CN1835623A - Updating method of controlled secret key - Google Patents

Updating method of controlled secret key Download PDF

Info

Publication number
CN1835623A
CN1835623A CNA2005100364969A CN200510036496A CN1835623A CN 1835623 A CN1835623 A CN 1835623A CN A2005100364969 A CNA2005100364969 A CN A2005100364969A CN 200510036496 A CN200510036496 A CN 200510036496A CN 1835623 A CN1835623 A CN 1835623A
Authority
CN
China
Prior art keywords
terminal
network side
control parameter
authentication
sync mark
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2005100364969A
Other languages
Chinese (zh)
Other versions
CN100461938C (en
Inventor
刘斐
王正伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB2005100364969A priority Critical patent/CN100461938C/en
Publication of CN1835623A publication Critical patent/CN1835623A/en
Application granted granted Critical
Publication of CN100461938C publication Critical patent/CN100461938C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The method for use in 3G communication network comprises: setting the control parameters for controlling the renewing of authentication key at the network side; a) after the consistency authentication for the network side is passed, the terminal replaces the terminal series number by a designated value to generate a resynchronize mark according to its own authentication key, the received random number, and the control parameters saved in it-self or inputted by user, and transmits a resynchronize request that is attached a resynchronize mark to the network side; b) after receiving the resynchronize request, when the network side detects the terminal series number is a designated value, it makes further consistency authentication for the resynchronize mark according to the said control parameters, random number, and the authentication key at network side; the consistency authentication is passed, then executing the renewing of key; if not, making relevant process.

Description

A kind of controlled key updating method
Technical field
The present invention relates to the communication security technology, be specifically related to a kind of controlled KI update method.
Background technology
Authorizing procedure in the existing 3-G (Generation Three mobile communication system), in portable terminal, preserve IMSI International Mobile Subscriber Identity IMSI, KI KI and sequence number SQNMS, preserve IMSI, KI and sequence number SQNHE at this portable terminal correspondence among the HLR/AUC, to be used for portable terminal and network mutual authentication.
The existing authorizing procedure of 3G communication system is mainly: HLR/AUC produces random number RA ND, produces Expected Response XRES, encryption key CK, Integrity Key IK according to random number RA ND and KI; Produce MAC-A according to random number RA ND, sequence number SQNHE, KI KI and authentication management field AMF, according to MAC-A, SQNHE, AK and AMF obtain authentication signature AUTN (Authentication Token).Form the authentication five-tuple by RAND and XRES, CK, IK and AUTN, this five-tuple is sent to MSC/VLR preserve.Certainly, in the middle of the reality, HLR/AUC is that corresponding one or more five-tuples of answering the request of MSC/VLR just will produce send to MSC/VLR's.During authentication, MSC/VLR sends to terminal with RAND and AUTN in the corresponding five-tuple, and terminal if consistency checking does not pass through, is then returned failed authentication information to MSC/VLR according to the consistency of the KI checking AUTN that oneself preserves; If consistency checking passes through, judge then whether SQNHE belongs to acceptable scope: if belong to, then terminal judges goes out network authentication is passed through, terminal is returned the Authentication Response that oneself produces to MSC/VLR, and upgrade SQNMS according to the SQNHE among the AUTN, whether the XRES in the Authentication Response that the MSC/VLR comparison terminal returns and the corresponding five-tuple the consistent legitimacy of judging terminal; Do not belong to tolerance interval if judge SQNHE, then terminal produces sync mark AUTS (Resynchronisation Token) according to SQNMS again, MSC/VLR is returned synchronization request or synchronization failure (Synchronisation failure) message again, enclosing the AUTS of sync mark again of generation simultaneously, also is to comprise AUTS in the message.When MSC/VLR receives sync mark AUTS again, RAND in AUTS and the corresponding five-tuple is sent to HLR/AUC, and HLR/AUC judges the legitimacy of AUTS according to correspondence KI that preserves and the RAND that receives, if illegal, then HLR/AUC returns the AUTS information unauthorized to MSC/VLR; If it is legal to judge AUTS, then HLR/AUC upgrades SQNHE according to the SQNMS among the AUTS, and produce a new authentication five-tuple and send to MSC/VLR, after MSC/VLR received new five-tuple, the corresponding old five-tuple of deletion also utilized new five-tuple again to terminal authentication.
Whether SQNMS and the SQNHE in AUTN of terminal by relatively more own preservation satisfies predetermined condition and judges whether SQNHE can accept, this predetermined condition can be that the difference of SQNHE and SQNMS is in a preset range, for example, whether (SQNHE-SQNMS) is greater than 0, and perhaps whether (SQNHE-SQNMS) is greater than 0 and less than 256.If it is acceptable that the difference of SQNHE and SQNMS in described preset range, is then judged SQNHE; Otherwise judge SQNHE is unacceptable.
About the detailed content of 3G authorizing procedure, can be with reference to the 3GPP standard, for outstanding emphasis of the present invention, this paper is not described in detail it.
In the middle of reality, there is subscriber card clone phenomenon, this phenomenon is not only brought loss to validated user, also can have influence on the service quality of operator.The someone found afterwards, by constantly upgrading the KI of subscriber card, can avoid or find that the validated user card is cloned.For example, have a kind of by the false synchronous more method of new authentication secret key, by when producing sync mark, use particular value to substitute SQNMS and carry out, make network side HLR/AUC to judge that synchronization request be that a vacation is synchronous according to this particular value, promptly be one more new authentication secret key synchronously, not to upgrade SQNHE synchronous, therefore, HLR/AUC and subscriber card can be finished the more negotiation of new authentication secret key, thereby finish the renewal of KI.According to this method, upgrade by KI, can prevent effectively that the situation that validated user card and clone's subscriber card use simultaneously from occurring.For example, the validated user cartoon is crossed more new authentication secret key, can can't pass through authentication so that clone subscriber card, thereby can not continue to use.But, clone's subscriber card is at the validated user card more before the new authentication secret key, when promptly to clone KI that subscriber card and validated user card held still be identical, clone's subscriber card is tried to be the first and has been initiated the more negotiation flow process of new authentication secret key, like this, the KI that is kept among the HLR/AUC is upgraded synchronously with the KI of cloning in the subscriber card, KI in the validated user card is not owing to and then upgrade, become invalid KI on the contrary, thereby, make the validated user card not use.Though, this time, validated user finds that the subscriber card of oneself can not the time spent, can look like and cloned by the people to subscriber card, and can arrive the business hall by the KI among the change HLR/AUC, the KI that refreshes own subscriber card simultaneously makes the KI among the HLR/AUC and the KI of own subscriber card be consistent once more, thereby make that the validated user card can continue to use, illegal clone's subscriber card can't continue to use again, but, this processing procedure still can make troubles to the user, also can increase business hall staff's workload simultaneously.
Therefore, how controlling the renewal of KI effectively, make the DCRP subscriber card can't realize that effective KI upgrades, is a good problem to study.
Summary of the invention
In view of this, the present invention wants the technical solution problem to provide a kind of controlled key updating method, can limit more new authentication secret key of subscriber card that the disabled user uses illegal clone by this method, and then prevent that the disabled user from having upgraded the situation that KI causes the validated user card not continue to use by clone's subscriber card and having occurred.
The technical scheme that addresses the above problem provided by the invention is:
A kind of controlled key updating method is provided, use in the 3G communication network, it is characterized in that, described method comprises, be provided for controlling the Control Parameter that KI upgrades at network side: after a. terminal is passed through the network side consistency checking, also generate sync mark again according to the KI of self, the random number of reception, Control Parameter that oneself preserve or user's input, network side is sent synchronous request command again, enclose described sync mark again with particular value replacement terminal sequence number; B. network side receives described synchronous request command again, when judging terminal serial number and being particular value, KI according to the described Control Parameter that is provided with, random number, network side carries out consistency checking to described sync mark again, if by checking, then carry out key updating, otherwise, carry out relevant treatment.
In the technique scheme provided by the invention, terminal has added Control Parameter when generating sync mark again, network side when consistency checking is carried out in sync mark more perhaps according to Control Parameter, thus, even the disabled user has cloned more new authentication secret key of subscriber card that subscriber card also can't be by the clone, and then reach and prevent the more purpose of new authentication secret key of subscriber card that the disabled user passes through illegal clone.
Preferably, also comprise among the step a of described method: within the acceptable range whether the sequence number that the sequence number that terminal is preserved according to terminal is judged network side.
Preferably, further comprise among the step a of described method: after terminal is passed through the network side consistency checking, further the sequence number of preserving according to terminal judge network side sequence number whether within the acceptable range, if, then also generate sync mark again with particular value replacement terminal sequence number according to the KI of self, the random number of reception, described Control Parameter that oneself preserve or user's input, network side is sent synchronous request command again, enclose described sync mark again; Otherwise directly generate sync mark again, network side is sent synchronous request command again, enclose described sync mark again according to terminal serial number, the KI of self, the random number of reception.
Preferably, further comprise among the step b of described method: when network side was judged terminal serial number and is not particular value, then the KI according to random number, network side carried out consistency checking to described sync mark again, if by then carrying out Synchronous Processing, otherwise, carry out respective handling.
Preferably, the described execution respective handling in the described method is meant that the HLR/AUC of network side sends the Synchronous Processing results messages to MSC/VLR, comprises illegal synchronizing information in the message.
Preferably, among the step a of described method network side is carried out consistency checking and be meant that the random number that sends according to the own KI of preserving and network side carries out consistency checking to the authentication signature of network side transmission.
Preferably, also comprise among the step a of described method: terminal to the consistency checking of network side by the time, return failed authentication information to network side.
Preferably, the described terminal in the described method comprises subscriber equipment and subscriber card.
Preferably, the described Control Parameter of oneself preserving in the described method is meant and is arranged at the Control Parameter in the subscriber equipment or is arranged at Control Parameter in the subscriber card.
Preferably, the described Control Parameter in the described method can be a password; Identify label that also can a terminal also can a user-defined arbitrary value.
Description of drawings
Fig. 1 is the flow chart of the specific embodiment of the invention.
Fig. 2 is the embodiment flow chart of the specific embodiment of the present invention.
Embodiment
The controlled key updating method of the present invention is by being provided with the key updating Control Parameter, the Synchronous Processing flow process of key updating through consultation, terminal is given network side HLR/AUC with this Control Parameter information uploading, and HLR/AUC is by judging whether the symbol of sync mark again includes this Control Parameter information and judge whether to carry out corresponding KI renewal operation.
At first, in HLR/AUC terminal use's subscription data, be provided for controlling the Control Parameter that KI upgrades.When terminal needs and HLR/AUC when consulting more new authentication secret key, can utilize existing authorizing procedure, by expansion transformation Synchronous Processing flow process wherein, terminal is when producing the symbol of sync mark again, introduce Control Parameter that oneself is preserved or user's input, correspondingly, HLR/AUC is when the consistency of checking sync mark symbol, also carry out according to the Control Parameter that oneself is provided with, like this, when the Control Parameter of that preserve when terminal or terminal use's input and the Control Parameter that HLR/AUC is provided with are consistent, HLR/AUC can pass through when judging the attached consistency of sync mark, like this, owing to clone subscriber card and do not know the described Control Parameter information that corresponding validated user card is provided with among the HLR/AUC, therefore, clone's subscriber card is when consulting more new authentication secret key with HLR/AUC, the sync mark symbol of its generation can't be by the consistency checking of HLR/AUC, and like this, clone's subscriber card also promptly can't be consulted the renewal of KI effectively with HLR/AUC.
The present invention does not need existing authorizing procedure is changed, and also, the intermediate equipment that synchronous flow process relates to comprises that base station (NodeB), base station controller (RNC) and equipment of the core network (MSC) etc. do not need to do any change.Therefore, the present invention need change or increase the agreement flow process with respect to those, thereby causes the control KI method for updating of NodeB, RNC and the one or more needs changes of MSC to be more prone to implement.
The described Control Parameter that the present invention is used for the control key renewal can be a password, for example be user's PIN code (SPIN:Subscriber Personal Identification Number), identify label that also can a terminal, it for example is the International Mobile Station Equipment Identity (IMEI:InternationalMobile Station Equipment Identity) of terminal, certainly, also can a user-defined arbitrary value, for example, user's another name, user's head image information, or the summary info of user's head portrait data, or the like.
Below in conjunction with accompanying drawing the specific embodiment of the present invention is described in detail:
At first, in HLR/AUC, be provided for controlling the Control Parameter that KI upgrades in counterpart terminal user's the subscription data.The user can pass through the business hall, and perhaps Service Phone interface or the site for service that provides by the business hall preserved described Control Parameter in the subscription data of oneself in HLR/AUC.Described terminal comprises user equipment (UE) and subscriber card.
More during new authentication secret key, carry out following flow process at needs:
See also Fig. 1, Fig. 1 is the flow chart of the specific embodiment of the invention.
In step 101, terminal is initiated position updating request to network side.
This step also can be to initiate service request to network side.Can be that any network side that can cause that terminal sends carries out the message of authentication to terminal in the middle of actual.
Step 102, network side MSC/VLR sends to terminal with the corresponding authentication parameter in the authentication tuple that produces after receiving this position updating request.
Described authentication tuple can comprise random number RA ND, Expected Response XRES, encryption key CK, Integrity Key IK and authentication signature AUTN (Authentication Token).
Described corresponding authentication parameter comprises RAND and AUTN.
When producing the authentication tuple, HLR/AUC calculates XRES, CK, IK respectively with randomizer RAND that produces and the KI KI that self preserves.Also produce AUTN according to RAND, KI, sequence number SQNHE, authentication management field AMF.
Long 16 bytes of described authentication signature AUTN, comprise following content: 1) SQNHE^AK, the also SQNHE that has promptly encrypted, wherein long respectively 6 bytes of sequence number SQNHE and Anonymity Key AK with AK, SQNHE refers to be kept at the SQN of network side, to be different from the SQNMS that is kept at terminal; When needs were encrypted SQNHE, HLR/AUC produced AK according to RAND and KI, used AK that SQNHE is made XOR, thereby encrypted SQNHE; When not needing SQNHE encrypted, AK=0; 2) long 2 bytes of authentication management field AMF.3) long 8 bytes of message authentication coding MAC-A; MAC-A is used to verify the data integrity of RAND, SQNHE, AMF, is used for terminal HLR/AUC is carried out authentication.HLR/AUC calculates message authentication coding MAC-A among the AUTN according to RAND, SQNHE, KI and AMF.
Like this, formed the authentication five-tuple by RAND, AUTN, XRES, CK, IK etc.
HLR/AUC sends to MSC/VLR with corresponding international mobile subscriber identity IMSI and authentication five-tuple RAND, CK, IK, XRES and AUTN after having produced the authentication five-tuple.MSC/VLR is a circuit domain equipment, and for the network of packet domain, corresponding equipment can be SGSN.During authentication, random number RA ND and authentication signature AUTN that the MSC/VLR of network side will be received from the authentication tuple of HLR/AUC send terminal MS to.
Step 103, terminal MS receive corresponding authentication parameter that MSC/VLR sends be random number RA ND and authentication signature AUTN and judge consistency checking to AUTN and pass through after, calculate according to RAND and KI, obtain new authentication secret key NewKI; Terminal is obtained Control Parameter, and according to described Control Parameter, and replaces SQNMS to produce sync mark AUTS again with the particular value of agreement, initiates synchronous request command again to network, and encloses sync mark AUTS again.Here, initiate synchronous request command again, and enclose sync mark AUTS again, also, send synchronization failure message, comprised AUTS in the message to network side to network.
Need to prove, because terminal MS has comprised user equipment (UE) and subscriber card, in the middle of the reality, is that UE receives described authentication request, and authentication parameter RAND and AUTN sent to subscriber card, subscriber card comes the AUTN that receives is carried out consistency checking according to the KI of own preservation.Because this is a known technology, therefore, the present invention does not give unnecessary details this details.
The described AUTS of sync mark again comprises following content: 1) SQNMS^AK, and the also SQNMS that has promptly encrypted with AK, long respectively 6 bytes of sequence number SQNMS and Anonymity Key AK wherein, SQNMS refers to be kept at the SQN of end side, to be different from the SQNHE that is kept at network side; When needs were encrypted SQNMS, terminal produced AK according to RAND and KI, used AK that SQNMS is made XOR, thereby encrypted SQNMS; When not needing SQNMS encrypted, AK=0; 2) long 8 bytes of message authentication coding MAC-S; MAC-S is used to verify the data integrity of RAND, SQNMS, also is used for HLR/AUC terminal is carried out authentication, also, is used for the legitimacy of HLR/AUC checking AUTS.In the authorizing procedure of existing 3GPP, terminal calculates MAC-S according to oneself SQNMS, KI and RAND that receives and AMF etc., produces sync mark AUTS again according to SQNMS, AK and MAC-S again.In authorizing procedure of the present invention, during terminal generation AUTS, also extra according to described Control Parameter that oneself preserve or that the user imports.
Specifically, terminal is behind the RAND and AUTN that receive network side MSC/VLR transmission, SQNHE among KI KI that preserves with self according to the RAND that receives and the AUTN that receives and AMF adopt and calculate the consistent algorithm of MAC-A among the AUTN with HLR/AUC and calculate a result of calculation, whether the result of calculation that terminal relatively oneself calculates is consistent with the MAC-A among the AUTN that receives, for example whether identical, if inconsistent, then return failed authentication information to MSC/VLR; Then replace SQNMS to come the KI of basis oneself, described Control Parameter that oneself preserve or that the user imports and the AMF among RAND that receives and the AUTN etc. to calculate MAC-S as if consistent with the particular value of arranging, replace SQNMS to come to produce sync mark AUTS again according to this particular value again with AK and MAC-S, promptly this particular value is encrypted, ciphertext and MAC-S are made up produce AUTS with AK.Terminal sends synchronous request command again and encloses the described AUTS of sync mark again to network side after having produced AUTS, perhaps sends synchronization failure message to network side, and comprise AUTS in this message.
When terminal produces MAC-S, can carry out digest calculations with Control Parameter and KI earlier, obtain a result of calculation Result1, carry out digest calculations with Result1 and described particular value again, obtain a result of calculation Result2, carry out digest calculations with Result2 and described RAND again, obtain a result of calculation Result3, carry out digest calculations with Result3 and described AMF again, and with the result of calculation that obtains as MAC-S.
In the middle of the reality, because according to existing 3GPP standard, producing MAC-S can realize in subscriber card fully, therefore, if when Control Parameter is provided with in the subscriber card equipment UE, when subscriber card need calculate MAC-S according to Control Parameter, UE need send Control Parameter to subscriber card, for example, during authentication, UE is also sending described Control Parameter to subscriber card with RAND with when AUTN sends subscriber card to; When if Control Parameter is provided with in subscriber card, when subscriber card need calculate MAC-S according to Control Parameter, can directly obtain the Control Parameter of oneself preserving, UE does not just need to send Control Parameter to subscriber card.
Certainly, produce the process of MAC-S and the digest algorithm of employing here, can decide according to actual conditions, about concrete generation AUTS process, and the algorithm that uses when producing can also not repeat them here with reference to the 3GPP related specifications.
Described terminal is obtained Control Parameter, the corresponding Control Parameter of preserving of the UE of terminal, and terminal is directly obtained the Control Parameter that UE preserves; Also can the time preserved Control Parameter with card, terminal is directly obtained the Control Parameter that subscriber card is preserved; Also can be terminal notifying subscriber card input Control Parameter, terminal be obtained described Control Parameter according to user's input.
When producing MAC-S for subscriber card, when carrying out according to Control Parameter, when do not carry out according to Control Parameter again, can be to be decided by UE.For example, be kept at the situation of UE, when authentication, when UE sends Control Parameter and RAND to subscriber card with AUTN, when subscriber card produces MAC-S, carry out according to Control Parameter for Control Parameter; When authentication, UE only sends RAND and AUTN to subscriber card, and when not comprising Control Parameter, when subscriber card produces MAC-S, no longer carries out according to Control Parameter.Accordingly, be kept at the situation of subscriber card for Control Parameter, when authentication, when whether UE is used to represent to send subscriber card to according to the distinctive mark that Control Parameter produces MAC-S with RAND and AUTN and one, when subscriber card produces MAC-S, will determine whether carrying out according to distinctive mark according to Control Parameter.General, UE can periodically determine to carry out the renewal of KI, determines periodically that just subscriber card produces MAC-S according to Control Parameter.Certainly, also can decide when carry out the renewal of KI by subscriber card, also promptly when produce MAC-S according to Control Parameter, for example, in UE, preserve Control Parameter, during start, terminal sends this Control Parameter to subscriber card, subscriber card is preserved this Control Parameter, and when needs carry out the KI renewal, produces MAC-S according to this Control Parameter.Subscriber card can be to decide needs to carry out the renewal of KI according to the set particular value of authentication management field AMF in the authentication signature.
When UE and subscriber card are not preserved Control Parameter, can be when needs produce MAC-S according to Control Parameter, import Control Parameter by UE prompting user, UE sends the Control Parameter and the RAND of user's input to subscriber card together with AUTN, perhaps sends Control Parameter to subscriber card separately.Control Parameter is kept at the UE of terminal or is, need all not allow the user import Control Parameter, can have better user experience like this at every turn more during new authentication secret key with the benefit in the card.
Step 104 after MSC/VLR receives synchronous request command again, sends to HLR/AUC with RAND in the five-tuple of corresponding this authentication and the AUTS that is received from terminal;
Step 105, after HLR/AUC receives synchronous request command again, from AUTS, parse earlier SQNMS, and when judging SQNMS and be described particular value, according to the KI that oneself preserves and the described Control Parameter of setting AUTS is carried out consistency checking, and after the consistency checking to AUTS passes through, execution in step 106, otherwise, execution in step 107.
HLR/AUC carries out consistency checking according to the described Control Parameter of KI that oneself preserves and setting to AUTS and is meant: HLR/AUC is according to the described KI that oneself preserves, Control Parameter, the AMF value, RAND employing in SQNMS and the synchronization message and terminal are according to KI, Control Parameter, AMF, described particular value produces the consistent algorithm of MAC-S with described RAND and calculates, obtain a result of calculation, whether the MAC-S in the result of calculation that relatively oneself calculates and the synchronization message among the AUTS is consistent, if it is consistent, then judge consistency checking by AUTS, otherwise the consistency checking of judging AUTS can't pass.
The described SQNMS that parses from AUTS is meant: when SQNMS has adopted encryption mode, then HLR/AUC calculates AK according to KI and RAND earlier, decrypts SQNMS expressly from AUTS with AK; When SQNMS has adopted expressly pattern, promptly AK value is set under 0 the situation, and HLR/AUC directly obtains the SQNMS plaintext from AUTS.Can be with reference to the 3GPP related specifications.
Step 106, HLR/AUC calculates new authentication secret key NewKI consistent method with RAND according to terminal according to KI and calculates new authentication secret key NewKI.More after the new authentication secret key, can also produce new authentication tuple, and send the Synchronous Processing results messages, in message, comprise new authentication tuple to MSC/VLR.
Step 107, it is illegal that HLR/AUC judges synchronization message again, end process.Before end process, can also comprise to MSC/VLR sending the Synchronous Processing results messages, and in message, comprise illegal synchronizing information.
In the above-mentioned steps 103, terminal produces before the new authentication secret key, can further include and judge the whether step in tolerance interval of SQNHE, and when SQNHE can accept, judge network authentication is passed through, terminal is upgraded the SQNMS that preserves and is carried out the subsequent operation that produces new authentication secret key or the like according to SQNHE; Otherwise, promptly, when SQNHE is unacceptable, judges synchronization failure, and carry out normal Synchronous Processing flow process, also promptly produce sync mark AUTS again according to SQNMS, that is, calculate MAC-S, produce sync mark AUTS again according to SQNMS, AK and MAC-S again according to SQNMS, KI and RAND that receives and AMF etc., promptly SQNMS is encrypted, ciphertext and MAC-S are made up produce AUTS with AK.After terminal has produced AUTS, network side MSC is returned synchronous request command or synchronization failure (Synchronisation failure) message again, enclose the AUTS of sync mark again of generation simultaneously.
Terminal and HLR/AUC make an appointment: HLR/AUC after receiving the synchronous request command again of terminal, if when judging SQNMS for the particular value of agreement, the operation that then carry out to produce new authentication secret key NewKI.Certainly, for the more fail safe of the negotiation of new authentication secret key, HLR/AUC also needs synchronization request message is again carried out legitimate verification.
After above-mentioned HLR/AUC receives synchronous request command again, when judging SQNMS and not being the particular value of described agreement, by the normal synchronized flow processing, promptly judge when AUTS is legal, upgrade SQNHE according to SQNMS, and produce new authentication tuple, and return the Synchronous Processing results messages to MSC/VLR, comprise new authentication tuple in the message; Judge when AUTS is illegal, return the Synchronous Processing results messages, comprise illegal synchronizing information in the message to MSC/VLR.
After MSC/VLR receives the Synchronous Processing results messages, still carry out respective handling according to normal Synchronous Processing flow process.Can be about the normal synchronized handling process with reference to the 3GPP standard.
In order to represent thought of the present invention and meaning better, will come below that the present invention will be described in detail by specific embodiment.
See also Fig. 2, Figure 2 shows that the embodiment of the specific embodiment of the invention, present embodiment is to use controlled key updating method of the present invention to carry out the flow process that KI upgrades control, in the present embodiment, terminal and HLR/AUC consult KI is had the renewal of control, control is to be provided for controlling the Control Parameter that KI upgrades in the subscription data by respective user in HLR/AUC to carry out, accordingly, in the present embodiment, also correspondence has been preserved described Control Parameter in the UE of terminal.Present embodiment also arranges to represent more new authentication secret key with particular value 125, and the agreement content of this particular value correspondence also is that the content that network side is carried out when recognizing this particular value is " producing new KI so that carry out authentication according to new KI ".Described terminal comprises user equipment (UE) and subscriber card.
More during new authentication secret key, carry out following flow process at needs:
In step 201, terminal is initiated position updating request to network;
This step also can be to initiate service request to network side.Can be that any network side that can cause that terminal sends carries out the message of authentication to terminal in the middle of actual.
In step 202, after network side MSC/VLR receives described request, terminal is carried out authentication, and by terminal being sent authentication request, will send to terminal to authentication parameter RAND and the AUTN in should the current authentication five-tuple of terminal.
Specifically, HLR/AUC produces random number RA ND according to randomizer, calculates Expected Response XRES, encryption key CK, Integrity Key IK respectively according to RAND and KI KI.Produce message authentication coding MAC-A according to random number RA ND, sequence number SQNHE, KI KI and AMF calculating, produce authentication signature AUTN according to MAC-A, SQNHE, Anonymity Key AK and authentication management field AMF again.Here, when needs were encrypted SQNHE, HLR/AUC produced AK according to RAND and KI, used AK that SQNHE is made XOR, thereby encrypted SQNHE; When not needing SQNHE encrypted, AK=0;
HLR/AUC sends to MSC/VLR together with five-tuple and the corresponding IMSI that RAND, AUTN, XRES, CK and IK form then.HLR/AUC just sends to MSC/VLR's with the authentication tuple that produces after the request of the request authentication five-tuple that receives MSC/VLR.More detailed details sees also 3GPP related protocol regulation, owing to be known technology, repeats no more here.
During authentication, MSC/VLR initiates authentication request to terminal, and simultaneously authentication parameter RAND and AUTN in the five-tuple is sent to terminal.
Step 203 when terminal receives authentication request, is carried out consistency checking according to the KI that oneself preserves to the AUTN that receives earlier, also promptly according to the KI and the described RAND that oneself preserve AUTN is carried out consistency checking earlier, if checking is passed through, then execution in step 205, otherwise, execution in step 204.
Specifically, when terminal receives from the RAND of MSC/VLR and AUTN, the KI that preserves according to self, the SQNHE among RAND that receives and the AUTN that receives and AMF adopt with HLR/AUC and calculate the consistent algorithm generation MAC-A of MAC-A among the AUTN, terminal MAC-A that self is generated and the MAC-A among the AUTN compare then, if equating the consistency checking of then judging AUTN passes through, otherwise the consistency checking of judging AUTN does not pass through.
Need to prove, because terminal MS has comprised user equipment (UE) and subscriber card, in the middle of the reality, is that UE receives described authentication request, and authentication parameter RAND and AUTN sent to subscriber card, subscriber card comes the AUTN that receives is carried out consistency checking according to the KI of own preservation.
Therefore, in the middle of the reality, this step can further be: when UE receives authentication request, send the Control Parameter of preservation and the RAND and the AUTN of reception to subscriber card, subscriber card carries out consistency checking according to the KI that oneself preserves to the AUTN that receives earlier, also is according to the KI and the described RAND that oneself preserve AUTN to be carried out consistency checking earlier, if checking is passed through, then execution in step 205, otherwise, execution in step 204.Specifically, when subscriber card receives described Control Parameter from UE, RAND and AUTN, the KI that preserves according to self, the SQNHE among RAND that receives and the AUTN that receives and AMF adopt with HLR/AUC and calculate the consistent algorithm generation MAC-A of MAC-A among the AUTN, MAC-A that self is generated and the MAC-A among the AUTN compare then, if equating the consistency checking of then judging AUTN passes through, otherwise the consistency checking of judging AUTN does not pass through.
In the step 204, terminal is returned the information of " failed authentication " to network, finishes this then and consults the flow process that KI upgrades.In the middle of the reality, can be subscriber card returns to UE with the information of " failed authentication ", and UE returns the information of " failed authentication " to network.
Step 205, terminal judges SQNHE whether in tolerance interval, if, then judge network authentication passed through, terminal is upgraded the SQNMS that preserves according to SQNHE, produces new KI NewKI according to RAND and KI, and execution in step 207; Otherwise, judge synchronization failure, and execution in step 206.In the middle of the reality, can be that subscriber card is judged SQNHE whether in tolerance interval, if, then judge network authentication is passed through, and upgrade the SQNMS that preserves according to SQNHE, produce new KI NewKI according to RAND and KI, execution in step 207 then; Otherwise, judge synchronization failure, execution in step 206 then.
Step 206, terminal directly produce sync mark AUTS again according to SQNMS, and network is initiated synchronous request command again, and enclose AUTS.Execution in step 208 then.Specifically, terminal calculates MAC-S according to oneself KI, SQNMS and RAND that receives and AMF etc., produces AUTS according to SQNMS, AK and MAC-S again, then network side is initiated synchronous request command again, and encloses this AUTS.Also promptly, send synchronization failure message, comprised AUTS in this synchronization failure message to MSC/VLR.In the middle of the reality, this step can further be that subscriber card directly produces sync mark AUTS again according to SQNMS, network is initiated synchronous request command again, and enclose AUTS.Execution in step 208 then.Here, being UE is transmitted to network with the synchronous request command of subscriber card.
Step 207, terminal be according to described Control Parameter, and replace SQNMS to produce sync mark AUTS again with the particular value 125 of agreement, network initiated synchronous request command again, and enclose sync mark AUTS again.Execution in step 208 then.Specifically, terminal replaces SQNMS to come to calculate MAC-S according to KI, Control Parameter and the RAND that receives and the AMF etc. of own preservations with particular value 125, with AK particular value 125 is encrypted again, ciphertext and MAC-S is made up produce AUTS.Terminal sends synchronous request command again and encloses this AUTS to network side.Also promptly, send synchronization failure message, comprised AUTS in this synchronization failure message to MSC/VLR.In the middle of the reality, this step can further be the described Control Parameter that subscriber card is preserved according to UE, and replaces SQNMS to produce sync mark AUTS again with the particular value 125 of agreement, network is initiated synchronous request command again, and enclose sync mark AUTS again.Execution in step 208 then.Here, being UE is transmitted to network with the synchronous request command of subscriber card.
Because MAC-S produces by subscriber card, therefore, in the step 203, UE together sends described Control Parameter to subscriber card when sending RAND and AUTN to subscriber card.Certainly, one to change bad design can be that UE answers the request of subscriber card to send described Control Parameter to subscriber card.Here this is not given unnecessary details.
Step 208 when the MSC/VLR of network side receives the synchronization failure message of terminal transmission, sends to HLR/AUC in the lump with the RAND in AUTS in the message and the corresponding five-tuple.Execution in step 209 then.
In the middle of the reality, when the MSC/VLR of network side receives the synchronization failure message that terminal sends, ask new authentication tuple, comprised the AUTS that is received from terminal and the RAND in the corresponding authentication five-tuple in the request message to HLR/AUC.
Step 209, HLR/AUC judges whether the SQNMS among the AUTS is the particular value 125 of agreement.If be particular value 125 then execution in step 212; If be not particular value 125 then execution in step 210.
Need to prove that if SQNMS encrypts according to AK among the AUTS, HLR/AUC can decipher the SQNMS ciphertext according to RAND and KI generation AK, obtains SQNMS expressly.Because this is a 3GPP protocol specification content, therefore, it is not described in detail here.
Step 210, when HLR/AUC receives AUTS that MSC/VLR sends and RAND, according to KI AUTS is carried out consistency checking, promptly, produce MAC-S consistent algorithm with terminal according to KI, SQNMS, RAND and AMF with employings such as SQNMS among the AUTS according to the KI of AMF, preservation, the RAND that receives and calculate a result of calculation, relatively whether the MAC-S among result of calculation that oneself calculates and the AUTS that receives is consistent then, if it is consistent, then judge by the consistency checking to AUTS, execution in step 211 then; Otherwise the consistency checking of judging AUTS can't pass, and execution in step 214 then;
Step 211, HLR/AUC upgrades SQNHE according to the value of SQNMS, produces new authentication tuple, sends the Synchronous Processing results messages to MSC/VLR, has comprised new authentication tuple in the message.Execution in step 214 then.
Step 212, when HLR/AUC receives AUTS that MSC/VLR sends and RAND, according to KI and Control Parameter AUTS is carried out consistency checking, promptly, according to AMF, the KI that preserves, Control Parameter, employings such as RAND that receives and the SQNMS among the AUTS and terminal are according to KI, Control Parameter, RAND, described particular value produces the consistent algorithm of MAC-S with AMF and calculates a result of calculation, relatively whether the MAC-S among result of calculation that oneself calculates and the AUTS that receives is consistent then, if it is consistent, then judge by the consistency checking to AUTS, execution in step 213 then; Otherwise the consistency checking of judging AUTS can't pass, and execution in step 214 then;
Step 213, HLR/AUC carries out the agreement content of particular value 125 correspondences, promptly carry out more new element of KI, just adopt the algorithm consistent to calculate with terminal generation new authentication secret key according to RAND and KI, produce new KI NewKI, use NewKI to produce new authentication tuple then, send the Synchronous Processing results messages, comprised new authentication tuple in the message to MSC/VLR.
Step 214 sends the Synchronous Processing results messages to MSC/VLR, has comprised illegal synchronizing information in the message.
Above-mentioned MSC/VLR is a circuit domain equipment, and for the network of packet domain, corresponding MSC/VLR equipment is SGSN, so the present invention can be equal to and is applied to packet domain.
Among above-mentioned each embodiment or the embodiment, terminal and HLR/AUC produce new authentication secret key can be to use ripe digest algorithm, and corresponding digest algorithm can be referring to " applied cryptography " book or relevant algorithm paper or report; Certainly, when producing new key, also can use the algorithm of mentioning in the 3GPP agreement to carry out by random number RA ND and KI KI generation encryption key CK or Integrity Key IK.
Among above-mentioned each embodiment or the embodiment, terminal is for the AUTN consistency checking, whether belongs to the judgement of tolerance interval for SQNHE, and HLR/AUC is for the checking of AUTS legitimacy, and HLR/AUC is when producing the authentication tuple, for the renewal of SQNHE; Produce the algorithm of authentication tuple, and the algorithm that produces AUTS in the Synchronous Processing flow process under the normal condition, or the like, can owing to be known technology, repeat no more here referring to the 3GPP related protocol.
When needing control to consult KI among the present invention to upgrade when producing AUTS, terminal is extra again according to described Control Parameter when producing MAC-S, terminal can be carried out digest calculations with Control Parameter and KI earlier, obtain a result of calculation Result1, carry out digest calculations with Result1 and described particular value again, obtain a result of calculation Result2, carry out digest calculations with Result2 and described RAND again, obtain a result of calculation Result3, carry out digest calculations with Result3 and described AMF again, and with the result of calculation that obtains as MAC-S.Accordingly, HLR/AUC is when judging the AUTS consistency, and the process of the computational process that calculates a result of calculation according to the SQNMS among the Control Parameter of the KI of AMF, preservation, setting, the RAND that receives and the AUTS etc. and the algorithm of use and terminal generation MAC-S and the algorithm of use are consistent.Certainly, produce the process of MAC-S and the digest algorithm of employing here, can decide according to actual conditions, about concrete generation AUTS process, and the algorithm that uses when producing can also not repeat them here with reference to the 3GPP related specifications.
The described Control Parameter that the present invention is used for the control key renewal can be a password, for example is user's PIN code SPIN; Identify label that also can a terminal for example is the IMEI of terminal; Certainly, also can a user-defined arbitrary value, for example, and user's another name, user's head image information, or the summary info of user's head portrait data, or the like.
Be appreciated that the above only for preferred embodiment of the present invention,, all any modifications of being done within the spirit and principles in the present invention, be equal to replacement, improvement etc., all should be included within protection scope of the present invention not in order to restriction the present invention.

Claims (10)

1. a controlled key updating method is used in the 3G communication network, it is characterized in that, described method comprises, is provided for controlling the Control Parameter that KI upgrades at network side:
A. after terminal is passed through the network side consistency checking, also generate sync mark again according to the KI of self, the random number of reception, Control Parameter that oneself preserve or user's input with particular value replacement terminal sequence number, network side is sent synchronous request command again, enclose described sync mark again;
B. network side receives described synchronous request command again, when judging terminal serial number and being particular value, KI according to the described Control Parameter that is provided with, random number, network side carries out consistency checking to described sync mark again, if by checking, then carry out key updating, otherwise, carry out relevant treatment.
2. method according to claim 1 is characterized in that: also comprise among the step a: within the acceptable range whether the sequence number that the sequence number that terminal is preserved according to terminal is judged network side.
3. method according to claim 2, it is characterized in that: further comprise among the step a: after terminal is passed through the network side consistency checking, further the sequence number of preserving according to terminal judge network side sequence number whether within the acceptable range, if, then also generate sync mark again with particular value replacement terminal sequence number according to the KI of self, the random number of reception, described Control Parameter that oneself preserve or user's input, network side is sent synchronous request command again, enclose described sync mark again; Otherwise directly generate sync mark again, network side is sent synchronous request command again, enclose described sync mark again according to terminal serial number, the KI of self, the random number of reception.
4. method according to claim 3, it is characterized in that: further comprise among the step b: when network side is judged terminal serial number and is not particular value, then the KI according to random number, network side carries out consistency checking to described sync mark again, if by then carrying out Synchronous Processing, otherwise, carry out respective handling.
5. method according to claim 4 is characterized in that: described execution respective handling is meant that the HLR/AUC of network side sends the Synchronous Processing results messages to MSC/VLR, comprises illegal synchronizing information in the message.
6. method according to claim 1 is characterized in that: among the step a network side is carried out consistency checking and be meant that the random number that sends according to the own KI of preserving and network side carries out consistency checking to the authentication signature of network side transmission.
7. method according to claim 1 is characterized in that: also comprise among the step a: terminal to the consistency checking of network side by the time, send failed authentication information to network side.
8. method according to claim 1 is characterized in that: described terminal comprises subscriber equipment and subscriber card.
9. method according to claim 8 is characterized in that: described Control Parameter of oneself preserving is meant and is arranged at the Control Parameter in the subscriber equipment or is arranged at Control Parameter in the subscriber card.
10. method according to claim 1 is characterized in that: described Control Parameter can be a password, or the identify label of terminal, or user-defined arbitrary value.
CNB2005100364969A 2005-08-08 2005-08-08 Updating method of controlled secret key Active CN100461938C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100364969A CN100461938C (en) 2005-08-08 2005-08-08 Updating method of controlled secret key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100364969A CN100461938C (en) 2005-08-08 2005-08-08 Updating method of controlled secret key

Publications (2)

Publication Number Publication Date
CN1835623A true CN1835623A (en) 2006-09-20
CN100461938C CN100461938C (en) 2009-02-11

Family

ID=37003190

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100364969A Active CN100461938C (en) 2005-08-08 2005-08-08 Updating method of controlled secret key

Country Status (1)

Country Link
CN (1) CN100461938C (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007041933A1 (en) * 2005-10-10 2007-04-19 Huawei Technologies Co., Ltd. An updating method of controlled secret keys and the apparatus thereof
WO2008046282A1 (en) * 2006-10-17 2008-04-24 Huawei Technologies Co., Ltd. An authentication method, method and communication system for certificating the authentication sequence number, and sim
CN1968096B (en) * 2006-10-25 2010-05-19 中国移动通信集团公司 Synchronous flow optimization method and system
WO2012065422A1 (en) * 2010-11-19 2012-05-24 中兴通讯股份有限公司 Method for updating key of mobile terminal, and mobile terminal
CN107222306A (en) * 2017-01-22 2017-09-29 天地融科技股份有限公司 A kind of key updating method, apparatus and system
CN114172664A (en) * 2021-12-07 2022-03-11 北京天融信网络安全技术有限公司 Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and storage medium
US20220263661A1 (en) * 2021-02-15 2022-08-18 Sony Semiconductor Israel Ltd. Efficient Data Item Authentication

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1457173A (en) * 2002-05-08 2003-11-19 英华达股份有限公司 Updating network encrypted pins method
US20050120203A1 (en) * 2003-12-01 2005-06-02 Ryhwei Yeh Methods, systems and computer program products for automatic rekeying in an authentication environment
JP4284198B2 (en) * 2004-01-16 2009-06-24 日本電信電話株式会社 Method and apparatus for updating public key certificate
CN100479569C (en) * 2005-10-10 2009-04-15 华为技术有限公司 Controlled key updating method

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007041933A1 (en) * 2005-10-10 2007-04-19 Huawei Technologies Co., Ltd. An updating method of controlled secret keys and the apparatus thereof
CN101160780B (en) * 2005-10-10 2010-05-19 华为技术有限公司 Controlled cipher key updating method and apparatus
WO2008046282A1 (en) * 2006-10-17 2008-04-24 Huawei Technologies Co., Ltd. An authentication method, method and communication system for certificating the authentication sequence number, and sim
CN1968096B (en) * 2006-10-25 2010-05-19 中国移动通信集团公司 Synchronous flow optimization method and system
WO2012065422A1 (en) * 2010-11-19 2012-05-24 中兴通讯股份有限公司 Method for updating key of mobile terminal, and mobile terminal
CN107222306A (en) * 2017-01-22 2017-09-29 天地融科技股份有限公司 A kind of key updating method, apparatus and system
US20220263661A1 (en) * 2021-02-15 2022-08-18 Sony Semiconductor Israel Ltd. Efficient Data Item Authentication
US11799662B2 (en) * 2021-02-15 2023-10-24 Sony Semiconductor Solutions Corporation Efficient data item authentication
CN114172664A (en) * 2021-12-07 2022-03-11 北京天融信网络安全技术有限公司 Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and storage medium
CN114172664B (en) * 2021-12-07 2024-02-09 天融信雄安网络安全技术有限公司 Data encryption and data decryption methods and devices, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN100461938C (en) 2009-02-11

Similar Documents

Publication Publication Date Title
CN1156196C (en) Integrity check in communication system
US10003965B2 (en) Subscriber profile transfer method, subscriber profile transfer system, and user equipment
EP3657835B1 (en) Access method of user equipment, user equipment and computer-readable storage medium
CN108141355B (en) Method and system for generating session keys using Diffie-Hellman procedure
US8533461B2 (en) Wireless local area network terminal pre-authentication method and wireless local area network system
CN1870808A (en) Key updating method
EP2296392A1 (en) Authentication method, re-certification method and communication device
CN1298194C (en) Radio LAN security access method based on roaming key exchange authentication protocal
WO2020221252A1 (en) Method and apparatus for sending terminal sequence number and authentication method and apparatus
CN1859729A (en) Authentifying method and relative information transfer method
KR101632946B1 (en) Manipulation and restoration of authentication challenge parameters in network authentication procedures
CN102395130B (en) LTE authentication method
US20120311335A1 (en) Efficient Terminal Authentication In Telecommunication Networks
CN1835623A (en) Updating method of controlled secret key
CN1549526A (en) Method for realizing radio local area network authentication
CN1848994A (en) Method for realizing right discrimination of microwave cut-in global interoperating system
CN101043328A (en) Cipher key updating method of universal leading frame
CN1859734A (en) Controlled key updating method
CN1929371A (en) Method for negotiating key share between user and peripheral apparatus
CN1819698A (en) Method for acquring authentication cryptographic key context from object base station
CN101047505A (en) Method and system for setting safety connection in network application PUSH service
CN100346668C (en) Updating protocal method of secret keys
CN1756428A (en) Method for carrying out authentication for terminal user identification module in IP multimedia subsystem
CN108271154B (en) Authentication method and device
CN112235799B (en) Network access authentication method and system for terminal equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant