CN109309648B - Information transmission method and equipment - Google Patents

Information transmission method and equipment Download PDF

Info

Publication number
CN109309648B
CN109309648B CN201710624654.5A CN201710624654A CN109309648B CN 109309648 B CN109309648 B CN 109309648B CN 201710624654 A CN201710624654 A CN 201710624654A CN 109309648 B CN109309648 B CN 109309648B
Authority
CN
China
Prior art keywords
information
root key
session root
seaf
ausf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710624654.5A
Other languages
Chinese (zh)
Other versions
CN109309648A (en
Inventor
刘福文
彭晋
左敏
庄小君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN201710624654.5A priority Critical patent/CN109309648B/en
Publication of CN109309648A publication Critical patent/CN109309648A/en
Application granted granted Critical
Publication of CN109309648B publication Critical patent/CN109309648B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure

Abstract

The invention relates to an information transmission method and equipment, which are used for solving the problem of potential safety hazard in a transmission mode of a session root key in the prior art. When the session root key is transmitted, the AUSF determines to encrypt the session root key after receiving the message that the terminal verification is successful, and returns the encrypted session root key to the SEAF, and the SEAF decrypts the encrypted session root key to obtain the session root key. The AUSF generates the encrypted session root key after receiving the verification message, and returns the encrypted session root key to the SEAF, and the SEAF decrypts the encrypted session root key to obtain the session root key, so that the security of the session root key during transmission is improved.

Description

Information transmission method and equipment
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for transmitting information.
Background
An authentication protocol is a cryptographic protocol for verifying the authenticity of the identity of a communicating entity in real time, which is often accompanied by a session key establishment function in addition to authentication, and is therefore also often referred to as an authentication key establishment protocol.
EAP-AKA' (extended Authentication key agreement protocol) is used as an Authentication protocol for 3GPP (third generation partnership project) users and non-3 GPP users to access a network in a 5G network, and a termination point for authenticating the users to the network is AUSF (Authentication Server Function) in a home network. In the authentication process of EAP-AKA', the UE (terminal) and the AUSF perform bidirectional authentication first, and after the AUSF completes authentication of the UE, the AUSF sends a session root key MSK to a SEAF (Security Anchor Function) of the roaming network, thereby completing transmission of the session root key.
EAP-AKA' assumes the link between the AUSF and SEAF to be secure during transmission, but according to some other attack situations suffered by the link, the link between the AUSF and SEAF is not secure, and through the link between the AUSF and SEAF, an attacker may monitor the roaming network communication by obtaining the session root key MSK to obtain the communication content.
To sum up, in the prior art, there is a potential safety hazard in the way of transmitting the session root key
Disclosure of Invention
The invention provides a method and equipment for transmitting a root key, which are used for solving the problem of potential safety hazard in a transmission mode of a session root key in the prior art.
The embodiment of the invention provides an information transmission method, which comprises the following steps:
after receiving a message of successful authentication of the SEAF terminal, the AUSF determines an encrypted session root key, wherein the encrypted session root key is obtained by encrypting the session root key according to network information;
the AUSF sends the encrypted session root key and EAP (Extensible Authentication protocol) success information to the SEAF together.
The embodiment of the invention provides an information transmission method, which comprises the following steps:
after the SEAF successfully verifies the terminal, sending a terminal verification success message to the AUSF;
after receiving the encrypted session root key and the EAP success information sent by the AUSF, the SEAF sends the EAP success information to the terminal, wherein the encrypted session root key is obtained by encrypting according to network information;
and the SEAF decrypts the encrypted session root key according to the received decryption information from the terminal to obtain the session root key, wherein the decryption information is obtained by encrypting according to network information.
The embodiment of the invention provides an information transmission method, which comprises the following steps:
the terminal receives EAP success information sent by the SEAF;
and the terminal sends decryption information obtained by encrypting according to network information to the SEAF so that the SEAF decrypts the encrypted session root key from the AUSF according to the decryption information.
The embodiment of the invention provides an information transmission method, which comprises the following steps:
after receiving an Authentication Credential storage and Processing Function from the AUSF, the ARPF generates encryption information according to network information;
and the ARPF sends the encryption information to the AUSF so that the AUSF encrypts a session root key according to the encryption information and then sends the encrypted session root key to the SEAF.
An embodiment of the present invention provides an apparatus for information transmission, including: at least one processing unit, and at least one memory unit, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after receiving a message of successful authentication of the SEAF terminal, determining an encrypted session root key, wherein the encrypted session root key is obtained by encrypting according to network information;
and sending the encrypted session root key and the EAP success information to the SEAF.
An embodiment of the present invention provides an apparatus for information transmission, including: at least one processing unit, and at least one memory unit, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after the SEAF successfully verifies the terminal, sending a terminal verification success message to the AUSF;
after receiving an encrypted session root key and EAP success information sent by the AUSF, sending the EAP success information to the terminal, wherein the encrypted session root key is obtained by encrypting according to network information;
and decrypting the encrypted session root key according to the received decryption information from the terminal to obtain the session root key, wherein the decryption information is obtained after encryption according to network information.
An embodiment of the present invention provides an apparatus for information transmission, including: at least one processing unit, and at least one memory unit, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
receiving EAP success information sent by the SEAF; and sending decryption information obtained by encrypting according to network information to the SEAF so that the SEAF decrypts the received encrypted session root key from the AUSF according to the decryption information.
An embodiment of the present invention provides an apparatus for information transmission, including: at least one processing unit, and at least one memory unit, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after receiving an authentication vector request message from the AUSF, generating encryption information according to network information, and sending the encryption information to the AUSF, so that the AUSF encrypts a session root key according to the encryption information and sends the encrypted session root key to the SEAF.
An embodiment of the present invention provides an apparatus for information transmission, including:
the first receiving module is used for receiving a terminal verification success message of the SEAF;
a first execution module to determine an encrypted session root key;
and the first sending module is used for sending the encrypted session root key and the EAP success information to the SEAF.
An embodiment of the present invention provides an apparatus for information transmission, including:
a second receiving module, configured to receive an encrypted session root key and EAP success information sent by the AUSF;
the second execution module is used for decrypting the encrypted session root key according to the received decryption information from the terminal to obtain a session root key, wherein the decryption information is obtained after encryption is carried out according to network information;
and the second sending module is used for sending the EAP success information to the terminal.
An embodiment of the present invention provides an apparatus for information transmission, including:
a third receiving module, configured to receive EAP success information sent by the SEAF;
the third execution module is used for carrying out encryption according to the network information to obtain decryption information;
and the third sending module is used for sending the decryption information obtained by encrypting according to the network information to the SEAF.
An embodiment of the present invention provides an apparatus for information transmission, including:
a fourth receiving module, configured to receive an authentication vector request message from the AUSF;
the fourth execution module is used for generating encryption information according to the network information;
and the fourth sending module is used for sending the encrypted information generated according to the network information to the AUSF.
The embodiment of the invention provides a method and equipment for transmitting information, wherein when session root key transmission is carried out, an AUSF (autonomous Underwater user interface) determines to encrypt the session root key after receiving a message of successful terminal verification, and returns the encrypted session root key to an SEAF (session initiation function), and the SEAF decrypts the encrypted session root key to obtain the session root key. The AUSF generates the encrypted session root key after receiving the verification message, and returns the encrypted session root key to the SEAF, and the SEAF decrypts the encrypted session root key to obtain the session root key, so that the security of the session root key during transmission is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a schematic diagram of a system according to an embodiment of the present invention;
FIG. 2 is a block diagram of a first apparatus for performing information transfer in accordance with an embodiment of the present invention;
FIG. 3 is a block diagram of a second apparatus for information transfer in accordance with an embodiment of the present invention;
FIG. 4 is a block diagram of a third apparatus for information transfer in accordance with an embodiment of the present invention;
FIG. 5 is a block diagram of a fourth apparatus for information transmission according to an embodiment of the present invention
FIG. 6 is a schematic diagram of a first apparatus according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a second apparatus according to an embodiment of the present invention;
FIG. 8 is a schematic view of a third apparatus according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of a fourth apparatus according to an embodiment of the present invention;
FIG. 10 is a flowchart illustrating a method of information transmission according to an embodiment of the present invention;
FIG. 11 is a flowchart illustrating a method of information transmission according to an embodiment of the present invention;
FIG. 12 is a flowchart illustrating a method of information transmission according to an embodiment of the present invention;
FIG. 13 is a flowchart illustrating a method of information transmission according to an embodiment of the present invention;
FIG. 14 is a flowchart illustrating a first method for transmitting information according to a first embodiment of the present invention;
fig. 15 is a flowchart illustrating a complete method for transmitting information according to a second embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, the system for root key transmission according to the embodiment of the present invention includes: AUSF 10, SEAF20, and terminal 30.
AUSF 10, configured to determine an encrypted session root key after receiving a message indicating that the terminal verification of the SEAF succeeds, where the encrypted session root key is obtained by encrypting the session root key according to network information; and sending the encrypted session root key and the EAP success information to the SEAF.
The SEAF20 is used for sending a terminal verification success message to the AUSF after the terminal verification is successful; after receiving an encrypted session root key and EAP success information sent by AUSF, sending the EAP success information to the terminal; and according to the received decryption information and the encrypted session root key which are encrypted according to the network information from the terminal, decrypting to obtain the session root key.
The terminal 30 is used for receiving EAP success information sent by the SEAF; and sending decryption information obtained by encrypting according to network information to the SEAF so that the SEAF decrypts the received encrypted session root key from the AUSF according to the decryption information.
When the session root key is transmitted, the AUSF determines to encrypt the session root key after receiving the message that the terminal verification is successful, and returns the encrypted session root key to the SEAF, and the SEAF decrypts the encrypted session root key to obtain the session root key. The AUSF generates the encrypted session root key after receiving the verification message, and returns the encrypted session root key to the SEAF, and the SEAF decrypts the encrypted session root key to obtain the session root key, so that the security of the session root key during transmission is improved.
The AUSF encrypts the session root key according to the network information to obtain the encrypted session root key. In implementation, the AUSF may obtain the encrypted session root key after receiving the authentication vector response message from the ARPF, may obtain the encrypted session root key after receiving the terminal verification success message of the SEAF, and may obtain the encrypted session root key at any time before the encrypted session root key needs to be sent.
Optionally, there are many ways for the AUSF to obtain the encrypted session root key after encrypting the session root key according to the network information in the embodiment of the present invention, and one is listed below. It should be noted that the following manners are only examples, and any manner capable of encrypting the session root key to obtain the encrypted session root key is applicable to the embodiment of the present invention.
And the AUSF performs exclusive-OR operation on the encryption information and the session root key to obtain an encrypted session root key.
One possible expression is:
MSK*=MSK⊕MASK。
wherein ≧ represents exclusive or; MSK denotes the session root key; MSK denotes the encrypted session root key; MASK (MASK value) represents encryption information.
The encrypted information has two generation modes:
and in the generation mode 1, the AUSF performs hash operation on the network information to obtain the encrypted information.
Specifically, the AUSF performs hash operation on the network information to obtain the encrypted information.
The network information includes, but is not limited to, part or all of the following information:
IK ', CK', RES, RAND and roaming network name.
Wherein IK' is an integrity check key; CK' is an encryption key; RES is the expected response; RAND is a random number.
If the network information includes IK ', CK', RES, RAND and a roaming network name, one possible expression is:
MASK is PRF (IK ', CK', RES, RAND, roaming network name), where PRF is a hash function, and may be a function such as SHA-512, SHA-3-512, and the like.
The AUSF may determine the encryption information at any time before the encrypted session root key needs to be determined. Such as after receiving an authentication vector response message from the ARPF; for example after receiving a terminal verification success message of the SEAF.
And the generation mode 2 is that the AUSF receives the encrypted information obtained by carrying out hash operation on the network information by the ARPF.
For the generation mode 2, the manner of generating the encryption information by the ARPF is similar to the manner of generating the encryption information by the AUSF in the generation mode 1, and is not described herein again.
ARPF after forming the encryption information, the ARPF places the authentication vector AV and the encryption information in an authentication vector response message AV-Res, and sends AV-Res to AUSF.
Optionally, the AUSF sends the encrypted session root key and EAP success information together to the SEAF;
correspondingly, after receiving the encrypted session root key and the EAP success information sent by the AUSF, the SEAF reserves the EAP success information and sends the encrypted session root key to the terminal;
after receiving the EAP success information, the terminal generates decryption information MASK according to the network information and sends the decryption information MASK to the SEAF;
and the SEAF carries out XOR operation on the received decryption information and the reserved encrypted session root key to recover the session root key.
One possible expression is: MSK ═ MSK ≦ MASK.
Wherein ≧ represents exclusive or; MASK denotes decryption information.
The method for generating the decryption information MASK by the terminal is similar to the above-mentioned manner for generating the encryption information, and is not described herein again.
In order to further improve the reliability of transmitting the session root key, the embodiment of the invention also provides a scheme for performing integrity verification on the session root key.
Specifically, the AUSF sends a message authentication code for verifying the integrity of the session root key, the encrypted session root key, and the EAP success information to the SEAF.
Optionally, the AUSF generates the message verification code according to the following manner:
and the AUSF generates the message authentication code through a message authentication algorithm according to the session root key, the encrypted session root key and the EAP success information.
One possible expression is:
MAC ═ KDF (MSK, MSK | "EAP-success").
Where |, denotes a connection.
The KDF is a message authentication operation, and may be set as needed, for example, to be HMAC.
Correspondingly, the SEAF receives the message authentication code, the encrypted session root key and the EAP success information sent by the AUSF, reserves the received message authentication code and the encrypted session root key, and sends the EAP success information to the terminal;
correspondingly, the terminal receives the EAP success information and sends decryption information MASK generated according to the network information to the SEAF;
and the SEAF carries out XOR operation on the received decryption information and the reserved encrypted session root key to recover the session root key.
When the session root key is subjected to integrity verification, the method for the SEAF to recover the session root key is the same as the method for the SEAF to recover the session root key when the session root key is not subjected to integrity verification, and details are not described herein again.
The method for generating the decryption information MASK by the terminal is similar to the above-mentioned manner for generating the encryption information, and is not described herein again.
Optionally, after obtaining the session root key, the SEAF may verify the integrity of the obtained session root key according to the message verification algorithm, specifically:
the SEAF generates a message verification code to be verified through a message verification algorithm according to the obtained session root key, the received encrypted session root key and the EAP success information;
and the SEAF judges whether the message verification code to be verified is the same as the received message verification code, if so, the verification is determined to be passed, otherwise, the verification is determined to be failed.
The SEAF performs message authentication operation according to the recovered session root key and the received message authentication code MAC to obtain a new message authentication code SMAC to be authenticated, and one feasible expression is as follows:
SMAC ═ KDF (MSK, MSK | "EAP-success").
Wherein, the SMAC represents a message authentication code to be authenticated; KDF denotes message authentication operations.
The SEAF compares whether a message verification code SMAC to be verified is the same as the received message verification code MAC, if so, the verification is determined to be passed, and a session root key is not tampered in the transmission process; otherwise, determining that the verification fails and determining that the session root key is tampered in the transmission process.
As shown in fig. 2, a first structure of an apparatus for information transmission according to an embodiment of the present invention includes: at least one processing unit 200, and at least one memory unit 201, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after receiving a message of successful authentication of the SEAF terminal, determining an encrypted session root key, wherein the encrypted session root key is obtained by encrypting according to network information;
and the AUSF sends the encrypted session root key and EAP success information to the SEAF.
Optionally, the processing unit is specifically configured to generate the encrypted session root key according to the following manner:
and the AUSF performs exclusive OR operation on the encryption information and the session root key to obtain the encryption session root key.
Optionally, the processing unit is further configured to:
before the AUSF performs XOR operation on encryption information obtained by performing hash operation on network information and a session root key to obtain an encryption session root key, the AUSF performs hash operation on the network information to obtain the encryption information; or
And receiving the encryption information obtained by carrying out hash operation on the network information by the ARPF.
Optionally, the processing unit is further specifically configured to:
and sending a message authentication code for verifying the integrity of the session root key, the encrypted session root key and the EAP success information to the SEAF.
Optionally, the processing unit is configured to:
and generating the message authentication code through a message authentication algorithm according to the session root key, the encrypted session root key and the EAP success information.
As shown in fig. 3, a second structure of an apparatus for information transmission according to an embodiment of the present invention includes: at least one memory unit 300, and at least one processing unit 301, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after the SEAF successfully verifies the terminal, sending a terminal verification success message to the AUSF;
after receiving an encrypted session root key and EAP success information sent by the AUSF, sending the EAP success information to the terminal, wherein the encrypted session root key is obtained by encrypting according to network information;
and decrypting the encrypted session root key according to the received decryption information from the terminal to obtain the session root key, wherein the decryption information is obtained after encryption according to network information.
Optionally, the processing unit is specifically configured to:
and carrying out XOR operation on the received decryption information from the terminal and the encrypted session root key to obtain the session root key.
Optionally, the processing unit is further configured to:
before sending EAP success information to the terminal, receiving a message authentication code, an encrypted session root key and EAP success information sent by the AUSF;
and after the encrypted session root key is decrypted by the received decryption information from the terminal to obtain the session root key, verifying the integrity of the obtained session root key according to the message verification code.
Optionally, the processing unit is configured to:
generating a message verification code to be verified through a message verification algorithm according to the obtained session root key, the received encrypted session root key and the EAP success information;
and judging whether the message verification code to be verified is the same as the received message verification code, if so, determining that the verification is passed, otherwise, determining that the verification fails.
As shown in fig. 4, a third structure of an apparatus for information transmission according to an embodiment of the present invention includes: at least one memory unit 400, and at least one processing unit 401, wherein said memory unit stores program code which, when executed by said processing unit, causes said processing unit to perform the following processes:
receiving EAP success information sent by the SEAF; and sending decryption information obtained by encrypting according to network information to the SEAF so that the SEAF decrypts the received encrypted session root key from the AUSF according to the decryption information.
As shown in fig. 5, a fourth structure of an apparatus for information transmission according to an embodiment of the present invention includes: at least one memory unit 500, and at least one processing unit 501, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after receiving an authentication vector request message from the AUSF, generating encryption information according to network information, and sending the encryption information to the AUSF, so that the AUSF encrypts a session root key according to the encryption information and sends the encrypted session root key to the SEAF.
As shown in fig. 6, the apparatus of the first of the present examples includes:
a first receiving module 600, configured to receive a successful verification message of the SEAF terminal;
a first execution module 601, configured to determine an encrypted session root key;
a first sending module 602, configured to send the encrypted session root key and the EAP success information to the SEAF.
Optionally, the first executing module 601 is configured to:
and carrying out XOR operation on the encryption information and the session root key to obtain the encryption session root key.
Optionally, the first executing module 601 is further configured to:
carrying out XOR operation on encrypted information obtained by carrying out Hash operation on network information and a session root key to obtain the encrypted session root key, and carrying out Hash operation on the network information to obtain the encrypted information; or receiving the encryption information obtained by carrying out hash operation on the network information by the ARPF.
Optionally, the first executing module 601 is configured to:
and generating the message authentication code through a message authentication algorithm according to the session root key, the encrypted session root key and the EAP success information.
Optionally, the first sending module 602 is further configured to:
and sending a message authentication code for verifying the integrity of the session root key, the encrypted session root key and the EAP success information to the SEAF.
As shown in fig. 7, the apparatus of the second example of the present invention includes:
a second receiving module 700, configured to receive an encrypted session root key and EAP success information sent by the AUSF;
a second executing module 701, configured to decrypt the encrypted session root key according to the received decryption information from the terminal to obtain a session root key, where the decryption information is obtained by encrypting according to network information;
a second sending module 702, configured to send the EAP success information to the terminal.
Optionally, the second receiving module 700 is configured to:
and before sending the EAP success information to the terminal, receiving the message authentication code, the encrypted session root key and the EAP success information sent by the AUSF.
And after the encrypted session root key is decrypted by the received decryption information from the terminal to obtain the session root key, verifying the integrity of the obtained session root key according to the message verification code.
Optionally, the second execution module 701 is configured to:
and carrying out XOR operation on the received decryption information from the terminal and the encrypted session root key to obtain the session root key.
Optionally, the second executing module 701 is further configured to:
generating a message verification code to be verified through a message verification algorithm according to the obtained session root key, the received encrypted session root key and the EAP success information;
and judging whether the message verification code to be verified is the same as the received message verification code, if so, determining that the verification is passed, otherwise, determining that the verification fails.
As shown in fig. 8, the third apparatus of the present embodiment includes:
a third receiving module 800, configured to receive EAP success information sent by the SEAF;
a third executing module 801, configured to encrypt, according to the network information, to obtain decryption information;
a third sending module 802, configured to send, to the SEAF, decryption information obtained by encrypting according to the network information.
As shown in fig. 9, a fourth apparatus of an example of the present invention includes:
a fourth receiving module 900, configured to receive an authentication vector request message from the AUSF;
a fourth executing module 901, configured to generate encryption information according to the network information;
a fourth sending module 902, configured to send, to the AUSF, encryption information generated according to the network information.
Based on the same inventive concept, the embodiment of the present invention further provides an information transmission method, and since the device corresponding to the method is the first network element in the system for performing information transmission in the embodiment of the present invention, and the principle of the method for solving the problem is similar to that of the device, the implementation of the method can refer to the implementation of the system, and repeated details are not repeated.
In some possible embodiments, various aspects of the information transmission method provided by the embodiments of the present invention may also be implemented in the form of a program product, which includes program code for causing a computer device to execute the steps in the information transmission method according to various exemplary embodiments of the present invention described in this specification, when the program code runs on the computer device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A program product for data forwarding control according to an embodiment of the present invention may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a server device. However, the program product of the present invention is not limited thereto, and in this document, the readable storage medium may be any tangible medium containing or storing the program, which can be used by or in connection with an information transmission, apparatus, or device.
A readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium other than a readable storage medium that can transmit, propagate, or transport the program for use by or in connection with the periodic network action system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device.
As shown in fig. 10, the method for information transmission according to the embodiment of the present invention includes:
step 1000, after receiving a message of successful authentication of the SEAF terminal, the AUSF determines an encrypted session root key, wherein the encrypted session root key is obtained by encrypting the session root key according to network information;
step 1001, the AUSF sends the encrypted session root key and EAP success information together to the SEAF.
Optionally, the AUSF generates the encrypted session root key according to the following manner:
and the AUSF performs exclusive OR operation on the encryption information and the session root key to obtain the encryption session root key.
Optionally, the AUSF performs an exclusive or operation on the encrypted information obtained by performing the hash operation on the network information and the session root key, and before obtaining the encrypted session root key, the method further includes:
the AUSF performs Hash operation on network information to obtain the encryption information; or
And the AUSF receives the encrypted information obtained by carrying out hash operation on the network information by the ARPF.
Optionally, the AUSF sends the encrypted session root key to the SEAF, further including:
and the AUSF sends a message authentication code for verifying the integrity of the session root key, the encrypted session root key and the EAP success information to the SEAF.
Optionally, the AUSF generates the message verification code according to the following manner:
and the AUSF generates the message authentication code through a message authentication algorithm according to the session root key, the encrypted session root key and the EAP success information.
Based on the same inventive concept, the embodiment of the present invention further provides an information transmission method, and since the device corresponding to the method is the first network element in the system for performing information transmission in the embodiment of the present invention, and the principle of the method for solving the problem is similar to that of the device, the implementation of the method can refer to the implementation of the system, and repeated details are not repeated.
As shown in fig. 11, the method for information transmission according to the embodiment of the present invention includes:
step 1100, after the SEAF successfully verifies the terminal, sending a terminal verification success message to the AUSF;
step 1101, after receiving the encrypted session root key and the EAP success information sent by the AUSF, the SEAF sends the EAP success information to the terminal, where the encrypted session root key is obtained by encrypting according to network information;
step 1102, the SEAF decrypts the encrypted session root key according to the received decryption information from the terminal to obtain a session root key, wherein the decryption information is obtained by encrypting according to network information.
Optionally, the SEAF decrypts the encrypted session root key according to the received decryption information from the terminal to obtain the session root key, and includes:
and the SEAF carries out XOR operation on the received decryption information from the terminal and the encrypted session root key to obtain the session root key.
Optionally, before the SEAF sends the EAP success information to the terminal, the method further includes:
the SEAF receives a message authentication code, an encrypted session root key and EAP success information sent by the AUSF;
optionally, after the SEAF decrypts the encrypted session root key according to the received decryption information from the terminal to obtain the session root key, the SEAF further includes:
and the SEAF verifies the integrity of the obtained session root key according to the message verification code.
Optionally, the SEAF verifying the integrity of the obtained session root key according to the message verification algorithm includes:
the SEAF generates a message verification code to be verified through a message verification algorithm according to the obtained session root key, the received encrypted session root key and the EAP success information;
optionally, the SEAF determines whether the message authentication code to be authenticated is the same as the received message authentication code, if so, determines that the authentication is passed, otherwise, determines that the authentication is failed.
Based on the same inventive concept, the embodiment of the present invention further provides an information transmission method, and since the device corresponding to the method is the first network element in the system of the method for transmitting information in the embodiment of the present invention, and the principle of the method for solving the problem is similar to that of the device, the implementation of the method can refer to the implementation of the system, and repeated details are not repeated.
As shown in fig. 12, the method for information transmission according to the embodiment of the present invention includes:
step 1200, the terminal receives EAP success information sent by the SEAF;
step 1201, the terminal sends decryption information obtained by encrypting according to network information to the SEAF, so that the SEAF decrypts the encrypted session root key from the AUSF according to the decryption information.
Based on the same inventive concept, the embodiment of the present invention further provides an information transmission method, and since the device corresponding to the method is the first network element in the system for performing information transmission in the embodiment of the present invention, and the principle of the method for solving the problem is similar to that of the device, the implementation of the method can refer to the implementation of the system, and repeated details are not repeated.
As shown in fig. 13, the method for information transmission according to the embodiment of the present invention includes:
step 1300, after receiving the authentication vector request message from the AUSF, the ARPF generates encryption information according to the network information;
step 1301, the ARPF sends the encryption information to the AUSF, so that the AUSF encrypts a session root key according to the encryption information and sends the encrypted session root key to the SEAF.
The embodiment of the invention provides two complete information transmission modes.
As shown in fig. 14, a first information transmission method according to an embodiment of the present invention includes:
step 1401, AUSF sends authentication vector request message AV-Req to ARPF;
step 1402, after the ARPF receives the request, generates authentication vectors AV and IK, CK, and converts IK, CK into IK 'and CK' in combination with the roaming network name, the ARPF sends the authentication vectors AV and IK 'and CK' in an authentication vector response message AV-Res to the AUSF.
Step 1403, after receiving the message AV-Res, the AUSF generates a session root key MSK, and performs hash operation on IK ', CK', Res, RAND, and the roaming network name to generate encryption information MASK;
step 1404, the SEAF sends an authentication request to the terminal;
step 1405, the terminal responds to the authentication request and sends the authentication request to the SEAF;
step 1406, the SEAF receives the authentication response and sends it to the AUSF;
step 1407, the AUSF receives the authentication response, completes the bidirectional authentication between the AUSF and the terminal, and transmits the encrypted session root key MSK and the EAP-success to the SEAF;
step 1408, after receiving the encrypted session root key MSK and the EAP-success, the SEAF leaves the encrypted session root key MSK and sends the EAP-success to the terminal;
step 1409, the terminal generates MASK after receiving the EAP-success message, and sends it to the SEAF, which recovers the session root key MSK.
As shown in fig. 15, a second information transmission method according to the embodiment of the present invention includes:
step 1501, AUSF sends authentication vector request message AV-Req to ARPF;
step 1502, after receiving the request, the ARPF generates authentication vectors AV and IK, CK, and converts IK, CK into IK 'and CK' in combination with the roaming network name, and then the ARPF sends the authentication vectors AV and IK 'and CK' in an authentication vector response message AV-Res to the AUSF.
Step 1503, after receiving the message AV-Res, the AUSF generates a session root key MSK, and performs hash operation on IK ', CK', RES, RAND and the roaming network name to generate encryption information MASK;
step 1504, the SEAF sends an authentication request to the terminal;
step 1505, the terminal responds to the authentication request and sends to the SEAF;
step 1506, the SEAF receives the authentication response and sends the authentication response to the AUSF;
step 1507, the AUSF receives the authentication response, completes the bidirectional authentication between the AUSF and the terminal, and transmits the encrypted session root key MSK, the message verification value code MAC and the EAP-success to the SEAF;
step 1508, after the SEAF receives the encrypted session root key MSK and the EAP-success, the SEAF leaves the encrypted session root key MSK and the MAC, and sends the EAP-success to the terminal;
step 1509, after receiving the EAP-success message, the terminal generates a MASK and sends it to the SEAF, and the SEAF recovers the session root key MSK after receiving the MASK. And generating a message authentication code SMAC to be authenticated and comparing the SMAC with the MAC.
The present application is described above with reference to block diagrams and/or flowchart illustrations of methods, apparatus (systems) and/or computer program products according to embodiments of the application. It will be understood that one block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, and/or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer and/or other programmable data processing apparatus, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the subject application may also be embodied in hardware and/or in software (including firmware, resident software, micro-code, etc.). Furthermore, the present application may take the form of a computer program product on a computer-usable or computer-readable storage medium having computer-usable or computer-readable program code embodied in the medium for use by or in connection with an instruction execution system. In the context of this application, a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (26)

1. A method for information transmission, the method comprising:
after receiving a successful terminal verification message of a secure anchor point function (SEAF), an AUSF (authentication server function) determines an encrypted session root key, wherein the encrypted session root key is obtained by encrypting the session root key by the AUSF according to encryption information, and the encryption information is obtained according to network information;
the AUSF sends the encrypted session root key and Extensible Authentication Protocol (EAP) success information to the SEAF together so that the SEAF decrypts the encrypted session root key according to received decryption information from a terminal to obtain a session root key, wherein the decryption information is obtained by encrypting the terminal according to network information;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
2. The method of claim 1, wherein the AUSF generates the encrypted session root key according to:
and the AUSF performs exclusive OR operation on the encryption information and the session root key to obtain the encryption session root key.
3. The method of claim 2, wherein before the AUSF performs an exclusive-or operation on the encrypted information obtained by performing the hash operation on the network information and the session root key to obtain the encrypted session root key, the method further comprises:
the AUSF performs Hash operation on network information to obtain the encryption information; or
And the AUSF receives the encrypted information obtained by carrying out hash operation on network information by the authentication certificate storage and processing function ARPF.
4. The method of claim 1, wherein the AUSF sends the encrypted session root key to a SEAF, further comprising:
and the AUSF sends a message authentication code for verifying the integrity of the session root key, the encrypted session root key and the EAP success information to the SEAF.
5. The method of claim 4, wherein the AUSF generates the message authentication code according to:
and the AUSF generates the message authentication code through a message authentication algorithm according to the session root key, the encrypted session root key and the EAP success information.
6. A method for information transmission, the method comprising:
after the SEAF successfully verifies the terminal, sending a terminal verification success message to the AUSF so that the AUSF can determine an encrypted session root key, wherein the encrypted session root key is obtained by encrypting the session root key by the AUSF according to encryption information, and the encryption information is obtained according to network information;
after receiving the encrypted session root key and the EAP success information sent by the AUSF, the SEAF sends the EAP success information to the terminal;
the SEAF decrypts the encrypted session root key according to the received decryption information from the terminal to obtain a session root key, wherein the decryption information is obtained by encrypting the terminal according to network information;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
7. The method of claim 6, wherein the SEAF decrypting the encrypted session root key based on decryption information received from the terminal to obtain a session root key comprises:
and the SEAF carries out XOR operation on the received decryption information from the terminal and the encrypted session root key to obtain the session root key.
8. The method of claim 6, wherein before the SEAF sends EAP success information to the terminal, further comprising:
the SEAF receives a message authentication code, an encrypted session root key and EAP success information sent by the AUSF;
after the SEAF decrypts the encrypted session root key according to the received decryption information from the terminal to obtain the session root key, the SEAF further includes:
and the SEAF verifies the integrity of the obtained session root key according to the message verification code.
9. The method of claim 6, wherein the SEAF verifying the integrity of the derived session root key according to the message verification algorithm comprises:
the SEAF generates a message verification code to be verified through a message verification algorithm according to the obtained session root key, the received encrypted session root key and the EAP success information;
and the SEAF judges whether the message verification code to be verified is the same as the received message verification code, if so, the verification is determined to be passed, otherwise, the verification is determined to be failed.
10. A method for information transmission, the method comprising:
the terminal receives EAP success information sent by the SEAF;
the terminal sends decryption information obtained by encrypting according to network information to the SEAF so that the SEAF decrypts the encrypted session root key from the AUSF according to the decryption information; the encrypted session root key is obtained by encrypting the session root key by the AUSF according to encryption information, and the encryption information is obtained according to the network information;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
11. A method for information transmission, the method comprising:
after receiving an authentication vector request message from the AUSF, the ARPF generates encryption information according to the network information;
the ARPF sends the encryption information to the AUSF, so that the AUSF encrypts a session root key according to the encryption information after receiving a terminal verification success message of a secure anchor point function (SEAF) to obtain an encrypted session root key, and sends the encrypted session root key and Extensible Authentication Protocol (EAP) success information to the SEAF;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
12. An AUSF device, comprising: at least one processing unit, and at least one memory unit, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after receiving a message of successful authentication of the SEAF terminal, determining an encrypted session root key, wherein the encrypted session root key is obtained by encrypting according to encryption information, and the encryption information is obtained according to network information; sending the encrypted session root key and the EAP success information to an SEAF (session initiation function) together so that the SEAF decrypts the encrypted session root key according to received decryption information from the terminal to obtain a session root key, wherein the decryption information is obtained by encrypting according to the network information;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
13. The device of claim 12, wherein the processing unit is specifically configured to generate the encrypted session root key according to:
and the AUSF performs exclusive OR operation on the encryption information and the session root key to obtain the encryption session root key.
14. The device of claim 13, wherein the processing unit is further to:
carrying out XOR operation on encrypted information obtained by carrying out Hash operation on network information and a session root key to obtain the encrypted session root key, and carrying out Hash operation on the network information to obtain the encrypted information; or
And receiving the encryption information obtained by carrying out hash operation on the network information by the ARPF.
15. The device of claim 12, wherein the processing unit is further to:
and sending a message authentication code for verifying the integrity of the session root key, the encrypted session root key and the EAP success information to the SEAF.
16. The device of claim 15, wherein the processing unit is specifically configured to generate the message authentication code according to:
and generating the message authentication code through a message authentication algorithm according to the session root key, the encrypted session root key and the EAP success information.
17. A SEAF device, characterized in that the device comprises: at least one processing unit, and at least one memory unit, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after the SEAF successfully verifies the terminal, sending a terminal verification success message to the AUSF so that the AUSF can determine an encrypted session root key, wherein the encrypted session root key is obtained by encrypting the session root key by the AUSF according to encryption information, and the encryption information is obtained according to network information;
shallow
After receiving an encrypted session root key and EAP success information sent by the AUSF, sending the EAP success information to the terminal, wherein the encrypted session root key is obtained by encrypting according to network information;
decrypting the encrypted session root key according to the received decryption information from the terminal to obtain a session root key, wherein the decryption information is obtained by encrypting according to network information;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
18. The device of claim 17, wherein the processing unit is specifically configured to:
and carrying out XOR operation on the received decryption information from the terminal and the encrypted session root key to obtain the session root key.
19. The device of claim 17, wherein the processing unit is further to:
before sending EAP success information to the terminal, receiving a message authentication code, an encrypted session root key and EAP success information sent by the AUSF;
and after the encrypted session root key is decrypted by the received decryption information from the terminal to obtain the session root key, verifying the integrity of the obtained session root key according to the message verification code.
20. The device of claim 17, wherein the processing unit is to:
generating a message verification code to be verified through a message verification algorithm according to the obtained session root key, the received encrypted session root key and the EAP success information;
and judging whether the message verification code to be verified is the same as the received message verification code, if so, determining that the verification is passed, otherwise, determining that the verification fails.
21. A terminal device, characterized in that the device comprises: at least one processing unit, and at least one memory unit, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
receiving EAP success information sent by the SEAF; sending decryption information obtained by encrypting according to network information to the SEAF so that the SEAF decrypts the received encrypted session root key from the AUSF according to the decryption information; the encrypted session root key is obtained by encrypting the session root key by the AUSF according to encryption information, and the encryption information is obtained according to the network information;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
22. An ARPF device, comprising: at least one processing unit, and at least one memory unit, wherein the memory unit stores program code that, when executed by the processing unit, causes the processing unit to perform the following:
after receiving an authentication vector request message from an AUSF (autonomous Underwater System), generating encryption information according to network information, and sending the encryption information to the AUSF, so that after the AUSF receives a terminal verification success message of a secure anchor point function (SEAF), a session root key is encrypted according to the encryption information to obtain an encrypted session root key, and the encrypted session root key and Extensible Authentication Protocol (EAP) success information are sent to the SEAF together;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
23. An AUSF device, comprising:
the first receiving module is used for receiving a terminal verification success message of the SEAF;
a first execution module, configured to determine an encrypted session root key, where the encrypted session root key is obtained by encrypting, by the AUSF, a session root key according to encryption information, and the encryption information is obtained according to network information;
a first sending module, configured to send the encrypted session root key and EAP success information together to an SEAF, so that the SEAF decrypts the encrypted session root key according to received decryption information from a terminal to obtain a session root key, where the decryption information is obtained by encrypting, by the terminal, according to network information;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
24. A SEAF device, characterized in that the device comprises:
the second receiving module is used for receiving the encrypted session root key and the EAP success information sent by the AUSF; the encrypted session root key is obtained by encrypting the session root key by the AUSF according to encryption information, and the encryption information is obtained according to network information;
the second execution module is used for decrypting the encrypted session root key according to the received decryption information from the terminal to obtain a session root key, wherein the decryption information is obtained by encrypting the terminal according to network information;
a second sending module, configured to send the EAP success information to the terminal;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
25. A terminal device, characterized in that the device comprises:
a third receiving module, configured to receive EAP success information sent by the SEAF;
the third execution module is used for carrying out encryption according to the network information to obtain decryption information;
a third sending module, configured to send decryption information obtained by encrypting according to network information to an SEAF, so that the SEAF decrypts a received encrypted session root key from the AUSF according to the decryption information; the encrypted session root key is obtained by encrypting the session root key by the AUSF according to encryption information, and the encryption information is obtained according to the network information;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
26. An ARPF device, comprising:
a fourth receiving module, configured to receive an authentication vector request message from the AUSF;
the fourth execution module is used for generating encryption information according to the network information;
a fourth sending module, configured to send encryption information generated according to network information to the AUSF, so that after receiving a terminal verification success message of the security anchor point function SEAF, the AUSF encrypts a session root key according to the encryption information to obtain an encrypted session root key, and sends the encrypted session root key and an extensible authentication protocol EAP success message together to the SEAF;
wherein the network information includes part or all of the following information:
integrity check key IK ', ciphering key CK', expected response RES, random number RAND and roaming network name.
CN201710624654.5A 2017-07-27 2017-07-27 Information transmission method and equipment Active CN109309648B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710624654.5A CN109309648B (en) 2017-07-27 2017-07-27 Information transmission method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710624654.5A CN109309648B (en) 2017-07-27 2017-07-27 Information transmission method and equipment

Publications (2)

Publication Number Publication Date
CN109309648A CN109309648A (en) 2019-02-05
CN109309648B true CN109309648B (en) 2021-06-04

Family

ID=65202281

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710624654.5A Active CN109309648B (en) 2017-07-27 2017-07-27 Information transmission method and equipment

Country Status (1)

Country Link
CN (1) CN109309648B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109309566B (en) * 2017-07-28 2021-06-08 中国移动通信有限公司研究院 Authentication method, device, system, equipment and storage medium
CN112399412B (en) * 2019-08-19 2023-03-21 阿里巴巴集团控股有限公司 Session establishment method and device, and communication system
CN113141327B (en) * 2020-01-02 2023-05-09 中国移动通信有限公司研究院 Information processing method, device and equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179570A (en) * 2007-06-05 2008-05-14 中兴通讯股份有限公司 Method for binding link layer information based on network access authentication information carrying protocol

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101179570A (en) * 2007-06-05 2008-05-14 中兴通讯股份有限公司 Method for binding link layer information based on network access authentication information carrying protocol

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"Authentication procedure for EAP-AKA’";Nokia;《3GPP TSG SA WG3 (Security) Meeting #87》;20170519;第6.1节 *
"Authentication procedure for EPS AKA* - possible variant";Nokia;《3GPP TSG SA WG3 (Security) Meeting #87》;20170519;全文 *
"Nokia comments on Alternative EAP proposal for 3GPP access (S3-161432 by Qualcomm Incorporated)";Nokia;《3GPP TSG SA WG3 (Security) Adhoc Meeting on FS_NSA》;20161229;全文 *
"pCR solution to Key Issue # 3.1 Interception of radio interface keys sent between operator entities";Qualcomm Incorporated;《3GPP TSG SA WG3 (Security) Meeting #85》;20161111;全文 *
Qualcomm Incorporated."pCR solution to Key Issue # 3.1 Interception of radio interface keys sent between operator entities".《3GPP TSG SA WG3 (Security) Meeting #85》.2016, *

Also Published As

Publication number Publication date
CN109309648A (en) 2019-02-05

Similar Documents

Publication Publication Date Title
CN110380852B (en) Bidirectional authentication method and communication system
CN106603485B (en) Key agreement method and device
EP3350958B1 (en) Method and system for session key generation with diffie-hellman procedure
US8644515B2 (en) Display authenticated security association
CN107295011B (en) Webpage security authentication method and device
WO2019020051A1 (en) Method and apparatus for security authentication
WO2015192670A1 (en) User identity authentication method, terminal and service terminal
JP2018509117A (en) Method, apparatus and system for identity authentication
CN108509787B (en) Program authentication method
CN107820239B (en) Information processing method and device
CN108809903B (en) Authentication method, device and system
JP7192122B2 (en) Systems and methods for authenticating connections between user devices and vehicles
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN105391734A (en) Secure login system, secure login method, login server and authentication server
CN108599926B (en) HTTP-Digest improved AKA identity authentication system and method based on symmetric key pool
WO2016054905A1 (en) Method for processing data
WO2018046017A1 (en) Information processing method, device, electronic equipment and computer storage medium
CN111435913A (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN109309648B (en) Information transmission method and equipment
CN111541716A (en) Data transmission method and related device
CN111224784B (en) Role separation distributed authentication and authorization method based on hardware trusted root
CN110493177B (en) Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number
CN110838919A (en) Communication method, storage method, operation method and device
CN106992866A (en) It is a kind of based on wireless network access methods of the NFC without certificate verification
CN112487380A (en) Data interaction method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant