CN118200912A - Authentication method, authentication device, authentication equipment and readable storage medium - Google Patents

Authentication method, authentication device, authentication equipment and readable storage medium Download PDF

Info

Publication number
CN118200912A
CN118200912A CN202211597093.1A CN202211597093A CN118200912A CN 118200912 A CN118200912 A CN 118200912A CN 202211597093 A CN202211597093 A CN 202211597093A CN 118200912 A CN118200912 A CN 118200912A
Authority
CN
China
Prior art keywords
key
authentication
authentication vector
symmetric key
rand
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211597093.1A
Other languages
Chinese (zh)
Inventor
闫茹
杜海涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN202211597093.1A priority Critical patent/CN118200912A/en
Publication of CN118200912A publication Critical patent/CN118200912A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses an authentication method, an authentication device, authentication equipment and a readable storage medium, and relates to the technical field of communication so as to reduce data processing time delay. The method comprises the following steps: generating an authentication vector which is obtained by calculation by using the symmetric key EK generated in the registration stage; and sending the authentication vector to the terminal. The embodiment of the application can reduce the data processing time delay.

Description

一种认证方法、装置、设备及可读存储介质Authentication method, device, equipment and readable storage medium

技术领域Technical Field

本申请涉及通信技术领域,尤其涉及一种认证方法、装置、设备及可读存储介质。The present application relates to the field of communication technology, and in particular to an authentication method, apparatus, device and readable storage medium.

背景技术Background technique

在移动通信系统的认证体系中,5G系统中采用的5G-AKA(Authentication andKey Agreement,认证与密钥协商)认证增加了归属网络对认证的控制。在5G-AKA链接攻击中,攻击者利用认证向量对其攻击区域内的所有UE(User Equipment,用户设备)进行链接攻击,目标UE会因为其特有的回应而被攻击者识别,从而对目标UE的安全造成不利影响。In the authentication system of mobile communication systems, the 5G-AKA (Authentication and Key Agreement) authentication used in the 5G system increases the control of the home network over authentication. In a 5G-AKA link attack, the attacker uses the authentication vector to launch a link attack on all UEs (User Equipment) in the attack area. The target UE will be identified by the attacker due to its unique response, which will have an adverse impact on the security of the target UE.

针对上述5G-AKA链接攻击,现有技术中的该方案中,UE(User Equip,用户设备)侧和HN(Home network,归属网络)侧增加了对认证向量进行加解密的步骤,保证了UE的安全性。但是,这种方式也增加了数据处理的时延。In response to the above-mentioned 5G-AKA link attack, in the prior art solution, the UE (User Equip) side and the HN (Home network) side added the steps of encrypting and decrypting the authentication vector to ensure the security of the UE. However, this method also increases the delay of data processing.

发明内容Summary of the invention

本申请实施例提供一种认证方法、装置、设备及可读存储介质,以减少数据处理时延。Embodiments of the present application provide an authentication method, apparatus, device, and readable storage medium to reduce data processing delay.

第一方面,本申请实施例提供了一种认证方法,应用于HN,包括:In a first aspect, an embodiment of the present application provides an authentication method, which is applied to an HN, including:

生成认证向量,所述认证向量是利用注册阶段生成的对称密钥EK进行计算获得的;Generate an authentication vector, where the authentication vector is calculated using the symmetric key EK generated during the registration phase;

向终端发送所述认证向量。The authentication vector is sent to the terminal.

可选的,所述认证向量包括:由RAND(随机数),AUTN(Authentication Token,认证令牌),HXRES(Hash eXpected RESponse,哈希期望响应),Kseaf(锚密钥)形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND (random number), AUTN (Authentication Token), HXRES (Hash eXpected RESponse), and Kseaf (anchor key); wherein,

AUTN包括参数CONC和MAC(Message Authentication Code,消息鉴权码)值;所述CONC根据AK(Anonymity Key,匿名密钥)和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes parameters CONC and MAC (Message Authentication Code) value; the CONC is calculated based on AK (Anonymity Key) and the sequence number SQN HN of HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES(Expected Response,期望响应)的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES (Expected Response), where XRES is calculated based on RAND and a shared key k.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

获取所述终端的公钥;Obtaining a public key of the terminal;

根据所述终端的公钥和所述HN的私钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the public key of the terminal and the private key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述方法还包括:Optionally, the method further includes:

接收所述终端的指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。Instruction information from the terminal is received, where the instruction information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

第二方面,本申请实施例提供了一种认证方法,应用于终端,包括:In a second aspect, an embodiment of the present application provides an authentication method, which is applied to a terminal, including:

获取HN的认证向量,所述认证向量是由所述HN利用注册阶段生成的对称密钥EK进行计算获得的;Obtaining an authentication vector of the HN, where the authentication vector is calculated by the HN using the symmetric key EK generated during the registration phase;

根据所述认证向量和所述对称密钥EK进行认证。Authentication is performed according to the authentication vector and the symmetric key EK.

可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述根据所述认证向量和所述对称密钥EK进行认证,包括:Optionally, the performing authentication according to the authentication vector and the symmetric key EK includes:

将所述AUTN拆分成CONC和MAC值;Splitting the AUTN into CONC and MAC values;

根据所述RAND和对称密钥EK计算获得AK;Calculate AK based on the RAND and the symmetric key EK;

根据所述AK和所述CONC计算获得SQNHNCalculate SQN HN according to the AK and the CONC;

根据共享密钥k、SQNHN以及RAND计算获得xMAC值;The xMAC value is calculated based on the shared key k, SQN HN and RAND;

根据所述xMAC值和所述MAC值进行认证。Authentication is performed based on the xMAC value and the MAC value.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

生成公私钥对;Generate a public-private key pair;

根据所述终端的私钥和所述HN的公钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the private key of the terminal and the public key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述方法还包括:Optionally, the method further includes:

向所述HN发送指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。Sending instruction information to the HN, where the instruction information is used to instruct the HN to obtain the authentication vector by using the symmetric key EK.

可选的,所述方法还包括:Optionally, the method further includes:

向所述HN发送所述终端的公钥。The public key of the terminal is sent to the HN.

第三方面,本申请实施例提供了一种认证装置,应用于HN,包括:In a third aspect, an embodiment of the present application provides an authentication device, applied to HN, including:

第一生成模块,用于生成认证向量,所述认证向量是利用注册阶段生成的对称密钥EK进行计算获得的;A first generating module, used to generate an authentication vector, wherein the authentication vector is obtained by calculating using the symmetric key EK generated in the registration phase;

第一发送模块,用于向终端发送所述认证向量。The first sending module is configured to send the authentication vector to a terminal.

可选的,可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a quaternary group formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

获取所述终端的公钥;Obtaining a public key of the terminal;

根据所述终端的公钥和所述HN的私钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the public key of the terminal and the private key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述装置还包括:Optionally, the device further comprises:

第一接收模块,用于接收所述终端的指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。The first receiving module is configured to receive instruction information from the terminal, where the instruction information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

第四方面,本申请实施例提供了一种认证装置,应用于终端,包括:In a fourth aspect, an embodiment of the present application provides an authentication device, applied to a terminal, including:

第一获取模块,用于获取HN的认证向量,所述认证向量是由所述HN利用注册阶段生成的对称密钥EK进行计算获得的;A first acquisition module is used to acquire an authentication vector of the HN, where the authentication vector is calculated by the HN using the symmetric key EK generated in the registration phase;

第一认证模块,用于根据所述认证向量和所述对称密钥EK进行认证。The first authentication module is used to perform authentication according to the authentication vector and the symmetric key EK.

可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述第一认证模块包括:Optionally, the first authentication module includes:

第一处理子模块,用于将所述AUTN拆分成CONC和MAC值;A first processing submodule, configured to split the AUTN into CONC and MAC values;

第一计算子模块,用于根据所述RAND和对称密钥EK计算获得AK;A first calculation submodule, configured to calculate AK according to the RAND and the symmetric key EK;

第二计算子模块,用于根据所述AK和所述CONC计算获得SQNHNA second calculation submodule, configured to calculate and obtain SQN HN according to the AK and the CONC;

第三计算子模块,用于根据共享密钥k、SQNHN以及RAND计算获得xMAC值;The third calculation submodule is used to calculate the xMAC value according to the shared key k, SQN HN and RAND;

第一认证子模块,用于根据所述xMAC值和所述MAC值进行认证。The first authentication submodule is used to perform authentication according to the xMAC value and the MAC value.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

生成公私钥对;Generate a public-private key pair;

根据所述终端的私钥和所述HN的公钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the private key of the terminal and the public key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述装置还可包括:Optionally, the device may further include:

第一发送模块,用于向所述HN发送指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。The first sending module is configured to send instruction information to the HN, where the instruction information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

可选的,所述装置还可包括:Optionally, the device may further include:

第二发送模块,用于向所述HN发送所述终端的公钥。The second sending module is used to send the public key of the terminal to the HN.

第五方面,本申请实施例提供了一种认证装置,应用于HN,包括:处理器和收发器;In a fifth aspect, an embodiment of the present application provides an authentication device, applied to an HN, comprising: a processor and a transceiver;

所述处理器,用于生成认证向量,所述认证向量是利用注册阶段生成的对称密钥EK进行计算获得的;The processor is used to generate an authentication vector, where the authentication vector is calculated using the symmetric key EK generated during the registration phase;

所述收发器,用于向终端发送所述认证向量。The transceiver is used to send the authentication vector to the terminal.

可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

获取所述终端的公钥;Obtaining a public key of the terminal;

根据所述终端的公钥和所述HN的私钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the public key of the terminal and the private key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述收发器还用于,接收所述终端的指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。Optionally, the transceiver is further used to receive indication information from the terminal, where the indication information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

第六方面,本申请实施例提供了一种认证装置,应用于终端,包括:处理器和收发器;In a sixth aspect, an embodiment of the present application provides an authentication device, applied to a terminal, comprising: a processor and a transceiver;

所述处理器用于,获取HN的认证向量,所述认证向量是由所述HN利用注册阶段生成的对称密钥EK进行计算获得的;根据所述认证向量和所述对称密钥EK进行认证。The processor is used to obtain an authentication vector of the HN, where the authentication vector is calculated by the HN using the symmetric key EK generated in the registration phase; and perform authentication according to the authentication vector and the symmetric key EK.

可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述处理器用于:Optionally, the processor is used to:

将所述AUTN拆分成CONC和MAC值;Splitting the AUTN into CONC and MAC values;

根据所述RAND和对称密钥EK计算获得AK;Calculate AK based on the RAND and the symmetric key EK;

根据所述AK和所述CONC计算获得SQNHNCalculate SQN HN according to the AK and the CONC;

根据共享密钥k、SQNHN以及RAND计算获得xMAC值;The xMAC value is calculated based on the shared key k, SQN HN and RAND;

根据所述xMAC值和所述MAC值进行认证。Authentication is performed based on the xMAC value and the MAC value.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

生成公私钥对;Generate a public-private key pair;

根据所述终端的私钥和所述HN的公钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the private key of the terminal and the public key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述收发器还用于,向所述HN发送指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。Optionally, the transceiver is further used to send indication information to the HN, where the indication information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

可选的,所述收发器还用于,向所述HN发送所述终端的公钥。Optionally, the transceiver is further configured to send a public key of the terminal to the HN.

第七方面,本申请实施例还提供一种通信设备,包括:存储器、处理器及存储在存储器上并可在处理器上运行的程序,所述处理器执行所述程序时实现如上所述的认证方法中的步骤。In a seventh aspect, an embodiment of the present application further provides a communication device, comprising: a memory, a processor, and a program stored in the memory and executable on the processor, wherein the processor implements the steps in the authentication method as described above when executing the program.

第八方面,本申请实施例还提供一种可读存储介质,所述可读存储介质上存储程序,所述程序被处理器执行时实现如上所述的认证方法中的步骤。In an eighth aspect, an embodiment of the present application further provides a readable storage medium, on which a program is stored, and when the program is executed by a processor, the steps in the authentication method as described above are implemented.

在本申请实施例中,HN侧利用注册阶段生成的对称密钥EK进行计算获得生成认证向量,而终端侧利用注册阶段生成的对称密钥EK和该认证向量进行认证。由于HN侧和终端侧都具有注册阶段生成的对称密钥EK并可进行相应的处理,因此,利用本申请实施例的方案无需在HN侧和终端侧增加对认证向量的加密和解密操作,可减少数据处理时延。In the embodiment of the present application, the HN side uses the symmetric key EK generated in the registration phase to calculate and generate the authentication vector, and the terminal side uses the symmetric key EK generated in the registration phase and the authentication vector for authentication. Since both the HN side and the terminal side have the symmetric key EK generated in the registration phase and can perform corresponding processing, the solution of the embodiment of the present application does not need to add encryption and decryption operations on the authentication vector on the HN side and the terminal side, which can reduce data processing delay.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本申请实施例提供的认证方法的流程图之一;FIG1 is a flowchart of an authentication method provided in an embodiment of the present application;

图2是本申请实施例提供的认证方法的流程图之二;FIG2 is a second flowchart of the authentication method provided in an embodiment of the present application;

图3是本申请实施例中终端侧生成对称密钥EK的流程图;FIG3 is a flow chart of generating a symmetric key EK on the terminal side in an embodiment of the present application;

图4是本申请实施例中HN侧生成对称密钥EK的流程图;FIG4 is a flow chart of generating a symmetric key EK on the HN side in an embodiment of the present application;

图5是本申请实施例提供的认证方法的流程图之三;FIG5 is a third flowchart of the authentication method provided in an embodiment of the present application;

图6是本申请实施例提供的认证装置的结构图之一;FIG6 is a structural diagram of an authentication device provided in an embodiment of the present application;

图7是本申请实施例提供的认证装置的结构图之二;FIG7 is a second structural diagram of the authentication device provided in an embodiment of the present application;

图8是本申请实施例提供的认证装置的结构图之三;FIG8 is a third structural diagram of the authentication device provided in an embodiment of the present application;

图9是本申请实施例提供的认证装置的结构图之四。FIG. 9 is a fourth structural diagram of the authentication device provided in an embodiment of the present application.

具体实施方式Detailed ways

本申请实施例中术语“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。In the embodiments of the present application, the term "and/or" describes the association relationship of the associated objects, indicating that there may be three relationships. For example, A and/or B may represent: A exists alone, A and B exist at the same time, and B exists alone. The character "/" generally indicates that the associated objects before and after are in an "or" relationship.

本申请实施例中术语“多个”是指两个或两个以上,其它量词与之类似。In the embodiments of the present application, the term "plurality" refers to two or more than two, and other quantifiers are similar.

下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,并不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will be combined with the drawings in the embodiments of the present application to clearly and completely describe the technical solutions in the embodiments of the present application. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this application.

参见图1,图1是本申请实施例提供的认证方法的流程图,应用于HN,如图1所示,包括以下步骤:Referring to FIG. 1 , FIG. 1 is a flow chart of an authentication method provided in an embodiment of the present application, which is applied to HN, and includes the following steps as shown in FIG. 1 :

步骤101、生成认证向量,所述认证向量是利用注册阶段生成的对称密钥EK进行计算获得的。Step 101: Generate an authentication vector, where the authentication vector is calculated using the symmetric key EK generated during the registration phase.

在本申请实施例中,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中:In the embodiment of the present application, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein:

RAND为随机数;RAND is a random number;

AUTN为认证令牌,包括CONC和MAC值;所述CONC根据AK和SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得,SQNHN为HN的序列号;AUTN is an authentication token, including CONC and MAC values; the CONC is calculated based on AK and SQN HN , the AK is calculated using the symmetric key EK and the RAND, and SQN HN is the sequence number of HN;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得;HXRES is the hash value of RAND and XRES, where XRES is calculated based on RAND and the shared key k;

Kseaf为锚密钥。Kseaf is the anchor key.

具体的,AK通过f5(EK,RAND)计算得到;MAC值通过f1(k,SQNHN,RAND)计算得到;CONC通过(AK⊕SQNHN)计算得到;XRES通过f2(k,RAND)计算得到;其中,f1(x),f2(x),f5(x)表示加密函数。Kseaf根据共享密钥k、RAND、IDSN、SQNHN得到。Specifically, AK is calculated by f5(EK, RAND); MAC value is calculated by f1(k, SQN HN , RAND); CONC is calculated by (AK⊕SQN HN ); XRES is calculated by f2(k, RAND); where f1(x), f2(x), and f5(x) represent encryption functions. Kseaf is obtained based on the shared key k, RAND, IDSN, and SQN HN .

对于HN侧来讲,在注册阶段,按照如下方式生成该对称密钥KN:For the HN side, during the registration phase, the symmetric key KN is generated as follows:

获取所述终端的公钥;Obtaining a public key of the terminal;

根据所述终端的公钥和所述HN的私钥生成密钥数据串K。A key data string K is generated according to the public key of the terminal and the private key of the HN.

该密钥数据串的长度为enckeylen+icblen+mackeylen。其中,从所述密钥数据串K的最左边开始、以enckeylen为长度的字节为所述对称密钥EK,所述enckeylen表示密钥长度。此外,icblen表示数据库长度,mackeylen表示校验密钥长度。将K中间以icblen为长度的字节解析为ICB,将K最右边长度为mackeylen字节作为MAC密钥MK。The length of the key data string is enckeylen+icblen+mackeylen. The bytes starting from the leftmost of the key data string K and with a length of enckeylen are the symmetric key EK, and enckeylen represents the key length. In addition, icblen represents the database length, and mackeylen represents the verification key length. The bytes in the middle of K with a length of icblen are parsed as ICB, and the rightmost bytes of K with a length of mackeylen are used as the MAC key MK.

可选的,在本申请实施例中,HN还可接收所述终端的指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。若收到该指示信息,则HN利用注册阶段生成的对称密钥EK进行计算获得该认证向量;否则可按照现有技术的方式得到认证向量。Optionally, in the embodiment of the present application, the HN may also receive indication information from the terminal, the indication information being used to instruct the HN to obtain the authentication vector using the symmetric key EK. If the indication information is received, the HN uses the symmetric key EK generated during the registration phase to calculate and obtain the authentication vector; otherwise, the authentication vector may be obtained in the manner of the prior art.

步骤102、向终端发送所述认证向量。Step 102: Send the authentication vector to the terminal.

HN通过SN(Serving network,服务网络)向终端发送认证向量。The HN sends the authentication vector to the terminal through the SN (Serving network).

在本申请实施例中,HN侧利用注册阶段生成的对称密钥EK进行计算获得生成认证向量,而终端侧利用注册阶段生成的对称密钥EK和该认证向量进行认证。由于HN侧和终端侧都具有注册阶段生成的对称密钥EK并可进行相应的处理,因此,利用本申请实施例的方案无需在HN侧和终端侧增加对认证向量的加密和解密操作,可减少数据处理时延。In the embodiment of the present application, the HN side uses the symmetric key EK generated in the registration phase to calculate and generate the authentication vector, and the terminal side uses the symmetric key EK generated in the registration phase and the authentication vector for authentication. Since both the HN side and the terminal side have the symmetric key EK generated in the registration phase and can perform corresponding processing, the solution of the embodiment of the present application does not need to add encryption and decryption operations on the authentication vector on the HN side and the terminal side, which can reduce data processing delay.

参见图2,图2是本申请实施例提供的认证方法的流程图,应用于终端,如图2所示,包括以下步骤:Referring to FIG. 2 , FIG. 2 is a flow chart of an authentication method provided in an embodiment of the present application, which is applied to a terminal, as shown in FIG. 2 , and includes the following steps:

步骤201、获取HN的认证向量,所述认证向量是由所述HN利用注册阶段生成的对称密钥EK进行计算获得的。Step 201: Obtain an authentication vector of the HN, where the authentication vector is calculated by the HN using the symmetric key EK generated during the registration phase.

其中,所述认证向量的组成可参照前述方法实施例的描述。The composition of the authentication vector may refer to the description of the aforementioned method embodiment.

步骤202、根据所述认证向量和所述对称密钥EK进行认证。Step 202: Perform authentication according to the authentication vector and the symmetric key EK.

对于终端侧,在注册阶段可按照如下方式生成对称密钥EK:On the terminal side, the symmetric key EK can be generated in the registration phase as follows:

生成公私钥对。其中,终端可通过归属网络提供的ECIES(Elliptic CurveIntegrate Encrypt Scheme,集成加密方案)参数产生ECC(Elliptic CurveCryptography,椭圆曲线加密)临时公私钥对。之后,终端可根据所述终端的私钥(即该临时私钥)和所述HN的公钥生成密钥数据串K。可选的,终端还向所述HN发送所述终端的公钥。因此,最终终端的输出为终端的ECC临时公钥(终端的公钥),密文值,MAC-tag和其他参数(允许发送方发送额外的符号指示)。Generate a public-private key pair. The terminal can generate an ECC (Elliptic Curve Cryptography) temporary public-private key pair through the ECIES (Elliptic Curve Integrate Encrypt Scheme) parameters provided by the home network. Afterwards, the terminal can generate a key data string K based on the private key of the terminal (i.e., the temporary private key) and the public key of the HN. Optionally, the terminal also sends the public key of the terminal to the HN. Therefore, the final output of the terminal is the ECC temporary public key of the terminal (the public key of the terminal), the ciphertext value, the MAC-tag and other parameters (allowing the sender to send additional symbol indications).

该密钥数据串K的长度为enckeylen+icblen+mackeylen。其中,从所述密钥数据串K的最左边开始、以enckeylen为长度的字节为所述对称密钥EK,所述enckeylen表示密钥长度。此外,icblen表示数据库长度,mackeylen表示校验密钥长度。将K中间以icblen为长度的字节解析为ICB,将K最右边长度为mackeylen字节作为MAC密钥MK。The length of the key data string K is enckeylen+icblen+mackeylen. The bytes starting from the leftmost of the key data string K and with a length of enckeylen are the symmetric key EK, and enckeylen represents the key length. In addition, icblen represents the database length, and mackeylen represents the verification key length. The bytes in the middle of K with a length of icblen are parsed as ICB, and the rightmost bytes of K with a length of mackeylen are used as the MAC key MK.

可选的,所述终端还可向所述HN发送指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。其中,该指示信息可携带在上述的其他参数中。例如,终端可在其他参数中增加一个tag。当tag=1时,指示HN侧保存对称加密密钥EK,并在生成认证向量阶段用保存的对称加密密钥EK代替根密钥k。如果在其他参数中没有tag值或tag=0,HN侧按照现有5G AKA流程生成认证向量。Optionally, the terminal may also send indication information to the HN, wherein the indication information is used to instruct the HN to obtain the authentication vector using the symmetric key EK. The indication information may be carried in the other parameters mentioned above. For example, the terminal may add a tag to the other parameters. When tag=1, it indicates that the HN side saves the symmetric encryption key EK and replaces the root key k with the saved symmetric encryption key EK in the authentication vector generation stage. If there is no tag value in the other parameters or tag=0, the HN side generates the authentication vector according to the existing 5G AKA process.

在进行认证时,终端可将所述AUTN拆分成CONC和MAC值;根据所述RAND和对称密钥EK计算获得AK;根据所述AK和所述CONC计算获得SQNHN;根据共享密钥k、SQNHN以及RAND计算获得xMAC值;根据所述xMAC值和所述MAC值进行认证。其中,根据所述xMAC值和所述MAC值进行认证的过程和现有技术中的相同。When performing authentication, the terminal may split the AUTN into CONC and MAC values; calculate AK according to the RAND and the symmetric key EK; calculate SQN HN according to the AK and the CONC; calculate xMAC value according to the shared key k, SQN HN and RAND; perform authentication according to the xMAC value and the MAC value. The process of performing authentication according to the xMAC value and the MAC value is the same as that in the prior art.

在本申请实施例中,HN侧利用注册阶段生成的对称密钥EK进行计算获得生成认证向量,而终端侧利用注册阶段生成的对称密钥EK和该认证向量进行认证。由于HN侧和终端侧都具有注册阶段生成的对称密钥EK并可进行相应的处理,因此,利用本申请实施例的方案无需在HN侧和终端侧增加对认证向量的加密和解密操作,可减少数据处理时延。In the embodiment of the present application, the HN side uses the symmetric key EK generated in the registration phase to calculate and generate the authentication vector, and the terminal side uses the symmetric key EK generated in the registration phase and the authentication vector for authentication. Since both the HN side and the terminal side have the symmetric key EK generated in the registration phase and can perform corresponding processing, the solution of the embodiment of the present application does not need to add encryption and decryption operations on the authentication vector on the HN side and the terminal side, which can reduce data processing delay.

参见图3,图3是本申请实施例中终端侧生成对称密钥EK的流程图,可包括:Referring to FIG. 3 , FIG. 3 is a flow chart of generating a symmetric key EK on the terminal side in an embodiment of the present application, which may include:

在5G-AKA初始协商(注册)阶段:1)UE侧通过归属网络提供的ECIES参数产生ECC临时公私钥对(Eph.key pair generation)。2)UE基于临时私钥和HN的公钥计算出共享密钥k(Eph.shared key)。3)UE基于共享密钥k生成长度为enckeylen+icblen+mackeylen的密钥数据串K。将K最左边的以enckeylen(即加密密钥长度)为长度的字节解析为加密密钥EK,将K中间以icblen(即数据块长度)为长度的字节解析为ICB(Initial Counter Block,初始计数块),将K最右边长度为mackeylen(即校验密钥长度)字节作为MAC密钥MK(完整性保护密钥)。4)UE使用加密密钥和ICB对原始明文(Plain-text中的内容)进行加密,生成密文(Eph.Ciphertext Value)。5)使用MAC密钥MK对密文进行完整性保护,并生成MAC-tag(完整性保护校验码)。最终,UE的输出为UE ECC临时公钥,密文,MAC-tag(完整性保护校验码)和其他参数(允许发送方发送额外的符号指示)。During the initial negotiation (registration) phase of 5G-AKA: 1) The UE generates an ECC temporary public-private key pair (Eph.key pair generation) through the ECIES parameters provided by the home network. 2) The UE calculates the shared key k (Eph.shared key) based on the temporary private key and the public key of HN. 3) The UE generates a key data string K of length enckeylen+icblen+mackeylen based on the shared key k. The leftmost byte of K with a length of enckeylen (i.e., encryption key length) is parsed as the encryption key EK, the middle byte of K with a length of icblen (i.e., data block length) is parsed as ICB (Initial Counter Block), and the rightmost byte of K with a length of mackeylen (i.e., verification key length) is used as the MAC key MK (integrity protection key). 4) The UE uses the encryption key and ICB to encrypt the original plaintext (the content in the plain-text) and generate the ciphertext (Eph.Ciphertext Value). 5) The MAC key MK is used to perform integrity protection on the ciphertext and generate a MAC-tag (integrity protection check code). Ultimately, the output of the UE is the UE ECC temporary public key, ciphertext, MAC-tag (integrity protection check code) and other parameters (allowing the sender to send additional symbol indications).

在本申请实施例中,在其他参数中增加一个tag,当tag=1时,指示HN侧保存对称加密密钥EK,并在生成认证向量阶段AK←f5(k,RAND)用保存的对称加密密钥EK代替根密钥k。如果在其他参数中没有tag值或tag=0,HN侧按照现有5G AKA流程生成认证向量。In the embodiment of the present application, a tag is added to other parameters. When tag=1, it indicates that the HN side saves the symmetric encryption key EK and replaces the root key k with the saved symmetric encryption key EK in the authentication vector generation phase AK←f5(k,RAND). If there is no tag value in other parameters or tag=0, the HN side generates the authentication vector according to the existing 5G AKA process.

参见图4,图4是本申请实施例中HN侧生成对称密钥EK的流程图,可包括:Referring to FIG. 4 , FIG. 4 is a flow chart of generating a symmetric key EK on the HN side in an embodiment of the present application, which may include:

HN侧接收到用户的密文(SUCI(Subscription Concealed Identifier,签约加密标识))、临时公钥、MAC-tag和其他参数后,在SIDF(Subscription Identifier De-concealing Function,用户标识符隐藏功能)模块完成SUCI的解密。1)基于UE的临时公钥和HN的私钥生成共享密钥k。2)根据共享密钥等生成enckeylen+icblen+mackeylen的密钥数据串K。将K最左边的以enckeylen为长度的字节解析为加密密钥EK,将K中间以icblen为长度的字节解析为ICB,将K最右边长度为mackeylen字节作为MAC密钥MK。3)采用加密密钥EK和ICB密钥对SUCI进行解密处理得到明文。4)采用完整性保护密钥对SUCI进行完整性保护,生成待验证的完整性保护校验码。After the HN side receives the user's ciphertext (SUCI (Subscription Concealed Identifier)), temporary public key, MAC-tag and other parameters, the SIDF (Subscription Identifier De-concealing Function) module completes the decryption of SUCI. 1) Generate a shared key k based on the UE's temporary public key and the HN's private key. 2) Generate a key data string K of enckeylen+icblen+mackeylen based on the shared key, etc. Parse the leftmost byte of K with a length of enckeylen as the encryption key EK, parse the middle byte of K with a length of icblen as ICB, and use the rightmost byte of K with a length of mackeylen as the MAC key MK. 3) Use the encryption key EK and the ICB key to decrypt the SUCI to obtain plaintext. 4) Use the integrity protection key to perform integrity protection on the SUCI and generate an integrity protection check code to be verified.

参见图5,图5是本申请实施例中的认证方法的流程图,可包括:Referring to FIG. 5 , FIG. 5 is a flow chart of an authentication method in an embodiment of the present application, which may include:

步骤501、HN生成认证向量。其中,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组。Step 501: HN generates an authentication vector, wherein the authentication vector includes a four-tuple formed by RAND, AUTN, HXRES, and Kseaf.

其中,RAND是一个128比特的随机数,AUTN是一个认证令牌(包含CONC和MAC值,其中,CONC是AK和SQNHN的异或;HXRES是RAND和XRES的哈希值,XRES表示期待响应(eXpectedRreponse)。Among them, RAND is a 128-bit random number, AUTN is an authentication token (including CONC and MAC values, where CONC is the exclusive OR of AK and SQN HN ; HXRES is the hash value of RAND and XRES, and XRES represents the expected response (eXpectedRreponse).

MAC根据f1(k,SQNHN,RAND)计算得到,AK根据f5(EK,RAND)计算得到,XRES根据f2(k,RAND)计算得到,Kseaf根据k,RNAD,IDSN,SQNHN得到(Kseaf←Keyderivation(k,RNAD,IDSN,SQNHN))。k表示共享密钥,IDSN表示SN的ID。MAC is calculated based on f1(k, SQN HN , RAND), AK is calculated based on f5(EK, RAND), XRES is calculated based on f2(k, RAND), and Kseaf is obtained based on k, RNAD, ID SN , SQN HN (Kseaf←Keyderivation(k, RNAD, ID SN , SQN HN )). k represents the shared key, and ID SN represents the ID of SN.

步骤502、HN向SN发送认证向量。Step 502: HN sends an authentication vector to SN.

步骤503、SN收到HN发送的认证向量后,将(RAND,AUTN)发送给UE。Step 503: After receiving the authentication vector sent by the HN, the SN sends (RAND, AUTN) to the UE.

步骤504、UE收到(RAND,AUTN)后,首先将AUTN拆分成CONC和MAC,再通过对称密钥EK和RAND计算AK(AK←f5(EK,RAND)),进而将AK与CONC进行异或操作得到SQNHN(SQNHN←AK⊕CONC),最后计算出xMAC值(xMAC←f1(k,SQNHN,RAND))。Step 504: After receiving (RAND, AUTN), the UE first splits AUTN into CONC and MAC, then calculates AK using the symmetric key EK and RAND (AK←f5(EK, RAND)), then performs an XOR operation on AK and CONC to obtain SQNHN ( SQNHN ←AK⊕CONC), and finally calculates the xMAC value (xMAC←f1(k, SQNHN , RAND)).

UE将xMAC与收到的MAC值进行对比。The UE compares xMAC with the received MAC value.

(1)如果xMAC与MAC值不同,则认证失败,UE发送MAC_Failure消息到SN。(1) If the xMAC value is different from the MAC value, the authentication fails and the UE sends a MAC_Failure message to the SN.

(2)如果xMAC与MAC值相同但是SQNUE>SQNHN,那么UE认为产生了序列号不同步的问题,会进行重新同步。UE侧返回Sync_Failure和AUTS(重同步参数)。SN将Sync_Failure,AUTS,RAND,SUCI发送给HN。(2) If xMAC and MAC are the same but SQNUE>SQNHN, the UE considers that a sequence number asynchronization problem has occurred and will resynchronize. The UE returns Sync_Failure and AUTS (resynchronization parameters). The SN sends Sync_Failure, AUTS, RAND, and SUCI to the HN.

(3)如果xMAC与MAC值相同并且SQNUE<SQNHN,则完成了对HN的认证,UE侧会生成RES(RES←f2(K,RAND))和Kseaf,将响应值RES发送给SN进行认证。Kseaf根据k,RNAD,IDSN,SQNHN得到(Kseaf←Keyderivation(k,RNAD,IDSN,SQNHN))。(3) If xMAC is the same as MAC and SQN UE < SQN HN , the authentication of HN is completed. The UE side generates RES (RES←f2(K, RAND)) and Kseaf, and sends the response value RES to the SN for authentication. Kseaf is obtained according to k, RNAD, ID SN , SQN HN (Kseaf←Keyderivation(k, RNAD, ID SN , SQN HN )).

SN在收到RES后,将RES与RAND进行哈希得到HRES(HRES←Hash(RAND,XRES)),并将HRES与HN发送的HXRES进行比较。如果二者相同,则完成认证。认证成功后需要将RES发送给HN,防止恶意的SN。After receiving RES, SN hashes RES and RAND to obtain HRES (HRES←Hash(RAND, XRES)), and compares HRES with HXRES sent by HN. If the two are the same, the authentication is completed. After successful authentication, RES needs to be sent to HN to prevent malicious SNs.

HN收到SN发送的RES后,将其与XRES进行对比。如果二者相同,HN则返回SUPI到SN并完成对UE的认证。After receiving the RES sent by the SN, the HN compares it with the XRES. If the two are the same, the HN returns the SUPI to the SN and completes the authentication of the UE.

在本申请实施例中,HN侧利用注册阶段生成的对称密钥EK进行计算获得生成认证向量,而终端侧利用注册阶段生成的对称密钥EK和该认证向量进行认证。由于HN侧和终端侧都具有注册阶段生成的对称密钥EK并可进行相应的处理,因此,利用本申请实施例的方案无需在HN侧和终端侧增加对认证向量的加密和解密操作,可减少数据处理时延,并且上述方案可减少对存量终端的验证的影响。In the embodiment of the present application, the HN side uses the symmetric key EK generated in the registration phase to calculate and generate the authentication vector, and the terminal side uses the symmetric key EK generated in the registration phase and the authentication vector for authentication. Since both the HN side and the terminal side have the symmetric key EK generated in the registration phase and can perform corresponding processing, the scheme of the embodiment of the present application does not need to add encryption and decryption operations on the authentication vector on the HN side and the terminal side, which can reduce data processing delay, and the above scheme can reduce the impact on the verification of existing terminals.

参见图6,图6是本申请实施例提供的认证装置的结构图,应用于HN。Refer to FIG. 6 , which is a structural diagram of an authentication device provided in an embodiment of the present application, which is applied to HN.

如图6所示,认证装置包括:As shown in FIG6 , the authentication device includes:

第一生成模块601,用于生成认证向量,所述认证向量是利用注册阶段生成的对称密钥EK进行计算获得的;第一发送模块602,用于向终端发送所述认证向量。The first generating module 601 is used to generate an authentication vector, where the authentication vector is calculated using the symmetric key EK generated in the registration phase; the first sending module 602 is used to send the authentication vector to the terminal.

可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

获取所述终端的公钥;Obtaining a public key of the terminal;

根据所述终端的公钥和所述HN的私钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the public key of the terminal and the private key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述装置还包括:Optionally, the device further comprises:

第一接收模块,用于接收所述终端的指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。The first receiving module is configured to receive instruction information from the terminal, where the instruction information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

本申请实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,本实施例此处不再赘述。The device provided in the embodiment of the present application can execute the above method embodiment, and its implementation principle and technical effect are similar, so this embodiment will not be repeated here.

参见图7,图7是本申请实施例提供的认证装置的结构图,应用于终端。如图7所示,认证装置包括:See Figure 7, which is a structural diagram of an authentication device provided in an embodiment of the present application, which is applied to a terminal. As shown in Figure 7, the authentication device includes:

第一获取模块701,用于获取HN的认证向量,所述认证向量是由所述HN利用注册阶段生成的对称密钥EK进行计算获得的;第一认证模块702,用于根据所述认证向量和所述对称密钥EK进行认证。The first acquisition module 701 is used to acquire the authentication vector of the HN, where the authentication vector is calculated by the HN using the symmetric key EK generated in the registration phase; the first authentication module 702 is used to perform authentication based on the authentication vector and the symmetric key EK.

可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述第一认证模块包括:Optionally, the first authentication module includes:

第一处理子模块,用于将所述AUTN拆分成CONC和MAC值;A first processing submodule, configured to split the AUTN into CONC and MAC values;

第一计算子模块,用于根据所述RAND和对称密钥EK计算获得AK;A first calculation submodule, configured to calculate AK according to the RAND and the symmetric key EK;

第二计算子模块,用于根据所述AK和所述CONC计算获得SQNHNA second calculation submodule, configured to calculate and obtain SQN HN according to the AK and the CONC;

第三计算子模块,用于根据共享密钥k、SQNHN以及RAND计算获得xMAC值;The third calculation submodule is used to calculate the xMAC value according to the shared key k, SQN HN and RAND;

第一认证子模块,用于根据所述xMAC值和所述MAC值进行认证。The first authentication submodule is used to perform authentication according to the xMAC value and the MAC value.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

生成公私钥对;Generate a public-private key pair;

根据所述终端的私钥和所述HN的公钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the private key of the terminal and the public key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述装置还可包括:Optionally, the device may further include:

第一发送模块,用于向所述HN发送指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。The first sending module is configured to send instruction information to the HN, where the instruction information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

可选的,所述装置还可包括:Optionally, the device may further include:

第二发送模块,用于向所述HN发送所述终端的公钥。The second sending module is used to send the public key of the terminal to the HN.

本申请实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,本实施例此处不再赘述。The device provided in the embodiment of the present application can execute the above method embodiment, and its implementation principle and technical effect are similar, so this embodiment will not be repeated here.

参见图8,图8是本申请实施例提供的认证装置的结构图,应用于HN。如图8所示,认证装置包括:处理器801和收发器802;See Figure 8, which is a structural diagram of an authentication device provided in an embodiment of the present application, which is applied to HN. As shown in Figure 8, the authentication device includes: a processor 801 and a transceiver 802;

所述处理器801,用于生成认证向量,所述认证向量是利用注册阶段生成的对称密钥EK进行计算获得的;The processor 801 is used to generate an authentication vector, where the authentication vector is calculated using the symmetric key EK generated in the registration phase;

所述收发器802,用于向终端发送所述认证向量。The transceiver 802 is configured to send the authentication vector to a terminal.

可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

获取所述终端的公钥;Obtaining a public key of the terminal;

根据所述终端的公钥和所述HN的私钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the public key of the terminal and the private key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述收发器802还用于,接收所述终端的指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。Optionally, the transceiver 802 is further configured to receive indication information from the terminal, where the indication information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

本申请实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,本实施例此处不再赘述。The device provided in the embodiment of the present application can execute the above method embodiment, and its implementation principle and technical effect are similar, so this embodiment will not be repeated here.

参见图9,图9是本申请实施例提供的认证装置的结构图,应用于终端。如图9所示,认证装置包括:处理器901和收发器902;See Figure 9, which is a structural diagram of an authentication device provided in an embodiment of the present application, which is applied to a terminal. As shown in Figure 9, the authentication device includes: a processor 901 and a transceiver 902;

所述处理器901用于,获取HN的认证向量,所述认证向量是由所述HN利用注册阶段生成的对称密钥EK进行计算获得的;根据所述认证向量和所述对称密钥EK进行认证。The processor 901 is configured to obtain an authentication vector of the HN, where the authentication vector is calculated by the HN using the symmetric key EK generated in the registration phase; and perform authentication according to the authentication vector and the symmetric key EK.

可选的,所述认证向量包括:由RAND,AUTN,HXRES,Kseaf形成的四元组;其中,Optionally, the authentication vector includes: a four-tuple formed by RAND, AUTN, HXRES, and Kseaf; wherein,

AUTN包括CONC和MAC值;所述CONC根据AK和HN的序列号SQNHN计算获得,所述AK利用所述对称密钥EK和所述RAND进行计算获得;AUTN includes CONC and MAC values; the CONC is calculated based on the sequence number SQN HN of AK and HN, and the AK is calculated using the symmetric key EK and the RAND;

HXRES为RAND和XRES的哈希值,所述XRES根据RAND和共享密钥k进行计算获得。HXRES is a hash value of RAND and XRES, where XRES is calculated based on RAND and a shared key k.

可选的,所述处理器901用于:Optionally, the processor 901 is configured to:

将所述AUTN拆分成CONC和MAC值;Splitting the AUTN into CONC and MAC values;

根据所述RAND和对称密钥EK计算获得AK;Calculate AK based on the RAND and the symmetric key EK;

根据所述AK和所述CONC计算获得SQNHNCalculate SQN HN according to the AK and the CONC;

根据共享密钥k、SQNHN以及RAND计算获得xMAC值;The xMAC value is calculated based on the shared key k, SQN HN and RAND;

根据所述xMAC值和所述MAC值进行认证。Authentication is performed based on the xMAC value and the MAC value.

可选的,所述对称密钥EK按照下述方式生成:Optionally, the symmetric key EK is generated in the following manner:

生成公私钥对;Generate a public-private key pair;

根据所述终端的私钥和所述HN的公钥生成密钥数据串K,其中,从所述密钥数据串K的最左边开始、以密钥长度enckeylen为长度的字节为所述对称密钥EK。A key data string K is generated according to the private key of the terminal and the public key of the HN, wherein the bytes starting from the leftmost side of the key data string K and having a key length enckeylen as the length are the symmetric key EK.

可选的,所述收发器902还用于,向所述HN发送指示信息,所述指示信息用于指示所述HN利用所述对称密钥EK获得所述认证向量。Optionally, the transceiver 902 is further configured to send indication information to the HN, where the indication information is used to instruct the HN to obtain the authentication vector using the symmetric key EK.

可选的,所述收发器902还用于,向所述HN发送所述终端的公钥。Optionally, the transceiver 902 is further configured to send the public key of the terminal to the HN.

本申请实施例提供的装置,可以执行上述方法实施例,其实现原理和技术效果类似,本实施例此处不再赘述。The device provided in the embodiment of the present application can execute the above method embodiment, and its implementation principle and technical effect are similar, so this embodiment will not be repeated here.

需要说明的是,本申请实施例中对单元的划分是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。It should be noted that the division of units in the embodiments of the present application is schematic and is only a logical function division. There may be other division methods in actual implementation. In addition, each functional unit in each embodiment of the present application may be integrated into a processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个处理器可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a processor-readable storage medium. Based on this understanding, the technical solution of the present application is essentially or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium, including a number of instructions to enable a computer device (which can be a personal computer, server, or network device, etc.) or a processor (processor) to perform all or part of the steps of the method described in each embodiment of the present application. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), disk or optical disk and other media that can store program codes.

本申请实施例提供了一种通信设备,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的程序;所述处理器,用于读取存储器中的程序实现如前所述的认证方法中的步骤。An embodiment of the present application provides a communication device, including: a memory, a processor, and a program stored in the memory and executable on the processor; the processor is used to read the program in the memory to implement the steps in the authentication method described above.

本申请实施例还提供一种可读存储介质,可读存储介质上存储有程序,该程序被处理器执行时实现上述认证方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。其中,所述的可读存储介质,可以是处理器能够存取的任何可用介质或数据存储设备,包括但不限于磁性存储器(例如软盘、硬盘、磁带、磁光盘(MO)等)、光学存储器(例如CD、DVD、BD、HVD等)、以及半导体存储器(例如ROM、EPROM、EEPROM、非易失性存储器(NAND FLASH)、固态硬盘(SSD))等。The embodiment of the present application also provides a readable storage medium, on which a program is stored. When the program is executed by the processor, each process of the above-mentioned authentication method embodiment is implemented, and the same technical effect can be achieved. To avoid repetition, it is not repeated here. Among them, the readable storage medium can be any available medium or data storage device that can be accessed by the processor, including but not limited to magnetic storage (such as floppy disk, hard disk, magnetic tape, magneto-optical disk (MO), etc.), optical storage (such as CD, DVD, BD, HVD, etc.), and semiconductor storage (such as ROM, EPROM, EEPROM, non-volatile memory (NAND FLASH), solid state drive (SSD)), etc.

需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, method, article or device including the element.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。根据这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁盘、光盘)中,包括若干指令用以使得一台终端(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of the present application, or the part that contributes to the prior art, can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, disk, CD), and includes a number of instructions for a terminal (which can be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in each embodiment of the present application.

上面结合附图对本申请的实施例进行了描述,但是本申请并不局限于上述的具体实施方式,上述的具体实施方式仅仅是示意性的,而不是限制性的,本领域的普通技术人员在本申请的启示下,在不脱离本申请宗旨和权利要求所保护的范围情况下,还可做出很多形式,均属于本申请的保护之内。The embodiments of the present application are described above in conjunction with the accompanying drawings, but the present application is not limited to the above-mentioned specific implementation methods. The above-mentioned specific implementation methods are merely illustrative and not restrictive. Under the guidance of the present application, ordinary technicians in this field can also make many forms without departing from the purpose of the present application and the scope of protection of the claims, all of which are within the protection of the present application.

Claims (16)

1. An authentication method applied to a home network HN, comprising:
generating an authentication vector which is obtained by calculation by using the symmetric key EK generated in the registration stage;
And sending the authentication vector to the terminal.
2. The method of claim 1, wherein the authentication vector comprises: a quadruple formed by the random number RAND, authentication token AUTN, hash expected response HXRES, anchor key Kseaf; wherein,
AUTN includes a parameter CONC and a message authentication code MAC value; the CONC is obtained by calculation according to sequence numbers SQN HN of an anonymous key AK and an anonymous key HN, and the AK is obtained by calculation by using the symmetric key EK and the RAND;
HXRES is a hash value of the RAND and the expected response XRES, which is calculated from the RAND and the shared key k.
3. Method according to claim 1 or 2, characterized in that the symmetric key EK is generated in the following way:
Acquiring a public key of the terminal;
and generating a key data string K according to the public key of the terminal and the private key of the HN, wherein bytes with the key length enckeylen as the length from the leftmost side of the key data string K are taken as the symmetric key EK.
4. The method according to claim 1, wherein the method further comprises:
And receiving indication information of the terminal, wherein the indication information is used for indicating the HN to obtain the authentication vector by using the symmetric key EK.
5. An authentication method applied to a terminal, comprising:
Acquiring an authentication vector of a home network HN, wherein the authentication vector is obtained by calculation of the HN by using a symmetric key EK generated in a registration stage;
and authenticating according to the authentication vector and the symmetric key EK.
6. The method of claim 5, wherein the authentication vector comprises: a quadruple formed by the random number RAND, authentication token AUTN, hash expected response HXRES, anchor key Kseaf; wherein,
AUTN includes a parameter CONC and a message authentication code MAC value; the CONC is obtained by calculation according to sequence numbers SQN HN of an anonymous key AK and an anonymous key HN, and the AK is obtained by calculation by using the symmetric key EK and the RAND;
HXRES is a hash value of the RAND and the expected response XRES, which is calculated from the RAND and the shared key k.
7. The method of claim 6, wherein said authenticating based on said authentication vector and said symmetric key EK comprises:
splitting the AUTN into a CONC and MAC value;
obtaining AK according to the RAND and the symmetric key EK by calculation;
calculating according to the AK and the CONC to obtain SQN HN;
obtaining xMAC value according to the shared secret k, the SQN HN and the RAND calculation;
and authenticating according to the xMAC value and the MAC value.
8. The method according to any of claims 5 to 7, characterized in that the symmetric key EK is generated in the following way:
Generating a public-private key pair;
And generating a key data string K according to the private key of the terminal and the public key of the HN, wherein bytes with the key length enckeylen as the length from the leftmost side of the key data string K are taken as the symmetric key EK.
9. The method according to any one of claims 5 to 7, further comprising:
And sending indication information to the HN, wherein the indication information is used for indicating the HN to obtain the authentication vector by using the symmetric key EK.
10. The method of claim 8, wherein the method further comprises:
And sending the public key of the terminal to the HN.
11. An authentication apparatus applied to HN, comprising:
the first generation module is used for generating an authentication vector which is obtained by calculation by using the symmetric key EK generated in the registration stage;
and the first sending module is used for sending the authentication vector to the terminal.
12. An authentication apparatus applied to a terminal, comprising:
A first obtaining module, configured to obtain an authentication vector of a home network HN, where the authentication vector is obtained by calculating by the HN using a symmetric key EK generated in a registration stage;
and the first authentication module is used for performing authentication according to the authentication vector and the symmetric key EK.
13. An authentication apparatus applied to HN, comprising: a processor and a transceiver;
The processor is used for generating an authentication vector, and the authentication vector is obtained by calculation by using the symmetric key EK generated in the registration stage;
the transceiver is configured to send the authentication vector to a terminal.
14. An authentication apparatus applied to a terminal, comprising: a processor and a transceiver;
The processor is configured to obtain an authentication vector of a home network HN, where the authentication vector is obtained by calculating by the HN using a symmetric key EK generated in a registration phase; and authenticating according to the authentication vector and the symmetric key EK.
15. A communication device, comprising: a memory, a processor, and a program stored on the memory and executable on the processor; -characterized in that the processor is arranged to read a program in a memory for implementing the steps in the authentication method according to any one of claims 1 to 10.
16. A readable storage medium storing a program, wherein the program when executed by a processor implements the steps in the authentication method according to any one of claims 1 to 10.
CN202211597093.1A 2022-12-12 2022-12-12 Authentication method, authentication device, authentication equipment and readable storage medium Pending CN118200912A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211597093.1A CN118200912A (en) 2022-12-12 2022-12-12 Authentication method, authentication device, authentication equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211597093.1A CN118200912A (en) 2022-12-12 2022-12-12 Authentication method, authentication device, authentication equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN118200912A true CN118200912A (en) 2024-06-14

Family

ID=91409036

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211597093.1A Pending CN118200912A (en) 2022-12-12 2022-12-12 Authentication method, authentication device, authentication equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN118200912A (en)

Similar Documents

Publication Publication Date Title
Bhargavan et al. Transcript collision attacks: Breaking authentication in TLS, IKE, and SSH
Mitchell The impact of quantum computing on real-world security: A 5G case study
GB2623015A (en) Internet-of-vehicles communication security authentication method, system and device based on national cryptographic algorithm
EP2868029B1 (en) Key agreement for wireless communication
US20060177056A1 (en) Secure seed generation protocol
US20220046003A1 (en) Parameter sending method and apparatus
CN106941404B (en) Key protection method and device
US20200195446A1 (en) System and method for ensuring forward &amp; backward secrecy using physically unclonable functions
CN111641498B (en) Key Determination Method and Device
CN102724041A (en) Steganography-based key transmission and key updating method
Odelu et al. A secure anonymity preserving authentication scheme for roaming service in global mobility networks
CN111836260B (en) Authentication information processing method, terminal and network equipment
KR20230039722A (en) Pre-shared key PSK update method and device
CN111835691B (en) Authentication information processing method, terminal and network device
Kwon et al. (In-) security of cookies in HTTPS: Cookie theft by removing cookie flags
EP3482527B1 (en) Apparatus, computer program, and method for securely broadcasting messages
CN118540165A (en) Quantum security enhancement method for national security IPSec VPN protocol
CN118540163A (en) Quantum security enhancement method for national security SSL VPN protocol
CN110784318B (en) Group key updating method, device, electronic equipment, storage medium and communication system
CN110784870A (en) Wireless local area network secure communication method and system, and authentication server
CN117353899A (en) Hybrid encryption method, device and storage medium
CN114389803B (en) SPA key distribution method and device
CN117201000A (en) Mass data secure communication method, equipment and medium based on temporary key agreement
CN118200912A (en) Authentication method, authentication device, authentication equipment and readable storage medium
CN105681364B (en) An anti-attack method for IPv6 mobile terminals based on enhanced binding

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination