CN111404669B - A key generation method, terminal equipment and network equipment - Google Patents

A key generation method, terminal equipment and network equipment Download PDF

Info

Publication number
CN111404669B
CN111404669B CN201910000545.5A CN201910000545A CN111404669B CN 111404669 B CN111404669 B CN 111404669B CN 201910000545 A CN201910000545 A CN 201910000545A CN 111404669 B CN111404669 B CN 111404669B
Authority
CN
China
Prior art keywords
session key
key generation
generation mode
key
indication information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910000545.5A
Other languages
Chinese (zh)
Other versions
CN111404669A (en
Inventor
刘福文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201910000545.5A priority Critical patent/CN111404669B/en
Publication of CN111404669A publication Critical patent/CN111404669A/en
Application granted granted Critical
Publication of CN111404669B publication Critical patent/CN111404669B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention provides a key generation method, which relates to terminal equipment, network equipment, a computer readable storage medium and a system, wherein the method comprises the following steps: determining a first key based on the long-term key; determining a current session key generation mode from at least one session key generation mode based on the indication information sent by the network side; the indication information is used for indicating a session key generation mode; generating an authentication response and transmitting the authentication response to the network side when the authentication information transmitted by the network side successfully authenticates the network side, and generating a current session key based on the current session key generation mode; the at least one session key generation mode at least comprises the following steps: and generating a first session key generation mode of the session key based on the first key and the shared key stored by the terminal equipment.

Description

一种密钥生成方法、终端设备及网络设备A key generation method, terminal equipment and network equipment

技术领域technical field

本发明涉及信息处理技术领域,尤其涉及一种密钥生成方法、终端设备、网络设备、计算机存储介质以及系统。The present invention relates to the technical field of information processing, in particular to a method for generating a key, a terminal device, a network device, a computer storage medium and a system.

背景技术Background technique

5G将渗透到未来社会的各个领域,在构建以用户为中心的全方位信息生态系统中将起到关键作用。安全架构是5G网络正常运行的保障。认证协议是构建5G安全架构的基石。5G will penetrate into all fields of the future society and play a key role in building a user-centered all-round information ecosystem. The security architecture is the guarantee for the normal operation of the 5G network. Authentication protocols are the cornerstone of building a 5G security architecture.

第三代合作伙伴计划(3rd Generation Partnership Project,3GPP)标准TS33.501定义了一种5G认证与密钥协商协议(5G Authentication and Key Agreement,5G-AKA)用于UE和网络间的认证,而UE和网络进行相互认真的过程中,每次都要生成迪菲-赫尔曼密钥交换(Diffie–Hellman key exchange,DH)密钥交换相关的参数。生成这些参数需要使用非对称加密算法,就会消耗大量的计算资源,这对于物联网终端尤其不可接受,因为,有较多物联网终端要求在使用有限容量电池的情况下能具备长时间的工作能力,非对称加密算法的大量使用会加快物联网设备能耗速度,缩短物联网设备的工作时长。The 3rd Generation Partnership Project (3rd Generation Partnership Project, 3GPP) standard TS33.501 defines a 5G authentication and key agreement protocol (5G Authentication and Key Agreement, 5G-AKA) for authentication between the UE and the network, and During the mutual seriousness between the UE and the network, parameters related to the Diffie–Hellman key exchange (Diffie–Hellman key exchange, DH) key exchange must be generated each time. Generating these parameters requires the use of an asymmetric encryption algorithm, which consumes a large amount of computing resources, which is especially unacceptable for IoT terminals, because many IoT terminals require long-term working hours with limited-capacity batteries. Ability, the extensive use of asymmetric encryption algorithms will speed up the energy consumption of IoT devices and shorten the working hours of IoT devices.

发明内容Contents of the invention

为解决上述技术问题,本发明实施例提供了一种密钥生成方法、终端设备、网络设备、计算机存储介质以及系统。To solve the above technical problems, embodiments of the present invention provide a method for generating a key, a terminal device, a network device, a computer storage medium, and a system.

第一方面,提供了一种密钥生成方法,应用于终端设备,所述方法包括:In the first aspect, a method for generating a key is provided, which is applied to a terminal device, and the method includes:

基于长期密钥,确定第一密钥;determining a first key based on the long-term key;

基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;Based on the indication information sent by the network side, determine the current session key generation method from at least one session key generation method;

基于网络侧发送的认证信息对网络侧认证成功时,生成认证响应并发送至网络侧,基于所述本次会话密钥生成方式生成本次会话密钥;When the network side is successfully authenticated based on the authentication information sent by the network side, an authentication response is generated and sent to the network side, and the current session key is generated based on the current session key generation method;

其中,所述至少一种会话密钥生成方式中至少包括:基于所述第一密钥和所述终端设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, the at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the terminal device.

第二方面,提供了一种密钥生成方法,应用于网络设备,所述方法包括:In a second aspect, a method for generating a key is provided, which is applied to a network device, and the method includes:

基于长期密钥,确定第一密钥;determining a first key based on the long-term key;

基于指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;Based on the indication information, determine the current session key generation method from at least one session key generation method;

基于认证信息和终端设备发送的认证响应确定所述终端设备认证成功时,基于所述本次会话密钥生成方式生成所述终端设备对应的本次会话密钥;When determining that the terminal device has successfully authenticated based on the authentication information and the authentication response sent by the terminal device, generating a current session key corresponding to the terminal device based on the current session key generation method;

其中,所述至少一种会话密钥生成方式中至少包括:基于所述第一密钥和所述网络设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, the at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the network device.

第三方面,提供了一种终端设备,包括:In a third aspect, a terminal device is provided, including:

第一通信单元,用于接收网络侧发送的指示信息和认证信息;The first communication unit is configured to receive indication information and authentication information sent by the network side;

第一密钥生成单元,用于基于长期密钥,确定第一密钥;基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于网络侧发送的认证信息对网络侧认证成功时,生成认证响应并发送至网络侧,基于所述本次会话密钥生成方式生成本次会话密钥;The first key generation unit is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the instruction information sent by the network side; based on the network side When the authentication information sent is successfully authenticated on the network side, an authentication response is generated and sent to the network side, and the current session key is generated based on the current session key generation method;

其中,所述至少一种会话密钥生成方式中至少包括:基于所述第一密钥和所述终端设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, the at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the terminal device.

第四方面,提供了一种终端设备,包括:In a fourth aspect, a terminal device is provided, including:

第一通信接口,用于接收网络侧发送的指示信息和认证信息;The first communication interface is used to receive indication information and authentication information sent by the network side;

第一处理器,用于基于长期密钥,确定第一密钥;基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于网络侧发送的认证信息对网络侧认证成功时,生成认证响应并发送至网络侧,基于所述本次会话密钥生成方式生成本次会话密钥;The first processor is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the indication information sent by the network side; When the authentication information is successfully authenticated to the network side, an authentication response is generated and sent to the network side, and the current session key is generated based on the current session key generation method;

其中,所述至少一种会话密钥生成方式中至少包括:基于所述第一密钥和所述终端设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, the at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the terminal device.

第五方面,提供了一种网络设备,包括:In the fifth aspect, a network device is provided, including:

第二通信单元,用于向终端设备发送指示信息和认证信息;The second communication unit is configured to send indication information and authentication information to the terminal device;

第二密钥生成单元,用于基于长期密钥,确定第一密钥;基于指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于认证信息和终端设备发送的认证响应确定所述终端设备认证成功时,基于所述本次会话密钥生成方式生成所述终端设备对应的本次会话密钥;The second key generation unit is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the indication information; and determine the session key generation method based on the authentication information and the terminal device sending When the authentication response determines that the terminal device is successfully authenticated, generate the current session key corresponding to the terminal device based on the current session key generation method;

其中,所述至少一种会话密钥生成方式中至少包括:基于所述第一密钥和所述网络设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, the at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the network device.

第六方面,提供了一种网络设备,包括:In a sixth aspect, a network device is provided, including:

第二通信接口,用于向终端设备发送指示信息和认证信息;The second communication interface is used to send instruction information and authentication information to the terminal device;

第二处理器,用于基于长期密钥,确定第一密钥;基于指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于认证信息和终端设备发送的认证响应确定所述终端设备认证成功时,基于所述本次会话密钥生成方式生成所述终端设备对应的本次会话密钥;The second processor is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the indication information; based on the authentication information and the authentication sent by the terminal device When the response determines that the authentication of the terminal device is successful, generate the current session key corresponding to the terminal device based on the current session key generation method;

其中,所述至少一种会话密钥生成方式中至少包括:基于所述第一密钥和所述网络设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, the at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the network device.

第七方面,提供了一种计算机存储介质,其上存储有计算机程序,其中,该计算机程序被处理器执行时实现前述应用于终端设备的密钥生成方法的步骤。According to a seventh aspect, a computer storage medium is provided, on which a computer program is stored, wherein, when the computer program is executed by a processor, the steps of the aforementioned method for generating a key applied to a terminal device are implemented.

第八方面,提供了一种计算机存储介质,其上存储有计算机程序,其中,该计算机程序被处理器执行时实现前述应用于网络设备的密钥生成方法的步骤。In an eighth aspect, a computer storage medium is provided, on which a computer program is stored, wherein, when the computer program is executed by a processor, the steps of the aforementioned method for generating a key applied to a network device are implemented.

第九方面,一种密钥生成系统,其中,所述系统包括:至少一个终端设备、鉴权服务功能AUSF实体;其中,In the ninth aspect, a key generation system, wherein the system includes: at least one terminal device, and an authentication service function AUSF entity; wherein,

所述终端设备,用于基于长期密钥,确定第一密钥;基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于网络侧发送的认证信息对网络侧认证成功时,生成认证响应并发送至网络侧,基于所述本次会话密钥生成方式生成本次会话密钥;The terminal device is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the instruction information sent by the network side; When the authentication information is successfully authenticated to the network side, an authentication response is generated and sent to the network side, and the current session key is generated based on the current session key generation method;

所述AUSF实体,用于基于所述长期密钥,确定第一密钥;基于指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于认证信息和所述终端设备发送的认证响应确定所述终端设备认证成功时,基于所述本次会话密钥生成方式生成所述终端设备对应的本次会话密钥;The AUSF entity is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the indication information; based on the authentication information and the terminal When the authentication response sent by the device determines that the terminal device has successfully authenticated, generate the current session key corresponding to the terminal device based on the current session key generation method;

其中,所述至少一种会话密钥生成方式中至少包括:基于所述第一密钥和所述网络设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, the at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the network device.

本发明实施例的技术方案,在进行密钥交换时,终端设备可以根据长期密钥和共享密钥来生成会话密钥,网络侧通过向终端设备发送指示信息,来指示终端设备使用存储的共享密钥生成会话密钥,无需终端设备采用非对称加密算法为本次会话生成新的共享密钥。如此,通过重用共享密钥,降低了密钥交换协议中非对称加密算法的使用量,降低终端设备功耗。According to the technical solution of the embodiment of the present invention, when performing key exchange, the terminal device can generate a session key according to the long-term key and the shared key, and the network side instructs the terminal device to use the stored shared key by sending instruction information to the terminal device. The key generates a session key, without the terminal device using an asymmetric encryption algorithm to generate a new shared key for this session. In this way, by reusing the shared key, the usage of the asymmetric encryption algorithm in the key exchange protocol is reduced, and the power consumption of the terminal equipment is reduced.

附图说明Description of drawings

图1是现有技术中密钥生成方法的示意性图;Fig. 1 is a schematic diagram of a key generation method in the prior art;

图2是本申请实施例提供的一种密钥生成方法流程示意图1;FIG. 2 is a schematic flow diagram 1 of a method for generating a key provided in an embodiment of the present application;

图3为本发明实施例提供的一种密钥生成方法流程示意图2;FIG. 3 is a schematic flow diagram 2 of a key generation method provided by an embodiment of the present invention;

图4为本发明实施例提供的一种密钥生成方法流程示意图3;FIG. 4 is a schematic flow chart 3 of a key generation method provided by an embodiment of the present invention;

图5为本发明实施例提供的一种终端设备组成结构示意图1;FIG. 5 is a schematic diagram 1 of the composition and structure of a terminal device provided by an embodiment of the present invention;

图6为本发明实施例提供的一种终端设备组成结构示意图2;FIG. 6 is a schematic structural diagram 2 of a terminal device provided by an embodiment of the present invention;

图7为本发明实施例提供的一种网络设备组成结构示意图1;FIG. 7 is a schematic diagram 1 of a network device composition structure provided by an embodiment of the present invention;

图8为本发明实施例提供的一种网络设备组成结构示意图2;FIG. 8 is a schematic diagram 2 of a network device composition structure provided by an embodiment of the present invention;

图9为本发明实施例提供的一种系统组成结构示意图。FIG. 9 is a schematic diagram of a system composition structure provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

A AKA依靠存储在全球用户识别卡(Universal Subscriber Identity Module,USIM)中的根密钥K实现UE和网络之间的相互认证,并导出会话密钥。安全的假设条件是根密钥K除了网络运营商外,别人都不知道。然而,这种假设并不总是正确的,因为根密钥K可能在USIM卡的生产阶段就已被泄露。因此,被动攻击者可以使用从根密钥K,以及UE和网络之间交换消息而衍生的会话密钥来窃听通信。一个主动攻击者可能会利用偷来的大量根密钥伪造基站而发起中间人攻击。长期密钥泄密已经在TR33.899中的5.2.3.2节被认为是一个关键问题。A AKA relies on the root key K stored in the Universal Subscriber Identity Module (USIM) to achieve mutual authentication between the UE and the network, and to derive the session key. The safe assumption is that the root key K is unknown to anyone except the network operator. However, this assumption is not always correct, because the root key K may have been leaked during the production stage of USIM cards. Thus, a passive attacker can eavesdrop on communications using the root key K, and the session key derived from the messages exchanged between the UE and the network. An active attacker may use a large number of stolen root keys to fake a base station and launch a man-in-the-middle attack. Long-term key compromise has been identified as a critical issue in Section 5.2.3.2 of TR33.899.

针对上述密钥泄露的问题,DH密钥交换协议增强5G AKA安全性的方案,称为在SEAF(SEcurity Anchor Function)上使用DH。其原理是在UE和网络的SEAF相互认证过程中附带完成DH密钥交换协议,会话密钥的生成除了根密钥K外,还加入UE和网络间的DH共享密钥K_DH。攻击者即使知道根密钥K,因不知道共享密钥K_DH,也无法推导出会话密钥。In response to the above-mentioned key leakage problem, the DH key exchange protocol enhances the security of 5G AKA, which is called using DH on SEAF (SEcurity Anchor Function). The principle is that the DH key exchange protocol is completed during the SEAF mutual authentication process between the UE and the network. In addition to the root key K, the session key is generated by adding the DH shared key K_DH between the UE and the network. Even if the attacker knows the root key K, he cannot derive the session key because he does not know the shared key K_DH.

如图1所示,在SEAF上使用DH交换会话密钥的步骤如下:As shown in Figure 1, the steps to exchange session keys using DH on SEAF are as follows:

1、UDM/ARPF(Unified Data Management/Authentication credentialRepository and Processing Function)产生认证矢量5G HE AV(RAND、AUTN、XRES*、KAUSF),并解密SUCI(Subscription Concealed Identifier)得到UE的SUPI。1. UDM/ARPF (Unified Data Management/Authentication credentialRepository and Processing Function) generates authentication vector 5G HE AV (RAND, AUTN, XRES*, KAUSF), and decrypts SUCI (Subscription Concealed Identifier) to obtain SUPI of UE.

2、UDM/ARPF把认证矢量5G HE AV和SUPI发送给AUSF(Authentication ServerFunction)。2. UDM/ARPF sends the authentication vector 5G HE AV and SUPI to AUSF (Authentication Server Function).

3、AUSF临时存储XRES*及相应的SUPI,也可能存储KAUSF以备他用。3. AUSF temporarily stores XRES* and the corresponding SUPI, and may also store KAUSF for other uses.

4、AUSF使用XRES*推演出HXRES*,并使用KAUSF推演出KSEAF。从而AUSF获得5G AV(RAND,AUTN,HXRES*,KSEAF)。4. AUSF uses XRES* to deduce HXRES*, and uses KAUSF to deduce KSEAF. Thus AUSF obtains 5G AV (RAND, AUTN, HXRES*, KSEAF).

5、AUSF向SEAF发送5G AV消息。5. AUSF sends 5G AV message to SEAF.

6、SEAF根据算法指示符Alg(指示使用的DH算法)产生DH相关的参数,生成SEAF的公私钥对(APUB,APRI)。6. SEAF generates DH-related parameters according to the algorithm indicator Alg (indicating the DH algorithm used), and generates the public-private key pair (APUB, APRI) of SEAF.

7、SEAF向UE发送认证请求(Authentication Request)消息,其包括RAND,AUTN,APUB,Alg。7. The SEAF sends an authentication request (Authentication Request) message to the UE, which includes RAND, AUTN, APUB, and Alg.

8、UE对网络进行验证,如果验证成功生成认证响应RES*。并且UE根据算法指示符Alg生成DH相关的参数,即UE的公私钥对(BPUB,BPRI)。UE使用自己的私钥BPRI和收到的SEAF的公钥APUB,生成与SEAF共享的密钥K_DH。UE构建会话密钥KSEAF’=KSEAF||K_DH8. The UE verifies the network, and generates an authentication response RES* if the verification succeeds. And the UE generates DH-related parameters according to the algorithm indicator Alg, that is, the public-private key pair (BPUB, BPRI) of the UE. UE uses its own private key BPRI and the received public key APUB of SEAF to generate the key K_DH shared with SEAF. UE constructs session key KSEAF'=KSEAF||K_DH

9、UE向SEAF发送认证响应(Authentication Response)消息,其包括RES*,BPUB。9. The UE sends an Authentication Response (Authentication Response) message to the SEAF, which includes RES*, BPUB.

10、SEAF从RES*中推演出HRES*,并把HRES*与HXRES*做比较,如果成功则完成SEAF对UE的认证。SEAF使用自己的私钥APRI和收到的UE的公钥BPUB,生成与UE共享的密钥K_DH。UE构建会话密钥KSEAF’=KSEAF||K_DH。10. SEAF deduces HRES* from RES*, and compares HRES* with HXRES*, and if successful, completes SEAF's authentication of UE. SEAF uses its own private key APRI and the received UE's public key BPUB to generate a key K_DH shared with the UE. The UE constructs a session key KSEAF'=KSEAF||K_DH.

11、SEAF向AUSF发送RES*。11. SEAF sends RES* to AUSF.

12、AUSF通过把RES*与XRES*比较,实现对RES*的验证。12. AUSF realizes the verification of RES* by comparing RES* with XRES*.

13、如果AUSF对RES*验证成功,AUSF向SEAF发送验证成功的消息,以及UE的SUPI。13. If AUSF succeeds in verifying RES*, AUSF sends a message of successful verification and SUPI of UE to SEAF.

这里,在SEAF上使用DH的方案虽然解决了攻击者知道长期密钥而能推演出会话密钥的问题。但在SEAF和UE每次都要生成DH密钥交换相关的参数。生成这些参数需要使用非对称加密算法,要消耗大量的计算资源,这对于物联网终端不可接受,因为,有较多物联网终端要求在使用有限容量电池的情况下能具备长时间的工作能力,非对称加密算法的大量使用会加快物联网设备能耗速度,缩短物联网设备的工作时长。Here, the solution of using DH on SEAF solves the problem that the attacker knows the long-term key and can deduce the session key. However, SEAF and UE need to generate parameters related to DH key exchange each time. Generating these parameters requires the use of an asymmetric encryption algorithm, which consumes a large amount of computing resources, which is unacceptable for IoT terminals, because many IoT terminals require long-term working capabilities with limited-capacity batteries. The extensive use of asymmetric encryption algorithms will speed up the energy consumption of IoT devices and shorten the working hours of IoT devices.

此外,在SEAF上使用DH的方案,由于SEAF属于漫游网络网元,因此,归属网络不知道漫游网络是否实施DH密钥交换协议对会话密钥进行了增强。漫游网络有可能欺骗归属网络,从而由于长期密钥泄露,UE在空口的通信可能被窃听。In addition, in the solution of using DH on SEAF, since SEAF belongs to the network element of the roaming network, the home network does not know whether the roaming network implements the DH key exchange protocol to strengthen the session key. The roaming network may deceive the home network, so that the communication of the UE on the air interface may be eavesdropped due to the leakage of the long-term key.

为此,本发明实施例中提供了一种密钥生成方法,能够降低密钥交换协议中非对称加密算法的使用量,降低终端设备功耗。Therefore, an embodiment of the present invention provides a method for generating a key, which can reduce the usage of asymmetric encryption algorithms in the key exchange protocol and reduce the power consumption of terminal equipment.

如图2所示,本发明实施例提供了一种密钥生成方法,应用于终端设备,所述方法包括:As shown in Figure 2, an embodiment of the present invention provides a method for generating a key, which is applied to a terminal device, and the method includes:

步骤201:基于长期密钥,确定第一密钥;Step 201: Determine the first key based on the long-term key;

步骤202:基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;Step 202: Based on the indication information sent by the network side, determine the current session key generation method from at least one session key generation method;

步骤203:基于网络侧发送的认证信息对网络侧认证成功时,生成认证响应并发送至网络侧,基于本次会话密钥生成方式生成本次会话密钥;Step 203: When the network side is successfully authenticated based on the authentication information sent by the network side, an authentication response is generated and sent to the network side, and the current session key is generated based on the current session key generation method;

其中,至少一种会话密钥生成方式中至少包括:基于第一密钥和终端设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the terminal device.

这里,步骤201至步骤203的执行主体可以为终端设备的处理器。Here, the subject of execution of steps 201 to 203 may be a processor of the terminal device.

步骤201具体包括:网络侧设备基于长期密钥推演出第一密钥,并将第一密钥发送给终端设备,终端设备接收第一密钥。网络侧设备可以为网络侧具备AUSF功能的设备。Step 201 specifically includes: the network side device deduces the first key based on the long-term key, and sends the first key to the terminal device, and the terminal device receives the first key. The network-side device may be a network-side device with an AUSF function.

该方法还包括:接收网络侧发送的指示信息和认证信息;其中,指示信息是终端设备预设的,或者网络侧基于终端的安全级别确定的。具体的,根据终端设备的Profile中携带的指示信息确定使用何种生成。关于终端设备的相关信息profile,可以在终端设备与网络侧进行签约的时候,写入统一数据管理(UDM,Unified Data Management)中,然后当终端设备与网络需要进行DH密钥交换的时候,由UDM来确定终端设备采用哪种生成来生成会话密钥。认证信息是在5G通信认证过程中网络侧与终端进行相互认证时所需信息,比如,5G认证矢量(5G Home Environment Authentication Vector,5GHE AV)、长期用户标识SUPI(Subscription Permanent Identifier)等信息。The method further includes: receiving indication information and authentication information sent by the network side; wherein, the indication information is preset by the terminal device, or determined by the network side based on the security level of the terminal. Specifically, which generation to use is determined according to the indication information carried in the Profile of the terminal device. The relevant information profile of the terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device and the network need to exchange DH keys, the UDM to determine which generation the end device uses to generate the session key. Authentication information is the information required for mutual authentication between the network side and the terminal during the 5G communication authentication process, such as 5G Home Environment Authentication Vector (5GHE AV), SUPI (Subscription Permanent Identifier) and other information.

具体的,终端设备接收网络侧具备AUSF功能的设备发送的指示信息和认证信息。Specifically, the terminal device receives the indication information and authentication information sent by the device with the AUSF function on the network side.

指示信息为以下任意一种:用于指示第一会话密钥生成方式的第一指示,用于指示第二会话密钥生成方式的第二指示,用于指示第二会话密钥生成方式的第二指示。The indication information is any of the following: a first indication used to indicate the first session key generation method, a second indication used to indicate the second session key generation method, and a second indication used to indicate the second session key generation method. 2. Instructions.

实际应用中,至少一种会话密钥生成方式中还包括:基于第一密钥和新的共享密钥,生成本次会话密钥的第二会话密钥生成方式;将第一密钥作为本次会话密钥的第三会话密钥生成方式。In practical applications, at least one session key generation method also includes: a second session key generation method for generating the current session key based on the first key and the new shared key; using the first key as the current The third session key generation method of the secondary session key.

相应的,基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式,包括:指示信息为第一指示时,确定本次会话密钥生成方式为第一会话密钥生成方式;指示信息为第二指示时,确定本次会话密钥生成方式为第二会话密钥生成方式;指示信息为第三指示时,确定本次会话密钥生成方式为第三会话密钥生成方式。也就是说,指示信息用于指示终端设备在生成会话密钥时,重用共享密钥,生成新的共享密钥或者不使用共享密钥。Correspondingly, based on the instruction information sent by the network side, determining the current session key generation method from at least one session key generation method includes: when the instruction information is the first instruction, determining that the current session key generation method is the second A session key generation method; when the instruction information is the second instruction, determine that the session key generation method is the second session key generation method; when the instruction information is the third instruction, determine that the session key generation method is the second session key generation method Three session key generation methods. That is to say, the instruction information is used to instruct the terminal device to reuse the shared key, generate a new shared key or not use the shared key when generating the session key.

示例性的,第一会话密钥生成方式具体包括:对第一密钥和终端设备存储的共享密钥进行哈希运算,生成本次会话密钥;第二会话密钥生成方式具体包括:对第一密钥和新的共享密钥进行哈希运算,生成本次会话密钥。Exemplarily, the first session key generation method specifically includes: performing a hash operation on the first key and the shared key stored in the terminal device to generate the current session key; the second session key generation method specifically includes: A hash operation is performed on the first key and the new shared key to generate the current session key.

该方法还包括:在指示信息为第二指示时,生成与网络侧共享的新的共享密钥;保存新的共享密钥。The method further includes: when the indication information is the second indication, generating a new shared key to be shared with the network side; and saving the new shared key.

也就是说,在终端设备连接网络生成共享密钥时,在初次使用第二会话密钥生成方式生成共享密钥时,将初次生成的共享密钥存储在终端设备的USIM卡上或信息不可篡改的存储区内。之后终端设备与网络进行DH会话密钥交换时,使用第一会话密钥生成方式指示终端设备重用存储的共享密钥生成会话密钥,无需终端设备每次都使用非对称加密算法生成新的共享密钥,能够降低密钥交换协议中非对称加密算法的使用量,降低终端设备功耗。That is to say, when the terminal device connects to the network to generate the shared key, when using the second session key generation method to generate the shared key for the first time, the shared key generated for the first time is stored on the USIM card of the terminal device or the information cannot be tampered with. in the storage area. Afterwards, when the terminal device exchanges the DH session key with the network, the first session key generation method is used to instruct the terminal device to reuse the stored shared key to generate a session key, so that the terminal device does not need to use an asymmetric encryption algorithm to generate a new shared key every time. The key can reduce the usage of asymmetric encryption algorithms in the key exchange protocol and reduce the power consumption of terminal equipment.

可选的,在下一次使用第二会话密钥生成方式生成共享密钥,利用新生成的共享密钥替换终端设备中存储的旧的共享密钥,之后终端设备与网络进行DH会话密钥交换时,使用第一会话密钥生成方式指示终端设备重用最新存储的共享密钥生成会话密钥。Optionally, next time the shared key is generated using the second session key generation method, the old shared key stored in the terminal device is replaced with the newly generated shared key, and then the terminal device exchanges the DH session key with the network , use the first session key generation method to instruct the terminal device to reuse the latest stored shared key to generate a session key.

也就是说,终端设备存储的共享密钥可以是某一次会话密钥交换过程中新生成的共享密钥,比如,第一次生成的共享密钥;或者,在会话密钥交换过程中每生成一次新的共享密钥,就用新的共享密钥替换终端设备中存储的旧的共享密钥。That is to say, the shared key stored in the terminal device may be a newly generated shared key during a certain session key exchange process, for example, the shared key generated for the first time; Once a new shared key is issued, the old shared key stored in the terminal device is replaced with the new shared key.

实际应用中,终端设备和网络侧进行相互认证成功时;生成认证响应并发送至网络侧,并且直接基于本次会话密钥生成方式生成会话密钥。比如,UE与UDM/ARPF之间进行相互认证成功时,终端设备会同时存储最新产生的共享密钥,并利用存储的共享密钥生成会话密钥。当网络侧基于认证响应同样认证成功时,生成终端设备对应的会话密钥,网络侧和终端设备根据得到的会话密钥进行通信。In practical applications, when the mutual authentication between the terminal device and the network side is successful, an authentication response is generated and sent to the network side, and a session key is directly generated based on the current session key generation method. For example, when the mutual authentication between the UE and the UDM/ARPF is successful, the terminal device will store the newly generated shared key at the same time, and use the stored shared key to generate a session key. When the network side also succeeds in authentication based on the authentication response, a session key corresponding to the terminal device is generated, and the network side and the terminal device communicate according to the obtained session key.

参见图3,网络侧与终端设备进行密钥交换时,终端设备基于指示信息生成会话密钥的步骤如下:Referring to Figure 3, when the network side exchanges keys with the terminal device, the steps for the terminal device to generate a session key based on the indication information are as follows:

1、UDM/ARPF产生认证矢量5G HE AV(RAND、AUTN、XRES*、KAUSF),并解密SUCI得到UE的长期用户标识SUPI。1. UDM/ARPF generates authentication vector 5G HE AV (RAND, AUTN, XRES*, KAUSF), and decrypts SUCI to obtain UE's long-term user identity SUPI.

2、UDM/ARPF把认证矢量5G HE AV,SUPI,和UE Profile发送给AUSF,其中,认证矢量5G HE AV和SUPI包含了认证信息,UE Profile包含了指示信息。2. UDM/ARPF sends the authentication vectors 5G HE AV, SUPI, and UE Profile to AUSF, where the authentication vectors 5G HE AV and SUPI contain authentication information, and UE Profile contains indication information.

3、AUSF临时存储XRES*及相应的SUPI,也可能存储KAUSF以备他用。3. AUSF temporarily stores XRES* and the corresponding SUPI, and may also store KAUSF for other uses.

4、AUSF使用XRES*推演出HXRES*,并使用KAUSF推演出KSEAF(即本发明实施例中的第一密钥)。从而AUSF获得5G AV(RAND,AUTN,HXRES*,KSEAF)。AUSF根据UE Profile确定DH_ind(指示信息)的值。如果DH_ind的值设为a(第二指示),则生成DH密钥交换相关的参数,它首先生成AUSF的私钥APRI,并推导出AUSF的公钥APUB。如果DH_ind的值设为b(第一指示)或c(第三指示),则不生成DH密钥交换相关的参数。4. AUSF uses XRES* to deduce HXRES*, and uses KAUSF to deduce KSEAF (that is, the first key in the embodiment of the present invention). Thus AUSF obtains 5G AV (RAND, AUTN, HXRES*, KSEAF). AUSF determines the value of DH_ind (indication information) according to UE Profile. If the value of DH_ind is set to a (the second indication), the parameters related to the DH key exchange are generated. It first generates the private key APRI of the AUSF and derives the public key APUB of the AUSF. If the value of DH_ind is set to b (first indication) or c (third indication), no parameters related to DH key exchange are generated.

5、AUSF向SEAF发送5G AV消息,AUSF的公钥APUB,以及使用DH算法的指示Alg。5. AUSF sends 5G AV message to SEAF, AUSF's public key APUB, and instruction Alg to use DH algorithm.

6、SEAF向UE发送认证请求(Authentication Request)消息,其包括RAND,AUTN,APUB,DH_ind,Alg。其中只有当DH_ind为a时,Authentication Request消息才包含AUSF的公钥APUB。6. SEAF sends an authentication request (Authentication Request) message to the UE, which includes RAND, AUTN, APUB, DH_ind, and Alg. Among them, only when DH_ind is a, the Authentication Request message contains the public key APUB of AUSF.

7、UE对网络进行验证,如果验证成功生成认证响应RES*。如果DH_ind为a,UE根据算法指示符Alg生成DH相关的参数,即UE的公私钥对(BPUB,BPRI),UE使用自己的私钥BPRI和收到的AUSF的公钥APUB,生成与AUSF共享的密钥K_DH,并存储在USIM卡上或信息不可篡改的存储区内。UE根据DH_ind值的不同生成会话密钥KSEAF’如下:7. The UE verifies the network, and generates an authentication response RES* if the verification succeeds. If DH_ind is a, the UE generates DH-related parameters according to the algorithm indicator Alg, that is, the UE’s public-private key pair (BPUB, BPRI). The UE uses its own private key BPRI and the received AUSF’s public key APUB to generate The key K_DH is stored on the USIM card or in a non-tamperable storage area. The UE generates the session key KSEAF' according to the DH_ind value as follows:

DH_ind=a,KSEAF’=HASH(KSEAF,K_DH),这里K_DH为UE新生成的共享密钥;DH_ind=a, KSEAF'=HASH(KSEAF, K_DH), where K_DH is the newly generated shared key of the UE;

DH_ind=b,KSEAF’=HASH(KSEAF,K_DH),这里K_DH为UE以前存储的共享密钥;DH_ind=b, KSEAF'=HASH(KSEAF, K_DH), where K_DH is the shared key previously stored by the UE;

DH_ind=c,KSEAF’=KSEAF,这里不使用共享密钥,将第一密钥作为会话密钥。DH_ind=c, KSEAF'=KSEAF, the shared key is not used here, and the first key is used as the session key.

8、UE向SEAF发送认证响应(Authentication Response)消息,其包括RES*,BPUB。8. The UE sends an Authentication Response (Authentication Response) message to the SEAF, which includes RES*, BPUB.

9、SEAF从认证响应RES*中推演出HRES*,并把HRES*与HXRES*做比较。如果成功则完成SEAF对UE的认证,SEAF向AUSF发送RES*和BPUB。9. SEAF deduces HRES* from authentication response RES*, and compares HRES* with HXRES*. If it succeeds, the authentication of the UE by SEAF is completed, and SEAF sends RES* and BPUB to AUSF.

10、AUSF通过把认证响应RES*与XRES*比较,实现对RES*的验证。AUSF使用自己的私钥APRI和收到的UE的公钥BPUB,生成与UE共享的密钥K_DH,并把它存储在系统内。AUSF根据DH_ind值的不同生成会话密钥KSEAF’如下:10. AUSF realizes the verification of RES* by comparing the authentication response RES* with XRES*. AUSF uses its own private key APRI and received UE's public key BPUB to generate the key K_DH shared with UE and store it in the system. AUSF generates the session key KSEAF' according to the DH_ind value as follows:

DH_ind=a,KSEAF’=HASH(KSEAF,K_DH),这里K_DH为UE新生成的共享密钥;DH_ind=a, KSEAF'=HASH(KSEAF, K_DH), where K_DH is the newly generated shared key of the UE;

DH_ind=b,KSEAF’=HASH(KSEAF,K_DH),这里K_DH为UE以前存储的共享密钥;DH_ind=b, KSEAF'=HASH(KSEAF, K_DH), where K_DH is the shared key previously stored by the UE;

DH_ind=c,KSEAF’=KSEAF,这里不使用共享密钥,将第一密钥作为会话密钥。DH_ind=c, KSEAF'=KSEAF, the shared key is not used here, and the first key is used as the session key.

11、如果AUSF对认证响应RES*验证成功,AUSF向SEAF发送验证成功的消息,会话密钥KSEAF’,以及UE的SUPI。11. If AUSF succeeds in verifying the authentication response RES*, AUSF sends a successful verification message, session key KSEAF', and UE's SUPI to SEAF.

在AUSF上使用DH的方案,由于AUSF属于归属网络网元,归属网络能够得知AUSF是否实施DH密钥交换协议对会话密钥进行了增强,可以避免漫游网络欺骗归属网络完成会话密钥增强。从而使物联网终端能安全高效地完成与网络认证流程。DH_ind用来指示终端设备和网络设备重用共享密钥K_DH而生成会话密钥,从而减少非对称加密算法的使用量,适合用于物联网设备在连接5G网络时使用。Using the DH solution on the AUSF, since the AUSF belongs to the network element of the home network, the home network can know whether the AUSF implements the DH key exchange protocol to enhance the session key, which can prevent the roaming network from deceiving the home network to complete session key enhancement. In this way, the Internet of Things terminal can safely and efficiently complete the authentication process with the network. DH_ind is used to instruct terminal devices and network devices to reuse the shared key K_DH to generate a session key, thereby reducing the use of asymmetric encryption algorithms, and is suitable for use when IoT devices are connected to 5G networks.

可见,通过采用上述方案,在进行密钥交换时,终端设备可以根据长期密钥和共享密钥来生成会话密钥,网络侧通过向终端设备发送指示信息,来指示终端设备使用存储的共享密钥生成会话密钥,无需终端设备采用非对称加密算法为本次会话生成新的共享密钥。如此,通过重用共享密钥,降低了密钥交换协议中非对称加密算法的使用量,降低终端设备功耗。It can be seen that by adopting the above scheme, during key exchange, the terminal device can generate a session key according to the long-term key and the shared key, and the network side instructs the terminal device to use the stored shared secret key by sending instruction information to the terminal device. key to generate a session key, without the need for the terminal device to use an asymmetric encryption algorithm to generate a new shared key for this session. In this way, by reusing the shared key, the usage of the asymmetric encryption algorithm in the key exchange protocol is reduced, and the power consumption of the terminal equipment is reduced.

如图4所示,本发明实施例提供了一种密钥生成方法,应用于网络设备,方法包括:As shown in Figure 4, the embodiment of the present invention provides a method for generating a key, which is applied to a network device, and the method includes:

步骤401:基于长期密钥,确定第一密钥;Step 401: Determine the first key based on the long-term key;

步骤402:基于指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;Step 402: Based on the indication information, determine the current session key generation method from at least one session key generation method;

步骤403:基于认证信息和终端设备发送的认证响应确定终端设备认证成功时,基于本次会话密钥生成方式生成终端设备对应的本次会话密钥;Step 403: When it is determined that the terminal device has successfully authenticated based on the authentication information and the authentication response sent by the terminal device, generate a current session key corresponding to the terminal device based on the current session key generation method;

其中,至少一种会话密钥生成方式中至少包括:基于第一密钥和网络设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, at least one session key generation method at least includes: a first session key generation method for generating the current session key based on the first key and a shared key stored in the network device.

这里,步骤401至步骤403的执行主体可以为网络设备的处理器。本实施例中所涉及的网络设备,可以认为是网络侧具备AUSF功能的设备。Here, the subject of execution of steps 401 to 403 may be a processor of a network device. The network device involved in this embodiment may be regarded as a device with an AUSF function on the network side.

该方法还包括:发送第一密钥给终端设备;发送指示信息和认证信息给终端设备。其中,指示信息是终端设备预设的,或者网络侧基于终端的安全级别确定的。具体的,根据终端设备的Profile中携带的指示信息确定使用何种会话密钥生成方式。关于终端设备的相关信息profile,可以在终端设备与网络侧进行签约的时候,写入UDM中,然后当终端设备与网络需要进行DH密钥交换的时候,由UDM来确定终端设备采用哪种会话密钥生成方式生来生成会话密钥。认证信息是在5G通信认证过程中网络侧与终端进行相互认证时所需信息,比如,5G认证矢量、SUPI等信息。The method also includes: sending the first key to the terminal device; sending indication information and authentication information to the terminal device. Wherein, the indication information is preset by the terminal device, or determined by the network side based on the security level of the terminal. Specifically, which session key generation method to use is determined according to the indication information carried in the profile of the terminal device. The relevant information profile of the terminal device can be written into the UDM when the terminal device signs a contract with the network side, and then when the terminal device and the network need to exchange DH keys, the UDM determines which session the terminal device uses The key generation method is used to generate session keys. Authentication information is the information required for mutual authentication between the network side and the terminal during the 5G communication authentication process, such as 5G authentication vector, SUPI and other information.

指示信息为以下任意一种:用于指示第一会话密钥生成方式的第一指示,用于指示第二会话密钥生成方式的第二指示,用于指示第二会话密钥生成方式的第二指示。The indication information is any of the following: a first indication used to indicate the first session key generation method, a second indication used to indicate the second session key generation method, and a second indication used to indicate the second session key generation method. 2. Instructions.

实际应用中,至少一种会话密钥生成方式中还包括:基于第一密钥和新的共享密钥,生成本次会话密钥的第二会话密钥生成方式;将第一密钥作为本次会话密钥的第三会话密钥生成方式。In practical applications, at least one session key generation method also includes: a second session key generation method for generating the current session key based on the first key and the new shared key; using the first key as the current The third session key generation method of the secondary session key.

相应的,基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式,包括:指示信息为第一指示时,确定本次会话密钥生成方式为第一会话密钥生成方式;指示信息为第二指示时,确定本次会话密钥生成方式为第二会话密钥生成方式;指示信息为第三指示时,确定本次会话密钥生成方式为第三会话密钥生成方式。也就是说,指示信息用于指示网络设备在生成会话密钥时,重用共享密钥,生成新的共享密钥或者不使用共享密钥。Correspondingly, based on the instruction information sent by the network side, determining the current session key generation method from at least one session key generation method includes: when the instruction information is the first instruction, determining that the current session key generation method is the second A session key generation method; when the instruction information is the second instruction, determine that the session key generation method is the second session key generation method; when the instruction information is the third instruction, determine that the session key generation method is the second session key generation method Three session key generation methods. That is to say, the instruction information is used to instruct the network device to reuse the shared key, generate a new shared key or not use the shared key when generating the session key.

示例性的,第一会话密钥生成方式具体包括:对第一密钥和终端设备存储的共享密钥进行哈希运算,生成本次会话密钥;第二会话密钥生成方式具体包括:对第一密钥和新的共享密钥进行哈希运算,生成本次会话密钥。Exemplarily, the first session key generation method specifically includes: performing a hash operation on the first key and the shared key stored in the terminal device to generate the current session key; the second session key generation method specifically includes: A hash operation is performed on the first key and the new shared key to generate the current session key.

该方法还包括:在指示信息为第二指示时,生成与终端设备共享的新的共享密钥;保存新的共享密钥。The method further includes: when the indication information is the second indication, generating a new shared key to be shared with the terminal device; and storing the new shared key.

也就是说,在网络设备与终端设备连接生成共享密钥时,网络设备在初次使用第二会话密钥生成方式生成共享密钥时,将初次生成的共享密钥存储在网络设备上信息不可篡改的存储区内。之后终端设备与网络设备进行DH会话密钥交换时,使用第一会话密钥生成方式指示终端设备重用存储的共享密钥生成会话密钥,无需网络设备每次都使用非对称加密算法生成新的共享密钥,能够降低密钥交换协议中非对称加密算法的使用量,降低终端设备功耗。That is to say, when the network device is connected to the terminal device to generate a shared key, when the network device generates the shared key using the second session key generation method for the first time, it stores the first generated shared key on the network device and the information cannot be tampered with. in the storage area. Afterwards, when the terminal device and the network device perform DH session key exchange, the first session key generation method is used to instruct the terminal device to reuse the stored shared key to generate a session key, so that the network device does not need to use an asymmetric encryption algorithm to generate a new session key every time. Shared keys can reduce the usage of asymmetric encryption algorithms in the key exchange protocol and reduce the power consumption of terminal equipment.

可选的,在下一次使用第二会话密钥生成方式生成共享密钥,利用新生成的共享密钥替换网络设备中存储的旧的共享密钥,之后终端设备与网络进行DH会话密钥交换时,使用第一会话密钥生成方式指示网络设备重用最新存储的共享密钥生成会话密钥。Optionally, next time the shared key is generated using the second session key generation method, the old shared key stored in the network device is replaced with the newly generated shared key, and then the terminal device exchanges the DH session key with the network , use the first session key generation mode to instruct the network device to reuse the latest stored shared key to generate a session key.

也就是说,网络设备存储的共享密钥可以是某一次会话密钥交换过程中新生成的共享密钥,比如,第一次生成的共享密钥;或者,在会话密钥交换过程中每生成一次新的共享密钥,就用新的共享密钥替换网络设备中存储的旧的共享密钥。That is to say, the shared key stored by the network device may be a newly generated shared key during a certain session key exchange process, for example, the shared key generated for the first time; Once a new shared key is issued, the old shared key stored in the network device is replaced with the new shared key.

实际应用中,终端设备和网络侧进行相互认证成功时;生成认证响应并发送至网络侧,并且直接基于本次会话密钥生成方式生成本次会话密钥。比如,UE与UDM/ARPF之间进行相互认证成功时,终端设备会同时存储最新产生的共享密钥,并利用存储的共享密钥生成会话密钥。当网络侧基于认证响应同样认证成功时,生成终端设备对应的会话密钥,网络侧和终端设备根据得到的会话密钥进行通信。In practical applications, when the mutual authentication between the terminal device and the network side is successful, an authentication response is generated and sent to the network side, and the current session key is directly generated based on the current session key generation method. For example, when the mutual authentication between the UE and the UDM/ARPF is successful, the terminal device will store the newly generated shared key at the same time, and use the stored shared key to generate a session key. When the network side also succeeds in authentication based on the authentication response, a session key corresponding to the terminal device is generated, and the network side and the terminal device communicate according to the obtained session key.

参见图3,网络侧与终端设备进行密钥交换时,AUSF基于指示信息生成会话密钥的步骤如下:Referring to Figure 3, when the network side exchanges keys with the terminal device, the steps for AUSF to generate a session key based on the indication information are as follows:

1、UDM/ARPF产生认证矢量5G HE AV(RAND、AUTN、XRES*、KAUSF),并解密SUCI得到UE的长期用户标识SUPI。1. UDM/ARPF generates authentication vector 5G HE AV (RAND, AUTN, XRES*, KAUSF), and decrypts SUCI to obtain UE's long-term user identity SUPI.

2、UDM/ARPF把认证矢量5G HE AV,SUPI,和UE Profile发送给AUSF,其中,认证矢量5G HE AV和SUPI包含了认证信息,UE Profile包含了指示信息。2. UDM/ARPF sends the authentication vectors 5G HE AV, SUPI, and UE Profile to AUSF, where the authentication vectors 5G HE AV and SUPI contain authentication information, and UE Profile contains indication information.

3、AUSF临时存储XRES*及相应的SUPI,也可能存储KAUSF以备他用。3. AUSF temporarily stores XRES* and the corresponding SUPI, and may also store KAUSF for other uses.

4、AUSF使用XRES*推演出HXRES*,并使用KAUSF推演出KSEAF(即本发明实施例中的第一密钥)。从而AUSF获得5G AV(RAND,AUTN,HXRES*,KSEAF)。AUSF根据UE Profile确定DH_ind(指示信息)的值。如果DH_ind的值设为a(第二指示),则生成DH密钥交换相关的参数,它首先生成AUSF的私钥APRI,并推导出AUSF的公钥APUB。如果DH_ind的值设为b(第一指示)或c(第三指示),则不生成DH密钥交换相关的参数。4. AUSF uses XRES* to deduce HXRES*, and uses KAUSF to deduce KSEAF (that is, the first key in the embodiment of the present invention). Thus AUSF obtains 5G AV (RAND, AUTN, HXRES*, KSEAF). AUSF determines the value of DH_ind (indication information) according to UE Profile. If the value of DH_ind is set to a (the second indication), the parameters related to the DH key exchange are generated. It first generates the private key APRI of the AUSF and derives the public key APUB of the AUSF. If the value of DH_ind is set to b (first indication) or c (third indication), no parameters related to DH key exchange are generated.

5、AUSF向SEAF发送5G AV消息,AUSF的公钥APUB,以及使用DH算法的指示Alg。5. AUSF sends 5G AV message to SEAF, AUSF's public key APUB, and instruction Alg to use DH algorithm.

6、SEAF向UE发送认证请求(Authentication Request)消息,其包括RAND,AUTN,APUB,DH_ind,Alg。其中只有当DH_ind为a时,Authentication Request消息才包含AUSF的公钥APUB。6. SEAF sends an authentication request (Authentication Request) message to the UE, which includes RAND, AUTN, APUB, DH_ind, and Alg. Among them, only when DH_ind is a, the Authentication Request message contains the public key APUB of AUSF.

7、UE对网络进行验证,如果验证成功生成认证响应RES*。如果DH_ind为a,UE根据算法指示符Alg生成DH相关的参数,即UE的公私钥对(BPUB,BPRI),UE使用自己的私钥BPRI和收到的AUSF的公钥APUB,生成与AUSF共享的密钥K_DH,并存储在USIM卡上或信息不可篡改的存储区内。UE根据DH_ind值的不同生成会话密钥KSEAF’如下:7. The UE verifies the network, and generates an authentication response RES* if the verification succeeds. If DH_ind is a, the UE generates DH-related parameters according to the algorithm indicator Alg, that is, the UE’s public-private key pair (BPUB, BPRI). The UE uses its own private key BPRI and the received AUSF’s public key APUB to generate The key K_DH is stored on the USIM card or in a non-tamperable storage area. The UE generates the session key KSEAF' according to the DH_ind value as follows:

DH_ind=a,KSEAF’=HASH(KSEAF,K_DH),这里K_DH为UE新生成的共享密钥;DH_ind=a, KSEAF'=HASH(KSEAF, K_DH), where K_DH is the newly generated shared key of the UE;

DH_ind=b,KSEAF’=HASH(KSEAF,K_DH),这里K_DH为UE以前存储的共享密钥;DH_ind=b, KSEAF'=HASH(KSEAF, K_DH), where K_DH is the shared key previously stored by the UE;

DH_ind=c,KSEAF’=KSEAF,这里不使用共享密钥,将第一密钥作为会话密钥。DH_ind=c, KSEAF'=KSEAF, the shared key is not used here, and the first key is used as the session key.

8、UE向SEAF发送认证响应(Authentication Response)消息,其包括RES*,BPUB。8. The UE sends an Authentication Response (Authentication Response) message to the SEAF, which includes RES*, BPUB.

9、SEAF从认证响应RES*中推演出HRES*,并把HRES*与HXRES*做比较。如果成功则完成SEAF对UE的认证,SEAF向AUSF发送RES*和BPUB。9. SEAF deduces HRES* from authentication response RES*, and compares HRES* with HXRES*. If it succeeds, the authentication of the UE by SEAF is completed, and SEAF sends RES* and BPUB to AUSF.

10、AUSF通过把认证响应RES*与XRES*比较,实现对RES*的验证。AUSF使用自己的私钥APRI和收到的UE的公钥BPUB,生成与UE共享的密钥K_DH,并把它存储在系统内。AUSF根据DH_ind值的不同生成会话密钥KSEAF’如下:10. AUSF realizes the verification of RES* by comparing the authentication response RES* with XRES*. AUSF uses its own private key APRI and received UE's public key BPUB to generate the key K_DH shared with UE and store it in the system. AUSF generates the session key KSEAF' according to the DH_ind value as follows:

DH_ind=a,KSEAF’=HASH(KSEAF,K_DH),这里K_DH为UE新生成的共享密钥;DH_ind=a, KSEAF'=HASH(KSEAF, K_DH), where K_DH is the newly generated shared key of the UE;

DH_ind=b,KSEAF’=HASH(KSEAF,K_DH),这里K_DH为UE以前存储的共享密钥;DH_ind=b, KSEAF'=HASH(KSEAF, K_DH), where K_DH is the shared key previously stored by the UE;

DH_ind=c,KSEAF’=KSEAF,这里不使用共享密钥,将第一密钥作为会话密钥。DH_ind=c, KSEAF'=KSEAF, the shared key is not used here, and the first key is used as the session key.

11、如果AUSF对认证响应RES*验证成功,AUSF向SEAF发送验证成功的消息,会话密钥KSEAF’,以及UE的SUPI。11. If AUSF succeeds in verifying the authentication response RES*, AUSF sends a successful verification message, session key KSEAF', and UE's SUPI to SEAF.

在AUSF上使用DH的方案,由于AUSF属于归属网络网元,归属网络能够得知AUSF是否实施DH密钥交换协议对会话密钥进行了增强,可以避免漫游网络欺骗归属网络完成会话密钥增强。从而使物联网终端能安全高效地完成与网络认证流程。DH_ind用来指示终端设备和网络设备重用共享密钥K_DH而生成会话密钥,从而减少非对称加密算法的使用量,适合用于物联网设备在连接5G网络时使用。Using the DH solution on the AUSF, since the AUSF belongs to the network element of the home network, the home network can know whether the AUSF implements the DH key exchange protocol to enhance the session key, which can prevent the roaming network from deceiving the home network to complete session key enhancement. In this way, the Internet of Things terminal can safely and efficiently complete the authentication process with the network. DH_ind is used to instruct terminal devices and network devices to reuse the shared key K_DH to generate a session key, thereby reducing the use of asymmetric encryption algorithms, and is suitable for use when IoT devices are connected to 5G networks.

可见,通过采用上述方案,在进行密钥交换时,终端设备可以根据长期密钥和共享密钥来生成会话密钥,网络侧通过向终端设备发送指示信息,来指示终端设备使用存储的共享密钥生成会话密钥,无需终端设备采用非对称加密算法为本次会话生成新的共享密钥。如此,通过重用共享密钥,降低了密钥交换协议中非对称加密算法的使用量,降低终端设备功耗。It can be seen that by adopting the above scheme, during key exchange, the terminal device can generate a session key according to the long-term key and the shared key, and the network side instructs the terminal device to use the stored shared secret key by sending instruction information to the terminal device. key to generate a session key, without the need for the terminal device to use an asymmetric encryption algorithm to generate a new shared key for this session. In this way, by reusing the shared key, the usage of the asymmetric encryption algorithm in the key exchange protocol is reduced, and the power consumption of the terminal equipment is reduced.

如图5所示,本发明实施例提供了一种终端设备,包括:As shown in Figure 5, an embodiment of the present invention provides a terminal device, including:

第一通信单元51,用于接收网络侧发送的指示信息和认证信息;The first communication unit 51 is configured to receive indication information and authentication information sent by the network side;

第一密钥生成单元52,用于基于长期密钥,确定第一密钥;基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于网络侧发送的认证信息对网络侧认证成功时,生成认证响应并发送至网络侧,基于本次会话密钥生成方式生成本次会话密钥;The first key generation unit 52 is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the instruction information sent by the network side; When the authentication information sent by the network side is successfully authenticated to the network side, an authentication response is generated and sent to the network side, and the current session key is generated based on the current session key generation method;

其中,至少一种会话密钥生成方式中至少包括:基于第一密钥和终端设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the terminal device.

如图6所示,本发明实施例提供了一种终端设备,包括:As shown in Figure 6, an embodiment of the present invention provides a terminal device, including:

第一通信接口61,用于接收网络侧发送的指示信息和认证信息;The first communication interface 61 is configured to receive indication information and authentication information sent by the network side;

第一处理器62,用于基于长期密钥,确定第一密钥;基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于网络侧发送的认证信息对网络侧认证成功时,生成认证响应并发送至网络侧,基于本次会话密钥生成方式生成本次会话密钥;The first processor 62 is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the indication information sent by the network side; When the authentication information is successfully authenticated to the network side, an authentication response is generated and sent to the network side, and the current session key is generated based on the current session key generation method;

其中,至少一种会话密钥生成方式中至少包括:基于第一密钥和终端设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the terminal device.

在一些实施例中,至少一种会话密钥生成方式中还包括:基于第一密钥和新的共享密钥,生成本次会话密钥的第二会话密钥生成方式;将第一密钥作为本次会话密钥的第三会话密钥生成方式。In some embodiments, at least one session key generation method further includes: a second session key generation method for generating the current session key based on the first key and the new shared key; The third session key generation method used as the current session key.

在一些实施例中,第一会话密钥生成方式具体包括:对第一密钥和终端设备存储的共享密钥进行哈希运算,生成本次会话密钥;第二会话密钥生成方式具体包括:对第一密钥和新的共享密钥进行哈希运算,生成本次会话密钥。In some embodiments, the first session key generation method specifically includes: performing a hash operation on the first key and the shared key stored in the terminal device to generate the current session key; the second session key generation method specifically includes : Perform hash operation on the first key and the new shared key to generate the current session key.

在一些实施例中,第一处理器62,具体用于指示信息为第一指示时,确定本次会话密钥生成方式为第一会话密钥生成方式;指示信息为第二指示时,确定本次会话密钥生成方式为第二会话密钥生成方式;指示信息为第三指示时,确定本次会话密钥生成方式为第三会话密钥生成方式。In some embodiments, the first processor 62 is specifically configured to determine that the current session key generation mode is the first session key generation mode when the indication information is the first indication; and determine the current session key generation mode when the indication information is the second indication. The second session key generation method is the second session key generation method; when the indication information is the third instruction, it is determined that the current session key generation method is the third session key generation method.

在一些实施例中,第一处理器62,还用于在指示信息为第二指示时,生成与网络侧共享的新的共享密钥;保存新的共享密钥。In some embodiments, the first processor 62 is further configured to generate a new shared key to be shared with the network side when the indication information is the second indication; and store the new shared key.

如图7所示,本发明实施例提供了一种网络设备,包括:As shown in Figure 7, an embodiment of the present invention provides a network device, including:

第二通信单元71,用于向终端设备发送指示信息和认证信息;The second communication unit 71 is configured to send indication information and authentication information to the terminal device;

第二密钥生成单元72,用于基于长期密钥,确定第一密钥;基于指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于认证信息和终端设备发送的认证响应确定终端设备认证成功时,基于本次会话密钥生成方式生成终端设备对应的本次会话密钥;The second key generation unit 72 is configured to determine the first key based on the long-term key; based on the indication information, determine the current session key generation method from at least one session key generation method; based on the authentication information and the terminal device When the sent authentication response determines that the terminal device has successfully authenticated, generate the current session key corresponding to the terminal device based on the current session key generation method;

其中,至少一种会话密钥生成方式中至少包括:基于第一密钥和网络设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, at least one session key generation method at least includes: a first session key generation method for generating the current session key based on the first key and a shared key stored in the network device.

如图8所示,本发明实施例提供了一种网络设备,包括:As shown in Figure 8, an embodiment of the present invention provides a network device, including:

第二通信接口81,用于向终端设备发送指示信息和认证信息;The second communication interface 81 is configured to send indication information and authentication information to the terminal device;

第二处理器82,用于基于长期密钥,确定第一密钥;基于指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于认证信息和终端设备发送的认证响应确定终端设备认证成功时,基于本次会话密钥生成方式生成终端设备对应的本次会话密钥;The second processor 82 is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the indication information; When the authentication response determines that the authentication of the terminal device is successful, the current session key corresponding to the terminal device is generated based on the current session key generation method;

其中,至少一种会话密钥生成方式中至少包括:基于第一密钥和网络设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, at least one session key generation method at least includes: a first session key generation method for generating the current session key based on the first key and a shared key stored in the network device.

在一些实施例中,至少一种会话密钥生成方式中还包括:基于第一密钥和新的共享密钥,生成本次会话密钥的第二会话密钥生成方式;将第一密钥作为本次会话密钥的第三会话密钥生成方式。In some embodiments, at least one session key generation method further includes: a second session key generation method for generating the current session key based on the first key and the new shared key; The third session key generation method used as the current session key.

在一些实施例中,第一会话密钥生成方式具体包括:对第一密钥和终端设备存储的共享密钥进行哈希运算,生成本次会话密钥;In some embodiments, the method for generating the first session key specifically includes: performing a hash operation on the first key and a shared key stored in the terminal device to generate the current session key;

第二会话密钥生成方式具体包括:对第一密钥和新的共享密钥进行哈希运算,生成本次会话密钥。The method for generating the second session key specifically includes: performing a hash operation on the first key and the new shared key to generate the current session key.

在一些实施例中,第二处理器82,具体用于指示信息为第一指示时,确定本次会话密钥生成方式为第一会话密钥生成方式;指示信息为第二指示时,确定本次会话密钥生成方式为第二会话密钥生成方式;指示信息为第三指示时,确定本次会话密钥生成方式为第三会话密钥生成方式。In some embodiments, the second processor 82 is specifically configured to determine that the current session key generation method is the first session key generation method when the indication information is the first indication; The second session key generation method is the second session key generation method; when the indication information is the third instruction, it is determined that the current session key generation method is the third session key generation method.

在一些实施例中,第二处理器82,还用于在指示信息为第二指示时,生成与终端设备共享的新的共享密钥;保存新的共享密钥。In some embodiments, the second processor 82 is further configured to generate a new shared key to be shared with the terminal device when the indication information is the second indication; and store the new shared key.

本实施例中所涉及的网络设备,可以认为是网络侧具备AUSF功能的设备。The network device involved in this embodiment may be regarded as a device with an AUSF function on the network side.

本申请实施例还提供了一种计算机可读存储介质,用于存储计算机程序。The embodiment of the present application also provides a computer-readable storage medium for storing computer programs.

可选的,该计算机可读存储介质可应用于本申请实施例中的任意一种终端设备,并且该计算机程序使得计算机执行本申请实施例的各个方法中由终端设备实现的相应流程,为了简洁,在此不再赘述。Optionally, the computer-readable storage medium can be applied to any terminal device in the embodiments of the present application, and the computer program enables the computer to execute the corresponding processes implemented by the terminal device in the methods of the embodiments of the present application. For the sake of brevity , which will not be repeated here.

或者,该计算机可读存储介质可应用于本申请实施例中的任意一种网络设备,并且该计算机程序使得计算机执行本申请实施例的各个方法中由网络设备实现的相应流程,为了简洁,在此不再赘述。Alternatively, the computer-readable storage medium can be applied to any network device in the embodiments of the present application, and the computer program enables the computer to execute the corresponding processes implemented by the network device in the methods of the embodiments of the present application. For brevity, the This will not be repeated here.

本申请实施例还提供了一种密钥生成系统,如图9所示,所述系统包括:至少一个终端设备91、鉴权服务功能AUSF实体92;其中,The embodiment of the present application also provides a key generation system, as shown in FIG. 9 , the system includes: at least one terminal device 91, and an authentication service function AUSF entity 92; wherein,

所述终端设备91,用于基于长期密钥,确定第一密钥;基于网络侧发送的指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于网络侧发送的认证信息对网络侧认证成功时,生成认证响应并发送至网络侧,基于所述本次会话密钥生成方式生成本次会话密钥;The terminal device 91 is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the instruction information sent by the network side; When the authentication information on the network side is successfully authenticated, an authentication response is generated and sent to the network side, and the current session key is generated based on the current session key generation method;

所述AUSF实体92,用于基于所述长期密钥,确定第一密钥;基于指示信息,从至少一种会话密钥生成方式中确定本次会话密钥生成方式;基于认证信息和所述终端设备发送的认证响应确定所述终端设备认证成功时,基于所述本次会话密钥生成方式生成所述终端设备对应的本次会话密钥;The AUSF entity 92 is configured to determine the first key based on the long-term key; determine the current session key generation method from at least one session key generation method based on the indication information; and determine the current session key generation method based on the authentication information and the When the authentication response sent by the terminal device determines that the terminal device has successfully authenticated, generate the current session key corresponding to the terminal device based on the current session key generation method;

其中,所述至少一种会话密钥生成方式中至少包括:基于所述第一密钥和所述网络设备存储的共享密钥,生成本次会话密钥的第一会话密钥生成方式。Wherein, the at least one session key generation method at least includes: a first session key generation method for generating a current session key based on the first key and a shared key stored in the network device.

所述至少一种会话密钥生成方式中还包括:基于所述第一密钥和新的共享密钥,生成本次会话密钥的第二会话密钥生成方式;将所述第一密钥作为本次会话密钥的第三会话密钥生成方式。The at least one session key generation method further includes: a second session key generation method for generating the current session key based on the first key and the new shared key; The third session key generation method used as the current session key.

所述终端设备,用于对所述第一密钥和所述终端设备存储的共享密钥进行哈希运算,生成本次会话密钥;所述第二会话密钥生成方式具体包括:对所述第一密钥和新的共享密钥进行哈希运算,生成本次会话密钥;The terminal device is configured to perform a hash operation on the first key and the shared key stored in the terminal device to generate a current session key; the method for generating the second session key specifically includes: Perform a hash operation on the first key and the new shared key to generate the session key;

所述AUSF实体,用于对所述第一密钥和所述终端设备存储的共享密钥进行哈希运算,生成本次会话密钥;所述第二会话密钥生成方式具体包括:对所述第一密钥和新的共享密钥进行哈希运算,生成本次会话密钥。The AUSF entity is configured to perform a hash operation on the first key and the shared key stored in the terminal device to generate a current session key; the second session key generation method specifically includes: The first key and the new shared key are hashed to generate the current session key.

所述终端设备,用于所述指示信息为第一指示时,确定所述本次会话密钥生成方式为第一会话密钥生成方式;所述指示信息为第二指示时,确定所述本次会话密钥生成方式为第二会话密钥生成方式;所述指示信息为第三指示时,确定所述本次会话密钥生成方式为第三会话密钥生成方式;The terminal device is configured to determine that the current session key generation mode is the first session key generation mode when the indication information is the first indication; and determine that the current session key generation mode is the second indication information when the indication information is the second indication information. The second session key generation method is the second session key generation method; when the instruction information is the third instruction, it is determined that the current session key generation method is the third session key generation method;

所述AUSF实体,用于所述指示信息为第一指示时,确定所述本次会话密钥生成方式为第一会话密钥生成方式;所述指示信息为第二指示时,确定所述本次会话密钥生成方式为第二会话密钥生成方式;所述指示信息为第三指示时,确定所述本次会话密钥生成方式为第三会话密钥生成方式。The AUSF entity is configured to determine that the current session key generation mode is the first session key generation mode when the indication information is the first indication; determine that the current session key generation mode is the second indication information when the indication information is the second indication information. The second session key generation method is the second session key generation method; when the indication information is the third instruction, it is determined that the current session key generation method is the third session key generation method.

所述终端设备,用于在所述指示信息为第二指示时,生成与网络侧共享的新的共享密钥;保存所述新的共享密钥;The terminal device is configured to generate a new shared key shared with the network side when the indication information is the second indication; save the new shared key;

所述AUSF实体,用于在所述指示信息为第二指示时,生成与所述终端设备共享的新的共享密钥;保存所述新的共享密钥。The AUSF entity is configured to generate a new shared key to be shared with the terminal device when the indication information is the second indication; and store the new shared key.

另外,本系统中各个设备中具备的功能与前述方法或装置实施例相同,因此不再进行赘述。In addition, the functions of each device in this system are the same as those of the aforementioned method or device embodiments, so details are not repeated here.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those skilled in the art can appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementation should not be regarded as exceeding the scope of the present application.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed systems, devices and methods may be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit.

所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,)ROM、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the functions described above are realized in the form of software function units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art or the part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including Several instructions are used to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory,) ROM, random access memory (Random Access Memory, RAM), magnetic disk or optical disc, etc., which can store program codes. .

以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应所述以权利要求的保护范围为准。The above is only a specific implementation of the application, but the scope of protection of the application is not limited thereto. Anyone familiar with the technical field can easily think of changes or substitutions within the technical scope disclosed in the application. Should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims (29)

1. A key generation method applied to a terminal device, the method comprising:
determining a first key based on the long-term key;
determining a current session key generation mode from at least one session key generation mode based on the indication information sent by the network side;
generating an authentication response and transmitting the authentication response to the network side when the authentication information transmitted by the network side successfully authenticates the network side, and generating a current session key based on the current session key generation mode;
the at least one session key generation mode at least comprises the following steps: and generating a first session key generation mode of the session key based on the first key and the shared key stored by the terminal equipment.
2. The method of claim 1, wherein the at least one session key generation manner further comprises: generating a second session key generation mode of the session key based on the first key and the new shared key;
and taking the first key as a third session key generation mode of the current session key.
3. The method of claim 2, wherein the first session key generation mode specifically comprises: carrying out hash operation on the first key and the shared key stored by the terminal equipment to generate a session key;
The second session key generation mode specifically includes: and carrying out hash operation on the first key and the new shared key to generate a current session key.
4. The method of claim 2, wherein the determining the current session key generation mode from the at least one session key generation mode based on the indication information sent by the network side includes:
when the indication information is a first indication, determining that the current session key generation mode is a first session key generation mode;
when the indication information is a second indication, determining that the current session key generation mode is a second session key generation mode;
and when the indication information is a third indication, determining that the current session key generation mode is a third session key generation mode.
5. The method of claim 4, wherein the method further comprises:
generating a new shared key shared with the network side when the indication information is a second indication;
the new shared key is saved.
6. A key generation method applied to a network device, the method comprising:
determining a first key based on the long-term key;
determining a current session key generation mode from at least one session key generation mode based on the indication information;
When the authentication of the terminal equipment is successful based on the authentication information and the authentication response sent by the terminal equipment, generating a current session key corresponding to the terminal equipment based on the current session key generation mode;
the at least one session key generation mode at least comprises the following steps: and generating a first session key generation mode of the session key based on the first key and the shared key stored by the network equipment.
7. The method of claim 6, wherein the at least one session key generation manner further comprises: generating a second session key generation mode of the session key based on the first key and the new shared key;
and taking the first key as a third session key generation mode of the current session key.
8. The method of claim 7, wherein the first session key generation manner specifically comprises: carrying out hash operation on the first key and the shared key stored by the terminal equipment to generate a session key;
the second session key generation mode specifically includes: and carrying out hash operation on the first key and the new shared key to generate a current session key.
9. The method of claim 7, wherein the determining the current session key generation mode from the at least one session key generation mode based on the indication information comprises:
when the indication information is a first indication, determining that the current session key generation mode is a first session key generation mode;
when the indication information is a second indication, determining that the current session key generation mode is a second session key generation mode;
and when the indication information is a third indication, determining that the current session key generation mode is a third session key generation mode.
10. The method of claim 9, wherein the method further comprises:
generating a new shared key shared with the terminal equipment when the indication information is a second indication;
the new shared key is saved.
11. A terminal device, comprising:
the first communication unit is used for receiving the indication information and the authentication information sent by the network side;
a first key generation unit for determining a first key based on the long-term key; determining a current session key generation mode from at least one session key generation mode based on the indication information sent by the network side; generating an authentication response and transmitting the authentication response to the network side when the authentication information transmitted by the network side successfully authenticates the network side, and generating a current session key based on the current session key generation mode;
The at least one session key generation mode at least comprises the following steps: and generating a first session key generation mode of the session key based on the first key and the shared key stored by the terminal equipment.
12. A terminal device, comprising:
the first communication interface is used for receiving the indication information and the authentication information sent by the network side;
a first processor for determining a first key based on the long-term key; determining a current session key generation mode from at least one session key generation mode based on the indication information sent by the network side; generating an authentication response and transmitting the authentication response to the network side when the authentication information transmitted by the network side successfully authenticates the network side, and generating a current session key based on the current session key generation mode;
the at least one session key generation mode at least comprises the following steps: and generating a first session key generation mode of the session key based on the first key and the shared key stored by the terminal equipment.
13. The terminal device of claim 12, wherein the at least one session key generation manner further includes: generating a second session key generation mode of the session key based on the first key and the new shared key;
And taking the first key as a third session key generation mode of the current session key.
14. The terminal device of claim 13, wherein the first session key generation manner specifically includes: carrying out hash operation on the first key and the shared key stored by the terminal equipment to generate a session key;
the second session key generation mode specifically includes: and carrying out hash operation on the first key and the new shared key to generate a current session key.
15. The terminal device of claim 13, wherein the first processor is specifically configured to determine that the current session key generation manner is a first session key generation manner when the indication information is a first indication; when the indication information is a second indication, determining that the current session key generation mode is a second session key generation mode; and when the indication information is a third indication, determining that the current session key generation mode is a third session key generation mode.
16. The terminal device of claim 15, wherein the first processor is further configured to generate a new shared key shared with the network side when the indication information is a second indication; the new shared key is saved.
17. A network device, comprising:
a second communication unit for transmitting the indication information and the authentication information to the terminal device;
a second key generation unit for determining the first key based on the long-term key; determining a current session key generation mode from at least one session key generation mode based on the indication information; when the authentication of the terminal equipment is successful based on the authentication information and the authentication response sent by the terminal equipment, generating a current session key corresponding to the terminal equipment based on the current session key generation mode;
the at least one session key generation mode at least comprises the following steps: and generating a first session key generation mode of the session key based on the first key and the shared key stored by the network equipment.
18. A network device, comprising:
the second communication interface is used for sending indication information and authentication information to the terminal equipment;
a second processor for determining a first key based on the long-term key; determining a current session key generation mode from at least one session key generation mode based on the indication information; when the authentication of the terminal equipment is successful based on the authentication information and the authentication response sent by the terminal equipment, generating a current session key corresponding to the terminal equipment based on the current session key generation mode;
The at least one session key generation mode at least comprises the following steps: and generating a first session key generation mode of the session key based on the first key and the shared key stored by the network equipment.
19. The network device of claim 18, wherein the at least one session key generation manner further comprises: generating a second session key generation mode of the session key based on the first key and the new shared key;
and taking the first key as a third session key generation mode of the current session key.
20. The network device of claim 19, wherein the first session key generation means specifically comprises: carrying out hash operation on the first key and the shared key stored by the terminal equipment to generate a session key;
the second session key generation mode specifically includes: and carrying out hash operation on the first key and the new shared key to generate a current session key.
21. The network device of claim 19, wherein the second processor is specifically configured to determine that the current session key generation manner is a first session key generation manner when the indication information is a first indication; when the indication information is a second indication, determining that the current session key generation mode is a second session key generation mode; and when the indication information is a third indication, determining that the current session key generation mode is a third session key generation mode.
22. The network device of claim 21, wherein the second processor is further configured to generate a new shared key shared with the terminal device when the indication information is a second indication; the new shared key is saved.
23. A computer storage medium having stored thereon a computer program, wherein the computer program when executed by a processor realizes the steps of the method according to any of claims 1-5.
24. A computer storage medium having stored thereon a computer program, wherein the computer program when executed by a processor realizes the steps of the method according to any of claims 6-10.
25. A key generation system, wherein the system comprises: at least one terminal equipment, authentication service function AUSF entity; wherein,,
the terminal equipment is used for determining a first key based on the long-term key; determining a current session key generation mode from at least one session key generation mode based on the indication information sent by the network side; generating an authentication response and transmitting the authentication response to the network side when the authentication information transmitted by the network side successfully authenticates the network side, and generating a current session key based on the current session key generation mode;
The AUSF entity for determining a first key based on the long-term key; determining a current session key generation mode from at least one session key generation mode based on the indication information; when the authentication of the terminal equipment is successful based on the authentication information and the authentication response sent by the terminal equipment, generating a current session key corresponding to the terminal equipment based on the current session key generation mode;
the at least one session key generation mode at least comprises the following steps: and generating a first session key generation mode of the session key based on the first key and the shared key stored by the network equipment.
26. The system of claim 25, wherein the at least one session key generation manner further comprises: generating a second session key generation mode of the session key based on the first key and the new shared key; and taking the first key as a third session key generation mode of the current session key.
27. The system of claim 26, wherein the terminal device is configured to perform a hash operation on the first key and a shared key stored by the terminal device to generate a current session key; the second session key generation mode specifically includes: carrying out hash operation on the first key and the new shared key to generate a current session key;
The AUSF entity is used for carrying out hash operation on the first key and the shared key stored by the terminal equipment to generate a current session key; the second session key generation mode specifically includes: and carrying out hash operation on the first key and the new shared key to generate a current session key.
28. The system of claim 27, wherein the terminal device is configured to determine that the current session key generation manner is a first session key generation manner when the indication information is a first indication; when the indication information is a second indication, determining that the current session key generation mode is a second session key generation mode; when the indication information is a third indication, determining that the current session key generation mode is a third session key generation mode;
the AUSF entity is used for determining that the current session key generation mode is a first session key generation mode when the indication information is a first indication; when the indication information is a second indication, determining that the current session key generation mode is a second session key generation mode; and when the indication information is a third indication, determining that the current session key generation mode is a third session key generation mode.
29. The system according to claim 28, wherein the terminal device is configured to generate a new shared key shared with the network side when the indication information is a second indication; saving the new shared key;
the AUSF entity is used for generating a new shared key shared with the terminal equipment when the indication information is a second indication; the new shared key is saved.
CN201910000545.5A 2019-01-02 2019-01-02 A key generation method, terminal equipment and network equipment Active CN111404669B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910000545.5A CN111404669B (en) 2019-01-02 2019-01-02 A key generation method, terminal equipment and network equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910000545.5A CN111404669B (en) 2019-01-02 2019-01-02 A key generation method, terminal equipment and network equipment

Publications (2)

Publication Number Publication Date
CN111404669A CN111404669A (en) 2020-07-10
CN111404669B true CN111404669B (en) 2023-05-09

Family

ID=71430135

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910000545.5A Active CN111404669B (en) 2019-01-02 2019-01-02 A key generation method, terminal equipment and network equipment

Country Status (1)

Country Link
CN (1) CN111404669B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114125834A (en) * 2020-09-01 2022-03-01 大唐移动通信设备有限公司 Method, terminal, network side equipment and device for determining application layer key

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104917605A (en) * 2014-03-14 2015-09-16 华为技术有限公司 Key negotiation method and device during terminal device switching
CN106888092A (en) * 2016-09-12 2017-06-23 中国移动通信有限公司研究院 Information processing method and device
CN107820239A (en) * 2016-09-12 2018-03-20 中国移动通信有限公司研究院 Information processing method and device
CN109041057A (en) * 2018-08-08 2018-12-18 兴唐通信科技有限公司 Authorizing procedure safety Enhancement Method between a kind of core network element based on 5G AKA

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103987037A (en) * 2014-05-28 2014-08-13 大唐移动通信设备有限公司 Secret communication implementation method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104917605A (en) * 2014-03-14 2015-09-16 华为技术有限公司 Key negotiation method and device during terminal device switching
CN106888092A (en) * 2016-09-12 2017-06-23 中国移动通信有限公司研究院 Information processing method and device
CN107820239A (en) * 2016-09-12 2018-03-20 中国移动通信有限公司研究院 Information processing method and device
CN109041057A (en) * 2018-08-08 2018-12-18 兴唐通信科技有限公司 Authorizing procedure safety Enhancement Method between a kind of core network element based on 5G AKA

Also Published As

Publication number Publication date
CN111404669A (en) 2020-07-10

Similar Documents

Publication Publication Date Title
US8559633B2 (en) Method and device for generating local interface key
Li et al. Group-based authentication and key agreement with dynamic policy updating for MTC in LTE-A networks
US11496320B2 (en) Registration method and apparatus based on service-based architecture
CN105162772B (en) A kind of internet of things equipment certifiede-mail protocol method and apparatus
EP3308519B1 (en) System, apparatus and method for transferring ownership of a device from manufacturer to user using an embedded resource
He et al. Handover authentication for mobile networks: security and efficiency aspects
CN101194529A (en) Method for negotiating a security key between at least one first communication user and a second communication user to secure a communication connection
Sun et al. Privacy-preserving device discovery and authentication scheme for D2D communication in 3GPP 5G HetNet
CN110831002B (en) Method and device for key deduction and computing storage medium
Chen et al. A dual-factor access authentication scheme for IoT terminal in 5G environments with network slice selection
CN101990201B (en) Method, system and device for generating general bootstrapping architecture (GBA) secret key
CN108880813A (en) A kind of implementation method and device of attachment flow
CN112514436A (en) Secure, authenticated communication between initiator and responder
CN213938340U (en) 5G Application Access Authentication Network Architecture
AU2020204946B2 (en) Key generation method, terminal device and network device
CN111404669B (en) A key generation method, terminal equipment and network equipment
Saxena et al. NS-AKA: An improved and efficient AKA protocol for 3G (UMTS) networks
WO2020140929A1 (en) Key generation method, ue, and network device
CN118573483A (en) Network security management method and related equipment
US20200366474A1 (en) Private key generation method and device
CN111404667B (en) Key generation method, terminal equipment and network equipment
CN109586913B (en) Security authentication method, security authentication device, communication device, and storage medium
CN102487505B (en) Access authentication method of sensor node, apparatus thereof and system thereof
CN117692902B (en) Intelligent home interaction method and system based on embedded home gateway
He et al. A secure and lightweight user authentication scheme with anonymity for the global mobility network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant