CN111052779A

CN111052779A - Communication method and communication device

Info

Publication number: CN111052779A
Application number: CN201880056744.1A
Authority: CN
Inventors: 李华; 于游洋
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2018-01-25
Filing date: 2018-01-25
Publication date: 2020-04-21
Also published as: WO2019144350A1

Abstract

The application provides a communication method and a communication device, which can improve the transmission safety. The method comprises the following steps: the authentication server receives the encrypted first random number from the terminal; the authentication server determines an anchor key according to the encrypted first random number, the encrypted second random number and the encrypted third random number; the authentication server sends the anchor key to a mobility management device.

Description

Communication method and communication device

Technical Field

The present application relates to the field of communications, and more particularly, to a communication method and a communication apparatus in the field of communications.

Background

In a future network system, an Extensible Authentication Protocol (EAP) is used for authentication, specifically, an authentication server generates a hash value according to a stored registration password of a terminal, the terminal generates a hash value according to the stored registration password, if the hash value generated by the authentication server is consistent with the hash value generated by the terminal, the authentication is considered to be passed, when the authentication is passed, an anchor key can be determined by using the registration password of the terminal used in the authentication, and then communication is performed by using the anchor key, but if the registration password of the terminal is cracked, an attacker can easily obtain the anchor key, so that communication content of the terminal is easily leaked, and transmission security cannot be guaranteed.

Disclosure of Invention

The application provides a communication method and device which are beneficial to improving the transmission safety.

In a first aspect, a communication method is provided, including: the authentication server receives the encrypted first random number from the terminal; the authentication server determines an anchor key according to the encrypted first random number, the encrypted second random number and the encrypted third random number; the authentication server sends the anchor key to a mobility management device.

Therefore, in the embodiment of the application, the first random number is used to replace the registration password of the terminal to determine the anchor key, and since the random number has randomness and can be changed frequently, for example, the random number can be generated by the terminal at each session establishment, the security problem caused by long-term adoption of the fixed registration password of the terminal is avoided.

As an alternative embodiment, the anchor point key is used for the mobility management device to communicate.

Specifically, the mobility management device may communicate with the terminal according to the anchor key, or the mobility management device sends the anchor key to the access network device, and the access network device communicates with the terminal according to the anchor key. Further, for example, the mobility management device may generate a lower layer key by using the anchor point key, for example, the mobility management device and a terminal communicate by using the lower layer key, or the mobility management device sends the lower layer key to an access network device, and the access network device and the terminal communicate by using the lower layer key. For another example, the mobility management device sends the anchor key to an access network device, the access network device generates a lower layer key according to the anchor key, and the access network device and the terminal communicate by using the lower layer key.

Optionally, the authentication server may generate one or more lower layer keys according to the anchor point key, where the lower layer key may be used for communication of control plane data and also for communication of user plane data, for example, the lower layer key may be used for communication of control plane data and/or user plane data between the terminal and the mobility management device, and the lower layer key may be used for communication of control plane data and/or user plane data between the terminal and the access network device. And, a lower layer key between the terminal and the mobility management device may be different from a lower layer key between the terminal and the access network device. Optionally, the lower layer key used for the control plane data communication between the terminal and the mobility management device may be the same as or different from the lower layer key used for the user plane data. Optionally, a lower layer key used for control plane data between the terminal and the access network device may be the same as or different from a lower layer key used for user plane data, which is not limited in this embodiment of the present application.

In some implementations, the second random number is generated by a terminal, and the third random number is generated by the authentication server or by the mobility management device or by a data management device.

Optionally, the method further includes: the authentication server receives a second random number sent by the terminal, and if the third random number is generated by the mobility management equipment, the authentication server receives the third random number sent by the mobility management equipment; if the third random number is generated by the data management device, the authentication server receives the third random number sent by the data management device.

In this way, the authentication server can determine the anchor key according to the second random number generated by the terminal, the third random number generated by the network side device and the encrypted first random number sent by the terminal, and the determined anchor key can be improved in security by using the randomness of the random numbers.

In certain implementations, the authentication server obtains a first verification value and a second verification value from a data management device; the authentication server authenticates the terminal according to the first verification value; and the authentication server sends the second verification value to the terminal under the condition that the result of authenticating the terminal is legal, so that the terminal can authenticate the authentication server according to the second verification value. Optionally, before determining the anchor key according to the encrypted first random number, the authentication server obtains a first verification value and a second verification value from the data management device; and the authentication server authenticates the terminal according to the first verification value.

In some implementations, the obtaining, by the authentication server, the first verification value and the second verification value from the data management device specifically includes: the authentication server sends a terminal identifier of the terminal, the second random number and the third random number to the data management device, wherein the first verification value is determined by the terminal identifier, a registration password of the terminal stored by the data management device and the third random number; the second verification value is determined by the terminal identification, the registration password of the terminal stored by the data management device and the second random number; the authentication server receives the first verification value and the second verification value from the data management apparatus. Compared with the prior art that the user registration password needs to be acquired from the data management equipment when the verification value is generated by the authentication server, the verification value is generated by the data management equipment and is transmitted to the authentication server, so that the transmission of user sensitive information in a network is avoided, and the safety of the system is improved.

In certain implementations, the method further includes: the authentication server receives a third verification value sent by the terminal, wherein the third verification value is determined by the third random number, the terminal identification of the terminal and a registration password of the terminal; the authentication of the terminal by the authentication server according to the first verification value comprises: and if the first verification value is equal to the third verification value, the authentication server determines that the terminal is legal. Optionally, if the first verification value is not equal to the third verification value, the authentication server determines that the terminal is illegal.

Optionally, the first verification value and the third verification value are calculated by using the same authentication method, for example, the first verification value and the third verification value may be obtained by using a preset authentication method, or obtained by using an authentication method determined by negotiation between a terminal and an authentication server.

Optionally, the first verification value and the third verification value may be obtained by using a hash algorithm.

In certain implementations, before the authentication server obtains the first verification value and the second verification value from the data management device, the method further includes: the authentication server receives one or more than two authentication methods supported by the terminal from the terminal; and the authentication server determines a first authentication method adopted for authenticating the terminal according to one or more than two authentication methods supported by the terminal and the authentication methods supported by the authentication server. Optionally, the obtaining, by the authentication server, the first verification value and the second verification value from the data management device includes: the authentication server acquires the first verification value and the second verification value determined according to the first authentication method from the data management apparatus. In the N2 message sent by the terminal to the authentication server, the authentication method supported by the terminal can be added, so that the authentication server can select the authentication method to be used once, and the problem of large authentication delay caused by multiple negotiations is avoided.

In some implementations, the receiving, by the authentication server, one or two or more authentication methods supported by the terminal and sent by the terminal includes: the authentication server receives one or more authentication methods supported by the terminal from the terminal and the priority of each authentication method in the one or more authentication methods; the method for authenticating the terminal by the authentication server comprises the following steps that the authentication server determines a first authentication method adopted for authenticating the terminal according to one or more than two authentication methods supported by the terminal and the authentication methods supported by the authentication server, and comprises the following steps: the authentication server determines the first authentication method according to the priority of each authentication method of one or two or more authentication methods supported by the terminal and the authentication method supported by the authentication server. In the N2 message sent by the terminal to the authentication server, the authentication method supported by the terminal and the corresponding priority information can be added, wherein the priority information can be used to indicate the authentication method expected to be used by the terminal, so that the authentication server can select the authentication method to be used at one time, and the problem of long authentication time delay caused by multiple negotiations is avoided.

Optionally, the terminal carries one or more than two authentication methods supported by the terminal in a registration message sent to an authentication server, and the authentication server receives the registration message sent by the terminal and obtains the one or more than two authentication methods supported by the terminal in the registration message. For example, the authentication server may take an intersection between one or more authentication methods supported by the terminal and one authentication method supported by the authentication server itself, where if the intersection includes only one element, that is, one authentication method, the authentication method is the first authentication method, and if the intersection includes two or more elements, that is, two or more authentication methods, the authentication method may be any one of the two or more authentication methods. Or, the authentication server determines the first authentication method to be used for authenticating the terminal among the two or more authentication methods according to the priority of each authentication method among the one or more authentication methods supported by the terminal.

In some implementations, the encrypted first random number is obtained by encrypting the first random number with a first key; the authentication server determines an anchor key according to the encrypted first random number, the encrypted second random number, and the encrypted third random number, and the method includes: the authentication server decrypts the encrypted first random number by using a second key to obtain the first random number, wherein the second key is a key corresponding to the first key; the authentication server determines the anchor key using the first random number, the second random number, and the third random number.

Optionally, the authentication server may store decrypted keys of a plurality of terminals, and after receiving the encrypted first random number sent by the terminal, the authentication server may determine, according to the identifier of the terminal, a second key for decrypting the encrypted first random number from among the plurality of keys stored in the authentication server, where the second key is a key corresponding to the first key.

Optionally, the first key and the second key may be a pair of asymmetric keys, where the first key is a public key and the second key is a private key.

Optionally, the first key and the second key are a pair of symmetric keys, that is, the first key and the second key are the same.

In certain implementations, the first key and the second key are a pair of keys generated according to the diffie-hellman DH algorithm.

In a second aspect, a communication method is provided, including: the terminal generates a first random number; and the terminal determines an anchor key according to the first random number, the second random number and the third random number, wherein the anchor key is used for terminal communication. In the application, the terminal adopts the random number to replace the registration password in the prior art to generate the anchor point key, so that the safety of determining the anchor point key is effectively improved.

Optionally, the anchor key is used for the terminal to communicate, and may be: the terminal may communicate with the mobility management device according to the anchor key, or the terminal may communicate with the access network device according to the anchor key. Optionally, the anchor point key may be a key for transmitting control plane data, and may also be a key for transmitting user plane data; optionally, a lower layer key may be generated according to the anchor point key, and the lower layer key may be used for transmitting control plane data or user plane data.

In certain implementations, the method further includes: the terminal encrypts the first random number to obtain an encrypted first random number; and the terminal sends the encrypted first random number to an authentication server.

In some implementations, the second random number is generated by a terminal, and the third random number is generated by the authentication server or a mobility management device or a data management device.

Optionally, the method further includes: and the terminal receives the third random number sent by the authentication server.

In some implementations, the terminal receives a second verification value sent by the data management device through the authentication server, where the second verification value is determined by a terminal identifier of the terminal, a registration password of the terminal stored by the data management device, and the second random number; the terminal determines a fourth verification value according to the terminal identification, the self registration password stored by the terminal and the second random number; and the terminal authenticates the authentication server according to the second verification value and the fourth verification value. Specifically, if the second verification value is the same as the fourth verification value, the terminal determines that the authentication server is legal, and if the second verification value is not the same as the fourth verification value, the terminal determines that the authentication server is illegal.

Optionally, the second verification value and the fourth verification value are calculated by using the same authentication method, for example, the second verification value and the fourth verification value may be obtained by using a preset authentication method, or obtained by using an authentication method determined by negotiation between a terminal and an authentication server.

Optionally, the second verification value and the fourth verification value may be generated using a hash algorithm.

In certain implementations, the method further includes: and the terminal sends the authentication methods supported by the terminal to the authentication server, wherein the authentication methods supported by the terminal may comprise one, two or more than two.

In some implementations, the sending, by the terminal to the authentication server, one or two or more authentication methods supported by the terminal includes: the terminal sends one or more than two authentication methods supported by the terminal and the priority of each authentication method in the one or more than two authentication methods to the authentication server. By setting different priorities for different authentication methods, the authentication server can be instructed to select the authentication method desired by the terminal at one time according to the instruction of the terminal.

In a third aspect, a communication method is provided, including: the data management equipment receives a terminal identifier of the terminal, a second random number and a third random number which are sent by the authentication server; the data management equipment determines a first verification value and a second verification value according to the terminal identification, the second random number and the third random number; the data management device sends the first verification value and the second verification value to the authentication server so that the authentication server and the terminal can mutually authenticate by using the first verification value and the second verification value.

In some implementations, the determining, by the data management device, a first verification value and a second verification value according to the terminal identifier, the second random number, and the third random number includes: the data management equipment determines the second verification value according to the terminal identification, the registration password of the terminal stored by the data management equipment and the second random number; and the data management equipment determines the first verification value according to the terminal identification, the registration password of the terminal stored by the data management equipment and the third random number.

Optionally, the method further includes: the data management equipment receives an identification of a first authentication method sent by the authentication server, determines the first authentication method adopted by calculation of a first verification value and a second verification value according to the identification of the first authentication method, and calculates the first verification value and the second verification value by the data management equipment through the first authentication method.

In a fourth aspect, a communication method is provided, including: the authentication server acquires a first verification value and a second verification value from the data management equipment; the authentication server authenticates the terminal according to the first verification value; and the authentication server sends the second verification value to the terminal under the condition that the result of the authentication of the terminal is legal.

In some implementations, the obtaining, by the authentication server, the first verification value and the second verification value from the data management device specifically includes: the authentication server sends a terminal identifier of the terminal, the second random number and the third random number to the data management device, wherein the first verification value is determined by the terminal identifier, a registration password of the terminal stored by the data management device and the third random number; the second verification value is determined by the terminal identification, the registration password of the terminal stored by the data management device and the second random number; the authentication server receives the first verification value and the second verification value from the data management apparatus.

In certain implementations, the method further includes: the authentication server receives a third verification value from the terminal, wherein the third verification value is determined by the third random number, the terminal identification of the terminal and a registration password of the terminal; the authentication of the terminal by the authentication server according to the first verification value comprises: if the first verification value is equal to the third verification value, the authentication server determines that the terminal is legal; and if the first verification value is not equal to the third verification value, the authentication server determines that the terminal is illegal.

In a fifth aspect, a communication method is provided, including: the terminal generates a first random number; the terminal determines an anchor key according to the first random number, the second random number and the third random number; the terminal encrypts the first random number to obtain an encrypted first random number; the terminal sends the encrypted first random number to an authentication server; and the authentication server determines an anchor key according to the encrypted first random number, the encrypted second random number and the encrypted third random number.

In certain implementations, the second random number is generated by the terminal, and the third random number is generated by the authentication server or by the mobility management device or by a data management device.

In certain implementations, the method further includes: the authentication server receives a third verification value from the terminal, wherein the third verification value is determined by the third random number, the terminal identification of the terminal and a registration password of the terminal; the authentication server acquires a first verification value and a second verification value from the data management equipment; the authentication server authenticates the terminal according to the first verification value and the third verification value; the authentication server sends the second verification value to the terminal under the condition that the result of authenticating the terminal is legal; the terminal determines a fourth verification value according to the terminal identification, the self registration password stored by the terminal and the second random number; and the terminal authenticates the authentication server according to the second verification value and the fourth verification value.

A sixth aspect provides a communication device configured to perform the method of the first aspect or any possible implementation manner of the first aspect. In particular, the apparatus comprises means for performing the method of the first aspect described above or any possible implementation manner of the first aspect.

In a seventh aspect, a communication device is provided for performing the method of the second aspect or any possible implementation manner of the second aspect. In particular, the apparatus comprises means for performing the method of the second aspect described above or any possible implementation of the second aspect.

In an eighth aspect, a communication device is provided for performing the method of the third aspect or any possible implementation manner of the third aspect. In particular, the apparatus comprises means for performing the method of the third aspect or any possible implementation manner of the third aspect.

In a ninth aspect, there is provided a communication device for performing the method of the fourth aspect or any possible implementation manner of the fourth aspect. In particular, the apparatus comprises means for performing the method of the fourth aspect described above or any possible implementation manner of the fourth aspect.

In a tenth aspect, there is provided a communication apparatus comprising: a transceiver (which may include a transmitter and a receiver), a memory, and a processor. Wherein the transceiver, the memory and the processor are in communication with each other via an internal connection path, the memory is configured to store instructions, and the processor is configured to execute the instructions stored by the memory to control the receiver to receive signals and control the transmitter to transmit signals, such that the apparatus performs the method of the first aspect or any possible implementation manner of the first aspect.

Alternatively, the memory may be a device external to the communication apparatus.

In an eleventh aspect, there is provided a communication apparatus, comprising: a transceiver (which may include a transmitter and a receiver), a memory, and a processor. Wherein the transceiver, the memory and the processor are in communication with each other via an internal connection path, the memory is configured to store instructions, and the processor is configured to execute the instructions stored by the memory to control the receiver to receive signals and control the transmitter to transmit signals, such that the apparatus performs the method of the second aspect or any possible implementation manner of the second aspect.

Optionally, the communication device includes a terminal or a chip in the terminal.

In a twelfth aspect, there is provided a communication apparatus, comprising: a transceiver (which may include a transmitter and a receiver), a memory, and a processor. Wherein the transceiver, the memory and the processor are in communication with each other via an internal connection path, the memory is configured to store instructions, and the processor is configured to execute the instructions stored by the memory to control the receiver to receive signals and control the transmitter to transmit signals, such that the apparatus performs the method of the third aspect or any possible implementation manner of the third aspect.

In a thirteenth aspect, there is provided a communication apparatus, the apparatus comprising: a transceiver (which may include a transmitter and a receiver), a memory, and a processor. Wherein the transceiver, the memory and the processor are in communication with each other via an internal connection path, the memory is configured to store instructions, and the processor is configured to execute the instructions stored by the memory to control the receiver to receive signals and control the transmitter to transmit signals, so that the apparatus performs the method of any one of the possible implementations of the fourth aspect or the fourth aspect.

In a fourteenth aspect, a communication apparatus is provided, the apparatus comprising: a transceiver (which may include a transmitter and a receiver), a memory, and a processor. Wherein the transceiver, the memory and the processor are in communication with each other via an internal connection path, the memory is configured to store instructions, and the processor is configured to execute the instructions stored by the memory to control the receiver to receive signals and control the transmitter to transmit signals, such that the apparatus performs the method of any one of the possible implementations of the fifth aspect or the fifth aspect.

A fifteenth aspect provides a communication system comprising the apparatus of the sixth aspect or any one of its optional implementations and the apparatus of the seventh aspect or any one of its optional implementations, optionally further comprising the apparatus of the eighth aspect or any one of its optional implementations. Or the system comprises the apparatus of the eighth aspect or any alternative implementation thereof and the apparatus of the ninth aspect or any alternative implementation thereof. Alternatively, the system includes the apparatus of the tenth aspect or any optional implementation thereof and the apparatus of the eleventh aspect or any optional implementation thereof, and optionally further includes the apparatus of the twelfth aspect or any optional implementation thereof. Alternatively, the system comprises the apparatus of the twelfth aspect or any alternative implementation thereof and the apparatus of the thirteenth aspect or any alternative implementation thereof.

In a sixteenth aspect, a computer-readable storage medium is provided, having stored therein instructions, which, when run on a computer, cause the computer to perform the method as in the first aspect or any possible implementation manner of the first aspect.

A seventeenth aspect provides a computer-readable storage medium having stored therein instructions that, when run on a computer, cause the computer to perform a method as in the second aspect or any possible implementation of the second aspect.

In an eighteenth aspect, there is provided a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to perform a method as in the third aspect or any possible implementation of the third aspect.

A nineteenth aspect provides a computer-readable storage medium having stored therein instructions which, when run on a computer, cause the computer to perform a method as in the fourth aspect or any possible implementation of the fourth aspect.

A twentieth aspect provides a computer-readable storage medium having stored therein instructions which, when run on a computer, cause the computer to perform the method as in the fifth aspect or any possible implementation of the fifth aspect.

In a twenty-first aspect, the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the first aspect or any possible implementation manner of the first aspect.

In a twenty-second aspect, the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the second aspect or any possible implementation of the second aspect.

In a twenty-third aspect, the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the third aspect or any possible implementation of the third aspect.

In a twenty-fourth aspect, the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the fourth aspect or any possible implementation of the fourth aspect.

In a twenty-fifth aspect, the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the above-described fifth aspect or any possible implementation of the fifth aspect.

In a twenty-sixth aspect, the present application provides a communication chip having instructions stored therein, which when run on an authentication server or terminal or data management device, cause the authentication server or terminal or data management device to perform any of the methods of the above aspects.

Drawings

Fig. 1 shows a system architecture diagram provided by an embodiment of the present application.

Fig. 2 shows a schematic view of an application scenario provided in an embodiment of the present application.

Fig. 3 shows a schematic diagram of an authentication method provided in an embodiment of the present application.

Fig. 4 shows a schematic diagram of another authentication method provided in the embodiment of the present application.

Fig. 5 shows a schematic diagram of a communication method provided by an embodiment of the present application.

Fig. 6 is a schematic diagram illustrating another communication method provided in an embodiment of the present application.

Fig. 7 is a schematic diagram illustrating another communication method provided in the embodiment of the present application.

Fig. 8 is a schematic diagram illustrating a further communication method provided in the embodiment of the present application.

Fig. 9 shows a schematic block diagram of a communication device provided in an embodiment of the present application.

Fig. 10 shows a schematic block diagram of another communication device provided in an embodiment of the present application.

Fig. 11 shows a schematic block diagram of another communication device provided in an embodiment of the present application.

Fig. 12 shows a schematic block diagram of a communication system provided by an embodiment of the present application.

Fig. 13 is a schematic block diagram of another communication device provided in an embodiment of the present application.

Fig. 14 shows a schematic block diagram of another communication device provided in an embodiment of the present application.

Fig. 15 shows a schematic block diagram of another communication device provided in an embodiment of the present application.

Detailed Description

The technical solution in the present application will be described below with reference to the accompanying drawings.

The technical scheme of the embodiment of the application can be applied to various communication systems, for example: a Global System for Mobile communications (GSM) System, a Code Division Multiple Access (CDMA) System, a Wideband Code Division Multiple Access (WCDMA) System, a General Packet Radio Service (GPRS), a Long Term Evolution (Long Term Evolution, LTE) System, an LTE Frequency Division Duplex (FDD) System, an LTE Time Division Duplex (TDD), a Universal Mobile Telecommunications System (UMTS), a Worldwide Interoperability for Microwave Access (WiMAX) communication System, a future fifth Generation (5G) System, or a New Radio Network (NR), etc.

Fig. 1 shows a system architecture diagram provided in an embodiment of the present application, including:

a terminal 110, which may be referred to as a User Equipment (UE), a Mobile Station (MS), a mobile terminal (mobile terminal), or a terminal in a future 5G network, may communicate with one or more core network devices via a Radio Access Network (RAN) device, such as a mobile phone (or a "cellular" phone) or a computer with a mobile terminal, such as a next generation home gateway (NG-RG), and may also be a portable, pocket, hand-held, computer-included, or vehicle-mounted mobile device that exchanges voice and/or data with a radio access network. Terminal 110 may be configured to negotiate with authentication server 120 to determine an authentication method to be employed to authenticate terminal 110. The terminal 110 may also be used to authenticate the authentication server 120. The terminal 110 may also be used to generate anchor keys.

The authentication server 120 is configured to negotiate with the terminal 110 to determine an authentication method used for authenticating the terminal 110. The authentication server 120 may also be used to authenticate the terminal 110. The authentication server 120 may also be used to generate anchor keys.

In one possible implementation, terminal 110 negotiates with authentication server 120 to determine an authentication method to be employed to authenticate terminal 110. The terminal 110 and the authentication server 120 authenticate each other using the authentication method. In the case where the terminal 110 determines that the authentication server 120 is legitimate and the authentication server 120 determines that the terminal 110 is legitimate, the terminal 110 and the authentication server 120 may generate an anchor key for the terminal to communicate with other devices.

Fig. 2 shows a schematic view of an application scenario provided in an embodiment of the present application, including: terminal 110, access network equipment 130, and core network equipment 140.

The access network device 130 may be a Base Station Controller (BSC) in GSM or CDMA, a Radio Node Controller (RNC) in WCDMA, an evolved Node B (eNB or e-NodeB) in LTE, a new base station (e.g., evolved LTE Node B, LTE NB, or next generation Node B, gbb) in a future 5G network, and the access network device 120 may be a shared access network device, for example, an access network device shared by multiple Public Land Mobile Networks (PLMNs).

The core network device 140 may include: an access and mobility management function (AMF) device 141, an authentication server function (AUSF) device 142, a unified data management device (UDM) 143, and optionally, the core network device may further include at least one of a mobility management device (MME), a Policy Control Function (PCF) device, a User Port Function (UPF) device, an AF, a Home Subscriber Server (HSS), and the like.

Specifically, the AMF141 is configured to pass through the authentication message and perform encryption protection on the user plane data and the signaling plane data according to the anchor point key generated by the AUSF 142. The AUSF142, as an EAP authentication server, may authenticate the terminal, and may also generate an anchor key and send the anchor key to the AMF141, so that the AMF performs protection of signaling plane data and user plane data according to the anchor key. The UDM143 may return an authentication message, e.g. a message indicating whether the authentication is passed, to the corresponding terminal according to the terminal identifier of the terminal.

Alternatively, the authentication server 120 in fig. 1 may be the AUSF142 in fig. 2.

It should be understood that, in the embodiment of the present application, the mobility management device (the mobility management device may be the AMF or the MME), the authentication server, the data management device, and the like are only names, and the names themselves do not limit the entities. For example, it is also possible that the mobility management device is replaced by an "access and mobility management function" or other name. Furthermore, the mobility management device may also correspond to a network element comprising other functions than access and mobility management functions. It is also possible that the authentication server is replaced by an "authentication service function" or other name, and that the authentication server may correspond to a network element comprising other functions than the use of an authentication service. The description is unified here, and will not be repeated below.

It will also be understood that in the description of the present application, "/" indicates an OR meaning, for example, A/B may indicate A or B; "and/or" herein is merely an association describing an associated object, and means that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. Also, in the description of the present application, "a plurality" means two or more than two unless otherwise specified. In addition, in order to facilitate clear description of technical solutions of the embodiments of the present application, in the embodiments of the present application, terms such as "first" and "second" are used to distinguish the same items or similar items having substantially the same functions and actions. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.

Before a terminal transmits data with an access network device or a core network device, authentication needs to be performed using EAP, for example, as shown in fig. 3, in a possible authentication method 200, in the method 200, an example is described where the terminal is an NG-RG, an authentication server is an AUSF, and a data management device is a UDM, but this is not limited in this embodiment of the present application, and the method 200 includes the following steps:

s201, the terminal sends an EAP message to the AUSF, where the EAP message carries a terminal identifier of the terminal, for example, Identity (ID) of the terminal.

S202, the AUSF receives the EAP message sent by the terminal and selects an authentication method for the terminal.

For example, the authentication method may be EAP-challenge handshake authentication protocol (EAP-CHAP), EAP microsoft CHAP protocol version 2 (EAP-challenge handshake authentication protocol version 2, EAP-msp 2) based on account password authentication, or EAP-password authentication protocol (EAP-challenge authentication protocol version 2, EAP-session authentication protocol version 78) based on EAP, or an enhanced authentication and key agreement mechanism (EAP-authentication protocol for third party authentication and key agreement, EAP-AKA') based on Universal Subscriber Identity (USIM) card, or EAP-authentication and key agreement (EAP-authentication protocol and key agreement) based on EAP-challenge authentication and key agreement (EAP-authentication and key-agreement) based on EAP-authentication and key-authentication Module (EAP-authentication and key-authentication Module, EAP-authentication and key-authentication method based on extensible security authentication and client-session authentication protocol (EAP-authentication and key-authentication protocol) based on account password authentication, EAP-session authentication and key-authentication protocol (EAP-authentication and key-authentication protocol) based on EAP-session authentication, EAP-authentication and extensible security authentication Module (EAP-session authentication and session-authentication protocol) based on EAP-authentication and extensible security authentication protocol, EAP-TLS), extensible authentication protocol tunneling security (EAP-tunnel transport layer security) based on certificate authentication.

S203, the AUSF generates a random number RAND-AUSF.

S204, the AUSF sends a first message to the terminal, where the first message carries the random number RAND-AUSF generated by the AUSF, for example, when the AUSF selects EAP-MschapV2 in S202, the first message may be a challenge message in EAP-MschapV 2.

S205, the terminal receives the first message sent by the AUSF, determines a first hash value according to the RAND-AUSF carried in the first message, the terminal identifier of the terminal and the self registration password stored by the terminal, and for example, the hash value can be calculated by RFC (draft-kamath-pptext-eap-mschapv 2-02).

S206, the terminal generates a random number RAND-rg.

S207, the terminal sends a second message to the AUSF, the second message carrying RAND-rg and the first hash value, e.g., when the first message is a challenge message of EAP-MschapV2, then the second message may be a response message of EAP-MschapV 2.

And S208, the UDM stores the registration password of the terminal, and the UDM sends the registration password of the terminal to the AUSF, for example, the UDM may actively send the registration password of the terminal to the AUSF, or may send the registration password of the terminal to the AUSF based on a request of the AUSF.

S209, the AUSF receives a second message sent by the terminal, and determines a second hash value according to the RAND-AUSF, the terminal identifier of the terminal and the registration password of the terminal acquired by the AUSF, wherein the method for determining the second hash value is the same as the method for determining the first hash value. And the AUSF authenticates the terminal by using the first hash value and the second hash value.

Specifically, if the first hash value is equal to the second hash value, the AUSF considers that the terminal is legal. And if the first hash value is not equal to the second hash value, the AUSF determines that the terminal is illegal, and returns a rejection message to the terminal.

S210, the AUSF determines a third hash value by utilizing the RAND-rg, the terminal identification of the terminal and the registration password of the terminal acquired by the AUSF, and the method for determining the third hash value is the same as the method for determining the first hash value.

And S211, the AUSF sends a third message to the terminal, the third message has a third hash value, and if the AUSF selects the EAP-MschapV2 method in S202, the third message can be a success request message of EAP-MschapV 2.

S212, the terminal receives a third message sent by the AUSF, determines a fourth hash value by using the RANG-rg, the terminal identifier of the terminal and the AUSF, and authenticates the AUSF by using the third hash value and the fourth hash value.

Specifically, if the third hash value is equal to the fourth hash value, the terminal considers that the AUSF is legal. And if the third hash value is not equal to the fourth hash value, the terminal considers that the AUSF is illegal.

S213, the terminal determines the anchor key by using RANG-rg, RAND-ausf and the self-stored registration password, and the specific determination method is RFC 2759 Microsoft PPP CHAP Extensions, Version 2.

And S214, the terminal sends a verification passing message to the AUSF, wherein the verification passing message is used for indicating that the AUSF is verified to pass.

S215, the AUSF determines an anchor point key by using the RANG-rg, the RAND-AUSF and the acquired registration password of the terminal.

S216, the AUSF sends the anchor key to the AMF, so that the terminal and the AMF transmit signaling plane data and user plane data by using the anchor key.

It should be understood that the execution order of the above steps is not exclusively determined, for example, S213 may be after S206 and before S207, S215 may be after S207 and before S208, and the like. For example, S208 may be any step before S209, which is not limited in this embodiment of the application.

In the method 200, there may be the following problems:

one, possibly in S202, the authentication method selected by the AUSF may not be the authentication method supported by the terminal, and in this case, multiple signaling interactions between the AUSF and the terminal are required to determine the finally adopted authentication method, which may increase signaling overhead and may result in higher delay, for example, the signaling interaction process is as shown in fig. 4, and includes the following steps:

s301, the terminal sends the terminal identifier of the terminal to the AUSF, and the terminal identifier of the terminal can be the ID of the terminal.

S302, after receiving the terminal identifier of the terminal, the AUSF selects a first authentication method according to the terminal identifier of the terminal. It should be understood that it is possible that the AUSF may select different authentication methods depending on the terminal identity of the same terminal.

S303, the AUSF sends an initial message of the selected first authentication method to the terminal, for example, if the AUSF selects the EAP-SIM as the first authentication method, the initial message of the first authentication method is a start message, and the start message indicates to start the authentication of the EAP-SIM.

S304, after the terminal receives the start message of the first authentication method, it may be that the terminal does not support the first authentication method, for example, the terminal supports a second authentication method, which may be an EAP-MSchapv2 method and an EAP-AKA 'method, the terminal sends an EAP-NAK message to the AUSF, where the EAP-NAK message indicates that the terminal does not support the first authentication method, and the EAP-NAK message carries the second authentication method (the EAP-MSchapv2 method and the EAP-AKA' method) supported by the terminal.

S305, the AUSF reselects the authentication method according to the second authentication method supported by the terminal carried in the EAP-NAK message, for example, the reselected authentication method is the EAP-MSchapv2 method.

S306, the AUSF sends an origination message of the second authentication method to the terminal, for example, when the EAP-MSchapv2 method is selected, the origination message of the second authentication method may be a challenge message.

Second, the registration password of the terminal used for calculating the second hash value in S209 and the third hash value calculated in S210 needs to be acquired from the UDM, for example, acquired through S208, so that the registration password of the terminal is easily intercepted by an attacker when being transmitted between the UDM and the AUSF, which may cause leakage of the registration password of the terminal, and further cause the attacker to forge the second hash value and the third hash value, thereby affecting the accuracy of mutual authentication between the terminal and the AUSF.

Thirdly, in S213 and S215, the registration password, the RAND-rg and the RAND-AUSF of the terminal are used for determining the anchor key, because the RAND-rg and the RAND-AUSF adopt a plaintext transmission mode between the terminal and the AUSF, the leakage is easy, if the registration password of the terminal is cracked by an attacker, the attacker can forge the anchor key, and the security of the transmission data is limited.

In this embodiment, in view of the above first problem, at least one authentication method supported by the terminal may be carried in a message in which the terminal initiates registration with the authentication server, so that when the authentication server selects the authentication method, the authentication server may select an authentication method to be used for authenticating the terminal in the at least one authentication method supported by the terminal and the at least one authentication method supported by the authentication server. For example, an intersection is taken between at least one authentication method supported by the terminal and an authentication method supported by the authentication server, and an authentication method used for authenticating the terminal is selected in the intersection. In view of the second problem, when the authentication server and the terminal perform mutual authentication, the data management device may calculate a verification value required for the authentication, and send the verification value to the authentication server, where the verification value may be, for example, a second hash value and a third hash value, so that a situation that a registration password of the terminal is intercepted due to transmission between the authentication server and the data management device may be avoided. In view of the third problem, when the terminal and the authentication server calculate the anchor key, the anchor key may be calculated using a random number, and the random number may be used to replace the registration password of the terminal, so as to avoid a situation where security is restricted when the registration password of the terminal is intercepted.

The following describes a communication method according to an embodiment of the present application with reference to the drawings.

Fig. 5 illustrates a communication method 400 provided by an embodiment of the present application, where the method 400 includes:

s410, the terminal acquires a first random number.

Optionally, the first random number may be generated by the terminal or generated by other devices and sent to the terminal.

The first random number is used to generate the anchor key instead of the registration password of the terminal, and one possible implementation is that the terminal generates the first random number once per session establishment. Another possible implementation is that the first random number may be updated periodically, for example, the update frequency of the first random number may be determined according to the security requirement of the network, for example, if the security of the current network is good, the update frequency of the first random number is low, and if the security of the current network is poor, the update frequency of the first random number is high, and for example, the update frequency of the first random number is fixed, and may be updated once every hour.

And S420, the terminal determines an anchor key according to the first random number, the second random number and the third random number, wherein the anchor key is used for the terminal communication.

Optionally, the terminal and the authentication server may also perform mutual authentication using the second random number and the third random number. Optionally, after the terminal and the authentication server perform mutual authentication by using the second random number and the third random number, the authentication server determines that the terminal is legal, and when the terminal determines that the authentication server is legal, the terminal and the authentication server determine the anchor key by using the second random number and the third random number.

As an alternative embodiment, the second random number may be terminal-generated.

Optionally, the method further includes: the terminal acquires the third random number, for example, the terminal receives the third random number from the authentication server. That is, in the embodiment of the present application, the terminal determines the session key according to the first random number acquired by the terminal, the second random number generated by the terminal, and the third random number from the authentication server.

S430, the terminal encrypts the first random number to obtain an encrypted first random number; and the terminal sends the encrypted first random number to an authentication server. The authentication server receives the encrypted first random number from the terminal. For example, the authentication server may be an AUSF.

As an alternative embodiment, S430 includes: and the terminal encrypts the first random number by using a first key to obtain the encrypted first random number.

S440, the authentication server determines an anchor key according to the encrypted first random number, the encrypted second random number and the encrypted third random number.

Optionally, the authentication server obtains the second random number and the third random number, specifically, the authentication server may receive the second random number sent by the terminal, the authentication server determines the third random number itself, or the authentication server receives the third random number from the data management device, or the authentication server receives the third random number from the mobile management device.

As an alternative embodiment, S440 includes: the authentication server decrypts the encrypted first random number by using a second key to obtain the first random number, wherein the second key is a key corresponding to the first key, namely the second key is used for decrypting information encrypted by using the first key; the authentication server determines the anchor key using the first random number, the second random number, and the third random number.

Specifically, the authentication server decrypts the encrypted first random number using a second key to obtain a first random number, and the authentication server generates the anchor key using the first random number, the second random number, and the third random number. In this way, the first random number can be used to replace the registration password of the terminal to determine the anchor key, so that the accuracy of determining the anchor key can be improved, the random number also has randomness and can be changed frequently, for example, the random number can be generated by the terminal at each session establishment, and the security problem caused by long-term adoption of the fixed registration password of the terminal is avoided.

Optionally, the first key and the second key may be a pair of asymmetric keys, where the first key is a public key and the second key is a private key. Optionally, the first key and the second key are a pair of symmetric keys, that is, the first key and the second key are the same, for example, the first key and the second key are a pair of same keys generated by Diffie-Hellman (DH) algorithm.

Optionally, the authentication server needs to provide services for multiple terminals at the same time, so that the authentication server may store keys corresponding to different terminals, and after receiving the encrypted first random number sent by one terminal, the authentication server may determine, according to the identifier of the terminal, a second key for decrypting the encrypted first random number from among multiple keys stored in the authentication server.

S450, the authentication server sends the anchor key to the mobility management device. In this way, the mobility management device communicates with the terminal according to the anchor key.

Specifically, the terminal may communicate with a mobility management device according to the anchor key, or the terminal may communicate with an access network device according to the anchor key. Optionally, the anchor point key may be a key for transmitting control plane data, and may also be a key for transmitting user plane data. Optionally, a lower layer key may be generated according to the anchor key, and different devices may communicate using the lower layer key.

For example, the mobility management device and the terminal may generate a second anchor key and a third anchor key according to the anchor key, where the second anchor key is used for the terminal to communicate with the mobility management device, and the second anchor key is used for the terminal to communicate with the access network device. For another example, the mobility device and the terminal may generate a fourth anchor key, a fifth anchor key, a sixth anchor key, and a seventh anchor key according to the anchor key, where the fourth key is used for the terminal to perform control plane data communication with the mobility management device, the fifth key is used for the terminal to perform user plane data communication with the mobility device, the sixth key is used for the terminal to perform control plane data communication with the access network device, and the seventh key is used for the terminal to perform user plane data communication with the access network device.

As an alternative embodiment, the terminal and the authentication server may mutually authenticate before the terminal and the authentication server determine the anchor key. Before the terminal and the authentication server perform mutual authentication, an authentication method in which the terminal and the authentication server perform mutual authentication may be determined. The method further comprises the following steps: the authentication server receives one or more than two authentication methods supported by the terminal and sent by the terminal; and the authentication server determines a first authentication method adopted for authenticating the terminal according to one or more than two authentication methods supported by the terminal and the authentication method supported by the authentication server.

Optionally, the terminal carries one or two or more authentication methods supported by the terminal in a registration message sent to an authentication server, and the authentication server receives the registration message sent by the terminal and obtains the one or two or more authentication methods supported by the terminal in the registration message. For example, the authentication server may take an intersection between one or two or more authentication methods supported by the terminal and an authentication method supported by the authentication server, and if only one element is included in the intersection, that is, one authentication method, the authentication method is the first authentication method. If the intersection includes more than two elements, i.e., more than two authentication methods, the authentication method may be any one of the more than two authentication methods. For example, the terminal supports the authentication method 1, the authentication method 2, and the authentication method 3, and the authentication server supports the authentication method 2, the authentication method 3, and the authentication method 4, the authentication server may select one of the authentication method 2 and the authentication method 3 as an authentication method to authenticate the terminal.

Optionally, the receiving, by the authentication server, the priority of each of the one or two or more authentication methods supported by the terminal and the priority of each of the one or two or more authentication methods sent by the terminal, and determining, by the authentication server, the first authentication method to be used for authenticating the terminal according to the one or two or more authentication methods supported by the terminal and the authentication method supported by the authentication server, includes: the authentication server determines the first authentication method according to a priority of each of one or more authentication methods supported by the terminal and an authentication method supported by the authentication server. For example, the authentication server may take an intersection between one or more authentication methods supported by the terminal and an authentication method supported by the authentication server itself, where if the intersection includes only one element, that is, one authentication method, the authentication method is the first authentication method, and if the intersection includes two or more elements, that is, two or more authentication methods, the authentication server may preferentially select an authentication method with a higher priority in the intersection as the first authentication method. The authentication server determines the authentication method adopted for authenticating the terminal according to one or more than two authentication methods supported by the terminal and the authentication methods supported by the authentication server, so that the signaling overhead problem caused by signaling interaction between the terminal and the authentication server can be avoided. For example, the terminal supports the authentication method 1, the authentication method 2, and the authentication method 3, the authentication method 3 has a higher priority than the authentication method 2, the authentication method 2 has a higher priority than the authentication method 1, and the authentication server supports the authentication method 2, the authentication method 3, and the authentication method 4, the authentication server may select the authentication method 3 as the first authentication method among the authentication method 2 and the authentication method 3.

Optionally, after the authentication server determines the first authentication method, the identifier of the first authentication method may be sent to the data management device, so that the data management device stores the identifier of the first authentication method in the relevant information of the terminal, for example, in the context of the terminal. Alternatively, the data management device may determine the first verification value and the second verification value according to a preset authentication method, instead of receiving the identifier of the first authentication method. The embodiments of the present application do not limit this.

As an alternative embodiment, the method 400 further comprises: the authentication server acquires a first verification value and a second verification value from the data management equipment; and the authentication server authenticates the terminal according to the first verification value. And the authentication server sends the second verification value to the terminal under the condition that the result of authenticating the terminal is legal, so that the terminal can authenticate the authentication server according to the second verification value. Optionally, the determining the anchor key may be that after the authentication server authenticates the terminal according to the first verification value, that is, when the authentication server authenticates that the terminal is legal, the authentication server and the terminal determine the anchor key again.

As an optional embodiment, the authentication server obtains the first verification value and the second verification value from the data management device, specifically: and sending the terminal identification of the terminal, the second random number and the third random number to the data management equipment, and receiving the first verification value and the second verification value sent by the data management equipment. Wherein the first verification value is determined by the terminal identifier, the registration password of the terminal stored by the data management device, and the third random number, for example, the first verification value is determined by the data management device using a first authentication method according to the terminal identifier, the registration password of the terminal stored by the data management device, and the third random number. The second authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the second random number. For example, the second verification value is determined by the data management apparatus using the first authentication method based on the terminal identification, the registration password of the terminal held by the data management apparatus, and the second random number.

Specifically, the authentication process of the authentication server to the terminal includes the following steps:

1. and the authentication server sends the third random number to the terminal.

2. The terminal receives the third random number from the authentication server, and determines a third verification value according to the terminal identifier of the terminal, the third random number, and its own registration password stored by the terminal, for example, a first authentication method is used to determine a third verification value according to the terminal identifier, the third random number, and its own registration password stored by the terminal.

3. And the terminal sends the third verification value to the authentication server, and the authentication server receives the third verification value sent by the terminal and verifies the validity of the terminal according to the third verification value and the first verification value. Specifically, if the third verification value is equal to the first verification value, the authentication server determines that the terminal is legal; and if the third verification value is not equal to the first verification value, the authentication server determines that the terminal is illegal. Optionally, when the authentication server determines that the terminal is illegal, the authentication server sends a rejection message to the terminal, where the rejection message is used to indicate that the terminal is rejected by the authentication server due to the illegal.

It should be understood that the first verification value and the third verification value are obtained by the same authentication method, for example, the first verification value and the third verification value may be obtained by a preset authentication method or the aforementioned first authentication method.

Specifically, the authentication process of the terminal to the authentication server includes the following steps:

1. and the data management equipment determines a second verification value according to the terminal identification of the terminal, the registration password of the terminal stored by the data management equipment and a second random number.

2. The data management device sends the second verification value to the authentication server.

3. And the authentication server receives the second verification value sent by the data management equipment and sends the second verification value to a terminal.

4. And the terminal receives the second verification value sent by the authentication server, and determines a fourth verification value according to the terminal identification of the terminal, the self registration password stored by the terminal and the second random number.

5. And the terminal authenticates the legality of the authentication server according to the second verification value and the fourth verification value. Specifically, if the second verification value is equal to the fourth verification value, the terminal determines that the authentication server is legal; and if the second verification value is not equal to the fourth verification value, the terminal determines that the authentication server is illegal. Optionally, when the terminal determines that the authentication server is illegal, the terminal sends a rejection message to the authentication server, where the rejection message is used to indicate that the authentication server is rejected by the terminal due to the illegal.

It should be understood that the second verification value and the fourth verification value are obtained by the same authentication method, for example, the second verification value and the fourth verification value may be obtained by the aforementioned first authentication method or a preset authentication method.

Optionally, the terminal and the authentication server may authenticate each other, and when the mutual authentication is legal, then determine the anchor key separately, that is, execute step 420 and step 440, where the second random number and the third random number used for determining the anchor key are random numbers used in the mutual authentication process.

Note that the first verification value and the third verification value are obtained by the same authentication method. The second verification value and the fourth verification value are obtained by the same authentication method. The same authentication method may be a preset authentication method or an authentication method determined by the negotiation between the authentication server and the terminal. Optionally, the first verification value, the second verification value, the third verification value, and the fourth verification value may be four hash values obtained by using a hash algorithm. Of course, the first verification value, the second verification value, the third verification value, and the fourth verification value may also be obtained by using other authentication algorithms, and the authentication algorithms used in the authentication process of the terminal and the authentication server are not limited in this embodiment of the application.

It should be appreciated that the method 400 illustrates generating a first random number by the terminal and transmitting the encrypted first random number to the authentication server. In practical applications, the authentication server may also generate a first random number and send the encrypted first random number to the terminal. Or, the third-party device may generate the first random number and send the encrypted first random number to the authentication server and the terminal, and the embodiment of the present application does not limit the generation manner of the first random number at all.

It should also be understood that, in the embodiment of the present application, the algorithm used for determining the anchor point key may be a hash algorithm, or may also be an algorithm of a pseudo-random function (PRF), and the embodiment of the present application does not limit what algorithm is used by the authentication server to calculate the anchor point key.

Fig. 6 illustrates a communication method 500 provided in an embodiment of the present application, where the method 500 includes:

s510, the authentication server sends a terminal identifier of the terminal, a second random number and the third random number to data management equipment; and the data management equipment receives the terminal identification of the terminal, the second random number and the third random number which are sent by the authentication server.

Optionally, before S510, the method further includes: the authentication server acquires a terminal identifier of a terminal, a second random number and the third random number. Optionally, the registration message sent by the terminal to the authentication server carries the terminal identifier of the terminal, and the authentication server obtains the terminal identifier of the terminal in the registration message. Optionally, the second random number may be generated by the terminal, the authentication request message sent by the terminal to the authentication server carries the second random number, and the authentication server obtains the second random number in the authentication request message. Optionally, the terminal may send the terminal identifier of the terminal and the second random number to the authentication server in the same message. Of course, the embodiment of the present application does not limit the manner in which the authentication server obtains the terminal identifier of the terminal and the second random number. Optionally, the third random number may be generated by the authentication server, or may be generated by another device on the network side and sent to the authentication server.

S520, the data management equipment determines a first verification value and a second verification value according to the terminal identification of the terminal, the second random number and the third random number.

As an alternative embodiment, S520 includes: the data management device determines the second verification value according to the terminal identifier of the terminal, the registration password of the terminal stored by the data management device, and the second random number, for example, the second verification value is determined according to the terminal identifier of the terminal, the registration password of the terminal stored by the data management device, and the second random number by using a first authentication method, which may be a preset authentication method, or an authentication server and the terminal negotiate to determine and send to the data management device; the data management device determines the first verification value according to the terminal identifier of the terminal, the registration password of the terminal stored by the data management device, and the third random number, for example, a first authentication method is used to determine a first verification according to the terminal identifier of the terminal, the registration password of the terminal stored by the data management device, and the third random number, where the first authentication method may be a preset authentication method, or an authentication server negotiates with the terminal to determine and sends the first verification to the data management device.

S530, the data management device sends the first verification value and the second verification value to the authentication server.

S540, the authentication server authenticates the terminal according to the first verification value.

S550, the authentication server sends a second verification value to the terminal under the condition that the result of the authentication of the terminal is legal, and the terminal receives the second verification value sent by the authentication server.

And S560, the terminal authenticates the authentication server according to the second verification value.

In the embodiment of the application, the data management device may generate the first verification value and the second verification value, and when the first verification value and the second verification value are generated, the first verification value and the second verification value may be generated by using the registration password of the terminal stored by the data management device, so that the problem of leakage of the registration password caused by transmission of the registration password of the terminal between the authentication server and the data management device may be avoided, thereby improving the security of data.

Fig. 7 shows a communication method 600 provided in this embodiment of the present application, and the following description takes a terminal as NG-RG, an authentication server as AUSF, and a data management device as UDM as an example, where the method 600 includes:

s601, NG-RG determines the first key and AUSF determines the second key.

Optionally, the first key and the second key are a pair of asymmetric keys, that is, the first key may be a public key, and the second key may be a private key.

Alternatively, the first key and the second key may be a same pair of symmetric keys, for example, the first key and the second key may be a same pair of keys determined by the DH algorithm.

S602, when the NG-RG sends a registration message to the AUSF, the NG-RG ID and the authentication method supported by the NG-RG are carried in the registration message, for example, the registration message may be an EAP message.

And S603, the AUSF receives the registration message sent by the AN-RG, acquires the ID of the NG-RG and the authentication method supported by the NG-RG in the registration message, and selects the authentication method adopted when the NG-RG is authenticated according to the authentication method supported by the NG-RG and the authentication method supported by the AUSF.

S604, the AUSF acquires a random number RAND-AUSF, wherein RAND-AUSF may be the third random number.

The method for acquiring the random number RAND-AUSF by the AUSF may specifically include the following methods: AUSF can generate RAND-AUSF by itself; or the AUSF requests a random number from the UDM, the UDM generates a RAND-AUSF, and sends the RAND-AUSF to the AUSF; or the AUSF requests a random number from the AMF, the AMF generates a RAND-AUSF, and sends the generated RAND-AUSF to the AUSF.

S605, AUSF sends the first message to NG-RG, the first message carries RAND-AUSF, the first message is used to request to NG-RG to authenticate NG-RG. Optionally, the first message carries an authentication method used when the NG-RG is authenticated, which is determined by the AUSF.

For example, assuming that it is determined in S603 that EAP-MSchapv2 is the authentication method used for authenticating NG-RG, the first message may be an EAP-MSchapv2 challenge message, and the EAP-MSchapv2 challenge message indicates that AUSF selects EAP-MSchapv2 as the authentication method for authenticating NG-RG.

S606, the NG-RG receives the first message sent by the AUSF, and the RAND-AUSF is obtained in the first message. Further, the first hash value may be determined according to the ID of the NG-RG, the registration password of the NG-RG, and the obtained RAND-ausf, for example, the calculation method may be referred to RFC-draft-kamath-pptext-eap-mschapv 2-02, and optionally, the first hash value may be the aforementioned third verification value.

S607, the NG-RG generates a random number RAND-RG, which may be, for example, the second random number previously described.

S608, the NG-RG sends a second message to the AUSF, the second message carries the RAND-RG and the first hash value, and the second message carries the EAP-MschoppV 2-Response message if the EAP-MSchapv2 is determined to be the authentication method adopted when the NG-RG is authenticated in S603. For example, the second message may be a response message of the first message, the second message indicating that the NG-RG accepts authentication of the AUSF.

And S609, the AUSF receives a second message sent by the NG-RG, and acquires the RAND-RG and the first hash value in the second message. And the AUSF sends a fourth message to the UDM, wherein the fourth message carries the ID of the NG-RG, the RAND-RG and the RAND-AUSF, and the fourth message is used for requesting the UDM for the parameters required for authenticating the NG-RG.

S610, the UDM receives a fourth message sent by the AUSF, and acquires the ID, the RAND-RG and the RAND-AUSF of the NG-RG in the fourth message. Further, the UDM determines the second hash value and the third hash value according to the ID of the NG-RG, the RAND-ausf and the registration password of the NG-RG stored by the UDM, for example, the second hash value may be the aforementioned first verification value, and the third hash value may be the aforementioned second verification value.

Specifically, the UDM determines a second hash value by using the ID of the NG-RG, the RAND-ausf and a registration password of the NG-RG stored by the UDM; the UDM determines a third hash value by using the ID of the NG-RG, the RAND-RG and the registration password of the NG-RG stored by the UDM.

S611, the UDM sends a fifth message to the AUSF, where the fifth message is used to send parameters required for authenticating the NG-RG to the AUSF.

Specifically, the fifth message carries the second hash value and the third hash value determined in S610.

And S612, the AUSF receives a fifth message sent by the UDM, and acquires a second hash value and a third hash value in the fifth message. Further, the AUSF verifies the validity of the NG-RG by using the second hash value and the first hash value obtained in S609, and if the first hash value is equal to the second hash value, the AUSF determines that the NG-RG is valid. And if the first hash value is not equal to the second hash value, the AUSF determines that the NG-RG is illegal.

S613, the AUSF sends a third message to the NG-RG, where the third message carries a third hash value, and for example, the third message is used to request the NG-RG to authenticate the AUSF.

And S614, the NG-RG receives a third message sent by the AUSF, and acquires a third hash value in the third message.

Further, the NG-RG determines a fourth hash value by using the ID of the NG-RG, the RAND-RG and the self registration password.

Optionally, the NG-RG determines the fourth hash value before or after the NG-RG receives the third message sent by the AUSF, which is not limited in this embodiment of the application.

And S615, the NG-RG authenticates the legality of the AUSF by using the third hash value and the fourth hash value.

For example, if the third hash value is equal to the fourth hash value, the NG-RG determines that the AUSF is legitimate, and if the third hash value is not equal to the fourth hash value, the NG-RG determines that the AUSF is illegitimate.

At S616, the NG-RG acquires the random number pre-master-key, for example, the pre-master-key may be the aforementioned first random number.

Optionally, the sequence of S616 is not limited in this embodiment, for example, S616 may precede any step in S601-S615. That is, S616 may be generated after NG-RG and AUSF mutually authenticate each other, or may be generated before NG-RG and AUSF mutually authenticate each other. One possible implementation is that the NG-RG maintains a random number (i.e., pre-master-key) for generating the anchor key, and the random number is periodically updated. For example, the random number may be updated every 1 hour. The random number is obtained when the NG-RG needs to generate an anchor key.

S617, the NG-RG determines the anchor key from the random numbers pre-master-key, RAND-ausf and RAND-RG, e.g., the anchor key may be calculated using a hash algorithm or a PRF algorithm.

Optionally, in this embodiment of the present application, the sequence of S617 is not limited at all, and may be executed after the NG-RG acquires the three random numbers, for example, S617 may be after S607 and before S608. Alternatively, S617 may be performed after the NG-RG verifies that the AUSF is legitimate. It should be noted that, in the embodiment of the present application, a specific method for the NG-RG to generate the anchor point key is not limited.

S618, the NG-RG encrypts the random number pre-master-key using the first key in S601 to obtain an encrypted pre-master-key, which may be referred to as a pre-master-secret.

The random number used for generating the anchor key is encrypted and then transmitted, so that the random number used for generating the anchor key can be effectively prevented from leaking in the transmission process.

S619, the NG-RG sends a sixth message to the AUSF, and the sixth message carries the pre-master-secret.

Optionally, the sixth message is further used to indicate that the NG-RG authenticates the AUSF. Of course, the sixth message may be the authentication pass message in S214 of the method 200.

And S620, the AUSF receives the sixth message sent by the NG-RG, acquires the pre-master-secret from the sixth message, and decrypts the pre-master-secret by using the second secret key in the S601 to obtain the pre-master-key.

Specifically, the authentication server needs to provide services for a plurality of NG-RGs at the same time, so that the authentication server can store keys corresponding to different NG-RGs, and after receiving the pre-master-secret, the authentication server can determine a second key for decrypting the encrypted first random number from the plurality of keys stored in the authentication server according to the identifier of the NG-RG, so as to decrypt the pre-master-secret by using the second key to obtain the pre-master-key.

S621, AUSF determines the anchor key by using pre-master-key, RAND-AUSF and RAND-rg obtained in S620.

The AUSF sends the anchor key to the AMF device, and the AMF communicates with the NG-RG according to the anchor key, for example, the control plane data and the user plane data can be communicated.

It should be understood that the order of execution of the various steps in the method 600 is not necessarily the only order in which the particular steps may be performed, and may be determined based on logical relationships.

Optionally, in S601, the NG-RG determines a first key and the AUSF determines a second key, and the first key and the second key may be a pair of symmetric keys, for example, a pair of keys obtained according to the DH algorithm. The process for determining the first key and the second key as described in fig. 8 includes the following steps:

s701, in S601, the registration message sent by the NG-RG to the AUSF may carry a supported capability set of the DH, where the supported capability set of the DH includes some common parameters for generating a key, for example, the common parameters may be multiple prime numbers and multiple primitive roots.

S702, AUSF receives the register information sent by NG-RG, and obtains the ability set supported by DH in the register information, AUSF determines 'selected DH ability' and DH ability initiated by NG-RG 'in the ability set supported by DH, AUSF generates the first parameter AUSF-priv and the second parameter AUSF-pub of DH according to' selected DH ability 'and DH ability initiated by NG-RG'.

And S703, the AUSF sends the second parameters AUSF-pub, the selected DH capability and the DH capability initiated by the NG-RG to the NG-RG through the first message in S605.

S704, the NG-RG receives a first message sent by the AUSF, obtains the prime number and the primitive root selected by the AUSF and a second parameter AUSF-pub from the first message, and the NG-RG generates a third parameter RG-priv and a fourth parameter RG-pub of the DH according to the prime number and the primitive root selected by the AUSF.

And S705, the NG-RG generates a first key according to the third parameter RG-priv and the second parameter AUSF-pub.

The NG-RG may send the fourth parameter RG-pub to the AUSF by the second message in S608S 706.

And S707, the AUSF generates a second key according to the fourth parameter RG-pub and the first parameter AUSF-priv, wherein the second key is the same as the first key. Thus, in S618, the NG-RG can encrypt the first random number with the first key, and in S620, the AUSF can decrypt the encrypted first random number with the second key to obtain the first random number.

The communication method according to the embodiment of the present application is described in detail above with reference to fig. 1 to 8, and the communication apparatus according to the embodiment of the present application will be described in detail below with reference to fig. 9 to 15.

Fig. 9 illustrates a communication apparatus 800 according to an embodiment of the present application, where the apparatus 800 includes:

a transceiving unit 810 for receiving the encrypted first random number from the terminal;

a processing unit 820, configured to determine an anchor key according to the encrypted first random number, second random number, and third random number;

the transceiving unit 810 is further configured to send the anchor point key to a mobility management device.

As an optional embodiment, the second random number is generated by a terminal, and the third random number is generated by the apparatus or generated by the mobility management device or generated by a data management device.

As an alternative embodiment, the transceiver unit 810 is further configured to: acquiring a first verification value and a second verification value from the data management device; the processing unit is further used for authenticating the terminal according to the first verification value; the transceiver unit is further configured to send the second verification value to the terminal when the result of authenticating the terminal is legal.

As an alternative embodiment, the transceiver unit 810 is further configured to: sending the terminal identification of the terminal, the second random number and the third random number to the data management equipment; receiving the first authentication value and the second authentication value from the data management device, wherein the first authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the third random number; the second authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the second random number.

As an alternative embodiment, the transceiver unit 810 is further configured to: receiving a third verification value sent by the terminal, wherein the third verification value is determined by the third random number, the terminal identifier of the terminal and a registration password of the terminal stored by the terminal; the processing unit 820 is specifically configured to: and if the first verification value is equal to the third verification value, determining that the terminal is legal.

As an alternative embodiment, the transceiver unit 810 is further configured to: receiving one or two or more authentication methods supported by the terminal from the terminal before acquiring the first verification value and the second verification value from the data management device; the processing unit 820 is further configured to: and determining a first authentication method adopted for authenticating the terminal according to one or more than two authentication methods supported by the terminal and the authentication method supported by the authentication server.

As an alternative embodiment, the transceiver unit 810 is further configured to: receiving one or two or more authentication methods supported by the terminal from the terminal and a priority of each authentication method in the one or two or more authentication methods;

the processing unit 820 is specifically configured to: and determining the first authentication method according to the priority of each authentication method in one or two or more authentication methods supported by the terminal and the authentication method supported by the authentication server.

As an alternative embodiment, the encrypted first random number is obtained by encrypting the first random number by using a first key; the processing unit 820 is specifically configured to: decrypting the encrypted first random number by using a second key to obtain the first random number, wherein the second key is a key corresponding to the first key; and determining the anchor key by using the first random number, the second random number and the third random number.

As an alternative embodiment, the first key and the second key are a pair of keys generated according to the diffie-hellman DH algorithm.

It should be appreciated that the apparatus 800 herein is embodied in the form of a functional unit. The term "unit" herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an optional example, as can be understood by those skilled in the art, the apparatus 800 may be embodied as an authentication server in the foregoing method embodiment, and the apparatus 80 may be configured to perform each procedure and/or step corresponding to the authentication server in the foregoing method embodiment, and in order to avoid repetition, details are not described here again.

Fig. 10 illustrates a communication apparatus 900 provided in an embodiment of the present application, where the apparatus 900 includes:

a processing unit 910 configured to generate a first random number;

the processing unit 910 is further configured to determine an anchor key according to the first random number, the second random number, and the third random number, where the anchor key is used for the terminal to communicate.

As an alternative embodiment, the processing unit is further configured to: encrypting the first random number to obtain an encrypted first random number; the device further comprises: a first transceiving unit 920, configured to send the encrypted first random number to an authentication server.

As an optional embodiment, the second random number is generated by the apparatus, and the third random number is generated by the authentication server or a mobility management device or a data management device.

As an alternative embodiment, the apparatus further comprises: a second transceiving unit, configured to receive a second verification value sent by the data management apparatus through the authentication server, where the second verification value is determined by a device identifier of the device, a registration password of the device stored in the data management apparatus, and the second random number.

The processing unit is further to: determining a fourth verification value according to the device end identifier, the self registration password stored by the device and the second random number; and authenticating the authentication server according to the second verification value and the fourth verification value.

As an alternative embodiment, the apparatus further comprises: and a third transceiver unit, configured to send, by the authentication server, one or two or more authentication methods supported by the terminal.

As an optional embodiment, the third transceiver unit is specifically configured to: and sending one or more than two authentication methods supported by the terminal and the priority of each authentication method in the one or more than two authentication methods to the authentication server.

It should be appreciated that the apparatus 900 herein is embodied in the form of a functional unit. The term "unit" herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an optional example, as can be understood by those skilled in the art, the apparatus 900 may be embodied as a terminal in the foregoing method embodiment, and the apparatus 900 may be configured to execute each procedure and/or step corresponding to the terminal in the foregoing method embodiment, and in order to avoid repetition, details are not described here again.

Fig. 11 shows a communication apparatus 1000 provided in an embodiment of the present application, where the apparatus 1000 includes:

a transceiving unit 1010 for acquiring a first verification value and a second verification value from the data management apparatus;

a processing unit 1020, configured to authenticate the terminal according to the first verification value;

the transceiving unit 1010 is further configured to send the second verification value to the terminal if the result of authenticating the terminal is legal.

As an alternative embodiment, the transceiving unit 1010 is further configured to: sending the terminal identification of the terminal, the second random number and the third random number to the data management equipment; receiving the first verification value and the second verification value from the data management device, wherein the first verification value is determined by the terminal identification, the registration password of the terminal stored by the data management device, and the third random number, and the second verification value is determined by the terminal identification, the registration password of the terminal stored by the data management device, and the second random number.

As an alternative embodiment, the transceiving unit 1010 is further configured to: and receiving a third verification value from the terminal, wherein the third verification value is determined by the third random number, the terminal identification of the terminal and the registration password of the terminal.

The processing unit 1020 is further configured to: if the first verification value is equal to the third verification value, the authentication server determines that the terminal is legal; and if the first verification value is not equal to the third verification value, the authentication server determines that the terminal is illegal.

It should be appreciated that the apparatus 1000 herein is embodied in the form of a functional unit. The term "unit" herein may refer to an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (e.g., a shared, dedicated, or group processor) and memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that support the described functionality. In an optional example, it may be understood by those skilled in the art that the apparatus 1000 may be specifically an authentication server in the foregoing method embodiment, and the apparatus 1000 may be configured to perform each procedure and/or step corresponding to the authentication server in the foregoing method embodiment, and in order to avoid repetition, details are not described here again.

Fig. 12 shows a communication system 1100 provided in an embodiment of the present application, where the system 1100 includes: device 800 and device 900.

The apparatus 800 corresponds to an authentication server in the method embodiment, the apparatus 900 corresponds to a terminal in the method embodiment, and the apparatus 1000 corresponds to a data management device in the method embodiment, and corresponding units execute corresponding steps, for example, a transceiver unit performs a transceiver step in the method embodiment, and other steps except for transceiver may be executed by a processing module. The functions of the specific modules can be referred to corresponding method embodiments, and are not described in detail.

The authentication server, the terminal and the data management equipment of each scheme have the functions of realizing corresponding steps executed by the authentication server, the terminal and the data management equipment in the method; the functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software comprises one or more modules corresponding to the functions; for example, the transmitting unit may be replaced by a transmitter, the receiving unit may be replaced by a receiver, other units, such as the determining unit, may be replaced by a processor, and the transceiving operation and the related processing operation in the respective method embodiments are respectively performed.

In embodiments of the present application, the apparatus in fig. 9-11 may also be a chip or a system of chips, such as: system on Chip (SoC). Correspondingly, the receiving unit and the transmitting unit may be a transceiver circuit of the chip, and are not limited herein.

Fig. 13 illustrates yet another communication apparatus 1200 provided in an embodiment of the present application. The apparatus 1200 includes a processor 1210, a transceiver 1220, and a memory 1230. The processor 1210, the transceiver 1220 and the memory 1230 are in communication with each other through an internal connection path, the memory 1230 is used for storing instructions, and the processor 1210 is used for executing the instructions stored in the memory 1230 to control the transceiver 1220 to transmit and/or receive signals.

The transceiver 1220 is configured to receive an encrypted first random number from a terminal; the processor 1210 is configured to determine an anchor key according to the encrypted first random number, second random number, and third random number; the transceiver 1220 is further configured to send the anchor point key to a mobility management device.

Alternatively, the memory 1230 can be a device external to the communications apparatus 1200.

It should be understood that the apparatus 1200 may be embodied as an authentication server in the foregoing method embodiment, and may be configured to execute each step and/or flow corresponding to the terminal in the foregoing method embodiment. Optionally, the memory 1230 may include both read-only memory and random-access memory, and provides instructions and data to the processor. The portion of memory may also include non-volatile random access memory. For example, the memory may also store device type information. The processor 1210 may be configured to execute instructions stored in the memory, and when the processor 1210 executes the instructions stored in the memory, the processor 1110 is configured to perform the steps and/or processes of the method embodiments corresponding to the authentication server described above.

Fig. 14 illustrates a further communication apparatus 1300 according to an embodiment of the present application. The apparatus 1300 includes a processor 1310, a transceiver 1320, and a memory 1330. Wherein the processor 1310, the transceiver 1320, and the memory 1330 are in communication with each other through the interconnection, the memory 1330 is configured to store instructions, and the processor 1310 is configured to execute the instructions stored in the memory 1330 to control the transceiver 1320 to transmit and/or receive signals.

Wherein the processor 1310 is configured to generate a first random number; and determining an anchor key according to the first random number, the second random number and the third random number, wherein the anchor key is used for the terminal communication.

Alternatively, the memory 1330 can be a device external to the communications apparatus 1300.

It should be understood that the apparatus 1300 may be embodied as a terminal in the foregoing method embodiment, and may be configured to execute each step and/or flow corresponding to the terminal in the foregoing method embodiment. Optionally, the memory 1330 may include both read-only memory and random access memory, and provides instructions and data to the processor. The portion of memory may also include non-volatile random access memory. For example, the memory may also store device type information. The processor 1310 may be configured to execute instructions stored in the memory, and when the processor 1310 executes the instructions stored in the memory, the processor 1310 is configured to perform the various steps and/or processes of the method embodiments corresponding to the terminal described above.

Fig. 15 illustrates a further communication apparatus 1400 provided in the embodiments of the present application. The apparatus 1400 includes a processor 1410, a transceiver 1420, and a memory 1430. Wherein the processor 1410, the transceiver 1420 and the memory 1330 communicate with each other through an internal connection, the memory 1430 is used for storing instructions, and the processor 1410 is used for executing the instructions stored in the memory 1430 to control the transceiver 1420 to transmit and/or receive signals.

Wherein the transceiver 1420 is configured to obtain a first verification value and a second verification value from the data management device; the processor 1410 is configured to authenticate the terminal according to the first verification value; the transceiver 1320 is further configured to send the second verification value to the terminal if the result of authenticating the terminal is legal.

Alternatively, the memory 1430 can be a device external to the communication apparatus 1400.

It should be understood that the apparatus 1400 may be embodied as a data management device in the foregoing method embodiment, and may be configured to execute each step and/or flow corresponding to the data management device in the foregoing method embodiment. Alternatively, the memory 1430 may include both read-only memory and random access memory, and provides instructions and data to the processor. The portion of memory may also include non-volatile random access memory. For example, the memory may also store device type information. The processor 1410 may be configured to execute instructions stored in the memory, and when the processor 1310 executes the instructions stored in the memory, the processor 1410 is configured to perform the various steps and/or processes of the method embodiments corresponding to the data management device described above.

It should be understood that the transceivers described above may include both transmitters and receivers. The transceiver may further include an antenna, and the number of antennas may be one or more. The memory may be a separate device or may be integrated into the processor. The above-mentioned devices or parts of the devices may be implemented by being integrated into a chip, such as a baseband chip.

In the embodiments of the present application, the transceivers in fig. 13 to 15 may also be communication interfaces, which are not limited herein.

In the embodiments of the present application, various illustrations are made for the sake of an understanding of aspects. However, these examples are merely examples and are not meant to be the best mode of carrying out the present application.

It should also be understood that, in the embodiment of the present application, the processor of the above apparatus may be a Central Processing Unit (CPU), and the processor may also be other general processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), field-programmable gate arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware processor, or may be implemented by a combination of hardware and software elements in a processor. The software elements may be located in ram, flash, rom, prom, or eprom, registers, among other storage media that are well known in the art. The storage medium is located in a memory, and a processor executes instructions in the memory, in combination with hardware thereof, to perform the steps of the above-described method. To avoid repetition, it is not described in detail here.

In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in or transmitted from a computer-readable storage medium to another computer-readable storage medium, e.g., from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.) Or a semiconductor medium (e.g., a Solid State Disk (SSD)), etc.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

A method of communication, comprising:

the authentication server receives the encrypted first random number from the terminal;

the authentication server determines an anchor key according to the encrypted first random number, the encrypted second random number and the encrypted third random number;

the authentication server sends the anchor key to a mobility management device.
The method of claim 1, wherein the anchor point key is used for communication by the mobility management device.
A method according to claim 1 or 2, wherein the second random number is generated by the terminal and the third random number is generated by the authentication server or by the mobility management device or by a data management device.
The method according to any one of claims 1 to 3, further comprising:

the authentication server acquires a first verification value and a second verification value from the data management equipment;

the authentication server authenticates the terminal according to the first verification value;

and the authentication server sends the second verification value to the terminal under the condition that the result of the authentication of the terminal is legal.
The method according to claim 4, wherein the authentication server obtains the first verification value and the second verification value from the data management device, and specifically comprises:

the authentication server sends the terminal identification of the terminal, the second random number and the third random number to the data management equipment;

the authentication server receives the first verification value and the second verification value from the data management device, wherein the first verification value is determined by the terminal identification, the registration password of the terminal stored by the data management device and the third random number; the second authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the second random number.
The method according to claim 4 or 5, characterized in that the method further comprises:

the authentication server receives a third verification value from the terminal, wherein the third verification value is determined by the third random number, the terminal identification of the terminal and a registration password of the terminal;

the authentication of the terminal by the authentication server according to the first verification value comprises:

and if the first verification value is equal to the third verification value, the authentication server determines that the terminal is legal.
The method according to any one of claims 4 to 6, characterized in that before the authentication server acquires the first verification value and the second verification value from the data management device, the method further comprises:

the authentication server receives one or more than two authentication methods supported by the terminal from the terminal;

and the authentication server determines a first authentication method adopted for authenticating the terminal according to one or more than two authentication methods supported by the terminal and the authentication methods supported by the authentication server.
The method according to claim 7, wherein the authentication server receives one or two or more authentication methods supported by the terminal and sent by the terminal, and the method comprises:

the authentication server receives one or more authentication methods supported by the terminal from the terminal and the priority of each authentication method in the one or more authentication methods;

the method for authenticating the terminal by the authentication server comprises the following steps that the authentication server determines a first authentication method adopted for authenticating the terminal according to one or more than two authentication methods supported by the terminal and the authentication methods supported by the authentication server, and comprises the following steps:

the authentication server determines the first authentication method according to the priority of each authentication method of one or two or more authentication methods supported by the terminal and the authentication method supported by the authentication server.
The method according to any one of claims 1 to 8, wherein the encrypted first random number is obtained by encrypting the first random number by using a first key;

the authentication server determines an anchor key according to the encrypted first random number, the encrypted second random number, and the encrypted third random number, and the method includes:

the authentication server decrypts the encrypted first random number by using a second key to obtain the first random number, wherein the second key is a key corresponding to the first key;

the authentication server determines the anchor key using the first random number, the second random number, and the third random number.
The method of claim 9, wherein the first key and the second key are a pair of keys generated according to the diffie-hellman DH algorithm.
A method of communication, comprising:

the terminal generates a first random number;

and the terminal determines an anchor key according to the first random number, the second random number and the third random number, wherein the anchor key is used for terminal communication.
The method of claim 11, further comprising:

the terminal encrypts the first random number to obtain an encrypted first random number;

and the terminal sends the encrypted first random number to an authentication server.
The method according to claim 11 or 12, wherein the second random number is generated by a terminal, and the third random number is generated by the authentication server or a mobility management device or a data management device.
The method according to any one of claims 11 to 13, further comprising:

the terminal receives a second verification value from the data management device, wherein the second verification value is determined by a terminal identifier of the terminal, a registration password of the terminal stored by the data management device and the second random number;

the terminal determines a fourth verification value according to the terminal identification, the self registration password stored by the terminal and the second random number;

and the terminal authenticates the authentication server according to the second verification value and the fourth verification value.
The method according to any one of claims 11 to 14, further comprising:

the terminal sends one or two or more authentication methods supported by the terminal to the authentication server; or

The terminal sends one or more than two authentication methods supported by the terminal and the priority of each authentication method in the one or more than two authentication methods to the authentication server.
A method of communication, comprising:

the authentication server acquires a first verification value and a second verification value from the data management equipment;

the authentication server authenticates the terminal according to the first verification value;

and the authentication server sends the second verification value to the terminal under the condition that the result of the authentication of the terminal is legal.
The method according to claim 16, wherein the authentication server obtains the first verification value and the second verification value from the data management device, and specifically comprises:

the authentication server sends the terminal identification of the terminal, the second random number and the third random number to the data management equipment;

the authentication server receives the first verification value and the second verification value from the data management device, wherein the first verification value is determined by the terminal identification, the registration password of the terminal stored by the data management device and the third random number; the second authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the second random number.
The method according to claim 16 or 17, further comprising:

the authentication server receives a third verification value from the terminal, wherein the third verification value is determined by the third random number, the terminal identification of the terminal and a registration password of the terminal;

the authentication of the terminal by the authentication server according to the first verification value comprises:

if the first verification value is equal to the third verification value, the authentication server determines that the terminal is legal;

and if the first verification value is not equal to the third verification value, the authentication server determines that the terminal is illegal.
A communications apparatus, comprising:

a transceiving unit for receiving the encrypted first random number from the terminal;

the processing unit is used for determining an anchor key according to the encrypted first random number, the encrypted second random number and the encrypted third random number;

the transceiving unit is further configured to send the anchor point key to a mobility management device.
The apparatus of claim 19, wherein the second random number is generated by a terminal, and wherein the third random number is generated by the apparatus or generated by the mobility management device or generated by a data management device.
The apparatus according to claim 19 or 20, wherein the transceiver unit is further configured to:

acquiring a first verification value and a second verification value from the data management device;

the processing unit is further used for authenticating the terminal according to the first verification value;

the transceiver unit is further configured to send the second verification value to the terminal when the result of authenticating the terminal is legal.
The apparatus of claim 21, wherein the transceiver unit is further configured to:

sending the terminal identification of the terminal, the second random number and the third random number to the data management equipment;

receiving the first authentication value and the second authentication value from the data management device, wherein the first authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the third random number; the second authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the second random number.
The apparatus according to claim 21 or 22, wherein the transceiver unit is further configured to:

receiving a third verification value sent by the terminal, wherein the third verification value is determined by the third random number, the terminal identifier of the terminal and a registration password of the terminal stored by the terminal;

the processing unit is specifically configured to:

and if the first verification value is equal to the third verification value, determining that the terminal is legal.
The apparatus according to any of claims 21 to 23, wherein the transceiver unit is further configured to:

receiving one or two or more authentication methods supported by the terminal from the terminal before acquiring the first verification value and the second verification value from the data management device;

the processing unit is further to: and determining a first authentication method adopted for authenticating the terminal according to one or more than two authentication methods supported by the terminal and the authentication method supported by the authentication server.
The apparatus according to claim 24, wherein the transceiver unit is specifically configured to:

receiving one or two or more authentication methods supported by the terminal from the terminal and a priority of each authentication method in the one or two or more authentication methods;

the processing unit is specifically configured to:

and determining the first authentication method according to the priority of each authentication method in one or two or more authentication methods supported by the terminal and the authentication method supported by the authentication server.
The apparatus according to any one of claims 19 to 25, wherein the encrypted first random number is obtained by encrypting the first random number with a first key;

the processing unit is specifically configured to:

decrypting the encrypted first random number by using a second key to obtain the first random number, wherein the second key is a key corresponding to the first key;

and determining the anchor key by using the first random number, the second random number and the third random number.
A terminal, comprising:

a processing unit for generating a first random number;

the processing unit is further configured to determine an anchor key according to the first random number, the second random number, and the third random number, where the anchor key is used for the terminal communication.
The terminal of claim 27, wherein the processing unit is further configured to:

encrypting the first random number to obtain an encrypted first random number;

the terminal further comprises:

and the first transceiving unit is used for sending the encrypted first random number to the authentication server.
A terminal as claimed in claim 27 or 28, wherein the second random number is generated by the terminal, and the third random number is generated by the authentication server or mobility management device or data management device.
The terminal according to any of claims 27 to 29, characterized in that the terminal further comprises:

a second transceiving unit, configured to receive a second verification value sent by the data management device through the authentication server, where the second verification value is determined by a terminal identifier of the terminal, a registration password of the terminal stored in the data management device, and the second random number;

the processing unit is further to: determining a fourth verification value according to the terminal identification, the self registration password stored by the terminal and the second random number; and authenticating the authentication server according to the second verification value and the fourth verification value.
The terminal according to any of claims 27 to 30, characterized in that the terminal further comprises:

the third transceiving unit is used for: sending one or two or more authentication methods supported by the terminal to the authentication server; or sending one or two or more authentication methods supported by the terminal and the priority of each authentication method in the one or two or more authentication methods to the authentication server.
A communications apparatus, comprising:

a transceiving unit for acquiring a first verification value and a second verification value from the data management apparatus;

the processing unit is used for authenticating the terminal according to the first verification value;

the transceiver unit is further configured to send the second verification value to the terminal when the result of authenticating the terminal is legal.
The apparatus of claim 32, wherein the transceiver unit is further configured to:

sending the terminal identification of the terminal, the second random number and the third random number to the data management equipment;

receiving the first authentication value and the second authentication value from the data management device, wherein the first authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the third random number; the second authentication value is determined by the terminal identification, the registration password of the terminal held by the data management device, and the second random number.
The apparatus according to claim 32 or 33, wherein the transceiver unit is further configured to:

receiving a third verification value from the terminal, wherein the third verification value is determined by the third random number, the terminal identification of the terminal and a registration password of the terminal;

the processing unit is further to:

if the first verification value is equal to the third verification value, the authentication server determines that the terminal is legal;

and if the first verification value is not equal to the third verification value, the authentication server determines that the terminal is illegal.
A communications apparatus, the apparatus comprising a processor and a memory; the memory is configured to store computer-executable instructions that, when executed by the apparatus, cause the apparatus to perform the communication method of any one of claims 1-10.
A communications apparatus, the apparatus comprising a processor and a memory; the memory is configured to store computer-executable instructions that, when executed by the apparatus, cause the apparatus to perform the communication method of any one of claims 11-15.
A communications apparatus, the apparatus comprising a processor and a memory; the memory is configured to store computer-executable instructions that, when executed by the apparatus, cause the apparatus to perform the communication method of any one of claims 16-18.
A communication system comprising the apparatus of any of claims 19 to 26 and the apparatus of any of claims 27 to 31.