CN114553405A

CN114553405A - 5G secondary authentication method and system based on SM9 cryptographic algorithm

Info

Publication number: CN114553405A
Application number: CN202210133477.1A
Authority: CN
Inventors: 王睿; 刘新; 张旭; 张昊; 马雷; 刘冬兰; 申兆岩; 张方哲; 于灏; 苏冰; 姚洪磊; 孙莉莉; 赵勇; 赵洋; 吕国栋; 井俊双
Original assignee: State Grid Corp of China SGCC; Electric Power Research Institute of State Grid Shandong Electric Power Co Ltd
Current assignee: State Grid Corp of China SGCC; Electric Power Research Institute of State Grid Shandong Electric Power Co Ltd
Priority date: 2022-02-10
Filing date: 2022-02-10
Publication date: 2022-05-27

Abstract

The embodiment of the application discloses a 5G secondary authentication method and a system based on a SM9 cryptographic algorithm, wherein the method comprises the following steps: the AAA server receives a UE authentication request message sent by a session management function module, wherein the UE authentication request message carries a signed message and a digital signature thereof; the signed message and its digital signature are obtained by the UE from the SM9 key center; and the AAA server judges whether the UE is successfully verified according to the message to be verified and the digital signature thereof, if so, returns a secondary authentication success result, otherwise, the secondary authentication fails. The embodiment of the application combines the SM9 encryption algorithm and the 5G secondary authentication, and greatly improves the safety and accuracy of the 5G secondary authentication.

Description

5G secondary authentication method and system based on SM9 cryptographic algorithm

Technical Field

The embodiment of the application relates to the technical field of communication, in particular to a 5G secondary authentication method and a system based on a SM9 cryptographic algorithm.

Background

The national cipher algorithm is a series of algorithms which are set by the national cipher bureau. The encryption algorithm comprises a symmetric encryption algorithm, an elliptic curve asymmetric encryption algorithm and a hash algorithm, and specifically comprises SM3, SM4, SM9 and the like. The national cryptographic algorithm is widely applied to scenes such as data encryption and digital signatures. Because of the importance of the country on information security, the national cryptographic algorithm is now widely used. The SM9 algorithm does not need to apply for a digital certificate, and is suitable for security guarantee of various emerging applications of Internet application. Such as password service based on cloud technology, e-mail security, intelligent terminal protection, internet of things security, cloud storage security, and the like. The security applications can adopt mobile phone numbers or mail addresses as public keys to realize security applications such as data encryption, identity authentication, call encryption, channel encryption and the like, and have the characteristics of convenient use and easy deployment. The SM9 algorithm has the above advantages, and is therefore very suitable as an encryption algorithm in a 5G secondary authentication process.

The emergence of 5G technology has injected new forces into the development of power technology, accelerating the pace of power technology. But at the same time a high wire speed and a low delay are accompanied by a high risk. The security risk faced by 5G is therefore not negligible. With 5G network slice technology alone, security threats mainly come from the network slice itself as well as from network virtualization. The unauthorized access to the network slice is caused by illegal operation of an unauthorized user on the network slice or operation of an authorized user on the network slice in an unauthorized manner, so that the access of a legal user to the network slice is influenced, normal communication between users cannot be realized, and even information is intercepted and data is stolen.

Therefore, the security hole of unauthorized access to the network slice is an urgent problem to be solved.

Disclosure of Invention

Therefore, the embodiment of the application provides a 5G secondary authentication method and a system based on a SM9 cryptographic algorithm, and combines the SM9 encryption algorithm with the 5G secondary authentication, so that the safety and the accuracy of the 5G secondary authentication are greatly improved.

In order to achieve the above object, the embodiments of the present application provide the following technical solutions:

according to a first aspect of the embodiments of the present application, there is provided a 5G secondary authentication method based on a cryptographic SM9 algorithm, the method including:

the AAA server receives a UE authentication request message sent by a session management function module, wherein the UE authentication request message carries a signed message and a digital signature thereof; the signed message and its digital signature are obtained by the UE from the SM9 key center;

and the AAA server judges whether the UE is successfully verified according to the message to be verified and the digital signature thereof, if so, returns a secondary authentication success result, otherwise, the secondary authentication fails.

Optionally, the method further comprises:

the UE sends a signature private key request message to an SM9 key center based on the user ID and the message to be signed so as to obtain a signature private key of the UE, and signs the message to be signed so as to obtain the signed message and a digital signature thereof.

Optionally, the signature private key generation process of the UE includes the following steps:

randomly selecting ks E [1, q-1 ]]As the signature master private key, where q is the addition cyclic group G₁、G₂And multiplication cyclic group G_TThe order of (1);

calculating P_{pub_s}＝ks·P₂As a signature master public key, where P₂Is G₂A generator of (2);

calculating t₁H (ID | | hid, q) + ks to judge whether the signature main private key needs to be regenerated, if t₁If 0, the signature main private key needs to be generated again; wherein hid is a function identifier selected by the KGC key generation center, and H is a cryptographic function derived from a cryptographic hash function specified in SM 9;

calculating t₂＝ks·t₁ ^-1mod q to compute the user signature private key D_ID；t₁ ^-1Is the inverse of the multiplication;

calculating D_ID＝t₂·P₁As the user's private signature key; wherein P is₁Is a group G₁The generator of (1).

Optionally, the signing the message to be signed includes the following steps:

calculating g ═ e (P)₁,P_{pub_s}) Where G is a multiplication cycle group G_TIs from G, e () is₁×G₂To G_TBilinear pair of, G₁、G₂Is an additive cyclic group;

calculating w ═ g^rAnd converting the data type of w into a bit string; random numberr∈[1,q-1]W is G_TThe elements of (1);

calculating H ═ H (m | | | w, q), where m is the message to be signed, H is a part of the message m signature, H is the cryptographic function derived from the cryptographic hash function specified in SM 9;

calculating l ═ (r-h) mod q;

judging whether l is equal to 0, if so, returning to the step of calculating w, and otherwise, continuing the next step;

calculating S ═ l.D_ID，D_IDSigning a private key for a user;

determining a digital signature (h, S);

outputting the signed message m and its digital signature (h, S).

Optionally, the AAA server determines whether the UE is successfully verified according to the message to be verified and the digital signature thereof, including the following steps:

checking whether h '[ 1,1-q ] is true, if so, continuing the next step, otherwise, not passing the verification, wherein h' is a digital signature (h ', S') to be verified, which is received by the AAA server and comes from the UE;

checking that S' belongs to G₁If yes, continuing the next step, otherwise, not passing the verification, wherein S ' is the digital signature (h ', S ') to be verified received by the AAA server from the UE, G₁Is an addition cycle group of order prime q;

computing group G_TWherein the element g ═ e (P)₁,P_{pub_s})，G_TIs a multiplicative cyclic group of order prime q;

computing group G_TWherein t is g^h’For subsequent verification;

calculating the integer h₁H (ID | | hid, q), where hid is a function identifier chosen by the KGC key generation center, and H is a cryptographic function derived from a cryptographic hash function as specified in SM 9;

computing group G₂Wherein the element P ═ h₁P₂+P_{pub_s}In which P is₂Is G₂A generator of (2);

computing group G_TThe element u ═ e (S', P);

computing group G_TAnd converting the data type of w' into a bit string;

calculating the integer h₂H (m ' | w ', q), m ' is the message to be authenticated;

inspection h₂And if the h 'is equal to the h', the verification is passed, and otherwise, the verification fails.

Optionally, the SM9 key center sends the message to be signed and the user ID to the UE and the AAA server, respectively.

Optionally, the method further comprises:

after the session management function module SMF sends a UE authentication request message to the AAA server, an authentication channel between the session management function module SMF and the AAA server is established.

According to a second aspect of the embodiments of the present application, there is provided a 5G secondary authentication system based on the secret SM9 algorithm, the system including:

a message receiving module, configured to receive, by an AAA server, a UE authentication request message sent by a session management function module SMF, where the UE authentication request message carries a signed message and a digital signature thereof; the signed message and its digital signature are obtained by the UE from the SM9 key center;

and the verification module is used for judging whether the UE is successfully verified or not by the AAA server according to the message to be verified and the digital signature thereof, if so, returning a secondary authentication success result, and otherwise, failing the secondary authentication.

Optionally, the system further comprises:

and the UE message sending module is used for sending a signature private key request message to the SM9 key center by the UE based on the user ID and the message to be signed so as to obtain the signature private key of the UE and sign the message to be signed to obtain the signed message and the digital signature thereof.

Optionally, the system further comprises:

the UE signing module is used for signing the message m to be signed and comprises the following steps:

calculating g ═ e (P)₁,P_{pub_s}) Wherein G is a group G_TIs from G, e () is₁×G₂To G_TBilinear pairs of (c);

calculating w ═ g^rAnd converting the data type of w into a bit string; random number r is belonged to [1, q-1 ]]W is G_TThe elements of (1);

calculating H ═ H (m | | | w, q), where m is the message to be signed and H is part of the message m signature;

calculating l ═ (r-h) mod q;

calculating S ═ l.D_ID；

Determining a digital signature (h, S);

outputting the signed message m and its digital signature (h, S).

Optionally, the verification module is specifically configured to:

computing group G_TWherein g is e (P)₁,P_{pub_s})，G_TIs a multiplicative cyclic group of order prime q;

computing group G_TWherein t is g^h’For subsequent verification;

calculating the integer h₁＝H(ID||hid,q)；

Computing group G₂Wherein the element P ═ h₁P₂+P_{pub_s}；

Computing group G_TThe element u ═ e (S', P);

computing group G_TAnd converting the data type of w' into a bit string;

Optionally, the system parameter includes a message m to be signed and a user ID; the SM9 key center sends the system parameters to the UE and AAA server, respectively.

Optionally, the system further comprises:

and the SMF channel establishing module is used for establishing an authentication channel between the session management function module and the AAA server after the session management function module sends the UE authentication request message to the AAA server.

According to a third aspect of embodiments herein, there is provided an apparatus comprising: the device comprises a data acquisition device, a processor and a memory; the data acquisition device is used for acquiring data; the memory is to store one or more program instructions; the processor is configured to execute one or more program instructions to perform the method of any of the first aspect.

According to a fourth aspect of embodiments herein, there is provided a computer-readable storage medium having one or more program instructions embodied therein for performing the method of any of the first aspects.

In summary, the embodiment of the present application provides a 5G secondary authentication method and system based on a cryptographic SM9 algorithm, where an AAA server receives a UE authentication request message sent by an SMF, where the UE authentication request message carries a message m and a digital signature thereof; the message m and its digital signature are obtained by the UE from the SM9 key center; and the AAA server judges whether the UE is successfully verified according to the message m and the digital signature thereof, if so, returns a secondary authentication success result, otherwise, the secondary authentication fails. The SM9 encryption algorithm is combined with the 5G secondary authentication, so that the safety and the accuracy of the 5G secondary authentication are greatly improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It should be apparent that the drawings in the following description are merely exemplary, and that other embodiments can be derived from the drawings provided by those of ordinary skill in the art without inventive effort.

The structures, ratios, sizes, and the like shown in the present specification are only used for matching with the contents disclosed in the specification, so that those skilled in the art can understand and read the present invention, and do not limit the conditions for implementing the present invention, so that the present invention has no technical significance, and any structural modifications, changes in the ratio relationship, or adjustments of the sizes, without affecting the functions and purposes of the present invention, should still fall within the scope of the present invention.

FIG. 1 is a schematic diagram of an EAP framework provided by an embodiment of the present application;

fig. 2 is a schematic diagram of a 5G SA networking architecture according to an embodiment of the present application;

fig. 3 is a flowchart of a 5G secondary authentication method based on a cryptographic SM9 algorithm according to an embodiment of the present application;

fig. 4 is a flowchart of secondary authentication provided in the embodiment of the present application;

fig. 5 is a schematic diagram of an embodiment of 5G secondary authentication based on a secret SM9 algorithm according to the present application;

fig. 6 is a block diagram of a 5G secondary authentication system based on a secret SM9 algorithm according to an embodiment of the present application.

Detailed Description

The present invention is described in terms of particular embodiments, other advantages and features of the invention will become apparent to those skilled in the art from the following disclosure, and it is to be understood that the described embodiments are merely exemplary of the invention and that it is not intended to limit the invention to the particular embodiments disclosed. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

With the rapid development of the times, scientific technology is continuously innovated and improved, wherein the communication technology is developed rapidly, and conditional support is provided for the update of the mobile communication technology. Nowadays, mobile communication technology has advanced into the 5G era, compared with 4G, the 5G peak rate is more than ten times of the former, the transmission delay can reach millisecond level, and the connection capacity can reach million levels per square kilometer. The development of 5G has also accelerated the pace of the industry vertical. In order to meet the differentiated requirements of different industries, a network slicing technology is introduced into 5G.

The network slicing is to divide the physical network of an operator into a plurality of end-to-end virtual networks according to different service requirements, wherein each virtual network comprises devices, access networks, transmission networks and core networks which are logically independent, and any virtual network fails to influence other virtual networks, so that a dedicated physical network is prevented from being established for each service, and the cost is greatly saved. In order to prevent unauthorized users from accessing the network slice, 5G proposes that users accessing the network slice can be authenticated secondarily to ensure the security of the network.

The basic security requirements at the terminal side are related to network communication on the one hand and the terminal itself on the other hand. In the aspect of network communication, the situation that a terminal may face identity theft, data theft and tampering in a wireless environment needs to be considered; the hardware security threat of the terminal mainly comes from bugs existing in the design of a terminal chip or the deficiency of the security protection of a hardware system, and the bugs and the deficiency may cause security risks such as sensitive data leakage and data tampering; the software security of the terminal needs to consider the security of an operating system and various application security in operation, and an attacker can control and change the terminal software by launching injection attack and phishing attack on the software system. Therefore, the significance of 5G secondary authentication for information security is self-evident.

The security problem of the 5G network slice is mainly attributed to the following four aspects:

(1) the communication between the network slices is safe.

When network slices are used in a private network, the network slices communicate with each other. Communication is also required between different network slices, such as RAN network slices and core network slices. When the communication interface is attacked, the confidentiality and integrity of the network slice are damaged, so that the network slice cannot work normally, and even communication contents can be stolen.

(2) Information leakage, attack and interference between network slices.

When a user accesses a plurality of network slices simultaneously, the network slices may be attacked, and the security, confidentiality and integrity of data among the slices cannot be effectively guaranteed. Once information leakage occurs between network slices, the security of the network data and the user data is not guaranteed. When information is leaked, an attacker can occupy network slice resources to cause resource shortage, and thus DoS attack is carried out on the network slice. In order to deal with threats such as information leakage, attack, interference and the like among network slices, a corresponding security mechanism and a corresponding protection system need to be equipped for the network slices so as to limit the data information from flowing among the slices.

(3) Security of network slice interaction with third parties.

The network slice allows an authorized third party to create and manage the network slice through a suitable API interface. The network slice information can be obtained through the API interface, and slices are managed, an attacker can use the third-party API to attack the slices, illegally obtain data of the network slices, or destroy the normal functions of the network slices.

(4) Unauthorized access to the network slice.

Unauthorized access to the network slice is caused by illegal operation of an unauthorized user on the network slice or operation of the network slice by an authorized user in an unauthorized manner, so that access of a legal user to the network slice is influenced, normal communication between users cannot be achieved, and even information is intercepted and data is stolen.

Aiming at the security vulnerability of the unauthorized access network slice, the embodiment of the application provides that an SM9 encryption algorithm is combined with 5G secondary authentication to solve the security problem of the unauthorized access network slice.

First, a framework of 5G secondary authentication is given. According to the 3GPP standard TS33.503, the EPA framework specified in RFC3748 should be used for secondary authentication between a terminal (User Equipment, UE) and a DA-AAA server located in an external Data Network (DN). EAP (extensible authentication protocol) is an identity authentication framework that supports multiple identity authentication methods.

The EAP framework consists of three parts: client, Authenticator and Authenticator Server. A client is an authenticated entity, typically a network user; the Authentication server is used for verifying the identity of the user, and is usually an AAA (Authentication, Authorization, Accounting, verification, Authorization, Accounting) server. The authenticator forwards EAP messages between the user and the authentication server, and fig. 1 shows a typical EAP framework.

The EAP framework has great flexibility and the authenticator typically requests enough information from the client to determine the authentication method to use. The EAP framework allows the use of a back-end authentication server, which can be used to implement various authentication methods, and the authenticator only needs to pass through messages between the client and the back-end authentication server.

Second, a 5G SA networking architecture is presented as shown in fig. 2. The AMF is an access and mobility management module, and is similar to the NAS access control function in the 4G MME; the SMF is a session management function module; the UPF is a user plane function module; the UDM is a unified data management module, similar to HSS, SPR and the like in 4G; the PCF is a policy control function module, similar to the PCRF in 4G; AUSF is an authentication server function module, similar to HSS authentication function in 4G; NEF is network capability opening module; NSSF is a network slice selection function module which is a 5G new function and is used for network slice selection; the NRF is a network registration function module and also is a 5G newly added function, and is similar to an enhanced DNS function.

Fig. 3 shows a 5G secondary authentication method based on a cryptographic SM9 algorithm provided in an embodiment of the present application, where the method includes:

step 301: the AAA server receives a UE authentication request message sent by a session management function module (SMF), wherein the UE authentication request message carries a signed message m and a digital signature thereof; the signed message m and its digital signature are obtained by the UE from the SM9 key center;

step 302: and the AAA server judges whether the UE is successfully verified according to the message m' to be verified and the digital signature thereof, if so, returns a secondary authentication success result, otherwise, the secondary authentication fails.

In one possible embodiment, the method further comprises: the UE sends a signature private key request message to an SM9 key center based on the user ID and the message m to be signed so as to obtain the signature private key of the UE, and signs the message m to obtain the signed message m and the digital signature thereof.

In one possible implementation, the signature private key generation process of the UE includes the following steps:

randomly selecting ks E [1, q-1 ]]As a signature master private key; where q is the addition cycleGroup G₁、G₂And multiplication cyclic group G_TThe order of (1) is specifically referred to as a bilinear pairing algorithm;

calculating P_{pub_s}＝ks·P₂As a public key; wherein P is₂Is a group G₂A generator of (2);

calculating t₁＝H(ID||hid,q)+ks；t₁The function of the method is to judge whether the signature main private key needs to be regenerated or not, if t, the signature main private key needs to be regenerated₁If 0, the signature master private key needs to be regenerated. Wherein hid is selected and disclosed by the KGC key generation center as a function identifier, and H denotes a cryptographic function derived from a cryptographic hash function specified in SM 9;

calculating t₂＝ks·t₁ ^-1mod q；t₁ ^-1Is the inverse of the multiplication, t₂For calculating the private key D of the user signature_ID(ii) a mod is the remainder function;

calculating D_ID＝t₂·P₁As the private signature key of the user. Wherein P is₁Is a group G₁The generator of (1).

In a possible implementation, the signing the message m to be signed includes the following steps:

calculating g ═ e (P)₁,P_{pub_s}) (ii) a Wherein G is a group G_TIs from G, e () is₁×G₂To G_TBilinear pairs of (c);

calculating w ═ g^r(ii) a Random number r is belonged to [1, q-1 ]](ii) a And converting the data type of w into a bit string, where w is G_TThe elements of (1);

calculating H ═ H (m | | | w, q); wherein m is the message to be signed and h is a part of the signature of the message m;

calculating l ═ (r-h) mod q;

calculating S ═ l.D_ID；

Determining a digital signature (h, S);

outputting the signed message m and its digital signature (h, S), which is the correct digital signature.

In a possible implementation manner, the AAA server determines whether the UE is successfully authenticated according to the message m' to be authenticated and the digital signature thereof, including the following steps:

checking whether h' epsilon [1,1-q ] is established or not, if so, continuing the next step, otherwise, not passing the verification; where h ' is the digital signature (h ', S ') to be verified from the UE received by the AAA server, (h ', S ') is the digital signature to be verified, and it cannot be determined whether it is correct;

checking that S' belongs to G₁If yes, continuing the next step, otherwise, not passing the verification; wherein S ' is the digital signature (h ', S ') to be verified received by the AAA server from the UE, G₁Is an addition cycle group of order prime q;

computing group G_TWherein g is e (P)₁,P_{pub_s})；G_TIs a multiplicative cyclic group of order prime q;

computing group G_TWherein t is g^h’For subsequent verification;

calculating the integer h₁＝H(ID||hid,q)；

Computing group G₂Wherein the element P ═ h₁P₂+P_{pub_s}；

Computing group G_TThe element u ═ e (S', P);

computing group G_TWherein w' is u.t; converting the data type of w' into a bit string;

The above parameter definitions are all from the SM9 national secret standard specification.

In one possible embodiment, the system parameters: i.e. the original data of the user, including the message m to be signed and the user ID. The SM9 key center sends the system parameters to the UE and AAA server, respectively.

In one possible embodiment, the method further comprises:

after SMF sends UE authentication request message to AAA server, it establishes authentication channel between SMF and AAA.

The embodiment of the application provides a 5G secondary authentication method and a system based on a SM9 cryptographic algorithm, and combines an SM9 encryption algorithm with 5G secondary authentication, so that the efficiency and accuracy of the secondary authentication are greatly improved. The present application will be described in further detail with reference to the following drawings and examples.

According to the 5G secondary authentication framework and the SA networking architecture, a flow chart for providing secondary authentication is shown in FIG. 4. The SMF network element sends a message for starting authentication to the AAA server, establishes an authentication channel between the SMF network element and the AAA server, and then the UE and the AAA server carry out EAP-Request/EAP-Response message interaction for a plurality of times, and finally the AAA server judges whether the UE is successfully authenticated.

After determining the secondary authentication process, the SM9 algorithm is incorporated in the authentication process. The SM9 signature cipher algorithm is a R-ate bilinear pairing based signature cipher algorithm that was released in 2015 as a national cipher industry standard. As shown in fig. 5, in the method of this embodiment, the user obtains its own private signature key from the SM9 key center, signs the message m, and as long as the AAA server obtains the identity information of the user, the AAA server can obtain the public key of the user, and verifies the signature. The SM9 cryptographic algorithm is applied and managed without a digital certificate, a certificate library or a key library, and the light-weight identification algorithm SM9 can provide support for communication security of the power 5G terminal.

As shown in fig. 5, the method comprises the steps of:

step 1: the UE acquires a user ID and a message m to be signed;

step 2: the UE applies for a self signature private key from an SM9 key center and signs a message m to be signed;

and step 3: SMF sends authentication request to AAA server;

and 4, step 4: the AAA server obtains the identity information (digital signature and message m') of the user, and then the AAA server can obtain the public key of the user to verify the signature;

and 5: the AAA server returns the result to the UE.

The method comprises the following main processes: and generating a private key of the UE- > signing the message m by the UE- > SMF initiating authentication- > AAA server signature verification- > returning a result. The UE obtains a self signature private key from an SM9 key center to sign the message m; UE outputs message m and its digital signature; the SMF initiates authentication to the AAA server and establishes an authentication channel between the SMF and the AAA server; the AAA server obtains the identity information (digital signature and message m') of the user from the UE, and judges whether the UE is successfully authenticated or not by the AAA server; if the final returned result is that the verification is successful, the secondary authentication is successful, otherwise, the secondary authentication fails.

In summary, the embodiment of the present application provides a 5G secondary authentication method based on a cryptographic SM9 algorithm, where an AAA server receives a UE authentication request message sent by an SMF, where the UE authentication request message carries a signed message m and a digital signature thereof; the signed message m and its digital signature are obtained by the UE from the SM9 key center; and the AAA server judges whether the UE is successfully verified according to the message m' to be verified and the digital signature thereof, if so, returns a secondary authentication success result, otherwise, the secondary authentication fails. The SM9 encryption algorithm is combined with the 5G secondary authentication, so that the safety and the accuracy of the 5G secondary authentication are greatly improved.

Based on the same technical concept, the embodiment of the present application further provides a 5G secondary authentication system based on a cryptographic SM9 algorithm, as shown in fig. 6, the system includes:

a message receiving module 601, configured to receive, by an AAA server, a UE authentication request message sent by a session management function module SMF, where the UE authentication request message carries a signed message m and a digital signature thereof; the signed message m and its digital signature are obtained by the UE from the SM9 key center;

and the verification module 602 is configured to determine, by the AAA server, whether the UE is successfully verified according to the message m' to be verified and the digital signature thereof, and if the UE is successfully verified, return a result of successful secondary authentication, otherwise, fail the secondary authentication.

In one possible embodiment, the system further comprises: and the UE message sending module is used for sending a signature private key request message to the SM9 key center by the UE based on the user ID and the message m to be signed so as to obtain the signature private key of the UE, and signing the message m to be signed to obtain the signed message m and the digital signature thereof.

In one possible embodiment, the system further comprises:

calculating l ═ (r-h) mod q;

calculating S ═ l.D_ID；

Determining a digital signature (h, S);

outputting the signed message m and its digital signature (h, S).

In a possible implementation, the verification module 602 is specifically configured to:

computing group G_TWherein t is g^h’For subsequent verification;

calculating the integer h₁＝H(ID||hid,q)；

Computing group G₂Wherein the element P ═ h₁P₂+P_{pub_s}；

Computing group G_TThe element u ═ e (S', P);

computing group G_TThe element w 'in the sequence is u.t, and the data type of w' is converted into a bit string;

In a possible embodiment, the system parameters include the message m to be signed and the user ID; the SM9 key center sends the system parameters to the UE and AAA server, respectively.

In one possible embodiment, the system further comprises:

SMF channel establishing module, which is used for establishing the authentication channel between SMF and AAA after SMF sends UE authentication request message to AAA server.

Based on the same technical concept, an embodiment of the present application further provides an apparatus, including: the device comprises a data acquisition device, a processor and a memory; the data acquisition device is used for acquiring data; the memory is to store one or more program instructions; the processor is configured to execute one or more program instructions to perform the method.

Based on the same technical concept, the embodiment of the present application also provides a computer-readable storage medium, wherein the computer-readable storage medium contains one or more program instructions, and the one or more program instructions are used for executing the method.

In the present specification, each embodiment of the method is described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. Reference is made to the description of the method embodiments.

It should be noted that although the operations of the methods of the present invention are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.

Although the present application provides method steps as in embodiments or flowcharts, additional or fewer steps may be included based on conventional or non-inventive approaches. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded.

The units, devices, modules, etc. illustrated in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the present application, the functions of each module may be implemented in one or more software and/or hardware, or a module implementing the same function may be implemented by a combination of a plurality of sub-modules or sub-units, and the like. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.

The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.

From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device) to execute the method according to the embodiments or some parts of the embodiments of the present application.

The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The application is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.

The above-mentioned embodiments are further described in detail for the purpose of illustrating the invention, and it should be understood that the above-mentioned embodiments are only illustrative of the present invention and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims

1. The 5G secondary authentication method based on the SM9 cryptographic algorithm is characterized by comprising the following steps:

2. The method of claim 1, wherein the method further comprises:

3. The method of claim 2, wherein the UE's signature private key generation process comprises the steps of:

randomly selecting ks E [1, q-1 ]]As the signature master private key, where q is the addition cyclic group G₁、G₂And multiplication cyclic group G_TThe order of (2);

calculating D_ID＝t₂·P₁As the user's private signature key; wherein P is₁Is a group G₁The generator of (2).

4. The method of claim 2, wherein said signing the message to be signed comprises the steps of:

calculating w ═ g^rAnd converting the data type of w into a bit string; random number r belongs to [1, q-1 ]]W is G_TThe elements of (1);

calculating l ═ (r-h) mod q;

judging whether l is equal to 0, if so, returning to the step of calculating w, otherwise, continuing the next step;

calculating S ═ l.D_ID，D_IDSigning a private key for a user;

determining a digital signature (h, S);

outputting the signed message m and its digital signature (h, S).

5. The method of claim 1, wherein the AAA server determines whether the UE is successfully authenticated based on the message to be authenticated and its digital signature, comprising the steps of:

computing group G_TWherein t is g^h’For subsequent verification;

calculating the integer h₁H (ID | | hid, q), where hid is a function identifier chosen by the KGC key generation center, and H is a cryptographic function derived from a cryptographic hash function specified in SM 9;

computing group G₂Wherein P is h₁P₂+P_{pub_s}In which P is₂Is G₂A generator of (2);

computing group G_TThe element u ═ e (S', P);

computing group G_TAnd converting the data type of w' into a bit string;

6. The method of claim 1, wherein the SM9 key center sends the message to be signed and the user ID to the UE and the AAA server, respectively.

7. The method of claim 1, wherein the method further comprises:

8. 5G secondary authentication system based on SM9 cryptographic algorithm, characterized in that, the system includes:

9. The system of claim 8, wherein the system further comprises:

10. The system of claim 9, wherein the UE's signature private key generation process comprises the steps of:

calculating t₂＝ks·t₁ ^-1moD q to calculate a user signature private key D_ID；t₁ ^-1Is the inverse of the multiplication;

11. The system of claim 9, wherein the system further comprises:

calculating l ═ (r-h) mod q;

calculating S ═ l.D_ID；

Determining a digital signature (h, S);

outputting the signed message m and its digital signature (h, S).

12. The system of claim 8, wherein the verification module is specifically configured to:

computing group G_TWherein t is g^h’For subsequent verification;

calculating the integer h₁＝H(ID||hid,q)；

Computing group G₂Wherein the element P ═ h₁P₂+P_{pub_s}；

Computing group G_TThe element u ═ e (S', P);

computing group G_TAnd converting the data type of w' into a bit string;

inspection h₂And if the current value is equal to h ', the verification is passed, and if the current value is not equal to h', the verification is failed.

13. The system of claim 8, wherein the system parameters include a message m to be signed and a user ID; the SM9 key center sends the system parameters to the UE and AAA server, respectively.

14. The system of claim 8, wherein the system further comprises:

15. An apparatus, characterized in that the apparatus comprises: the device comprises a data acquisition device, a processor and a memory;

the data acquisition device is used for acquiring data; the memory is to store one or more program instructions; the processor, configured to execute one or more program instructions to perform the method of any of claims 1 to 7.

16. A computer readable storage medium having one or more program instructions embodied therein for performing the method of any of claims 1-7.