CN109076058A - A kind of authentication method and device of mobile network - Google Patents

A kind of authentication method and device of mobile network Download PDF

Info

Publication number
CN109076058A
CN109076058A CN201680084751.3A CN201680084751A CN109076058A CN 109076058 A CN109076058 A CN 109076058A CN 201680084751 A CN201680084751 A CN 201680084751A CN 109076058 A CN109076058 A CN 109076058A
Authority
CN
China
Prior art keywords
random number
terminal
key
mobile network
digital signature
Prior art date
Application number
CN201680084751.3A
Other languages
Chinese (zh)
Inventor
程紫尧
龙水平
衣强
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to PCT/CN2016/083753 priority Critical patent/WO2017201753A1/en
Publication of CN109076058A publication Critical patent/CN109076058A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L29/00Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
    • H04L29/02Communication control; Communication processing
    • H04L29/06Communication control; Communication processing characterised by a protocol

Abstract

The invention discloses the authentication method of mobile network a kind of and device, it can be used in unsigned user and mobile network appliance carry out two-way authentication.This method comprises: terminal sends the first instruction information and the first random number to mobile network appliance, the first instruction information is used to indicate the terminal request without signing access style access to mobile network, in order to which the mobile network appliance is based on the first instruction information, generate the second random number, and according at least to first random number and second random number, the first digital signature is generated;The terminal receives the first digital signature, the second random number and the first digital certificate chains of mobile network appliance transmission, and verifies first digital signature;The terminal is according at least to second digital signature of the second generating random number;The terminal sends second digital signature and the second digital certificate chains to the mobile network appliance, in order to which the mobile network appliance verifies second digital signature.

Description

A kind of authentication method and device of mobile network Technical field

The present embodiments relate to fields of communication technology, and more particularly, to the authentication method and device of a kind of mobile network.

Background technique

Currently, in third generation cooperative partner program (3rdGeneration Partner Project, referred to as " 3GPP ") in agreement, the mutual authentication process of network side is accessed based on the root key for being pre-stored in both sides for terminal request, by root key derive for two-way authentication parameters for authentication (in other words, authentication vector, authenticate four-tuple), it specifically includes: random number (Random Number, referred to as " RAND "), authentication token (Authentication Token, referred to as " AUTN "), respond (Response, referred to as " RES ")/intended response (Expected Response, referred to as " XRES ") and KASME.Wherein, RAND, AUTN, RES/XRES are for the two-way authentication between terminal and network side, KASMEIt is used to carry out the key of encryption and integrity protection for deriving from when terminal and network-side communication.Wherein, KASMEAs Authentication and Key Agreement as a result, being the intermediate key that UE and access security management entity (Access Security Management Entity, referred to as " ASME ") all produce.Such as, in Universal Mobile Telecommunications System land radio access web (Evolved Universal Mobile Telecommunication System (" UMTS ") the Terrestrial Radio Access Network of evolution, referred to as " E-UTRAN ") in, the function of the ASME can be by mobile management net element (Mobility Management Entity, referred to as " MME ").

But, this authentication method is only applicable to the user terminal contracted with operator, i.e., operator is that contracted user distributes international mobile subscriber identification code (International Mobile Subscriber Identification Number, referred to as " IMSI ") and root key, in order to the bi-directional authentification between terminal and network side.

With the development of Internet of Things (Internet of Things, referred to as " IoT ") technology, magnanimity terminal, mobile application and open community development person access network, including contracted user and unsigned user.For contracted user, terminal preset root key identical with operator can be authenticated by existing two-way authentication process;And for unsigned user, terminal is not preset with the above-mentioned root key of operator, can not be authenticated by existing two-way authentication process, and it is even more impossible to be derived from based on root key for encrypt and the key of completeness check.

Summary of the invention

The application provides the authentication method and device of a kind of mobile network, so that unsigned user can carry out two-way authentication with mobile network.

First aspect, the application provides the authentication method of mobile network a kind of, the authentication method includes: terminal to the first instruction information of mobile network appliance transmission and the first random number, and the first instruction information is used to indicate the terminal request without signing access way access to mobile network;The terminal receives first digital signature, second random number and the first digital certificate chains that the mobile network appliance is sent, and according to first random number, second random number and first digital certificate chains, verify first digital signature, wherein, by the mobile network appliance according at least to first random number and the second generating random number, second random number is based on the first instruction information by the mobile network appliance and generates first digital signature;The terminal is according at least to second digital signature of the second generating random number;The terminal sends second digital signature and the second digital certificate chains to the mobile network appliance, in order to which the mobile network appliance is according to second random number and second digital certificate chains, verifies second digital signature.Wherein, the mobile network appliance is the network equipment of the mobile network, the mobile network includes the mobile network appliance, such as, equipment of the core network (such as, core net authenticates entity, core net voucher storage entity), access network equipment etc., the network equipment that the present invention is included for mobile network is simultaneously not particularly limited.It is described without signing access way, it can be understood as a kind of a kind of access way different from the prior art, it is directed to the unsigned terminal for needing Remote configuration subscription data, root key that can be preset independent of terminal and network carries out two-way authentication, and carries out two-way authentication by the verification mode and network side of digital certificate and digital signature.

The authentication method of mobile network according to an embodiment of the present invention, by the way that digital signature is generated between terminal and mobile network appliance respectively, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Optionally, terminal sends the first instruction information and the first random number to mobile network appliance, comprising: terminal sends access request message, the first instruction information and first random number described in the access request message bearing to mobile network appliance.

With reference to first aspect, in the first possible implementation of the first aspect, first digital certificate chains include: the digital certificate of the operator of the mobile network appliance and the digital certificate of the mobile network appliance, alternatively, the digital certificate of the mobile network appliance;Second digital certificate chains include the digital certificate and the eUICC of the universal embedded integrated circuit card eUICC of the terminal configuration The digital certificate of manufacturer.

Above-mentioned possible implementation with reference to first aspect, in the second possible implementation of the first aspect, the terminal is configured with eUICC, second digital certificate chains include the digital certificate of the eUICC, and, the terminal sends the first instruction information and the first random number to mobile network appliance, including: the terminal sends the first instruction information to mobile network appliance, first random number, the digital certificate of the eUICC and the third digital signature, so that after the mobile network appliance passes through the third digital signature authentication, generate second random number and first digital signature, wherein, the third digital signature is by the mobile network appliance according at least to first generating random number.

It should be understood that the digital certificate of eUICC, third digital certificate can be sent simultaneously with the first instruction information and the first random number, can also by terminal after transmission first indicates information and the first random number or before send.

Optionally, the terminal sends the first instruction information, first random number, the digital certificate of the eUICC and the third digital signature to mobile network appliance, including: the terminal sends access request message, the first instruction information, first random number, the digital certificate of the eUICC and the third digital signature described in the access request message bearing to the mobile network appliance.

By sending third digital signature to mobile network appliance, the integrality of the first random number is verified, to prevent the first random number to be tampered during being sent to mobile network appliance, improves the safety of certification.

Above-mentioned possible implementation with reference to first aspect, in a third possible implementation of the first aspect, the terminal receives first digital signature that the mobile network appliance is sent, second random number and the first digital certificate chains, it include: that the terminal receives first digital signature that the mobile network appliance is sent, second random number, the session key of first digital certificate chains and encryption, the session key of the encryption generates the session key encryption that the mobile network appliance generates by the public key for including in digital certificate of the mobile network appliance according to the eUICC, first digital signature is by the mobile network appliance according at least to first random number, second random number and the session key of the encryption generate;The authentication method further include: the terminal decrypts the session key of the encryption according to the private key of the eUICC; obtain the session key; the session key is for generating derivative key; the derivative key is used for encryption and the integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum; wherein, the private key of the eUICC is corresponding with the public key that the digital certificate of the eUICC includes.

It should be understood that the terminal decrypts the session key of the encryption according to the private key of the eUICC, The session key is obtained, can be executed after the first digital signature described in the terminal authentication, can also be executed before or while the first digital signature described in the terminal authentication.Preferably, the terminal decrypts the session key of the encryption according to the private key of the eUICC after the first digital signature described in the terminal authentication, obtains the session key, wherein, the private key of the eUICC is corresponding with the public key that the digital certificate of the eUICC includes.

Optionally, the terminal receives the session key of first digital signature of the mobile network appliance transmission, second random number, first digital certificate chains and encryption, it include: that the terminal receives the authentication request message that the mobile network appliance is sent, the authentication request message carries the session key of first digital signature, second random number, first digital certificate chains and the encryption.

Optionally, the terminal sends second digital signature and the second digital certificate chains to the mobile network appliance, the terminal sends authentication response message to the mobile network appliance, and the authentication response message carries second digital signature and second digital certificate chains.

Session key is generated by mobile network appliance, and is sent to terminal, enables both sides to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

Above-mentioned possible implementation with reference to first aspect, in a fourth possible implementation of the first aspect, first digital certificate chains include the digital certificate of the mobile network appliance, and, the authentication method further include: the terminal generates session key, and the session key according to the public key encryption that the digital certificate of the mobile network appliance includes generates the session key of encryption, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;The terminal is according at least to second digital signature of the second generating random number, comprising: the terminal generates second digital signature according at least to second random number and the session key of the encryption;The terminal sends second digital signature and the second digital certificate chains to the mobile network appliance, it include: the session key that the terminal sends second digital signature, second digital certificate chains and the encryption to the mobile network appliance, in order to which the mobile network appliance decrypts according to the private key of the mobile network appliance session key of the encryption, obtain the session key, wherein, the private key of the mobile network appliance is corresponding with the public key that the digital certificate of the mobile network appliance includes.

It should be understood that the terminal generates session key can execute after the first digital signature described in the terminal authentication, can also be executed before or while the first digital signature described in the terminal authentication.Preferably, the terminal generates the session key after verifying first digital signature.

Optionally, the terminal receives first digital signature, second random number and the first digital certificate chains that the mobile network appliance is sent, it include: that the terminal receives the authentication request message that the mobile network appliance is sent, the authentication request message carries first digital signature, second random number and first digital certificate chains.

Optionally, the terminal sends the session key of second digital signature, second digital certificate chains and the encryption to the mobile network appliance, it include: the terminal to mobile network appliance transmission authentication response message, the authentication response message carries the session key of second digital signature, second digital certificate chains and the encryption.

Session key is generated by terminal, and is sent to mobile network appliance, enables both sides to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

Above-mentioned possible implementation with reference to first aspect, in the fifth possible implementation of the first aspect, the terminal receives first digital signature that the mobile network appliance is sent, second random number and the first digital certificate chains, and verify first digital signature, it include: that the terminal receives first digital signature that the mobile network appliance is sent, second random number, first digital certificate chains and the first public key, first digital signature is by the mobile network appliance according at least to first random number, second random number and first public key generate, first public key is the public key in the first public private key pair that the mobile network appliance generates, first public private key pair includes first public key and the first private key, first public key and first private key are corresponding;First digital signature described in the terminal authentication;The method also includes: the second private key that the first public key and the terminal that the terminal is sent according to the mobile network appliance generate generates session key; the session key is for generating derivative key; the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network; wherein; second private key is the private key in the second public private key pair that the terminal generates; second public private key pair includes second private key and the second public key, and second public key and second private key are corresponding;The terminal is according at least to second digital signature of the second generating random number, comprising: the terminal generates the second digital signature according at least to second random number and second public key;The terminal sends second digital signature and the second digital certificate chains to the mobile network appliance, comprising: the terminal sends second digital signature, second digital certificate chains and second public key to the mobile network appliance.

It should be understood that the second private key of the first public key and the second public private key pair that the terminal is sent according to the mobile network appliance generates session key, can be held after the first digital signature described in the terminal authentication Row, can also execute before or while the first digital signature described in the terminal authentication.Preferably, for the terminal after verifying first digital signature, the second private key of the first public key and the second public private key pair that are sent according to the mobile network appliance generates session key.

Optionally, the terminal receives first digital signature, second random number, first digital certificate chains and the first public key that the mobile network appliance is sent, it include: that the terminal receives the authentication request message that the mobile network appliance is sent, the authentication request message carries first digital signature, second random number, first digital certificate chains and first public key.

Optionally, the terminal sends second digital signature, second digital certificate chains and second public key to the mobile network appliance, it include: the terminal to mobile network appliance transmission authentication response message, the authentication response message carries second digital signature, second digital certificate chains and second public key.

By mobile network appliance and terminal both sides joint consultation session key, both sides are enabled to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

Above-mentioned possible implementation with reference to first aspect, in the sixth possible implementation of the first aspect, the terminal is configured with eUICC, and, before the terminal sends the first instruction information and the first random number to mobile network appliance, the method also includes: the terminal sends the first request message to the eUICC, so that the eUICC is based on first request message and generates first random number;Alternatively, the terminal sends the first request message to the eUICC, so that the eUICC is based on first request message and generates first random number, and according at least to the first generating random number third digital signature.Optionally, first request message is the first authentication command, and first authentication command is used to indicate the eUICC and generates first random number.

Second aspect, the application provides the authentication method of mobile network a kind of, the described method includes: the first movement network equipment receives the first instruction information and the first random number that terminal is sent, the first instruction information is used to indicate the terminal request without signing access way access to mobile network;The first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, in order to the first digital signature described in the terminal authentication, first digital signature and second random number are generated based on the first instruction information, and first digital signature is according at least to second random number and first generating random number;The first movement network equipment receives the second digital certificate chains that the terminal is sent and the terminal according at least to the second digital signature of second generating random number, and verifies second digital signature.

The authentication method of mobile network according to an embodiment of the present invention, by the way that digital signature is generated between terminal and mobile network appliance respectively, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Optionally, the first movement network equipment receives the first instruction information and the first random number that terminal is sent, it include: that the first movement network equipment receives the access request message that terminal is sent, the first instruction information and first random number described in the access request message bearing.

Optionally, the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, it include: the first movement network equipment to terminal transmission authentication request message, the authentication request message carries first digital signature, second random number and first digital certificate chains.

Optionally, the first movement network equipment receives the second digital certificate chains that the terminal is sent and the terminal according at least to the second digital signature of second generating random number, it include: that the first movement network equipment receives the authentication response message that the terminal is sent, the authentication response message carries second digital certificate chains and the terminal according at least to second digital signature of second generating random number.

In conjunction with second aspect, in the first possible implementation of the second aspect, the first movement network equipment sends the first digital signature to the terminal, second random number and the first digital certificate chains, in order to the first digital signature described in the terminal authentication, first digital signature and second random number are generated based on the first instruction information, first digital signature is according at least to second random number and first generating random number, it include: that the first movement network equipment is based on the first instruction information, generate second random number, and according at least to the first digital signature described in second random number and first generating random number;The first movement network equipment sends first digital signature, second random number and first digital certificate chains to the terminal.

In above-mentioned possible implementation in conjunction with second aspect, in a second possible implementation of the second aspect, first digital certificate chains include: the digital certificate of the operator of the first movement network equipment and the digital certificate of the first movement network equipment, alternatively, the digital certificate of the first movement network equipment;Second digital certificate chains include: the digital certificate of the digital certificate of the universal embedded integrated circuit card eUICC of the terminal configuration and the manufacturer of the eUICC.

In conjunction with the above-mentioned possible implementation of second aspect, in the third possible implementation of the second aspect, the terminal is configured with eUICC, and second digital certificate chains include the eUICC Digital certificate, and, the first movement network equipment receives the first instruction information and the first random number that terminal is sent, it include: that the first movement network equipment receives the first instruction information, first random number, the digital certificate of the eUICC and third digital signature that the terminal is sent, and verify the third digital signature, wherein, the third digital signature is by the terminal according at least to first generating random number;The first movement network equipment generates second random number and first digital signature after passing through to the third digital signature authentication.

Optionally, the first movement network equipment receives the first instruction information, first random number, the digital certificate of the eUICC and the third digital signature that the terminal is sent, it include: that the first movement network equipment receives the access request message that the terminal is sent, the first instruction information, first random number, the digital certificate of the eUICC and third digital signature described in the access request message bearing.

By sending third digital signature to mobile network appliance, the integrality of the first random number is verified, to prevent the first random number to be tampered during being sent to mobile network appliance, improves the safety of certification.

In conjunction with the above-mentioned possible implementation of second aspect, in the fourth possible implementation of the second aspect, the first movement network equipment sends the first digital signature to the terminal, second random number and the first digital certificate chains, it include: that the first movement network equipment generates session key, and the session key is encrypted according to the public key for including in the digital certificate of the eUICC, generate the session key of encryption, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;The first movement network equipment generates first digital signature according at least to the session key of first random number, second random number and the encryption;The first movement network equipment sends the session key of first digital signature, second random number, first digital certificate chains and the encryption to the terminal, in order to which the terminal decrypts according to the private key of the eUICC session key of the encryption, obtain the session key, wherein, the public key for including in the private key of the eUICC and the digital certificate of the eUICC is corresponding.

Optionally, the first movement network equipment sends the session key of first digital signature, second random number, first digital certificate chains and the encryption to the terminal, it include: the first movement network equipment to the terminal transmission authentication request message, the authentication request message carries the session key of first digital signature, second random number, first digital certificate chains and the encryption.

Session key is generated by mobile network appliance, and is sent to terminal, enables both sides to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

In conjunction with the above-mentioned possible implementation of second aspect, in a fifth possible implementation of the second aspect, first digital certificate chains include the digital certificate of the first movement network equipment, and, the first movement network equipment receives the second digital certificate chains that the terminal is sent and the second digital signature according at least to second generating random number, and verify second digital signature, it include: that the first movement network equipment receives second digital certificate chains that the terminal is sent, the session key of second digital signature and encryption, the public key that the session key of the encryption includes according to the digital certificate of the first movement network equipment by the terminal generates the session key encryption that the terminal generates, second digital signature is by the terminal according at least to second random number and the encryption Session key generate, for the session key for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and mobile network appliance;The first movement network equipment verifies second digital signature;The authentication method further include: the first movement network equipment is after second digital signature authentication passes through, the session key is decrypted according to the private key of the first movement network equipment, obtain the session key, wherein, the private key of the first movement network equipment is corresponding with the public key that the digital certificate of the first movement network equipment includes.Optionally, the first movement network equipment receives the session key of second digital certificate chains of the terminal transmission, second digital signature and encryption, it include: that the first movement network equipment receives the authentication response message that the terminal is sent, the authentication response message carries the session key of second digital certificate chains, second digital signature and the encryption.

Session key is generated by terminal, and is sent to mobile network appliance, enables both sides to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

In conjunction with the above-mentioned possible implementation of second aspect, in the sixth possible implementation of the second aspect, the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, it include: that the first movement network equipment generates the first public private key pair, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, and first public private key pair is based on the first instruction information by the first movement network equipment and generates;The first movement network equipment sends the first digital signature, the second random number, the first digital certificate chains and first public key to the terminal, and first digital signature is by the first movement network equipment It is generated according at least to second random number, first random number and first public key;The first movement network equipment receives the second digital certificate chains that the terminal is sent and the second digital signature according at least to second generating random number, and verify second digital signature, it include: that the first movement network equipment receives second digital certificate chains that the terminal is sent, second digital signature, the second public key that second random number and the terminal generate, second digital signature is generated by the terminal according at least to second random number and second public key, second public key is the public key in the second public private key pair that the terminal generates, second public private key pair includes second public key and the second private key, second public key and second private key are corresponding, second private key and first public key are for terminal generation session key, the session key is for generating group Raw key, the derivative key are used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;The first movement network equipment verifies second digital signature;The authentication method further include: the first movement network equipment generates the session key according to first public key and second private key.

It should be understood that, the first movement network equipment is according to first public key and second private key, generating the session key can execute after the first movement network equipment verifies second digital signature, can also execute before or while the first movement network equipment verifies second digital signature.Preferably, the first movement network equipment, according to first public key and second private key, generates the session key after verifying second digital signature.

Optionally, the first movement network equipment sends the first digital signature, the second random number, the first digital certificate chains and first public key to the terminal, it include: the first movement network equipment to terminal transmission authentication request message, the authentication request message carries first digital signature, second random number, first digital certificate chains and first public key.

Optionally, the first movement network equipment receives the second public key that second digital certificate chains, second digital signature, second random number and the terminal that the terminal is sent generate, it include: that the first movement network equipment receives the authentication response message that the terminal is sent, the authentication response message carries second public key that second digital certificate chains, second digital signature, second random number and the terminal generate.

By mobile network appliance and terminal both sides joint consultation session key, both sides are enabled to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

In conjunction with second aspect, in the 7th kind of possible implementation of second aspect, the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, with Convenient for the first digital signature described in the terminal authentication, first digital signature and second random number are generated based on the first instruction information, first digital signature is according at least to second random number and first generating random number, comprising: the first movement network equipment sends the first instruction information and first random number to the second mobile network appliance;The first movement network equipment receives first digital signature, second random number and first digital certificate chains that second mobile network appliance is sent, first digital signature and second random number are based on the first instruction information by second mobile network appliance and generate, and first digital signature is by second mobile network appliance according at least to first random number and second generating random number;The first movement network equipment sends first digital signature, second random number and first digital certificate chains to the terminal.

Optionally, the first movement network equipment sends the first instruction information and first random number to the second mobile network appliance, it include: the first movement network equipment to the second mobile network appliance transmission authentication data response message, the authentication data response message carrying described first indicates information and first random number.

Optionally, the first movement network equipment receives first digital signature, second random number and first digital certificate chains that second mobile network appliance is sent, it include: that the first movement network equipment receives the authentication data response message that second mobile network appliance is sent, the authentication data response message carries first digital signature, second random number and first digital certificate chains.

In conjunction with the above-mentioned possible implementation of second aspect, in the 8th kind of possible implementation of second aspect, first digital certificate chains include: the digital certificate of the operator of second mobile network appliance and the digital certificate of second mobile network appliance, alternatively, the digital certificate of second mobile network appliance;Second digital certificate chains include the digital certificate of the digital certificate of the universal embedded integrated circuit card eUICC of the terminal configuration and the manufacturer of the eUICC.

In conjunction with the above-mentioned possible implementation of second aspect, in the 9th kind of possible implementation of second aspect, the terminal is configured with eUICC, second digital certificate chains include the digital certificate of the eUICC, and, the first movement network equipment receives the first instruction information and the first random number that terminal is sent, it include: that the first movement terminal receives the first instruction information that the terminal is sent, first random number, the digital certificate and third digital signature of the eUICC, and verify the third digital signature, wherein, the third digital signature is by the terminal according at least to first generating random number.

The third digital signature sent by receiving terminal, verifies the integrality of the first random number, to prevent the first random number to be tampered during being sent to mobile network appliance, improves the safety of certification.

In conjunction with the above-mentioned possible implementation of second aspect, in the tenth kind of possible implementation of second aspect, the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising: the first movement network equipment sends first random number, the digital certificate of the eUICC and the first instruction information to second mobile network appliance;The first movement network equipment receives first digital signature that second mobile network appliance is sent, second random number, first digital certificate chains, the session key of session key and encryption, the session key is generated by second mobile network appliance, the session key of the encryption encrypts the session key according to the public key that the digital certificate of the eUICC includes by second mobile network appliance and generates, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network, second random number is based on the first instruction information by second mobile network appliance and generates, first digital signature is by second mobile network appliance according at least to first random number, described second with Machine number and the session key of the encryption generate;The first movement network equipment sends the session key of first digital signature, second random number, first digital certificate chains and the encryption to the terminal, in order to which the terminal decrypts according to the private key of the eUICC session key of the encryption, obtain the session key, wherein, the public key for including in the private key of the eUICC and the digital certificate of the eUICC is corresponding.

Optionally, the first movement network equipment sends first random number, the digital certificate of the eUICC and the first instruction information to second mobile network appliance, including: the first movement network equipment sends authentication data request message, the first random number described in the authentication data request message bearing, the digital certificate of the eUICC and the first instruction information to second mobile network appliance.

Optionally, the first movement network equipment receive first digital signature that second mobile network appliance sends, second random number, first digital certificate chains, session key and and encryption session key, include: that the first movement network equipment receives the authentication data response message that second mobile network appliance is sent, the authentication data response message carry first digital signature, second random number, first digital certificate chains, the session key and the encryption session key.

Session key is generated by mobile network appliance, and is sent to terminal, both sides is enabled to generate derivative key according to identical session key, to realize access layer and Non-Access Stratum between terminal and mobile network Encryption and integrity protection.

In conjunction with the above-mentioned possible implementation of second aspect, in a kind of the tenth possible implementation of second aspect, the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising: the first movement network equipment sends first random number and the first instruction information to second mobile network appliance;The first movement network equipment receives first digital signature that second mobile network appliance is sent, second random number, the private key of first digital certificate chains and second mobile network appliance, second random number is based on the first instruction information by second mobile network appliance and generates, first digital signature is by second mobile network appliance according at least to first random number and second generating random number, wherein, the private key of second mobile network appliance is corresponding with the public key that the digital certificate of second mobile network appliance includes;The first movement network equipment sends first digital signature, second random number and first digital certificate chains to the terminal;The first movement network equipment receives the second digital certificate chains that the terminal is sent and the terminal according at least to the second digital signature of second generating random number, and verify second digital signature, it include: that the first movement network equipment receives second digital signature that the terminal is sent, the session key of second digital certificate chains and encryption, second digital certificate is generated by the terminal according at least to second random number and the session key of the encryption, the public key that the session key of the encryption includes according to the digital certificate of second mobile network appliance by the terminal generates the session key encryption that the terminal generates, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and mobile network appliance;The first movement network equipment verifies second digital signature;The authentication method further include: the first movement network equipment decrypts the session key according to the private key of second mobile network appliance, obtains the session key.Optionally, the first movement network equipment sends first random number and the first instruction information to second mobile network appliance, it include: the authentication data request message that the first movement network equipment is sent to second mobile network appliance, the first random number described in the authentication data request message bearing and the first instruction information.

Optionally, the first movement network equipment receives the private key of first digital signature of the second mobile network appliance transmission, second random number, first digital certificate chains and second mobile network appliance, it include: that the first movement network equipment receives the authentication data response message that second mobile network appliance is sent, the authentication data response message carries the private key of first digital signature, second random number, first digital certificate chains and second mobile network appliance.

Session key is generated by terminal, and is sent to mobile network appliance, enables both sides according to phase Same session key generates derivative key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

In conjunction with the above-mentioned possible implementation of second aspect, in a kind of the tenth possible implementation of second aspect, the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising: the first movement network equipment sends first random number and the first instruction information to second mobile network appliance;The first movement network equipment receives first digital signature that second mobile network appliance is sent, second random number, first digital certificate chains and the first public private key pair, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, first digital signature is by second mobile network appliance according at least to first random number, second random number and first public key generate, second random number and first public private key pair are based on the first instruction information by second mobile network appliance and generate;The first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising: the first movement network equipment sends first digital signature, second random number, first digital certificate chains and the first public key to the terminal;The first movement network equipment receives the second digital certificate chains that the terminal is sent and the terminal according at least to the second digital signature of second generating random number, and verify second digital signature, it include: that the first movement network equipment receives second digital certificate chains that the terminal is sent, the second public key that second digital signature and the terminal generate, second digital signature is generated by the terminal according at least to second random number and second public key, second public key is the public key in the second public private key pair that the terminal generates, second public private key pair includes second public key and the second private key, second public key and second private key are corresponding, second private key and first public key are for terminal generation session key, the session key is for generating derivative key, The derivative key is used for encryption and the integrity verification of the terminal and LA Management Room access layer and Non-Access Stratum;The first movement network equipment verifies second digital signature;The authentication method further include: the first movement network equipment generates the session key according to first private key and second public key.

It should be understood that, the first movement network equipment is according to first public key and second private key, generating the session key can execute after the first movement network equipment verifies second digital signature, can also execute before or while the first movement network equipment verifies second digital signature.Preferably, the first movement network equipment, according to first public key and second private key, generates the session key after verifying second digital signature.

Optionally, the first movement network equipment sends described first to second mobile network appliance Random number and the first instruction information, comprising: the first movement network equipment sends authentication data request message, the first random number described in the authentication data request message bearing and the first instruction information to second mobile network appliance.

Optionally, the first movement network equipment receives the first digital signature, the second random number, the first digital certificate chains and the first public private key pair that second mobile network appliance is sent, it include: that the first movement network equipment receives the authentication data response message that second mobile network appliance is sent, the authentication data response message carries first digital signature, second random number, first digital certificate chains and first public private key pair.

By mobile network appliance and terminal both sides joint consultation session key, both sides are enabled to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

The third aspect, the application provides the authentication method of mobile network a kind of, the authentication method includes: the first instruction information and the first random number that the second mobile network appliance receives that the first movement network equipment is sent, and the first instruction information is used to indicate the terminal request without signing access way access network;Second mobile network appliance is based on the first instruction information, generates the second random number, and according at least to first random number and second random number, generates the first digital signature;Second mobile network appliance sends first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, in order to the first digital signature described in the terminal authentication.

The authentication method of mobile network according to an embodiment of the present invention, by the way that digital signature is generated between terminal and mobile network appliance respectively, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Optionally, second mobile network appliance receives the first instruction information and the first random number that the first movement network equipment is sent, it include: that the second mobile network appliance receives the authentication data request message that the first movement network equipment is sent, the first instruction information and first random number described in the authentication data request message bearing.

Optionally, second mobile network appliance sends first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, including: second mobile network appliance sends authentication data response message to the first movement network equipment, the authentication data response message carries first data signature, second random number and first digital certificate chains, in order to which the first movement network equipment sends authentication response message, the authentication response to terminal First digital signature described in message bearing, second random number and first digital certificate chains.

In conjunction with the third aspect, in the first possible implementation of the third aspect, second mobile network appliance receives the first instruction information and the first random number that the first movement network equipment is sent, comprising:

Second mobile network appliance receives the first movement network equipment is sent described first digital certificate for indicating information, first random number and universal embedded integrated circuit card eUICC, and the eUICC is configured at the terminal;Second mobile network appliance sends first digital signature to terminal via the first movement network equipment, second random number and first digital certificate chains, including: second mobile network appliance sends first digital signature to the first movement network equipment, second random number, first digital certificate chains, the session key of session key and encryption, the session key is generated by second mobile network appliance, the session key of the encryption encrypts the session key according to the public key that the digital certificate of the eUICC includes by second mobile network appliance and generates, the session key is for generating derivative key, the derivative key is used for encryption and the integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum, first digital signature is by second mobile network Network equipment is generated according at least to the session key of first random number, second random number and the encryption;Second mobile network appliance sends the session key of first digital signature, second random number, first digital certificate chains and the encryption via the first movement network equipment to the terminal.

Optionally, second mobile network appliance receives the digital certificate of first digital signature of the first movement network equipment transmission, second random number and eUICC, it include: that second mobile network appliance receives the authentication data request message that the first movement network equipment is sent, the digital certificate of the first digital signature described in the authentication data request message bearing, second random number, first digital certificate chains and universal embedded integrated circuit card eUICC.

Optionally, second mobile network appliance to the first movement network equipment send first digital signature, second random number, first digital certificate chains, session key and encryption session key, including: second mobile network appliance sends the authentication data response message to the first movement network equipment, the authentication data response message carry first digital signature, second random number, first digital certificate chains, the session key and the encryption session key.

Session key is generated by the first movement network equipment, and is sent to terminal, enables both sides to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

In conjunction with the above-mentioned possible implementation of the third aspect, in second of possible realization of the third aspect In mode, second mobile network appliance sends first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, it include: the private key that second mobile network appliance sends first digital signature, second random number, first digital certificate chains and second mobile network appliance to the first movement network equipment, the public key for including is corresponding in the private key of second mobile network appliance and the digital certificate of second mobile network appliance;Second mobile network appliance sends first digital signature, second random number and first digital certificate chains to the terminal via the first movement network equipment.

Optionally, second mobile network appliance sends the private key of first digital signature, second random number, first digital certificate chains and second mobile network appliance to the first movement network equipment, it include: second mobile network appliance to first movement network equipment transmission authentication data response message, the authentication data response message carries the private key of first digital signature, second random number, first digital certificate chains and second mobile network appliance.

The first digital signature is sent to the first movement network equipment to terminal by the second mobile network appliance, second random number, first digital certificate chains, the session key of session key and encryption, the session key is generated by second mobile network appliance, the public key that the session key of the encryption includes according to the digital certificate of the eUICC by second mobile network appliance generates the session key encryption that second mobile network appliance generates, the session key is for generating derivative key, the derivative key is used for encryption and the integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum.

In conjunction with the above-mentioned possible implementation of the third aspect, in the third possible implementation of the third aspect, second mobile network appliance sends first digital signature to terminal via the first movement network equipment, second random number and first digital certificate chains, it include: that second mobile network appliance generates the first public private key pair, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, first public private key pair is based on the first instruction information by second mobile network appliance and generates;Second mobile network appliance generates first digital signature according at least to first random number, second random number and first public key;Second mobile network appliance sends first digital signature to the first movement network equipment, first digital certificate chains, second random number and first public private key pair, the second public key that first private key and the terminal are sent to the first movement network equipment generates session key for the first movement network equipment, the session key is for generating derivative key, the derivative key is used for encryption and the integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum, second public key is the public key in the second public private key pair that the terminal generates, second public private key pair include second public key and Second private key, second public key and second private key are corresponding;Second mobile network appliance sends first digital signature, first digital certificate chains, second random number and first public key to the terminal via the first movement network equipment, and second private key that first public key and the terminal generate generates the session key for the terminal.Optionally, second mobile network appliance sends first digital signature, first digital certificate chains, second random number and first public private key pair to the first movement network equipment, it include: second mobile network appliance to first movement network equipment transmission authentication data response message, the authentication data response message carries first digital signature, first digital certificate chains, second random number and first public private key pair.

By mobile network appliance and terminal both sides joint consultation session key, both sides are enabled to generate derivative key according to identical session key, to realize the encryption of access layer and Non-Access Stratum and integrity protection between terminal and mobile network.

Fourth aspect, the application provide the authentication device of mobile network a kind of, the method in any possible implementation for executing first aspect or first aspect.Specifically, which includes the module for executing the method in any possible implementation of first aspect or first aspect.

5th aspect, the application provide the authentication device of mobile network a kind of, the method in any possible implementation for executing second aspect or second aspect.Specifically, which includes the module for executing the method in any possible implementation of second aspect or second aspect.

6th aspect, the application provide the authentication device of mobile network a kind of, the method in any possible implementation for executing the third aspect or the third aspect.Specifically, which includes the module for executing the method in any possible implementation of the third aspect or the third aspect.

7th aspect, the application provide the authenticating device of mobile network a kind of, which includes: transceiver, memory, processor and bus system.Wherein, transceiver, memory and processor are connected by bus system, memory is for storing instruction, the processor is used to execute the instruction of memory storage, to control transceiver receiving and transmitting signal, and when the processor executes the instruction of memory storage, the execution is so that the processor executes the method in any possible implementation of first aspect or first aspect.

Eighth aspect, the application provide the authenticating device of mobile network a kind of, which includes: transceiver, memory, processor and bus system.Wherein, transceiver, memory and processor are connected by bus system, memory is for storing instruction, the processor is used to execute the instruction of memory storage, to control transceiver receiving and transmitting signal, and when the processor executes the instruction of memory storage, the execution is so that the processor executes the method in any possible implementation of second aspect or second aspect.

9th aspect, the application provide the authenticating device of mobile network a kind of, which includes: transceiver, memory, processor and bus system.Wherein, transceiver, memory and processor are connected by bus system, memory is for storing instruction, the processor is used to execute the instruction of memory storage, to control transceiver receiving and transmitting signal, and when the processor executes the instruction of memory storage, the execution is so that the processor executes the method in any possible implementation of the third aspect or the third aspect.

Tenth aspect, the application provides a kind of computer-readable medium, and for storing computer program, which includes the instruction for executing the method in any possible implementation of first aspect or first aspect.

Tenth on the one hand, and the application provides a kind of computer-readable medium, and for storing computer program, which includes the instruction for executing the method in any possible implementation of second aspect or second aspect.

12nd aspect, the application provides a kind of computer-readable medium, and for storing computer program, which includes the instruction for executing the method in any possible implementation of the third aspect or the third aspect.

Therefore, the present invention provides the authentication method of mobile network a kind of and device, can enable to carry out two-way authentication between unsigned user and mobile network.

Detailed description of the invention

To describe the technical solutions in the embodiments of the present invention more clearly, attached drawing needed in the embodiment of the present invention will be briefly described below, apparently, drawings described below is only some embodiments of the present invention, for those of ordinary skill in the art, without creative efforts, it is also possible to obtain other drawings based on these drawings.

Fig. 1 is the Authentication and Key Agreement process that 3GPP utilizes EPS AKA mechanism.

Fig. 2 is the schematic diagram of key hierarchies in long term evolution LTE system.

Fig. 3 is the schematic flow chart of the authentication method of mobile network according to an embodiment of the invention.

Fig. 4 is another schematic flow chart of the authentication method of mobile network according to an embodiment of the invention.

Fig. 5 is the another schematic flow chart of the authentication method of mobile network according to an embodiment of the invention.

Fig. 6 is another schematic flow chart of the authentication method of mobile network according to an embodiment of the invention.

Fig. 7 is the schematic flow chart of the authentication method of mobile network according to another embodiment of the present invention.

Fig. 8 is another schematic flow chart of the authentication method of mobile network according to another embodiment of the present invention.

Fig. 9 is the another schematic flow chart of the authentication method of mobile network according to another embodiment of the present invention.

Figure 10 is another schematic flow chart of the authentication method of mobile network according to another embodiment of the present invention.

Figure 11 is the schematic block diagram of the authentication device of mobile network according to an embodiment of the invention.

Figure 12 is the schematic block diagram of the authentication device of mobile network according to another embodiment of the present invention.

Figure 13 is the schematic block diagram of the authentication device of mobile network according to yet another embodiment of the invention.

Figure 14 is the schematic block diagram of the authenticating device of mobile network according to an embodiment of the invention.

Figure 15 is the schematic block diagram of the authenticating device of mobile network according to another embodiment of the present invention.

Figure 16 is the schematic block diagram of the authenticating device of mobile network according to yet another embodiment of the invention.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is a part of the embodiments of the present invention, rather than whole embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art's every other embodiment obtained without making creative work, all should belong to the scope of protection of the invention.

The term " component " that uses in the present specification, " module ", " system " etc. are for indicating computer-related entity, hardware, firmware, the combination of hardware and software, software or software in execution.For example, component can be but not limited to, process, processor, object, executable file, execution thread, program and/or the computer run on a processor.By diagram, the application and calculating equipment run on the computing device can be component.One or more components can reside in process and/or execution thread, and component can be located on a computer and/or be distributed between 2 or more computers.In addition, these components can be executed from the various computer-readable mediums for being stored with various data structures above.Component can be for example according to having the signal of one or more data groupings (such as the data from two components interacted with local system, distributed system and/or internetwork another component, such as the internet by signal and other system interactions) to communicate by locally and/or remotely process.

It should be understood that technical solution of the present invention can be applied to various communication systems, and such as: global system for mobile telecommunications (Global System of Mobile communication, GSM) system, CDMA (Code Division Multiple Access, CDMA) system, wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA) system, General Packet Radio Service (General Packet Radio Service, GPRS), long term evolution (Long Term Evolution, LTE) system, advanced long term evolution (Advanced long term evolution, LTE-A) system, Universal Mobile Communication System (Universal Mobile Telecommunication Sy Stem, UMTS), 5G etc..

It will also be understood that, in embodiments of the present invention, user equipment (User Equipment, it UE) include but is not limited to mobile station (Mobile Station, MS), mobile terminal (Mobile Terminal), mobile phone (Mobile Telephone), mobile phone (handset) and portable equipment (portable equipment) etc., the user equipment can be through wireless access network (Radio Access Network, RAN it) is communicated with one or more core net, such as, user equipment can be mobile phone (or being " honeycomb " phone), computer etc. with wireless communication function, user equipment can also be portable, it is pocket Formula, hand-held, built-in computer or vehicle-mounted mobile device.

For convenience of understanding, Fig. 1 and Fig. 2 is combined first, terminal in the prior art is described in detail and the network equipment is based on the process that Authentication and Key Agreement (Authentication and Key Agreement, referred to as " AKA ") mechanism carries out two-way authentication and key agreement.

Fig. 1 is Authentication and Key Agreement process of the 3GPP using grouping system (Evolved Packet System, referred to as " EPS ") AKA mechanism of evolution.As shown in Figure 1, the Authentication and Key Agreement process specifically includes the following steps:

S110, terminal and network side carry out two-way authentication.

Terminal and network side generate authentication vector (RAND, AUTN, K according to the root key consulted in advanceASME, XRES/RES) and carry out two-way authentication.

Specifically, network side can be calculated by home subscriber server (Home Subscriber Server, referred to as " HSS ") and generate authentication vector (RAND, AUTN, KASMEXRES/RES), and the authentication vector is all sent to mobile management net element (Mobility Management Entity, referred to as " MME "), MME by authentication vector RAND and AUTN be sent to terminal, XRES is remained, wait the response of UE (i.e., RES), when the RES that terminal is sent is identical as the XRES that network side retains, it is believed that the UE is authenticated successfully.

Based on identical principle, terminal authenticates network according to the RAND and AUTN that receive.

S120, UE and network side (for example, MME) utilize above-mentioned KASMEIt calculates for Non-Access Stratum (Non-Access Stratum, referred to as " the NAS ") encryption of layer and the derivative key of integrity protection.

S130, UE and network side (for example, base station) utilize above-mentioned KASMEIt calculates for access layer (Access Stratum, referred to as " the AS ") encryption of layer and the derivative key of integrity verification.

The step of S120 and S130, can be described in detail by Fig. 2.

Fig. 2 is the schematic diagram of key hierarchies in long term evolution (Long Term Evolution, referred to as " LTE ") system.

Wherein, K is to be stored in Global Subscriber identification module (Universal Subscriber Identity Module, referred to as " USIM ") and Authentication Center (Authentication Center, referred to as " AuC ") permanent key (i.e., the root key that above-mentioned network side and terminal consult in advance), it is the basis of all key schedules;

CK, IK are the key pairs that AuC and USIM are generated in AKA authentication process, for encryption and integrity verification;

KASMEIt is the intermediate key that terminal and HSS are generated according to CK, IK, for generating lower layer's key;

KNASencIt is UE and MME according to KASMEThe key of generation, for NAS layers of encryption;

KNASintIt is UE and MME according to KASMEThe key of generation is used for NAS layers of integrity protection;

KeNBIt is UE and MME according to KASMEThe intermediate key of generation, for generating lower layer's key;

KUPencIt is UE and eNB according to KeNBThe key of generation is used for AS layers of ciphering user data;

KRRCintIt is UE and eNB according to KeNBThe key of generation, for AS layers of wireless heterogeneous networks (Radio Resource Control, referred to as " RRC ") signaling integrity protection;

KRRCencIt is UE and eNB according to KeNBThe key of generation, for AS layers of signaling encryption.

It can be seen that it is above-mentioned when being used for terminal and network-side communication for carrying out encryption and the key of completeness check is all according to KASMEIt generates, and KASMEIt is to be generated according to root key K again.There is no root key K, is just unable to complete the generation of subsequent key (for ease of understanding and illustrating, be denoted as derivative key).It should be understood that derivative key described here includes above-described KNASenc、KNASint、KeNB、KUPenc、KRRCintAnd KRRCenc.Encryption and integrity protection of several derivative keys for NAS layers and AS layers.

Therefore, the present invention provides the authentication method of mobile network a kind of, for carrying out two-way authentication between unsigned terminal and mobile network, and negotiates the key (for convenient for distinguishing and illustrating, hereinafter referred to as session key) for generating derivative key.

In embodiments of the present invention, it uses digital certificate and digital signature carries out the two-way authentication of equipment room (for example, equipment A and equipment B).For ease of understanding, detailed description equipment room passes through digital certificate first and digital signature carries out the detailed process of two-way authentication.

It is assumed that carrying out two-way authentication by digital certificate and digital signature between equipment A and equipment B.Equipment A holds a pair of of public private key pair, including public key A and private key A, the public key A be equipment A digital certificate in include public key, equipment B also holds a pair of of public private key pair, including public key B and private key B, the public key A be equipment A digital certificate in include public key.Firstly, equipment A sends message M to equipment B.Equipment A encrypts the hashed value (in other words, eap-message digest) of message M using private key A, generates digital signature A.Specifically, using message M as digital information, after equipment A generates the hashed value of the digital information (for example, message M) by Hash (Hash) function, the private key A for recycling equipment A itself to hold encrypts the hashed value, generates digital signature A.Message M (that is, an example of digital information) and digital signature A are sent to equipment B by equipment A.The digital information can be regarded as the cleartext information of cleartext information or signature.

On the other hand, the digital certificate of itself is sent to equipment B by equipment A, and equipment B first verifies that digital certificate, if digital certificate authentication passes through, digital signature A is decrypted in the public key A in the digital certificate based on equipment A, obtains the hashed value of message M.

Further; equipment B can calculate message M using Hash function; the hashed value of the message M obtained after obtained result and above-mentioned decryption is compared; if the two is consistent; it can determine that digital signature A is equipment A calculated using itself unique private key A; to which equipment B demonstrates the identity of equipment A, while also the message M of provable digital signature A protection is not tampered with.

Similarly, equipment B can generate digital signature based on the method for above-mentioned generation digital signature, and method of the equipment A based on above-mentioned verifying digital signature verifies the equipment B digital signature B sent.For sake of simplicity, which is not described herein again.

It should be understood that method listed above is merely illustrative, any restriction should not be constituted to the present invention, the signature algorithm and signature hash algorithm for calculating digital signature will be calculated according to the algorithm shown in digital certificate.

Hereinafter, the authentication method of mobile network according to an embodiment of the present invention is described in detail in conjunction with Fig. 3 to Figure 10.

It should be noted that, in the schematic flow chart of the authentication method of the mobile network of the embodiment of the present invention shown in Fig. 3 to Figure 10, terminal and core net (Core Network, referred to as " CN ") (such as, core net authenticate entity, core net voucher storage entity) between communication can pass through access net (Access Network, referred to as " AN ") (for example, base station) forward.Hereinafter, being no longer specifically noted to identical situation.

It should be understood that equipment of the core network core net certification entity recited herein and core net voucher storage entity are merely illustrative, any restriction should not be constituted to the present invention.Such as, in 4G network, it can be mobile management net element (Mobility Management Entity that the core net, which authenticates entity, referred to as " MME ")), the core net voucher storage entity can be home subscriber server (Home Subscriber Server, referred to as " HSS ").MME and HSS recited herein is only an example of core net certification entity and core net voucher storage entity, and the present invention is not precluded within other core network elements with same or similar function defined in the following 5G for executing the authentication method in the embodiment of the present invention.

Optionally, in embodiments of the present invention, mobile network appliance may include the first movement network equipment (for example, core net certification entity), it also may include the first movement network equipment and the second mobile network appliance (for example, core net voucher storage entity).Below, respectively by taking mobile network appliance includes the first movement network equipment (situation one) and mobile network appliance includes the first movement network equipment and the second mobile network appliance (situation two) as an example, the method for the certification of the embodiment of the present invention is described in detail.

Hereinafter, the authentication method of mobile network according to an embodiment of the invention is described in detail in conjunction with Fig. 3 to Fig. 6.

Situation one

Fig. 3 is the schematic flow chart of the authentication method 300 of mobile network according to an embodiment of the invention.It should be understood that, Fig. 3 show from the first movement network equipment (such as, core net authenticates entity) the detailed communication steps or operation of the authentication method of mobile network according to an embodiment of the invention that are described with the angle of terminal interaction, but these steps or operation are only examples, and the deformation of other operations or the various operations in Fig. 3 can also be performed in the embodiment of the present invention.In addition, each step in Fig. 3 can be executed according to the different sequences presented from Fig. 3, and it is possible to not really want to execute all operationss in Fig. 3.

As shown in figure 3, the authentication method 300 includes:

S302, terminal send the first instruction information and the first random number to core net certification entity.

Specifically, terminal when determining itself is unsigned terminal, can not access network with AKA mechanism.At this point, terminal can authenticate entity to core net sends the first instruction information, which is used to indicate the terminal request without signing access way access network.

Here, terminal determines itself for unsigned terminal, it can be understood as, terminal does not get the identity for identifying contracted user from operator, such as, international mobile subscriber identification code (International Mobile Subscriber Identification, referred to as " IMSI "), and root key K, personalized identification, network parameter and frequency range etc. for authenticating and generating derivative key.Without signing access way, it can be understood as a kind of a kind of access way different from the prior art, it, which is directed to, needs Remote configuration subscription data Unsigned terminal, root key that can be preset independent of terminal and network carries out two-way authentication, and carries out two-way authentication by the verification mode and network side of digital certificate and digital signature.It should be understood that should not constitute any restriction to the present invention as the address to above-mentioned access way without signing access way, the present invention is not exclusively by other titles also to call and " no signing mode " the same or similar access way.

Optionally, the terminal includes universal embedded integrated circuit card (embedded Universal Integrated Circuit Card, referred to as " eUICC ") and modem (modem), before S302 terminal sends the first instruction information and the first random number to core net certification entity, this method 300 includes:

Modem selects the corresponding application of user's signing from eUICC, such as Global Subscriber identification module (Universal Subscriber Identity Module, referred to as " USIM ") application or global system for mobile communications (Global System for Mobile Communication, referred to as " GSM ") application, and read the user information in the application, such as IMSI;Due to for unsigned terminal, the modem can not select the corresponding application of user's signing from eUICC, the first request message is sent to eUICC, that is Application Protocol Data Unit (Application Protocol Data Unit, referred to as " APDU ") order, for example, the first authentication command (Authenticate Command);

EUICC is based on first authentication command, generates the first random number;

EUICC sends the first request response to modem, which carries first random number;

Modem is after receiving first random number, generate the mark for identifying the terminal request by accessing network without signing access way, the mark can be attach request (attach type), that is, identify the terminal and pass through the type of attachment without signing access way access network.

Specifically, modem to card after powering on, card passes through reset answer (answer to reset, referred to as " ATR ") informing modem card be eUICC, the agreement and parameter selection (Protocol and Parameter Selection needed between eUICC and modem, referred to as " PPS ") process, negotiate transport protocol and parameter selection, modem can select application on eUICC, such as, Global Subscriber USIM application or GSM application, and IMSI is read from USIM application or GSM application.But, if modem can not select USIM application or GSM to apply, just send the first request message to eUICC, which is used to trigger eUICC and generates the random number for being used for subsequent authentication (to be denoted as the first random number convenient for distinguishing and illustrating).

It should be understood that the first request message listed above, the first authentication command and the first response message are merely illustrative, any restriction should not be constituted to the present invention, the present invention can also by other message come It triggers eUICC and generates the first random number, or carry the first random number of eUICC generation by other message.

It should be noted that, eUICC described here is based on the authentication command, generating the first random number can be understood as authentication command triggering eUICC the first random number of generation, and not representing the first random number is calculated according to authentication command, in other words, parameter for calculating the first random number in authentication command is not included.Similarly, core net certification entity described hereinafter is based on the first instruction information, generating the second random number can be understood as the first instruction information triggering core net certification entity the second random number of generation, and not representing the second random number is calculated according to the first instruction information, in other words, first indicate not include the parameter for calculating the second random number in information.

For that " will be based on " convenient for distinguishing and understanding, in the application and " according to " is distinguished and used, " being based on " for indicating trigger condition, " according to " indicates the parameter for calculating.For sake of simplicity, hereinafter omitting the explanation to same or similar situation.

In embodiments of the present invention, in order to guarantee integrality of first random number during being sent to core net authenticating device by terminal, the first digital signature, the first random number and the first digital certificate chains can be sent according at least to first the first digital signature of generating random number, and to core net authenticating device.

Optionally, S302 terminal sends the first instruction information and the first random number to core net certification entity, comprising:

The terminal sends the digital certificate of the first instruction information, the first random number, third digital signature and eUICC to core net certification entity, so that after core net certification entity passes through the third digital signature authentication, generate the second random number and the first digital signature, wherein, the third digital signature is by the mobile network appliance according at least to first generating random number.

Specifically, terminal first can send third digital signature to core net certification entity when determining with without signing access way access network.Core net authenticate entity before generating the first digital signature, can the integrality first to the first random number of terminal verify.Specifically, terminal sends the first random number, third digital signature, the digital certificate of eUICC and the first instruction information to core net certification entity, wherein, third digital signature is by the terminal according at least to the first generating random number, in order to which the mobile network appliance verifies third digital signature, after the integrality for confirming the first random number, according at least to first the first digital signature of generating random number, and then the two-way authentication between subsequent terminal and mobile network is carried out.

In embodiments of the present invention, eUICC can be with preset second digital certificate chains.

Optionally, which includes the digital certificate of the digital certificate of the eUICC of terminal configuration and the manufacturer of the eUICC.

Specifically, eUICC manufacturer (eUICC Manufacturer, referred to as " EUM ") it can be to global system for mobile communications alliance (Global Mobile System Alliance, referred to as " GSMA ") check and approve certificate authority (Certification Authority, referred to as " CA ") application digital certificate is (for convenient for distinguishing and illustrate, it is denoted as the digital certificate of eUICC manufacturer), eUICC manufacturer (EUM) is after applying for the digital certificate to eUICC manufacturer, can be used as second level CA is eUICC certificate (for convenient for distinguishing and illustrate, it is denoted as the digital certificate of eUICC).Hereinafter, in the case where not making special instruction, the second digital certificate chains include the digital certificate of eUICC manufacturer and the digital certificate of eUICC.

It should be understood that, certificate chain recited herein include eUICC manufacturer digital certificate and eUICC digital certificate the case where be merely illustrative, the certificate chain can also include the digital certificate of more levels, junior's digital certificate depends on higher level's digital certificate, and higher level's digital certificate can be used for the verifying to junior's digital certificate.It will also be understood that, second digital certificate chains recited herein are that the form of certificate chain is merely illustrative, any restriction should not be constituted to the present invention, the present invention is not excluded for the CA for the manufacturer that may be introduced, a possibility that directly issuing digital certificate for eUICC, in this case, which can only include a digital certificate, that is, the digital certificate of eUICC.

It should also be understood that eUICC presets the public key of the root certificate of the CA of GSMA approval, or the root certificate of the CA of GSMA approval can also be preset, to be verified to other by the digital certificate that the CA that GSMA is checked and approved is issued.It should be noted that eUICC can be understood as a platform.If the eUICC provides types of applications wherein saving the user signing contract information of the eUICC for contracted user, for example, providing GSM application for 2G user, for 3G and 4G user, USIM application can be provided.If the eUICC is unsigned user, the corresponding application of any user's signing is not saved in the card.On the other hand, eUICC is based on the first request message and generates the first random number, and is sent to core net by modem and authenticates entity, in order to which core net certification entity is according to first random number, it generates digital signature (to be denoted as the first digital signature convenient for distinguishing and illustrating).

S304, core net authenticate entity and are based on the first instruction information, generate the second random number.

S306, core net authenticate entity according at least to the first random number and the second random number, generate the first digital signature.

Specifically, core net certification entity is receiving the first instruction information, that is, after determining that terminal is needed by accessing without signing access way, the vector for certification is just generated, for example, the second random number.And according at least to the first random number received and second random number of generation, the first digital signature is generated.

It should be understood that core net certification entity generates first according at least to the first random number and the second random number Digital signature, that is, at least using the first random number and the second random number as digital information, generate the first signature.

S308, core net authenticate entity and send the first digital signature, the first digital certificate chains and the second random number to terminal.

S310, the first digital signature of terminal authentication.

Terminal verifies the first digital signature according to the first random number, the second random number and the first digital certificate.

Optionally, the first digital signature of S310 terminal authentication, comprising:

Terminal triggers eUICC by the second request message and verifies the first digital signature, and according at least to second the second digital signature of generating random number of second request message carrying.

In embodiments of the present invention, which can be the second authentication command (Authenticate Command).

That is, in embodiments of the present invention, terminal triggers eUICC by the second authentication command and authenticates the first digital signature, in other words, authentication is carried out to core net certification entity.And after passing through to the first digital signature identification, the second random number sended over according at least to core net certification entity, generate the second digital signature, and it is sent to core net certification entity, in order to which core net certification entity authentication authenticates second digital signature, in other words, authentication is carried out to terminal.

It should be understood that, second request message, the second authentication command and the second response message listed above is merely illustrative, any restriction should not be constituted to the present invention, the present invention can also trigger eUICC by other message and verify the first digital signature and generate the second digital signature, or the second digital signature and the second digital certificate chains of eUICC generation are carried by other message.

In embodiments of the present invention, core net certification entity can also can obtain the first digital certificate chains, the present invention is to this and is not particularly limited after receiving the first instruction information with preset first digital certificate chains.

Optionally, the first digital certificate chains include: the digital certificate of the operator of the mobile network appliance and the digital certificate of the mobile network appliance, alternatively, the digital certificate of the mobile network appliance.

In one implementation, mobile network appliance can by the mobile network appliance (such as, core net certification entity or core net voucher storage entity) the CA of operator obtain digital certificate (for convenient for distinguishing and illustrate, it is denoted as the digital certificate of mobile network appliance), the digital certificate of the mobile network appliance is directly issued by the CA of operator, and the CA of the operator of the mobile network appliance is root CA.In this case, the first digital certificate chains can only include a digital certificate.

It should be noted that in this implementation, if the eUICC application certificate that terminal is configured Root CA (such as, the CA that GSMA is checked and approved) with the CA of operator for two different root CA when, it to be authenticated between terminal and mobile network's entity, it needs to configure the root certificate of the CA of operator in eUICC, mobile network appliance configures the root certificate of the root CA (for example, CA that GSMA is checked and approved) of eUICC;Alternatively, realizing mutual trust between two root CA, the certification between terminal and mobile network appliance, i.e. cross-certification [3GPP TS33.310] are completed.Such as, two root CA are to issue digital certificate each other, that is the root CA of eUICC application certificate is that the CA of operator issues digital certificate, operator CA is also that the root CA of eUICC application certificate issues digital certificate, two root CA store the digital certificate respectively issued each other, when mobile network appliance authenticates terminal identity, needing the CA to operator to obtain the CA of the operator is the digital certificate issued root CA, and the step of being verified using digital certificate chains verifies digital certificate;Or two CA carry out cross-certification by bridge CA, two root CA believe that any one bridge CA, i.e. two root CA are respectively mutually to issue digital certificate with bridge CA, complete cross-certification by bridge CA.The present invention for relationship of building up mutual trust between CA specific method and be not particularly limited.

Terminal can verify the first digital signature according at least to the first digital certificate chains (in other words, the digital certificate of mobile network appliance) received and the second random number and the first random number itself generated.It should be understood that terminal is identical as the principle that apparatus described above A verifies digital signature B according to digital certificate B, message M according to the principle that the first digital certificate chains, the first random number and the second random number verify the first digital signature.Detailed process needs the type according to digital certificate, the signature algorithm and signature hash algorithm marked in digital certificate is verified, digital certificate type can be for support X.509, global platform (Global Platform, referred to as " GP ")) etc. formats digital certificate, the signature algorithm of digital certificate can support elliptic curve digital signature algorithm (Elliptic Curve Digital Signature Algorithm, referred to as " ECDSA "), Peter Lonard Lee Vista, A Di Shamir, Leonard A Deman (Ron Rivest, Adi Shamir, Leonard Adleman, referred to as " RSA ") public key encryption algorithm, Digital Signature Algorithm (Digital Signature Algorithm, referred to as " DSA "), ELGamal algorithm etc., signature hash algorithm can support Message Digest Algorithm 5 (Message Digest Algorithm 5, referred to as " MD5 "), Secure Hash Algorithm (Secure Hash Algorithm, referred to as " SHA ") -1, SHA-256, SHA-512 etc..For sake of simplicity, will not enumerate here.Hereinafter, for sake of simplicity, omitting the explanation to same or similar situation.

It should be understood that, terminal is verified to the first digital signature, depend not only upon above-mentioned the first digital certificate chains enumerated, the first random number and the second random number, also rely on the private key of terminal itself, in the detailed process that apparatus described above A verifies digital signature B according to digital certificate B, message M, the effect of public and private key is detailed, for sake of simplicity, which is not described herein again.Hereinafter, in order to Succinctly, the explanation to same or similar situation is omitted.

In another implementation, the operator CA of mobile network appliance is second level CA.Specifically, the CA application digital certificate that the operator of the mobile network appliance can check and approve to GMSA is (for convenient for distinguishing and illustrate, it is denoted as the digital certificate of operator), operator is after applying for the digital certificate to operator, can be used as second level CA is core net certification entity certificate (to be denoted as the digital certificate of mobile network appliance convenient for distinguishing and illustrating).

It should be understood that the CA apply certificate checked and approved from GSMA of operator CA of mobile network appliance, it is also necessary to for mobile network appliance configuration GSMA approval CA root certificate.

It should be understood that certificate chain recited herein is merely illustrative the case where including the certificate and mobile network appliance digital certificate of operator, which can also include more digital certificates, and junior's digital certificate depends on higher level's digital certificate.

It should be noted that, in embodiments of the present invention, mobile network appliance include the first movement network equipment (such as, core net authenticates entity), first digital certificate chains can be the digital certificate of the digital certificate of the first movement network equipment and the digital certificate of operator or the first movement network equipment.

Correspond ground, in embodiment later, mobile network appliance include the first movement network equipment and the second mobile network appliance (such as, core net voucher storage entity), first digital certificate chains can be the digital certificate of the digital certificate of the second mobile network appliance and the digital certificate of operator or the second mobile network appliance.

Below, in the case where not illustrating, the digital certificate of mobile network appliance be used for refer to the first movement network equipment digital certificate (such as, core net certification entity digital certificate) or the second mobile network appliance digital certificate (for example, digital certificate of core net voucher storage entity).

Optionally, the first digital signature of terminal authentication, comprising:

The public key of the root certificate for the CA that the terminal is checked and approved according to the root certificate or GSMA of the GSMA CA checked and approved verifies the digital certificate of operator, and the public key of the digital certificate according to the operator, verifies to the digital certificate of the mobile network appliance;

When terminal determination passes through the digital certificate authentication of the mobile network appliance, according at least to the digital certificate of first random number, the second random number and the mobile network appliance, which is verified.

It should be noted that including the following three types situation to the verifying of the digital certificate of operator:

Situation one, when the root CA (for example, CA that GSMA is checked and approved) of the CA of operator and eUICC are two different level-one CA, need to carry out cross-certification between two CA, what GSMA was checked and approved CA can issue a digital certificate (for convenient for distinguishing and illustrate to operator, it is denoted as digital certificate 1), the CA of operator issues a digital certificate to the CA that GSMA is checked and approved simultaneously, eUICC is when the digital certificate to operator is verified, first have to verifying digital certificate 1, after digital certificate 1 is verified, the digital certificate of operator is verified;And after the digital certificate authentication of operator passes through, the digital certificate of mobile network appliance is verified.

Situation two, when the CA of operator is second level CA, operator and eUICC share a root CA (for example, CA that GSMA is checked and approved), do not need to carry out cross-certification.In this case, eUICC first verifies that the CA that GSMA is checked and approved is that the digital certificate (that is, digital certificate of operator) that operator issues verifies the digital certificate of mobile network appliance after the digital certificate authentication of operator passes through.

Situation three, when operator CA and eUICC root CA (such as, GSMA check and approve CA) be two different level-one CA when, can be with the root certificate of preset other side, i.e., for the root certificate of the preset eUICC of mobile network appliance of operator, in the root certificate of the preset operator of eUICC.EUICC directly verifies the digital certificate of the mobile network appliance when the digital certificate to mobile network appliance is verified using the root certificate of preset operator.It should be understood that the detailed process of the verifying of the digital certificate described above to the mobile network appliance under different situations can no longer be described in detail herein according to standard [3GPP TS33.310] Lai Zhihang of existing cross-certification, specific implementation.

It should be understood that, terminal according at least to the first digital certificate chains (in other words, the digital certificate of mobile network appliance), the first random number and the second random number principle that the first digital signature is verified it is identical as the principle that apparatus described above A verifies digital signature B according to digital certificate B, message M, detailed process needs the type according to digital certificate, the signature algorithm marked in digital certificate and signature hash algorithm to be verified, for sake of simplicity, which is not described herein again.

S312, terminal generate the second digital signature according at least to the second random number.

Optionally, S312 terminal generates the second digital signature according at least to the second random number, comprising:

Terminal, according at least to the second random number, generates the second digital signature by configured eUICC.

S314, terminal send the second digital certificate chains and the second digital signature to core net certification entity.

Optionally, S314 terminal sends the second digital certificate chains and the second digital signature to core net certification entity, comprising:

Terminal forwards the second request response of eUICC generation, carries the second digital certificate chains and the second digital signature in second request response.

S316, core net authenticate the second digital signature of object authentication.

Terminal generates the second digital signature according at least to the second random number received, and digital by second Signature, the second digital certificate chains are sent to core net certification entity, in order to which core net certification entity verifies terminal, in other words, carry out authentication to terminal.Core net authenticates entity according at least to the second digital certificate chains, the second random number, verifies to the second digital signature.

Here, it should be noted that since the second digital certificate chains are sent in the form of certificate chain, that is, include the digital certificate of eUICC manufacturer and the digital certificate of eUICC.Therefore, terminal is verified firstly the need of to certificate chain.

Optionally, which includes the digital certificate of eUICC manufacturer and the digital certificate of eUICC;

Core net certification entity first verifies the digital certificate of eUICC manufacturer, after being verified, according to the digital certificate of the eUICC manufacturer, verifies to the digital certificate of the eUICC;

When core net certification entity determination passes through the digital certificate authentication of the eUICC, according to the digital certificate of second random number and the eUICC, which is verified.

It should be understood that, the principle that core net certification entity verifies the second digital signature according at least to the second digital certificate chains, the second random number is identical as the principle that apparatus described above A verifies digital signature B according to digital certificate B, message M, detailed process needs the type according to digital certificate, the signature algorithm marked in digital certificate and signature hash algorithm to be verified, for sake of simplicity, which is not described herein again.

Core net certification entity and terminal room complete two-way authentication as a result,.

Therefore, the authentication method of mobile network according to an embodiment of the present invention, by the way that digital signature is generated between terminal and mobile network appliance respectively, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Terminal is after completing two-way authentication with network; it can be communicated; but since terminal is by accessing network without signing access way; do not hold the root key not consulted in advance; therefore, the NAS layer between terminal and mobile network appliance and AS layer for encrypting can not be derived to obtain with the key of integrity protection by root key in the prior art.

In one implementation, terminal or mobile network appliance can generate session key with itself, which can be used for generating derivative key, and the derivative key is for the NAS layer between terminal and mobile network appliance with AS layers for encryption and integrity protection.

Hereinafter, the detailed process for generating session key (method one) and terminal generation session key (method two) by mobile network appliance is described in detail respectively.

Method one

Optionally, S308 core net authenticates entity and sends the first digital signature, the first digital certificate chains and the second random number to terminal, comprising:

The core net authenticates entity and generates session key; and the session key is encrypted according to the public key for including in the digital certificate of the eUICC; generate the session key of encryption; for the session key for generating derivative key, which is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;

The core net authenticates entity and generates first digital signature according at least to the session key of first random number, second random number and the encryption;

Core net certification entity sends the session key of first digital signature, second random number, first digital certificate chains and the encryption to the terminal, in order to which the terminal decrypts according to the private key of the eUICC session key of the encryption, obtain the session key, wherein, the public key for including in the private key of the eUICC and the digital certificate of the eUICC is corresponding.

Optionally, first digital signature, second random number and the first digital certificate chains that core net certification certification entity is sent are received in the terminal, and after verifying first digital signature, this method 300 further include:

The terminal decrypts the session key of the encryption according to the private key of the eUICC, obtains the session key.

Specifically, the detailed process that core net certification entity generates session key is described in detail in method one.After core net authenticates entity generation session key, session key is encrypted according to the public key for including in the digital certificate of eUICC, the session key of the encryption could only be decrypted by the private key of terminal (that is, private key corresponding with the public key for including in the digital certificate of eUICC).And, core net authenticates entity and generates the first digital signature according at least to the session key of the first random number, the second random number and encryption, and the session key of the second random number, the first digital signature and encryption is sent to terminal, in order to which terminal verifies the first digital signature, and it is being verified (i.e., the authentication of core net certification entity is passed through) after, the session key of the encryption is decrypted, session key is obtained.

Method two

Optionally, which includes the digital certificate of core net certification entity, and,

First digital signature, second random number and the first digital certificate chains that core net certification entity is sent are received in the terminal, and after verifying first digital signature, this method 300 further include:

The terminal generates session key, and the session key of encryption is generated according to public key encryption session key that the digital certificate that the core net authenticates entity includes, and the session key is for generating derivative key, the group Raw key is used for the encryption and integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum;

The S312 terminal generates the second digital signature according at least to the second random number, comprising:

The terminal generates second digital signature according at least to the session key of second random number and the encryption;

The S314 terminal sends second digital certificate chains and the second digital signature to core net certification entity, comprising:

The terminal sends the session key of second digital signature, second digital certificate chains and the encryption to core net certification entity, in order to which core net certification entity decrypts the session key of the encryption according to the private key that the core net authenticates entity, obtain the session key, wherein, the private key of core net certification entity is corresponding with the public key that the digital certificate of core net certification entity includes.

Specifically, the detailed process for generating session key by terminal is described in detail in method two.Terminal can be after the first digital signature authentication sent to core net certification entity passes through, generate session key, and the public key for according to the digital certificate of mobile network appliance including encrypts the session key, the session key of the encryption can only could be decrypted by the private key (that is, private key corresponding with the public key for including in the digital certificate of mobile network appliance) of mobile network appliance.And, terminal generates the second digital signature according at least to the second random number and the session key of encryption, and the session key of the second digital signature and encryption is sent to core net certification entity, in order to which core net certification entity verifies the second digital signature, and it is being verified (i.e., the authentication of terminal is passed through) after, the session key of the encryption is decrypted, session key is obtained.

It should be noted that the session key can specifically be generated by eUICC, and encrypted according to the public key of mobile network appliance, the session key encrypted.

In another implementation; terminal and person's mobile network appliance can generate session key with joint consultation; the session key can be used for generating derivative key, and the derivative key is for the NAS layer between terminal and mobile network appliance with AS layers for encryption and integrity protection.

Hereinafter, the detailed process for generating session key (method three) by terminal and mobile network appliance joint consultation is described in detail.

Method three

Optionally, S308 core net authenticates entity and sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising:

The core net authenticates entity and generates the first public private key pair, which includes the first public key and the first private key, and first public key is corresponding with first private key, which is that the core net is recognized Confirm what body was generated based on the first instruction information;

The core net authenticates entity and sends first digital signature, second random number, first digital certificate chains and the first public key to terminal, which is generated by core net certification entity according at least to first random number, second random number and first public key;

This method 300 further include:

Core net certification entity receives the second public key of terminal transmission; second public key is the public key in the second public private key pair that the terminal generates; second public private key pair includes second public key and the second private key; second public key is corresponding with second private key; second private key and first public key are for terminal generation session key; for the session key for generating derivative key, which is used for the encryption and integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum;

The core net authenticates entity according to second public key and first private key, generates the session key.

Specifically, core net certification entity and terminal can generate disposable public private key pair respectively, for example, core net certification entity generates the first public private key pair, terminal generates the second public private key pair.Wherein, the first public private key pair includes the first public key and the first private key, and the second public private key pair includes the second public key and the second private key.There is corresponding relationship between public key and private key.For example, generating public private key pair according to graceful (Diffie-Hellman, referred to as " the DH ") algorithm of diffie-hellman, the first public key is b, and the first private key is gbmodp;Second public key is a, and the second private key is gamodp.This programme also supports the extension of a variety of DH algorithms, such as it is based on elliptic curve cryptosystem (Elliptic Curve Cryptosystems, referred to as " ECC ") DH password exchange algorithm (referred to as " ECDH "), DH algorithm based on elliptic curve etc., the present invention is to the algorithm for generating session key and is not particularly limited.

In embodiments of the present invention, the first public key and the second private key generate session key, the second public key and the first private key for terminal and generate session key for core net certification entity.Specifically, terminal and core net certification entity can be based on identical cipher key agreement algorithm (for example, DH algorithm), generate session key.For example, terminal is according to the first public key b and the second private key gaModp generates session key K=gabmodp;Core net authenticates entity according to the second public key a and the first private key gbModp generates root key K=gabmodp.It should be understood that the algorithm that the above-mentioned terminal enumerated and core net certification entity generate root key is merely illustrative, any restriction should not be constituted to the present invention, the present invention also should not necessarily be limited by this.

It should be noted that passing through description above it is found that the second public private key pair for generating session key can be generated by eUICC, therefore, which specifically can be negotiated to generate by eUICC and mobile network appliance.

Further, in embodiments of the present invention, core net certification entity can send the first number to terminal Word signature, the first digital certificate chains, the second random number and the first public key, in order to terminal to the first digital signature authentication (i.e., to core net certification entity authentication) pass through after, according to the first public key and itself generate the second private key, generate session key.

Similarly, terminal is after generating the second public private key pair and after completing to the verifying of the first digital signature, entity can be authenticated to core net send the second digital signature, the second digital certificate chains and the second public key, in order to core net certification entity to the second digital signature authentication (i.e., authentication to terminal) pass through after, according to the second public key and the first private key itself generated, session key is generated.

It should be noted that terminal mentioned here and NAS layers and AS layers of LA Management Room of encryption and integrity protection may include: encryption and integrity protection, the encryption of AS signaling and the encryption in integrity protection and user face and the integrity protection of NAS signaling.

It should also be noted that, session key and K shown in Fig. 2 described aboveASMEIt acts on similar.It is denoted by session key in the embodiment of the present invention, it should not be acted on and constitute any restriction.The present invention is not exclusively by other addresses also to state with the possibility with the session key in the embodiment of the present invention with phase same-action.

It should be understood that terminal described above and the mutual hair public key of core net certification entity difference, and the detailed process based on public key encryption, private key decryption (asymmetric encryption) are similar to the prior art, for sake of simplicity, which is not described herein again.

Further, in embodiments of the present invention, since core net certification entity may handle the access request of multiple terminals simultaneously, for convenient for differentiation the first private key corresponding with each terminal, core net certification entity can store the contextual information of each terminal, for example, core net certification entity can store the corresponding relationship of the first private key and terminal.

In one implementation, when terminal sends third digital signature to core net certification entity, include the mark (Identity for identifying the terminal in the third digital signature, referred to as " ID "), or, eUICC for identifying the eUICC card that the terminal is held identifies (Embedded Identity, referred to as " EID ").It should be understood that the mark for identifying terminal is not limited in ID or EID, the mark of unique identification terminal can also be can be used for for other, the present invention is to this and is not particularly limited.For purposes of illustration only, mark corresponding with the terminal is denoted as first identifier.

First public key is sent to terminal when generating the first public and private key by core net certification entity, and saves the contextual information of terminal, such as corresponding relationship of the first private key and first identifier.In other words, the contextual information of multiple terminals is saved in core net certification entity.

It, can be according to the terminal when core net certification entity receives the second public key of terminal transmission First identifier obtains the first private key corresponding with the terminal, and then generates session key.

The method that terminal and core net certification entity generate derivative key according to session key, it is similar to method shown in Fig. 2, for sake of simplicity, which is not described herein again.Therefore, entity is authenticated by terminal and core net and generates session key, and then generate the key of the encryption and completeness check for terminal and inter-net communication, ensure that the safety of intercommunication.

Optionally, in embodiments of the present invention, the process that two-way authentication and session key generate can carry out simultaneously, i.e., the information for being used for two-way authentication and the information for being used to generate session key are carried in the same message and are sent, to reduce terminal and internetwork Signalling exchange.

Specifically, the first random number, the first instruction information, the digital certificate of eUICC and third digital signature can be carried in first message simultaneously, which can be access request message;Second random number, the first digital signature, the first digital certificate chains and the first public key can be carried in second message simultaneously, which can be authentication request message;Second digital signature, the second digital certificate chains and the second public key can be carried on simultaneously in third message, which can be authentication response message.

For ease of understanding, below by taking fig. 4 to fig. 6 as an example, the interaction between terminal and core net certification entity is described in detail.

Fig. 4 is another schematic flow chart of the authentication method 400 of mobile network according to an embodiment of the invention.It should be understood that, Fig. 4 show the first movement network equipment (such as, core net authenticates entity) the detailed communication steps or operation of the method for certification according to an embodiment of the invention that are described with the angle of terminal interaction, but these steps or operation are only examples, and the deformation of other operations or the various operations in Fig. 4 can also be performed in the embodiment of the present invention.In addition, each step in Fig. 4 can be executed according to the different sequences presented from Fig. 4, and it is possible to not really want to execute all operationss in Fig. 4.

As shown in figure 4, the authentication method 400 includes:

S402, terminal to core net certification entity send access request message, first random number of access request message bearing, first instruction information, eUICC digital certificate and third digital signature;

S404, core net are authenticated entity according to the first instruction information, the digital certificate and third digital signature of eUICC, verify third digital signature, verified with the integrality to the first random number;

S406, core net authenticate entity and are based on the first instruction information, generate the second random number;

S408, core net authenticates entity and generates session key, and is encrypted according to the public key for including in the digital certificate of eUICC to session key, generates the session key of encryption;

S410, core net authenticate entity according at least to the session key of the first random number, the second random number and encryption, generate the first digital signature;

S412, core net authenticate entity and send authentication request message to terminal, which carries the session key of the first digital certificate chains, the first digital signature, the second random number and encryption;

S414, terminal are verified (that is, authentication to core net certification entity) to the first digital signature according to the session key of the first digital certificate chains, the second random number and encryption;

S416, after terminal passes through the first digital signature authentication, the session key of the corresponding private key decryption encryption of the public key that the digital certificate according to the eUICC includes obtains the session key;

S418, terminal generate the second digital signature according at least to the second random number;

S420, terminal send authentication response message to core net certification entity, which carries the second digital signature and the second digital certificate chains;

S422, core net authenticate entity according to the second digital certificate chains and the second random number, are verified (i.e. to the second digital signature, the identity of terminal is authenticated), if being verified, subsequent operation (that is, derivative key is generated according to session key) is executed;If verifying does not pass through, S424 is executed;

S424, core net authenticate entity in, deletion session key obstructed out-of-date to the second digital signature authentication.

Here, it should be noted that, if core net, which authenticates entity, obtains digital certificate from the CA of operator, and the CA of operator is the root CA that core net authenticates entity, then the first digital certificate chains include the digital certificate of core net certification entity, the digital certificate of operator is carried in the authentication request message then sent in S412, in S414, terminal verifies the first digital signature according to third digital certificate;If core net, which authenticates entity, obtains digital certificate from the CA of operator, and the CA that operator checks and approves from GSMA obtains digital certificate, that is the CA of operator is second level CA, then first digital certificate chains include the digital certificate of operator and the digital certificate of core net certification entity, the digital certificate of operator and the digital certificate of core net certification entity are carried in the authentication request message sent in S412, in S414, terminal is verified according to the digital certificate that the digital certificate and core net of operator authenticate entity, and when the digital certificate authentication to core net certification entity passes through, the first digital signature is verified according to the digital certificate that core net authenticates entity.It should be understood that terminal is similar to the specific method that apparatus described above A verifies digital signature B according to digital certificate B, message M according to the specific method that the first digital certificate chains verify the first digital signature, for sake of simplicity, which is not described herein again.

Similarly, the eUICC of terminal configuration obtains the digital certificate of eUICC from manufacturer, and the CA that manufacturer checks and approves from GSMA obtains the digital certificate of eUICC manufacturer.The digital certificate that eUICC can be only carried in the access request message sent in S402, in S404, core net authenticates entity according to the digital certificate of eUICC, verifies to the integrality of the first random number;The digital certificate of eUICC manufacturer and the number card of eUICC can be carried in the authentication response message that S420 is sent Book, in S422, core net certification entity verifies the digital certificate of eUICC according to the digital certificate of eUICC manufacturer, and when the digital certificate authentication to eUICC passes through, is verified according to the digital certificate of eUICC to the second digital signature.It should be understood that, the specific method that core net certification entity verifies the second digital signature according to the second digital certificate chains is similar to the specific method that apparatus described above A verifies digital signature B according to digital certificate B, message M, for sake of simplicity, which is not described herein again.

Here, it should be noted that can also prestore other multiple certificates in the eUICC that terminal is configured, the present invention for the certificate in eUICC quantity or type and be not particularly limited.

It should be understood that the detailed process in method 400 is similar to the detailed process in method 300, difference is, each information is carried in different message and is sent to opposite end.For sake of simplicity, no longer elaborating here to the detailed process of method 400.

Fig. 5 is the another schematic flow chart of the authentication method 500 of mobile network according to an embodiment of the invention.It should be understood that, Fig. 5 show the first movement network equipment (such as, core net authenticates entity) the detailed communication steps or operation of the method for certification according to an embodiment of the invention that are described with the angle of terminal interaction, but these steps or operation are only examples, and the deformation of other operations or the various operations in Fig. 5 can also be performed in the embodiment of the present invention.In addition, each step in Fig. 5 can be executed according to the different sequences presented from Fig. 5, and it is possible to not really want to execute all operationss in Fig. 5.

As shown in figure 5, the authentication method 500 includes:

S502, terminal to core net certification entity send access request message, first random number of access request message bearing, first instruction information, eUICC digital certificate and third digital signature;

S504, core net are authenticated entity according to the first instruction information, the digital certificate and third digital signature of eUICC, verify third digital signature, verified with the integrality to the first random number;

S506, core net authenticate entity and are based on the first instruction information, generate the second random number;

S508, core net authenticate entity according at least to the first random number and the second random number, generate the first digital signature;

S510, core net authenticate entity and send authentication request message to terminal, which carries the first digital certificate chains, the first digital signature and the second random number;

S512, terminal are verified (that is, authentication to core net certification entity) according to the first digital certificate chains and the second random number, to the first digital signature;

S514, terminal generates session key after passing through to the first digital signature authentication, and is encrypted according to the public key for including in the digital certificate of mobile network appliance to session key, and the session for generating encryption is close Key;

S516, terminal generate the second digital signature according at least to the session key of the second random number and encryption;

S518, terminal send authentication response message to core net certification entity, which carries the session key of the second digital signature, the second digital certificate chains and encryption;

S520, core net authenticate entity according to the second digital certificate chains and the second random number, are verified (that is, the identity to terminal authenticates) to the second digital signature;

S522, after core net certification entity passes through the second digital signature authentication, the session key that the private key decryption encryption of entity is authenticated according to core net, obtains the session key, and the private key of core net certification entity is corresponding with the public key that the digital certificate of core net certification entity includes.

It should be understood that the detailed process in method 500 is similar to the detailed process in method 300, difference is, each information is carried in different message and is sent to opposite end.For sake of simplicity, no longer elaborating here to the detailed process of method 400.

Fig. 6 is another schematic flow chart of the authentication method of mobile network according to an embodiment of the invention.It should be understood that, Fig. 6 show the first movement network equipment (such as, core net authenticates entity) the detailed communication steps or operation of the method for certification according to an embodiment of the invention that are described with the angle of terminal interaction, but these steps or operation are only examples, and the deformation of other operations or the various operations in Fig. 6 can also be performed in the embodiment of the present invention.In addition, each step in Fig. 6 can be executed according to the different sequences presented from Fig. 6, and it is possible to not really want to execute all operationss in Fig. 6.

As shown in fig. 6, the authentication method 600 includes:

S602, terminal to core net certification entity send access request message, first random number of access request message bearing, first instruction information, eUICC digital certificate and third digital signature;

S604, core net are authenticated entity according to the first instruction information, the digital certificate and third digital signature of eUICC, verify third digital signature, verified with the integrality to the first random number;

S606, core net authenticate entity and are based on the first instruction information, generate the second random number;

S608, core net authenticate entity and generate the first public private key pair, which includes the first public key and the first private key;

S610, core net authenticate entity according at least to the first random number, the second random number and the first public key, generate the first digital signature;

S612, core net authenticate entity and send authentication request message to terminal, which carries the first digital certificate chains, the first digital signature, the second random number and the first public key;

S614, terminal is according to the first digital certificate chains, the second random number and the first public key, to the first number Signature is verified (that is, authentication to core net certification entity);

S616, terminal generate the second public private key pair, which includes the second public key and the second private key;

S618, terminal can generate session key according to the first public key and the second private key after passing through to the first digital signature authentication;

S620, terminal can generate the second digital signature according at least to the second random number and the second public key after passing through to the first digital signature authentication;

S622, terminal send authentication response message to core net certification entity, which carries the second digital signature, the second digital certificate chains and the second public key;

S624, core net authenticate entity according to the second digital certificate chains and the second random number, are verified (that is, authentication to terminal) to the second digital signature;

S626, core net authenticate entity after passing through to the first digital signature authentication, can generate session key according to the first private key and the second public key.

It should be understood that the detailed process in method 500 is similar to the detailed process in method 300, difference is, each information is carried in different message and is sent to opposite end.For sake of simplicity, no longer elaborating here to the detailed process of method 400.

Therefore, the authentication method of mobile network according to an embodiment of the present invention, by the way that digital signature is generated between terminal and mobile network appliance respectively, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

More than, in conjunction with Fig. 3 to Fig. 6, the authentication method of mobile network according to an embodiment of the invention is described in detail.Hereinafter, the authentication method of mobile network according to another embodiment of the present invention is described in detail in conjunction with Fig. 7 and Figure 10.

Situation two

Fig. 7 is the schematic flow chart of the authentication method 700 of mobile network according to another embodiment of the present invention.It should be understood that, Fig. 7 show the first movement network equipment (such as, core net authenticate entity), the second mobile network appliance (such as, core net voucher storage entity) the detailed communication steps or operation of the method for certification according to an embodiment of the invention that are described with the angle of terminal interaction, but these steps or operation are only examples, and the deformation of other operations or the various operations in Fig. 7 can also be performed in the embodiment of the present invention.In addition, each step in Fig. 7 can be executed according to the different sequences presented from Fig. 7, and it is possible to not really want to execute all operationss in Fig. 7.

As shown in fig. 7, the authentication method 700 includes:

S702, terminal send the first instruction information and the first random number to core net certification entity;

S704, core net authenticate entity to the first instruction information of core net voucher storage entity forwarding and the first random number;

S706, core net voucher storage entity are based on the first instruction information, generate the second random number;

S708, core net voucher storage entity generate the first digital signature according at least to the first random number and the second random number;

S710, core net voucher storage entity send the first digital certificate chains, the first digital signature and the second random number to core net certification entity;

S712, core net authenticate entity and forward the first digital certificate chains, the first digital signature and the second random number to terminal;

S714, the first digital signature of terminal authentication;

S716, terminal generate the second digital signature according at least to the second random number;

S718, terminal send the second digital signature and the second digital certificate chains to core net certification entity;

S720, core net authenticate the second digital signature of object authentication.

Optionally, as one embodiment, S702 terminal sends the first instruction information and the first random number to core net certification entity, comprising: terminal sends the digital certificate of the first instruction information, the first random number and eUICC to core net certification entity.

Optionally, S704 core net authenticates entity to the first instruction information of core net voucher storage entity forwarding and the first random number, comprising:

Core net authenticates entity to the digital certificate of the first instruction of core net voucher storage entity forwarding information, the first random number and eUICC;

Optionally, S708 core net voucher storage entity generates the first digital signature according at least to the first random number and the second random number, comprising:

The core net voucher storage entity generates first digital signature according at least to the session key of the first random number, the second random number and encryption; the session key of the encryption encrypts session key according to the public key that the digital certificate of the eUICC includes by the core net voucher storage entity and generates; for the session key for generating derivative key, which is used for the encryption and integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum.

S710 core net voucher storage entity sends the first digital certificate chains, the first digital signature and the second random number to core net certification entity, comprising:

The core net voucher storage entity authenticates entity via core net and sends the first digital signature, second random number, first digital certificate chains, session key and the session key of encryption to terminal.

Optionally, as one embodiment, S710 core net voucher storage entity sends the first digital certificate chains, the first digital signature and the second random number to core net certification entity, comprising:

The core net voucher storage entity sends the private key of first digital signature, second random number, first digital certificate chains and the core net voucher storage entity to core net certification entity, wherein, the private key of the core net voucher storage entity is corresponding with the public key that the digital certificate of the core net voucher storage entity includes.

Optionally, S716 terminal generates the second digital signature according at least to the second random number, comprising:

Terminal generates session key, and according to the public key encryption of the digital certificate of the core net voucher storage entity session key, generates the session key of encryption;

Terminal generates second digital signature according at least to the session key of second random number and encryption.

Optionally, as one embodiment, this method 700 further include:

Core net voucher storage entity generates the first public private key pair, which includes the first public key and the first private key, and the first public key is corresponding with the first private key;

Terminal generates the second public private key pair, which includes the second public key and the second private key, and the second public key and the second private key are corresponding;

S708 core net voucher storage entity generates the first digital signature according at least to the first random number and the second random number, comprising:

The core net voucher storage entity generates the first digital signature according to the first random number, the second random number and the first public key;

S710 core net voucher storage entity sends the first digital certificate chains, the first digital signature, the second random number to core net certification entity, comprising:

Core net voucher storage entity sends the first digital certificate chains, the first digital signature, the second random number and the first public key to core net certification entity;

S712 core net authenticates entity and forwards the first digital certificate chains, the first digital signature and the second random number to terminal, comprising:

Core net authenticates entity and forwards first digital certificate chains, the first digital signature, the second random number and the first public key to terminal;

S718 terminal generates the second digital signature according at least to the second random number, comprising:

The terminal generates the second digital signature according at least to the second random number and the second public key.

It should be understood that the detailed process in method 700 is similar to the detailed process in method 300, difference is, authenticates two network equipments of entity and core net voucher storage entity by core net to execute the movement of mobile network appliance.For sake of simplicity, no longer elaborating here to the detailed process of method 700.

Therefore, the authentication method of mobile network according to an embodiment of the present invention, by the way that digital signature is generated between terminal and mobile network appliance respectively, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Optionally, in embodiments of the present invention, the process of two-way authentication and key agreement can also carry out simultaneously, i.e., the information for being used for two-way authentication and the information for being used to generate session key are carried in the same message and are sent, to reduce terminal and internetwork Signalling exchange.

Specifically, the first random number, the first instruction information, the second digital certificate chains and the third digital signature that terminal is sent to core net certification entity can be carried in first message simultaneously, which can be access request message;The the first instruction information and the first random number that core net certification entity is sent to core net voucher storage entity can be carried in second message simultaneously, the second message can be authentication data request message, core net voucher storage entity can be carried on simultaneously in third message to the second random number, the first digital signature, the first digital certificate chains and the first public private key pair that core net certification entity is sent, which can be authentication data response message;The first digital signature, the first digital certificate chains and the first public key that core net certification entity is sent to terminal can be carried on simultaneously in the 4th message, and the 4th message can be authentication request message;Terminal can be carried on simultaneously in the 5th message to the second digital signature, the second digital certificate chains and the second public key that core net certification entity is sent, and the 5th message can be authentication response message.

For ease of understanding, below by taking Fig. 8 to Figure 10 as an example, the interaction of the first movement network equipment (for example, core net certification entity), the second mobile network appliance (for example, core net voucher storage entity) and terminal room is described in detail.

Fig. 8 is another schematic flow chart of the authentication method 800 of mobile network according to another embodiment of the present invention.It should be understood that, Fig. 8 show the first movement network equipment (such as, core net authenticate entity), the second mobile network appliance (such as, core net voucher storage entity) the detailed communication steps or operation of the method for certification according to an embodiment of the invention that are described with the angle of terminal interaction, but these steps or operation are only examples, and the deformation of other operations or the various operations in Fig. 8 can also be performed in the embodiment of the present invention.In addition, each step in Fig. 8 can be executed according to the different sequences presented from Fig. 8, and it is possible to not really want to execute all operationss in Fig. 8.

As shown in figure 8, the authentication method 800 includes:

S802, terminal to core net certification entity send access request message, first random number of access request message bearing, first instruction information, eUICC digital certificate and third digital signature;

S804, core net are authenticated entity according to the first instruction information, the digital certificate and third digital signature of eUICC, verify third digital signature, verified with the integrality to the first random number;

S806, core net authenticate entity and send authentication data request message to core net voucher storage entity, which indicates the digital certificate and third digital signature of information, eUICC;

S808, core net voucher storage entity are based on the first instruction information, generate the second random number;

S810, core net voucher storage entity generates session key, and is encrypted according to the public key for including in the digital certificate of eUICC to session key, generates the session key of encryption;

S812, core net voucher storage entity generate the first digital signature according at least to the session key of the first random number, the second random number and encryption;

S814, core net voucher storage entity to core net certification entity send authentication data response message, the authentication data response message carry second random number, the first digital signature, the first digital certificate chains, session key and encryption session key;

S816, core net authenticate entity and send authentication request message to terminal, which carries the session key of second random number, the first digital signature, the first digital certificate chains and encryption;

S818, terminal are verified (that is, authentication to core net certification entity) to the first digital signature according to the session key of the first digital certificate chains, the second random number and encryption;

S820 after terminal passes through the first digital signature authentication, according to the session key of the private key of eUICC decryption encryption, obtains the session key, the private key of the eUICC is corresponding with the public key that the digital certificate of eUICC includes;

S822, terminal generate the second digital signature according at least to the second random number;

S824, terminal send authentication response message to core net certification entity, which carries the second digital signature and the second digital certificate chains;

S826, core net authenticate entity according to the second digital certificate chains and the second random number, are verified (i.e. to the second digital signature, the identity of terminal is authenticated), if being verified, subsequent operation (that is, derivative key is generated according to session key) is executed;If verifying does not pass through, S828 is executed;

S828, core net authenticate entity in, deletion session key obstructed out-of-date to the second digital signature authentication.

It should be understood that the detailed process in method 800 is similar to the detailed process in method 700, difference exists In each information being carried in different message and is sent to opposite end.For sake of simplicity, no longer elaborating here to the detailed process of method 800.

Fig. 9 is another schematic flow chart of the authentication method 900 of mobile network according to an embodiment of the invention.It should be understood that, Fig. 9 show the first movement network equipment (such as, core net authenticate entity), the second mobile network appliance (such as, core net voucher storage entity) the detailed communication steps or operation of the method for certification according to an embodiment of the invention that are described with the angle of terminal interaction, but these steps or operation are only examples, and the deformation of other operations or the various operations in Fig. 9 can also be performed in the embodiment of the present invention.In addition, each step in Fig. 9 can be executed according to the different sequences presented from Fig. 9, and it is possible to not really want to execute all operationss in Fig. 9.

As shown in figure 9, the authentication method 900 includes:

S902, terminal to core net certification entity send access request message, first random number of access request message bearing, first instruction information, eUICC digital certificate and third digital signature;

S904, core net are authenticated entity according to the first instruction information, the digital certificate and third digital signature of eUICC, verify third digital signature, verified with the integrality to the first random number;

S906, core net authenticate entity and send authentication data request message, the authentication data request message bearing first instruction information and third digital signature to core net voucher storage entity;

S908, core net voucher storage entity are based on the first instruction information, generate the second random number;

S910, core net voucher storage entity generate the first digital signature according at least to the first random number and the second random number;

S912, core net voucher storage entity sends authentication data response message to core net certification entity, the authentication data response message carries the private key of the first digital certificate chains, the first digital signature, the second random number and core net voucher storage entity, and the private key of the core net voucher storage entity is corresponding with the public key that the digital certificate of the core net voucher storage entity includes;

S914, core net authenticate entity and send authentication request message to terminal, which carries the first digital certificate chains, the first digital signature and the second random number;

S916, terminal are verified (that is, authentication to core net certification entity) according to the first digital certificate chains and the second random number, to the first digital signature;

S918, terminal generates session key after passing through to the first digital signature authentication, and is encrypted according to the public key for including in the digital certificate of mobile network appliance to session key, generates the session key of encryption;

S920, terminal generate the second digital signature according at least to the session key of the second random number and encryption;

S922, terminal send authentication response message to core net certification entity, which carries the session key of the second digital signature, the second digital certificate chains and encryption;

S924, core net authenticate entity according to the second digital certificate chains and the second random number, are verified (that is, the identity to terminal authenticates) to the second digital signature;

S926, according to the session key of the private key of core net voucher storage entity decryption encryption, obtains the session key after core net certification entity passes through the second digital signature authentication.

It should be understood that the detailed process in method 900 is similar to the detailed process in method 700, difference is, each information is carried in different message and is sent to opposite end.For sake of simplicity, no longer elaborating here to the detailed process of method 800.

Figure 10 is another schematic flow chart of the authentication method of mobile network according to an embodiment of the invention.It should be understood that, Figure 10 show the first movement network equipment (such as, core net authenticates entity) the detailed communication steps or operation of the method for certification according to an embodiment of the invention that are described with the angle of terminal interaction, but these steps or operation are only examples, and the deformation of other operations or the various operations in Figure 10 can also be performed in the embodiment of the present invention.In addition, each step in Figure 10 can be executed according to the different sequences presented from Figure 10, and it is possible to not really want to execute all operationss in Figure 10.

As shown in Figure 10, which includes:

S1002, terminal to core net certification entity send access request message, first random number of access request message bearing, first instruction information, eUICC digital certificate and third digital signature;

S1004, core net are authenticated entity according to third digital signature, verify third digital signature, verified with the integrality to the first random number;

S1006, core net authenticate entity and send authentication data request message, the authentication data request message bearing first random number and the first instruction information to core net voucher storage entity;

S1008, core net voucher storage entity are based on the first instruction information, generate the second random number;

S1010, core net voucher storage entity generate the first public private key pair, which includes the first public key and the first private key;

S1012, core net voucher storage entity generate the first digital signature according at least to the first random number, the second random number and the first public key;

S1014, core net voucher storage entity send authentication data response message to core net certification entity, which carries the second random number, the first digital certificate chains, the first digital signature and the first public private key pair;

S1016, core net authenticate entity and save the first private key;

S1018, core net authenticate entity and send authentication request message to terminal, which carries the first digital certificate chains, the first digital signature, the second random number and the first public key;

S1020, terminal verify the first digital signature according to the first digital certificate and the second random number;

S1022, terminal generate the second public private key pair, which includes the second public key and the second private key;

S1024, terminal generate session key according to the first public key and the second private key;

S1026, terminal generate the second digital signature according at least to the second public key and the second random number;

S1028, terminal send authentication response message to core net certification entity, which carries the second digital signature, the second digital certificate chains and the second public key;

S1030, core net authenticate entity according to the second digital certificate chains and the second random number, verify to the second digital signature;

S1032, core net authenticate entity according to the first private key and the second public key, generate session key.

It should be understood that the detailed process in method 1000 is similar to the detailed process in method 700, difference is, different information is carried in different message and is sent to opposite end.For sake of simplicity, no longer elaborating here to the detailed process of method 1000.

Therefore, the authentication method of mobile network according to an embodiment of the present invention, by the way that digital signature is generated between terminal and mobile network appliance respectively, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

It should be understood that the size of the serial number of each process is not meant that the order of the execution order in embodiment shown in those figures, the execution sequence of each process be should be determined by its function and internal logic, and the implementation process of the embodiments of the invention shall not be constituted with any limitation.It for example, S616 can be executed before S618, can also be executed after S618 passes through the first digital signature authentication, further according to the first public key and the second private key, generate session key.In another example S1010 can be executed after S1008, can also with before S1008 or be 1008 to be performed simultaneously.

More than, the authentication method of mobile network according to an embodiment of the present invention is described in detail in conjunction with Fig. 3 to Figure 10.Hereinafter, the authentication device of mobile network according to an embodiment of the present invention is described in detail in conjunction with Figure 11 to Figure 13.

Figure 11 is the schematic block diagram of the authentication device 10 of mobile network according to an embodiment of the invention.As described in Figure 11, which includes: transmission unit 11, receiving unit 12, processing unit 13 and generation unit 14.

Wherein, the transmission unit 11 is used to send the first instruction information and the first random number to mobile network appliance, the first instruction information is used to indicate authentication device request without signing access way access to mobile network, in order to which the mobile network appliance is based on the first instruction information, the second random number is generated, and according at least to first random number and first digital signature of the second generating random number;

The receiving unit 12 is used to receive first digital signature, second random number and the first digital certificate chains of mobile network appliance transmission;

The processing unit 13 is for verifying first digital signature;

The generation unit 14 is used for according at least to second digital signature of the second generating random number;

The transmission unit 11 is also used to send second digital signature and the second digital certificate chains to the mobile network appliance, in order to which the mobile network appliance verifies second digital signature.

The authentication device 10 of mobile network according to an embodiment of the present invention can correspond to the terminal in the authentication method of mobile network according to an embodiment of the present invention, and, each module and other above-mentioned operation and/or functions in the authentication device 10 are respectively in order to realize the corresponding process of each method of the Fig. 3 into Figure 10, for sake of simplicity, details are not described herein.

Therefore, the authentication device of mobile network according to an embodiment of the present invention, by generating digital signature respectively between mobile network appliance, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Figure 12 is the schematic block diagram of the authentication device 20 of mobile network according to another embodiment of the present invention.As shown in figure 12, which includes: receiving unit 21, transmission unit 22 and processing unit 23.

Wherein, which is used to receive the first instruction information and the first random number of terminal transmission, which is used to indicate the terminal request without signing access way access to mobile network;

The transmission unit 22 is used to send the first digital signature, the second random number and the first digital certificate chains to the terminal, in order to the terminal authentication first digital signature, first digital signature and second random number are generated based on the first instruction information, which is according at least to second random number and first generating random number;

The receiving unit 21 is also used to receive second digital signature of the second digital certificate chains of terminal transmission with the terminal according at least to second generating random number;

The processing unit 23 is for verifying second digital signature.

The authentication device 20 of mobile network according to an embodiment of the present invention can correspond to the first movement network equipment in the authentication method of mobile network according to an embodiment of the present invention, and, each module and other above-mentioned operation and/or functions in the authentication device 20 are respectively in order to realize the corresponding process of each method of the Fig. 3 into Figure 10, for sake of simplicity, details are not described herein.

Therefore, the authentication device of mobile network according to an embodiment of the present invention, by generating digital signature respectively between terminal, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Figure 13 is the schematic block diagram of the authentication device 30 of the mobile network of another embodiment according to the present invention.As shown in figure 13, which includes: receiving unit 31, generation unit 32 and transmission unit 33.

Wherein, which is used to receive the first instruction information and the first random number of first movement network equipment transmission, and the first instruction information is used to indicate the terminal request without signing access way access network;

The generation unit 32 is used to generate the second random number based on the first instruction information, and according at least to first random number and second random number, generates the first digital signature;

The transmission unit 33 is used to send first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, in order to the first digital signature described in the terminal authentication.

The authentication device 30 of mobile network according to an embodiment of the present invention can correspond to the second mobile network appliance in the authentication method of mobile network according to an embodiment of the present invention, and, each module and other above-mentioned operation and/or functions in the authentication device 30 are respectively in order to realize the corresponding process of each method of the Fig. 3 into Figure 10, for sake of simplicity, details are not described herein.

Therefore, the authentication device of mobile network according to an embodiment of the present invention, by generating digital signature respectively between terminal, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

More than, the authentication device of mobile network according to an embodiment of the present invention is described in detail in conjunction with Figure 11 to Figure 13.Hereinafter, the authenticating device of mobile network according to an embodiment of the present invention is described in detail in conjunction with Figure 14 to Figure 16.

Figure 14 is the schematic block diagram of the authenticating device 40 of mobile network according to an embodiment of the invention. As described in Figure 14, the authenticating device 40 includes: receiver 41, transmitter 42, processor 43, memory 44 and bus system 45, wherein, receiver 41, transmitter 42, processor 43 and memory 44 are connected by bus system 45, the memory 44 is for storing instruction, the processor 43 is used to execute the instruction of the memory 44 storage, receives signal to control and receive device 41, control transmitter 42 sends signal.

Wherein, the transmitter 42 is used to send the first instruction information and the first random number to mobile network appliance, the first instruction information is used to indicate authentication device request without signing access way access to mobile network, in order to which the mobile network appliance is based on the first instruction information, the second random number is generated, and according at least to first random number and first digital signature of the second generating random number;

The receiver 41 is used to receive first digital signature, second random number and the first digital certificate chains of mobile network appliance transmission;

The processor 43 is for verifying first digital signature;

The processor 43 is used for according at least to second digital signature of the second generating random number;

The transmitter 41 is also used to send second digital signature and the second digital certificate chains to the mobile network appliance, in order to which the mobile network appliance verifies second digital signature.

It should be understood that, in embodiments of the present invention, the processor 43 can be central processing unit (central processing unit, referred to as " CPU "), which can also be other general processors, digital signal processor (DSP), specific integrated circuit (ASIC), ready-made programmable gate array (FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor etc..

The processor 43 may include read-only memory and random access memory, and provide instruction and data to processor 43.The a part of of processor 43 can also include nonvolatile RAM.For example, processor 43 can be with the information of storage device type.

The bus system 45 can also include power bus, control bus and status signal bus in addition etc. in addition to including data/address bus.But for the sake of clear explanation, various buses are all designated as bus system 45 in figure.

During realization, each step of the above method can be completed by the integrated logic circuit of the hardware in processor 43 or the instruction of software form.The step of localization method in conjunction with disclosed in the embodiment of the present invention, can be embodied directly in hardware processor and execute completion, or in processor hardware and software module combination execute completion.Software module can be located at random access memory, flash memory, read-only memory, the storage medium of this fields such as programmable read only memory or electrically erasable programmable memory, register maturation In.The step of storage medium is located at memory 44, and processor 43 reads the information in memory 44, completes the above method in conjunction with its hardware.To avoid repeating, it is not detailed herein.

The authenticating device 40 of mobile network according to an embodiment of the present invention can correspond to the terminal in the authentication method of mobile network according to an embodiment of the present invention, and, each module and other above-mentioned operation and/or functions in the authenticating device 40 are respectively in order to realize the corresponding process of each method of the Fig. 3 into Figure 10, for sake of simplicity, details are not described herein.

Therefore, the authenticating device of mobile network according to an embodiment of the present invention, by generating digital signature respectively between mobile network appliance, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Figure 15 is the schematic block diagram of the authenticating device 50 of mobile network according to another embodiment of the present invention.As shown in figure 15, the authenticating device 50 includes: receiver 51, transmitter 52, processor 53, memory 54 and bus system 45, wherein, receiver 51, transmitter 52, processor 53 and memory 54 are connected by bus system 55, the memory 54 is for storing instruction, the processor 53 is used to execute the instruction of the memory 54 storage, receives signal to control and receive device 51, control transmitter 52 sends signal.

Wherein, which is used to receive the first instruction information and the first random number of terminal transmission, which is used to indicate the terminal request without signing access way access to mobile network;

The transmitter 52 is used to send the first digital signature, the second random number and the first digital certificate chains to the terminal, in order to the terminal authentication first digital signature, first digital signature and second random number are generated based on the first instruction information, which is according at least to second random number and first generating random number;

The receiver 51 is also used to receive second digital signature of the second digital certificate chains of terminal transmission with the terminal according at least to second generating random number;

The processor 53 is for verifying second digital signature.

The authenticating device 50 of mobile network according to an embodiment of the present invention can correspond to the first movement network equipment in the authentication method of mobile network according to an embodiment of the present invention, and, each module and other above-mentioned operation and/or functions in the authentication device 50 are respectively in order to realize the corresponding process of each method of the Fig. 3 into Figure 10, for sake of simplicity, details are not described herein.

Therefore, the authenticating device of mobile network according to an embodiment of the present invention is verified by generating digital signature respectively between terminal, and to the digital certificate chains and digital signature of other side, and then is completed To no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

Figure 16 is the schematic block diagram of the authenticating device 60 of the mobile network of another embodiment according to the present invention.As shown in figure 16, the authenticating device 60 includes: receiver 61, transmitter 62, processor 63, memory 64 and bus system 45, wherein, receiver 61, transmitter 62, processor 63 and memory 64 are connected by bus system 65, the memory 64 is for storing instruction, the processor 63 is used to execute the instruction of the memory 64 storage, receives signal to control and receive device 61, control transmitter 62 sends signal.

Wherein, which is used to receive the first instruction information and the first random number of first movement network equipment transmission, and the first instruction information is used to indicate the terminal request without signing access way access network;

The processor 62 is used to generate the second random number based on the first instruction information, and according at least to first random number and second random number, generates the first digital signature;

The transmitter 62 is used to send first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, in order to the first digital signature described in the terminal authentication.

The authenticating device 60 of mobile network according to an embodiment of the present invention can correspond to the second mobile network appliance in the authentication method of mobile network according to an embodiment of the present invention, and, each module and other above-mentioned operation and/or functions in the authenticating device 60 are respectively in order to realize the corresponding process of each method of the Fig. 3 into Figure 10, for sake of simplicity, details are not described herein.

Therefore, the authenticating device of mobile network according to an embodiment of the present invention, by generating digital signature respectively between terminal, and the digital certificate chains and digital signature of other side are verified, and then complete to no contracted user and internetwork two-way authentication, so that can also pass through corresponding authentication mechanism access to mobile network without contracted user.

It should be understood that, in various embodiments of the present invention, magnitude of the sequence numbers of the above procedures are not meant that the order of the execution order, and the execution sequence of each process should be determined by its function and internal logic, and the implementation process of the embodiments of the invention shall not be constituted with any limitation.

Those of ordinary skill in the art may be aware that unit described in conjunction with the examples disclosed in the embodiments of the present disclosure and algorithm steps, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Professional technician can use not Tongfang to each specific application Method realizes described function, but such implementation should not be considered as beyond the scope of the present invention.

It is apparent to those skilled in the art that for convenience and simplicity of description, system, the specific work process of device and unit of foregoing description can refer to corresponding processes in the foregoing method embodiment, details are not described herein.

In several embodiments provided herein, it should be understood that disclosed systems, devices and methods may be implemented in other ways.Such as, the apparatus embodiments described above are merely exemplary, such as, the division of the unit, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed mutual coupling, direct-coupling or communication connection can be through some interfaces, the indirect coupling or communication connection of device or unit, can be electrical property, mechanical or other forms.

The unit as illustrated by the separation member may or may not be physically separated, and component shown as a unit may or may not be physical unit, it can and it is in one place, or may be distributed over multiple network units.It can some or all of the units may be selected to achieve the purpose of the solution of this embodiment according to the actual needs.

In addition, the functional units in various embodiments of the present invention may be integrated into one processing unit, it is also possible to each unit and physically exists alone, can also be integrated in one unit with two or more units.

If the function is realized in the form of SFU software functional unit and when sold or used as an independent product, can store in a computer readable storage medium.Based on this understanding, substantially the part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products technical solution of the present invention in other words, the computer software product is stored in a storage medium, it uses including some instructions so that a computer equipment (can be personal computer, server or the network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (read-only memory, RAM), the various media that can store program code such as random access memory (random access memory, ROM), magnetic or disk.

It is described above; only a specific embodiment of the invention, but scope of protection of the present invention is not limited thereto, and anyone skilled in the art is in the technical scope disclosed by the present invention; it can easily think of the change or the replacement, should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be based on the protection scope of the described claims.

Claims (48)

  1. A kind of authentication method of mobile network characterized by comprising
    Terminal sends the first instruction information and the first random number to mobile network appliance, the first instruction information is used to indicate the terminal request without signing access way access to mobile network, in order to which the mobile network appliance is based on the first instruction information, the second random number is generated, and according at least to first random number and first digital signature of the second generating random number;
    The terminal receives first digital signature, second random number and the first digital certificate chains that the mobile network appliance is sent, and verifies first digital signature;
    The terminal is according at least to second digital signature of the second generating random number;
    The terminal sends second digital signature and the second digital certificate chains to the mobile network appliance, in order to which the mobile network appliance verifies second digital signature.
  2. Authentication method according to claim 1, which is characterized in that first digital certificate chains include: the digital certificate of the operator of the mobile network appliance and the digital certificate of the mobile network appliance, alternatively,
    The digital certificate of the mobile network appliance;
    Second digital certificate chains include the digital certificate of the digital certificate of the universal embedded integrated circuit card eUICC of the terminal configuration and the manufacturer of the eUICC.
  3. Method according to claim 1 or 2, which is characterized in that the terminal is configured with eUICC, and second digital certificate chains include the digital certificate of the eUICC, and,
    The terminal sends the first instruction information and the first random number to mobile network appliance, comprising:
    The terminal sends the first instruction information, first random number, the digital certificate of the eUICC and third digital signature to mobile network appliance, so that after the mobile network appliance passes through the third digital signature authentication, generate second random number and first digital signature, wherein, the third digital signature is by the mobile network appliance according at least to first generating random number.
  4. Authentication method according to claim 3, which is characterized in that the terminal receives first digital signature, second random number and the first digital certificate chains that the mobile network appliance is sent, comprising:
    The terminal receives the session key of first digital signature of the mobile network appliance transmission, second random number, first digital certificate chains and encryption, the session key of the encryption generates the session key encryption that the mobile network appliance generates by the public key for including in digital certificate of the mobile network appliance according to the eUICC, and first digital signature is by the mobile network appliance at least root It is generated according to the session key of first random number, second random number and the encryption;
    The authentication method further include:
    The terminal decrypts the session key of the encryption according to the private key of the eUICC; obtain the session key; the session key is for generating derivative key; the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network; wherein, the private key of the eUICC is corresponding with the public key that the digital certificate of the eUICC includes.
  5. Authentication method according to any one of claim 1 to 3, which is characterized in that first digital certificate chains include the digital certificate of the mobile network appliance, and,
    The authentication method further include:
    The terminal generates session key; and the session key according to the public key encryption that the digital certificate of the mobile network appliance includes generates the session key of encryption; the session key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network for generating derivative key, the derivative key;
    The terminal is according at least to second digital signature of the second generating random number, comprising:
    The terminal generates second digital signature according at least to second random number and the session key of the encryption;
    The terminal sends second digital signature and the second digital certificate chains to the mobile network appliance, comprising:
    The terminal sends the session key of second digital signature, second digital certificate chains and the encryption to the mobile network appliance, in order to which the mobile network appliance decrypts according to the private key of the mobile network appliance session key of the encryption, obtain the session key, wherein, the private key of the mobile network appliance is corresponding with the public key that the digital certificate of the mobile network appliance includes.
  6. Authentication method according to any one of claim 1 to 3, it is characterized in that, the terminal receives first digital signature, second random number and the first digital certificate chains that the mobile network appliance is sent, and verifies first digital signature, comprising:
    The terminal receives first digital signature, second random number, first digital certificate chains and the first public key that the mobile network appliance is sent, first digital signature is generated by the mobile network appliance according at least to first random number, second random number and first public key, first public key is the public key in the first public private key pair that the mobile network appliance generates, first public private key pair includes first public key and the first private key, and first public key and first private key are corresponding;
    First digital signature described in the terminal authentication;
    The authentication method further include:
    The second private key that the first public key and the terminal that the terminal is sent according to the mobile network appliance generate generates session key; the session key is for generating derivative key; the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network; wherein; second private key is the private key in the second public private key pair that the terminal generates; second public private key pair includes second private key and the second public key, and second public key and second private key are corresponding;
    The terminal is according at least to second digital signature of the second generating random number, comprising:
    The terminal generates the second digital signature according at least to second random number and second public key;
    The terminal sends second digital signature and the second digital certificate chains to the mobile network appliance, comprising:
    The terminal sends second digital signature, second digital certificate chains and second public key to the mobile network appliance.
  7. Authentication method according to any one of claim 1 to 3, which is characterized in that the terminal is configured with eUICC, and,
    Before the terminal sends the first instruction information and the first random number to mobile network appliance, the method also includes:
    The terminal triggers the eUICC by the first request message and generates first random number;Alternatively,
    The terminal triggers the eUICC by the first request message and generates first random number, and according at least to the first generating random number third digital signature.
  8. The method according to the description of claim 7 is characterized in that first request message is the first authentication command, first authentication command is used to indicate the eUICC and generates first random number.
  9. A kind of authentication method of mobile network characterized by comprising
    The first movement network equipment receives the first instruction information and the first random number that terminal is sent, and the first instruction information is used to indicate the terminal request without signing access way access to mobile network;
    The first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, in order to the first digital signature described in the terminal authentication, first digital signature and second random number are generated based on the first instruction information, and first digital signature is according at least to second random number and first generating random number;
    The first movement network equipment receives the second digital certificate chains that the terminal is sent and the terminal according at least to the second digital signature of second generating random number, and verifies the second number label Name.
  10. Authentication method according to claim 9, it is characterized in that, the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, in order to the first digital signature described in the terminal authentication, first digital signature and second random number are generated based on the first instruction information, first digital signature is according at least to second random number and first generating random number, comprising:
    The first movement network equipment is based on the first instruction information, generates second random number, and according at least to the first digital signature described in second random number and first generating random number;
    The first movement network equipment sends first digital signature, second random number and first digital certificate chains to the terminal.
  11. Authentication method according to claim 10, which is characterized in that first digital certificate chains include: the digital certificate of the operator of the first movement network equipment and the digital certificate of the first movement network equipment, alternatively,
    The digital certificate of the first movement network equipment;
    Second digital certificate chains include: the digital certificate of the digital certificate of the universal embedded integrated circuit card eUICC of the terminal configuration and the manufacturer of the eUICC.
  12. The authentication method according to any one of claim 9 to 11, which is characterized in that the terminal is configured with eUICC, and second digital certificate chains include the digital certificate of the eUICC, and,
    Before the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, the authentication method further include:
    The first movement network equipment receives the digital certificate and third digital signature of the eUICC that the terminal is sent, and verifies the third digital signature, wherein the third digital signature is by the terminal according at least to first generating random number;
    The first movement network equipment generates second random number and first digital signature after passing through to the third digital signature authentication.
  13. Authentication method according to claim 12, which is characterized in that the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising:
    The first movement network equipment generates session key, and the session key is encrypted according to the public key for including in the digital certificate of the eUICC, generate the session key of encryption, the session key is used for access layer between the terminal and the mobile network for generating derivative key, the derivative key Encryption and integrity protection with Non-Access Stratum;
    The first movement network equipment generates first digital signature according at least to the session key of first random number, second random number and the encryption;
    The first movement network equipment sends the session key of first digital signature, second random number, first digital certificate chains and the encryption to the terminal, in order to which the terminal decrypts according to the private key of the eUICC session key of the encryption, obtain the session key, wherein, the public key for including in the private key of the eUICC and the digital certificate of the eUICC is corresponding.
  14. The authentication method according to any one of claim 9 to 12, which is characterized in that first digital certificate chains include the digital certificate of the first movement network equipment, and,
    The first movement network equipment receives the second digital certificate chains that the terminal is sent and the second digital signature according at least to second generating random number, and verifies second digital signature, comprising:
    The first movement network equipment receives second digital certificate chains that the terminal is sent, the session key of second digital signature and encryption, the public key that the session key of the encryption includes according to the digital certificate of the first movement network equipment by the terminal generates the session key encryption that the terminal generates, second digital signature is generated by the terminal according at least to second random number and the session key of the encryption, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;
    The first movement network equipment verifies second digital signature;
    The authentication method further include:
    The first movement network equipment decrypts the session key according to the private key of the first movement network equipment, obtain the session key, wherein, the private key of the first movement network equipment is corresponding with the public key that the digital certificate of the first movement network equipment includes.
  15. The authentication method according to any one of claim 9 to 12, which is characterized in that the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising:
    The first movement network equipment generates the first public private key pair, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, and first public private key pair is based on the first instruction information by the first movement network equipment and generates;
    The first movement network equipment sends the first digital signature, the second random number, the first digital certificate chains and first public key to the terminal, and first digital signature is generated by the first movement network equipment according at least to second random number, first random number and first public key;
    The first movement network equipment receives the second digital certificate chains that the terminal is sent and the second digital signature according at least to second generating random number, and verifies second digital signature, comprising:
    The first movement network equipment receives second digital certificate chains that the terminal is sent, second digital signature, the second public key that second random number and the terminal generate, second digital signature is generated by the terminal according at least to second random number and second public key, second public key is the public key in the second public private key pair that the terminal generates, second public private key pair includes second public key and the second private key, second public key and second private key are corresponding, second private key and first public key are for terminal generation session key, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;
    The first movement network equipment verifies second digital signature;
    The authentication method further include:
    The first movement network equipment generates the session key according to first public key and second private key.
  16. Authentication method according to claim 9, it is characterized in that, the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, in order to the first digital signature described in the terminal authentication, first digital signature and second random number are generated based on the first instruction information, first digital signature is according at least to second random number and first generating random number, comprising:
    The first movement network equipment sends the first instruction information and first random number to the second mobile network appliance;
    The first movement network equipment receives first digital signature, second random number and first digital certificate chains that second mobile network appliance is sent, first digital signature and second random number are based on the first instruction information by second mobile network appliance and generate, and first digital signature is by second mobile network appliance according at least to first random number and second generating random number;
    The first movement network equipment sends first digital signature, second random number and first digital certificate chains to the terminal.
  17. Authentication method according to claim 16, which is characterized in that first digital certificate chains include: the digital certificate of the operator of second mobile network appliance and the digital certificate of second mobile network appliance, alternatively,
    The digital certificate of second mobile network appliance;
    Second digital certificate chains include the digital certificate of the digital certificate of the universal embedded integrated circuit card eUICC of the terminal configuration and the manufacturer of the eUICC.
  18. According to authentication method described in claim 9,16 or 17, which is characterized in that the terminal is configured with eUICC, and second digital certificate chains include the digital certificate of the eUICC, and,
    The first movement network equipment receives the first instruction information and the first random number that terminal is sent, comprising:
    The first movement terminal receives the first instruction information, first random number, the digital certificate of the eUICC and the third digital signature that the terminal is sent, and verify the third digital signature, wherein, the third digital signature is by the terminal according at least to first generating random number.
  19. Authentication method according to claim 18, which is characterized in that the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising:
    The first movement network equipment sends first random number, the digital certificate of the eUICC and the first instruction information to second mobile network appliance;
    The first movement network equipment receives first digital signature that second mobile network appliance is sent, second random number, first digital certificate chains, the session key of session key and encryption, the session key is generated by second mobile network appliance, the session key of the encryption encrypts the session key according to the public key that the digital certificate of the eUICC includes by second mobile network appliance and generates, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network, second random number is based on the first instruction information by second mobile network appliance and generates, first digital signature is by second mobile network appliance according at least to first random number, described second with Machine number and the session key of the encryption generate;
    The first movement network equipment forwards the session key of first digital signature, second random number, first digital certificate chains and the encryption to the terminal, in order to which the terminal decrypts according to the private key of the eUICC session key of the encryption, obtain the session key, wherein, the public key for including in the private key of the eUICC and the digital certificate of the eUICC is corresponding.
  20. The authentication method according to any one of claim 9,16 to 18, which is characterized in that the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising:
    The first movement network equipment sends first random number to second mobile network appliance With the first instruction information;
    The first movement network equipment receives first digital signature that second mobile network appliance is sent, second random number, the private key of first digital certificate chains and second mobile network appliance, second random number is based on the first instruction information by second mobile network appliance and generates, first digital signature is by second mobile network appliance according at least to first random number and second generating random number, wherein, the private key of second mobile network appliance is corresponding with the public key that the digital certificate of second mobile network appliance includes;
    The first movement network equipment sends first digital signature, second random number and first digital certificate chains to the terminal;
    The first movement network equipment receives the second digital certificate chains that the terminal is sent and the terminal according at least to the second digital signature of second generating random number, and verifies second digital signature, comprising:
    The first movement network equipment receives second digital signature that the terminal is sent, the session key of second digital certificate chains and encryption, second digital certificate is generated by the terminal according at least to second random number and the session key of the encryption, the public key that the session key of the encryption includes according to the digital certificate of second mobile network appliance by the terminal generates the session key encryption that the terminal generates, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;
    The first movement network equipment verifies second digital signature;
    The authentication method further include:
    The first movement network equipment decrypts the session key according to the private key of second mobile network appliance, obtains the session key.
  21. The authentication method according to any one of claim 9,16 to 18, which is characterized in that the first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising:
    The first movement network equipment sends first random number and the first instruction information to second mobile network appliance;
    The first movement network equipment receives the first digital signature, the second random number, the first digital certificate chains and the first public private key pair that second mobile network appliance is sent, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, first digital signature by second mobile network appliance according at least to first random number, second random number and First public key generates, and second random number and first public private key pair are based on the first instruction information by second mobile network appliance and generate;
    The first movement network equipment sends the first digital signature, the second random number and the first digital certificate chains to the terminal, comprising:
    The first movement network equipment sends first digital signature, second random number, first digital certificate chains and the first public key to the terminal;
    The first movement network equipment receives the second digital certificate chains that the terminal is sent and the terminal according at least to the second digital signature of second generating random number, and verifies second digital signature, comprising:
    The first movement network equipment receives second digital certificate chains that the terminal is sent, the second public key that second digital signature and the terminal generate, second digital signature is generated by the terminal according at least to second random number and second public key, second public key is the public key in the second public private key pair that the terminal generates, second public private key pair includes second public key and the second private key, second public key and second private key are corresponding, second private key and first public key are for terminal generation session key, the session key is for generating derivative key, the derivative key is used for encryption and the integrity verification of the terminal and LA Management Room access layer and Non-Access Stratum;
    The first movement network equipment verifies second digital signature;
    The authentication method further include:
    The first movement network equipment generates the session key according to first private key and second public key.
  22. A kind of authentication method of mobile network characterized by comprising
    Second mobile network appliance receives the first instruction information and the first random number that the first movement network equipment is sent, and the first instruction information is used to indicate the terminal request without signing access way access network;
    Second mobile network appliance is based on the first instruction information, generates the second random number, and according at least to first random number and second random number, generates the first digital signature;
    Second mobile network appliance sends first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, in order to the first digital signature described in the terminal authentication.
  23. Authentication method according to claim 22, which is characterized in that second mobile network appliance receives the first instruction information and the first random number that the first movement network equipment is sent, comprising:
    Second mobile network appliance receives the first movement network equipment is sent described first digital certificate for indicating information, first random number and universal embedded integrated circuit card eUICC, and the eUICC is configured at the terminal;
    Second mobile network appliance sends first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, comprising:
    Second mobile network appliance sends first digital signature to the first movement network equipment, second random number, first digital certificate chains, the session key of session key and encryption, the session key is generated by second mobile network appliance, the session key of the encryption encrypts the session key according to the public key that the digital certificate of the eUICC includes by second mobile network appliance and generates, the session key is for generating derivative key, the derivative key is used for encryption and the integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum, first digital signature is by second mobile network appliance according at least to first random number, second random number and the session key of the encryption generate;
    Second mobile network appliance sends the session key of first digital signature, second random number, first digital certificate chains and the encryption via the first movement network equipment to the terminal.
  24. Authentication method according to claim 22, which is characterized in that second mobile network appliance sends first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, comprising:
    Second mobile network appliance sends the private key of first digital signature, second random number, first digital certificate chains and second mobile network appliance to the first movement network equipment, wherein, the private key of second mobile network appliance is corresponding with the public key that the digital certificate of second mobile network appliance includes;
    Second mobile network appliance sends first digital signature, second random number and first digital certificate chains to the terminal via the first movement network equipment.
  25. Authentication method according to claim 22, which is characterized in that second mobile network appliance sends first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, comprising:
    Second mobile network appliance generates the first public private key pair, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, and first public private key pair is based on the first instruction information by second mobile network appliance and generates;
    Second mobile network appliance generates first digital signature according at least to first random number, second random number and first public key;
    Second mobile network appliance sends first digital signature to the first movement network equipment, first digital certificate chains, second random number and first public private key pair, the second public key that first private key and the terminal are sent to the first movement network equipment generates session key for the first movement network equipment, the session key is for generating derivative key, the derivative key is used for encryption and the integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum, second public key is the public key in the second public private key pair that the terminal generates, second public private key pair includes second public key and the second private key, second public key and second private key are corresponding;
    Second mobile network appliance sends first digital signature, first digital certificate chains, second random number and first public key to the terminal via the first movement network equipment, and second private key that first public key and the terminal generate generates the session key for the terminal.
  26. A kind of authentication device of mobile network characterized by comprising
    Transmission unit, for sending the first instruction information and the first random number to mobile network appliance, the first instruction information is used to indicate the authentication device request without signing access way access to mobile network, in order to which the mobile network appliance is based on the first instruction information, the second random number is generated, and according at least to first random number and first digital signature of the second generating random number;
    Receiving unit, first digital signature, second random number and the first digital certificate chains sent for the mobile network appliance;
    Processing unit, for verifying first digital signature;
    Generation unit, for according at least to second digital signature of the second generating random number;
    The transmission unit is also used to send second digital signature and the second digital certificate chains to the mobile network appliance, in order to which the mobile network appliance verifies second digital signature.
  27. Authentication device according to claim 26, which is characterized in that first digital certificate chains include: the digital certificate of the operator of the mobile network appliance and the digital certificate of the mobile network appliance, alternatively,
    The digital certificate of the mobile network appliance;
    Second digital certificate chains include the digital certificate of the digital certificate of the universal embedded integrated circuit card eUICC of the authentication device configuration and the manufacturer of the eUICC.
  28. The authentication device according to claim 26 or 27, which is characterized in that the certification dress It sets configured with eUICC, second digital certificate chains include the digital certificate of the eUICC,
    The transmission unit is specifically used for sending the first instruction information, first random number, the digital certificate of the eUICC and third digital signature to mobile network appliance, so that after the mobile network appliance passes through the third digital signature authentication, generate second random number and first digital signature, wherein, the third digital signature is by the mobile network appliance according at least to first generating random number.
  29. Authentication device according to claim 28, it is characterized in that, the receiving unit is specifically used for receiving first digital signature that the mobile network appliance is sent, second random number, the session key of first digital certificate chains and encryption, the session key of the encryption generates the session key encryption that the mobile network appliance generates by the public key for including in digital certificate of the mobile network appliance according to the eUICC, first digital signature is by the mobile network appliance according at least to first random number, second random number and the session key of the encryption generate;
    The processing unit is also used to decrypt the session key of the encryption according to the private key of the eUICC; obtain the session key; the session key is for generating derivative key; the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the authentication device and the mobile network; wherein, the private key of the eUICC is corresponding with the public key that the digital certificate of the eUICC includes.
  30. The authentication device according to any one of claim 26 to 28, which is characterized in that first digital certificate chains include the digital certificate of the mobile network appliance,
    The generation unit is also used to generate session key; and the session key according to the public key encryption that the digital certificate of the mobile network appliance includes generates the session key of encryption; the session key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the authentication device and the mobile network for generating derivative key, the derivative key;
    The generation unit is specifically used for generating second digital signature according at least to second random number and the session key of the encryption;
    The transmission unit is specifically used for sending the session key of second digital signature, second digital certificate chains and the encryption to the mobile network appliance, in order to which the mobile network appliance decrypts according to the private key of the mobile network appliance session key of the encryption, obtain the session key, wherein, the private key of the mobile network appliance is corresponding with the public key that the digital certificate of the mobile network appliance includes.
  31. The authentication device according to any one of claim 26 to 28, which is characterized in that the receiving unit is specifically used for receiving first digital signature that the mobile network appliance sends, described Second random number, first digital certificate chains and the first public key, first digital signature is generated by the mobile network appliance according at least to first random number, second random number and first public key, first public key is the public key in the first public private key pair that the mobile network appliance generates, first public private key pair includes first public key and the first private key, and first public key and first private key are corresponding;
    The second private key that the first public key and the authentication device that the generation unit is also used to be sent according to the mobile network appliance generate generates session key; the session key is for generating derivative key; the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the authentication device and the mobile network; wherein; second private key described in authentication device is the private key in the second public private key pair that the authentication device generates; second public private key pair includes second private key and the second public key, and second public key and second private key are corresponding;
    The generation unit is specifically used for generating the second digital signature according to second random number and second public key;
    The transmission unit is specifically used for sending second digital signature, second digital certificate chains and second public key to the mobile network appliance.
  32. A kind of authentication device of mobile network characterized by comprising
    Receiving unit, for receiving the first instruction information and the first random number of terminal transmission, the first instruction information is used to indicate the terminal request without signing access way access to mobile network;
    Transmission unit, for sending the first digital signature, the second random number and the first digital certificate chains to the terminal, in order to the first digital signature described in the terminal authentication, first digital signature and second random number are generated based on the first instruction information, and first digital signature is according at least to second random number and first generating random number;
    The receiving unit is also used to receive the second digital certificate chains that the terminal is sent and the terminal according at least to the second digital signature of second generating random number;
    Processing unit, for verifying second digital signature.
  33. Authentication device according to claim 32, it is characterized in that, the authentication device further includes generation unit, for generating second random number based on the first instruction information, and according at least to the first digital signature described in second random number and first generating random number.
  34. Authentication device according to claim 33, which is characterized in that first digital certificate chains include: the digital certificate of the operator of the authentication device and the digital certificate of the authentication device, alternatively,
    The digital certificate of the authentication device;
    Second digital certificate chains include: the digital certificate of the digital certificate of the universal embedded integrated circuit card eUICC of the terminal configuration and the manufacturer of the eUICC.
  35. The authentication device according to claim 33 or 34, which is characterized in that the terminal is configured with eUICC, and second digital certificate chains include the digital certificate of the eUICC,
    The receiving unit is also used to receive the digital certificate and third digital signature for the eUICC that the terminal is sent, and the third digital signature is by the terminal according at least to first generating random number;
    The processing unit is also used to verify the third digital signature;
    The generation unit is specifically used for after passing through to the third digital signature authentication, generates second random number and first digital signature.
  36. Authentication device according to claim 35; it is characterized in that; the generation unit is also used to generate session key; and the session key is encrypted according to the public key for including in the digital certificate of the eUICC; generate the session key of encryption; the session key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network for generating derivative key, the derivative key;
    The generation unit is specifically used for generating first digital signature according at least to the session key of first random number, second random number and the encryption;
    The transmission unit is specifically used for sending the session key of first digital signature, second random number, first digital certificate chains and the encryption to the terminal, authentication device decrypts according to the private key of the eUICC session key of the encryption in order to the terminal, obtain the session key, wherein, the public key for including in the private key of the eUICC and the digital certificate of the eUICC is corresponding.
  37. The authentication device according to any one of claim 32 to 35, which is characterized in that first digital certificate chains include the digital certificate of the authentication device,
    The receiving unit is specifically used for receiving second digital certificate chains that the terminal is sent, the session key of second digital signature and encryption, the public key that the session key of the encryption includes according to the digital certificate of the authentication device by the terminal generates the session key encryption that the terminal generates, second digital signature is generated by the terminal according at least to second random number and the session key of the encryption, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;
    The processing unit is also used to decrypt the session key according to the private key of the authentication device, obtains the session key, wherein the private key of the authentication device and the digital certificate of the authentication device include Public key it is corresponding.
  38. The authentication device according to any one of claim 33 to 35, which is characterized in that
    The generation unit is also used to generate the first public private key pair, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, and first public private key pair is based on the first instruction information by the authentication device and generates;
    The generation unit is specifically used for generating first digital signature according at least to second random number, first random number and first public key;
    The transmission unit is specifically used for sending the first digital signature, the second random number, the first digital certificate chains and first public key to the terminal;
    The receiving unit is specifically used for receiving second digital certificate chains that the terminal is sent, second digital signature, the second public key that second random number and the terminal generate, second digital signature is generated by the terminal according at least to second random number and second public key, second public key is the public key in the second public private key pair that the terminal generates, second public private key pair includes second public key and the second private key, second public key and second private key are corresponding, second private key and first public key are for terminal generation session key, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network;
    The generation unit is also used to generate the session key according to first public key and second private key.
  39. Authentication device according to claim 32, which is characterized in that the transmission unit is also used to send the first instruction information and first random number to the second mobile network appliance;
    The receiving unit is also used to receive first digital signature, second random number and first digital certificate chains that second mobile network appliance is sent, first digital signature and second random number are based on the first instruction information by second mobile network appliance and generate, and first digital signature is by second mobile network appliance according at least to first random number and second generating random number.
  40. Authentication device according to claim 39, which is characterized in that first digital certificate chains include: the digital certificate of the operator of second mobile network appliance and the digital certificate of second mobile network appliance, alternatively,
    The digital certificate of second mobile network appliance;
    Second digital certificate chains include the universal embedded integrated circuit card of the terminal configuration The digital certificate of the manufacturer of the digital certificate of eUICC and the eUICC.
  41. According to authentication device described in claim 32,39 or 40, which is characterized in that the terminal is configured with eUICC, and second digital certificate chains include the digital certificate of the eUICC,
    The receiving unit is specifically used for receiving the first instruction information, first random number, the digital certificate of the eUICC and third digital signature that the terminal is sent, and the third digital signature is by the terminal according at least to first generating random number;
    The processing unit is also used to verify the third digital signature.
  42. Authentication device according to claim 41, which is characterized in that the transmission unit is also used to send first random number, the digital certificate of the eUICC and the first instruction information to second mobile network appliance;
    The receiving unit is also used to receive first digital signature that second mobile network appliance is sent, second random number, first digital certificate chains, the session key of session key and encryption, the session key is generated by second mobile network appliance, the public key that the session key of the encryption includes according to the digital certificate of the eUICC by second mobile network appliance generates the session key encryption that second mobile network appliance generates, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and the mobile network, second random number is based on the first instruction information by second mobile network appliance and generates, first digital signature is by second mobile network appliance according at least to described The session key of one random number, second random number and the encryption generates;
    The transmission unit is specifically used for sending the session key of first digital signature, second random number, first digital certificate chains and the encryption to the terminal, in order to which the terminal decrypts according to the private key of the eUICC session key of the encryption, obtain the session key, wherein, the public key for including in the private key of the eUICC and the digital certificate of the eUICC is corresponding.
  43. The authentication device according to any one of claim 32,39 to 41, which is characterized in that the transmission unit is also used to send first random number and the first instruction information to second mobile network appliance;
    The receiving unit is also used to receive the private key of first digital signature of the second mobile network appliance transmission, second random number, first digital certificate chains and second mobile network appliance, second random number is based on the first instruction information by second mobile network appliance and generates, first digital signature is by second mobile network appliance according at least to first random number and second generating random number, wherein, the private key of second mobile network appliance and second mobile network The public key for including in the digital certificate of network equipment is corresponding;
    The receiving unit is specifically used for receiving second digital signature that the terminal is sent, the session key of second digital certificate chains and encryption, second digital certificate is generated by the terminal according at least to second random number and the session key of the encryption, the public key that the session key of the encryption includes according to the digital certificate of second mobile network appliance by the terminal generates the session key encryption that the terminal generates, the session key is for generating derivative key, the derivative key is used for the encryption of access layer and Non-Access Stratum and integrity protection between the terminal and mobile network appliance;
    The processing unit is also used to decrypt the session key according to the private key of second mobile network appliance, obtains the session key.
  44. The authentication device according to any one of claim 32,39 to 41, which is characterized in that the transmission unit is also used to send first random number and the first instruction information to second mobile network appliance;
    The receiving unit is also used to receive the first digital signature that second mobile network appliance is sent, second random number, first digital certificate chains and the first public private key pair, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, first digital signature is by second mobile network appliance according at least to first random number, second random number and first public key generate, second random number and first public private key pair trigger second mobile network appliance by the first instruction information and generate;
    The transmission unit is specifically used for sending first digital signature, second random number, first digital certificate chains and the first public key to the terminal;
    The receiving unit is specifically used for receiving second digital certificate chains that the terminal is sent, the second public key that second digital signature and the terminal generate, second digital signature is generated by the terminal according at least to second random number and second public key, second public key is the public key in the second public private key pair that the terminal generates, second public private key pair includes second public key and the second private key, second public key and second private key are corresponding, second private key and first public key are for terminal generation session key, the session key is for generating derivative key, the derivative key is used for encryption and the integrity verification of the terminal and LA Management Room access layer and Non-Access Stratum;
    Described device further includes generation unit, for generating the session key according to first private key and second public key.
  45. A kind of authentication device of mobile network characterized by comprising
    Receiving unit, the first instruction information and first for receiving the transmission of the first movement network equipment are random Number, the first instruction information are used to indicate the terminal request without signing access way access network;
    Generation unit generates the first digital signature for generating the second random number based on the first instruction information, and according at least to first random number and second random number;
    Transmission unit, for sending first digital signature, second random number and first digital certificate chains to terminal via the first movement network equipment, in order to the first digital signature described in the terminal authentication.
  46. Authentication device according to claim 45, which is characterized in that the receiving unit is also used to receive the digital certificate for the universal embedded integrated circuit card eUICC that the first movement network equipment is sent;
    The transmission unit is also used to send first digital signature to the terminal via the first movement network equipment, second random number, first digital certificate chains, the session key of session key and encryption, the session key is generated by the authentication device, the public key that the session key of the encryption includes according to the digital certificate of the eUICC by the authentication device generates the session key encryption that the authentication device generates, the session key is for generating derivative key, the derivative key is used for encryption and the integrity protection of the terminal and LA Management Room access layer and Non-Access Stratum, first digital signature is by the authentication device according at least to first random number, second random number and the session key of the encryption generate.
  47. Authentication device according to claim 45, it is characterized in that, the transmission unit is also used to send the private key of first digital signature, second random number, first digital certificate chains and the authentication device to the first movement network equipment, wherein, the public key for including in the private key of the authentication device and the digital certificate of the authentication device is corresponding.
  48. Authentication device according to claim 45, it is characterized in that, the generation unit is also used to generate the first public private key pair, first public private key pair includes the first public key and the first private key, first public key and first private key are corresponding, and first public private key pair is based on the first instruction information by the authentication device and generates;
    The generation unit is specifically used for generating first digital signature according at least to first random number, second random number and first public key;
    The transmission unit is also used to send first digital signature, first digital certificate chains, second random number and first public private key pair to the first network equipment, the second public key that first private key and the terminal are sent to the first movement network equipment generates session key for the first movement network equipment, the session key is for generating derivative key, and the derivative key is for described Encryption and the integrity protection of terminal and LA Management Room access layer and Non-Access Stratum; second public key is the public key in the second public private key pair that the terminal generates; second public private key pair includes second public key and the second private key, and second public key and second private key are corresponding;
    The transmission unit is specifically used for sending first digital signature, first digital certificate chains, second random number and first public key to the terminal via the first movement network equipment, and second private key that first public key and the terminal generate generates the session key for the terminal.
CN201680084751.3A 2016-05-27 2016-05-27 A kind of authentication method and device of mobile network CN109076058A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2016/083753 WO2017201753A1 (en) 2016-05-27 2016-05-27 Mobile network authentication method and apparatus

Publications (1)

Publication Number Publication Date
CN109076058A true CN109076058A (en) 2018-12-21

Family

ID=60410995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201680084751.3A CN109076058A (en) 2016-05-27 2016-05-27 A kind of authentication method and device of mobile network

Country Status (2)

Country Link
CN (1) CN109076058A (en)
WO (1) WO2017201753A1 (en)

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6137869A (en) * 1997-09-16 2000-10-24 Bell Atlantic Network Services, Inc. Network session management
CN100456884C (en) * 2005-11-29 2009-01-28 华为技术有限公司 Re-identifying method in wireless communication system
CN101610241B (en) * 2008-06-16 2012-11-21 华为技术有限公司 Method, system and device for authenticating binding
CN103338185B (en) * 2013-05-31 2016-02-24 飞天诚信科技股份有限公司 A kind of method and system of file-sharing

Also Published As

Publication number Publication date
WO2017201753A1 (en) 2017-11-30

Similar Documents

Publication Publication Date Title
JP5432156B2 (en) Secure communication method between UICC and terminal
TWI475862B (en) Secure bootstrapping for wireless communications
EP2039199B1 (en) User equipment credential system
CA2800941C (en) Method and apparatus for binding subscriber authentication and device authentication in communication systems
US8831224B2 (en) Method and apparatus for secure pairing of mobile devices with vehicles using telematics system
KR101684753B1 (en) Method and apparatus for trusted federated identity
KR20100103721A (en) Method and system for mutual authentication of nodes in a wireless communication network
US7269730B2 (en) Method and apparatus for providing peer authentication for an internet key exchange
EP2007106B1 (en) Secure method of loading data to access a service in an NFC chipset
EP1540878B1 (en) Linked authentication protocols
US7734280B2 (en) Method and apparatus for authentication of mobile devices
US8504833B2 (en) Relay device, wireless communications device, network system, program storage medium, and method
JP5043114B2 (en) Kerberos bootstrapping from EAP (BKE)
US20070055877A1 (en) Security in a communication network
JP2014509162A (en) Remote station authentication method using secure element
WO2007141486A1 (en) Provision of secure communiucations connection using third party authentication
GB2518975A (en) Communicating With A Device
GB2384402A (en) Secure data transmission links
WO2003061190A1 (en) Secure data transmission links
US8611536B2 (en) Bootstrapping authentication using distinguished random challenges
CN109547464A (en) For storing and executing the method and device of access control clients
CN103155512A (en) System and method for providing secured access to services
RU2011144921A (en) Method for receiving access control client, method for modification of the operation system of the device, wireless device and network device
US10305695B1 (en) System and method for secure relayed communications from an implantable medical device
KR100980132B1 (en) Method for agreeing on a security key between at least one first and one second communications station for securing a communications link

Legal Events

Date Code Title Description
PB01 Publication
SE01 Entry into force of request for substantive examination