CN1659820A - Non-repudiation of service agreements - Google Patents

Non-repudiation of service agreements Download PDF

Info

Publication number
CN1659820A
CN1659820A CN 03813707 CN03813707A CN1659820A CN 1659820 A CN1659820 A CN 1659820A CN 03813707 CN03813707 CN 03813707 CN 03813707 A CN03813707 A CN 03813707A CN 1659820 A CN1659820 A CN 1659820A
Authority
CN
China
Prior art keywords
service
user
information
protocol
manager
Prior art date
Application number
CN 03813707
Other languages
Chinese (zh)
Inventor
R·布罗姆
A·梅赫斯
Original Assignee
艾利森电话股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US38850302P priority Critical
Priority to US10/278,362 priority patent/US7194765B2/en
Priority to US45529103P priority
Application filed by 艾利森电话股份有限公司 filed Critical 艾利森电话股份有限公司
Publication of CN1659820A publication Critical patent/CN1659820A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/04Masking or blinding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Abstract

本发明通常涉及通信系统中的用户(10)和服务提供者(20)之间的有效认可。 The present invention relates generally to a communication system between a recognized valid user (10) and service providers (20). 引入了一个额外的可信方(30),所谓的服务协议管理器,并且本发明基于该服务协议管理器(30)与用户终端(10)共享一个密钥(Ki)并且服务提供者(20)与该服务协议管理器(30)有信用关系的思想。 Introducing an additional trusted party (30), so-called service protocol manager, and the present invention is based on the service protocol manager (30) and a user terminal (10) share a secret key (Ki) and the service provider (20 ) have thought the credit relationship with the service protocol manager (30). 本发明提出的认可方案还基于相关服务协议信息的准备、根据共享密钥(Ki)对这个信息的加密处理(14/34)以便生成用户签署的服务协议验证信息。 Recognition scheme proposed by the present invention is further based on a service agreement information prepared for the encryption process information (14/34) to generate a service agreement signed by the user authentication information according to the shared key (Ki). 用户签署的验证信息随后被转发到服务提供者(20)以根据服务提供者(20)和服务协议管理器(30)之间的信用关系实现对服务协议的验证(26/36)。 User authentication signed information is then forwarded to the service provider (20) to the credit relationship between (20) and service protocol manager (30) depending on the service provider to achieve certification service agreement (26/36).

Description

服务协议的认可 Accreditation Services Agreement

技术领域 FIELD

本发明通常涉及现代通信系统(如移动通信系统)中,保证用户和服务提供商之间交易安全可靠的方法。 The present invention generally relates to modern communication system (mobile communication system), a reliable method for secure transactions between users and service providers.

背景技术 Background technique

今天的很多通信系统,包括移动通信系统,为增强系统安全性和健壮性而采用鉴定和加密过程。 Many of today's communication systems, including mobile communications system, to enhance the security and robustness of the system and the use of authentication and encryption process.

如在移动通信系统中,用户向网络和/或服务提供者鉴定,以便获得对基本网络服务以及其它服务的访问,并且该鉴定还充作给用户记帐的基础。 As a mobile communication system, the network users and / or service provider identification, in order to gain access to basic services and other network services, and also purported to identify the basis for user billing. 现代通信系统的基本安全协议通常涉及询问-响应鉴定过程,通常主要基于密钥加密。 The basic security protocols of modern communication systems normally involve query - response authentication process, usually mainly based on key cryptography. 询问-响应鉴定在本领域中是众所周知的,并且存在若干种用于GSM(全球移动通信系统)和UMTL(通用移动电信系统)的基本询问-响应鉴定上的标准。 Query - response identified in the art are well known, and there are several methods for GSM (Global System for Mobile communication), and UMTL (Universal Mobile Telecommunications System) is substantially query - response identification standards.

在电子商务尤其是小型付款系统中,服务提供者最基本的是能够证明用户已经同意为一项服务付费(服务费用/服务协议的用户认可)。 In e-commerce, especially small-scale payment system, the service provider is able to demonstrate the most basic user has agreed to pay (the cost of the service user / service agreement approved) as a service.

已知用于认可的技术通常采用基于公共密钥加密方案的数字签名,从计算角度讲这种方法很昂贵。 Techniques are known for generally approved based on the digital signature using a public key encryption scheme, calculated from the point of view this method is very expensive.

发明内容 SUMMARY

本发明克服了现有技术装置的这些和其它缺点。 The present invention overcomes these and other drawbacks of the prior art devices.

本发明的一个一般目标是提供为通信系统中的服务提供者和用户之间的服务协议的认可提供有效健壮的方案。 A general object of the present invention is to provide a service agreement between the user and those for the communication system to provide effective service robust recognition program.

本发明的一个目标是提供一种使服务提供者能够证明或验证用户的确已经接受了给出的服务协议的方案。 An object of the present invention is to provide a proof of the service provider to verify the user or program has indeed accepted given service agreement.

例如,服务提供者可能会对能够证明用户已经同意为一项服务付费感兴趣,包括接受的服务费用的验证。 For example, a service provider might be able to prove that the user has agreed to pay interest as a service, including receiving verification of service costs.

本发明的另一目标是为通信系统中改进的基于询问-响应的鉴定和密钥协定(AKA)提供一种机制。 Another object of the present invention is an improved system for the communication based on a challenge - provides a mechanism for authentication and key agreement response (AKA).

这些和其它目标由所附权利要求定义的本发明来满足。 These and other objects of the present invention as defined by the appended claims to satisfy.

简单地说,本发明通常引入第三可信方,所谓的服务协议管理器。 Briefly, the present invention is typically introduced trusted third party, called service protocol manager. 本发明所基于的思想是,服务协议管理器与用户终端共享一个密钥并且服务提供者与服务协议管理器有信用关系。 The invention is based on the idea that the management services agreement with user terminals to share a secret key and the service provider and the service agreement management has credit relationships. 本发明提出的认可方案还基于对相关服务协议信息的准备,根据共享密钥对这个信息的加密处理,以便生成用户签署的服务协议验证信息。 Recognition scheme proposed by the present invention is also based on a service agreement prepared information, shared key encryption process according to this information, so as to generate a user service agreement signed authentication information. 用户签署的验证信息随后被转发给服务提供者,以使能够根据服务提供者和服务协议管理器之间的信用关系实现对该服务协议的验证。 User authentication signed information is then forwarded to the service provider, so that the service can achieve certification under the credit agreement relationship between service providers and service protocol manager.

服务协议管理器可以是管理或参与管理服务提供者和用户之间的服务协议的任意可信方,如可以实现在通信系统的网络运营商端。 Service Management Protocol Manager or may be involved in the management service agreement between the service providers and users of any trusted party, such as a network operator may be implemented in a communication system side.

服务协议管理器甚至可以分散在不同结点或不同方之间,如可以包括用户身份代理和安排在服务提供者和身份代理之间的付款代理。 Service agreement manager can even be dispersed between different nodes or different parties, such as agents may include user identity and arrange payment agency between the service provider and the identity of the agent. 这种情况下,在服务提供者、付款代理和身份代理之间建起了一个信用链,而用户终端通常与身份代理共享密钥。 In this case, between the service provider, paying agent and the identity of the agent built a chain of credit, and the user terminal and the identity of the agent is usually shared key.

服务协议信息的准备通常是由服务提供者完成或初始化,但应该理解,只要用户和服务提供者都接受该协议,这个信息就可以由所涉及各方中的任一方来准备。 Information service agreement preparation is usually done by a service provider or initialized, it is understood that as long as the users and service providers have to accept the agreement, this information can be prepared either by the parties involved in.

对服务协议信息的加密处理通常在用户端完成,但有些情况下也可以涉及服务协议管理器。 Encryption processing protocol information service client typically completed, but in some cases may also involve protocol manager service. 优选地,用户终端根据从共享密钥局部导出的认可密钥进行加密处理,以便生成所需验证信息。 Preferably, the user terminal is encrypted partial key derived from the shared key recognition, in order to generate the required verification information.

服务提供者接收用户签署的验证信息并有能力存储这个信息的起码的事实可以阻止用户否认输入的服务协议。 Service provider receives user authentication information signed and the ability to store the mere fact that information can prevent users from denying service agreements entered. 如果希望或合适,可由服务协议管理器、甚至直接由服务提供者在线或离线进行实际验证。 If you desired or appropriate, by the service protocol manager, or even directly by the service provider online or offline, the actual verification.

例如,服务协议管理器可以至少部分根据准备的服务协议信息和共享密钥生成期望的验证信息,并在需要时验证从服务提供者转发来的用户签署的验证信息是否对应于期望的验证信息。 For example, service agreement manager may generate at least part of the desired service according to the authentication information, and protocol information of the shared key preparation, and verify forwarded from the service provider to the user-signed authentication information corresponding to the desired authentication information when needed.

用户签署的验证信息可以由用户终端响应从服务协议管理器发起的询问或基于用户端发起的记帐单而方便地生成,这两种情况下都要结合给出的服务协议信息。 The user authentication information may be signed response initiated by the user terminal from the service manager queries or protocol based on the user initiates the single accounting conveniently generated must be given in conjunction with the service protocol information in both cases.

但是,也可在服务协议管理器端和用户端都对服务协议信息进行加密处理。 However, the service may have to be encrypted protocol information in the service protocol manager in the clients. 这种情况下,服务协议管理器优选地根据共享密钥生成服务协议信息的加密表示并把这个表示转发给用户终端(通常是通过服务提供者),然后在用户端会根据共享密钥处理接收到的加密表示以生成正确的验证信息。 In this case, the service manager protocol, preferably according to the encrypted shared key generation information represents a service agreement and this represents forwarded to the user terminal (typically by a service provider) and receives the shared key according to the client process the encrypted expressed to produce the correct verification information.

例如,对基于记帐单的解决方案,服务协议管理器侧的加密处理可以包括对基于准备的服务协议信息生成的记帐单的加密,用户端处理则一般包括对加密的记帐单的解密。 For example, a single billing based solutions, the encryption processing protocol manager service may include an encryption side for generating billing information based on a single preparation of the service agreement, client billing process is generally comprises decrypting the encrypted single .

应该理解,服务协议信息可以是一般的电子合同。 It should be understood, service information may be general agreement electronic contract. 但是,本发明已经证明在服务协议信息包括服务收费信息并且服务协议管理器充当付款提供者或代表服务提供者充当收费中心的应用中尤其有用。 However, the present invention has proven protocol information services including service fees and service information protocol manager acts as a payment provider or on behalf of the service provider acts as a particularly useful application fee in the center.

对一般的合同签署,一个允许服务提供者离线验证的特殊设计的实施方案涉及通过相同掩蔽函数的本地实例掩蔽由服务协议管理器生成的期望的验证信息以及用户签署的验证信息。 Contract signed general, one embodiment allowing for offline authentication of the service provider relates to a specially designed mask Examples verification information generated by the service manager protocol desired by the same local masking function authentication information and user-signed. 由服务协议管理器掩蔽根据共享密钥和一般合同生成的期望的验证信息并转发给服务提供者。 Masked by the service agreement manager generates a shared key according to the contract and the general expectations of the authentication information and forward it to the service provider. 服务提供者从用户端接收到用户签署的验证信息并掩蔽它,因而能够通过比较掩蔽后的期望验证信息和掩蔽后的用户签署的验证信息在服务提供者端验证服务协议。 Service provider from a user receives user authentication information and masking signed it, so the user can verify the information and masking signed authentication information in the service provider side validation service agreement by expectations of a comparison mask.

有利地,服务协议管理器通过作为基于正常询问-响应的验证和密钥协定过程中的随机询问施加对合同的加密散列而生成期望的服务协议验证信息。 Advantageously, the service manager via a protocol based on the normal interrogation - authentication protocol is applied to the information service contract cryptographic hash to generate a desired random challenge authentication and key agreement procedure in response.

在一系列特别有用的实施方案中,服务协议的认可与用于网络接入的基于询问-响应的验证和密钥协定(AKA)(例如GMS/UMTS AKA)过程集成在一起,使用通常用于AKA的相同共享密钥。 In a series of particularly useful embodiment, the authorized service agreement with a network access based on a challenge - response authentication and key agreement (the AKA) (e.g. GMS / UMTS AKA) integrated process, generally used AKA the same shared key. 这意味着可以复用已有的基础结构。 This means that you can reuse the existing infrastructure.

与本发明明显相反,用于提供服务协议认可的现有技术是基于服务提供者和用户终端之间直接的公共密钥加密方案,采用不对称密钥对。 In clear contrast to the prior art and the present invention, for providing a service agreement is based on direct recognition of the public key encryption scheme between the service provider and the user terminal based on the asymmetric key pair.

尽管不必要,但已经证明把用于服务协议认可的密钥材料和用于普通AKA的密钥材料分开还是有好处的。 Although not necessary, but it has proved a key material used to separate service agreement and approval of key material used for ordinary AKA is still good. 在这方面,用于认可的键控材料甚至可以被绑定到和鉴定管理器协同工作的特定付款代理,其中用户终端与鉴定管理器共享密钥。 In this regard, keying material for approved even be tied to a specific paying agents and managers work together to identify where the user terminal and identification manager shared key.

在本发明的另一相关方面,采用了上述隔离方案以改进基于询问-响应的验证和密钥协定(AKA)。 In another related aspect of the present invention, using the embodiment of the separator based on a challenge to improve the - authentication and key agreement (AKA) response. 简单地说,通过用预定的函数(如伪随机函数)把用于访问由网络运营商管理的网络的第一组AKA参数同用于访问由服务提供商提供的服务的第二组AKA参数分开,可以改进普通的AKA过程,用第一组AKA参数的至少一部分的表示作为生成第二组AKA参数的输入。 Briefly, separated by a predetermined function (e.g., pseudo-random function) for access by the first set of AKA parameters of the network managed by network operators for accessing different services offered by the service provider of the second set of parameters AKA , normal AKA procedure can be improved, represented by a first set of at least a portion of the AKA parameters as generate a second set of AKA input parameter. 这样做的优势是,即使用于服务访问的密钥材料丢失或被盗,它也不能被用于基础网络访问。 The advantage of this is that even if the key material for the service access is lost or stolen, it can not be the basis for network access.

本发明提供下列优势:对通信系统中服务协议的有效健壮的认可防止用户否认输入的服务协议为网络运营商提供充当可信服务协议管理器的新的商业可能。 The present invention provides the following advantages: the communication system of effective robust service agreement to prevent users from denying approval of a service agreement to provide input to act as a trusted service manager protocol for network operators new business possible. 例如,运营商可以获得付款过程中的自然角色。 For example, operators can obtain a natural role in the payment process.

扩展基本的询问-响应过程(如UMTS/GSM AKA)的有效途径,使得能够将付款协议绑定到用户鉴定。 Extend the basic query - response effective way to process (e.g., UMTS / GSM AKA), so that payment can be bound to the user authentication protocol.

用现有基础结构方便迁移。 With existing infrastructure to facilitate migration.

容易实现,不必引入新的GSM或UMTS用户标识模块(SIM)。 Easy to implement, not necessary to introduce new GSM or UMTS subscriber identity module (SIM). 反正总要改变终端以容纳新的付款协议。 Anyway, always have to change to accommodate the new payment terminal agreement.

在阅读下面对本发明实施方案的描述后会理解本发明所提供的其它优势。 Will be understood by reading the following other advantages of the present invention provides a description of embodiments of the present invention.

附图概述参考下面结合附图所作的描述能够最好地理解本发明以及其中的更多目标和优势,附图中:图1是依照本发明的优选实施方案的基本参与者和它们的相互关系的示意简图;图2是当移动用户漫游到一个被访网络时移动通信系统中主位置鉴定的信号交换示意图;图3是用于以今天通常实现在蜂窝系统中的方式带有委托验证的鉴定的信号交换示意图;图4是依照本发明的优选实施方案为所提出的服务协议认可通用方案示出整体结构和基础的示意图;图5是使用专用认可密钥的服务协议认可以及可能的离线验证的示例性信号交换示意图;图6A是使用专用认可密钥的服务协议在线验证的示例性信号交换示意图;图6B是使用已有的AKA密钥作为认可密钥的服务协议在线验证的示例性信号交换示意图; BRIEF DESCRIPTION reference to the following description taken in conjunction with the accompanying drawings can be best understood additional objects and advantages of the present invention and wherein, in the drawings: FIG. 1 is a preferred embodiment in accordance with the basic embodiment of the participants in the present invention and their interrelationships is a schematic diagram of; FIG. 2 when the mobile subscriber roams to a location of a mobile communication system identified in the primary handshake schematic view of a visited network; FIG. 3 is typically implemented in a manner today in a cellular system with delegate authentication a schematic view of exchange identification signal; FIG. 4 is recognized in accordance with a preferred embodiment of the present invention to serve the proposed protocol and the general scheme schematic overall configuration of the base shown; FIG. 5 is a private key is recognized and possible service agreements approved offline a schematic view of an exemplary authentication handshake; FIG. 6A is a schematic view of an exemplary handshake endorsement key dedicated line verification service agreement; FIG. 6B is a conventional AKA key as the key of the service agreement recognized exemplary online authentication schematic handshake;

图7A是通过掩蔽后的鉴定数据结合服务协议的离线验证建立用户鉴定证据的示例性信号交换示意图;图7B是对服务协议的认可使用专用密钥或已有的AKA密钥,通过掩蔽后的鉴定数据结合鉴定及服务协议的在线验证建立用户鉴定证据的示例性信号交换示意图;图8A是基于记帐单的认可以及可能的在线验证的示例性信号交换示意图;图8B是基于记帐单的认可以及在线验证的示例性信号交换示意图;图9是基于记帐单的认可的示例性信号交换示意图,其中基本记帐单是由鉴定/付款管理器代表用户准备的;图10是基于引入允许服务提供者离线验证的掩蔽后的验证数据的合同签署的示例性信号交换示意图;图11是图10的合同签署实现的示例性信号交换示意图;图12A是基于不同的分离的密钥组的AKA-集成服务协议认可以及可能的离线验证的示例性信号交换示意图;图12 7A is an exemplary signal verification evidence to establish user authentication data by identifying a schematic view of exchange masked binding offline service agreement; FIG. 7B is a recognition of the service protocol using the private key or an existing AKA key, by masking the identification and authentication data binding online service authentication protocol to establish user authentication exemplary signal exchange schematic evidence; FIG. 8A is a single billing recognition and possibly online authentication handshake exemplary schematic based; FIG. 8B is a billing ticket based on recognition and verification exemplary signal line schematic exchange; FIG. 9 is a schematic diagram of an exemplary handshake recognition based on the billing ticket, which is substantially a single billing identification / preparation payment manager on behalf of a user; FIG. 10 is based on allowing the introduction exemplary handshake schematic view of the verification service provider masking off the contract signed authentication data; FIG. 11 is a schematic diagram of an exemplary signal exchange signed contract implementation of FIG. 10; FIG. 12A is based on the separation of different AKA key group - integrated services protocols approved offline authentication and possibly exchange a schematic diagram of an exemplary signal; FIG. 12 B是基于不同的分离的密钥组的AKA-集成服务协议认可以及在线验证的示例性信号交换示意图;图13是引入身份代理以及付款代理,采用身份代理、付款代理和服务提供者之间建立起的信用链的分布式实现的示例性示意框图;图14是图13所示配置的后付费场景中服务协议认可的示例性信号交换示意图;图15是图13所示配置的预付费场景中服务协议认可的示例性信号交换示意图;图16是依照本发明的优选实施方案示出服务协议管理器的一个示例的示意框图;图17是依照本发明的优选突施方案示出服务提供者的一个示例的示意框图;图18依照本发明的优选实施方案示出用户终端的一个示例的示意框图。 B is AKA- Integrated Services protocols approved separate different set of keys and a signal exchange diagram of an exemplary line-based authentication; FIG. 13 is introduced into the identity of agents and paying agents, using the identity of the agent, and the agent is established between the payment service provider a schematic block diagram of an exemplary distributed implementation of credit from the chain; FIG. 14 is a schematic view of an exemplary service agreement handshake recognition scene after the configuration shown paid 13; FIG. 15 FIG. 13 is a prepaid arrangement shown in the scene service agreement recognized exemplary signal exchange schematic; FIG. 16 is in accordance with a preferred embodiment of the present invention is shown a schematic block diagram of an example of a service protocol manager; FIG. 17 is in accordance with the present invention preferably is suddenly applied embodiment shown service providers a schematic block diagram of one example; Figure 18 shows a schematic block diagram of an example of a user terminal according to a preferred embodiment of the present invention.

发明实施方案详述贯穿这些图中,相同的参考字符将用于相应或相同的部件。 DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION throughout the figures, the same reference characters will be used for corresponding or identical components.

综述从参考图1概述基本参与者和他们的相互关系开始可能会有益一些,图1是依照所提出的发明的通信系统的示意概观。 1 Overview Referring to FIG Summary of the participants and their fundamental interrelationships may be beneficial to a number of start, FIG. 1 is a schematic overview of a communication system in accordance with the proposed invention.

基本参与者包括用户10、服务提供者20和通常称为信用提供者30的附加方,信用提供者可以代表服务提供者和/或用户完成不同的任务。 Participants include basic user 10, service provider 20 and commonly referred to as additional party credit provider 30 may provide credit on behalf of the service provider and / or user to perform different tasks. 信用提供者30和用户(或者是正确配置的用户终端)之间有通过共享密钥建立起的信用关系。 There are credit relations established by the shared key 30 between the credit provider and the user (or user terminal is properly configured). 信用提供者30和服务提供者20可以有一个表明为契约形式的信用关系的协议。 30 credit providers and service providers 20 can have a show for the credit agreement in the form of contractual relationship. 用户10和服务提供者20之间的关系通常看作是导出的信用关系,这种信用关系是在请求或启动由服务提供者提供的服务时建立的。 20 relationship between the user and the service provider 10 commonly regarded as export credit relations, credit relations that are established when a service request or start provided by the service provider.

信用提供者可以和用户与之有信用关系的网络运营商相关,例如这种信用关系是通过订购或预付费帐户而建立的。 Credit providers and users can have credit relations with the relevant network operators, such as credit relationship that is by subscription or prepaid account established.

这个建立的信用关系通常通过激活询问-响应过程(如用于GSM/UMTS的AKA(验证与密钥协定)过程和/或类似的过程)的共享密钥以加密关系表明。 The establishment of the credit relationship is usually asked by activation - response process (such as for GSM / UMTS AKA process is (authentication and key agreement) and / or similar process) shared key encryption in order to show the relationship. 网络运营商可以和服务提供者有协议,该协议通常由类似的加密关系表明。 Network operators and service providers have a protocol, which usually indicates a similar encryption relations. 服务提供者随后可以为和它们的服务的终端用户进行间接相互验证采用询问-响应过程,例如GSM/UMTSAMA。 The service provider may then end-user service and their mutual authentication is performed using the indirect query - response process, e.g. GSM / UMTSAMA.

已知当一个移动用户漫游到由所谓被访运营商管理的另一网络中时,使用归属运营商作为用户验证的信用基础,如图2和图3的示意说明。 Known that when a mobile subscriber roams to a visited network when a so-called another managed by an operator, a credit basis as the home operator of user authentication, 2 and 3 schematically illustrate in FIG.

图2是当一个移动用户漫游到一个被访网络中时由移动通信系统中的归属运营商用在线验证进行用户鉴定的信号交换示意图。 FIG 2 is a schematic view of exchange signal subscriber roams to a visited network operators use online authentication by the mobile communication system identified as a home user of a mobile.

基本的UMTS AMA过程采用共享密钥Ki,例如与用户-运营商订购相关的订购密钥或从中导出的密钥,以产生对询问的响应以及两个会话密钥,一个用于机密性保护(Ck),一个用于用户和被访运营商之间流量完整性保护(Ik)。 The basic UMTS AMA process using shared key Ki, such as the user - operator ordered the relevant subscription key or keys derived therefrom, to produce a response to the inquiry and two session keys, one for confidentiality protection ( Ck), one for traffic between the user and the visited operator integrity protection (Ik). 归属运营商,或者更确切地说是HSS/AuC(主用户服务器/鉴定中心)和HLR/AuC(HLR,归属位置寄存器),生成一个随机询问(RAND)以及鉴定令牌(AUTN),鉴定令牌后来由用户用来验证询问是新的并且是由归属运营商生成的。 The home operator, or, more precisely HSS / AuC (primary subscriber server / Identification Center) and HLR / AuC (HLR, Home Location Register), generates a random challenge (the RAND) and an authentication token (the AUTN), Order Identification later used by the card user authentication challenge is new and is generated by the home operator. 从这个询问用共享密钥计算响应(RES/XRES)和密钥(Ck,Ik)。 Calculated from this query response (RES / XRES) and keys (Ck, Ik) with the shared key. 在GSM AKA中,不生成完整性密钥或鉴定令牌,但基本的询问-响应过程是相同的。 In GSM AKA, the integrity key is not generated or the authentication token, but the basic query - response procedure is the same. 共享密钥通常实现在GSM移动装置中所用的SIM卡或UMTS移动装置中所用的UMTS SIM卡(USIM),取决于AKA实现。 The shared key is typically implemented in a mobile device used in the GSM SIM or UMTS mobile device used in the UMTS SIM card (USIM), depending AKA achieved.

参考图2,它或多或少地与标准可扩展鉴定协议(EAP)对应,下面总结了实现所需信令的一种途径:在初始阶段,用户发送标识符到被访运营商,并且被访运营商将该标识符转发到归属运营商。 Referring to Figure 2, it can be more or less standard Extensible Authentication Protocol (EAP) corresponding to, the following summarizes a means to achieve the desired signaling: in the initial stage, the user identifier is sent to the visited operator and is visit the operator identifier forwarded to the home operator. 根据这个标识符,归属运营商端的HSS/AuC或等效单元获取相应的密钥,生成一个五位字节(RAND、AUTN、Ck、Ik、XRES)并发送1.询问(RAND)、鉴定令牌(AUTN)到被访运营商。 According to this identifier, the home operator side HSS / AuC or equivalent means acquires the corresponding key, generates a five byte (RAND, AUTN, Ck, Ik, XRES) and transmits 1. query (the RAND), Order Identification brand (AUTN) to the visited operator. 这些参数由被访运营商转发给用户。 These parameters are forwarded by the visited operator to the user.

2.询问(RAND)、鉴定令牌(AUTN)用户检查该AUTN,如果没有问题,就计算响应(RES)、机密性密钥(Ck)和完整性密钥(Ik)。 2. Ask (the RAND), an authentication token (the AUTN) that the user checks the AUTN, If not, it calculates a response (the RES), confidentiality key (Ck) and integrity key (Ik). 响应通过被访运营商发回归属运营商3.响应(RES)4.响应(RES)归属运营商检查RES是否等于期望的响应(XRES)。 Response by the visited operator back home operator 3. response (RES) 4. Response (RES) attributable to the operator to check whether the RES equal to the expected response (XRES). 如果是就把密钥安全地传送到被访运营商。 If the key is put safely transferred to the visited operator.

5.完整性和机密性密钥(Ik和Ck)。 The confidentiality and integrity key (Ik, and Ck).

归属运营商看到来自终端用户的RES并证实该终端用户已经通过被访运营商通过鉴定。 RES home operator from seeing the end-user and confirmed by the end-user has visited operator through the identification. 但是,归属运营商没有该用户已经接受了什么服务的证据。 However, the home operator is not the user has accepted the evidence of what services.

如果以今天在蜂窝系统中所做的方式实现该信令,那么归属运营商甚至将没有用户鉴定的证据。 If done in a way today to achieve this cellular signaling system, then the home operator is no evidence even user authentication. 这种情况下,参考图3,信令如下:1.RAND、AUTN、Ik、Ck、XRES2.RAND、AUTN用户检验AUTN,如果没有问题,就计算响应RES、机密性密钥Ck和完整性密钥Ik。 In this case, with reference to FIG. 3, the signaling follows: 1.RAND, AUTN, Ik, Ck, XRES2.RAND, AUTN the user to verify the AUTN, there is no problem if, in response to the RES calculated, integrity and confidentiality key Ck adhesion key Ik.

3.RES被访网络检查RES是否等于XRES。 3.RES visited network checks RES is equal to XRES. 如果是,则该用户通过验证。 If so, the user is authenticated.

对服务协议认可的示例性通用方案图4是为依照本发明的优选实施方案所提出的服务协议认可通用方案示出整体结构和基础的示意图。 Service general agreement recognized exemplary embodiment FIG. 4 is a schematic diagram showing the general scheme of the overall structure and recognized as service agreements based According to a preferred embodiment of the present invention proposed.

发明人已经认识到服务提供者必须能够证明用户已经接受了给出的用户协议,尤其是用户已经同意为该服务付费,包括接受的服务费用的验证(服务协议/服务费用的用户认可)。 The inventors have recognized that the service provider must be able to prove that the user has accepted the user agreement is given, in particular, the user has agreed to pay for the service, including (user service agreement / service costs recognized) to verify acceptable service costs. 这在通过或借助第三可信方(如网络运营商或等效方)进行用户鉴定和付款/收费时尤其重要。 This is especially important when a user or by identification and payment / charging means trusted third party (e.g., the network operator side or equivalent).

因此,为了服务提供者和用户之间的服务协议认可起见,提议信用提供者30代表服务提供者和/或用户充当通用服务协议管理器。 Therefore, in order to service agreement between the service provider and user acceptance reasons, the proposed 30 credit providers on behalf of the service provider and / or act as a common user services protocol manager. 依照本发明的优选基本实施方案的认可方案包括对相关服务协议信息的准备,以及根据服务协议管理器和用户终端之间共享的密钥对准备的信息的加密处理,以便生成用户签署的服务协议验证信息。 In accordance with a preferred embodiment approved basic embodiment of the present invention includes information on a service agreement preparation, and the preparation of the encryption process information in order to generate user-signed service agreement between the service according to the shared protocol manager key and user terminals verify message. 用户签署的验证信息随后被转发给服务提供者,以能够根据服务提供者和服务协议管理器之间的信用关系实现对服务协议的验证。 User authentication signed information is then forwarded to the service provider, to enable verification of the service agreement in accordance with the credit relationship between service providers and service protocol manager.

适当电子形式的服务协议信息(电子合同)的准备通常是由服务提供者在合同准备/初始化单元22中完成或至少由它初始化的,但这个信息可以由涉及到的任意一方准备,只要用户和服务提供者接受该协议。 Information (electronic contract) to prepare a suitable electronic service agreements typically / initialization unit 22 is completed or at least initiated by it in the contract prepared by the service provider, but this information may be made either preparation involved, as long as the user, and service providers accept the agreement. 例如,服务协议管理器30可以选择代表服务提供者20准备该服务协议信息。 For example, the service protocol manager 30 may choose to represent the service provider 20 prepare the service protocol information.

对服务协议信息的加密处理通常是在用户端在用户终端10中的防篡改模块12中完成。 Encryption processing protocol information service is typically done in the UE 10 in the user terminal 12 of the tamper-resistant module. 优选地,用户终端10根据从共享密钥局部导出的认可密钥在加密引擎14中完成加密处理,以便生成所需的验证信息。 Preferably, the user terminal 10 completes the encryption process in the encryption engine 14 according to the shared key derived from the partial endorsement key, to generate authentication information required. 但是,在一些实现中,加密处理可以由用户终端10在加密引擎14中并且由服务协议管理器30在加密引擎34中完成。 However, in some implementations, the encryption process may be performed by the user 10 and the terminal 30 in the encryption engine 14 by the service manager in the protocol encryption engine 34.

用户签署的验证信息被安全地从用户终端10转发到服务提供者20的起码的事实可能有拒绝-阻止效果。 Users signed authentication information is securely forwarded from the user terminal 10 to the mere fact that a service provider may have refused 20 - stop effect. 但是,优选地,验证是由服务协议管理器在线或离线进行的,或者由服务提供者直接进行。 However, preferably, the verification is performed by a protocol manager service online or offline, or directly by the service provider. 在离线过程中,验证信息包括至少用户签署的验证部分,并且优选地还包括相应的询问或和用户身份一块儿的其它输入,验证信息通常被存储在一个存储单元中,服务提供者20随后可从该存储单元获取验证信息并提供其作为用户已经接受该服务协议的证据。 In the offline process, the verification information comprising at least a portion of the user signature verification, and preferably further comprise respective interrogation or other input and user's identity together, typically in an authentication information storage unit, then the service provider 20 can store obtain and verify information provided as evidence of its users have to accept the service agreement from the storage unit. 在在线过程中,验证信息通常被从服务提供者20或多或少地直接转发给服务协议管理器30,由此激活在线证据。 In the online process, the verification information is often forwarded directly from the service provider 20 or less to the service protocol manager 30, thereby activating the online evidence. 根据给出的验证信息,服务协议管理器30随后可以进行相关的计算和/或比较,以在验证单元36中验证用户是否已经实际接受了该服务协议。 Given authentication information, service agreement manager 30 may then be calculated according to the relevant and / or compared in the verification unit 36 ​​to verify whether the user has actually received the service agreement.

服务协议管理器可以方便地与包括用户ID和一组用户的相关密钥Ki的数据库相关联。 Service protocol manager can be easily associated with a key including a user ID and a group of users Ki associated with the database. 这使得服务协议管理器能够出于各种目的(例如生成用户鉴定参数、服务协议信息和/或服务协议验证的加密处理)根据相应的用户ID访问给定用户的相关密钥。 This allows the manager to the service agreement for various purposes (e.g., generates a user authentication parameter, service agreement information and / or service agreement authentication encryption processing) related to a given user access key based on the corresponding user ID.

如后所述,验证还可以由服务提供者20在验证单元26中直接进行。 As described later, may also be verified directly by the 26 service provider 20 in the authentication unit.

服务提供者20和服务协议管理器30之间的信用关系应该为服务提供者关于所做声明或由服务协议管理器提供的数据提供保证。 20 service providers and service agreements between the credit relations manager 30 should provide for the service provider or statement made on data provided by the service manager provide a guarantee agreement. 因为发送的信息(例如,服务协议信息、计费数据、鉴定参数和/或其它适当的信息)通常被看作是敏感的并且通信方的身份是上述保证所必需的,所以服务提供者和服务协议管理器之间的通信链路应该是安全的。 Because the information (e.g., service agreement information, billing data, authentication parameters, and / or other suitable information) is usually regarded as a sensitive and the identity of the communicating parties is necessary to ensure the above, the service providers and service the communication link between the protocol manager should be safe. 这可以通过(如)使用TLS或IPSec或加密/签署单个消息而实现。 This may be (e.g.) using IPSec or TLS or encryption / signing of a single message is achieved.

服务协议的AKA-集成认可/验证从在服务协议的AKA-集成认可/验证环境中开始描述本发明可能会有用一些。 AKA- integrated service agreement approved / verified from the beginning recognized in AKA- integrated service agreement / verification environment described in this invention may be of some use.

在一系列优选实施方案中,服务协议的认可尤其是服务费用是和用于网络访问的基于询问-响应的鉴定和密钥协定(AKA)(例如GMS/UMTS AMA或类似的鉴定)集成在一起的,使用通常为AKA所采用的相同共享密钥。 In a series of preferred embodiments, in particular authorized service agreement and service charges for network access is based on a challenge - Integration of authentication and key agreement response (the AKA) (e.g. GMS / UMTS AMA identification or the like) together using AKA typically used the same shared key. 采用AKA-集成的认可的很大优势是可以复用已有的基础结构。 The integrated use of AKA- recognized great advantage is you can reuse the existing infrastructure.

在这个上下文中,通常假定可信服务协议管理器为鉴定用户、授权用户访问服务和/或建立用户已经同意服务使用条件的证据而充当鉴定/付款管理器。 In this context, it is generally assumed that the trusted service manager protocol to authenticate the user, authorized user access to services and / or evidence to establish that the user has agreed to act as the service conditions of use and identification / Payment Manager. 在典型场景中,网络运营商可以将鉴定/付款管理器实现为用于建立用户和访问点之间的可靠和安全通信的安全系统。 In a typical scenario, the network operator can identify / Payment Manager is implemented as a security system for establishing a reliable and secure communication between the user and the access point. 运营商还和服务提供者有信用关系并在这些安全链路上与它们通信。 Operators and service providers also have credit relations and security on these links to communicate with them. 响应服务访问请求,鉴定/付款管理器采用与发出请求的用户共享的密钥(通常表示为Ki)以帮助鉴定、受权、认可和/或付款或收费过程。 Response service access request, identification / payment management uses shared with the requesting user key (usually expressed as Ki) to help identify, authorized, approved and / or payment or charging process.

关于服务费用,为服务付费的用户协议可以被绑定到UMTS/GSMAMA或类似鉴定。 About service fee, users pay for the service agreement can be bound to the UMTS / GSMAMA or similar identification. 这优选地应该以可以向服务提供者确保用户不会在后来阶段拒绝服务协议的这种方式来实现。 This should preferably be the service provider to ensure that users will not later stage in this way to achieve denial of service agreement.

图5是使用专用认可密钥的服务协议认可以及可能的离线验证的示例性信号交换示意图。 FIG 5 is a private key is authorized service agreements may be recognized and verified offline schematic exemplary signal exchange. 在这个例子中,用附加会话密钥以及附加服务协议信息的获取扩展了普通的询问-响应(AKA)方案,所获取的附加会话密钥将只在用户和运营商之间共享。 In this example, the session key to obtain additional information and additional service protocol using the extended ordinary query - response (AKA) scheme, the acquired additional session key shared only between the user and the operator.

考虑到想要访问由服务提供者提供的服务的用户。 Taking into account the user wants to access services provided by the service provider. 通常在提供服务之前必须鉴定该用户。 Usually necessary to identify the user before providing the service. 用户ID不必是一个公共标识符,但它应该允许映射到一个用户相关的密钥Ki,它能使得对正确的帐户正确地进行收费。 User ID does not have to be a public identifier, but it should be allowed to be mapped to a user associated key Ki, so that it can be charged to the correct account correctly. 例如,如果用户和归属运营商有订购关系,密钥Ki可以是订购密钥,或者是与预付费帐号相关的加密密钥。 For example, if the user and the home operator has a subscription relationship, the key Ki can be ordered key, or associated with the prepaid account of the encryption key. 用户ID的传输通常由虚线表示,因为这可以看作是初始化阶段,还部分因为这可能是服务提供者和运营商之间的鉴定向量批处理的一部分。 Transmitting the user ID is generally indicated by dashed lines, since this can be seen as an initialization phase, but also because it may be part of a vector to identify a part of a batch of between service providers and operators. 通常需要服务提供者从用户接收能够用于确定与用户相关的鉴定/付款管理器的身份的信息;例如用户的归属运营商的身份。 Usually require the service provider to receive information identity identification / payment manager associated with the user able to determine from the user; for example, the identity of the subscriber's home operator. 这使得服务提供者能够在对AKA参数的请求中转发用户ID到相关鉴定/付款管理。 This allows the service provider can be forwarded to the relevant user ID identification / management in the request for payment AKA parameters. 根据接收到的用户ID,鉴定/付款管理器识别出密钥Ki并生成适当的AKA参数。 According to the received user ID, identification / manager identifies the payment and generates the appropriate key Ki AKA parameters. 鉴定/付款管理器生成随机询问RAND并根据密钥Ki和随机询问RAND为给定函数g的输入而计算出期望的响应XRES,并且还根据Ki和RAND生成普通的完整性和机密性密钥Ik和Ck。 Identification / payment manager generates a random challenge RAND and the key Ki in accordance with the random challenge RAND and an input of a predetermined function g calculated expected response XRES, and also generates a common key Ik integrity and confidentiality in accordance with Ki and RAND and Ck.

用户应该还同意为该服务付费。 Users should also agree to pay for the service. 协议应该使得服务提供者以后能够证明用户确实同意了协议。 The agreement should enable a service provider can prove that users do agree that after the agreement. 这里的思想是在进行用户鉴定和密钥协定并且生成鉴定参数(如RAND和XRES,以及完整性和机密性密钥Ik、Ck)的同时,生成附加的服务协议认可密钥,表示为Rk。 The idea here is carrying out user authentication and key agreement and generates identification parameters (such as RAND and XRES, as well as the integrity and confidentiality of key Ik, Ck) at the same time, generate additional service agreements endorsement key, denoted as Rk.

下面总结了基本的示例性信号交换:1.RAND、AUTN、Ik、Ck、XRES服务提供者生成服务协议信息,所生成的服务协议信息包括一个或多个信息项,如服务标识、服务费用、有效次数、服务提供者标识符等等。 The following summarizes the basic example signal exchange: 1.RAND, AUTN, Ik, Ck, XRES service provider generates the service contract information, the generated information comprises a service agreement or a plurality of information items, such as service identification, service charges, effective frequency service provider identifier, and so on. 下面,通过表示一个给定值(服务单元费用)的费用参数COST_UNIT举例说明服务协议信息。 Here, by representing a given value (unit charge service) cost parameters COST_UNIT illustrates protocol information service. 如果希望的话,这个费用参数还可伴随一个nonce以将其随机化、伴随一个时间戳以指示有效时间、还可伴随服务标识符和服务提供者标识符。 If desired, this can also be accompanied by a nonce cost parameters to be randomized, with a time stamp to indicate a valid time, also accompanied by a service identifier and service provider identifier.

2.RAND、AUTN、COST_UNIT用户检查AUTN,如果没有问题,就按照标准AKA方案计算响应RES、机密性密钥Ck和完整性密钥Ik。 2.RAND, AUTN, COST_UNIT the AUTN the user to check, if there is no problem, the program calculates according to standard AKA response to the RES, the confidentiality key Ck and integrity key Ik. 除此之外,扩展AKA方案生成认可密钥Rk,它也基于共享密钥Ki和RAND。 In addition, the expansion of the program to generate AKA endorsement key Rk, it is also based on a shared key Ki and RAND. Rk随后被用来在RAND和COST_UNIT之上计算MAC(消息鉴定码)COST_MAC。 Rk is then used to compute a MAC (Message Authentication Code) COST_MAC on RAND and COST_UNIT. COST_MAC=MAC(Rk,RAND||COST_UNIT)。 COST_MAC = MAC (Rk, RAND || COST_UNIT). COST_MAC和鉴定响应RES一起被返回给服务提供者。 COST_MAC identification response RES and together returned to the service provider. 服务提供者绝不能伪造系统的COST_MAC以实现认可目的。 Service providers must not fake system COST_MAC to achieve recognition purposes.

3.RES、COST_MAC服务提供者检查RES是否匹配XRES。 3.RES, COST_MAC service provider checks whether the RES matches the XRES. 服务提供者还保留验证信息,例如用户ID、RAND、COST_UNIT和COST_MAC以用用户协议以后的证据。 Service providers also retain authentication information, such as evidence with user agreement subsequent user ID, RAND, COST_UNIT and COST_MAC.

如果需要或受到请求,服务提供者可在以后将验证信息转发给运营商端的鉴定/付款管理器。 If you need or by request, the service provider will verify identification at a later relay the information to the operator terminal / Payment Manager.

4.COST_UNIT、COST_MAC、USER ID、RAND运营商端的鉴定/付款管理器随后充当验证器并检查COST_MAC是否等于期望的XMAC=MAC(Rk,RAND||COST_UNIT)以验证用户已经接受了服务协议和服务费用。 4.COST_UNIT, COST_MAC, USER ID, RAND operator terminal identification / payment manager then acts as the authenticator and checks whether the COST_MAC equal to the desired XMAC = MAC (Rk, RAND || COST_UNIT) to verify that the user has accepted the service agreement and service cost.

当然,存在用户伪造COST_MAC的可能。 Of course, there are fake user COST_MAC possible. 为此目的,可以用一些策略对COST_MAC进行随机的在线测试,以防止用户有这种动作。 For this purpose, you can use a number of strategies COST_MAC random online test, users have to prevent such action.

本质上,这个示例性方法是基于用运营商和用户之间共享的认可密钥扩展基本AKA,但这个认可密钥并没有发布给服务提供者。 In essence, this exemplary method is an extension of the basic AKA based with between operators and users to share the endorsement key, but the endorsement key and not released to the service provider. 这个认可密钥可由用户用来“签署”消息,而运营商能够验证用户“签署”了的消息。 The endorsement key is used by the user "signed" message, and the operator can authenticate a user to "sign" the news. 如上所述,一个示例性解决方案是用从RAND导出的密钥将MAC数据连同RAND一起发送给用户并验证数据的可靠性。 As described above, an exemplary solution is to use a key derived from RAND MAC data sent along with the RAND and the user to verify the reliability of data.

应该理解,首先完成普通AKA信令、在服务提供者处验证RES是否等于XRES、并且随后当用户在安全链路上向服务提供者请求服务时完成认可信令同样可行。 It should be understood that first complete AKA ordinary signaling, at the service provider to verify whether the RES equals the XRES, then upon completion of recognition and signaling is also possible to provide the user service request in the service's secure link. 这意味着服务提供者在成功的用户鉴定后,在接收到来自用户的服务请求时发送费用参数COST_UNIT和相关信息给用户。 This means that the service provider after a successful user authentication, send COST_UNIT cost parameters and related information upon receiving a service request from the user to the user. 用户随后计算COST_MAC并返回COST_MAC给服务提供者,以激活对服务协议的验证。 The user then calculates COST_MAC COST_MAC and returned to the service provider, to activate verification of the service agreement.

图6A是用专用认可密钥对服务协议进行在线验证的示例性信号交换示意图。 6A is an exemplary signal-line verification service dedicated endorsement key exchange protocol. FIG. 这个示例涉及在线用户鉴定和服务协议验证。 This example relates to the online user authentication and verification services agreement.

下面总结了基本的示例性信号交换:1.RAND、AUTN服务提供者生成相关的服务协议信息,如服务费用参数COST_UNIT以传输给用户。 The following summarizes the basic example signal exchange: 1.RAND, AUTN service provider generates the service-related protocol information, such as service to the cost parameters COST_UNIT transmitted to the user.

2.RAND、AUTN、COST_UNIT用户检查AUTN,如果没有问题,就计算响应RES、机密性密钥Ck、完整性密钥Ik以及认可密钥Rk。 2.RAND, AUTN, COST_UNIT user checks AUTN, if there is no problem, it is calculated response RES, confidentiality key Ck, Ik and integrity key endorsement key Rk. 计算COST_MAC并将它和对鉴定的响应RES一起返回给服务提供者。 COST_MAC calculated response RES and it is returned together with the identification of the service provider.

3.RES、COST_MAC对在线验证,服务提供者转发RES到运营商端。 3.RES, COST_MAC for online authentication, service providers RES forwarded to the operator terminal. 也可同时把COST_UNIT和COST_MAC附加到RES后。 It may also be simultaneously attached to the rear COST_UNIT and COST_MAC RES.

4.RES、COST_UNIT、COST_MAC鉴定/付款管理器检查RES是否等于期望的响应(XRES)以及COST_MAC是否等于期望的XMAC。 4.RES, COST_UNIT, COST_MAC identification / Payment Manager checks whether the expected response RES is equal to (the XRES) equal to the desired and whether COST_MAC XMAC. 如果用户有一个预付费帐户,管理器还可以检查该用户在他的帐号上是否有足够的存款。 If you have a prepaid account manager you can also check whether the user has sufficient funds in his account. 如果这些条件都满足就把密钥发送给服务提供者。 If these conditions are met put the key service provider to send.

5.Ik、Ck当服务提供者接收到用于保护用户和服务提供者之间的会话的密钥时,这还表示服务协议没有问题。 When 5.Ik, Ck when the service provider receives the key for the session between the user and the protection service provider, said service agreement that there is no problem.

另外,如前参考离线情况所述,首先完成普通AKA信令、并且随后当用户在安全链路上向服务提供者请求服务时再完成认可信令是可行的。 Further, as previously described with reference offline, first complete AKA ordinary signaling, and then to the service when the user over a secure link and then completed by the service request signaling recognition is feasible. 这通常意味着验证RES并将密钥Ik、Ck发送给服务提供者,并且随后由服务提供者在收到服务请求时启动特殊的认可信令。 This usually means RES and verification key Ik, Ck sent to the service provider, and then start a special recognition signaling service request is received by the service provider. 但是,下面将主要用集成AKA和认可信令描述AKA-集成的示例。 However, the following examples will primarily be described with the integrated integrated AKA- AKA signaling and recognition.

图6B是使用已有的AKA密钥作为认可密钥对服务协议进行在线验证的示例性信号交换示意图。 6B is a conventional AKA key as a key recognition services online authentication protocol exchange a schematic diagram of an exemplary signal. 如果服务提供者总是在从运营商端送出密钥之前就进行服务协议的在线验证,那么COST_MAC将和Ik结合在一起作为认可密钥并且不必扩展AKA,以生成特殊的认可密钥Rk。 If the service provider is always on-line verification service agreement before sending the key from the operator's side, and will then COST_MAC Ik together as endorsement key and does not have to extend AKA, to generate special endorsement key Rk. 但是,服务提供者将没有记录并保持服务协议证据的能力,因为他随后将接收密钥Ik用于会话的完整性保护。 However, the service provider will not have the ability to record and proof of service agreement to maintain, because he will then receive a key Ik integrity protection for the session. 运营商可以保持对协议的散列,以使服务提供者不能回去改变数据。 Operators can keep a hash of the agreement, so that service providers can not go back and change the data.

结合掩蔽后的鉴定数据的认可如图7A和图7B所示,可以更改用户鉴定以通过引入掩蔽后的验证数据而允许标识证据,因而使服务提供者能够提供用户已经被实际鉴定通过的有效证据。 Binding masked identification data recognized in FIG. 7A and FIG, 7B can be changed to allow the user to identify the evidence identified by the authentication data after the introduction of masking, thereby making the service provider can provide the user has been identified by the actual effective evidence .

该总体鉴定最初是基于询问-响应过程,在该过程中鉴定/付款管理器生成期望响应XRES并且用户随后生成相应的响应RES。 The generally identified initially based query - response process, the process identification / payment manager generates expected response XRES and the user then generates a corresponding response RES. 这里的基本思想是引入一个掩蔽函数f,它掩蔽生成的期望响应,并传输掩蔽后的期望响应XRES'而不是最初的期望响应XRES给服务提供者。 The basic idea here is to introduce a masking function F, which generate a masked expected response, the expected response XRES and the transmission mask 'than the original expected response XRES to the service provider. 用户以传统方式生成并传输相应的用户响应RES,并且服务提供者因而从运营商端接收掩蔽后的期望响应XRES',以及从用户接收普通用户响应RES。 Users generate and transmit corresponding user response RES in a conventional manner, and the service provider received from the operator side and therefore a desired mask after the response XRES ', and receiving the user response RES from the general user. 服务提供者随后通过在运营商端所用相同掩蔽函数的一个实例计算掩蔽后的用户响应RES'。 Service provider the user after a subsequent instances of the same masking function is calculated by masking the end of the carrier used in response RES '. 为了鉴定用户,服务提供者简单地验证计算出的掩蔽后的用户响应RES'是否与从运营商端接收到的掩蔽后的期望响应XRES'对应。 To authenticate the user, the service provider to verify the user simply masking the calculated response RES 'whether the desired mask from the operator receives a response XRES' corresponds. 该掩蔽过程使得服务提供者能够证明用户已经被正确地鉴定通过,并且同时还防止和/或解除了窃取攻击。 The masking process so that the service provider to prove that the user has been correctly identified by, while also preventing and / or releasing a theft attack.

随后可以在付款被传输之前询问服务提供者以提供响应值、或者优选地响应-询问对和/或服务协议验证信息,以证明该用户已经实际位于该网络中和/或使用了其它服务。 Payment can then be transmitted prior to ask the service provider to provide the response value, or preferably in response - asking for authentication information and / or service agreements, to prove that the user has physically located in the network and / or other services.

显然,鉴定/付款管理器和服务提供者之间有关系,它们之间的关系意味着已经在鉴定/付款管理器和服务提供者之间交换了掩蔽函数。 Clearly, the relationship between the identification / management and payment service providers, means that the relationship between them has been exchanged between the masking function identification / management and payment service providers. 这对那些必须对两方共同的类似信息和/或函数也是正确的。 This is for those two parties must be common to similar information and / or function is correct.

图7A是通过掩蔽后的鉴定数据结合服务协议的离线验证建立用户鉴定证据的示例性信号交换示意图。 7A is masked by identifying data binding services offline authentication protocol to establish evidence of an exemplary user authentication handshake FIG. 除了普通AKA参数之外,鉴定/付款管理器按照XRES和可选掩蔽随机询问SALT的函数生成掩蔽后的期望响应XRES'。 In addition to normal AKA parameters, identification / payment manager according XRES and optionally after masking random challenge SALT desired masking function generate response XRES '. 例如,掩蔽随机询问可以基于随机询问RAND或者生成为完全独立的随机值。 For example, the masking random challenge may be based on a random challenge RAND or generated as a completely independent random values. 随后,发送掩蔽后的期望响应XRES'和随机询问RAND到服务提供者,可能连同可选的掩蔽随机SALT。 Subsequently, after a desired mask transmission response XRES 'and the random challenge RAND to the service provider, possibly together with optional masking random SALT. 如果使用带Rk的服务协议离线验证,那么就能够连同RAND、AUTN和XRES'一起发布Ik和Ck。 If you use a service agreement with Rk offline authentication, then you can publish Ik and Ck together with RAND, AUTN and XRES '.

下面总结了基本的示例性信号交换:1.RAND、AUTN、XRES'、Ik、Ck、[SALT]2.RAND、AUTN、COST_UNIT3.RES、COST_MAC服务提供者随后用相同掩蔽函数f的一个实例和相同随机输入RAND/SALT生成RES'并检查掩蔽后的响应RES'是否等于掩蔽后的期望响应XRES'。 The following summarizes the basic example signal exchange: 1.RAND, AUTN, XRES ', Ik, Ck, [SALT] 2.RAND, AUTN, COST_UNIT3.RES, COST_MAC service provider followed by an instance of the same masking function and f the same random input RAND / SALT generating RES 'and the mask check response RES' is equal to the desired masking response XRES '. 服务提供者优选地在适当位置(以为后来获取)存储RES、RAND、USER作为鉴定证据信息,连同COST_UNIT、COST_MAC作为服务协议验证信息,如果必要的话还作为用户鉴定和服务协议的证据。 Service provider preferably in place (that was later acquired) storage RES, RAND, USER information as the identification evidence, together with COST_UNIT, COST_MAC service agreement as authentication information, if necessary also as evidence of user authentication and service agreements. 如果受到鉴定/付款管理器或一些其它相关方面询问要求提供给定用户的鉴定证据和接受的服务协议,服务提供者可以把该信息发送给运营商一方。 If being identified / Payment Manager or some other relevant aspects of the inquiry requested to identify evidence given user and service agreements acceptable, the service provider can send the information to the operator side.

4.RES、RAND、USER ID、COST_UNIT、COST_MAC应该注意到可以离线传输由服务提供者提供的多种服务的多批随机的服务协议验证信息而不需要任何重新验证。 4.RES, RAND, USER ID, COST_UNIT, COST_MAC should be noted that a variety of services provided by the offline transmission service provider batches of random verification protocol service information without the need for any re-verification.

优选地,鉴定/付款管理器随后取出与给定用户相关的密钥Ki并根据接收到的RAND和密钥Ki计算期望响应值XRES,并最后比较接收到的RES值和计算出的XRES值,以验证用户是否已经在服务器提供者处被鉴定通过。 Preferably, the identification / payment manager then removed associated with a given user according to the received key Ki and RAND and the key Ki to calculate the expected response value XRES, and finally compares the received RES to the calculated XRES value and value, to verify whether the user has provided at one of the server is identified by. 如果RES值匹配XRES值,就认为证明信息有效。 If the RES value matches XRES value, it is considered proof of valid information. 用相同的方式,鉴定/付款管理器根据从服务提供者接收的认可密钥Rk和RAND、COST_MAC计算期望的服务协议验证信息XMAC。 The same way, the identification / recognition in accordance with the payment manager Rk key and RAND received from the service provider, COST_MAC desired service agreement calculated authentication information XMAC. 鉴定/付款管理器随后比较COST_MAC和XMAC以验证服务协议。 Identification / payment manager then compares COST_MAC and XMAC to verify the service agreement.

另外,服务提供者简单地传输给定用户的RES值和用户ID。 Further, the service provider simply transmit a given user RES value and user ID. 这种情况下,鉴定/付款管理器通常需要为用户存储XRES值(或者允许重新计算相应XRES值的RAND值)以使能够在RES和XRES之间进行比较。 In this case, the identification / payment manager typically requires XRES value stored for the user (or the corresponding value allows recalculation RAND value XRES) to enable comparison between RES and XRES.

如果从鉴定/付款管理器没有显式地发送可选的掩蔽随机询问SALT,服务提供者可以在鉴定的验证之前导出它,优选地根据随机询问RAND。 If not explicitly transmit the SALT optional masking random challenge, it can export the service provider identified in the prior verification, preferably based on the random challenge RAND from the identification / payment manager. 随后由服务提供者通过用户响应RES和可选的、接收到的或导出的掩蔽随机询问SALT作为掩蔽函数f的输入,计算掩蔽后的用户响应RES'。 User response RES and then optionally by the service provider, received or derived as a masking random challenge SALT masking function f of the input, the user is calculated in response to the masking RES '.

如上,掩蔽随机询问SALT是可选的,并且可以从鉴定过程忽略掉。 As above, the masking random challenge SALT is optional, and can be ignored from the qualification process. 这种情况下,没有随机询问SALT分别是用于计算掩蔽后的期望响应XRES'和掩蔽后的用户响应RES'的掩蔽函数f的输入。 Input in this case, are not random challenge SALT masking calculating the desired response XRES 'and the masked user response RES' masking function f. 但是,为了增加安全性,尤其是战胜预计算攻击,优选地包括掩蔽随机询问SALT作为掩蔽函数输入。 However, in order to increase security, especially to defeat precomputation attack, preferably includes a masking random challenge SALT masking function as an input. 因而,掩蔽随机询问SALT可以由鉴定/付款管理器生成为完全的随机值并且随后和掩蔽后的期望响应XRES'和随机询问RAND一起被发送到服务提供者。 Thus, the masking random challenge SALT can be generated by a fully random value identification / payment manager and then the mask and the desired response XRES 'and the random challenge RAND is transmitted to the service provider together. 但是,为了避免运营端和服务器提供者之间的额外信令,也可以从随机询问RAND导出掩蔽随机询问SALT。 However, to avoid additional signaling between the operating side and the server provider, you can also ask to export from the RAND random masking random challenge SALT. 这种情况下,鉴定/付款管理器优选的由随机询问RAND的某一函数h生成掩蔽随机询问SALT。 In this case, the identification / payment manager preferably by a random challenge RAND function h to generate a masked random challenge SALT. 因此,不需要向服务提供者发送特殊的掩蔽随机询问SALT,而可以用相同的函数h从随机询问RAND生成掩蔽随机询问SALT。 Thus, no need to send to the service provider the SALT special masking random challenge, and can use the same function h from the random challenge RAND generated masking random challenge SALT. 可用掩蔽后的随机询问SALT的示例只是简单地复用随机询问RAND作为掩蔽后的随机询问SALT,而h因此被表示为单一函数。 Exemplary random challenge SALT available after multiplexing simply masking random challenge RAND a random SALT inquiry after masking, and h is therefore represented as a single function.

函数h可以是公共函数或与服务提供者和鉴定/付款管理器的法人(例如归属运营商)之间的商业协议相关或一起发布的函数。 Function h can be a commercial agreement between a public function or service provider and manager of corporate identification payment / (such as home operator) or associated with the release of a function.

一方面由鉴定/付款管理器用它来生成掩蔽后的期望响应,别一方面由服务提供者用它计算掩蔽后的用户响应的函数f可以是单向函数和/或散列函数。 Used to identify the one hand by a / Payment Management it to generate a desired response to the mask, the other aspect of the user by the service provider in response to the mask used to compute the function f may be a one-way function and / or a hash function. 优选地,掩蔽函数是加密散列函数,具备使之不能适合找到两个散列到一个公共值的不同输入的单路功能和属性。 Preferably, the masking function is a cryptographic hash function, provided so as not to fit to find two-way hash function and different attributes of a common input value.

掩蔽函数f可以是公共函数,或者鉴定/付款管理器和服务提供者所知道的专用函数。 Masking function f may be a public function, or identification / management and payment service providers know of special functions. 在后一种情况中,专用掩蔽函数可以和鉴定/付款管理器的法人(例如给定的归属运营商)和服务提供者之间的商业协议相关。 In the latter case, the special masking function and can identify corporate / Payment Manager (for example, a given home operator) commercial agreements between service providers and relevant. 如果鉴定/付款管理器的法人,例如归属运营商,和几个不同的服务提供者有这种商业协议,可以由该运营商为每个服务提供者使用一个相应的专用函数,即每个运营商-提供者协议以一个专用掩蔽函数表明。 If the identification / payment manager of a legal person, such as home operator, and several different service providers have this commercial agreement, each service provider can use a special function of the corresponding operators is that each operator business - provider agreement with a show dedicated masking function.

为了能够顺利进行与已有的基础结构有关的迁移,优选地当计算分布的期望响应时,要通知服务提供者是否已经采用了掩蔽函数。 In order to smoothly with existing infrastructure related to the migration, preferably when desired distribution calculation response, to notify the service provider if the masking function have been employed. 因而,优选地用这样的指示扩展用于发布鉴定参数的协议。 Thus, preferably with extended protocol for issuing an indication to identify parameters. 同样,如果存在不同掩蔽函数之间的选择,还可以在协议中包括要使用哪个掩蔽函数的指示。 Similarly, if the selection between different masking function is present, it can also be included in the protocol which use masking function indication.

如果希望在线过程,如图7B所示,就或多或少地直接把鉴定证明信息和服务协议验证信息从服务提供者转发到鉴定/付款管理顺。 If desired line process, as illustrated, directly to the service identification information and the proof protocol authentication information forwarded from the service provider to identify / manage payment cis or less 7B.

下面总结了基本的示例性信号交换:1.RAND、AUTN、XRES'、[SALT]2.RAND、AUTN、COST_UNIT3.RES、COST_MAC服务提供者生成RES'并检查掩蔽后的响应RES'是否等于掩蔽后的期望响应XRES'。 The following summarizes the basic example signal exchange: 1.RAND, AUTN, XRES ', [SALT] 2.RAND, AUTN, COST_UNIT3.RES, COST_MAC service provider generates RES' and the mask check response RES 'is equal to masking after the expected response XRES '. 然后信令继续进行。 Then signaling continued.

4.RES、COST_UNIT、COST_MAC在运营商一方,分别比较RES、COST_MAC和XRES、XMAC。 4.RES, COST_UNIT, COST_MAC in the operator side, respectively, compare RES, COST_MAC and XRES, XMAC. 如果验证成功,就把密钥安全地传输给服务器提供者。 If authentication is successful, put the key is securely transferred to the server provider.

5.Ik、Ck如前所述,对服务协议的在线验证,可以使用专用认可密钥Rk或完整性密钥Ik作为计算COST_MAC和XMAC参数的认可密钥。 5.Ik, Ck as described above, on-line verification service agreement, can be recognized by using a dedicated key or integrity key Ik Rk COST_MAC calculated as parameters and XMAC endorsement key.

对于掩蔽过程上的更多信息,参考我们的共同未决US专利申请序列号10/278,362,2002年10月22号提交,在此引入它。 For more information on the masking process, refer to our co-pending US patent application Ser. No. 10 / 278,362, October 22, 2002 to submit, incorporated it.

示例性基于记帐单的方法下面我们将描述采用基于记帐单的方法的服务协议AKA-集成认可的一些例子。 Exemplary methods based on single billing Let some examples based on the method of accounting service agreement AKA- single integrated recognized description used.

在文献中基于记帐单的付款系统通常是众所周知的,如参见US专利5,739,511. In literature based on the billing system of a single payment it is generally well known, as see US Patent No. 5,739,511.

一种特别的记帐单系统是基于由已知散列函数重复(给定数量的)N次散列BASE_TICKET到START_TICKET中的思想:START_TICKET=HASH(HASH(..HASH(BASE_TICKET))),其中BASE_TICKET通常对应于TICKET_N,而START_TICKET对应于TICKET_0.付费方生成START_TICKET或所用的最终TICKET的原象。 A special billing system is based on a single repetition of a known hash function (a given number) N times the hash BASE_TICKET thought to START_TICKET: START_TICKET = HASH (HASH (.. HASH (BASE_TICKET))), wherein BASE_TICKET generally corresponds to TICKET_N, corresponding to the START_TICKET TICKET_0. START_TICKET charge generated above or used TICKET final original image. 接收付款的一方随后可以检查该原象是否散列到那个记帐单中。 Party receiving payments may then check whether the hash of the original image to the billing list. 因为记帐单是由散列函数或者其它适当的单向函数相互关联的,可以通过重复应用该函数而从任意更多的记帐单获得START_TICKET。 Since the hash function is a single billing or other suitable one-way function interrelated, may be obtained from any START_TICKET more single billing by repeatedly applying the function. 这意味着不需要重复进行复杂耗时的验证过程就能获得对付款事务进度的检查。 This means that no duplicate complex and time-consuming verification process will be able to get checks on the progress of the payment transaction. 必须应用散列函数以获得起始记帐单的次数与服务的用户所消耗的记帐单的数量直接相关。 You must apply a hash function to obtain the number of single accounting start accounting and the number of single-user services consumed directly related.

这种基于记帐单的系统要安全的一个条件是基本记帐单是不可预测的。 This single-based billing system to a safe condition substantially single billing is unpredictable. 因而可以通过级联一些随机实体和其它已知信息元素的散列形成基本记帐单。 It is possible to form a substantially single billing entity by concatenating the random number and other information elements known hash.

依照本发明,可以用这种方式扩展先前描述的认可方案以及它的变型,以使用户能够返回START_TICKET和START_TICKET和COST_UNIT的加密认可MAC(表示为TICKET_MAC)以使能够对若干事件/服务进行认可的付款,而不必和运营商之间有重复协议或者执行新的用户鉴定。 According to the present invention can be used in this way extended acceptance embodiment previously described and its variants, to allow the user to return the encrypted START_TICKET and START_TICKET and COST_UNIT recognized MAC (expressed as TICKET_MAC) to enable several event / service recognition payment, and without having to repeat between operators have agreements or implement new user authentication.

怎样生成START_TICKET有若干变型。 How to generate START_TICKET There are several variants. 主要的特征是服务提供者应该能够验证START_TICKET是真实的,并且是由鉴定通过的用户发出或者是代表鉴定通过的用户而发出的。 The main feature of the service provider should be able to verify START_TICKET is true, and is issued by or on behalf of a user identified by a user identified by the issued.

记帐单生成的一个特定解决方案是用户生成BASE_TICKET并导出START_TICKET。 A specific solution to a single billing is generated by user-generated BASE_TICKET and export START_TICKET. 用户随后使用认可密钥(如Rk)并在START_TICKET和COST_UNIT之上计算认可TICKET_MAC,并且发送START_TICKET和TICKET_MAC给服务提供者。 The user may then use the endorsement key (e.g., Rk) is calculated and recognized on START_TICKET TICKET_MAC and COST_UNIT, and transmits START_TICKET and TICKET_MAC to the service provider. 服务提供者或者为离线过程中可能的后来验证存储验证信息,或者把该消息在线发送给运营商一方验证TICKET_MAC以接受该记帐单。 Service provider or offline during the subsequent verification may store authentication information, or to send the message online to the operator party verification TICKET_MAC to accept the billing list.

图8A是基于记帐单的认可以及可能的离线验证的示例性信号交换示意图。 8A is a single billing and possibly approved offline authentication handshake exemplary schematic based.

下面总结了基本的示范性信号交换:1.RAND、AUTN、Ik、Ck、XRES服务提供者生成相关的服务协议信息,这里通过费用参数COST_UNIT举列说明,并且优选地把这个信息以及必需的AKA参数发送给用户。 The following summarizes the basic exemplary handshake: 1.RAND, AUTN, Ik, Ck, XRES service provider generates the service-related protocol information described herein by column COST_UNIT For cost parameters, and preferably this information and necessary AKA parameter sent to the user.

2.RAND、AUTN、COST_UNIT用户检查AUTN,如果没有问题,就计算RES、密钥Ik、Ck,优选地还有Rk。 2.RAND, AUTN, COST_UNIT the AUTN the user to check, if there is no problem, it computes the RES, key Ik, Ck, preferably also Rk. 用户生成BASE_TICKET并通过重复散列选定的次数而得到START_TICKET。 And user-generated BASE_TICKET START_TICKET obtained by repeating a selected number of hashes. Rk随后被用来在START_TICKET和COST_UNIT之上计算TICKET_MAC,TICKET_MAC=MAC(Rk,START_TICKET||COST_UNIT)。 Rk is then used to calculate TICKET_MAC, TICKET_MAC = MAC (Rk, START_TICKET || COST_UNIT) above START_TICKET and COST_UNIT. 如果希望有明显的随机化,也可以按照MAC(Rk,START_TICKET||COST_UNIT||RAND)计算TICKET_MAC。 If you want a clear randomization, may be calculated according to TICKET_MAC MAC (Rk, START_TICKET || COST_UNIT || RAND). TICKET_MAC和START_TICKET连同RES都被返回给服务提供者。 TICKET_MAC and START_TICKET along with RES are returned to the service provider.

3.RES、START_TICKET、TICKET_MAC服务提供者为以后的服务协议证明保留验证信息,例如用户ID、RAND、COST_UNIT和COST_MAC。 3.RES, START_TICKET, TICKET_MAC service provider agreement for future service reserved proof verification information, such as user ID, RAND, COST_UNIT and COST_MAC.

因为记帐单是由用户使用的,服务提供者可以为每个帐单检查TICKET-i-=HASH(TICKET-i),或者可以通过反复应用散列函数获得START-TICKET。 Because billing is used by a single user, the service provider may check TICKET-i- = HASH (TICKET-i), or may be obtained START-TICKET by repeatedly applying a hash function for each invoice. 如果需要或者请求,服务提供者可以在以后转发验证信息,如COST_UNIT、START_TICKET、LAST_TICKET和TICKET_MAC,给运营商端的鉴定/付款管理器。 If you need or request, the service provider can forward the authentication information in the future, such as COST_UNIT, START_TICKET, LAST_TICKET and TICKET_MAC, to identify the operator terminal / Payment Manager. 这使得鉴定/付款管理器能够验证TICKET_MAC并确定所消耗的记帐单数量以便向用户收取适当的费用。 This allows the identification / authentication TICKET_MAC payment manager can determine the number and billing for the consumption of a single appropriate fee to the user.

图8B是基于记帐单的认可以及离线验证的示例性信号交换示意图。 8B is a single recognition and offline billing verification based on a schematic view of an exemplary handshake. 这个例子涉及在线用户鉴定以及对服务协议基于记帐单的验证。 This example involves online user authentication protocol based authentication and accounting service orders.

下面总结了基本示例性信号交换:1.RAND、AUTN服务提供者生成相关的服务协议信息以传输给用户,如服务费用参数COST_UNIT。 The following summarizes the basic example signal exchange: 1.RAND, AUTN generate relevant service provider service agreement information transmitted to the user, such as the service charge parameter COST_UNIT.

2.RAND、AUTN、COST_UNIT用户检查AUTN,如果没有问题,就计算RES、密钥Ik和Ck,优选地还有Rk。 2.RAND, AUTN, COST_UNIT the AUTN the user to check, if there is no problem, computes the RES, Ck and Ik keys, preferably also Rk. 用户生成BASE_TICKET并得到START_TICKET,然后计算TICKET_MAC。 And user-generated BASE_TICKET obtained START_TICKET, then calculate TICKET_MAC. TICKET_MAC和START_TICKET连同RES都被返回给服务提供者。 TICKET_MAC and START_TICKET along with RES are returned to the service provider.

3.RES、START_TICKET、TICKET_MAC对于在线鉴定和验证,服务提供者转发RES到运营商端。 3.RES, START_TICKET, TICKET_MAC for online identification and authentication, service providers RES forwarded to the operator terminal. 可以同时向RES附加COST_UNIT、START_TICKET和TICKET_MAC。 Additional simultaneously COST_UNIT, START_TICKET and TICKET_MAC to RES.

4.RES、COST_UNIT、START_TICKET、TICKET_MAC鉴定/付款管理器检查RES是否等于期望响应(XRES)以及TICKET_MAC是否等于期望的XMAC。 4.RES, COST_UNIT, START_TICKET, TICKET_MAC identification / Payment Manager checks RES is equal to an expected response (the XRES) equal to the desired and whether TICKET_MAC XMAC. 如果这些条件都满足,就把密钥发给服务提供者。 If these conditions are met, put the keys issued to service providers.

5.Ik、Ck用户随后开始使用记帐单,并且服务提供者检查记帐单。 5.Ik, Ck user can then start using a single accounting and billing service provider check list. 接收到的LAST_TICkET最终被从服务提供者转发给运营商端,以进行验证和付款的后续处理。 LAST_TICkET finally received from the service provider is forwarded to the operator terminal for verification and subsequent payment processing.

图9是基于记帐单的认可的示例性信号交换示意图,其中基础记帐单是由鉴定/付款管理器代表用户准备的。 FIG 9 is recognized based on the billing ticket exchange exemplary signal diagram which is identified based single billing / payment manager on behalf of the user to prepare. 在这个例子中,运营商端生成根据COST_UNIT信息和从服务提供者接收到的(或由运营商代表服务提供者准备的)其它相关信息生成BASE_TICKET,并导出START_TICKET。 In this example, the operator terminal generates (prepared or provided by service providers on behalf of the operator) and according COST_UNIT information received from the service provider to generate additional information BASE_TICKET, and export START_TICKET. 运营商随后用认可密钥(如Rk)把BASE_TICKET加密为ENC_TICKET=ENC(Rk,BASE_TICKET)并将它连同START_TICKET一起发送给服务提供者。 Endorsement key followed by the operator (e.g., Rk) to the encryption BASE_TICKET ENC_TICKET = ENC (Rk, BASE_TICKET) along with START_TICKET sends it to the service provider. 服务提供者随后转发ENC_TICKET,优选地连同RAND和AUTN一起给用户,用户可以通过解密提取BASE_TICKET。 Service provider then forwarded ENC_TICKET, preferably together with the RAND and AUTN to the user, the user can be extracted by decrypting BASE_TICKET. 用户随后能够导出START_TICKET,并且一旦服务提供者访问必要的会话密钥Ik、Ck就开始消耗记帐单。 The user can then export START_TICKET, and once the service provider access to the necessary session key Ik, Ck began to consume a single billing. 因为只有用户能够解密BASE_TICKET并因而生成正确的原象,认可就得到了确保。 Because only the user can decrypt BASE_TICKET and thus generate the correct original image, it has been recognized to ensure.

下面总结了基本的示例性信号交换:1.RAND、AUTN、ENC_TICkET、START_TICKET2.RAND、AUTN、ENC_TICKET用户检查AUTN,如果没有问题,就计算RES、密钥Ik和Ck,优选地还有Rk。 The following summarizes the basic example signal exchange: 1.RAND, AUTN, ENC_TICkET, START_TICKET2.RAND, AUTN, ENC_TICKET the AUTN the user to check, if there is no problem, computes the RES, Ck and Ik keys, preferably also Rk. 用户通过用Rk解密ENC_TICKET而方便地生成BASE_TICkET,并随后得到START_TICkET。 Rk decrypted by using the user conveniently to generate ENC_TICKET BASE_TICkET, and subsequently START_TICkET. 用户返回RES给服务提供者。 RES user returns to the service provider.

3.RES对于在线用户鉴定,服务提供者转发RES给运营商端。 3.RES for online user authentication, service providers RES forwarded to the operator terminal.

4.RES鉴定/付款管理器检查RES是否等于期望响应XRS,并在鉴定成功后发送会话密钥给服务提供者。 4.RES identification / Payment Manager checks RES is equal to the expected response XRS, and the session key is sent after a successful authentication to the service provider.

5.Ik、Ck用户随后启动消耗记帐单,并且服务提供者检查记帐单。 5.Ik, Ck single user then starts consuming accounting and billing service provider check list. 接收到的LAST_TICKET最被从服务提供者转发给运营商进行验证和付款的后续处理。 Received LAST_TICKET most is forwarded from the service provider for verification and subsequent processing payments to operators.

应该理解在整个信令的鉴定阶段不必包括填写记帐单过程,但以后必须执行。 It should be understood without having to fill in billing, including single-stage process in the identification of signaling whole, but must be performed later.

一般合同签署如前所示,服务协议信息可以是一般的电子合同。 As previously signed a general contract, service agreement information may be general electronic contract. 对于一般的电子合同签署,一个允许服务提供者离线验证的特别设计的实施方案涉及通过相同掩蔽函数的本地实例对由服务协议管理器生成期望验证信息和用户签署的验证信息都进行掩蔽。 For general electronic signed contract, allowing a service provider embodiment specifically designed for offline authentication relates to a local instance of the same masking function for generating the desired service agreement manager authentication information and user authentication information signed are masked.

下面用于签署包括多个不同服务协议信息的合同的解决方案在它的基本形式上和上述基于记帐单的付款系统有相似之处,它还利用和用于用户鉴定认可相同的掩蔽机制。 The following solutions for the signing of the contract includes a plurality of different protocol information service in its basic form and the above-mentioned single billing payment system based on similarities, and use it for identification of authorized users of the same masking mechanism.

该解决方案基于用户和通用服务协议管理器有共享密钥的假设。 The solution is based on universal service and user agreement management has assumed that the shared secret. 当稍微更加集中在整个过程的付款部分上时,下面服务协议管理器有时被称作是付款提供者。 When a little more sharply on the payment of the whole process, following the protocol manager service it is sometimes referred to as the payment provider. 如果付款提供者是一个蜂窝GSM/UMTS运营商,就存在这样的共享密钥且并且存储在用户端的(U)SIM中。 If the payment provider is a cellular GSM / UMTS operators, there is such a shared key and stored in the user terminal and the (U) SIM in. 图10中示出了相对一般的设置。 Figure 10 shows the relative general settings.

优选地,服务提供者20或付款提供者30准备将由用户10签署的合同。 Preferably, the service provider 20 or 30 to prepare payment provider contract signed by 10 users. 通常,该合同随后被安全地发布给所有有关各方。 Typically, the contract was subsequently released safely to all interested parties. 运营商端的付款提供者,使用键控散列函数中的共享密钥计算合同的键控散列,表示为合同签名MAC。 Carrier-end payment provider, using a shared key keyed hash function calculation keyed hashing contract, expressed as a contract signature MAC. 键控散列函数可以作为真实的键控散列或后跟键控函数的散列来执行。 Keyed hash function can be performed as a real heel keyed keyed hash or hash function. 适合AKA和(U)SIM情况的特定解决方案是在AKA过程中把合同散列到与普通RAND对应的变量RAND_CONT中,然后把这个RAND_CONT传入AKA过程,并以这种方式生成与普通RES对应的签名MAC。 Specific solution for AKA and (U) SIM is the case in the AKA procedure to contract hash RAND_CONT ordinary variable corresponding to RAND, then the incoming RAND_CONT AKA procedure, and generate a corresponding manner in this ordinary RES the signature MAC. 签名AMC还可在出自AKA过程的密钥之一的帮助下生成。 AMC also generate signatures with the help of one of the key from the AKA process. 这通常假定正确的AUTN变量可用或者序列号检查机制被禁止。 This is usually available AUTN variable assumes the correct serial number or checking mechanism is disabled.

签名MAC随后经过(公共)掩蔽函数(这指前述掩蔽函数f的一般化)。 Signature is then passed through MAC (common) masking function (this refers to the generalized mask function f). 掩蔽函数是加密散列函数,即它在实践中不可能找到该函数的输出的原象。 Masking function is a cryptographic hash function, i.e., it is impossible to find the original image output from the function in practice. 掩蔽后的签名MAC被发送到服务提供者20由他用来验证用户的合同签署。 After masking signature MAC is sent to the service provider 20 signed by him to verify the user's contract.

当用户签署合同时他还采用了共享密钥并通过键控散列函数计算签名MAC。 When users sign the contract he also uses a shared key and MAC is calculated through a keyed hash function signature. 用户发送签名MAC到服务提供者,服务提供者知道公共掩蔽函数并因此检查签名。 MAC users to send signatures to the service provider, the service provider knows the common masking function and therefore check the signature.

为了给用户一个简单的过程检查合同的可靠性,可以在发送合同本身的同时把掩蔽后的签名MAC发给用户。 In order to give the user a simple process to check the reliability of the contract, the contract itself may be sent at the same time of the signature of the masking MAC to users. 合同还可包含完整的付款过程中所用的其它信息,例如公共掩蔽函数中所用的SALT。 The contract may also contain other information complete the payment process used, such as public masking function used in the SALT.

当使用AKA过程时,合同签署思想等于让AKA过程中的RAND成为用户将要签署的合同数据的HASH。 When using the AKA process, contract signing is tantamount to ideological AKA process RAND become HASH user is going to sign the contract data.

图11是当再使用AKA过程时,图10的合同签署实现的示例性信号交换示意图。 FIG 11 is reused when the AKA procedure, the contract signed FIG exemplary signal 10 to achieve a schematic view of exchange.

在接收到来自用户的服务请求时,服务提供者把接收到的用户ID、如果合同CONT是由服务提供者准备的话还要连同它一起,转发给服务协议管理器。 Upon receiving a service request from the user, the service provider to the user ID received if the contract CONT is prepared by the service provider with words but also with its forwarding to the service agreement manager. 服务协议管理器按照合同CONT的函数y生成RAND_CONT。 Service agreement manager generates RAND_CONT y as a function of the contract CONT. 服务协议管理器随后根据Ki和RAND_CONT:XMAC=g(Ki,RAND_CONT)计算期望的签名MAC,表示为XMAC。 The manager then service agreement and Ki RAND_CONT: XMAC = g (Ki, RAND_CONT) calculate the desired signature MAC, denoted as XMAC. 这个签名MAC随后由通用掩蔽函数m掩蔽为掩蔽后的期望签名MAC,表示为XMAC',还可选择用随机掩蔽询问RAND/SALT作为该掩蔽函数的附加输入。 This signature is then masked by a general purpose MAC masking function m is a desired mask after the signature MAC, denoted XMAC ', may randomly select additional query entered by masking RAND / SALT Examples of the masking function.

1.XMAC'、RAND/SALT服务提供者随后转发合同CONT给用户。 1.XMAC ', RAND / SALT service provider contract CONT then forwarded to the user.

2.CONT如果RAND_CONT不是从运营商端转发来的,用户就用函数y的实例生成它,并且根据Ki和RAND_CONT计算用户签名MAC:MAC=g(Ki,RAND_CONT)。 If RAND_CONT 2.CONT not forwarded from the operator side, with which the user generates the instance of the function y, and the signature is calculated MAC User in accordance with Ki and RAND_CONT: MAC = g (Ki, RAND_CONT). 这个MAC被转发给服务提供者。 The MAC is forwarded to the service provider.

3.MAC服务提供随后可用通用掩蔽函数m的实例计算掩蔽后的用户签名MAC,表示为MAC',并最终比较计算出的MAC'和从运营商端接收到的XMAC'以验证合同。 After the user provides the subsequent services 3.MAC general purpose masking function m the example calculation masking signature MAC, denoted as MAC ', and ultimately the MAC compares the calculated' XMAC and receives from the operator & apos to verify the contract. 优选地,服务提供者保留像MAC、RAND_CONT/CONT和USER ID这样的验证信息。 Preferably, the service provider retained as MAC, RAND_CONT / CONT such as USER ID and authentication information. 如果受到服务协议管理器询问或者希望服务协议管理器的在线过程,服务提供者可以把这个验证信息转发给服务协议管理器。 If the service agreement by the manager or want to ask a service agreement manager of the online process, the service provider can forward this information to the service verification protocol manager.

服务协议管理器随后验证MAC是否等于XMAC,相等则意味着基于合同的服务协议得到了最终验证并且用户至少是隐含地通过了鉴定。 Service agreement manager then verify that the MAC is equal XMAC, it means equal contract-based service agreement has been finally verified and the user is identified by at least implicitly.

一般合同签署过程的新特性是它允许由服务提供者通过引入掩蔽后的验证数据进行离线验证。 New features general contract signing process is that it allows the service provider offline validation by verifying data after the introduction of masking. 换句话说,服务提供者(SP)和运营商之间进行的合同准备在时间上可以从用户和服务提供者(SP)之间进行的合同签署/验证分开。 In other words, the contract between the service provider (SP) and operators can be prepared from the contract between the user and the service provider (SP) to sign / verify separated in time. 这个方案的自然应用包括当在一个SP-运营商会话中为不同条件下的相同用户(例如,在不同时间或不同服务级别)或者相似条件下的多个用户(例如,当提供订购意向时)准备多份合同时的情况。 NATURAL when applying this embodiment comprises the same user in a case SP- Chamber for different operating conditions (e.g., at a different time or a different service levels) or a plurality of users under similar conditions (e.g., when the intent to provide ordering) readiness when multiple contracts.

密钥材料的分离在另一方法中,再次返回服务协议的AKA-集成认可,AkA数据可以用作伪-随机函数(PRF)的安全输入以导出一组新的AKA数据和/或认可密钥。 In another key material separation process, returns again AKA- integrated service agreement recognized, data may be used as a pseudo AKA - random function (PRF) to derive safety inputs a new set of data AKA and / or endorsement key.

通过这个例子,不是对AKA过程进行直接扩展以生成附加密钥Rk,而是密钥Ck和Ik可以用作伪随机函数的安全输入,伪随机函数用来获得新的机密性密钥Ck'和完整性密钥Ik'、认可密钥(Rk)以及新的响应(RES')。 By this example, it is not extended directly to the AKA procedure to generate additional keys Rk, Ck and Ik keys but may be used as a security input pseudorandom function, to obtain a new pseudo-random function of the secret key Ck 'and complete of key Ik ', endorsement key (Rk) and a new response (RES'). 使用并发布Ck'和Ik'而不是Ck和Ik。 And publish Ck 'and Ik' rather than Ck and Ik. 采用这种方式就可以不必改变通常实现在智能卡中的AKA方案。 In this way you do not have to change usually implemented in the smart card AKA scheme.

一个主要的好处是当访问服务时,可以分离GSM/UMTS使用的密钥材料和用于用户鉴定和认可的密钥材料。 One major benefit is that when access services, key material can be separated GSM / UMTS used for user authentication and authorization key material. 因而即使用于服务的键控材料丢失或被盗,它也不能被用来访问基础通信服务。 Thus keying material for services even if lost or stolen, it can not be used to access basic communications services.

采用分离步骤的一个变型是用它来生成完整的AKA方案中所用的新的共享密钥。 A separation step using a variant of it is used to generate a new shared key complete AKA scheme used.

如果我们通常用K(i)表示键控材料,那么导出步骤可以表示K(i+1)=PRF(K(i),SALT),其中PRF是伪随机函数。 If we generally represented keying material K (i), then deriving step may represent K (i + 1) = PRF (K (i), SALT), wherein the PRF is a pseudo-random function. SALT应该包括随机信息,并可以包含如对服务和/或服务提供者唯一的信息。 SALT information should include random, and may contain as the sole provider of the service information and / or services. 例如,PRF可以被实现为安全实时传输协议(SRTP)。 For example, PRF may be implemented as a secure real-time transport protocol (SRTP).

尽管K(i)通常是来自基本AKA的输出数据,但应该理解其它数据也可用作PRF函数的参数。 Although K (i) is typically of AKA output data from the base, it should be understood that other data may also be used as a function of parameters of PRF. 另外,输入参数的个数和结果变量根据实际上的特定应用可能会有所变化。 Further, the number of input parameters and the results may vary depending on the variables in fact a particular application.

图12A是基于不同的分离的键控组的服务协议AKA-集成认可以及可能的在线验证的示例性信号交换示意图。 12A is different from the service agreement AKA- separate group key recognized and possible integration of online authentication based on a schematic view of an exemplary handshake.

鉴定/付款管理器根据安全密钥Ki和随机询问RAND生成普通AKA数据。 Identification / payment according to the security manager asking key Ki and random normal AKA RAND generated data. 让K(0)=[Ck,Ik,XRES]]。 Let K (0) = [Ck, Ik, XRES]]. 鉴定/付款管理器计算K(1)=[Ck',Ik',Rk,XRES']=PRF(K(0),RAND/SALT)。 Identification / payment manager calculates K (1) = [Ck ', Ik', Rk, XRES '] = PRF (K (0), RAND / SALT). SALT可以等于RAND与服务提供者ID SP_ID的组合。 SALT RAND in combination may be equal to the service provider's ID SP_ID.

1.RAND、AUTN、Ik'、Ck'、XRES'、[SALT]2.RAND、AUTN、COST_UNIT、[SALT]用户照常检查AUTN。 1.RAND, AUTN, Ik ', Ck', XRES ', [SALT] 2.RAND, AUTN, COST_UNIT, [SALT] User usual checks AUTN. 然后他运行AKA以得到K(0)=Ik,Ck,RES并在K(0)上应用PRF以得到K(1)=Ck',Ik',Rk和RES'。 Then he runs AKA to give K (0) = Ik, Ck, RES and applied on a PRF K (0) to obtain K (1) = Ck ', Ik', Rk and RES '. 用户还用Rk在RAND和COST_UNIT之上生成COST_MAC。 Rk user has generated with COST_MAC on RAND and COST_UNIT.

3.RES'、COST_MAC服务提供者检查RES'是否匹配从运营商端接收到的XRES',并存储验证信息以为以后需要时取回。 3.RES ', COST_MAC service provider checks RES' matches XRES received from the operator's end ', and storing authentication information that later retrieval when needed. 如果受到询问或者自己主动,服务提供者可以转发验证信息给运营商端进行服务协议验证。 If questions are asked or on their own initiative, the service provider can forward authentication information verification service agreement to the operator terminal.

图12B是基于不同的分离的键控组的服务协议AKA-集成认可以及在线验证的示例性信号交换示意图。 12B is a service agreement AKA- separate different groups of key acceptance and integration of online authentication exemplary signal exchange based on a schematic diagram.

1.RAND、AUTN、XRES'、[SALT]2.RAND、AUTN、COST_UNIT、[SALT]用户照常检查AUTN,然后运行AKA以导出K(0)=Ik,Ck,RES并在K(0)上应用PRF以导出K(1)=Ck',Ik',Rk和RES'。 1.RAND, AUTN, XRES ', [SALT] 2.RAND, AUTN, COST_UNIT, [SALT] User usual checks AUTN, and then run the AKA to derive K (0) = Ik, Ck, RES and on K (0) application to derive PRF K (1) = Ck ', Ik', Rk and RES '. 用户还用Rk在RAND和COST_UNIT之上生成COST_MAC。 Rk user has generated with COST_MAC on RAND and COST_UNIT.

3.RES'、COST_MAC服务提供者检查RES'是否匹配从运营商端接收到的XRES',并转发验证信息给运营商侧以进行服务协议验证。 3.RES ', COST_MAC service provider checks RES' matches XRES received from the operator's end ', and forwards the authentication information to the operator side for protocol validation service.

4.COST_UNIT、COST_MAC如果COST_MAC匹配XMAC,就将会话密钥Ik'、Ck'传输到服务提供者以用于服务提供者和用户之间的通信中。 4.COST_UNIT, COST_MAC if COST_MAC match XMAC, will session key Ik ', Ck' to the service provider for communication between the service provider and the user in.

5.Ck'、Ik'当然,上述基于记帐单的解决方案还可以基于从初始AKA参数导出的密钥材料。 5.Ck ', Ik' course, a single billing based on the above-described solutions may also be based on a key derived from the original material parameters AKA.

应该理解用于普通网络接入的密钥材料和用于访问由服务提供者提供的服务的鉴定和密钥材料的分离是本发明的一个一般的独立特征,它并不限于与服务协议认可的任意组合。 It should be appreciated that keying material for separating ordinary and network access services provided by the service provider to access the authentication and key material is used to separate a general feature of the invention, it is not limited recognition and service agreements random combination.

在上述过程中,假定SALT在运营商端以及用户那里都可用。 In the above process, it is assumed SALT available in the operator and end user. 如果SALT等于RAND,这一般是对的,但是如果应该使用像时间戳或独立于RAND值的SALT这样的其它信息,这些值必须得到用户同意或者发送给用户。 If the SALT equal RAND, which is generally true, but should be used if other information such as a timestamp or independent of SALT RAND value, these values ​​must be sent to the user or users agree. 一个尤其重要的情况是,当用户不能从上下文确定真实的SP_ID(服务提供者身份)但又不得不依赖于接收到的信息而且这个SP_ID是用来分离用于不同服务提供者的参数。 A particularly important case is when the user can not be determined from the context SP_ID transactions (service provider identity) but had to rely on information received SP_ID and this parameter is used for different service providers for separation. 这种情况下可以在标准AKA过程中的AUTN参数中传输该信息,或者如上为合同签署所描述的MACed消息中发送,即键控MAC保护敏感参数。 May be transmitted in this case the parameters AUTN standard AKA procedure in the information, or as MACed message is signed contract the described transmission, i.e. MAC key to protect sensitive parameters. 用于键控MAC的密钥应该只有在运营商和用户之间共享,例如Ik或Rk。 MAC key is used to key should only shared between the operator and the user, e.g. Ik or Rk.

这一般对应于从基本AKA过程生成服务相关的AKA参数。 This generally corresponds to a basic AKA parameters associated with the AKA procedure to generate the service.

涉及付款代理的示性性应用图13是涉及身份代理及付款代理并采用身份代理、付款代理和服务提供者之间建立的信用链的分布式实现的示例性示意框图。 Exemplary agents related to payment applications 13 is a schematic block diagram of an exemplary distributed credit link established between the service provider and the payment agency implementation relates to identity agents and paying agents, and the identity of the agent employed.

在将要描述的场景中,我们引入了一个附加参与者,即付款代理40。 In a scene that will be described, we have introduced an additional participant, that paying agent 40. 因而图13的设置包括用户10、服务提供者20、与用户10共享密钥的鉴定管理器30以及付款代理40。 FIG 13 thus provided includes a user 10, service provider 20, and 10 shared user key manager 30 to identify the agent 40, and payment. 付款代理可以和若干运营商/鉴定管理器有关系并调停运营商和服务提供者之间的用户鉴定信息,帮助验证支付并处理付款/收费数据的付款/用户能力。 Paying agent and may be a number of operators / managers have to identify relationships and mediation user authentication information between operators and service providers to help verify the payment and processing of payments / user the ability to pay / charge data. 付款代理可以充当可信第三方的角色,该角色能够验证用户服务协议。 Paying agent may act as a trusted third party, the user can verify the role of service agreement.

付款可以被链接到用户已经和其有付款关系的运营商,或者通过独立方或由付款代理自己链接或执行。 Payment may be linked to the user and it has already paid carrier relationships, or by an independent party or by the paying agent or perform their own links.

我们还引入用户身份代理的概念,通常配置在与鉴定管理器相关的运营商端。 We also introduce the concept of user identities agent, usually configured in the operator terminal associated with the identification manager. 用户可能想要对不同的服务使用不同的身份。 Users may want to use a different identity for different services. 身份代理通常把用于服务访问的用户身份映射到用于运营商的用户身份(即IMSI)。 The identity of the agent usually used for service access as a user mapped to user identity (ie, IMSI) for operators. 身份代理可以在多个步骤发生。 The identity of the agent can occur in multiple steps.

用户的服务ID和用户在运营商处的ID之间的关系必须交给身份代理。 Users of the service relationship between the user ID and operator ID must be handed over at the identity of the agent. 通常运行身份代理的运营商将生成这个配对。 Usually run as a proxy operators will generate this pairing. 出于安全原因,自然要由运营商运行最后的身份代理功能。 For security reasons, the identity of the natural agent to run the last function by the operator.

服务ID可以有若干部分。 ID service can have several parts. 单个部分可以指示要使用的付款代理和身份代理。 Individual parts may indicate the paying agent and the identity of the agent to be used. 一个用户当然可以对给定的运营商身份使用若干付款代理。 Of course, a user can use several payment agent for a given operator identity. 付款代理可以保持当无法从用户服务ID获得该信息时显示哪个运营商与给定用户服务ID相关的记录。 Paying agent which can maintain the operator with a given user ID associated with the service records show that when unable to obtain the information from the user service ID.

下面,将参考图13所示场景描述两个信令方案。 Next, the scenario shown in FIG. 13 described with reference to two signaling scheme. 第一个方案用于后付费订购用户,第二个方案用于预付费服务。 The first program for post-paid subscribers, the second option for prepaid service.

后付费场景图14是图13所示设置中后付费场景中的服务协议认可的示例性信号交换示意图。 FIG 14 is a postpaid scenario shown in FIG 13 is provided in the exemplary signal charge scenario service agreement recognized exchange FIG.

1.包括付款代理ID的用户服务ID,USER_SERVICE_ID,PB_ID2.USER_SERVICE_ID、SP_ID 1. Includes paying agent ID of the user service ID, USER_SERVICE_ID, PB_ID2.USER_SERVICE_ID, SP_ID

付款代理知道该用户服务ID与哪个运营商/身份代理相关。 Payment agent knows the customer service agent ID associated with which operator / identity.

3.USER_SERVICE_ID、SP_ID、PB_ID充当身份代理角色的运营商将USER_SERVICE_ID映射到运营商内部ID(IMSI)并获取相应的AKA参数RAND、AUTN和K(0)=[Ck,Ik,XRES]。 3.USER_SERVICE_ID, SP_ID, PB_ID agent role act as an identity operator will USER_SERVICE_ID mapped to an intra-operator ID (IMSI) and obtain the corresponding AKA parameters RAND, AUTN, and K (0) = [Ck, Ik, XRES]. 运营商导出K(1)=[Ck',Ik',XRES]=PRF(K(0),[RAND,PB_ID]),其中PB_ID是付款代理ID,RAND是可选的。 Operator derived K (1) = [Ck ', Ik', XRES] = PRF (K (0), [RAND, PB_ID]), where payment is PB_ID agent ID, RAND is optional. 通过显式地让K(1)取决于PB_ID,就将键控材料绑定到了特定的付款代理。 By explicitly allow K (1) depends on PB_ID, keying material will be bound to a specific paying agent.

4.RAND、AUTN、Ck'、Ik'、(SP_ID||PB_ID,键控的MAC(Ik,SP_ID||PB_ID))密钥Ck'和Ik'用于付款代理和用户之间的安全通信。 4.RAND, AUTN, Ck ', Ik', (SP_ID || PB_ID, keyed MAC (Ik, SP_ID || PB_ID)) key Ck 'and Ik' for secure communications between users and paying agent. 因而Ik'可以用作如计算COST_MAC时的认可密钥,Ck'可以用来导出如ENC_TICKET。 Thus Ik 'endorsement key can be used when calculating such COST_MAC, Ck' may be used to derive such ENC_TICKET.

付款代理随后导出K(2)=[Ck”,I”k,XRES”]=PRF[K(1),[RAND,SP_ID]]。 Payment agent then derive K (2) = [Ck ", I" k, XRES "] = PRF [K (1), [RAND, SP_ID]].

5.RAND、AUTN、Ck”、Ik”,XRES”,SP_ID||PB_ID,键控的MAC(Ik,SP_ID||PB_ID))6.RAND、AUTN、COST_UNIT、SP_ID||PB_ID,键控的MAC(Ik,SP_ID||PB_ID))用户检查AUTN并用共享密钥Ki、接收到的RAND和伪随机函数计算K(0),K(1)和K(2)。 5.RAND, AUTN, Ck ", Ik", XRES ", SP_ID || PB_ID, keyed MAC (Ik, SP_ID || PB_ID)) 6.RAND, AUTN, COST_UNIT, SP_ID || PB_ID, keyed MAC (Ik, SP_ID || PB_ID)) and the user checks AUTN with the shared key Ki, the received RAND and the pseudo-random function calculating K (0), K (1) and K (2).

7.RES”服务提供者检查RES”并确定用户的鉴定级别。 7.RES "service provider checks RES" identify and determine the level of the user. 服务提供者现在用Ck”和Ik”启动对到用户的安全连接的使用。 Service providers now use Ck "and Ik" launch customer for secure connections to use.

当调用一个用户必须为之付费的服务时,该用户应该发送COST_MAC。 When you call a user has to pay for the service, the user should send COST_MAC.

8.COST_MAC9.COST_UNIT、COST_MAC付款代理验证COST_MAC,并启动付款过程。 8.COST_MAC9.COST_UNIT, COST_MAC paying agent to verify COST_MAC, and start the payment process.

10.OK预付费场景图15是图13所示设置中预付费场景中服务协议认可的示例性信号交换示意图。 10.OK prepaid scene graph 15 is shown in FIG 13 is provided in the scene prepaid exemplary signal exchange service agreement recognized FIG.

这种情况下我们示出了当用户使用预付费账户并得到由付款代理生成的记帐单时的情况。 In this case we show when a user uses a prepaid account and get billing generated by a single paying agent in the case. 这里,忽略了为导出分离的AKA参数所需要的对上下文信息的传输。 Here, ignoring the transmission of the context information to derive separate AKA parameters required.

1.USER_SERVICE_ID、PB_ID2.USER_SERVICE_ID、COST_UNIT、SP_ID付款代理知道USER_SERIVCE_ID与哪个运营商/身份代理相关。 1.USER_SERVICE_ID, PB_ID2.USER_SERVICE_ID, COST_UNIT, SP_ID paying agent knows USER_SERIVCE_ID and which carrier / agent-related identity.

3.USER_SERVICE_ID、COST_UNIT、SP_ID、PB_ID运营商将USER_SERVICE_ID映射到运营商内部ID(IMSI)并获取对应的AKA参数RAND、AUTN并生成K(0)=[Ck,Ik,XRES]。 3.USER_SERVICE_ID, COST_UNIT, SP_ID, PB_ID operators USER_SERVICE_ID mapped into the internal operator ID (IMSI) and obtains a corresponding AKA parameters RAND, AUTN and generates K (0) = [Ck, Ik, XRES]. 运营商导出K(1)=[Ck',Ik',XRES']=PRF(K(0),[RAND,PB_ID]),其中PB_ID是付款代理ID,RAND是可选的。 Operator derived K (1) = [Ck ', Ik', XRES '] = PRF (K (0), [RAND, PB_ID]), where payment is PB_ID agent ID, RAND is optional. 通过显式地让K(1)取决于PB_ID,就将XRES'和密钥材料绑定到了特定付款代理。 By explicitly let K (1) depending PB_ID, will XRES 'and the key material is bound to a particular payment agent.

运营商还检查用户预付费帐户。 Operators also check user prepaid account. 根据所采用的策略,运营商在用户帐户上保留COST_UNITS的号码N#并将N#发给付款代理。 According to the strategy adopted by operators to retain COST_UNITS number N # N # issue and paying agent on the user's account.

4.RAND、AUTN、Ck'、Ik'、N#付款代理生成BASE_TICKET并用Ck'作为加密密钥计算START_TICKET和ENC_TICKET。 4.RAND, AUTN, Ck ', Ik', N # payment gateway and generating BASE_TICKET 'as the encryption key and calculation START_TICKET ENC_TICKET with Ck. 生成START_TICkET以使它对小于COST_UNITS的N#的一些数N'#有效。 So that it generates START_TICkET '# effective COST_UNITS of less than some number N # N.

付款代理接着导出K(2)=[Ck”,Ik”,RES”]=PRF[k(1),[RAND,SP-Id]]5.RAND、AUTN、C”k、I”k、XRES”、ENC_TICKET、START_TICKET6.RAND、AUTN、COST_UNIT、START_TICKET、ENC_TICKET用户检查AUTN并用共享密钥Ki、接收到的RAND和伪随机函数计算K(0)、K(1)和K(2)。 Then paying agents derived K (2) = [Ck ", Ik", RES "] = PRF [k (1), [RAND, SP-Id]] 5.RAND, AUTN, C" k, I "k, XRES ", ENC_TICKET, START_TICKET6.RAND, AUTN, COST_UNIT, START_TICKET, ENC_TICKET user checks AUTN and with the shared key Ki, the received RAND and the pseudo-random function calculating K (0), K (1) and K (2).

7.RES”服务提供者检查RES”并用Ck”和I”k启动对到用户的安全连接的使用。 7.RES "service provider checks RES" and start to use a secure connection for users with Ck "and I" k.

当调用了用户必须为其付费的服务时,用户应该发送TICKET给服务提供者。 When you call the user must pay for their service, the user should be sent to the service provider TICKET. 为此用户解密ENC_TICkET并重复HASH函数以检查他拥有的记帐单的数量并检查START_TICKET是否有效。 Decryption ENC_TICkET this user and repeat HASH function to check the number of single accounting of his own and check START_TICKET is valid.

然后用户发送TICKET,称为TICKET_i。 Then the user sends TICKET, referred TICKET_i.

8.TICKET_i服务提供者检查接收到的记帐单。 8.TICKET_i service provider checks the received single billing. 当会话被关闭时,服务提供者将接收到的最后一个记帐单发给付款代理。 When the session is closed, the service provider will receive a final accounting of the single payment sent to the proxy.

9.LAST_TICKET付款代理检查接收到的记帐单并生成收费记录,收费记录被发给运营商。 9.LAST_TICKET paying agent checks the received single billing and generate billing records, billing records are sent to the operator.

10.CHARGING_RECORD最后,据此调整用户帐户。 10.CHARGING_RECORD Finally, adjust your user account.

重-鉴定服务提供者出于不同原因可能想要有重新鉴定用户的可能。 Heavy - Identification of service providers for different reasons, may want to have to re-authenticate the user may be. 实现此一目标的一种途径是重复生成K(n),即当第n次鉴定发生时,使用键控材料K(n+1)=PRF[K(n),[RAND,SP_ID]]。 One way to achieve this goal is to generate repeated K (n), i.e., when the n-th identification occurs using keying material K (n + 1) = PRF [K (n), [RAND, SP_ID]]. 这意味着服务提供者访问伪随机函数PRF的一个实例PRF,以便能够生成所需鉴定参数和会话密钥。 This means that the service provider access to a pseudorandom function PRF PRF example, to be able to identify the required parameters and generate the session key. 简单地说,服务提供者用伪随机函数生成第n+1阶的新会话密钥和期望响应,并在重-鉴定请求中发送RAND给用户。 Briefly, the service provider generates the n + 1-order session key and a new pseudo-random function with the expected response, and re - transmitted to the user authentication request RAND. 用户随后用随机伪函数生成新的会话密钥和n+1阶用户响应,并返回生成的n+1阶用户响应给服务提供者。 The user then generates a new session key and the n + 1-order pseudo random function in response to the user, and returns the resulting n + 1-order response to the user to the service provider. 服务提供者随后可以验证接收到的响应,并根据新会话密钥开始和用户通信。 The service provider may then verify the received response, and starts a new session key and user communications in accordance with.

优选地,n被发送给用户,用户可以保持一个简单的重放列表以免受重放攻击。 Preferably, n is sent to the user, the user can maintain a list of simple playback to protect against replay attacks.

实现方面上的更多上述步骤、动作和算法可以用软/硬件或其中的任意组合来实现。 More implementing aspects of the above-described steps, acts, and algorithm may be software / hardware, or any combination thereof to achieve. 对于硬件实现,可以使用ASIC(专用集成电路)技术或任意其它传统电路技术。 For a hardware implementation, can be used ASIC (Application Specific Integrated Circuit) technology or any other conventional circuit technology. 尽管出于安全原因首选特殊的防篡改硬件,但受到适当保护的软件实现通常更方便。 Although for security reasons preferred special tamper-resistant hardware, but the software is properly protected is usually more convenient.

图16是依照本发明的优选实施方案示出服务协议管理器的一个实例的示意框图。 FIG 16 is a preferred embodiment in accordance with the embodiment of the present invention, a schematic block diagram illustrating an example of a service agreement manager. 图16的服务协议管理器30主要包括到外部通信链路的通信接口31、数据库32、鉴定和键控单元33、验证单元36、可选记帐单元37以及付款/收费单元38。 FIG Protocol Manager Service 16 30 mainly includes a communication interface 31 to external communication links, a database 32, identification and keying unit 33, verifying unit 36, optionally 37, and payment / billing unit charging unit 38. 数据库32包括像用户ID和相关密钥Ki信息这样的信息。 Database 32 includes information such as user ID information and associated key Ki. 鉴定和键控单元33用于生成相关鉴定和密钥参数,并且可以保存不同实施方案中所用的可选的掩蔽和伪随机函数。 Identification and keying unit 33 for generating a correlation identification and the key parameter, and may be stored optionally masking and pseudorandom functions used in the various embodiments of the. 验证单元36执行相关计算和/或比较,以验证用户是否已经接受了给出的服务协议。 Authentication unit 36 ​​performs correlation calculation and / or comparison to verify whether the user has accepted the given service agreement. 可选的记帐单元37可以代表用户生成相关记帐单并/或完成记帐单验证。 Optional accounting unit 37 may represent a single user to generate the relevant billing and / or completion of a single billing verification. 顾名思义,付款单元38处理付款的传输并确保对正确的帐户正确地执行了收费。 As the name suggests, payment processing unit 38 transfer payments and ensure the correct implementation of the charges for the correct account.

图17是依照本发明的优选实施方案说明服务提供者的一个实例的示意性框图。 FIG 17 is a schematic block diagram of an example of a service provider described in accordance with preferred embodiments of the present invention. 图17的服务提供者20主要包括到外部通信链路的通信接口21、合同准备单元22、可选鉴定单元23、信息转发和/或存储单元25、以及可选的验证单元26。 FIG 17 is a service provider 20 includes a communication interface 21 to external communication links, the contract preparation unit 22, an optional identification unit 23, an information forwarding and / or storage unit 25, and an optional verification unit 26. 在合同准备单元22中,服务提供者通常依照所请求的服务以及服务使用的当前条件准备相关服务协议信息。 Preparing unit 22 in the contract, the service provider typically prepared in accordance with a service agreement information service requested and the current conditions of service usage. 另外,合同准备是由另一方代表服务提供者完成的,但通常这种外部合同准备无论如何都要从服务提供者发起。 In addition, the contract was prepared on behalf of the service provided by the other party to complete, but typically such external contract ready in any case be initiated from the service provider. 对掩蔽后的合同签署和/或用户鉴定,服务提供者可以在验证单元26和/或鉴定单元23中完成对接受的服务协议的验证和/或用户鉴定。 Contracts signed after masking and / or user authentication, service providers can complete the verification of the service agreement acceptance and / or user authentication verification unit 26 and / or identification unit 23. 在离线过程中,服务提供者为了以后想转发验证信息给服务协议管理器30或由服务协议管理器指定的其它方可能想在单元25中存储验证信息。 In the offline process, after the service provider would like to forward the authentication information to the service protocol manager 30 or other party designated by the service agreement manager may want to verify the information in the storage unit 25.

图18是依照本发明的优选实施方案说明用户终端的一个实例的示意性框图。 FIG 18 is a schematic block diagram illustrating an example of a user terminal according to a preferred embodiment of the present invention. 图18的用户终端10主要包括到外部通信链路的通信接口11和防篡改模块12。 FIG user terminal 18 mainly includes a communication interface to external communication link 11 and tamper-resistant module 12. 防篡改模块可能类似于可以移动装置的SIM或USIM卡,包括I/O单元101、AKA算法单元102、安全实现(封装)的共享密钥Ki 103、用于像MAC/解密等目的的加密处理单元104,以及用于基于记帐单的认可的可选记帐单元105。 It may be similar to the tamper-resistant module SIM or USIM card of the mobile device, including I / O unit 101, AKA algorithm unit 102, a shared key security implementation (package) Ki 103, the image processing for encryption purposes MAC / decryption, etc. unit 104, and an optional recognition accounting unit 105 based on the billing ticket. 甚至可以通过作为(U)SIM的(U)SIM应用工具包环境中的软件实现像加密处理这样的功能,在AKA单元和应用工具包环境之间有适当的接口。 Even by a (U) SIM of the (U) SIM Application Toolkit software environment such as a cryptographic processing function, an appropriate interface between the unit and the AKA application toolkit environment.

仅作为示例给出了上述实施方案,应该理解本发明不止于此。 The above-described embodiment given only by way of example, it should be understood that the present invention is more than that. 保持这里所公开和提出权利要求的基本的基础原理的更多更改、变化和改进都在本发明的范围和精神内。 Maintain the basic underlying principles disclosed herein and the claims made more changes, variations and modifications are within the scope and spirit of the invention.

Claims (46)

1.用于通信系统中用户和服务提供者之间的服务协议认可的一种方法,所述方法包括以下步骤:-在用户终端和服务协议管理器之间安全地共享密钥,所述服务提供者和所述服务协议管理器有信用关系;-准备服务协议信息;-根据所述共享密钥对所述服务协议信息进行加密处理以生成用户签署的服务协议验证信息;-转发所述用户签署的验证信息给所述服务提供者,以使能够根据所述服务提供者和所述服务协议管理器之间的信用关系验证服务协议。 1. A method for a communication system service agreement between the user and the service provider recognized, said method comprising the steps of: - secure key shared between the user terminal and the service manager protocol, the service the service provider and protocol manager has credit relationships; - preparation services protocol information; - encrypting the user to generate a service agreement signed authentication information to the service protocol information according to the shared key; - forwarding the user signed authentication information to the service provider, to enable service agreement according to the credit relationship between the service provider and the service manager protocol verification.
2.依照权利要求1的方法,其中所处对服务协议信息进行加密处理的步骤被安全实现在所述用户终端中,以生成所述用户签署的验证信息。 Step 2. The method according to claim 1, wherein the protocol information for which the service is encrypted security implemented in the user terminal, the user authentication information to generate signed.
3.依照权利要求1或2的方法,其中所述对服务协议信息进行加密处理的步骤是根据从所述共享密钥局部导出的认可密钥执行的。 Step 3. The method according to claim 1 or claim 2, wherein said service information protocol encryption process is performed according to a local shared key derived from the key is recognized.
4.依照权利要求2的方法,还包括下列步骤:-在所述服务协议管理器至少部分根据所述服务协议信息和所述共享密钥生成期望的验证信息;-在所述服务协议管理器验证所述用户签署的验证信息是否对应于所述期望的验证信息。 The method according to claim 2, further comprising the steps of: - the service agreement in the authentication information management section generates at least a desired protocol according to the service information and the shared key; - the service protocol manager authenticating the user if the signed authentication information corresponding to the desired authentication information.
5.依照权利要求2的方法,其中所述用户签署的验证信息是响应自所述服务协议管理器启动的随机询问和所述服务协议信息而在所述用户终端中生成的。 The method according to claim 2, wherein the user authentication information is signed response from the service manager to start the protocol and the random challenge is generated in a service contract information of the user terminal.
6.依照权利要求2的方法,其中所述用户签署的验证信息是根据用户端初始化的记帐单和所述服务协议信息而在所述用户端中生成的。 6. The method according to claim 2, wherein the user authentication information is signed by the client according to the initialization and the single accounting service protocol information generated in the user ends.
7.依照权利要求1的方法,其中所述准备服务协议信息的步骤是由所述服务提供者初始化的。 7. A method according to claim 1, wherein the step of preparing said protocol information service by the service provider is initialized.
8.依照权利要求1的方法,其中所述对服务协议信息进行加密处理的步骤包括下列步骤:-所述服务协议管理器根据所述共享密钥对所述服务协议信息进行加密处理,以生成所述服务协议信息的加密表示,所述加密表示被转发给所述用户;和-所述用户终端根据所述共享密钥对所述加密表示进行加密处理,以生成所述用户签署的验证信息。 8. A method according to claim 1, wherein said step of encrypting service information protocol comprising the steps: - the service manager protocol to encrypt the service agreement according to the shared key information, to generate encrypting said service information indicates agreement, the encrypted representation is forwarded to the user; and - the terminal user authentication information according to the shared key encrypted the encrypted representation process to generate the user-signed .
9.依照权利要求8的方法,其中所述服务协议管理器完成加密处理的步骤包括以下步骤:-根据所述服务协议信息生成记帐单;和-根据从所述共享密钥局部导出的认可密钥加密所述记帐单;并且所述用户终端进行加密处理的步骤包括,根据从所述共享密钥局部导出的所述认可密钥对所述加密的记帐单解密的步骤。 9. The method according to claim 8, wherein the service protocol manager complete the encryption process comprising the steps of: - generating billing information based on the single service agreement; and - partially derived from the shared key recognition according to encrypting said single billing; and the user terminal comprises the step of encrypting step of encrypting said key decrypting single billing based on the local recognition derived from the shared key.
10.依照权利要求的方法,其中所述服务协议信息是一般的电子合同,并且所述方法还包括下列步骤:-所述服务协议管理器根据所述共享密钥和所述电子合同生成期望的服务协议验证信息;-所述服务协议管理器通过一个掩蔽函数掩蔽所述期望的验证信息;-所述服务协议管理器转发所述掩蔽后的期望验证信息给所述服务提供者;-所述服务提供者通过相同掩蔽函数的一个实例掩蔽所述用户签署的验证信息,以生成掩蔽后的用户签署的验证信息;-所述服务提供者验证所述掩蔽后的用户签署的验证信息是否对应于从所述服务协议管理器获得的所述掩蔽后的期望验证信息。 10. The method according to claim, wherein said protocol information service is a general electronic contract, and the method further comprises the steps of: - said manager generates a desired service agreement according to the shared key and the electronic contract verification information service agreement; - the service protocol manager via a masking function of masking the desired verification information; - the service protocol manager forwards the authentication information to mask the desired service provider; - the one example of the service provider by the same masking function of masking the user-signed authentication information, user authentication information to the generated mask signed; - the service provider to verify the user authentication information of the mask corresponding to the signing after the desired obtained from the service manager protocol mask verification information.
11.依照权利要求10的方法,其中所述服务协议管理器生成期望的服务协议验证信息的步骤包括,应用合同的一个散列作为基于普通询问-响应的鉴定和密钥协定过程中的随机询问的步骤。 11. The method according to claim 10, wherein said step of generating a desired service manager protocol service protocol authentication information includes a hash of the application as a query based on common contract - in response to the random challenge and a key identification process agreements A step of.
12.依照权利要求10的方法,其中所述掩蔽函数是加密散列函数。 12. The method according to claim 10, wherein said masking function is a cryptographic hash function.
13.依照权利要求1的方法,其中所述认可方法被和用于网络接入的基于询问-响应的鉴定和密钥协定(AKA)过程集成在一起,所述共享密钥与用于AKA的密钥相同。 13. The method according to claim 1, wherein the method is approved for network access based on a challenge - Identification integrated response and key agreement (AKA) procedure, and the shared key for the AKA the same key.
14.依照权利要求13的方法,其中用于服务协议认可的键控材料与用于所述基于询问-响应的AKA过程的键控材料隔离。 14. The method according to claim 13, wherein a service agreement approved for the keying material based on a challenge - response isolation keying material AKA procedure.
15.依照权利要求14的方法,其中所述用于认可的键控材料是根据作为所述伪随机函数的输入的AKA的键控材料通过所述伪随机函数生成。 15. The method according to claim 14, wherein the means for keying material is approved by the pseudo-random function generated according to the AKA keying material as a function of the pseudorandom input.
16.依照权利要求14的方法,其中所述用于认可的键控材料被绑定到和鉴定管理器合作的一个具体的付款代理,所述鉴定管理器和所述用户终端共享所述密钥。 16. The method according to claim 14, wherein said means for keyed recognition of a specific material is bound to the paying agents and managers identify cooperation, the authentication manager and the user terminals to share the key .
17.依照权利要求14的方法,其中所述用于认可的键控材料被绑定到所述服务提供者,以便将所述键控材料同另一服务提供者的相应键控材料隔开。 17. The method according to claim 14, wherein the keying material is approved for binding to the service provider, to the corresponding keying material spaced keying material with another service provider.
18.依照权利要求1的方法,其中所述服务协议信息包括服务收费信息和,并且所述服务协议管理器是代表用户处理所述服务的付款的付款提供者。 18. The method according to claim 1, wherein the protocol information comprises a service charging information and service, and the service manager protocol processing payments on behalf of the user of the service provider's payment.
19.依照权利要求1的方法,其中所述服务协议管理器包括用户身份代理和安排在所述服务提供者和所述身份代理之间的付款代理,在服务提供者、付款代理和身份代理之间建立起了一个信用链,所述身份代理与所述用户终端共享所述密钥。 19. The method according to claim 1, wherein the protocol manager comprises a service user agent and arrange payment agent between the service provider and the identity of the agent, the agent of a service provider, payment and identity agents It established a chain of credit between the agent and the identity of the user terminals to share the key.
20.依照权利要求19的方法,还包括所述付款代理根据从所述身份代理获得、根据所述共享密钥导出的认可密钥验证用户签署的验证信息的步骤。 20. The method according to claim 19, further comprising a paying agent obtained according to the identity of the agent from the step of signed authentication information according to authorized user verification key derived from the shared key.
21.用于通信系统中用户和服务提供者之间的服务协议认可的一种系统,所述系统包括:-在用户终端和服务协议管理器之间共享密钥的装置,所述服务提供者和所述服务协议管理器之间有信用关系;-准备服务协议信息的装置;-根据所述共享密对所述服务协议信息进行加密处理,以生成用户签署的服务协议验证信息的装置;和-转发所述用户签署的验证信息到所述服务提供者,以使能够根据所述服务提供者和所述服务协议管理器之间的信用关系对服务协议进行验证的装置;22.依照权利要求21的系统,其中对所述服务协议信息进行加密处理的所述装置被安全实现在所述用户终端中。 21. A system for a communication system service agreement between the user and the service provider authorized, the system comprising: - a device key shared between the user terminal and the service manager protocol, the service provider and has a service agreement between the credit manager relationship; - service protocol information preparing means; - encrypting said service information based on the shared secret protocol, means to generate a user service agreement signed authentication information; and - forwarding the signed user authentication information to the service provider, to enable the device authentication protocol service according to the credit relation between the service provider and the service manager protocol; in accordance with claim 22. the device of system 21, wherein the service information protocol security encryption processing is implemented in the user terminal.
23.依照权利要求21或22的系统,其中对所述服务协议信息进行加密处理的所述装置根据从所述共享密钥局部导出的认可密钥操作。 The device of system 21 or 22 according to claim 23, wherein the encrypted service information protocol processing partial key derived from the shared key operations recognized.
24.依照权利要求22的系统,还包括:-在所述服务协议管理器,至少部分根据所述服务协议信息和所述共享密钥生成期望的验证信息的装置;和-在所述服务协议管理器,验证所述用户签署的验证信息是否对应于所述期望的验证信息的装置。 24. A system according to claim 22, further comprising: - in the service protocol manager, the device authentication information at least in part to generate a desired protocol according to the service information and the shared key; and - in the service agreement manager, the user authentication information to verify whether a signature verification information corresponding to said desired.
25.依照权利要求22的系统,其中所述用户签署的验证信息是响应从服务协议管理器启动的随机询问以及所述服务协议信息而在所述用户终端中生成的。 25. A system according to claim 22, wherein the user authentication information is signed response from the service start random challenge protocol manager and the service contract information generated in the user terminal.
26.依照权利要求22的系统,其中所述用户签署的验证信息是根据用户端初始化的记帐单和所述服务协议信息在所述用户终端中生成的。 26. A system according to claim 22, wherein the user authentication information is signed in accordance with the service order and billing information of the user-side initialization protocol generated in the user terminal.
27.依照权利要求21的系统,其中所述服务协议信息是由所述服务提供者准备的。 27. A system according to claim 21, wherein said protocol information service by the service provider is prepared.
28.依照权利要求21的系统,其中对所述服务协议信息进行加密处理的所述装置包括:-在所述服务协议管理器,根据所述共享密钥对所述服务协议信息进行加密处理,以生成所述服务协议信息的加密表示的装置,所述加密表示被转发给所述用户;和-在所述用户终端,根据所述共享密钥对所述加密表示进行加密处理,以生成所述用户签署的验证信息的装置。 The apparatus according to claim 28. The system of claim 21, wherein the service protocol information encrypting comprises: - in the service protocol manager, to encrypt the service agreement according to the shared key information, represents protocol information encryption means to generate the service, the encrypted representation is forwarded to the user; and - at the user terminal, according to the shared key encrypted representation of the encryption process to generate device authentication information for a user of said signed.
29.依照权利要求28的系统,其中在所述服务协议管理器进行加密处理的所述装置包括:-根据所述服务协议信息生成记帐单的装置;和-根据从所述共享密钥局部导出的认可密钥加密所述记帐单的装置;并且在用户终端中进行加密处理的所述装置包括,根据从所述共享密钥局部导出的所述认可密钥对所述加密的记帐单解密的装置。 The apparatus according to claim 29. The system of claim 28, wherein said service is encrypted in the protocol manager comprises: - a single billing information generating means in accordance with the service agreement; and - according to the shared key from the local encrypting said accounting means approved single derived; and performs the encryption processing means in a user terminal comprising, according to the recognized partial key derived from the shared key in the encrypted billing single decryption means.
30.依照权利要求21的系统,基中所述服务协议信息是一般电子合同,并且所述系统还包括:-在所述服务协议管理器根据所述共享密钥和所述电子合同生成期望的服务协议验证信息的装置;-在所述服务协议管理器由掩蔽函数掩蔽所述期望的验证信息的装置;-在所述服务协议管理器转发所述掩蔽后的期望的验证信息给所述服务提供者的装置;-在所述服务提供者由相同掩蔽函数的实例掩蔽所述用户签署的验证信息以生成掩蔽后的用户签署的验证信息的装置;-在所述服务提供者验证所述掩蔽后的用户签署的验证信息是否对应于从所述服务协议管理器获得的掩蔽后的期望的验证信息的装置。 30. A system according to claim 21, the service group is a general protocol electronic contract information, and the system further comprises: - generating a desired according to the shared key and the electronic contract in the service agreement manager service agreement authentication apparatus information; - information from the verification means masking the masking function desired in the service protocol manager; - forwarding a desired mask after the service agreement in the authentication information manager to the service providing apparatus's; - means of verification information in the service provider by signing masking examples same masking function of the user authentication information to the user the generated masking signed; - the service provider to verify the masking whether the user signed authentication information corresponding to a desired post-masking obtained from the service manager protocol apparatus authentication information.
31.依照权利要求30的系统,其中生成期望的服务协议验证信息的所述装置包括,应用合同的加密散列作为基于普通询问-响应的鉴定和密钥协定过程中的随机询问的装置。 31. The system according to claim 30, wherein the generating of the desired service protocol authentication information includes means, based on common cryptographic applications asking a hash contract - means random challenge and response authentication process of the key agreement.
32.依照权利要求30的系统,其中掩蔽函数是加密散列函数。 32. The system according to claim 30, wherein the masking function is a cryptographic hash function.
33.依照权利要求21系统,其中所述认可系统被和用于网络访问的基于询问-响应的鉴定和密钥协定(AKA)过程的系统集成在一起,所述共享密钥与用于AKA的共享密钥相同。 33. The system according to claim 21, wherein said system is authorized for network access based on a challenge - Integrated System Identification and Key Agreement (AKA) procedure with the response, and the shared key for the AKA sharing the same key.
34.依照权利要求33的系统,还包括将用于服务协议认可的键控材料同用于所述基于询问-响应的AkA的键控材料隔离的装置。 34. A system according to claim 33, further comprising a query-based service agreement with a material approved for keying - means keying material of the isolation of AkA response.
35.依照权利要求34的系统,其中所述用于认可的键控材料是根据用于AKA的键控材料作为所述伪随机函数的输入通过所述伪随机函数而生成的。 35. A system according to claim 34, wherein the keying material is used in accordance with recognized AKA keying material used as the input of the pseudo-random function generated by a pseudorandom function.
36.依照权利要求34的系统,其中所述用于认可的键控材料被绑定到与鉴定管理器合作的一个具体付款代理,所述鉴定管理器和所述用户终端共享所述密钥。 36. A system according to claim 34, wherein the means for keyed recognition of a specific material is bound to a payment gateway and identification manager, the authentication manager and the user terminals to share the key.
37.依照权利要求34的系统,其中所述用于认可的键控材料被绑定到所述服务提供者,以便将所述键控材料与用于别的服务提供者的相应键控材料隔离。 37. A system according to claim 34, wherein the keying material is approved for binding to the service provider, keying material corresponding to the keying material is used to isolate other service provider .
38.依照权利要求21的系统,其中所述服务协议信息包括服务收费信息,并且所述服务协议管理器是用于代表用户处理所述服务的付款的付款提供者。 38. A system according to claim 21, wherein said service information comprises protocol service charging information, and the service manager protocol for processing payments on behalf of the user who provides the service payment.
39.依照权利要求21的系统,其中所述服务协议管理器包括用户身份代理和安排在所述服务提供者和所述身份代理之间的付款代理,并在服务提供者、付款代理和身份代理之间建立了一个信用链,所述身份代理与所述用户共享所述密钥。 39. A system according to claim 21, wherein the protocol manager comprises a service user agent and arrange payment agent between the service provider and the identity of the agent, the agent and the service provider, payment and identity agents between the establishment of a credit chain, the identity of the agent and the users to share the key.
40.依照权利要求39的系统,还包括在所述付款代理根据从所述身份代理获得的根据所述共享密钥导出的认可密钥验证所述用户签署的验证信息的装置。 40. A system according to claim 39, further comprising means to verify the information in the payment agent according to the shared key derived based agent obtained from the identity of the authorized user signature verification key.
41.一种用户终端包括:-安全地保存与外部服务协议管理器共享的密钥的装置,所述服务协议管理器与服务提供者之间有信用关系;-接收代表用户和所述服务提供者之间的服务协议的信息的装置;-根据所述共享密钥对所述服务协议表示信息安全地进行加密处理,以生成用户签署的服务协议验证信息的装置;-转发所述用户签署的验证信息到所述服务提供者,以能够根据所述服务提供者和所述服务协议管理器之间的信用关系对服务协议进行验证的装置。 41. A user terminal comprising: - a device key shared with the external protocol manager services safely stored, there is a relationship between the credit manager service agreement with a service provider; - receiving behalf of the user and the service provider apparatus information service agreements between providers; - denotes the shared key according to the service protocol encrypted information securely, to generate a service agreement signed by the user device information validation; - forwarding the user's signing authentication information to the service provider to enable the service device authentication protocol according to the credit relation between the service provider and the service manager protocol.
42.帮助管理通信系统中用户和服务提供者之间的服务协议的一种服务协议管理器,所述服务协议管理器包括:-安全保存与用户终端共享的密钥的装置,所述服务协议管理器与所述服务提供者有信用关系;-接收由用户终端根据所述服务协议的信息表示和所述共享密钥生成的用户签署的服务协议验证信息的装置;-根据所述共享密钥验证用户签署的验证信息,并因此而确认用户对服务协议的接受的装置。 A service protocol manager 42. A service agreement between the user to help manage a communication system service provider and the service manager protocol comprises: - a safe storage key shared with the user terminal device, the service agreements manager and the service provider has a credit relationship; - the information received by the user terminal to the service protocol and the user indicates the service agreement signed by the shared key generation information verification apparatus; - according to the shared key user authentication information verification signed, and thus confirm the device user to accept the service agreement.
43.通信系统中依照用户和服务提供者之间给定的服务协议向用户提供服务的一种服务提供者,所述服务提供者包括:-与服务协议管理器建立信用装置的装置,所述服务协议管理器与用户终端共享密钥;-从所述用户终端接收至少部分根据所述服务协议的信息表示和所述共享密钥生成的用户签署的验证信息的装置;-通过掩蔽函数生成掩蔽后的用户签署的验证信息的装置;-从所述服务协议管理器接收由相同掩蔽函数的一个实例掩蔽后的期望的验证信息的装置,所述期望的验证信息是至少部分根据所述服务协议信息和所述共享密钥生成的;-验证掩蔽后的用户签署的验证信息是否与所述掩蔽后的期望的验证信息对应,以确认用户对服务协议的接受的装置。 A service provider provides service to a user 43. The communication between the user and the system in accordance with a given service provider service agreement, the service provider comprising: - means for establishing credit device manager and service agreements, the service protocol manager with a user terminal shared key; - means at least a portion of the verification information according to the service information and user protocol represents the shared key generated signature received from the user terminal; - creating a mask function by masking device authentication information of the user to sign; - by the same masking function received from the service manager protocol one example of a desired mask after the apparatus authentication information, the verification information is desirable at least in part on the service agreement information and the shared key generation; - whether the user is verified, the verification information sign mask after the mask corresponding to the desired verification information to confirm that the device user accepts the service agreement.
44.用于改进的基于询问-响应的鉴定和密钥协定(AKA)的一种方法涉及用户、服务提供者以及和所述服务提供者有信用关系的网络运营商,所述网络运营商与所述用户共享密钥以相互生成AkA参数,其中改进是通过将由网络运营商管理的用于访问网络的第一组AKA参数与用于访问由服务提供者提供的服务的第二组AKA参数分开而实现的,而将这两组AKA参数分开是通过将所述第一组AKA参数的部分表示用作所述第二组AKA参数的输入的预定函数。 44. A modified based on a challenge - a method of identifying and responding key agreement (AKA) involves users, service providers and the service provider and the network operator with a credit relationship with the network operator the user shared key to generate another AkA parameters, wherein the improvement is the first set of AKA parameters for accessing the network from the second set of parameters for AKA access service provided by a service provider through a network managed by an operator by achieved, and the two sets of separated AKA parameter is a predetermined function of the input of the second set of AKA parameters used by the portion of the first set of AKA parameters.
45.依照权利要求44的方法,其中所述第一组AKA参数和所述第二组AKA参数是在网络运营商端以及用户端根据所述共享密钥和在网络运营商端启动的询问而生成的,所述第二组AkA参数被从所述网络运营商安全地传输到所述服务提供者。 45. The method according to claim 44, wherein said first set of parameters and the second set of AKA AKA parameters in the network operator and the end user terminal according to the shared key and a network operator-initiated interrogation generated by the second set AkA parameters are transmitted from the network operator safely to the service provider.
46.依照权利要求45的方法,其中所述服务提供者还通过将所述第二组AkA参数的至少一部分用作输入的所述预定函数为重-鉴定目的而生成另一组AKA参数。 46. ​​The method according to claim 45, wherein the service provider through the predetermined function of at least a portion of the second set as an input parameter of a weight AkA - generating another set of object identification AKA parameters.
47.依照权利要求44的方法,其中所述预定函数是一个伪随机函数。 47. The method according to claim 44, wherein said predetermined function is a pseudorandom function.
CN 03813707 2002-06-12 2003-06-04 Non-repudiation of service agreements CN1659820A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US38850302P true 2002-06-12 2002-06-12
US10/278,362 US7194765B2 (en) 2002-06-12 2002-10-22 Challenge-response user authentication
US45529103P true 2003-03-17 2003-03-17

Publications (1)

Publication Number Publication Date
CN1659820A true CN1659820A (en) 2005-08-24

Family

ID=29740732

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 03813707 CN1659820A (en) 2002-06-12 2003-06-04 Non-repudiation of service agreements

Country Status (6)

Country Link
JP (1) JP4213664B2 (en)
CN (1) CN1659820A (en)
AU (1) AU2003238996A1 (en)
DE (1) DE10392788T5 (en)
GB (1) GB2403880B (en)
WO (1) WO2003107584A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018187937A1 (en) * 2017-04-11 2018-10-18 Huawei Technologies Co., Ltd. Network authentication method, device, and system

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
BRPI0519861A2 (en) * 2005-01-28 2009-03-24 Ericsson Telefon Ab L M methods for authenticating a client, and for operating authentication server within a communications system, authentication server, method for operating a client coupled to a communication network, client terminal, and method for authenticating user equipment
US7877787B2 (en) 2005-02-14 2011-01-25 Nokia Corporation Method and apparatus for optimal transfer of data in a wireless communications system
KR100755394B1 (en) * 2006-03-07 2007-09-04 한국전자통신연구원 Method for fast re-authentication in umts for umts-wlan handover
US9106409B2 (en) 2006-03-28 2015-08-11 Telefonaktiebolaget L M Ericsson (Publ) Method and apparatus for handling keys used for encryption and integrity
WO2007111557A1 (en) * 2006-03-28 2007-10-04 Telefonaktiebolaget Lm Ericsson (Publ) A method and apparatus for handling keys used for encryption and integrity
EP2168085A2 (en) * 2007-06-20 2010-03-31 Mchek India Payment Systems PVT. LTD. A method and system for secure authentication
CN101436930A (en) 2007-11-16 2009-05-20 华为技术有限公司 Method, system and equipment for distributing cipher key
CN100495964C (en) 2007-12-03 2009-06-03 西安西电捷通无线网络通信有限公司 A light access authentication method
WO2010128348A1 (en) * 2009-05-08 2010-11-11 Telefonaktiebolaget L M Ericsson (Publ) System and method of using a gaa/gba architecture as digital signature enabler
US9385862B2 (en) 2010-06-16 2016-07-05 Qualcomm Incorporated Method and apparatus for binding subscriber authentication and device authentication in communication systems
FR3003979B1 (en) * 2013-03-28 2015-04-24 Idcapt Authentication method
KR101400736B1 (en) 2013-10-16 2014-05-29 (주)씽크에이티 Telephone certification system and method for providing non-repudiation function conjoined with trusted third party
JP6450021B2 (en) * 2015-03-31 2019-01-09 エスゼット ディージェイアイ テクノロジー カンパニー リミテッドSz Dji Technology Co.,Ltd System, method and computer readable medium for UAV mutual authentication

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE69533328T2 (en) * 1994-08-30 2005-02-10 Kokusai Denshin Denwa Co., Ltd. The authentication system
US6199052B1 (en) * 1998-03-06 2001-03-06 Deloitte & Touche Usa Llp Secure electronic transactions using a trusted intermediary with archive and verification request services
CA2386502A1 (en) * 1999-10-01 2001-04-26 Ecomxml Inc. A method for non-repudiation using a trusted third party

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018187937A1 (en) * 2017-04-11 2018-10-18 Huawei Technologies Co., Ltd. Network authentication method, device, and system

Also Published As

Publication number Publication date
JP4213664B2 (en) 2009-01-21
AU2003238996A1 (en) 2003-12-31
JP2005529569A (en) 2005-09-29
WO2003107584A1 (en) 2003-12-24
GB0424869D0 (en) 2004-12-15
DE10392788T5 (en) 2005-05-25
GB2403880B (en) 2005-11-09
GB2403880A (en) 2005-01-12

Similar Documents

Publication Publication Date Title
CA2403521C (en) Authentication in a packet data network
US7861288B2 (en) User authentication system for providing online services based on the transmission address
EP1719316B1 (en) Means and method for single sign-on access to a service network through an access network
US7243366B2 (en) Key management protocol and authentication system for secure internet protocol rights management architecture
CA2446304C (en) Use and generation of a session key in a secure socket layer connection
EP1595420B1 (en) Method for creating and distributing cryptographic keys in a mobile radio system, and corresponding mobile radio system
US6075860A (en) Apparatus and method for authentication and encryption of a remote terminal over a wireless link
CA2700317C (en) Virtual subscriber identity module
US7984291B2 (en) Method for distributing certificates in a communication system
US8793779B2 (en) Single sign-on process
FI115098B (en) Authentication data communications
KR100975685B1 (en) Secure bootstrapping for wireless communications
CN101690287B (en) Method and system for mobile device credentialing
US7933591B2 (en) Security in a mobile communications system
US8352739B2 (en) Two-factor authenticated key exchange method and authentication method using the same, and recording medium storing program including the same
US8144874B2 (en) Method for obtaining key for use in secure communications over a network and apparatus for providing same
US6223291B1 (en) Secure wireless electronic-commerce system with digital product certificates and digital license certificates
Nakhjiri et al. AAA and network security for mobile access: radius, diameter, EAP, PKI and IP mobility
EP1259943B1 (en) System and method of secure payment and delivery of goods and services
CA2475216C (en) Method and system for providing third party authentification of authorization
KR101009330B1 (en) Method, system and authentication centre for authenticating in end-to-end communications based on a mobile network
KR100652125B1 (en) Mutual authentication method for managing and authenticating between service provider, terminal and user identify module at one time and terminal, and the system thereof
US7568223B2 (en) Internet protocol telephony security architecture
US8887246B2 (en) Privacy preserving authorisation in pervasive environments
US20140304768A1 (en) Security and privacy enhancements for security devices

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C02 Deemed withdrawal of patent application after publication (patent law 2001)