CN109691017A - 消息保护方法、用户设备和核心网设备 - Google Patents
消息保护方法、用户设备和核心网设备 Download PDFInfo
- Publication number
- CN109691017A CN109691017A CN201780056174.1A CN201780056174A CN109691017A CN 109691017 A CN109691017 A CN 109691017A CN 201780056174 A CN201780056174 A CN 201780056174A CN 109691017 A CN109691017 A CN 109691017A
- Authority
- CN
- China
- Prior art keywords
- random number
- exception response
- signature
- message
- response message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/037—Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/047—Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
- H04W12/0471—Key exchange
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/108—Source integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本申请实施例提供一种消息保护方法、用户设备和核心网设备。其中,方法包括:向核心网设备发送未受安全保护的请求消息,请求消息包括第一随机数;接收异常响应消息,异常响应消息包括第三随机数和签名;根据所述第三随机数、签名和获取到的凭证,确定异常响应消息是否为有效消息。本申请实施例提供的消息保护方法,可以对用户设备与核心网设备之间未建立安全上下文之前传输的消息进行安全保护,提升了网络通信的安全性。
Description
PCT国内申请,说明书已公开。
Claims (40)
- PCT国内申请,权利要求书已公开。
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2017/072665 WO2018137195A1 (zh) | 2017-01-25 | 2017-01-25 | 消息保护方法、用户设备和核心网设备 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109691017A true CN109691017A (zh) | 2019-04-26 |
CN109691017B CN109691017B (zh) | 2022-02-01 |
Family
ID=62978898
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201780056174.1A Active CN109691017B (zh) | 2017-01-25 | 2017-01-25 | 消息保护方法、用户设备和核心网设备 |
Country Status (4)
Country | Link |
---|---|
US (1) | US10582378B2 (zh) |
EP (1) | EP3565178B1 (zh) |
CN (1) | CN109691017B (zh) |
WO (1) | WO2018137195A1 (zh) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
MX2020008451A (es) | 2018-02-15 | 2020-09-28 | Ericsson Telefon Ab L M | Metodo para mejorar la seguridad de la transmision de datos. |
US11469881B2 (en) * | 2018-12-26 | 2022-10-11 | Korea Institute Of Science And Technology | Apparatus and method for forgery prevention of digital information |
US11336438B2 (en) * | 2020-03-31 | 2022-05-17 | EMC IP Holding Company LLC | Remote approval and execution of restricted operations |
US11522879B2 (en) * | 2020-05-20 | 2022-12-06 | At&T Intellectual Property I, L.P. | Scrubber for distributed denial of service attacks targetting mobile networks |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1802017A (zh) * | 2005-07-15 | 2006-07-12 | 华为技术有限公司 | 一种防止重放攻击的认证方法 |
CN1802018A (zh) * | 2005-07-15 | 2006-07-12 | 华为技术有限公司 | 一种消息认证方法 |
CN102055744A (zh) * | 2009-11-06 | 2011-05-11 | 中兴通讯股份有限公司 | 一种ip多媒体子系统紧急呼叫业务的实现系统及方法 |
US20150013015A1 (en) * | 2013-03-14 | 2015-01-08 | General Instrument Corporation | Method and apparatus for group licensing of device features |
CN105792194A (zh) * | 2016-04-25 | 2016-07-20 | 中国联合网络通信集团有限公司 | 基站合法性的认证方法、认证装置、网络设备、认证系统 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8639939B2 (en) * | 2006-07-07 | 2014-01-28 | Sandisk Technologies Inc. | Control method using identity objects |
GB0822599D0 (en) * | 2008-12-11 | 2009-01-21 | Vodafone Plc | Securing network rejection |
US8566465B2 (en) * | 2010-09-17 | 2013-10-22 | At&T Intellectual Property I, L.P. | System and method to detect and mitigate distributed denial of service attacks using random internet protocol hopping |
US20120323717A1 (en) * | 2011-06-16 | 2012-12-20 | OneID, Inc. | Method and system for determining authentication levels in transactions |
US9083531B2 (en) * | 2012-10-16 | 2015-07-14 | Symantec Corporation | Performing client authentication using certificate store on mobile device |
US10588019B2 (en) * | 2016-05-05 | 2020-03-10 | Qualcomm Incorporated | Secure signaling before performing an authentication and key agreement |
-
2017
- 2017-01-25 CN CN201780056174.1A patent/CN109691017B/zh active Active
- 2017-01-25 EP EP17894481.5A patent/EP3565178B1/en active Active
- 2017-01-25 WO PCT/CN2017/072665 patent/WO2018137195A1/zh unknown
-
2019
- 2019-07-24 US US16/520,833 patent/US10582378B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1802017A (zh) * | 2005-07-15 | 2006-07-12 | 华为技术有限公司 | 一种防止重放攻击的认证方法 |
CN1802018A (zh) * | 2005-07-15 | 2006-07-12 | 华为技术有限公司 | 一种消息认证方法 |
CN102055744A (zh) * | 2009-11-06 | 2011-05-11 | 中兴通讯股份有限公司 | 一种ip多媒体子系统紧急呼叫业务的实现系统及方法 |
US20150013015A1 (en) * | 2013-03-14 | 2015-01-08 | General Instrument Corporation | Method and apparatus for group licensing of device features |
CN105792194A (zh) * | 2016-04-25 | 2016-07-20 | 中国联合网络通信集团有限公司 | 基站合法性的认证方法、认证装置、网络设备、认证系统 |
Non-Patent Citations (1)
Title |
---|
朱英敏: "IEEE802.16无线城域网安全子层分析与研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Also Published As
Publication number | Publication date |
---|---|
WO2018137195A1 (zh) | 2018-08-02 |
EP3565178A1 (en) | 2019-11-06 |
EP3565178A4 (en) | 2019-11-06 |
US20190349753A1 (en) | 2019-11-14 |
US10582378B2 (en) | 2020-03-03 |
CN109691017B (zh) | 2022-02-01 |
EP3565178B1 (en) | 2021-03-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Norrman et al. | Protecting IMSI and user privacy in 5G networks | |
CN108293223B (zh) | 一种数据传输方法、用户设备和网络侧设备 | |
US10904750B2 (en) | Key obtaining method and device, and communications system | |
WO2021155758A1 (zh) | 密钥获取方法及装置 | |
US10582378B2 (en) | Message protection method, user equipment, and core network device | |
CN113016202A (zh) | 5g系统中的初始非接入层协议消息的保护 | |
WO2020010515A1 (en) | Identity-based message integrity protection and verification for wireless communication | |
CN101931953B (zh) | 生成与设备绑定的安全密钥的方法及系统 | |
WO2020248624A1 (zh) | 一种通信方法、网络设备、用户设备和接入网设备 | |
WO2019096075A1 (zh) | 一种消息保护的方法及装置 | |
CN113518312B (zh) | 一种通信方法、装置及系统 | |
CN103503411A (zh) | 针对移动用户的安全机制 | |
EP3700245A1 (en) | Communication method and device | |
Zhang et al. | Dynamic group based authentication protocol for machine type communications | |
CN108235300B (zh) | 移动通信网络用户数据安全保护方法及系统 | |
Singh et al. | Dynamic group based efficient access authentication and key agreement protocol for MTC in LTE-A networks | |
CN101483870A (zh) | 跨平台的移动通信安全体系的实现方法 | |
WO2022127656A1 (zh) | 鉴权认证方法和相关装置 | |
RU2688251C1 (ru) | Беспроводная связь | |
US20080176572A1 (en) | Method of handoff | |
CN105764052A (zh) | Td-lte鉴权认证和保护性加密方法 | |
Amgoune et al. | 5g: Interconnection of services and security approaches | |
Ouaissa et al. | Group access authentication of machine to machine communications in LTE networks | |
CN111182548B (zh) | 伪网络设备识别方法及通信装置 | |
CN108282775B (zh) | 面向移动专用网络的动态附加认证方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |