentiality and multiple authentication method
CN101888626B (en) Method and terminal equipment for realizing GBA key
CN101990201A (en) Method, system and device for generating general bootstrapping architecture (GBA) secret key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant