CN1819698A - Method for acquring authentication cryptographic key context from object base station - Google Patents
Method for acquring authentication cryptographic key context from object base station Download PDFInfo
- Publication number
- CN1819698A CN1819698A CN 200510092907 CN200510092907A CN1819698A CN 1819698 A CN1819698 A CN 1819698A CN 200510092907 CN200510092907 CN 200510092907 CN 200510092907 A CN200510092907 A CN 200510092907A CN 1819698 A CN1819698 A CN 1819698A
- Authority
- CN
- China
- Prior art keywords
- key
- target
- sequence number
- message
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention involves the mobile communication field, a method that the aiming base station gets the context information of the identified-right secret key, to solve the inconsistent problem in the relating sequence number of the aiming base station identified-right secret key context and the mobile terminal in the existing technology. The method including: the identified righter / the provider of the secret key create the context information of the identified-right secret key when the mobile terminal request cut, the context information includes the current sequence number of the identified-right secret key, the sequence number of the upward managing information authentication code and / or the current sequence number of the downward managing information authentication code; the identified righter / the provider of the secret key send the identified-right secret key and the relating sequence number to the aiming base station when the aiming base station that the mobile terminal ready to cut request the identified-right secret key. Thus maintained the continuity of the sequence number information, ensure the secure communication with the mobile terminal, and prevent effectively the possibly appearing replay attack, ensure the conversation security after restore.
Description
Technical field
The present invention relates to the mobile communication technology field, disclose a kind of mobile phone users especially in handoff procedure, the method for the destination service base station to obtain KI contextual information of portable terminal.
Background technology
Extensive use along with the flourish and wireless network of internet service, mobile subscriber's fail safe has proposed increasing requirement for wireless system: except some device authentication in the past, outside the problem such as subscription authentication and authorization of service, wireless user and AP (Access Point, access point) or the foundation of the escape way between the BS (Base Station, base station), the exchange of security information, and between BS and the key Distributor/Authenticator (distributor/authentication person), secret passage between Distributor/Authenticator and the Authentication Server (authentication server), problems such as the exchange of security information are paid close attention at present in a large number.
IEEE 802.16d/e serial protocols has defined WiMAX and has fixed and moved the standard that inserts the part of eating dishes without rice or wine, safety for the data that guarantee to eat dishes without rice or wine, protocol definition a Security Sublayer (Privacy Sublayer), be used to realize authentication, key distribution and management to the user, and the encryption of follow-up data and authentication.After authentication is finished, produce, distribute and managing keys by PKM (Privacy Key Management, private cipher key management) agreement between BS and the MSS (Mobile Subscribe Station, mobile contracted user).Defined two kinds of authentication modes in the agreement at present, a kind of Revest-Shamir-Adleman Algorithm (RSA) authentication that is based on public key algorithm, this authentication result is to produce a PAK (Primary Authorization Key, root authorization key) the authentication both sides; Another kind is the EAP authentication mode, authentication result is exactly to produce PMK (PairwiseMaster Key the authentication both sides, the symmetry master key), according to the identification information of PAK and/or PMK and out of Memory such as MSS and BS, derive the KI AK (Authorization Key) that is used to derive from other key resource between MS and the BS.In order further to strengthen fail safe, AK is set in certain life cycle effectively, in the guard time before the end of life of AK, MS must finish and BS between re-authentication (Re-authentication) and produce new AK.Like this, MS and BS just may safeguard two effective AK simultaneously.Use an attribute that is called AK sequence number (AK SequenceNumber) to distinguish simultaneous two effective AK at present in the agreement.When MS roams into a new target BS, also to carry out network (Network re-entry) process of reentrying, according to corresponding security strategy, obtain the key resource by re-authentication or back-end network (Backhaul).
For the ease of key is managed, define authentication key contexts (AKContext) among the IEEE 802.16e D10, be used to preserve the contextual information relevant with KI, as AK, AKID, AK Lifetime, AK Sequence Number etc.In order to realize authentication to administrative messag, defined HMAC (Hash Message Authentication Code among the IEEE 802.16d, hash message authentication code), this is a Message Authentication Code that the cipher key calculation that derives from by hash algorithm and AK is come out, message sender has carried HMAC and AK Sequence Number in the administrative messag that sends, after message receiver is received message, find corresponding AK according to AK Sequence Number, derive from corresponding key, according to message content calculate a new message authentication code and with message in the message authentication code that carries compare, thereby realized authentication to message.In addition, in order to prevent the playback of administrative messag, also defined among the IEEE 802.16e based on the CMAC (Ciper-based Message Authentication Code, message authentication code) that encrypts, this is a Message Authentication Code that calculates based on cryptographic algorithm.Use this message authentication code, message sender is in the administrative messag that sends, except carrying CMAC and AK Sequence Number, also carried an administrative messag sequence number, on up direction, this sequence number is CMAC_PN_U, at down direction, this sequence number is CMAC_PN_D.This sequence number increases progressively along with the transmission of message at message sender.After message receiver is received administrative messag, similar to the verification process and the HMAC of message.But can also be according to the sequence number in the message, the information of safeguarding in the AK context of message authentication code and correspondence that receives message SN judges whether message is resend message.Therefore, in order to support CMAC, in AK Context, also defined CMAC_PN_* parameters such as (CMAC_PN_D or CMAC_PN_U) to prevent the playback of administrative messag.And stipulated that concerning same AK one { CMAC_PN_*, AK} can not be used multiple times, and that is to say, for certain AK, when the CMAC_PN_* in its context reaches maximum, need carry out re-authentication.Can produce new AK during re-authentication, AK Context should produce again according to new authentication result simultaneously, as AK Lifetime, AK Sequence Number should regenerate in verification process, and parameters such as CMAC_PN_* should be reinitialized to certain initial value.
In IEEE 802.16e D10 draft, the AK Context content of definition is as shown in table 1:
Table 1.AK Context for PKMv2
| Context Parameter | Size | Usage |
| AK (KI) | 160bit | The authorization key.calculated as defined in 7.2.2.2.3 (KI, computational methods define in 7.2.2.2.3) |
| AKID (AK sign) | 64bits | AKID=Dot16KDF (AK, AK SN|SSID|BSID| " AK ", 64) (Dot16KDF is a key derivation formula of using among the 802.16e) |
| AK sequence number (KI sequence number) | 4bits | (derive from root key (PAK and the PMK) sequence number of AK, the value of this sequence number connects by minimum two bit strings with the minimum sum-bit PMK sequence number of PAK sequence number and obtains Sequence number of root keys (PAK and PMK) for the AK.This value is the least significant 2-bit of PAK sequence number concatenated with the least significant 2-bit of PMK sequence number.. ) If AK=f (PAK and PMK), then AK SN=PAK SN+PMK SN If AK=f (PAK), then AK SN=PAK SN If AK=f (PMK), then AK SN=PMK SN |
| AK lifetime (the effective life cycle of KI) | This is the time this key is valid; It is calculated AK lifetime=MIN (PAK lifetime, PMK lifetime)-when this expires, re-authentication is needed. (the effective life cycle of KI, it equals less value in corresponding PAK and the PMK life cycle, when this life cycle lost efficacy, need carry out re-authentication.) | |
| PMK Sequence Number | 4bit | The sequence number of the PMK that this AK is derived from (deriving from the PMK sequence number of AK) |
| CMAC_KEY_U (key of up management information signature) | 160/128 bit | The key which is used for signing UL management messages (being used for key) to up management information signature |
| CMAC_PN_U (up management message SN) | 32bit | Used to avoid UL replay attack on management messages-when this expires re-authentication is needed. (up management message SN when using CMAC to message authentication, be used to prevent the playback of up administrative messag-when this sequence number reaches maximum, need carry out re-authentication.) |
| CMAC_KEY_D (key of down management information signature) | 160/128 bit | The key which is used for signing DL management messages (being used for key) to the down management information signature |
| CMAC_PN_D (down management message SN) | 32bit | Used to avoid DL replay attack on management messages-when this expires re-authentication is needed. (down management message SN when using CMAC to message authentication, be used to prevent the playback of down management message-when this sequence number reaches maximum, need carry out re-authentication.) |
| KEK (key of encryption key) | 160bit | Used to encrypt transport keys from the BS to the SS. (when SS distributes transmission security key, being used for the key of encryption key) at BS |
| EIK (EAP completeness check key) | 160bit | (EAP completeness check key is used for the authentication to EAP verification process message to EAP Integrity Key for authenticating Authenticated EAP message..) |
Portable terminal may be roamed between a plurality of BS, according to corresponding security strategy, when MS moves to new target BS (hereinafter to be referred as BS2), may not need to carry out re-authentication, and only need be according to the root key that last time, authentication produced, utilize the sign of BS2 to derive from a new AK again, and pass through the backbone network transmission of messages on new target BS.For the network security under the handoff scenario is considered, WiMAX (Worldwide Interoperability for Microwave Access, inserting of microwave whole world interoperability) in the motion that forum has passed through (the Extensible Authentication Protocol based on EAP has been proposed, Extensible Authentication Protocol) security architecture has defined the network security model of eating dishes without rice or wine based on IEEE 802.16.
Under this framework, each BS ownership Key Receiver (key recipient), KeyReceiver (key recipient) connects Key Distributor/Authenticator (key distribution person/authentication person) by escape way, and wherein: Authenticator provides agent functionality for MSS authentication function; Key Distributor: provide according to the Authentication server and MSS between the equity root key information MSK (Master Session Key, the basic session key), and derive PMK, and then derive between BS and the MSS air interface key AK that shares, and be distributed on the Key Receiver, receive air interface key AK by Key Receiver, and derive from other key between BS and the MSS.In addition, as a complete safe network architecture system, the Authenticator server that also should comprise back-end network, the Authentication server mainly is to finish to be MSS authentication function, and by and MSS between the key generting machanism of reaching exchange mutually and produce the key information necessary, change in user profile, in time notify Authenticator and other net element informations to change the consequence that is produced.Because these information exchanged before setting up escape way, the leakage that the key algorithm that adopts between Authentication server and the MSS etc. all must guarantee information does not exert an influence to security mechanism.
Defined the AK host-host protocol of safely transfer secret key between Key Distributor and Key Receiver in current WiMAX NWG (the WiMAX Network Work Group WiMAX inserting of microwave whole world mutual operation network working group) draft.When MSS switches between BS and does not carry out re-authentication, after MSS switches to new BS and finishes synchronously with BS, can derive from the KI AK that makes new advances and upgrade its context according to the root key information of its local storage and the information of BS, in the context that upgrades, keep former correlated series information.But owing to do not have storage root key information on the BS, and at this moment do not set up escape way between MSS and the BS yet, so BS need by with back-end network in corresponding KeyDistributor carry out obtaining new KI and relevant information by AK Transfer agreement alternately.
In the WiMAX NWG draft, the AK host-host protocol has defined the message interaction process of transmitting KI between Key Distributor and KeyReceiver and Key Distributor, and this process has comprised optional AK Request (AK request) message and AK Transfer (AK transmission) message of forcing to realize.It is new AK of current BS request to Key Distributor that AK Request message is used for Key Receiver, AK Transfer message or transmission AK, AKID, AK Lifetime and EIK (EAP Integrity Key, the Extensible Authentication Protocol Integrity Key), perhaps indicate AK request failure.In addition, AK Transfer agreement has also defined an AK Delete message, is used to delete an AK who has existed.The content that these message comprise is as shown in table 2:
The message that defines in the table 2.AK Transfer agreement
| Messages/Primitives | From=>To | Message/Primitive Content |
| AK Request | Key Receiver=>Key Distributor | MSS_ID |
| AK Transfer | Key Distributor=>Key Receiver | MSS_ID、AK、AKID、AK Lifetime、EIK |
| AK Delete | Key Distributor=>Key Receiver | MSS_ID |
In general, triggering the AK transmission in handoff procedure has three message may trigger the transmission of AK, these three message are respectively switch indicating information (Mobile Handover Indication, MOB HO IND), distance measurement request message (Ranging Request, RNG REQ) and terminal handoff request message (Mobile MSHandover Request, MOB MSHO REQ).Shown in Figure 3 is exactly the AK transmission course that is triggered by MOB HO IND:
As shown in Figure 1, when switching, be the example explanation with serving BS broadcasts 1 and the same Authenticator/Key Distributor of target BS 2 ownership, the flow process that target BS 2 is obtained AK and contextual information thereof is as follows:
S101, MSS send idle message MOB_HO_IND to serving BS broadcasts 1, have comprised MSS in the message and the sign of the target BS 2 that will switch;
S102, serving BS broadcasts 1 Authenticator/Key Distributor under it sends HO Request message, has comprised the sign of MSS and target BS 2 in the message;
S103, Authenticator/Key Distributor are that target BS 2 produces air interface key AK2;
After Authenticator/Key Distributor receives handoff request, the MSS sign and the target BS 2 of carrying according to this request message identify, and the pairwise master key (PMK) of this mobile terminal identification corresponding mobile terminal of himself preserving, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS.
S104, target BS 2 are carried out alternately with Authenticator/Key Distributor, for switching is prepared;
S105, Authenticator/Key Distributor send HO Response message to serving BS broadcasts 1, as the response message to HO Request;
Key Receiver on S106, the target BS 2 sends AKRequest message to Authenticator/Key Distributor, has comprised the sign of MSS in the message;
S107, Authenticator/Key Distributor are sending to Key Receiver target BS 2 on by AK Transfer message with the AK2 that produces on the escape way of having set up, and have comprised sign, the air interface key information A K2 of MSS, life cycle and other key information such as the EIK of AKID, AK in the message;
After S108, target BS 2 obtain air interface key AK2, the session before recovering to switch.
AK may transmit between Key Distributor in different physical NEs and Key Receiver, therefore, must guarantee between Key Receiver and Key Distributor to have the passage of safety so that can transmit information such as AK safely.Just, ground mechanism guarantees to exist a connection safely beyond should having a kind of agreement between each Key Receiver and Key Distributor, in this connection, AK, AKID, AK Lifetime and EIK are behind encrypted on the Key Distributor and signature, use AK Transfer transmission of messages to give Key Receiver, Key Receiver receives after the AK Transfer message AK, AKID, AK Lifetime and EIK encrypted in the decrypt and it is saved in this locality, is used for follow-up and secure communication MSS.
Prior art has solved the problem of safe transmission key between Key Receiver and Key Distributor, but after MS switches to new BS, need to use the AK and the relevant information thereof that obtain to generate new AK context, according to prior art, target BS can be utilized the AK of acquisition, AKID, AK Lifetime and EIK recovered part AK context, but out of Memory in the AK context such as AK SequenceNumber, informational needs such as CMAC_PN_* regenerate, like this may be inconsistent with the AK contextual information that mobile terminal side is preserved, influence security of conversation.
Summary of the invention
The invention provides in a kind of mobile terminal switching process, the method of acquring authentication cryptographic key context from object base station is with the inconsistent problem of sequence number information in the AK context of sequence number information and mobile terminal side preservation in the context that solves target BS generation AK in the prior art.
A kind of method of acquring authentication cryptographic key context from object base station comprises the steps:
A1, authentication person/key supplier generate KI and contextual information thereof between portable terminal and the target BS when terminal request is switched, and the preservation of corresponding mobile terminal identification, and described contextual information comprises current KI sequence number;
A2, authentication person/key supplier send to target BS according to the described mobile terminal identification of carrying in the request message with the described KI and the current KI sequence number of correspondence when the described KI of target base station requests that portable terminal is prepared to switch.
In the described steps A 1, described contextual information also comprises current up management message authentication code sequence number and/or current down management message authentication code sequence number; And
In the described steps A 2, authentication person/key supplier sends to target BS with described current up management message authentication code sequence number and/or current down management message authentication code sequence number simultaneously.
Further comprise before the described steps A 1:
Portable terminal serving BS broadcasts under self sends handoff request, and this request message carries mobile terminal identification and target BS sign;
After serving BS broadcasts is received handoff request, send handoff request to described authentication person/key supplier, this request message carries mobile terminal identification and target BS sign;
After authentication person/the key supplier receives handoff request, the mobile terminal identification and the target BS that carry according to this request message identify, and this mobile terminal identification corresponding mobile terminal and pairwise master key (PMK) between authentication person/key supplier and/or the root authorization key (PAK) himself preserved, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS;
After switching preparation interacting message finished, target BS sent key request to object discriminator/key supplier, and this request message carries mobile terminal identification.
Described authentication person/key supplier by and target BS between escape way send described KI, current KI sequence number, current up management message authentication code sequence number and/or current down management message authentication code sequence number.
A kind of method of acquring authentication cryptographic key context from object base station comprises the steps:
Entitlement person/key supplier under B1, the portable terminal Current Serving BTS is when terminal request is switched, generate KI and contextual information thereof between portable terminal and the target BS, and corresponding mobile terminal identification preservation, described contextual information comprises current KI sequence number;
When object discriminator/key the supplier under B2, the portable terminal target BS prepares the described KI of target base station requests of switching at portable terminal, according to the entitlement person who carries in the request message/key supplier address information, obtain described KI and contextual information thereof from entitlement person/key supplier;
Object discriminator/key supplier under B3, the portable terminal target BS sends to target BS with described KI and current KI sequence number.
Among the described step B1, described contextual information also comprises current up management message authentication code sequence number and/or current down management message authentication code sequence number; And
Among the described step B3, authentication person/key supplier sends to target BS with described current up management message authentication code sequence number and/or current down management message authentication code sequence number simultaneously.
Further comprise before the described step B1:
Portable terminal sends handoff request to Current Serving BTS, and this request message carries mobile terminal identification and target BS sign;
After serving BS is received handoff request, send handoff request to entitlement person/key supplier, this request message carries mobile terminal identification and target BS sign;
After the entitlement person/the key supplier receives handoff request, the mobile terminal identification and the target BS that carry according to this request message identify, and this mobile terminal identification corresponding mobile terminal and pairwise master key (PMK) between the entitlement person and/or the root authorization key (PAK) himself preserved, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS;
After switching preparation interacting message finished, target BS sent key request to affiliated object discriminator/key supplier, and this request message carries mobile terminal identification.
Described entitlement person/key supplier's address information is prepared to send to target BS in the message process mutual the switching by entitlement person/key supplier.
Described entitlement person/key supplier by and object discriminator/key supplier between escape way send described KI and contextual information thereof.
Beneficial effect of the present invention is as follows:
In the authentication key contexts that use the method for the invention generates on target BS, comprise the KI sequence number that is consistent with mobile terminal side, the KI sequence number is used for determining corresponding KI, when target BS receive that portable terminal sends carry the up administrative messag of KI sequence number the time, confirm corresponding KI according to this KI sequence number, and derive from corresponding key and verify this up and down entrained message authentication code in the administrative messag, to determine the legitimacy of informed source; Perhaps when target BS during to down management message that described portable terminal sends, utilize described KI to generate the message authentication code of this down management message, and message authentication code and KI sequence number be carried in the down management message send together, when portable terminal is received down management message, determine corresponding KI and derive from the legitimacy that corresponding key is used to verify message according to the KI sequence number;
Therefore, use the present invention program, kept the continuity of KI sequence number, administrative messag sequence number in the authentication key contexts in the mobile terminal switching process, guaranteed secure communication with portable terminal, and prevent the Replay Attack that may occur effectively, the secure session after having guaranteed to recover.
Description of drawings
The existing portable terminal of Fig. 1 is when switching, and target BS 2 is obtained the flow chart of AK2 and contextual information thereof;
Fig. 2 is that portable terminal of the present invention is when switching, target BS 2 is obtained the flow chart of AK2 and contextual information thereof, wherein serving BS broadcasts 1 and target BS 2 belong to same Authenticator/KeyDistributor, preserve current AK and the contextual information thereof of MSS on the Authenticator/Key Distributor;
Fig. 3 is that portable terminal of the present invention is when switching, target BS 2 is obtained the flow chart of AK2 and contextual information thereof, wherein serving BS broadcasts 1 and target BS 2 belong to different Authenticator/KeyDistributor, do not preserve current AK and the contextual information thereof of MSS on the Authenticator/Key Distributor of target BS 2 ownership.
Embodiment
Prior art has solved the problem of safe transmission key between Key Receiver and Key Distributor, but it is not accurate enough and complete to AK and the relevant information definition in AK Transfer, transmitted, after considering that MS switches to new BS, need to use the AK and the relevant information thereof that obtain to generate new AK context, according to prior art, new BS can utilize the AK of acquisition, AKID, AK Lifetime and EIK recovered part AK context, but out of Memory in the AK context such as AK SequenceNumber, informational needs such as CMAC_PN_* regenerate.
When mobile terminal roaming is last to different BS, through re-authentication but obtain corresponding AK and relevant information by AK Transfer agreement, if only transmit AK and relevant information thereof, the imperfection of flow process will occur according to the AK Transfer message of present definition.With AK Sequence Number is example, target BS after obtaining AK, with the subsequent communications of MSS in, may safeguard two effective AK simultaneously between MSS and the BS, and use separately that AK Sequence Number distinguishes this two AK in the context.MSS if carried HMAC/CMAC, then also can carry simultaneously an AK Sequence Number in sending to the administrative messag of BS, BS uses AK Sequence Number to search corresponding AK, is used for administrative messag is authenticated.
In addition, if BS carries HMAC/CMAC in sending to the administrative messag of MSS, also need to carry the AK Sequence Number of the AK correspondence of calculating this HMAC/CMAC use, after MSS receives administrative messag, search corresponding AK according to AK Sequence Number, be used for message is authenticated.
In addition, consider the scene of a kind of portable terminal fast moving between a plurality of BS, when MSS successively roams into for twice on the BS, if do not need to take place re-authentication, the identical AK of BS twice use successively communicates by letter with MSS so, if do not obtain the CMAC_PN_* information in its context when obtaining AK.BS will reinitialize CMAC_PN_*, identical in twice communication in front and back so CMAC_PN_*, AK} may be used repeatedly, stipulate in this and the IEEE 802.16e agreement same { CMAC_PN_*, the principle that AK} can not be used multiple times is disagreed.
And in the prior art, do not comprise AK Sequence Number in AK that target BS obtains by AK Transfer message and the relevant information, after MS switches to target BS, BS can't realize the authentication to the administrative messag of MSS transmission, simultaneously also can't generate the administrative messag of issuing MS, therefore, for the session before can recovering after guaranteeing to switch to switch and guarantee security of conversation, in AK Transfer, need to transmit except comprising the information that has defined, as AK, outside AK Lifetime and the EIK, also should comprise the AK Sequence Number among the AK Context, CMAC_PN_* etc.
In the solution of the present invention, if portable terminal is on switching to new BS2 but when re-authentication not taking place, key distribution person in the back-end network is receiving the relevant information of corresponding switching indication back according to target BS 2, identify as BS2, for target BS 2 produces new AK and upgrades information relevant with BS2 in the context, but keep the out of Memory in the former context, target BS is obtained AK and contextual information thereof by AK Transfer message from key distribution person, and the authentication key contexts new, thereby guaranteed to recover after the session secure communication with terminal according to these information structurings.
At the scheme of prior art one, revise definition AK Transfer message in the AK Transfer agreement, make it carry AK Sequence Number and CMAC_PN_* among the AK Context, amended message content is as follows:
The amended AK Transfer of table 3 message
| Messages | From=>To | Message Content |
| AKTransfer | Key Distributor=>Key Distributor | MSSID, AK, AKID, AK Lifetime, EIK, AK Sequence Number and CMAC_PN_*, Transaction ID |
Amended AK Transfer flow chart is as follows:
After MSS switches to new BS and finishes synchronously with BS, can derive from the KI AK that makes new advances and upgrade its context according to the root key information of its local storage and the information of BS.
As shown in Figure 2, when switching, when preserving the current AK of MSS and contextual information thereof on the Authenticator/Key Distributor of target BS 2 ownership, the flow process that target BS is obtained AK is as follows:
S201, MSS send idle message MOB_HO_IND to serving BS broadcasts 1, have comprised MSS in the message and the sign of the target BS 2 that will switch;
S202, serving BS broadcasts 1 Authenticator/Key Distributor under it sends message HORequest, has comprised the sign of MSS and target BS 2 in the message;
S203, Authenticator/Key Distributor are that target BS 2 produces air interface key AK2;
S204, target BS 2 are carried out alternately with Authenticator/Key Distributor, for switching is prepared;
S205, Authenticator/Key Distributor send message HO Response to serving BS broadcasts 1, as the response to HO Request;
Key Receiver on S206, the target BS 2 sends AKRequest message to Authenticator/Key Distributor, has comprised the sign of MSS in the message;
S207, Authenticator/Key Distributor are sending to Key Receiver target BS 2 on by message AK Transfer with the AK2 that produces on the escape way of having set up, the sign that has comprised MSS in the message, the AK contextual information, comprise air interface key information A K2, AKLifetime, EIK, AK Sequence Number and CMAC_PN_D and CMAC_PN_U in the AK contextual information, wherein:
1), AK2, derive from formula according to the AK of AK Context definition among the IEEE 802.16e, according to root key, the identification information of MSS and BS derives from AK by Authenticator/Key Distributor;
2), AK SN, according to the derivation formula of the AK SN of AK Context definition among the IEEE 802.16e, AK SN is calculated by the sequence number of root key;
3), AKID, according to the derivation formula of IEEE 802.16e about AKID, this sign is derived from by the identification information of AK, AK Sequence Number, MSS and BS, therefore, in AK Transfer message, not necessarily need to carry, can generate according to the corresponding information that obtains by BS2;
4), AK2 Lifetime, according to the definition of IEEE 802.16e about AK Lifetime, it equals the smaller value in the life cycle of current possible root key PAK and PMK;
5), EIK, according to the definition of IEEE 802.16e about EIK, it is directly derived from by root key;
6), CMAC_PN_D and CMAC_PN_U, for the fail safe after guaranteeing to switch, the value of these two sequence numbers equals the corresponding value in the former AK context;
7), CMAC_KEY_D and CMAC_KEY_U, according to key derivation formula among the IEEE 802.16e, these two keys are that the identification information by AK, MSS and BS derives from, therefore, in AKTransfer message, not necessarily need to carry, can generate according to the corresponding information that obtains by BS2;
8), PMK Sequence Number owing in the handoff procedure migration of PMK does not take place, so this sequence number need not transmit in AK Transfer;
9), KEK, according to key derivation formula among the IEEE 802.16e, these two keys are by AK, the identification information of MSS and BS derives from, and therefore, not necessarily needs to carry in AK Transfer message, can be generated according to the corresponding information that obtains by BS2;
S208, the above-mentioned flow process of process, target BS 2 generates new AK context according to AK2 that obtains and contextual information thereof, compare with the AK context of service BS1, AK in the AK context of target BS 2, information such as AKID change along with the switching of BS, but AK Lifetime, information such as AK Sequence Number, CMAC_PN_* remain unchanged.
Embodiment two
As shown in Figure 3, serving BS broadcasts 1 and the different Authenticator/KeyDistributor of target BS 2 ownership, do not preserve current AK and the contextual information thereof of MSS on the Authenticator/Key Distributor of target BS 2 ownership, entitlement person/key distribution person receive after the handoff request message can and target BS 2 switch the preparation interacting message, the target BS person/key distribution person's of knowing the entitlement address information in this process.
Then BS2 will carry the address information of service Authenticator/Key Distributor in the secret key request message of the target Authenticator/Key Distributor that sends to ownership;
The address information of the service Authenticator/Key Distributor that carries in the secret key request message of target Authenticator/Key Distributor according to BS2, send secret key request message to service Authenticator/Key Distributor, carried the identification information of portable terminal in the message;
After service Authenticator/Key Distributor receives secret key request message, information such as CMAC_PN_* in the KI AK2 of the mobile terminal identification corresponding mobile terminal of carrying in the message, KI sequence number, the authentication key contexts by cipher key delivery message, are sent to target Authenticator/Key Distributor authentication person/key distribution person on escape way;
After target Authenticator/Key Distributor receives and leads cipher key delivery message, extract AK2 and contextual information thereof and preservation, when receiving the secret key request message of target BS 2, be carried in the AKTransfer message, by sending to the Key Receiver on the target BS 2 on the escape way.
Beneficial effect of the present invention is as follows:
In the authentication key contexts that use the method for the invention generates on target BS, comprise the KI sequence number that is consistent with mobile terminal side, the KI sequence number is used for determining corresponding KI, when target BS receive that portable terminal sends carry the up administrative messag of KI sequence number the time, confirm corresponding KI according to this KI sequence number, and derive from corresponding key and verify this up and down entrained message authentication code in the administrative messag, to determine the legitimacy of informed source; Perhaps when target BS during to down management message that described portable terminal sends, utilize described KI to generate the message authentication code of this down management message, and message authentication code and KI sequence number be carried in the down management message send together, when portable terminal is received down management message, determine corresponding KI and derive from the legitimacy that corresponding key is used to verify message according to the KI sequence number;
Therefore, use the present invention program, kept the continuity of KI sequence number, administrative messag sequence number in the authentication key contexts in the mobile terminal switching process, guaranteed secure communication with portable terminal, and prevent the Replay Attack that may occur effectively, the secure session after having guaranteed to recover.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (9)
1, a kind of method of acquring authentication cryptographic key context from object base station is characterized in that, comprises the steps:
A1, authentication person/key supplier generate KI and contextual information thereof between portable terminal and the target BS when terminal request is switched, and the preservation of corresponding mobile terminal identification, and described contextual information comprises current KI sequence number;
A2, authentication person/key supplier send to target BS according to the described mobile terminal identification of carrying in the request message with the described KI and the current KI sequence number of correspondence when the described KI of target base station requests that portable terminal is prepared to switch.
2, the method for claim 1 is characterized in that,
In the described steps A 1, described contextual information also comprises current up management message authentication code sequence number and/or current down management message authentication code sequence number; And
In the described steps A 2, authentication person/key supplier sends to target BS with described current up management message authentication code sequence number and/or current down management message authentication code sequence number simultaneously.
3, method as claimed in claim 1 or 2 is characterized in that, further comprises before the described steps A 1:
Portable terminal serving BS broadcasts under self sends handoff request, and this request message carries mobile terminal identification and target BS sign;
After serving BS broadcasts is received handoff request, send handoff request to described authentication person/key supplier, this request message carries mobile terminal identification and target BS sign;
After authentication person/the key supplier receives handoff request, the mobile terminal identification and the target BS that carry according to this request message identify, and this mobile terminal identification corresponding mobile terminal and pairwise master key (PMK) between authentication person/key supplier and/or the root authorization key (PAK) himself preserved, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS;
After switching preparation interacting message finished, target BS sent key request to object discriminator/key supplier, and this request message carries mobile terminal identification.
4, method as claimed in claim 2, it is characterized in that, described authentication person/key supplier by and target BS between escape way send described KI, current KI sequence number, current up management message authentication code sequence number and/or current down management message authentication code sequence number.
5, a kind of method of acquring authentication cryptographic key context from object base station is characterized in that, comprises the steps: (method that respective base station belongs to different authentication persons/key supplier)
Entitlement person/key supplier under B1, the portable terminal Current Serving BTS is when terminal request is switched, generate KI and contextual information thereof between portable terminal and the target BS, and corresponding mobile terminal identification preservation, described contextual information comprises current KI sequence number;
When object discriminator/key the supplier under B2, the portable terminal target BS prepares the described KI of target base station requests of switching at portable terminal, according to the entitlement person who carries in the request message/key supplier address information, obtain described KI and contextual information thereof from entitlement person/key supplier;
Object discriminator/key supplier under B3, the portable terminal target BS sends to target BS with described KI and current KI sequence number.
6, method as claimed in claim 5 is characterized in that,
Among the described step B1, described contextual information also comprises current up management message authentication code sequence number and/or current down management message authentication code sequence number; And
Among the described step B3, authentication person/key supplier sends to target BS with described current up management message authentication code sequence number and/or current down management message authentication code sequence number simultaneously.
7, as claim 5 or 6 described methods, it is characterized in that, further comprise before the described step B1:
Portable terminal sends handoff request to Current Serving BTS, and this request message carries mobile terminal identification and target BS sign;
After serving BS is received handoff request, send handoff request to entitlement person/key supplier, this request message carries mobile terminal identification and target BS sign;
After the entitlement person/the key supplier receives handoff request, the mobile terminal identification and the target BS that carry according to this request message identify, and this mobile terminal identification corresponding mobile terminal and pairwise master key (PMK) between the entitlement person and/or the root authorization key (PAK) himself preserved, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS;
After switching preparation interacting message finished, target BS sent key request to affiliated object discriminator/key supplier, and this request message carries mobile terminal identification.
8, method as claimed in claim 7 is characterized in that, described entitlement person/key supplier's address information is prepared to send to target BS in the message process mutual the switching by entitlement person/key supplier.
9, method as claimed in claim 5 is characterized in that, among the described step B, described entitlement person/key supplier by and object discriminator/key supplier between escape way send described KI and contextual information thereof.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100929076A CN100488281C (en) | 2005-08-24 | 2005-08-24 | Method for acquring authentication cryptographic key context from object base station |
| PCT/CN2006/002167 WO2007022727A1 (en) | 2005-08-24 | 2006-08-24 | A method and system for transmitting authorization key context information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100929076A CN100488281C (en) | 2005-08-24 | 2005-08-24 | Method for acquring authentication cryptographic key context from object base station |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1819698A true CN1819698A (en) | 2006-08-16 |
| CN100488281C CN100488281C (en) | 2009-05-13 |
Family
ID=36919332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100929076A Expired - Fee Related CN100488281C (en) | 2005-08-24 | 2005-08-24 | Method for acquring authentication cryptographic key context from object base station |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN100488281C (en) |
| WO (1) | WO2007022727A1 (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101212798B (en) * | 2006-12-26 | 2011-07-20 | 中兴通讯股份有限公司 | Pre-authentication process that supports quick switching |
| WO2011095077A1 (en) * | 2010-02-05 | 2011-08-11 | 中兴通讯股份有限公司 | Method, system and apparatus for managing air interface mapping key in wireless communication system |
| CN102201915A (en) * | 2010-03-22 | 2011-09-28 | 中国移动通信集团公司 | Terminal authentication method and device based on single sign-on |
| CN101137191B (en) * | 2006-08-28 | 2012-07-18 | 北京三星通信技术研究有限公司 | Method for managing safety information of handset moving between wireless communication systems |
| CN101321396B (en) * | 2008-04-14 | 2014-03-12 | 中兴通讯股份有限公司 | Mobile station switch implementing method and method for constructing safety access service network |
| CN101945449B (en) * | 2009-07-10 | 2015-06-03 | 中兴通讯股份有限公司 | Method and device for switching terminal to home base station |
| CN105451195A (en) * | 2014-07-25 | 2016-03-30 | 成都鼎桥通信技术有限公司 | End-to-end cluster key distribution method and core network equipment (eCN) |
| CN107113608A (en) * | 2014-10-29 | 2017-08-29 | 阿尔卡特朗讯公司 | By user equipment and base station generate multiple shared keys using cipher key spreading multiplier |
| WO2017167102A1 (en) * | 2016-03-31 | 2017-10-05 | 中兴通讯股份有限公司 | Methods for generating and verifying message integrity authentication information, device, and verification system |
| WO2019019121A1 (en) * | 2017-07-27 | 2019-01-31 | 华为技术有限公司 | Cell switching method and device |
| CN110536298A (en) * | 2018-08-10 | 2019-12-03 | 中兴通讯股份有限公司 | Indicating means, device, AMF equipment, terminal and the medium of non-access layer information safety |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1186906C (en) * | 2003-05-14 | 2005-01-26 | 东南大学 | Wireless LAN safety connecting-in control method |
| CN1290362C (en) * | 2003-05-30 | 2006-12-13 | 华为技术有限公司 | Key consulting method for switching mobile station in wireless local network |
| EP1665855B1 (en) * | 2003-09-12 | 2007-11-07 | NTT DoCoMo INC. | Seamless handover in heterogeneous network |
-
2005
- 2005-08-24 CN CNB2005100929076A patent/CN100488281C/en not_active Expired - Fee Related
-
2006
- 2006-08-24 WO PCT/CN2006/002167 patent/WO2007022727A1/en active Application Filing
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101137191B (en) * | 2006-08-28 | 2012-07-18 | 北京三星通信技术研究有限公司 | Method for managing safety information of handset moving between wireless communication systems |
| CN101212798B (en) * | 2006-12-26 | 2011-07-20 | 中兴通讯股份有限公司 | Pre-authentication process that supports quick switching |
| CN101321396B (en) * | 2008-04-14 | 2014-03-12 | 中兴通讯股份有限公司 | Mobile station switch implementing method and method for constructing safety access service network |
| CN101945449B (en) * | 2009-07-10 | 2015-06-03 | 中兴通讯股份有限公司 | Method and device for switching terminal to home base station |
| WO2011095077A1 (en) * | 2010-02-05 | 2011-08-11 | 中兴通讯股份有限公司 | Method, system and apparatus for managing air interface mapping key in wireless communication system |
| CN102201915A (en) * | 2010-03-22 | 2011-09-28 | 中国移动通信集团公司 | Terminal authentication method and device based on single sign-on |
| CN102201915B (en) * | 2010-03-22 | 2014-05-21 | 中国移动通信集团公司 | Terminal authentication method and device based on single sign-on |
| CN105451195B (en) * | 2014-07-25 | 2018-11-30 | 成都鼎桥通信技术有限公司 | End-to-end cluster cryptographic key distribution method and equipment of the core network |
| CN105451195A (en) * | 2014-07-25 | 2016-03-30 | 成都鼎桥通信技术有限公司 | End-to-end cluster key distribution method and core network equipment (eCN) |
| CN107113608A (en) * | 2014-10-29 | 2017-08-29 | 阿尔卡特朗讯公司 | By user equipment and base station generate multiple shared keys using cipher key spreading multiplier |
| CN107113608B (en) * | 2014-10-29 | 2020-05-12 | 阿尔卡特朗讯公司 | Method and apparatus for generating multiple shared keys using key expansion multipliers |
| WO2017167102A1 (en) * | 2016-03-31 | 2017-10-05 | 中兴通讯股份有限公司 | Methods for generating and verifying message integrity authentication information, device, and verification system |
| WO2019019121A1 (en) * | 2017-07-27 | 2019-01-31 | 华为技术有限公司 | Cell switching method and device |
| US11317334B2 (en) | 2017-07-27 | 2022-04-26 | Huawei Technologies Co., Ltd. | Inter-cell handover method and apparatus |
| CN110536298A (en) * | 2018-08-10 | 2019-12-03 | 中兴通讯股份有限公司 | Indicating means, device, AMF equipment, terminal and the medium of non-access layer information safety |
| CN110536298B (en) * | 2018-08-10 | 2023-11-03 | 中兴通讯股份有限公司 | Non-access stratum message security indication method and device, AMF (advanced mobile communication) equipment, terminal and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100488281C (en) | 2009-05-13 |
| WO2007022727A1 (en) | 2007-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1819698A (en) | Method for acquring authentication cryptographic key context from object base station | |
| CN1298194C (en) | Radio LAN security access method based on roaming key exchange authentication protocal | |
| JP5597676B2 (en) | Key material exchange | |
| CN103313242B (en) | The verification method and device of key | |
| US20090164788A1 (en) | Efficient generation method of authorization key for mobile communication | |
| CN102238484B (en) | Based on the authentication method of group and system in the communication system of Machine To Machine | |
| CN1720688A (en) | Key generation in a communication system | |
| CN108809637A (en) | The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher | |
| CN101047978A (en) | Method for updating key in user's set | |
| CN102685741A (en) | Access authentication processing method and system, terminal as well as network equipment | |
| CN101043328A (en) | Cipher key updating method of universal leading frame | |
| CN1929371A (en) | Method for negotiating key share between user and peripheral apparatus | |
| CN101047505A (en) | Method and system for setting safety connection in network application PUSH service | |
| CN1941695A (en) | Method and system for generating and distributing key during initial access network process | |
| CN101039181A (en) | Method for preventing service function entity of general authentication framework from attack | |
| CN1921379A (en) | Method for object discriminator/key supplier to get key | |
| CN102378174A (en) | Access method, device and system of user terminal of SIM (Subscriber Identity Module) card | |
| CN1801705A (en) | Pre-authentication method | |
| El Bouabidi et al. | Secure handoff protocol in 3GPP LTE networks | |
| CN1859772A (en) | Safety service communication method based on general authentification frame | |
| CN1835623A (en) | Updating method of controlled secret key | |
| CN104507065B (en) | Non-repudiation charging method in heterogeneous wireless network | |
| CN101742492B (en) | Key processing method and system | |
| CN1878169A (en) | Ub interface information interaction method in general guiding frame | |
| CN1964259B (en) | A method to manage secret key in the course of switch-over |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090513 Termination date: 20210824 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |