CN1819698A - Method for acquring authentication cryptographic key context from object base station - Google Patents

Method for acquring authentication cryptographic key context from object base station Download PDF

Info

Publication number
CN1819698A
CN1819698A CN 200510092907 CN200510092907A CN1819698A CN 1819698 A CN1819698 A CN 1819698A CN 200510092907 CN200510092907 CN 200510092907 CN 200510092907 A CN200510092907 A CN 200510092907A CN 1819698 A CN1819698 A CN 1819698A
Authority
CN
China
Prior art keywords
key
target
message
mobile terminal
sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200510092907
Other languages
Chinese (zh)
Other versions
CN100488281C (en
Inventor
肖正飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2005100929076A priority Critical patent/CN100488281C/en
Publication of CN1819698A publication Critical patent/CN1819698A/en
Application granted granted Critical
Publication of CN100488281C publication Critical patent/CN100488281C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network

Abstract

The invention involves the mobile communication field, a method that the aiming base station gets the context information of the identified-right secret key, to solve the inconsistent problem in the relating sequence number of the aiming base station identified-right secret key context and the mobile terminal in the existing technology. The method including: the identified righter / the provider of the secret key create the context information of the identified-right secret key when the mobile terminal request cut, the context information includes the current sequence number of the identified-right secret key, the sequence number of the upward managing information authentication code and / or the current sequence number of the downward managing information authentication code; the identified righter / the provider of the secret key send the identified-right secret key and the relating sequence number to the aiming base station when the aiming base station that the mobile terminal ready to cut request the identified-right secret key. Thus maintained the continuity of the sequence number information, ensure the secure communication with the mobile terminal, and prevent effectively the possibly appearing replay attack, ensure the conversation security after restore.

Description

A kind of method of acquring authentication cryptographic key context from object base station
Technical field
The present invention relates to the mobile communication technology field, disclose a kind of mobile phone users especially in handoff procedure, the method for the destination service base station to obtain KI contextual information of portable terminal.
Background technology
Extensive use along with the flourish and wireless network of internet service, mobile subscriber's fail safe has proposed increasing requirement for wireless system: except some device authentication in the past, outside the problem such as subscription authentication and authorization of service, wireless user and AP (Access Point, access point) or the foundation of the escape way between the BS (Base Station, base station), the exchange of security information, and between BS and the key Distributor/Authenticator (distributor/authentication person), secret passage between Distributor/Authenticator and the Authentication Server (authentication server), problems such as the exchange of security information are paid close attention at present in a large number.
IEEE 802.16d/e serial protocols has defined WiMAX and has fixed and moved the standard that inserts the part of eating dishes without rice or wine, safety for the data that guarantee to eat dishes without rice or wine, protocol definition a Security Sublayer (Privacy Sublayer), be used to realize authentication, key distribution and management to the user, and the encryption of follow-up data and authentication.After authentication is finished, produce, distribute and managing keys by PKM (Privacy Key Management, private cipher key management) agreement between BS and the MSS (Mobile Subscribe Station, mobile contracted user).Defined two kinds of authentication modes in the agreement at present, a kind of Revest-Shamir-Adleman Algorithm (RSA) authentication that is based on public key algorithm, this authentication result is to produce a PAK (Primary Authorization Key, root authorization key) the authentication both sides; Another kind is the EAP authentication mode, authentication result is exactly to produce PMK (PairwiseMaster Key the authentication both sides, the symmetry master key), according to the identification information of PAK and/or PMK and out of Memory such as MSS and BS, derive the KI AK (Authorization Key) that is used to derive from other key resource between MS and the BS.In order further to strengthen fail safe, AK is set in certain life cycle effectively, in the guard time before the end of life of AK, MS must finish and BS between re-authentication (Re-authentication) and produce new AK.Like this, MS and BS just may safeguard two effective AK simultaneously.Use an attribute that is called AK sequence number (AK SequenceNumber) to distinguish simultaneous two effective AK at present in the agreement.When MS roams into a new target BS, also to carry out network (Network re-entry) process of reentrying, according to corresponding security strategy, obtain the key resource by re-authentication or back-end network (Backhaul).
For the ease of key is managed, define authentication key contexts (AKContext) among the IEEE 802.16e D10, be used to preserve the contextual information relevant with KI, as AK, AKID, AK Lifetime, AK Sequence Number etc.In order to realize authentication to administrative messag, defined HMAC (Hash Message Authentication Code among the IEEE 802.16d, hash message authentication code), this is a Message Authentication Code that the cipher key calculation that derives from by hash algorithm and AK is come out, message sender has carried HMAC and AK Sequence Number in the administrative messag that sends, after message receiver is received message, find corresponding AK according to AK Sequence Number, derive from corresponding key, according to message content calculate a new message authentication code and with message in the message authentication code that carries compare, thereby realized authentication to message.In addition, in order to prevent the playback of administrative messag, also defined among the IEEE 802.16e based on the CMAC (Ciper-based Message Authentication Code, message authentication code) that encrypts, this is a Message Authentication Code that calculates based on cryptographic algorithm.Use this message authentication code, message sender is in the administrative messag that sends, except carrying CMAC and AK Sequence Number, also carried an administrative messag sequence number, on up direction, this sequence number is CMAC_PN_U, at down direction, this sequence number is CMAC_PN_D.This sequence number increases progressively along with the transmission of message at message sender.After message receiver is received administrative messag, similar to the verification process and the HMAC of message.But can also be according to the sequence number in the message, the information of safeguarding in the AK context of message authentication code and correspondence that receives message SN judges whether message is resend message.Therefore, in order to support CMAC, in AK Context, also defined CMAC_PN_* parameters such as (CMAC_PN_D or CMAC_PN_U) to prevent the playback of administrative messag.And stipulated that concerning same AK one { CMAC_PN_*, AK} can not be used multiple times, and that is to say, for certain AK, when the CMAC_PN_* in its context reaches maximum, need carry out re-authentication.Can produce new AK during re-authentication, AK Context should produce again according to new authentication result simultaneously, as AK Lifetime, AK Sequence Number should regenerate in verification process, and parameters such as CMAC_PN_* should be reinitialized to certain initial value.
In IEEE 802.16e D10 draft, the AK Context content of definition is as shown in table 1:
Table 1.AK Context for PKMv2
Context Parameter Size Usage
AK (KI) 160bit The authorization key.calculated as defined in 7.2.2.2.3 (KI, computational methods define in 7.2.2.2.3)
AKID (AK sign) 64bits AKID=Dot16KDF (AK, AK SN|SSID|BSID| " AK ", 64) (Dot16KDF is a key derivation formula of using among the 802.16e)
AK sequence number (KI sequence number) 4bits (derive from root key (PAK and the PMK) sequence number of AK, the value of this sequence number connects by minimum two bit strings with the minimum sum-bit PMK sequence number of PAK sequence number and obtains Sequence number of root keys (PAK and PMK) for the AK.This value is the least significant 2-bit of PAK sequence number concatenated with the least significant 2-bit of PMK sequence number.. ) If AK=f (PAK and PMK), then AK SN=PAK SN+PMK SN If AK=f (PAK), then AK SN=PAK SN If AK=f (PMK), then AK SN=PMK SN
AK lifetime (the effective life cycle of KI) This is the time this key is valid; It is calculated AK lifetime=MIN (PAK lifetime, PMK lifetime)-when this expires, re-authentication is needed. (the effective life cycle of KI, it equals less value in corresponding PAK and the PMK life cycle, when this life cycle lost efficacy, need carry out re-authentication.)
PMK Sequence Number 4bit The sequence number of the PMK that this AK is derived from (deriving from the PMK sequence number of AK)
CMAC_KEY_U (key of up management information signature) 160/128 bit The key which is used for signing UL management messages (being used for key) to up management information signature
CMAC_PN_U (up management message SN) 32bit Used to avoid UL replay attack on management messages-when this expires re-authentication is needed. (up management message SN when using CMAC to message authentication, be used to prevent the playback of up administrative messag-when this sequence number reaches maximum, need carry out re-authentication.)
CMAC_KEY_D (key of down management information signature) 160/128 bit The key which is used for signing DL management messages (being used for key) to the down management information signature
CMAC_PN_D (down management message SN) 32bit Used to avoid DL replay attack on management messages-when this expires re-authentication is needed. (down management message SN when using CMAC to message authentication, be used to prevent the playback of down management message-when this sequence number reaches maximum, need carry out re-authentication.)
KEK (key of encryption key) 160bit Used to encrypt transport keys from the BS to the SS. (when SS distributes transmission security key, being used for the key of encryption key) at BS
EIK (EAP completeness check key) 160bit (EAP completeness check key is used for the authentication to EAP verification process message to EAP Integrity Key for authenticating Authenticated EAP message..)
Portable terminal may be roamed between a plurality of BS, according to corresponding security strategy, when MS moves to new target BS (hereinafter to be referred as BS2), may not need to carry out re-authentication, and only need be according to the root key that last time, authentication produced, utilize the sign of BS2 to derive from a new AK again, and pass through the backbone network transmission of messages on new target BS.For the network security under the handoff scenario is considered, WiMAX (Worldwide Interoperability for Microwave Access, inserting of microwave whole world interoperability) in the motion that forum has passed through (the Extensible Authentication Protocol based on EAP has been proposed, Extensible Authentication Protocol) security architecture has defined the network security model of eating dishes without rice or wine based on IEEE 802.16.
Under this framework, each BS ownership Key Receiver (key recipient), KeyReceiver (key recipient) connects Key Distributor/Authenticator (key distribution person/authentication person) by escape way, and wherein: Authenticator provides agent functionality for MSS authentication function; Key Distributor: provide according to the Authentication server and MSS between the equity root key information MSK (Master Session Key, the basic session key), and derive PMK, and then derive between BS and the MSS air interface key AK that shares, and be distributed on the Key Receiver, receive air interface key AK by Key Receiver, and derive from other key between BS and the MSS.In addition, as a complete safe network architecture system, the Authenticator server that also should comprise back-end network, the Authentication server mainly is to finish to be MSS authentication function, and by and MSS between the key generting machanism of reaching exchange mutually and produce the key information necessary, change in user profile, in time notify Authenticator and other net element informations to change the consequence that is produced.Because these information exchanged before setting up escape way, the leakage that the key algorithm that adopts between Authentication server and the MSS etc. all must guarantee information does not exert an influence to security mechanism.
Defined the AK host-host protocol of safely transfer secret key between Key Distributor and Key Receiver in current WiMAX NWG (the WiMAX Network Work Group WiMAX inserting of microwave whole world mutual operation network working group) draft.When MSS switches between BS and does not carry out re-authentication, after MSS switches to new BS and finishes synchronously with BS, can derive from the KI AK that makes new advances and upgrade its context according to the root key information of its local storage and the information of BS, in the context that upgrades, keep former correlated series information.But owing to do not have storage root key information on the BS, and at this moment do not set up escape way between MSS and the BS yet, so BS need by with back-end network in corresponding KeyDistributor carry out obtaining new KI and relevant information by AK Transfer agreement alternately.
In the WiMAX NWG draft, the AK host-host protocol has defined the message interaction process of transmitting KI between Key Distributor and KeyReceiver and Key Distributor, and this process has comprised optional AK Request (AK request) message and AK Transfer (AK transmission) message of forcing to realize.It is new AK of current BS request to Key Distributor that AK Request message is used for Key Receiver, AK Transfer message or transmission AK, AKID, AK Lifetime and EIK (EAP Integrity Key, the Extensible Authentication Protocol Integrity Key), perhaps indicate AK request failure.In addition, AK Transfer agreement has also defined an AK Delete message, is used to delete an AK who has existed.The content that these message comprise is as shown in table 2:
The message that defines in the table 2.AK Transfer agreement
Messages/Primitives From=>To Message/Primitive Content
AK Request Key Receiver=>Key Distributor MSS_ID
AK Transfer Key Distributor=>Key Receiver MSS_ID、AK、AKID、AK Lifetime、EIK
AK Delete Key Distributor=>Key Receiver MSS_ID
In general, triggering the AK transmission in handoff procedure has three message may trigger the transmission of AK, these three message are respectively switch indicating information (Mobile Handover Indication, MOB HO IND), distance measurement request message (Ranging Request, RNG REQ) and terminal handoff request message (Mobile MSHandover Request, MOB MSHO REQ).Shown in Figure 3 is exactly the AK transmission course that is triggered by MOB HO IND:
As shown in Figure 1, when switching, be the example explanation with serving BS broadcasts 1 and the same Authenticator/Key Distributor of target BS 2 ownership, the flow process that target BS 2 is obtained AK and contextual information thereof is as follows:
S101, MSS send idle message MOB_HO_IND to serving BS broadcasts 1, have comprised MSS in the message and the sign of the target BS 2 that will switch;
S102, serving BS broadcasts 1 Authenticator/Key Distributor under it sends HO Request message, has comprised the sign of MSS and target BS 2 in the message;
S103, Authenticator/Key Distributor are that target BS 2 produces air interface key AK2;
After Authenticator/Key Distributor receives handoff request, the MSS sign and the target BS 2 of carrying according to this request message identify, and the pairwise master key (PMK) of this mobile terminal identification corresponding mobile terminal of himself preserving, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS.
S104, target BS 2 are carried out alternately with Authenticator/Key Distributor, for switching is prepared;
S105, Authenticator/Key Distributor send HO Response message to serving BS broadcasts 1, as the response message to HO Request;
Key Receiver on S106, the target BS 2 sends AKRequest message to Authenticator/Key Distributor, has comprised the sign of MSS in the message;
S107, Authenticator/Key Distributor are sending to Key Receiver target BS 2 on by AK Transfer message with the AK2 that produces on the escape way of having set up, and have comprised sign, the air interface key information A K2 of MSS, life cycle and other key information such as the EIK of AKID, AK in the message;
After S108, target BS 2 obtain air interface key AK2, the session before recovering to switch.
AK may transmit between Key Distributor in different physical NEs and Key Receiver, therefore, must guarantee between Key Receiver and Key Distributor to have the passage of safety so that can transmit information such as AK safely.Just, ground mechanism guarantees to exist a connection safely beyond should having a kind of agreement between each Key Receiver and Key Distributor, in this connection, AK, AKID, AK Lifetime and EIK are behind encrypted on the Key Distributor and signature, use AK Transfer transmission of messages to give Key Receiver, Key Receiver receives after the AK Transfer message AK, AKID, AK Lifetime and EIK encrypted in the decrypt and it is saved in this locality, is used for follow-up and secure communication MSS.
Prior art has solved the problem of safe transmission key between Key Receiver and Key Distributor, but after MS switches to new BS, need to use the AK and the relevant information thereof that obtain to generate new AK context, according to prior art, target BS can be utilized the AK of acquisition, AKID, AK Lifetime and EIK recovered part AK context, but out of Memory in the AK context such as AK SequenceNumber, informational needs such as CMAC_PN_* regenerate, like this may be inconsistent with the AK contextual information that mobile terminal side is preserved, influence security of conversation.
Summary of the invention
The invention provides in a kind of mobile terminal switching process, the method of acquring authentication cryptographic key context from object base station is with the inconsistent problem of sequence number information in the AK context of sequence number information and mobile terminal side preservation in the context that solves target BS generation AK in the prior art.
A kind of method of acquring authentication cryptographic key context from object base station comprises the steps:
A1, authentication person/key supplier generate KI and contextual information thereof between portable terminal and the target BS when terminal request is switched, and the preservation of corresponding mobile terminal identification, and described contextual information comprises current KI sequence number;
A2, authentication person/key supplier send to target BS according to the described mobile terminal identification of carrying in the request message with the described KI and the current KI sequence number of correspondence when the described KI of target base station requests that portable terminal is prepared to switch.
In the described steps A 1, described contextual information also comprises current up management message authentication code sequence number and/or current down management message authentication code sequence number; And
In the described steps A 2, authentication person/key supplier sends to target BS with described current up management message authentication code sequence number and/or current down management message authentication code sequence number simultaneously.
Further comprise before the described steps A 1:
Portable terminal serving BS broadcasts under self sends handoff request, and this request message carries mobile terminal identification and target BS sign;
After serving BS broadcasts is received handoff request, send handoff request to described authentication person/key supplier, this request message carries mobile terminal identification and target BS sign;
After authentication person/the key supplier receives handoff request, the mobile terminal identification and the target BS that carry according to this request message identify, and this mobile terminal identification corresponding mobile terminal and pairwise master key (PMK) between authentication person/key supplier and/or the root authorization key (PAK) himself preserved, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS;
After switching preparation interacting message finished, target BS sent key request to object discriminator/key supplier, and this request message carries mobile terminal identification.
Described authentication person/key supplier by and target BS between escape way send described KI, current KI sequence number, current up management message authentication code sequence number and/or current down management message authentication code sequence number.
A kind of method of acquring authentication cryptographic key context from object base station comprises the steps:
Entitlement person/key supplier under B1, the portable terminal Current Serving BTS is when terminal request is switched, generate KI and contextual information thereof between portable terminal and the target BS, and corresponding mobile terminal identification preservation, described contextual information comprises current KI sequence number;
When object discriminator/key the supplier under B2, the portable terminal target BS prepares the described KI of target base station requests of switching at portable terminal, according to the entitlement person who carries in the request message/key supplier address information, obtain described KI and contextual information thereof from entitlement person/key supplier;
Object discriminator/key supplier under B3, the portable terminal target BS sends to target BS with described KI and current KI sequence number.
Among the described step B1, described contextual information also comprises current up management message authentication code sequence number and/or current down management message authentication code sequence number; And
Among the described step B3, authentication person/key supplier sends to target BS with described current up management message authentication code sequence number and/or current down management message authentication code sequence number simultaneously.
Further comprise before the described step B1:
Portable terminal sends handoff request to Current Serving BTS, and this request message carries mobile terminal identification and target BS sign;
After serving BS is received handoff request, send handoff request to entitlement person/key supplier, this request message carries mobile terminal identification and target BS sign;
After the entitlement person/the key supplier receives handoff request, the mobile terminal identification and the target BS that carry according to this request message identify, and this mobile terminal identification corresponding mobile terminal and pairwise master key (PMK) between the entitlement person and/or the root authorization key (PAK) himself preserved, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS;
After switching preparation interacting message finished, target BS sent key request to affiliated object discriminator/key supplier, and this request message carries mobile terminal identification.
Described entitlement person/key supplier's address information is prepared to send to target BS in the message process mutual the switching by entitlement person/key supplier.
Described entitlement person/key supplier by and object discriminator/key supplier between escape way send described KI and contextual information thereof.
Beneficial effect of the present invention is as follows:
In the authentication key contexts that use the method for the invention generates on target BS, comprise the KI sequence number that is consistent with mobile terminal side, the KI sequence number is used for determining corresponding KI, when target BS receive that portable terminal sends carry the up administrative messag of KI sequence number the time, confirm corresponding KI according to this KI sequence number, and derive from corresponding key and verify this up and down entrained message authentication code in the administrative messag, to determine the legitimacy of informed source; Perhaps when target BS during to down management message that described portable terminal sends, utilize described KI to generate the message authentication code of this down management message, and message authentication code and KI sequence number be carried in the down management message send together, when portable terminal is received down management message, determine corresponding KI and derive from the legitimacy that corresponding key is used to verify message according to the KI sequence number;
Therefore, use the present invention program, kept the continuity of KI sequence number, administrative messag sequence number in the authentication key contexts in the mobile terminal switching process, guaranteed secure communication with portable terminal, and prevent the Replay Attack that may occur effectively, the secure session after having guaranteed to recover.
Description of drawings
The existing portable terminal of Fig. 1 is when switching, and target BS 2 is obtained the flow chart of AK2 and contextual information thereof;
Fig. 2 is that portable terminal of the present invention is when switching, target BS 2 is obtained the flow chart of AK2 and contextual information thereof, wherein serving BS broadcasts 1 and target BS 2 belong to same Authenticator/KeyDistributor, preserve current AK and the contextual information thereof of MSS on the Authenticator/Key Distributor;
Fig. 3 is that portable terminal of the present invention is when switching, target BS 2 is obtained the flow chart of AK2 and contextual information thereof, wherein serving BS broadcasts 1 and target BS 2 belong to different Authenticator/KeyDistributor, do not preserve current AK and the contextual information thereof of MSS on the Authenticator/Key Distributor of target BS 2 ownership.
Embodiment
Prior art has solved the problem of safe transmission key between Key Receiver and Key Distributor, but it is not accurate enough and complete to AK and the relevant information definition in AK Transfer, transmitted, after considering that MS switches to new BS, need to use the AK and the relevant information thereof that obtain to generate new AK context, according to prior art, new BS can utilize the AK of acquisition, AKID, AK Lifetime and EIK recovered part AK context, but out of Memory in the AK context such as AK SequenceNumber, informational needs such as CMAC_PN_* regenerate.
When mobile terminal roaming is last to different BS, through re-authentication but obtain corresponding AK and relevant information by AK Transfer agreement, if only transmit AK and relevant information thereof, the imperfection of flow process will occur according to the AK Transfer message of present definition.With AK Sequence Number is example, target BS after obtaining AK, with the subsequent communications of MSS in, may safeguard two effective AK simultaneously between MSS and the BS, and use separately that AK Sequence Number distinguishes this two AK in the context.MSS if carried HMAC/CMAC, then also can carry simultaneously an AK Sequence Number in sending to the administrative messag of BS, BS uses AK Sequence Number to search corresponding AK, is used for administrative messag is authenticated.
In addition, if BS carries HMAC/CMAC in sending to the administrative messag of MSS, also need to carry the AK Sequence Number of the AK correspondence of calculating this HMAC/CMAC use, after MSS receives administrative messag, search corresponding AK according to AK Sequence Number, be used for message is authenticated.
In addition, consider the scene of a kind of portable terminal fast moving between a plurality of BS, when MSS successively roams into for twice on the BS, if do not need to take place re-authentication, the identical AK of BS twice use successively communicates by letter with MSS so, if do not obtain the CMAC_PN_* information in its context when obtaining AK.BS will reinitialize CMAC_PN_*, identical in twice communication in front and back so CMAC_PN_*, AK} may be used repeatedly, stipulate in this and the IEEE 802.16e agreement same { CMAC_PN_*, the principle that AK} can not be used multiple times is disagreed.
And in the prior art, do not comprise AK Sequence Number in AK that target BS obtains by AK Transfer message and the relevant information, after MS switches to target BS, BS can't realize the authentication to the administrative messag of MSS transmission, simultaneously also can't generate the administrative messag of issuing MS, therefore, for the session before can recovering after guaranteeing to switch to switch and guarantee security of conversation, in AK Transfer, need to transmit except comprising the information that has defined, as AK, outside AK Lifetime and the EIK, also should comprise the AK Sequence Number among the AK Context, CMAC_PN_* etc.
In the solution of the present invention, if portable terminal is on switching to new BS2 but when re-authentication not taking place, key distribution person in the back-end network is receiving the relevant information of corresponding switching indication back according to target BS 2, identify as BS2, for target BS 2 produces new AK and upgrades information relevant with BS2 in the context, but keep the out of Memory in the former context, target BS is obtained AK and contextual information thereof by AK Transfer message from key distribution person, and the authentication key contexts new, thereby guaranteed to recover after the session secure communication with terminal according to these information structurings.
At the scheme of prior art one, revise definition AK Transfer message in the AK Transfer agreement, make it carry AK Sequence Number and CMAC_PN_* among the AK Context, amended message content is as follows:
The amended AK Transfer of table 3 message
Messages From=>To Message Content
AKTransfer Key Distributor=>Key Distributor MSSID, AK, AKID, AK Lifetime, EIK, AK Sequence Number and CMAC_PN_*, Transaction ID
Amended AK Transfer flow chart is as follows:
After MSS switches to new BS and finishes synchronously with BS, can derive from the KI AK that makes new advances and upgrade its context according to the root key information of its local storage and the information of BS.
As shown in Figure 2, when switching, when preserving the current AK of MSS and contextual information thereof on the Authenticator/Key Distributor of target BS 2 ownership, the flow process that target BS is obtained AK is as follows:
S201, MSS send idle message MOB_HO_IND to serving BS broadcasts 1, have comprised MSS in the message and the sign of the target BS 2 that will switch;
S202, serving BS broadcasts 1 Authenticator/Key Distributor under it sends message HORequest, has comprised the sign of MSS and target BS 2 in the message;
S203, Authenticator/Key Distributor are that target BS 2 produces air interface key AK2;
S204, target BS 2 are carried out alternately with Authenticator/Key Distributor, for switching is prepared;
S205, Authenticator/Key Distributor send message HO Response to serving BS broadcasts 1, as the response to HO Request;
Key Receiver on S206, the target BS 2 sends AKRequest message to Authenticator/Key Distributor, has comprised the sign of MSS in the message;
S207, Authenticator/Key Distributor are sending to Key Receiver target BS 2 on by message AK Transfer with the AK2 that produces on the escape way of having set up, the sign that has comprised MSS in the message, the AK contextual information, comprise air interface key information A K2, AKLifetime, EIK, AK Sequence Number and CMAC_PN_D and CMAC_PN_U in the AK contextual information, wherein:
1), AK2, derive from formula according to the AK of AK Context definition among the IEEE 802.16e, according to root key, the identification information of MSS and BS derives from AK by Authenticator/Key Distributor;
2), AK SN, according to the derivation formula of the AK SN of AK Context definition among the IEEE 802.16e, AK SN is calculated by the sequence number of root key;
3), AKID, according to the derivation formula of IEEE 802.16e about AKID, this sign is derived from by the identification information of AK, AK Sequence Number, MSS and BS, therefore, in AK Transfer message, not necessarily need to carry, can generate according to the corresponding information that obtains by BS2;
4), AK2 Lifetime, according to the definition of IEEE 802.16e about AK Lifetime, it equals the smaller value in the life cycle of current possible root key PAK and PMK;
5), EIK, according to the definition of IEEE 802.16e about EIK, it is directly derived from by root key;
6), CMAC_PN_D and CMAC_PN_U, for the fail safe after guaranteeing to switch, the value of these two sequence numbers equals the corresponding value in the former AK context;
7), CMAC_KEY_D and CMAC_KEY_U, according to key derivation formula among the IEEE 802.16e, these two keys are that the identification information by AK, MSS and BS derives from, therefore, in AKTransfer message, not necessarily need to carry, can generate according to the corresponding information that obtains by BS2;
8), PMK Sequence Number owing in the handoff procedure migration of PMK does not take place, so this sequence number need not transmit in AK Transfer;
9), KEK, according to key derivation formula among the IEEE 802.16e, these two keys are by AK, the identification information of MSS and BS derives from, and therefore, not necessarily needs to carry in AK Transfer message, can be generated according to the corresponding information that obtains by BS2;
S208, the above-mentioned flow process of process, target BS 2 generates new AK context according to AK2 that obtains and contextual information thereof, compare with the AK context of service BS1, AK in the AK context of target BS 2, information such as AKID change along with the switching of BS, but AK Lifetime, information such as AK Sequence Number, CMAC_PN_* remain unchanged.
Embodiment two
As shown in Figure 3, serving BS broadcasts 1 and the different Authenticator/KeyDistributor of target BS 2 ownership, do not preserve current AK and the contextual information thereof of MSS on the Authenticator/Key Distributor of target BS 2 ownership, entitlement person/key distribution person receive after the handoff request message can and target BS 2 switch the preparation interacting message, the target BS person/key distribution person's of knowing the entitlement address information in this process.
Then BS2 will carry the address information of service Authenticator/Key Distributor in the secret key request message of the target Authenticator/Key Distributor that sends to ownership;
The address information of the service Authenticator/Key Distributor that carries in the secret key request message of target Authenticator/Key Distributor according to BS2, send secret key request message to service Authenticator/Key Distributor, carried the identification information of portable terminal in the message;
After service Authenticator/Key Distributor receives secret key request message, information such as CMAC_PN_* in the KI AK2 of the mobile terminal identification corresponding mobile terminal of carrying in the message, KI sequence number, the authentication key contexts by cipher key delivery message, are sent to target Authenticator/Key Distributor authentication person/key distribution person on escape way;
After target Authenticator/Key Distributor receives and leads cipher key delivery message, extract AK2 and contextual information thereof and preservation, when receiving the secret key request message of target BS 2, be carried in the AKTransfer message, by sending to the Key Receiver on the target BS 2 on the escape way.
Beneficial effect of the present invention is as follows:
In the authentication key contexts that use the method for the invention generates on target BS, comprise the KI sequence number that is consistent with mobile terminal side, the KI sequence number is used for determining corresponding KI, when target BS receive that portable terminal sends carry the up administrative messag of KI sequence number the time, confirm corresponding KI according to this KI sequence number, and derive from corresponding key and verify this up and down entrained message authentication code in the administrative messag, to determine the legitimacy of informed source; Perhaps when target BS during to down management message that described portable terminal sends, utilize described KI to generate the message authentication code of this down management message, and message authentication code and KI sequence number be carried in the down management message send together, when portable terminal is received down management message, determine corresponding KI and derive from the legitimacy that corresponding key is used to verify message according to the KI sequence number;
Therefore, use the present invention program, kept the continuity of KI sequence number, administrative messag sequence number in the authentication key contexts in the mobile terminal switching process, guaranteed secure communication with portable terminal, and prevent the Replay Attack that may occur effectively, the secure session after having guaranteed to recover.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (9)

1, a kind of method of acquring authentication cryptographic key context from object base station is characterized in that, comprises the steps:
A1, authentication person/key supplier generate KI and contextual information thereof between portable terminal and the target BS when terminal request is switched, and the preservation of corresponding mobile terminal identification, and described contextual information comprises current KI sequence number;
A2, authentication person/key supplier send to target BS according to the described mobile terminal identification of carrying in the request message with the described KI and the current KI sequence number of correspondence when the described KI of target base station requests that portable terminal is prepared to switch.
2, the method for claim 1 is characterized in that,
In the described steps A 1, described contextual information also comprises current up management message authentication code sequence number and/or current down management message authentication code sequence number; And
In the described steps A 2, authentication person/key supplier sends to target BS with described current up management message authentication code sequence number and/or current down management message authentication code sequence number simultaneously.
3, method as claimed in claim 1 or 2 is characterized in that, further comprises before the described steps A 1:
Portable terminal serving BS broadcasts under self sends handoff request, and this request message carries mobile terminal identification and target BS sign;
After serving BS broadcasts is received handoff request, send handoff request to described authentication person/key supplier, this request message carries mobile terminal identification and target BS sign;
After authentication person/the key supplier receives handoff request, the mobile terminal identification and the target BS that carry according to this request message identify, and this mobile terminal identification corresponding mobile terminal and pairwise master key (PMK) between authentication person/key supplier and/or the root authorization key (PAK) himself preserved, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS;
After switching preparation interacting message finished, target BS sent key request to object discriminator/key supplier, and this request message carries mobile terminal identification.
4, method as claimed in claim 2, it is characterized in that, described authentication person/key supplier by and target BS between escape way send described KI, current KI sequence number, current up management message authentication code sequence number and/or current down management message authentication code sequence number.
5, a kind of method of acquring authentication cryptographic key context from object base station is characterized in that, comprises the steps: (method that respective base station belongs to different authentication persons/key supplier)
Entitlement person/key supplier under B1, the portable terminal Current Serving BTS is when terminal request is switched, generate KI and contextual information thereof between portable terminal and the target BS, and corresponding mobile terminal identification preservation, described contextual information comprises current KI sequence number;
When object discriminator/key the supplier under B2, the portable terminal target BS prepares the described KI of target base station requests of switching at portable terminal, according to the entitlement person who carries in the request message/key supplier address information, obtain described KI and contextual information thereof from entitlement person/key supplier;
Object discriminator/key supplier under B3, the portable terminal target BS sends to target BS with described KI and current KI sequence number.
6, method as claimed in claim 5 is characterized in that,
Among the described step B1, described contextual information also comprises current up management message authentication code sequence number and/or current down management message authentication code sequence number; And
Among the described step B3, authentication person/key supplier sends to target BS with described current up management message authentication code sequence number and/or current down management message authentication code sequence number simultaneously.
7, as claim 5 or 6 described methods, it is characterized in that, further comprise before the described step B1:
Portable terminal sends handoff request to Current Serving BTS, and this request message carries mobile terminal identification and target BS sign;
After serving BS is received handoff request, send handoff request to entitlement person/key supplier, this request message carries mobile terminal identification and target BS sign;
After the entitlement person/the key supplier receives handoff request, the mobile terminal identification and the target BS that carry according to this request message identify, and this mobile terminal identification corresponding mobile terminal and pairwise master key (PMK) between the entitlement person and/or the root authorization key (PAK) himself preserved, derive the described KI between this portable terminal and the target BS, and switch preparation message alternately with this target BS;
After switching preparation interacting message finished, target BS sent key request to affiliated object discriminator/key supplier, and this request message carries mobile terminal identification.
8, method as claimed in claim 7 is characterized in that, described entitlement person/key supplier's address information is prepared to send to target BS in the message process mutual the switching by entitlement person/key supplier.
9, method as claimed in claim 5 is characterized in that, among the described step B, described entitlement person/key supplier by and object discriminator/key supplier between escape way send described KI and contextual information thereof.
CNB2005100929076A 2005-08-24 2005-08-24 Method for acquring authentication cryptographic key context from object base station Active CN100488281C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100929076A CN100488281C (en) 2005-08-24 2005-08-24 Method for acquring authentication cryptographic key context from object base station

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNB2005100929076A CN100488281C (en) 2005-08-24 2005-08-24 Method for acquring authentication cryptographic key context from object base station
PCT/CN2006/002167 WO2007022727A1 (en) 2005-08-24 2006-08-24 A method and system for transmitting authorization key context information

Publications (2)

Publication Number Publication Date
CN1819698A true CN1819698A (en) 2006-08-16
CN100488281C CN100488281C (en) 2009-05-13

Family

ID=36919332

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100929076A Active CN100488281C (en) 2005-08-24 2005-08-24 Method for acquring authentication cryptographic key context from object base station

Country Status (2)

Country Link
CN (1) CN100488281C (en)
WO (1) WO2007022727A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212798B (en) * 2006-12-26 2011-07-20 中兴通讯股份有限公司 Pre-authentication process that supports quick switching
WO2011095077A1 (en) * 2010-02-05 2011-08-11 中兴通讯股份有限公司 Method, system and apparatus for managing air interface mapping key in wireless communication system
CN102201915A (en) * 2010-03-22 2011-09-28 中国移动通信集团公司 Terminal authentication method and device based on single sign-on
CN101137191B (en) * 2006-08-28 2012-07-18 北京三星通信技术研究有限公司 Method for managing safety information of handset moving between wireless communication systems
CN101321396B (en) * 2008-04-14 2014-03-12 中兴通讯股份有限公司 Mobile station switch implementing method and method for constructing safety access service network
CN101945449B (en) * 2009-07-10 2015-06-03 中兴通讯股份有限公司 Method and device for switching terminal to home base station
CN105451195A (en) * 2014-07-25 2016-03-30 成都鼎桥通信技术有限公司 End-to-end cluster key distribution method and core network equipment (eCN)
CN107113608A (en) * 2014-10-29 2017-08-29 阿尔卡特朗讯公司 By user equipment and base station generate multiple shared keys using cipher key spreading multiplier
WO2017167102A1 (en) * 2016-03-31 2017-10-05 中兴通讯股份有限公司 Methods for generating and verifying message integrity authentication information, device, and verification system
WO2019019121A1 (en) * 2017-07-27 2019-01-31 华为技术有限公司 Cell switching method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1186906C (en) * 2003-05-14 2005-01-26 东南大学 Wireless LAN safety connecting-in control method
CN1290362C (en) * 2003-05-30 2006-12-13 华为技术有限公司 Key consulting method for switching mobile station in wireless local network
WO2005027557A1 (en) * 2003-09-12 2005-03-24 Ntt Docomo, Inc. Seamless handover in heterogeneous network

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101137191B (en) * 2006-08-28 2012-07-18 北京三星通信技术研究有限公司 Method for managing safety information of handset moving between wireless communication systems
CN101212798B (en) * 2006-12-26 2011-07-20 中兴通讯股份有限公司 Pre-authentication process that supports quick switching
CN101321396B (en) * 2008-04-14 2014-03-12 中兴通讯股份有限公司 Mobile station switch implementing method and method for constructing safety access service network
CN101945449B (en) * 2009-07-10 2015-06-03 中兴通讯股份有限公司 Method and device for switching terminal to home base station
WO2011095077A1 (en) * 2010-02-05 2011-08-11 中兴通讯股份有限公司 Method, system and apparatus for managing air interface mapping key in wireless communication system
CN102201915A (en) * 2010-03-22 2011-09-28 中国移动通信集团公司 Terminal authentication method and device based on single sign-on
CN102201915B (en) * 2010-03-22 2014-05-21 中国移动通信集团公司 Terminal authentication method and device based on single sign-on
CN105451195A (en) * 2014-07-25 2016-03-30 成都鼎桥通信技术有限公司 End-to-end cluster key distribution method and core network equipment (eCN)
CN105451195B (en) * 2014-07-25 2018-11-30 成都鼎桥通信技术有限公司 End-to-end cluster cryptographic key distribution method and equipment of the core network
CN107113608A (en) * 2014-10-29 2017-08-29 阿尔卡特朗讯公司 By user equipment and base station generate multiple shared keys using cipher key spreading multiplier
CN107113608B (en) * 2014-10-29 2020-05-12 阿尔卡特朗讯公司 Method and apparatus for generating multiple shared keys using key expansion multipliers
WO2017167102A1 (en) * 2016-03-31 2017-10-05 中兴通讯股份有限公司 Methods for generating and verifying message integrity authentication information, device, and verification system
WO2019019121A1 (en) * 2017-07-27 2019-01-31 华为技术有限公司 Cell switching method and device

Also Published As

Publication number Publication date
WO2007022727A1 (en) 2007-03-01
CN100488281C (en) 2009-05-13

Similar Documents

Publication Publication Date Title
CN1819698A (en) Method for acquring authentication cryptographic key context from object base station
CN1298194C (en) Radio LAN security access method based on roaming key exchange authentication protocal
JP5597676B2 (en) Key material exchange
US20090164788A1 (en) Efficient generation method of authorization key for mobile communication
CN102238484B (en) Based on the authentication method of group and system in the communication system of Machine To Machine
CN1720688A (en) Key generation in a communication system
CN1507720A (en) Secure data transmission links
Saxena et al. Authentication protocol for an IoT-enabled LTE network
CN101047978A (en) Method for updating key in user's set
CN1941695B (en) Method and system for generating and distributing key during initial access network process
CN108809637B (en) LTE-R vehicle-ground communication non-access stratum authentication key agreement method based on mixed password
CN101047505A (en) Method and system for setting safety connection in network application PUSH service
CN1929371A (en) Method for negotiating key share between user and peripheral apparatus
CN1921379A (en) Method for object discriminator/key supplier to get key
CN1905734A (en) Method and system for object base station to obtain KI
CN101043328A (en) Cipher key updating method of universal leading frame
El Bouabidi et al. Secure handoff protocol in 3GPP LTE networks
CN104507065B (en) Non-repudiation charging method in heterogeneous wireless network
CN1859772A (en) Safety service communication method based on general authentification frame
CN104602229A (en) Efficient initial access authentication method for WLAN and 5G integration networking application scenarios
CN101079786A (en) Interconnection system and authentication method and terminal in interconnection system
CN1835623A (en) Updating method of controlled secret key
CN1801704A (en) Method and system for user access core network
CN101742492B (en) Key processing method and system
CN101039181A (en) Method for preventing service function entity of general authentication framework from attack

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant