WO2006131061A1 - Procede d'authentification et procede de transmission d'informations correspondant - Google Patents

Procede d'authentification et procede de transmission d'informations correspondant Download PDF

Info

Publication number
WO2006131061A1
WO2006131061A1 PCT/CN2006/001193 CN2006001193W WO2006131061A1 WO 2006131061 A1 WO2006131061 A1 WO 2006131061A1 CN 2006001193 W CN2006001193 W CN 2006001193W WO 2006131061 A1 WO2006131061 A1 WO 2006131061A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
resynchronization
unit
terminal
network
Prior art date
Application number
PCT/CN2006/001193
Other languages
English (en)
French (fr)
Inventor
Zhengwei Wang
Jie Kong
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to AT06742080T priority Critical patent/ATE431050T1/de
Priority to EP06742080A priority patent/EP1768426B1/en
Priority to DE602006006629T priority patent/DE602006006629D1/de
Priority to CN2006800119391A priority patent/CN101160985B/zh
Publication of WO2006131061A1 publication Critical patent/WO2006131061A1/zh
Priority to US11/626,989 priority patent/US7773973B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W56/00Synchronisation arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity

Definitions

  • the present invention relates to communication security technologies, and in particular, to an authentication method and a corresponding information transmission method. Background of the invention
  • the second unit when one end of communication with each other, such as the first unit, transmits information to another end, such as the second unit, it is generally performed after the second unit establishes a trusted connection to the first unit, that is, the connection.
  • a connection established after the second unit authenticates the first unit.
  • the second unit can determine the validity of the transmitted information.
  • the party of communication for example, the first unit needs to tell the other party, for example the second unit, that the authentication key needs to be resynchronized. In this case, how does the first unit of the communication transmit the information requiring the synchronization authentication key to the second unit, And after the second unit receives the information of the first unit that needs to synchronize the authentication key, how can it be believed that this is true, rather than an attacker-initiated attack behavior?
  • the existing authentication in the 3G network is performed by the MS (terminal) and the MSC/VLR (mobile).
  • the switching center/visit location register) or the SGSN (GPRS Service Serving Node), HLR/AUC (Home Location Register/Authentication Center) work together, and an authentication key KI, HLR/AUC is stored on the SIM card or USIM card.
  • the MS and the AUC calculate the corresponding authentication parameters according to the respective authentication keys KI, and then the MSC/VLR compares the calculation results of the two parties to complete the verification of the validity of the MS by the network.
  • the process includes the terminal's authentication of the network. When the terminal fails to authenticate the network, the network will feed back the message "authentication failure."
  • the above terminal sends information to the network without network authentication.
  • the way the terminal sends information to the network for returning the information of "authentication failure" may not cause serious security problems, but in some applications.
  • the terminal sends information to the network if the network cannot authenticate the terminal, there will be serious security problems.
  • the terminal sends information to the network without authentication through the network, there will be serious security risks.
  • the information can be transmitted to the network side through the USSD or short message. This information transmission method can solve the security process of the information transmission because it leads to the authentication process, but consumes a large amount of signaling resources.
  • the technical problem to be solved by the present invention is to provide an authentication method and a corresponding information transmission method, so that it is convenient to move from the terminal to the terminal without increasing the existing communication protocol, signaling or authentication parameters and operating costs.
  • the network side transmits information and guarantees the security of the terminal and the network communication, and the authentication and information transmission between the communication units can also be conveniently and safely implemented.
  • a valid message is transmitted to the network.
  • the present invention provides an information delivery method for a terminal to transmit information to a network in a 3G network, and the method includes the following steps:
  • the terminal replaces the SQNMS with the specified value of the SQNMS to generate a resynchronization flag AUTS, and sends a resynchronization request command to the network and attaches the resynchronization flag AUTS;
  • the network side performs an operation corresponding to the specified specific value when receiving the resynchronization request command and determining that the SQNMS in the resynchronization flag AUTS is the specific value of the appointment.
  • the method further includes: before the step a, the terminal sends a message to the network side that may cause an authentication process, and when the network side receives the message, the network side initiates an authentication request to the terminal and attaches the generated corresponding authentication parameter, and the terminal receives The authentication parameter; correspondingly, in step a, the terminal authenticates the network according to the authentication parameter before sending the resynchronization request command to the network side.
  • the terminal Before the step a, the terminal sends a message to the network side that may cause the authentication process to be a location update request or a service request.
  • the authentication parameter includes a random number RAND and an authentication token AUTN.
  • the authentication of the network in step a is to authenticate the network according to RAND and AUTN.
  • Network authentication based on RAND and AUTN refers to determining whether the AUTN meets the consistency requirement. If not, the network authentication fails.
  • Step b also includes determining whether the AUTS is legal.
  • step b it is determined that the SQNMS is a specific value of the agreement, and further determines whether the AUTS is legal. If it is legal, the corresponding agreed content is executed.
  • step b after determining that the AUTS is legal, further determining whether the SQNMS is The specified specific value of the agreement, if yes, the corresponding agreed content is executed; otherwise, the SQNHE is updated according to the SQNMS.
  • the specific value of the appointment refers to a value within a certain range or one or more specific values.
  • the execution contract content may be one or more of performing a key update, performing an authentication algorithm update, performing anti-theft verification, canceling anti-theft verification, obtaining related information, and returning special operation execution result information.
  • the network side generates a random number, and generates an authentication tuple according to the random number, the authentication key of the terminal, and the serial number, and sends the authentication tuple to the terminal;
  • the terminal performs consistency verification on the authentication tuple according to the saved authentication key, and determines whether the serial number from the network is acceptable according to the serial number saved by the terminal, and determines the authentication tuple.
  • the consistency verification is passed, and the serial number from the network is acceptable, the network authentication is passed, and the resynchronization flag is generated by replacing the serial number saved by the terminal with the specified specific value, and the resynchronization request is sent to the network and the above is attached.
  • the network Upon receiving the resynchronization request and determining that the sequence number in the resynchronization flag is a specific value of the appointment, the network performs an agreed corresponding operation.
  • the method further includes: before the step a, the terminal sends a message to the network side that may cause an authentication process, where the message may be a location update request or a service request.
  • the step b further includes: when the terminal determines that the authentication tuple consistency verification from the network passes but the sequence number from the network does not belong to an acceptable range, directly generating resynchronization according to the sequence number saved by the terminal. Mark, send a resynchronization request to the network and attach the resynchronization flag.
  • the step b further includes: when the terminal determines that the authentication tuple consistency verification from the network fails, the terminal sends the authentication failure information to the network.
  • the step b further includes: the terminal determining that the consistency verification of the authentication tuple is passed, and when the serial number from the network is acceptable, updating the terminal side according to the serial number from the network side serial number.
  • the step C further includes: determining, by the network side, the validity of the resynchronization flag.
  • the step c may further be: determining that the serial number from the terminal is the predetermined specific value, and further determining whether the resynchronization flag is legal, and if so, executing the corresponding predetermined content.
  • the step C may further be: after determining that the resynchronization flag is legal, further determining whether the serial number from the terminal is a specific value of the agreement, and if yes, executing a corresponding agreed content, otherwise, according to the sequence from the terminal No. Update the serial number saved on the network side.
  • the specific value of the appointment refers to a value within a certain range or one or more specific values.
  • the execution contract content may be one or more of performing a key update, performing an authentication algorithm update, performing anti-theft verification, canceling anti-theft verification, obtaining related information, and returning special operation execution result information.
  • An authentication method for authenticating between units that can communicate with each other the unit at least comprising: a first unit that stores a first authentication key, a first synchronization key, and a first serial number, and A second unit that stores the second authentication key, the second synchronization key, and the second serial number, wherein the method includes at least the following steps:
  • a second unit generates a random number, and generates a message authentication code according to the random number, the second authentication key, and the second sequence number, and sends the random number, the second sequence number, and the generated message authentication code to The first unit;
  • the first unit performs consistency verification on the message authentication code according to the first authentication key and the random number and the second sequence number, and determines whether the second sequence number is acceptable according to the first sequence number, and determines When the consistency risk certificate for the message authentication code is passed, and the second serial number is acceptable, the authentication of the second unit is passed, and the first sequence is replaced by the specified specific value.
  • the random number and the first synchronization key generate resynchronization authentication code, send a resynchronization request to the second unit, and attach the resynchronization authentication code and the specific value of the agreement in place of the first sequence number ;
  • the second unit performs the agreed corresponding operation when receiving the resynchronization request and determining that the first sequence number from the first unit is the specific value of the agreement.
  • the step of preparing the resynchronization authentication code by replacing the first serial number with the first synchronization key and the first synchronization key in the step b is further: replacing the first serial number and the random number with the specified specific value and the first Synchronization key generation resynchronization authentication coding.
  • the step b further includes: the first unit determines that the consistency verification of the message authentication code is passed, and when the second sequence number is acceptable, updating the first sequence number according to the second sequence number.
  • the step b further includes: when the first unit determines that the consistency verification of the message authentication code passes but the second sequence number does not belong to an acceptable range, directly according to the final first sequence number and the random The number and the first synchronization key generate resynchronization authentication code, send a resynchronization request to the network, and attach the resynchronization authentication code and the first sequence number.
  • the step b further includes: when the first unit determines that the consistency verification of the message authentication code fails, sending the authentication failure information to the second unit.
  • the first unit performs the consistency verification on the message authentication code.
  • the first unit is configured according to the first authentication key, the random number and the second serial number, and the second unit according to the second unit.
  • the method for generating the message authentication code by using the random number, the second authentication key and the second sequence number to generate an operation result, and comparing whether the operation result generated by the self is consistent with the message authentication code of the message, if they are consistent, then The consistency verification of the message authentication code is passed, otherwise, the consistency verification of the message authentication code is not passed.
  • the first unit determines whether the second serial number is acceptable further: determining whether the difference between the second serial number and the first serial number is within a certain range, and if so, determining It is acceptable to break the second serial number, otherwise, it is judged that the second serial number is unacceptable.
  • the step c further includes: the second unit determining the validity of the resynchronization authentication code.
  • the step c may further be: determining that the first sequence number from the first unit is the specified specific value, and further determining whether the resynchronization authentication code is legal, and if so, executing the corresponding agreed content;
  • the step C may further be: determining that the resynchronization authentication code from the first unit is legal, and further determining whether the first serial number is a specific value of the agreement, and if yes, executing the corresponding agreed content, otherwise, according to The first serial number updates the saved second serial number.
  • the step c further includes: after determining that the resynchronization authentication code from the first unit is illegal, returning the failure information.
  • the determining, by the second unit, the validity of the resynchronization authentication code in the step C is further: the second unit adopts the second synchronization key, the random number, and the first serial number according to the first unit according to the The method for generating the resynchronization authentication code by the random number, the first synchronization key and the first sequence number to generate an operation result, and comparing whether the operation result generated by itself and the resynchronization authentication code are consistent, and if they are consistent, determining The resynchronization authentication code is legal, and the Ube judges that the resynchronization authentication code is illegal.
  • the specific value of the appointment refers to a value within a certain range or one or more specific values.
  • the execution contract content may be one or more of performing a key update, performing an authentication algorithm update, obtaining related information, and returning special operation execution result information.
  • the method for transmitting information to the network by the terminal of the invention does not need to add or change existing signaling resources or authentication parameters, and conveniently realizes authentication and information transmission between the terminal and the network side, and ensures network security, and can also be conveniently and safely implemented. Authentication and information transfer between two communication units. BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 is a flow chart showing a first embodiment of the present invention.
  • FIG. 2 is a flow chart of a first embodiment of a first embodiment of the present invention.
  • Fig. 3 is a flow chart showing a second embodiment of the first embodiment of the present invention.
  • Fig. 4 is a main flow of the first embodiment in which the first unit needs to transmit specific information to the second unit in the first embodiment of the second embodiment of the present invention.
  • Fig. 5 is a main flow of the first embodiment of the second embodiment of the present invention, in which the first unit does not need to transmit specific information to the second unit.
  • Fig. 6 is a sub-flow of the second unit performing the synchronization processing in the first embodiment of the second embodiment of the present invention.
  • Fig. 7 is a sub-flow of the second unit performing the synchronization processing in the second embodiment of the second embodiment of the present invention. Mode for carrying out the invention
  • the method for the terminal of the present invention to transmit information to the network side is implemented by using the existing parameters in the 3G network authentication process, and no signaling resources need to be added.
  • the authentication process in the existing third generation mobile communication system is briefly introduced, and the international mobile subscriber identity IMSI, the authentication key KI and the serial number SQNMS are saved in the mobile terminal, and the network side
  • the HLR/AUC stores the IMSI, KI and sequence number SQNHE for the mobile terminal for mutual authentication of the mobile terminal and the network.
  • the existing authentication process of the 3G communication system mainly includes: HLR/AUC generates a random number RAND, generates a desired response XRES, an encryption key CK, an integrity key IK according to the random numbers RAND and KI; according to the random number RAND, the serial number SQNHE
  • the authentication key KI and the authentication management domain AMF generate a MAC-A
  • an authentication token AUTN Authentication Token
  • RAND and XRES, CK, IK and The AUTN constitutes an authentication quintuple, which is sent to the MSC/VLR for storage.
  • the HLR/AUC sends the corresponding one or more five-tuples to the MSC/VLR at the request of the MSC/VLR.
  • the MSC/VLR sends the RAND and AUTN corresponding to the quintuple to the terminal, and the terminal verifies the consistency of the AUTN according to the KI stored by itself.
  • the authentication failure information is returned to the MSC/VLR; If the consistency verification fails, the authentication failure information is returned to the MSC/VLR; If the consistency verification is passed, it is determined whether the SQNHE belongs to an acceptable range: if it belongs, the terminal determines that the network authentication is passed, the terminal returns the authentication response generated by the terminal itself to the MSC/VLR, and updates the SQNMS according to the SQNHE in the AUTN.
  • the MSC/VLR compares the authentication response returned by the terminal with the XRES in the corresponding quintuple to determine the legitimacy of the terminal; if it is determined that the SQNHE is not within the acceptable range, the resynchronization token AUTS (Resynchronisation Token) is generated according to the SQNMS.
  • AUTS Resynchronisation Token
  • the network side MSC/VLR sends the AUTS and the RAND in the corresponding quintuple to the HLR/AUC, and the HLR/AUC determines the legality of the AUTS according to the corresponding saved KI and the received RAND.
  • the HLR/AUC If it is not legal, the HLR/AUC returns AUTS invalid information to the MSC/VLR; if it is determined that the AUTS is legal, the HLR/AUC updates the SQNHE according to the SQNMS in the AUTS, and generates a new authentication quintuple to send to the MSC/VLR. After the MSC/VLR receives the new quintuple, deletes the corresponding old quintuple. Regarding the authentication process, reference can be made to the 3GPP specifications.
  • the SQNMS is mainly used to determine whether the SQNHE in the AUTN is up to date or whether the SQNHE is within an acceptable range and when the SQNHE is updated.
  • the present invention provides an improved authentication method and information transmission method by improving the measures, so that the terminal authenticates the network side, that is, the terminal verifies the consistency of the AUTN according to the KI saved by itself, and the SQNHE in the AUTN is acceptable. In the case of the range, it is also produced
  • the resynchronization flag is sent and the resynchronization request command is sent, and the resynchronization message sent by the terminal to the network side is utilized.
  • the SQNMS is used to replace the SQNMS to generate the resynchronization flag AUTS, and the synchronization request command is sent to the network side, and the resynchronization flag is attached.
  • the network side When the network side receives the synchronization request command, And determining whether the SQNMS in the AUTS is a specific value of the agreement, and if yes, executing the agreed content; otherwise, processing according to the normal synchronization processing flow, that is, updating the SQNHE according to the SQNMS and performing subsequent processing.
  • the network side Before determining whether the SQNMS in the AUTS is a specific value of the agreement, the network side may further perform authentication on the terminal and integrity verification on the SQNMS, thereby determining the legality of the AUTS.
  • the method of the invention not only utilizes the existing authentication parameters to conveniently transmit information to the network, but also utilizes the authentication step when the network side processes the resynchronization request command to improve the security and integrity of the terminal to the network transmission information.
  • the authentication method and the corresponding information transmission method provided by the invention are not only applied to authentication and information transmission between the terminal and the network, but also can be used for authentication and information transmission between two units that can communicate with each other, such as Wimax. ... or a unit between wireless communication networks, or a unit between wired communication networks.
  • FIG. 1 is a flow chart of a first embodiment of the present invention.
  • step 101 the terminal initiates a location update request to the network side.
  • This step may also be to initiate a service request to the network side.
  • any message sent by the terminal that can cause the network side to authenticate the terminal may be used.
  • Step 102 After receiving the location update request, the network side sends the corresponding authentication parameter in the generated authentication tuple to the terminal.
  • the network side may actually only generate the corresponding Authentication parameters.
  • the authentication tuple may include a random number RAND, an expected response XRES, an encryption key CK, an integrity key IK, and an authentication token AUTN (Authentication Token).
  • the corresponding authentication parameters include RAND and AUTN.
  • the HLR/AUC calculates XRES, CK, and IK using the RAND generated by the random number generator and the authentication key KI stored by itself.
  • AUTN is also generated based on RAND, KI, serial number SQNHE, and authentication management domain AMF.
  • the message authentication code MAC-A is 8 bytes long; the MAC-A is used to verify the data integrity of the RAND, SQNHE, and AMF, and is used for the terminal to authenticate the HLR/AUC.
  • the HLR/AUC calculates the message authentication code MAC-A in the AUTN based on RAND, SQNHE, KI and AMF.
  • the authentication quintuple is composed of RAND, AUTN, XRES, CK, IK, and the like.
  • the terminal transmits information to the network side, only the RAND and AUTNo are used therein.
  • the HLR/AUC generates the authentication quintuple and sends the corresponding international mobile subscriber identity IMSI and the authentication quintuple RAND, CK, IK, XRES and AUTN to the MSC/VLR.
  • the MSC/VLR is a circuit domain device.
  • the corresponding device may be an SGSN.
  • the MSC/VLR on the network side transmits the random number RAND and the authentication token AUTN received from the authentication tuple of the HLR/AUC to the terminal MS.
  • Step 103 The terminal MS receives the corresponding authentication parameter sent by the network side, that is, a random number.
  • the RAND and the authentication token AUTN determine that the network side authentication is passed, replace the SQNMS with the agreed specific value to generate the resynchronization flag AUTS, and initiate a resynchronization request command to the network, and attach the resynchronization flag AUTS.
  • the resynchronization request command is initiated to the network, and the resynchronization flag AUTS is attached, that is, the synchronization failure message is sent to the network side, and the message includes the AUTS.
  • the terminal calculates the MAC-S according to its own SQNMS, KI, and received RAND and AMF, and then generates a resynchronization flag AUTS according to SQNMS, AK, and MAC-S.
  • the terminal calculates the MAC-A according to the received RAND and the saved authentication key KI and the SQNHE in the received AUTN and the AMF to calculate the MAC-A in the AUTN with the HLR/AUC, Then, the consistency verification is performed, that is, whether the MAC-A calculated by itself is consistent with the MAC-A in the received AUTN, for example, if the same is the same, if not, the authentication failure information is returned to the MSC/VLR; If it is consistent, it is determined whether the SQNHE belongs to an acceptable range: if it belongs, the terminal determines that the authentication of the network side is passed; if it is determined that the SQNHE is not within the acceptable range, the resynchronization flag AUTS is generated according to the SQNMS, that is, according to the SQNMS, The KI and the received RAND and AMF calculate the MAC-S, and then generate the resynchronization flag AUTS according to the SQNMS, AK, and
  • Synchronisation failure (Synchronisation failure) message, accompanied by the generated resynchronization flag AUTS.
  • the SQNMS is replaced by the specified specific value and the MAC-S is calculated according to the KI and the received RAND and AMF, and then the SQNMS is replaced by the specified specific value and according to the AK and MAC-S.
  • a resynchronization flag AUTS is generated, a resynchronization request command is sent to the network side, and the resynchronization flag AUTS is attached, or a synchronization failure message is sent to the network side, and the AUTS is included in the message.
  • the specific generation process and the algorithm used at the time of generation, reference can be made to the 3GPP specifications.
  • Step 104 After receiving the resynchronization request command, the network side determines that the SQNMS in the resynchronization flag AUTS is the specified specific value, and executes the content of the corresponding agreement, that is, performs the corresponding operation.
  • the terminal and the network side pre-agreed: after receiving the resynchronization request command of the terminal, if the network side determines that the SQNMS is the specified specific value, the corresponding content is executed according to the specific value, that is, the corresponding operation is performed.
  • the content of the execution of the corresponding agreement may be one or more of an operation of performing a key update, performing an authentication algorithm update, performing an anti-theft verification, canceling an anti-theft verification, obtaining related information, and returning special operation execution result information.
  • the obtaining the related information may be: whether the terminal has a certain capability according to the value of the SQNMS, for example, whether the GPS positioning function is supported, whether the mobile payment is supported, or the like, and the special operation may be corresponding to the different values of the authentication management domain AMF.
  • the execution result may also be an execution result of the initialization operation according to a certain configuration, or may be a result of performing a special initialization operation on the mobile terminal according to the current location area or the operator when the mobile terminal roams, and the like.
  • step 104 the step of determining the AUTS legitimacy may also be included.
  • the step of determining the AUTS legitimacy may be further included. Specifically, when the MSC/VLR on the network side receives the resynchronization flag AUTS returned by the terminal, the AUTS and the RAND in the corresponding quintuple are sent to the HLR/AUC, and the HLR/AUC is first based on RAND, KI, SQMMS AMF and the like consistent with the results of calculation algorithm terminal MAC-S, and then compared with the received AUTS the MAC-S, if they are consistent, it is determined that the legitimate AUTS, no shellfish 1 j, AUTS judged illegal.
  • the HLR/AUC judges that the AUTS is illegal, it returns a message that the AUTS is invalid to the MSC/VLR.
  • the HLR7AUC judges that the AUTS is legal, it further determines whether the SQNMS is a specific value of the agreement, and if it is a specific value of the agreement, the agreed content is executed. Otherwise, that is, it is not processed according to the normal synchronization process when the specific value is not agreed, that is, the SQNHE is updated according to the SQNMS, and is subsequently processed.
  • the normal synchronization process processing reference may be made to the 3GPP specifications.
  • the step of determining the AUTS legality may be further included.
  • the MSC/VLR on the network side receives the resynchronization flag AUTS returned by the terminal, the AUTS and the RAND in the corresponding quintuple are sent to the HLR/AUC, and the HLR/AUC determines that the SQNMS is the agreed After a specific value, the MAC-S is calculated according to an algorithm consistent with the terminal according to RAND, KI, SQMMS, and AMF, and then compared with the MAC-S in the received AUTS. If they are consistent, the AUTS is determined to be legal. No Bay judged that AUTS is illegal. The HLR/AUC judges that when the AUTS is illegal, it returns a message that the AUTS is illegal to the MSC VLR.
  • the HLR/AUC determines that the AUTS is legal
  • the content of the agreement is executed.
  • the HLR/AUC determines that the SQNMS is not the specific value of the agreement, it is processed according to the normal synchronization process, that is, when the AUTS is legal, the SQNHE is updated according to the SQNMS, and subsequent processing is performed; when the AUTS is illegal, the AUTS is returned to the MSC/VLR is invalid.
  • the normal synchronization process processing reference can be made to the 3GPP specifications.
  • step 103 when the MAC-S is generated, it may also be generated according to the RAND KI, SQNMS calculation, that is, no longer according to the AMF, correspondingly in step 104, when the network side verifies the validity of the MAC-S, according to RAND, KI. , SQNMS to verify, and no longer based on AMF.
  • FIG. 2 is a first embodiment of the first embodiment of the present invention. The process of notifying the network side key update using the method of the present invention will be described in the embodiment for a better understanding of the present invention.
  • step 201 the terminal initiates a location update request to the network
  • This step may also be to initiate a service request to the network side.
  • any message sent by the terminal that can cause the network side to authenticate the terminal may be used.
  • step 202 after receiving the request, the network side sends an authentication request to the terminal, and sends the generated authentication parameter corresponding to the authentication tuple of the terminal to the terminal.
  • the HLR/AUC generates a random number RAND based on the random number generator, and calculates an expected response XRES, an encryption key CK, and a completeness key IK based on the RAND and the authentication key KI, respectively.
  • the message authentication code MAC-A is generated according to the random number RAND, the sequence number SQNHE, the authentication key KI and the AMF, and the AUTN is generated according to the MAC-A, the SQNHE, the anonymous key AK and the authentication management domain AMF.
  • the generation of the expected response XRES, the encryption key CK, and the integrity key I K does not affect the implementation of the present invention. It can be considered as a modification of the embodiment.
  • Step 203 When receiving the authentication request, the terminal first authenticates the network, and determines whether the authentication is passed.
  • the terminal calculates the AUTN according to the received RAND, the KI saved by itself, the SQNHE in the received AUTN, and the AMF application and the HLR/AUC.
  • MAC-A-induced The algorithm generates a MAC-A, and then the terminal compares the MAC-A generated by the terminal with the MAC-A generated by the network side. If not, the terminal considers that the authentication of the network has not passed, and performs step 204; if yes, step 205 is performed.
  • step 204 the terminal returns "authentication failure" information to the network, and then ends the current process.
  • Step 205 The terminal determines whether the SQNHE is within an acceptable range. If yes, it determines that the network authentication is passed, and performs step 206. Otherwise, it determines that the synchronization fails, and performs step 207.
  • Step 206 The terminal replaces the SQNMS with the agreed specific value to generate a resynchronization flag AUTS, initiates a resynchronization request command to the network, and attaches a resynchronization flag AUTS. Specifically, the terminal replaces the SQNMS with the specified specific value and calculates the MAC-S according to its own KI and the received RAND and AMF, etc., and replaces the SQNMS with the specified specific value and generates a resynchronization flag according to the AK and the MAC-S. AUTS, sends a resynchronization request command to the network side and attaches the resynchronization flag AUTS.
  • a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS.
  • the content of the agreement corresponding to the specific value of the agreement that is, the content that is executed when the network side recognizes the specific value of the agreement is "generate a new authentication key"; in this step, the terminal further includes generating a new one according to RAND and KI. Authentication key. Then step 208 is performed.
  • Step 206 The terminal may further update the saved SQNMS according to the SQNHE.
  • Step 207 The terminal directly generates a resynchronization flag AUTS according to the SQNMS, initiates a resynchronization request command to the network, and attaches a resynchronization flag AUTS. Specifically, the terminal calculates the MAC-S according to its own KI, SQNMS, and received RAND and AMF, and then generates a resynchronization flag AUTS according to the SQNMS, AK, and MAC-S, and then initiates a resynchronization request command to the network side. And attach the resynchronization mark AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS. Then step 208 is performed.
  • Step 208 When the network side receives the resynchronization request command, according to the RAND in the corresponding quintuple, the saved KI, the SQNMS and the AMF in the received AUTS, etc., calculate the MAC-S by using an algorithm consistent with the terminal intention, and then The terminal is authenticated by comparing whether the MAC-S generated by itself is consistent with the MAC-S in the received AUTS. If the MAC-S values are consistent, the authentication is considered to be valid, that is, the AUTS is considered to be legal, and then step 209 is performed; otherwise, , that the AUTS is illegal, perform step 212;
  • the MSC/VLR on the network side receives the resynchronization flag AUTS returned by the terminal
  • the AUTS and the RAND in the corresponding quintuple are sent to the HLR/AUC, and the HLR/AUC is first received according to the RAND and AUTS.
  • the SQNMS, the self-storing KI, and the AMF calculate the MAC-S by using an algorithm consistent with the terminal, and then compare it with the MAC-S in the received AUTS. If they are consistent, it is determined that the AUTS is legal. Otherwise, it is determined. AUTS is illegal.
  • the HLR/AUC may generate an AK according to the RAND and the KI to decrypt the SQNMS ciphertext and obtain the SQNMS plaintext. Since this is the content of the 3GPP protocol specification, it will not be described in detail here.
  • Step 209 The network side HLR/AUC determines whether the SQNMS in the AUTS is a specified specific value. If it is a specific value of the agreement, step 210 is performed; if it is not a specific value of the agreement, step 211 is performed;
  • Step 210 The network side executes the agreed content corresponding to the specified specific value, that is, performs an authentication key update action, that is, the HLR/AUC generates a new authentication key according to an algorithm consistent with the terminal according to RAND and KI, and then ends. This information delivery process.
  • Step 211 The HLR/AUC updates the SQNHE according to the value of the SQNMS, and then ends the information transmission process.
  • Step 212 The network side returns the failure information; and then ends the information delivery process.
  • steps 206 and 207 when MAC-S is actually generated, The use of AMF does not affect the implementation of the method, that is, it can be calculated only according to RAND, KI, SQNMS, and the specific algorithm can refer to the 3GPP specifications.
  • the network side should also adopt the parameters and algorithms consistent with the terminal to generate a MAC-S authentication for the terminal. Such a change should be regarded as a modification to the embodiment, which should belong to the present invention. The scope of protection of the invention.
  • the network side receives the specific value that is the same as the agreement, and if not, processes according to the normal synchronization process instead of directly executing step 211, otherwise,
  • the SQNMS in the AUTS is the specified value
  • the validity of the AUTS is further determined, and after the AUTS is determined to be legal, the step 210 is performed. After the AUTS is determined to be illegal, step 212 is performed.
  • FIG. 3 is a second embodiment of the present invention.
  • the network determines the legality of the AUTS. Sex, as follows:
  • step 301 the terminal initiates a location update request to the network.
  • step 302 after receiving the request, the network side sends an authentication request to the terminal, and sends the generated authentication parameter corresponding to the authentication tuple of the terminal to the terminal.
  • the HLR/AUC generates a random number RAND according to the random number generator, and calculates a desired response XRES, an encryption key CK, and an integrity key IK based on the RAND and the authentication key KI, respectively.
  • the message authentication code MAC-A is generated according to the random number RAND, the sequence number SQNHE, the authentication key KI and the AMF, and the AUTN is generated according to the MAC-A, the SQNHE ⁇ anonymous key AK and the authentication management domain AMF.
  • the HLR/AUC then sends the quintuple of RAND, AUTN, XRES, CK and IK and the corresponding IMSI to the MSC/VLR.
  • the MSC/VLR initiates an authentication request to the terminal, and simultaneously sends the corresponding authentication parameters RAND and AUTN in the quintuple to the terminal.
  • the generation of the expected response XRES, the encryption key CK, and the integrity key IK does not affect the implementation of the present invention. It can be considered as a modification of the embodiment.
  • Step 303 When receiving the authentication request, the terminal first authenticates the network, and determines whether the authentication is passed.
  • the terminal calculates the MAC in the AUTN according to the received RAND, the KI saved by itself, the SQNHE in the received AUTN, and the AMF by using the HLR/AUC.
  • the algorithm generates a MAC-A, and then the terminal compares the MAC-A generated by itself with the MAC-A generated by the network side. If the authentication is not consistent, the authentication is not passed, and step 304 is performed; Then step 305 is performed.
  • step 304 the terminal returns "authentication failure" information to the network, and then ends the process.
  • Step 305 The terminal determines whether the SQNHE is within an acceptable range. If yes, it determines that the network authentication is passed, and performs step 306. Otherwise, it determines that the synchronization fails, and performs step 307.
  • Step 306 The terminal replaces the SQNMS with the agreed specific value to generate the resynchronization flag AUTS, initiates a resynchronization request command to the network, and attaches a resynchronization flag AUTS. Specifically, the terminal replaces the SQNMS with the specified specific value and calculates the MAC-S according to its own KI and the received RAND and AMF, etc., and replaces the SQNMS with the specified specific value and generates a resynchronization flag according to the AK and the MAC-S. AUTS, sends a resynchronization request command to the network side and attaches the resynchronization flag AUTS.
  • a synchronization failure message is sent to the MSC/VLR,
  • the synchronization failure message contains AUTS.
  • the content of the agreement corresponding to the specific value of the agreement that is, the content that is executed when the network side recognizes the specific value of the agreement is "generate a new authentication key"; in this step, the terminal further includes generating a new one according to RAND and KI. Authentication key. Then step 308 is performed.
  • Step 306 The terminal may further update the saved SQNMS according to the SQNHE.
  • Step 307 The terminal directly generates a resynchronization flag AUTS according to the SQNMS, and sends a resynchronization request command to the network, and attaches a resynchronization flag AUTS. Specifically, the terminal calculates the MAC-S according to its own KI, SQNMS, and received RAND and AMF, and then generates a resynchronization flag AUTS according to the SQNMS, AK, and MAC-S, and then initiates a resynchronization request command to the network side. And attach the resynchronization mark AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS. Then step 308 is performed.
  • Step 308 When the network side receives the resynchronization request command, the network side HLR/AUC determines whether the SQNMS in the AUTS is an agreed specific value. If it is a specific value of the agreement, step 309 is performed; if it is not a specific value of the agreement, step 310 is performed;
  • the HLR/AUC may generate an AK according to the RAND and the KI to decrypt the SQNMS ciphertext and obtain the SQNMS plaintext. Since this is the content of the 3GPP protocol specification, it will not be described in detail here.
  • Step 309 The network side calculates the MAC-S according to the RAND in the corresponding quintuple, the saved KI, the SQNMS and the AMF in the received AUTS, and the like, and then compares the generated MAC-S with the MAC-S generated by itself. Whether the MAC-S in the received AUTS is consistent to authenticate the terminal. If the MAC-S value is consistent, the authentication is considered to be valid, that is, the AUTS is considered to be legal, and then step 311 is performed; otherwise, the AUTS is considered illegal, and step 313 is performed;
  • the MSC/VLR on the network side receives the resynchronization flag AUTS returned by the terminal.
  • the HLR/AUC first calculates according to the algorithm consistent with the terminal according to the received RAND, the SQNMS in the AUTS, the KI and the AMF saved by itself, and the like.
  • the MAC-S compares it with the MAC-S in the received AUTS. If they match, it is determined that the AUTS is legal. Otherwise, it is determined that the AUTS is illegal.
  • Step 311 The network side executes the agreed content corresponding to the specified specific value, that is, performs an authentication key update action, that is, the HLR/AUC generates a new authentication key according to an algorithm consistent with the terminal according to RAND and KI, and then ends the present Secondary information delivery process.
  • Step 310 The network side calculates the MAC-S according to the RAND in the corresponding quintuple, the saved KI, the SQNMS and the AMF in the received AUTS, and the like, and then compares the generated MAC-S by itself. If the MAC-S value is consistent with the received AUTS, the terminal is authenticated. If the MAC-S value is consistent, the authentication is considered to be valid, that is, the AUTS is considered to be legal, and then step 312 is performed; otherwise, the AUTS is considered illegal, and step 313 is performed. ;
  • the MSC/VLR on the network side receives the resynchronization flag AUTS returned by the terminal, the AUTS and the RAND in the corresponding quintuple are sent to the HLR/AUC, and the HLR/AUC is first received according to the RAND and AUTS.
  • the SQ MS, the self-storing KI, and the AMF calculate the MAC-S by using an algorithm consistent with the terminal, and compare it with the MAC-S in the received AUTS. If they are consistent, the AUTS is determined to be legal. Otherwise, the judgment is made. Out of AUTS is illegal.
  • Step 312 The HLR/AUC updates the SQNHE according to the value of the SQNMS, and then ends the information transmission process.
  • Step 313 the network side returns the failure information; and then ends the information delivery process.
  • steps 306 and 307 when MAC-S is actually generated, the AMF is not used and the implementation of the method is not affected, that is, only according to RAND, KI, SQNMS.
  • the calculation is generated, and the specific algorithm can refer to the 3GPP specifications.
  • the network side should also adopt parameters and algorithms consistent with the terminal to generate MAC-S authentication for the terminal. Such a change should be regarded as a modification to the embodiment, and should be It belongs to the scope of protection of the present invention.
  • the determination of whether the SQNMS is a specific value of the agreement and the judgment of the legality of the AUTS can be reversed.
  • the order of the change does not affect the implementation effect.
  • the HLR/AUC may further determine the SQNMS according to the specific value of the SQNMS after determining that the SQNMS is the specified specific value.
  • the judgment processing method used when judging the legality of AUTS for example, which algorithm or parameter is used to perform the judgment, and the like. Therefore, first determining whether the SQNMS is a specific value of the agreement, and then judging the legitimacy of the AUTS can make the method more scalable.
  • the method of the present invention can be used not only to transmit the key update request information to the network side, but also to transmit the request information of the update authentication algorithm to the HLR/AUC, and also to the network side whether the terminal performs the anti-theft verification and the anti-theft verification.
  • the terminal can use the method of the present invention to return information indicating whether the key update was successful to the HLR/AUC.
  • some values of the SQNMS can be set to be used as specific values for the agreement. For example, setting the value of the SQNMS to less than 256 as a specific value that can be used as an agreement, obviously, the SQNMS is used to determine whether the AUTN is acceptable.
  • the initial value should be greater than or equal to 256.
  • the above MSC/VLR is a circuit domain device.
  • the corresponding MSC/VLR device is an SGSN, so the present invention can be equally applied to a packet domain.
  • the terminal and the HLR/AUC generate a new authentication key, which may be a mature digest algorithm, and the corresponding digest algorithm may refer to the book Applied Cryptography or related algorithm papers or reports;
  • a new key may also be performed using an algorithm for generating an encryption key CK or an integrity key IK by the random number RAND and the authentication key KI mentioned in the 3GPP protocol.
  • the terminal determines whether the SQNHE is in an acceptable range for the AUTN-based authentication, the HLR7AUC verifies the validity of the AUTS, and the HLR/AUC generates the authentication tuple, and the SQNHE
  • the algorithm for generating the authentication tuple, and the algorithm for generating the AUTS, and the like, can be referred to the 3GPP related protocol. Since it is a well-known technology, it will not be described here.
  • the second embodiment of the present invention is described below.
  • the implementation and application of the present invention between two communication units are described by using the second embodiment.
  • the unit includes a first unit and a second unit, and the first unit stores the first unit.
  • the second serial number SQN2 is saved in the second unit.
  • the second unit sends the generated authentication parameter information to the first unit, where the authentication parameter information includes a random number RAND, SQN2 and a message authentication code MAC-A;
  • the authentication parameter information includes a random number RAND, SQN2 and a message authentication code MAC-A;
  • a random number RAND is first generated.
  • the second unit sets a random number generator, generates the random number RAND by a random number generator, and then performs calculation according to the random numbers RAND, SQN2, and AK2 to obtain a message.
  • the weight coding MAC-A the first unit performs consistency verification on the authentication parameter information received from the second unit, that is, performs consistency verification on the MAC-A, here according to AK1 and RAND received from the second unit and SQN2, according to the method of calculating the MAC-A consistency with the second unit, obtains a calculation result, and compares the calculated result with the MAC-A received from the second unit. If not, the MAC-A is The consistency verification fails, and it is determined that the authentication of the second unit does not pass. If the MAC-A consistency verification is passed, the first unit verifies whether the SQN2 is acceptable according to the SQN1 saved by itself.
  • the second unit determines that the second unit is authenticated, and updates SQN1 according to SQN2; if it is determined that SQN2 is not It is acceptable that the first unit calculates a resynchronization authentication code MAC-S according to RAND, SQN1 and SK1, and sends a resynchronization message to the second unit, where the message includes SQN1 and MAC-S.
  • the second unit verifies the legality of the resynchronization message of the first unit, that is, the legality of the resynchronization authentication code MAC-S, which is according to the SK2, RAND saved by itself and the SQN1 received from the first unit, according to Computation with the first unit to calculate the MAC-S method, obtain a calculation result, and compare whether the calculated result is consistent with the MAC-S received from the first unit. If they are consistent, the first unit is determined. The resynchronization message is valid, and SQN2 is updated according to SQN1; if not, it is determined that the resynchronization message of the first unit is illegal.
  • the second unit may save the corresponding RAND after generating the authentication parameter in advance, or may return the RAND to the second unit by the first unit. It should be noted that the RAND is returned to the second unit by the first unit. The security of the method is reduced, for example, it may be attacked by message replay.
  • the first unit above updates SQN1 according to SQN2, and may set the value of SQN1 to be equal to SQN2.
  • the foregoing second unit updates SQN2 according to SQN1, and may set the value of SQN2 to be equal to SQN1, or generate a new value according to SQN1 instead of the value of SQN2 itself; or after setting the value of SQN2 equal to SQN1, generate again according to SQN2 A new value replaces the value of SQN2 itself.
  • Generating a new value based on SQN1 or SQN2 may be to add a random increment to SQN1 or SQN2, such as adding a random number between 1 and 256 to obtain the new value.
  • a random number generator can be used to generate a random number between 1 and 256.
  • the first unit verifies whether the SQN2 is acceptable according to the SQN1 saved by itself, and may determine whether the difference between SQN1 and SQN2 is within a certain range, for example, whether (SQN1 - SQN2) is greater than 0, or whether (SQN1 - SQN2) is greater than 0 and less than 256, and so on. If the difference is within the range, it is judged that SQN2 is acceptable, otherwise, it is judged that SQN2 is unacceptable.
  • the calculation of the above calculated MAC-A and MAC-S values may be known digest calculations, or may be performed using some algorithms well known in the art.
  • the above authentication process can be restarted, that is, the second unit generates a random number RAND.
  • the second unit generates the random number RAND through the set random number generator.
  • the second unit calculates according to the random numbers RAND, SQN2 and AK2, obtains a message authentication code MAC-A, and sends RAND, SQN2 and MAC-A to the first unit, the first unit performs corresponding processing, and the like.
  • the first unit and the second unit pre-declare: after receiving the resynchronization message of the first unit, if the second unit determines that the SQN1 is a specific value of the agreement, the corresponding content is executed according to the specific value, that is, the execution is performed. Corresponding operation. According to the convention, the first unit may transmit specific information to the second unit, causing the second unit to perform a corresponding specific operation according to the specific information.
  • the first unit may be pre-agreed with the second unit: after receiving the resynchronization message of the first unit, if the second unit determines that the SQN1 is a specific value of the agreement, the corresponding content is executed according to the specific value, that is, Perform the corresponding operation.
  • the content of the execution of the corresponding agreement may be one or more of an operation of performing a key update, performing an authentication algorithm update, obtaining related information, and returning special operation execution result information.
  • the obtaining related information may be to obtain whether the first unit has a certain capability, for example, whether the first unit supports the GPS positioning function, whether the mobile payment is supported, or the like according to the value of the SQN1, and the special operation may be performed by the first unit.
  • the main unit needs to transmit specific information to the second unit:
  • step 402 at the time of authentication, the second unit sends the generated authentication parameter information to the first unit.
  • the authentication parameter information includes a random number RAND, SQN2 and a message authentication code MAC-A; in practice, when the second unit generates the authentication parameter, first generates a random number RAND, for example, the second unit is set by The random number generator generates the random number RAND, and then performs calculation based on the random numbers RAND, SQN2, and AK2 to obtain a message authentication code MAC-A, and uses RAND, SQN2, and MAC-A as the to be sent to the first unit.
  • step 403 the first unit performs consistency verification on the message received from the second unit, that is, according to AK1 and RAND and SQN2 received from the second unit, according to the method of calculating the MAC-A with the second unit. Calculate, get a calculation result, and compare whether the calculated result is consistent with the received MAC-A. If it is inconsistent, it is judged. The authentication of the second unit is not passed. If the consistency verification is passed, step 404 is performed.
  • step 404 the first unit verifies whether the SQN2 is acceptable according to the SQN1 saved by itself. If it is acceptable, it determines that the second unit is authenticated, and updates SQN1 according to SQN2, and performs step 405; otherwise, if it is determined that SQN2 is not available If yes, go to step 406.
  • step 405 the first unit replaces SQN1 with the specified specific value and calculates a resynchronization authentication code MAC-S according to its own SK1 and the received RAND, etc., and sends a resynchronization message to the second unit, where the message includes Instead of the specific value of the agreement of SQN1 and the MAC-S, the second unit enters the sub-flow of performing the synchronization process after receiving the resynchronization message.
  • step 406 the first unit calculates a message authentication code MAC-S according to RAND, SQN1 and SK1, and the first unit sends a resynchronization message to the second unit, where the message includes SQN1 and MAC-S, and the second unit receives After the resynchronization message, the sub-process that performs the synchronization process is entered.
  • the first unit verifies whether the SQN2 is acceptable according to the SQN1 saved by itself, and may determine whether the difference between SQN1 and SQN2 is within a certain range, for example, whether (SQN1 - SQN 2 ) is greater than 0, or whether (SQN1 - SQN 2 ) is greater than 0 and less than 256 , and so on. If the difference is within the range, it is judged that SQN2 is acceptable, otherwise, it is judged that SQN2 is unacceptable.
  • the first unit does not need to transmit specific information to the second unit:
  • step 502 at the time of authentication, the second unit sends the generated authentication parameter information to the first unit.
  • the authentication parameter information includes a random number RAND, SQN2 and a message authentication code MAC-A; in practice, when the second unit generates the authentication parameter, first generates a random number RAND, for example, the second unit is set by The random number generator generates the random number RAND, the second unit calculates according to the random numbers RAND, SQN2 and AK2, obtains a message authentication code MAC-A, and uses RAND, SQN2 and MAC-A as the authentication parameters to be sent to the first unit;
  • step 503 the first unit performs consistency verification on the message received from the second unit, that is, according to AK1 and RAND and SQN2 received from the second unit, according to the method of calculating the MAC-A with the second unit. Calculate, get a calculation result, and compare whether the calculated result is consistent with the received MAC-A. If it is inconsistent, it is judged that the authentication of the second unit does not pass. If the consistency verification is passed, then step 504 is performed.
  • step 504 the first unit verifies whether the SQN2 is acceptable according to the SQN1 saved by itself, and if it is acceptable, determines that the second unit is authenticated, and performs step 506, that is, updates the SQN1 according to the SQN2, and ends the process; otherwise, if If it is determined that SQN2 is unacceptable, step 505 is performed.
  • step 505 the first unit calculates a message authentication code MAC-S according to RAND, SQN1 and SKI, and the first unit sends a resynchronization message to the second unit, where the message includes SQN1 and MAC-S, and the second unit receives After the resynchronization message, the sub-process that performs the synchronization process is entered.
  • the first unit verifies whether the SQN2 is acceptable according to the SQN1 saved by itself, and may determine whether the difference between SQN1 and SQN2 is within a certain range, for example, whether (SQN1 - SQN2) is greater than 0, or whether (SQN1 - SQN2) ) is greater than 0 and less than 256, and so on. If the difference is within the range, it is judged that SQN2 is acceptable, otherwise, it is judged that SQN2 is unacceptable.
  • a sub-flow of performing synchronization processing is performed by the second unit in the first embodiment of the second embodiment of the present invention:
  • step 601 the second unit verifies the validity of the resynchronization message of the first unit, and if the resynchronization message of the first unit is legal, step 602 is performed, if the resynchronization of the first unit is eliminated. If the information is illegal, step 603 is executed, that is, the synchronization failure information is returned, and the process ends.
  • step 602 the second unit determines whether SQN1 in the resynchronization message is a specific value of the agreement. If not, step 604 is performed; if yes, step 605 is performed.
  • SQN2 is updated according to SQN1, and the process ends.
  • step 605 the second unit executes the content of the corresponding agreement, that is, performs the corresponding operation.
  • the SQN1 in the resynchronization message is determined to be a specific value of the agreement
  • the corresponding content is executed according to the specific value, that is, the execution is performed. Corresponding operation. Then, end the process.
  • a second embodiment of the second embodiment of the present invention is different from the above-mentioned first embodiment in that: the second unit performs synchronization in the first embodiment.
  • the validity of the resynchronization message is first determined, and then whether the SQN1 in the resynchronization message is a predetermined specific value is determined.
  • step 701 the second unit verifies whether SQN1 in the resynchronization message of the first unit is a specific value of the agreement. If yes, step 702 is performed, otherwise, step 703 is performed.
  • step 702 the second unit verifies the validity of the resynchronization message of the first unit. If the resynchronization message of the first unit is legal, step 704 is performed. If the resynchronization message of the first unit is illegal, step 706 is performed.
  • step 703 the second unit verifies the validity of the resynchronization message of the first unit. If the resynchronization message of the first unit is legal, step 705 is performed. Otherwise, if the resynchronization message of the first unit is illegal, step 706 is performed.
  • the second unit executes the content of the corresponding appointment, that is, performs the corresponding operation.
  • the specific value is executed.
  • the agreed content that is, the corresponding operation. Then the process ends.
  • SQN2 is updated according to SQN1, and then the flow is ended.
  • Step 706 returning the synchronization failure information, and then ending the process.
  • the second unit may verify that the validity of the resynchronization message of the first unit is that the second unit is based on the saved SK2, RAND, and received from the first unit.
  • a unit of SQN1 is calculated according to the method of calculating the MAC-S with the first unit, and a calculation result is obtained, and the result calculated by itself is compared with whether the MAC-S received from the first unit is consistent. If they are consistent, then It is determined that the MAC-S is legal, that is, the resynchronization message of the first unit is legal; if not, it is determined that the MAC-S is illegal, that is, the resynchronization message of the first unit is illegal.
  • the second unit when the second unit verifies the MAC-S consistency, RAND is needed, and the second unit may save the corresponding RAND after generating the authentication parameter in advance, or may return the RAND to the second unit by the first unit.
  • the latter may have certain security risks, for example, attacks that may be subject to message replay.
  • the determination of whether the SQN1 is a specific value of the agreement and the legality judgment of the resynchronization message may be reversed. In general, the order of the exchange does not affect the implementation effect. . However, it is worth noting that in the second embodiment of the second embodiment, that is, if the SQN1 is determined to be a specific value of the agreement, and then the validity of the resynchronization message is determined, the second unit determines that the SQN1 is an appointment.
  • the judgment processing manner used when judging the legality of the resynchronization message may be further determined according to the specific value of the SQN1, for example, determining which algorithm to use or which parameters are used to perform the method according to the specific value of the agreement. Judging the legality of resynchronization messages, and so on. Therefore, first determining whether SQN1 is a specific value of the agreement, and then judging the legitimacy of the resynchronization message can make the method more scalable.
  • the first unit when the first unit recalculates the resynchronization authentication code, It is possible to participate in the operation without using a random number.
  • the second unit verifies the legitimacy of the resynchronization message of the first unit, the random number is not used to participate in the operation.
  • this will reduce the security of the first synchronization key, which is a modified implementation of the present invention. Therefore, the specific implementation steps of this modification method will not be elaborated here.
  • the first authentication key AK1 and the first synchronization key SK1 may be the same, that is, the first authentication key AK1 and the first synchronization key SK1 may be Is the same key; correspondingly, in the second unit, the second authentication key AK2 and the second synchronization key SK2 may also be the same, that is, the second authentication key AK2 and the second synchronization key SK2 It can also be the same key.
  • some values of SQN1 may be set to be used as specific values of the agreement, for example, setting a value in the range of SQN1 less than 256 as a specific value that can be used as an agreement, obviously, such that SQN1
  • the initial value used to determine whether SQN2 is acceptable should be greater than or equal to 256.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Multi-Process Working Machines And Systems (AREA)
  • Communication Control (AREA)
  • Telephonic Communication Services (AREA)

Description

一种鉴权方法及相应的信息传递方法 技术领域
本发明涉及通信安全技术, 具体涉及一种鉴权方法及相应的信息 传递方法。 发明背景
通常情况下, 相互通信的一端比如第一单元, 向另外一端比如第二 单元传递信息时, 一般是在第二单元建立了对第一单元的可信任的连接 后才进行的, 也即该连接为第二单元对第一单元鉴权通过后建立的连 接, 通过这种连接, 第一单元可以向第二单元传递相关信息时, 第二单 元可以判断出所传递信息的有效性。 但是, 在某些时候, 通信双方还没 有建立有效的通信连接之前, 一方需要向另外一方传递重要信息时, 就 没有有效的办法来解决。 比如说, 用于通信双方相互鉴权的密钥因为某 种原因失去了同步,变得不再一致,从而导致正常的相互鉴权无法通过, 因而, 也无法建立有效的互信连接, 此时, 通信的一方例如第一单元需 要告诉另外一方例如第二单元, 需要重新同步鉴权密钥, 这时, 所述通 信的第一单元如何将需要同步鉴权密钥的信息传送给第二单元, 以及第 二单元接收到第一单元的需要同步鉴权密钥的信息后, 怎么能够相信这 是真的, 而不是一个攻击者发起的攻击行为呢?
还例如, 在未来的通信网络中, 随着业务的丰富、 网络功能的扩展, 对终端与网络间或两个通信单元之间通信安全的要求也相应提高, 而信 息传递量的几何级递增, 则要求具有更加安全与便捷的信息传递方式。
先以现有的 3G鉴权为例, 对现有的鉴权方法和信息传递方法简单 介绍一下, 现有有 3G网络中的鉴权是由 MS (终端)、 MSC/VLR (移动 交换中心 /访问位置寄存器)或 SGSN ( GPRS业务服务节点)、 HLR/AUC (归属位置寄存器 /鉴权中心)协同工作完成, SIM卡或 USIM卡上保 存了一鉴权密钥 KI, HLR/AUC也存有与用户 SIM卡或 USIM卡上的 KI一致的鉴权密钥 KI。 由 MS和 AUC分别根据各自的鉴权密钥 KI计 算出相应鉴权参数, 再由 MSC/VLR比较双方的计算结果, 完成网络对 MS 合法性的验证。 该过程中包括终端对网络的鉴权, 终端对网络的鉴 权失败时, 会给网络反馈 "鉴权失败,,的消息。
上述终端向网络发送信息的是未经过网络鉴权的, 这种终端向网络 发送信息的方式用于返回 "鉴权失败" 类的信息时可能不致导致严重的 安全问题, 但在某些应用场合, 终端向网络发送信息时网络若不能对终 端鉴权就会存在严重的安全问题。
例如, 在一些涉及密钥设置与更新的情况下终端向网络发送信息若 不经过网络的鉴权, 将存在严重的安全隐患。 按照现有技术, 可通过 USSD或短信息的方式将信息传递给网络侧, 这种信息传递方式因会引 起鉴权流程, 能解决信息传递的安全问题, 但对信令资源消耗较大。
综上所述, 如何在不增加现有通信协议、 信令资源和运营成本的基 础上, 方便地传递信息, 且保障通信的安全性是一个值得解决的问题。 发明内容
有鉴于此, 本发明要解决技术问题是提供一种鉴权方法及相应的信 息传递方法, 使得不需要增加现有通信协议、 信令或鉴权参数和营运成 本, 即可方便地从终端向网絡侧传递信息且保障终端和网络通信的安全 性, 也可方便安全地实现通信单元之间的鉴权与信息传递。 特别地, 在终端与网絡建立连接之前, 例如在鉴权的过程中, 向网络传送有效信 为解决上述问题, 本发明提供了一种信息传递方法, 用于 3G 网络 中终端向网络传递信息, 所述方法包括以下步骤:
a. 终端用约定的特定值代替 SQNMS产生再同步标记 AUTS, 对网 络发送再同步请求命令且附上所述再同步标记 AUTS;
b. 网络侧在接收到所述再同步请求命令并判断出所述再同步标记 AUTS中的 SQNMS为所述约定的特定值时, 执行所述约定的特定值对 应的操作。
所述方法还包括, 在步骤 a之前终端对网络侧发送可引起鉴权流程 的消息 , 网络侧接收到所述消息时对终端发起鉴权请求且附上产生的相 应的鉴权参数, 终端接收所述鉴权参数; 相应地, 在步骤 a中, 终端在 向网络侧发送再同步请求命令前根据所述鉴权参数对网络进行鉴权。
所述步骤 a之前终端对网络侧发送可引起鉴权流程的消息可以是位 置更新请求或业务请求。
所述鉴权参数包括随机数 RAND和鉴权标记 AUTN, 相应的, 在步 骤 a中所述对网络进行鉴权是根据 RAND和 AUTN对网络鉴权。
根据 RAND和 AUTN对网络鉴权是指判断 AUTN是否满足一致性 要求, 如果不满足, 则对网络鉴权失败。
判断出 AUTN满足一致性要求后, 进一步判断 SQNHE是否在可接 受的范围内, 如果是, 则确认对网络鉴权通过, 用所述约定的特定值代 替 SQNMS产生再同步标记 AUTS, 否则, 直接根据 SQNMS产生再同 步标记 AUTS。
步骤 b还包括判断 AUTS是否合法。
所述步骤 b中: 判断出 SQNMS为所述约定的特定值后进一步判断 AUTS是否合法, 若合法则执行对应的约定内容。
所述步骤 b中: 判断出 AUTS合法后进一步判断 SQNMS是否为所 述约定的特定值, 若是则执行对应的约定内容, 否则, 根据 SQNMS更 新 SQNHE。
所述约定的特定值是指约定某一范围内的值或某个或多个具体值。 所述执行约定内容可以是执行密钥更新、 执行鉴权算法更新、 执行 防盗验证、 取消防盗验证、 获得相关信息和返回特殊操作执行结果信息 中一个或多个。 一种鉴权方法, 用于通信网络中终端与网络间的鉴权, 所述方法包 括以下步骤:
a. 网络侧产生随机数, 并根据随机数、 终端的鉴权密钥和序列号生 成鉴权元组, 发送给终端;
b. 终端根据自身保存的鉴权密钥对所述鉴权元组进行一致性验证, 并根据自身保存的序列号判断来自网络的序列号是否可接受, 判断出对 所述鉴权元组的一致性验证通过, 且所述来自网络的序列号可接受时, 对网络鉴权通过, 并用约定的特定值代替终端保存的序列号生成再同步 标记, 向网络发送再同步请求且附上所述再同步标记;
c 网络在接收到所述再同步请求, 判断出所述再同步标记中的所述 序列号为所述约定的特定值时, 执行约定的对应操作。
所述方法还包括: 在步骤 a之前, 终端对网络侧发送可引起鉴权流 程的消息, 所述消息可以是位置更新请求或业务请求。
所述步骤 b中还包括, 当终端判断出对来自网络的所述鉴权元组一 致性验证通过但来自网络的序列号不属于可接受的范围时, 直接根据终 端保存的序列号生成再同步标记, 向网络发送再同步请求且附上所述再 同步标记。
所述步骤 b中还包括, 当终端判断出对来自网络的所述鉴权元组一 致性验证未通过时, 则向网络发送鉴权失败信息。 所述步驟 b中还包括, 终端判断出对所述鉴权元组的一致性验证通 过, 且所述来自网络的序列号可接受时, 根据所述来自网絡侧的序列号 更新终端侧保存的序列号。
所述步骤 C中还包括: 网络侧对所述再同步标记进行合法性判断。 所述步骤 c可以进一步是: 判断出所述来自终端的序列号为所述约 定的特定值后进一步判断再同步标记是否合法 , 若合法则执行对应的约 定内容。
所述步驟 C可以进一步是: 判断出再同步标记合法后进一步判断所 述来自终端的序列号是否为所述约定的特定值, 若是则执行对应的约定 内容, 否则, 根据所述来自终端的序列号更新网络侧保存的序列号。
所述约定的特定值是指约定某一范围内的值或某个或多个具体值。 所述执行约定内容可以是执行密钥更新、 执行鉴权算法更新、 执行 防盗验证、 取消防盗验证、 获得相关信息和返回特殊操作执行结果信息 中一个或多个。
一种鉴权方法, 用于可相互通信的单元之间的鉴权, 所述单元至少 包括: 保存了第一鉴权密钥、 第一同步密钥和第一序列号的第一单元, 以及保存了第二鉴权密钥、 第二同步密钥和第二序列号的第二单元, 其 特征在于, 所述方法至少包括以下步骤:
a. 第二单元产生随机数, 并根据随机数、 第二鉴权密钥和第二序列 号生成消息鉴权编码, 将所述随机数、 第二序列号和生成的消息鉴权编 码发送给第一单元;
b. 第一单元根据第一鉴权密钥和所述随机数以及第二序列号对所 述消息鉴权编码进行一致性验证, 并根据第一序列号判断第二序列号是 否可接受, 判断出对所述消息鉴权编码的一致性险证通过, 且第二序列 号可接受时, 对第二单元的鉴权通过, 并用约定的特定值代替第一序列 号和所述随机数以及第一同步密钥生成再同步鉴权编码, 向第二单元发 送再同步请求且附上所述再同步鉴权编码和代替第一序列号的所述约 定的特定值;
C. 第二单元在接收到所述再同步请求, 判断出来自第一单元的第一 序列号为所述约定的特定值时, 执行约定的对应操作。
所述步骤 b中所述用约定的特定值代替第一序列号和第一同步密钥 生成再同步鉴权编码进一步是: 用约定的特定值代替第一序列号和所述 随机数以及第一同步密钥生成再同步鉴权编码。
所述步骤 b中还包括, 第一单元判断出对所述消息鉴权编码的一致 性验证通过, 且第二序列号可接受时, 根据所述第二序列号更新第一序 列号。
所述步骤 b中还包括, 当第一单元判断出对所述消息鉴权编码的一 致性验证通过但第二序列号不属于可接受的范围时, 直接根据终第一序 列号和所述随机数以及第一同步密钥生成再同步鉴权编码, 向网絡发送 再同步请求且附上所述再同步鉴权编码和第一序列号。
所述步骤 b中还包括, 当第一单元判断出对所述消息鉴权编码的一 致性验证未通过时, 则向第二单元发送鉴权失败信息。
所述步驟 b中, 第一单元对所述消息鉴权编码进行一致性验证进一 步是: 第一单元根据第一鉴权密钥、 所述随机数和第二序列号采用和第 二单元根据所述随机数、 第二鉴权密钥和第二序列号产生消息鉴权编码 一致的方法产生一个运算结果, 比较自己产生的运算结果和所述消息鉴 权编码是否一致,如果一致,则对所述消息鉴权编码的一致性验证通过, 否则, 对所述消息鉴权编码的一致性验证不通过。
所述步骤 b中, 第一单元判断第二序列号是否可接受进一步是: 判 断第二序列号和第一序列号的差值是否在一定的范围内, 如果是, 则判 断出第二序列号可接受, 否则, 判断出第二序列号不可以接受。
所述步骤 c中还包括: 第二单元对所述再同步鉴权编码进行合法性 判断。
所述步骤 c可以进一步是: 判断出所述来自第一单元的第一序列号 为所述约定的特定值后进一步判断再同步鉴权编码是否合法, 若合法则 执行对应的约定内容;
所述步驟 C可以进一步是: 判断出来自第一单元的再同步鉴权编码 合法后进一步判断所述第一序列号是否为所述约定的特定值, 若是则执 行对应的约定内容,否则,根据所述第一序列号更新保存的第二序列号。
所述步驟 c进一步包括: 判断出来自第一单元的再同步鉴权编码非 法后, 返回失败信息。
所述步骤 C中第二单元对所述再同步鉴权编码进行合法性判断进一 步是: 第二单元根据第二同步密钥、 所述随机数和第一序列号采用和第 一单元根据所述随机数、 第一同步密钥和第一序列号产生再同步鉴权编 码一致的方法产生一个运算结果, 比较自己产生的运算结果和所述再同 步鉴权编码是否一致, 如果一致, 则判断出再同步鉴权编码合法, 否贝 判断出再同步鉴权编码非法。
所述约定的特定值是指约定某一范围内的值或某个或多个具体值。 所述执行约定内容可以是执行密钥更新、 执行鉴权算法更新、 获得 相关信息和返回特殊操作执行结果信息中一个或多个。
本发明终端向网络传递信息的方法不需增加或改变现有的信令资源 或鉴权参数, 方便地实现终端与网络侧的鉴权与信息传递且保障网络安 全性, 也可方便安全地实现两个通信单元之间鉴权和信息传递。 附图简要说明
图 1是本发明的具体实施方式一的流程图。
图 2是本发明的具体实施方式一的第一实施例的流程图。
图 3是本发明的具体实施方式一的第二实施例的流程图。
图 4是本发明的具体实施方式二的第一实施例中, 第一单元需要向 第二单元传送特定的信息时的主流程。
图 5是本发明的具体实施方式二的第一实施例中, 第一单元不需要 向第二单元传送特定的信息时的主流程。
图 6是本发明的具体实施方式二的第一实施例中, 第二单元执行同 步处理的子流程。
图 7是本发明的具体实施方式二的第二实施例中, 第二单元执行同 步处理的子流程。 实施本发明的方式
本发明终端向网络侧传递信息的方法利用 3G 网絡鉴权流程中的已 有参数来实现, 不需增加信令资源。
为了更好地理解本发明, 先简单介绍一下现有的第三代移动通信系 统中的鉴权流程,在移动终端中保存国际移动用户标识 IMSI、鉴权密钥 KI和序列号 SQNMS, 网络侧的 HLR/AUC中针对该移动终端对应保存 IMSI、 KI和序列号 SQNHE, 以用于移动终端和网络相互鉴权。
3G通信系统的现有鉴权流程主要为: HLR/AUC产生随机数 RAND, 根据随机数 RAND和 KI产生期望响应 XRES、加密密钥 CK、 完整性密 钥 IK; 根据随机数 RAND、 序列号 SQNHE、 鉴权密钥 KI和鉴权管理 域 AMF产生出 MAC-A, 根据 MAC-A, SQNHE、 AK和 AMF得到鉴权 标记 AUTN ( Authentication Token )。 由 RAND和 XRES、 CK、 IK和 AUTN组成鉴权五元组, 将该五元组发送给 MSC/VLR保存。 当然, 实 际当中, HLR/AUC是应 MSC/VLR的请求才将产生的相应的一个或多 个五元组发送给 MSC/VLR 的。 鉴权时, MSC/VLR将对应五元組中 RAND和 AUTN发送给终端,终端根据自己保存的 KI验证 AUTN的一 致性, 如果一致性验证不通过, 则向 MSC/VLR返回鉴权失败信息; 若 一致性验证通过, 则判断 SQNHE是否属于可接受的范围: 若属于, 则 终端判断出对网络鉴权通过, 终端向 MSC/VLR返回终端自己产生的鉴 权响应,并根据 AUTN中的 SQNHE更新 SQNMS, MSC/VLR比较终端 返回的鉴权响应和对应五元组中的 XRES 是否一致来判断终端的合法 性; 若判断出 SQNHE不属于可接受范围, 则根据 SQNMS产生再同步 标记 AUTS(Resynchronisation Token), 对网络侧 MSC/VLR返回再同步 请求或同步失败(Synchronisation failure )消息, 同时附上产生的再同步 标记 AUTS, 也即消息中包含 AUTS。 网络侧 MSC/VLR接收到再同步 标记 AUTS时, 将 AUTS和对应五元组中的 RAND发送给 HLR/AUC, HLR/AUC根据对应保存的 KI和接收到的 RAND,判断 AUTS的合法性, 如果不合法, 则 HLR/AUC向 MSC/VLR返回 AUTS不合法信息; 如果 判断出 AUTS合法,则 HLR/AUC根据 AUTS中的 SQNMS更新 SQNHE, 并产生一个新的鉴权五元组发送给 MSC/VLR, MSC/VLR接收到新的五 元组后, 删除对应的旧的五元組。 关于鉴权流程, 可以参照 3GPP规范。
可见在 3G 通信系统的现有鉴权流程中, SQNMS 主要用于判断 AUTN中 SQNHE是否是最新的或 SQNHE是否在可接受范围内, 以及 更新 SQNHE时使用。
本发明通过改进措施, 提供一种改进的鉴权方法和信息传递方法, 使得在终端对网络侧鉴权通过即终端根据自己保存的 KI对 AUTN的一 致性验证通过并且 AUTN中的 SQNHE在可接受范围内的情况下, 也产 生再同步标记和发送再同步请求命令, 并利用终端向网络侧发送的再同 息。 本发明中终端对网络侧鉴杈通过后, 用约定的特定值代替 SQNMS 产生再同步标记 AUTS, 向网络侧发送同步请求命令并附上该再同步标 记, 网络侧接收到所述同步请求命令时, 判断 AUTS中 SQNMS是否为 约定的特定值, 若是, 则执行约定的内容; 否则按正常同步处理流程处 理, 即根据 SQNMS更新 SQNHE并作后续处理。 网络侧在判断 AUTS 中 SQNMS是否为约定的特定值之前, 还可以进一步执行对终端的鉴权 和对 SQNMS的完整性验证, 从而判断 AUTS的合法性。 本发明的方法 既充分利用了现有鉴权参数方便地对网络传递信息, 又利用了网络侧处 理再同步请求命令时的鉴权步骤提高了终端对网络传递信息的安全性 和完整性。
本发明提供的鉴权方法和相应的信息传递方法并不仅应用于终端与 网络间的鉴权与信息传递, 还可用于任何可相互通信的两单元之间的鉴 权及信息传递, 例如 Wimax, ... ... 等无线通信网络间的单元, 或者是 有线通信网络间的单元。
下面结合附图对本发明的具体实施方式进行详细的说明:
首先, 通过具体实施方式一对本发明提供的方法在移动通信中的实 施与应用予以说明, 请参阅图 1 , 图 1为本发明具体实施方式一的流程 图。
在步骤 101中, 终端向网络侧发起位置更新请求。
本步驟也可以是向网络侧发起业务请求。 实际当中可以是终端发送 的任何可以引起网络侧对终端进行鉴权的消息。
步驟 102, 网絡侧接收到该位置更新请求后将产生的鉴权元组中的 相应鉴权参数发送给终端。 本发明中网络侧实际也可以只产生所述相应 鉴权参数。
所述鉴权元组可以包括随机数 RAND、 期望响应 XRES、 加密密钥 CK、 完整性密钥 IK和鉴权标记 AUTN ( Authentication Token )。
所述相应鉴权参数包括 RAND和 AUTN。
产生鉴权元组时, HLR/AUC用随机数发生器产生的 RAND和自身 保存的鉴权密钥 KI分别计算出 XRES、 CK、 IK。 还根据 RAND、 KI、 序列号 SQNHE、 鉴权管理域 AMF产生 AUTN。
所述鉴权标记 AUTN长 16字节, 包括以下内容: 1 ) SQNHEA AK, 也即用 AK加密了的 SQNHE,其中序列号 SQNHE与匿名密钥 AK分别 长 6 字节, SQNHE指保存在网络侧的 SQN, 以区别于保存在终端的 SQNMS; 当需要对 SQNHE进行加密时, HLR/AUC根据 RAND和 KI 产生 AK, 使用 AK对 SQNHE作异或运算, 从而加密 SQNHE; 当不需 要对 SQNHE进行加密时, AK = 0; 2 )鉴权管理域 AMF长 2字节。 3 ) 消息鉴权编码 MAC-A长 8字节 ; MAC-A用于验证 RAND、 SQNHE、 AMF的数据完整性, 用于终端对 HLR/AUC进行鉴权。 HLR/AUC根据 RAND, SQNHE, KI和 AMF计算出 AUTN中的消息鉴权编码 MAC-A。
这样, 由 RAND、 AUTN、 XRES、 CK、 IK等组成了鉴权五元组。 本发明中, 终端在向网络侧传递信息时, 只需用到其中的 RAND 和 AUTNo
HLR/AUC产生了鉴权五元组后将相应的国际移动用户识别码 IMSI 和鉴权五元组 RAND、 CK、 IK、 XRES和 AUTN发送给 MSC/VLR。 MSC/VLR为电路域设备,对于分组域的网络,对应的设备可以为 SGSN。 鉴权时, 网絡侧的 MSC/VLR将接收自 HLR/AUC的鉴权元组中的随机 数 RAND和鉴权标记 AUTN传送给终端 MS。
步骤 103 , 终端 MS 接收到网络侧发送的相应鉴权参数即随机数 RAND和鉴权标记 AUTN并判断出对网络侧鉴权通过后,用约定的特定 值代替 SQNMS产生再同步标记 AUTS, 向网络发起再同步请求命令, 并附上再同步标记 AUTS。 这里, 向网络发起再同步请求命令, 并附上 再同步标记 AUTS, 也即, 向网络侧发送同步失败消息, 消息中包含了 AUTS。
所述再同步标记 AUTS包括以下内容: 1 ) SQNMSA AK, 也即用 AK加密了的 SQNMS,其中序列号 SQNMS与匿名密钥 AK分别长 6字 节, SQNMS指保存在终端侧的 SQN,以区别于保存在网络侧的 SQNHE; 当需要对 SQNMS进行加密时, 终端根据 RAND和 KI产生 AK, 使用 AK对 SQNMS作异或运算, 从而加密 SQNMS; 当不需要对 SQNMS进 行加密时, AK = 0; 2 ) 消息鉴权编码 MAC-S长 8字节 ; MAC-S用 于验证 RAND、 SQNMS的数据完整性, 用于 HLR/AUC对终端进行鉴 权, 也即, 用于 HLR/AUC验证 AUTS的合法性。 一^ 的, 终端根据自 己的 SQNMS、 KI和接收到的 RAND以及 AMF等计算得到 MAC-S,再 根据 SQNMS、 AK和 MAC-S产生再同步标记 AUTS
具体地说, 终端根据接收到的 RAND与自身保存的鉴权密钥 KI和 接收到的 AUTN中的 SQNHE以及 AMF采用与 HLR/AUC计算 AUTN 中 MAC-A—致的算法计算出 MAC-A, 然后进行一致性验证, 即, 比较 自己计算得到的 MAC-A与接收到的 AUTN中的 MAC-A是否一致, 例' 如是否相同, 若不一致, 则向 MSC/VLR返回鉴权失败信息; 若一致则 判断 SQNHE是否属于可接受的范围: 若属于, 则终端判断出对网络侧 的鉴权通过; 若判断出 SQNHE不属于可接受范围, 则根据 SQNMS产 生再同步标记 AUTS, 即, 根据 SQNMS, KI和接收到的 RAND 以及 AMF等计算得到 MAC-S, 再根据 SQNMS、 AK和 MAC-S产生再同步 标记 AUTS , 对网络侧 MSC/VLR 返回再同步请求命令或同步失败 ( Synchronisation failure ) 消息, 同时附上产生的再同步标记 AUTS。 终端对网络侧鉴权通过后, 用约定的特定值代替 SQNMS并根据自 己的 KI和接收到的 RAND以及 AMF等计算得到 MAC-S, 再用约定的 特定值代替 SQNMS并根据 AK和 MAC-S产生再同步标记 AUTS,向网 络侧发送再同步请求命令并附上所述再同步标记 AUTS, 或者向网络侧 发送同步失败消息, 并在该消息中包含 AUTS。 至于具体产生过程, 以 及产生时使用的算法可参照 3GPP规范。
步骤 104 , 网络侧接收到再同步请求命令后, 判断出再同步标记 AUTS中的 SQNMS为约定的特定值时, 执行对应约定的内容, 也即执 4亍对应操作。
终端和网络侧预先约定:网络侧在接收到终端的再同步请求命令后, 如果判断出 SQNMS为约定的特定值时, 则根据该特定值执行对应的约 定内容, 也即执行对应操作。 所述执行对应约定的内容可以是执行密钥 更新、 执行鉴权算法更新、 执行防盗验证、 取消防盗验证、 获得相关信 息和返回特殊操作执行结果信息等等操作中的一个或者多个。 所述获得 相关信息可以是根据 SQNMS的值获得终端是否具备某种能力, 例如是 否支持 GPS定位功能,是否支持移动支付等等, 所述特殊操作可以是响 应鉴权管理域 AMF不同值进行相应处理的执行结果, 也可以是根据某 种配置进行初始化操作执行结果, 也可以是移动终端漫游时, 根据当前 位置区或者运营商对移动终端进行了特殊初始化操作执行结果, 等等。
在步骤 104中, 还可以包括判断 AUTS合法性步骤。
也即, 在判断再同步标记 AUTS中的 SQNMS是否为约定的特定值 之前, 可以进一步包括判断 AUTS 合法性步骤。 具体地说, 网络侧的 MSC/VLR接收到终端返回的再同步标记 AUTS时, 将 AUTS和对应五 元组中的 RAND—并发送给 HLR/AUC, HLR/AUC先根据 RAND, KI、 SQMMS和 AMF等采用与终端一致的算法计算得出 MAC-S, 再将之与 接收到的 AUTS中的 MAC-S比较, 若一致, 判断出 AUTS合法, 否贝1 j , 判断出 AUTS非法。 HLR/AUC判断 AUTS非法时, 向 MSC/VLR返回 AUTS不合法的消息。 HLR7AUC判断 AUTS合法时,进一步判断 SQNMS 是否为约定的特定值, 若为约定的特定值则执行约定的内容。 否则, 即 不为约定的特定值时按正常同步流程处理, 即根据 SQNMS 更新 SQNHE, 并作后续处理。 关于正常同步流程处理可以参照 3GPP规范。
或者在判断再同步标记 AUTS中的 SQNMS为约定的特定值之后, 并在执行对应约定的内容之前,可以进一步包括判断 AUTS合法性步骤。
具体地说,网络侧的 MSC/VLR接收到终端返回的再同步标记 AUTS 时, 将 AUTS 和对应五元組中的 RAND —并发送给 HLR/AUC , HLR/AUC判断出 SQNMS为所述约定的特定值后, 先根据 RAND、 KI、 SQMMS和 AMF等采用与终端一致的算法计算得出 MAC-S, 再将之与 接收到的 AUTS中的 MAC-S比较, 若一致, 判断出 AUTS合法, 否贝 判断出 AUTS非法。 HLR/AUC判断 AUTS非法时, 向 MSC VLR返回 AUTS不合法的消息。 HLR/AUC判断 AUTS合法时, 执行所述约定的 内容。 HLR/AUC判断出 SQNMS不是所述约定的特定值时, 按正常同 步流程处理, 即判断 AUTS合法时, 根据 SQNMS更新 SQNHE, 并作 后续处理;判断 AUTS非法时,向 MSC/VLR返回 AUTS不合法的消息。 关于正常同步流程处理可以参照 3GPP规范。
在步骤 103 中, 产生 MAC-S时, 也可根据 RAND KI、 SQNMS 计算产生,即,不再根据 AMF,对应地在步驟 104中,网络侧验证 MAC-S 合法性时, 也根据 RAND、 KI、 SQNMS来验证, 而不再根据 AMF来 进行。
请参阅图 2, 图 2为所示本发明具体实施方式一的第一实施例, 本 实施例中将对终端使用本发明的方法通知网络侧密钥更新的过程予以 说明, 以便更好地理解本发明。
在步骤 201 , 终端向网絡发起位置更新请求;
本步骤也可以是向网络侧发起业务请求。 实际当中可以是终端发送 的任何可以引起网络侧对终端进行鉴权的消息。
在步骤 202, 网络侧接收到所述请求后, 通过对终端发送鉴权请求, 将产生的对应该终端的鉴权元组中的相应的鉴权参数发送给终端。
具体地说, HLR/AUC根据随机数发生器产生随机数 RAND, 根据 RAND和鉴权密钥 KI分别计算出期望响应 XRES、 加密密钥 CK、 完整 性密钥 IK。 根据随机数 RAND、 序列号 SQNHE、 鉴权密钥 KI和 AMF 计算产生出消息鉴权编码 MAC-A, 再根据 MAC-A、 SQNHE、 匿名密 钥 AK及鉴权管理域 AMF产生 AUTN。 这里, 当需要对 SQNHE进行 加密时, HLR/AUC根据 RAND和 KI产生 AK, 使用 AK对 SQNHE作 异或运算,从而加密 SQNHE; 当不需要对 SQNHE进行加密时, AK = 0; 然后 HLR/AUC将 RAND、 AUTN、 XRES、 CK和 IK组成的五元组 和对应的 IMSI一起发送给 MSC/VLR。 鉴权时, MSC/VLR向终端发起 鉴权请求, 并同时将五元组中相应的鉴权参数 RAND和 AUTN发送给 终端。
实际应用中, 不产生期望响应 XRES、 加密密钥 CK及完整性密钥 I K也不影响本发明的实现。 可视为对本实施例的变形。
步驟 203 , 终端接收到鉴权请求时, 先对网络进行鉴权, 判断鉴权 是否通过。
具体地说, 终端接收到来自网络侧的随机数 RAND 和鉴权标记 AUTN时, 根据接收到的 RAND、 自身保存的 KI和接收到的 AUTN中 的 SQNHE以及 AMF釆用与 HLR/AUC计算 AUTN中 MAC- A—致的 算法生成 MAC-A, 然后终端将自身生成的 MAC-A 与网络侧生成的 MAC-A比较, 若不一致, 则认为对网络的鉴权未通过, 执行步驟 204; 若一致, 则执行步骤 205。
步驟 204中, 终端向网络返回"鉴权失败,,的信息, 然后结束本次流 程。
步骤 205 , 终端判断 SQNHE是否在可接受范围内, 如果是, 则判断 出对网络鉴权通过, 并执行步骤 206, 否则, 判断出同步失败, 并执行 步骤 207。
步骤 206 ,终端用约定的特定值代替 SQNMS产生再同步标记 AUTS , 对网络发起再同步请求命令, 并附上再同步标记 AUTS。 具体地说, 终 端用约定的特定值代替 SQNMS并根据自己的 KI和接收到的 RAND以 及 AMF等计算得到 MAC-S, 再用约定的特定值代替 SQNMS并根据 AK和 MAC-S产生再同步标记 AUTS ,向网络侧发送再同步请求命令并 附上所述再同步标记 AUTS。 也即, 向 MSC/VLR发送同步失败消息, 该同步失败消息中包含了 AUTS。 该约定的特定值对应的约定内容, 也 即网络侧识别到该约定的特定值时执行的内容为 "产生新的鉴权密钥"; 在本步骤中还包括终端根据 RAND和 KI产生新的鉴权密钥。 然后执行 步骤 208。
步骤 206, 终端可以进一步根据 SQNHE更新保存的 SQNMS。
步驟 207,终端直接根据 SQNMS产生再同步标记 AUTS,对网络发 起再同步请求命令, 并附上再同步标记 AUTS。 具体地说, 终端根据自 己的 KI、 SQNMS和接收到的 RAND以及 AMF等计算得到 MAC-S, 再根据 SQNMS、 AK和 MAC-S产生再同步标记 AUTS, 然后对网络侧 发起再同步请求命令, 并附上该再同步标记 AUTS。 也即, 向 MSC/VLR 发送同步失败消息,该同步失败消息中包含了 AUTS。然后执行步骤 208。 步骤 208, 网络侧接收到再同步请求命令时, 根据对应五元組中的 RAND, 保存的 KI、 接收到的 AUTS中的 SQNMS和 AMF等采用与终 端意一致的算法计算得到 MAC-S, 然后通过比较自身产生的 MAC-S与 接收到的 AUTS中的 MAC-S是否一致来对终端鉴权,若 MAC-S值比较 一致则认为鉴权通过, 即认为 AUTS合法, 然后执行步骤 209; 否则, 认为 AUTS非法, 执行步驟 212;
具体地说,网絡侧的 MSC/VLR接收到终端返回的再同步标记 AUTS 时,将 AUTS和对应五元组中的 RAND—并发送给 HLR/AUC, HLR/AUC 先根据接收到 RAND、 AUTS中的 SQNMS、 自己保存的 KI和 AMF等 采用与终端一致的算法计算得出 MAC-S, 再将之与接收到的 AUTS 中 的 MAC-S比较, 若一致, 判断出 AUTS合法, 否则, 判断出 AUTS非 法。 需要说明的是, 如果 AUTS 中 SQNMS 根据 AK进行了加密, HLR/AUC可以根据 RAND和 KI产生 AK来解密 SQNMS密文, 得到 SQNMS 明文。 由于这是 3GPP协议规范内容, 因此, 这里不对其进行 详细叙述。
步骤 209, 网络侧 HLR/AUC判断 AUTS中的 SQNMS是否为约定 的特定值。 如果为约定的特定值则执行步骤 210; 如果不为约定的特定 值则执行步骤 211 ;
步驟 210, 网络侧执行约定的特定值对应的约定内容, 即执行鉴权 密钥更新动作, 也就是 HLR/AUC根据 RAND和 KI釆用与终端一致的 算法产生新的鉴权密钥, 然后结束本次信息传递流程。
步驟 211 , HLR/AUC根据 SQNMS的值更新 SQNHE, 然后结束本 次信息传递流程。
步骤 212, 网络侧返回失败信息; 然后结束本次信息传递流程。 对本发明而言, 在步驟 206以及 207中, 实际中产生 MAC-S时, 不使用 AMF也不影响本方法的实现,即也可仅根据 RAND, KI、 SQNMS 计算产生, 至于具体算法可参照 3GPP规范。 当然, 若终端如此操作时, 在步骤 208中,网絡侧也应采取与终端一致的参数和算法来生成 MAC-S 对终端鉴权, 这样的改变应视为对本实施例的变形, 应属于本发明的保 护范围。
本实施例中, 步驟 208和 209, 及其以后步骤, 网络侧接收到再同 为约定的特定值, 如果不是, 则按照正常的同步流程处理, 而不是直接 执行步骤 211, 否则, 即, 判断出 AUTS中的 SQNMS为约定的特定值 时, 进一步判断 AUTS 的合法性, 并在判断出 AUTS合法后执行步骤. 210, 在判断出 AUTS非法后执行步骤 212。
请参阅图 3 , 图 3所示为本发明具体实施方式一的第二实施例, 本 实施例中相对于上述第一实施例, 网络侧接收到再同步请求命令时, 网 后判断 AUTS的合法性, 如下:
在步骤 301 , 终端向网络发起位置更新请求;
在步骤 302, 网络侧接收到所述请求后, 通过对终端发送鉴权请求, 将产生的对应该终端的鉴权元组中的相应的鉴权参数发送给终端。
具体地说, HLR/AUC根据随机数发生器产生随机数 RAND, 根据 RAND和鉴权密钥 KI分别计算出期望响应 XRES、 加密密钥 CK、 完整 性密钥 IK。 根据随机数 RAND、 序列号 SQNHE、 鉴权密钥 KI和 AMF 计算产生出消息鉴权编码 MAC-A, 再根据 MAC-A、 SQNHE ^ 匿名密 钥 AK及鉴权管理域 AMF产生 AUTN。 这里, 当需要对 SQNHE进行 加密时, HLR/AUC根据 RAND和 KI产生 AK, 使用 AK对 SQNHE作 异或运算,从而加密 SQNHE; 当不需要对 SQNHE进行加密时, AK = 0; 然后 HLR/AUC将 RAND、 AUTN、 XRES、 CK和 IK組成的五元组 和对应的 IMSI—起发送给 MSC/VLR。 鉴权时, MSC/VLR向终端发起 鉴权请求, 并同时将五元组中相应的鉴权参数 RAND和 AUTN发送给 终端。
实际应用中, 不产生期望响应 XRES、 加密密钥 CK及完整性密钥 IK也不影响本发明的实现。 可视为对本实施例的变形。
步骤 303 , 终端接收到鉴权请求时, 先对网络进行鉴权, 判断鉴权 是否通过。
具体地说, 终端接收到来自网络侧的随机数 RAND 和鉴权标记 AUTN时, 根据接收到的 RAND、 自身保存的 KI和接收到的 AUTN中 的 SQNHE以及 AMF采用与 HLR/AUC计算 AUTN中 MAC-A—致的 算法生成 MAC-A, 然后终端将自身生成的 MAC-A 与网络侧生成的 MAC- A比较, 若不一致, 则认为对网络的鉴权未通过, 执行步骤 304; 若一致, 则执行步骤 305。
步骤 304中, 终端向网络返回"鉴权失败"的信息, 然后结束本次流 程。
步骤 305 , 终端判断 SQNHE是否在可接受范围内, 如果是, 则判断 出对网络鉴权通过, 并执行步骤 306, 否则, 判断出同步失败, 并执行 步骤 307。
步骤 306 ,终端用约定的特定值代替 SQNMS产生再同步标记 AUTS, 对网络发起再同步请求命令, 并附上再同步标记 AUTS。 具体地说, 终 端用约定的特定值代替 SQNMS并根据自己的 KI和接收到的 RAND以 及 AMF等计算得到 MAC-S, 再用约定的特定值代替 SQNMS并根据 AK和 MAC-S产生再同步标记 AUTS ,向网络侧发送再同步请求命令并 附上所述再同步标记 AUTS。 也即, 向 MSC/VLR发送同步失败消息, 该同步失败消息中包含了 AUTS。 该约定的特定值对应的约定内容, 也 即网络侧识别到该约定的特定值时执行的内容为 "产生新的鉴权密钥"; 在本步骤中还包括终端根据 RAND和 KI产生新的鉴权密钥。 然后执行 步骤 308。
步驟 306, 终端可以进一步根据 SQNHE更新保存的 SQNMS。
步驟 307,终端直接根据 SQNMS产生再同步标记 AUTS,对网络发 起再同步请求命令, 并附上再同步标记 AUTS。 具体地说, 终端根据自 己的 KI、 SQNMS和接收到的 RAND以及 AMF等计算得到 MAC-S, 再根据 SQNMS、 AK和 MAC-S产生再同步标记 AUTS, 然后对网络侧 发起再同步请求命令, 并附上该再同步标记 AUTS。也即, 向 MSC/VLR 发送同步失败消息,该同步失败消息中包含了 AUTS。然后执行步骤 308。
步骤 308, 网络侧接收到再同步请求命令时, 网络侧 HLR/AUC判 断 AUTS中的 SQNMS是否为约定的特定值。 如果为约定的特定值则执 行步骤 309; 如果不为约定的特定值则执行步骤 310;
需要说明的是, 如果 AUTS 中 SQNMS 根据 AK 进行了加密, HLR/AUC可以根据 RAND和 KI产生 AK来解密 SQNMS密文, 得到 SQNMS明文。 由于这是 3GPP协议规范内容, 因此, 这里不对其进行 详细叙述。
步驟 309, 网络侧根据对应五元组中的 RAND、 保存的 KI、 接收到 的 AUTS 中的 SQNMS 和 AMF 等采用与终端一致的算法计算得到 MAC-S , 然后通过比较自身产生的 MAC-S 与接收到的 AUTS 中的 MAC-S是否一致来对终端鉴权,若 MAC-S值比较一致则认为鉴权通过, 即认为 AUTS合法, 然后执行步骤 311 ; 否则, 认为 AUTS非法, 执行 步骤 313;
具体地说,网络侧的 MSC/VLR接收到终端返回的再同步标记 AUTS 时,将 AUTS和对应五元组中的 RAND—并发送给 HLR/AUC, HLR/AUC 先根据接收到 RAND、 AUTS中的 SQNMS、 自己保存的 KI和 AMF等 采用与终端一致的算法计算得出 MAC-S, 再将之与接收到的 AUTS 中 的 MAC-S比较, 若一致, 判断出 AUTS合法, 否则, 判断出 AUTS非 法。
步驟 311 , 网络侧执行约定的特定值对应的约定内容, 即执行鉴权 密钥更新动作, 也就是 HLR/AUC根据 RAND和 KI采用与终端一致的 算法产生新的鉴权密钥, 然后结束本次信息传递流程。
步骤 310, 网络侧根据对应五元组中的 RAND、 保存的 KI、 接收到 的 AUTS 中的 SQNMS 和 AMF等采用与终端意一致的算法计算得到 MAC-S , 然后通过比较自身产生的 MAC-S 与接收到的 AUTS 中的 MAC-S是否一致来对终端鉴权,若 MAC-S值比较一致则认为鉴权通过, 即认为 AUTS合法, 然后执行步骤 312; 否则, 认为 AUTS非法, 执行 步骤 313;
具体地说,网络侧的 MSC/VLR接收到终端返回的再同步标记 AUTS 时,将 AUTS和对应五元组中的 RAND—并发送给 HLR/AUC, HLR/AUC 先根据接收到 RAND、 AUTS中的 SQ MS、 自己保存的 KI和 AMF等 采用与终端一致的算法计算得出 MAC-S, 再将之与接收到的 AUTS 中 的 MAC-S比较, 若一致, 判断出 AUTS合法, 否则, 判断出 AUTS非 法。
步骤 312, HLR/AUC根据 SQNMS的值更新 SQNHE, 然后结束本 次信息传递流程。
步骤 313 , 网络侧返回失败信息; 然后结束本次信息传递流程。 对本发明而言, 在步骤 306以及 307中, 实际中产生 MAC-S时, 不使用 AMF也不影响本方法的实现,即也可仅根据 RAND, KI、 SQNMS 计算产生, 至于具体算法可参照 3GPP规范。 当然, 若终端如此操作时, 在步骤 309或 310中, 网絡侧也应采取与终端一致的参数和算法来生成 MAC-S对终端鉴权,这样的改变应视为对本实施例的变形,应属于本发 明的保护范围。
上述实施方式和实施例中, 说明了对于 SQNMS是否为约定的特定 值的判断, 以及对于 AUTS的合法性判断, 其顺序可以调换, 一般情况 下, 调换判断顺序并不影响到实施效果。 但值得注意的是, 在先判断 SQNMS 是否为约定的特定值, 后判断 AUTS 的合法性的情况下, HLR/AUC在判断出 SQNMS为约定的特定值后, 可以根据 SQNMS的 特定值来进一步确定判断 AUTS合法性时使用的判断处理方式, 比如, 使用何种算法或参数来执行判断, 等等。 因此, 先判断 SQNMS是否为 约定的特定值, 后判断 AUTS的合法性的情况可以使得本方法具有更强 的扩展性。
本发明所述的方法, 不只可用于向网络侧传送密钥更新请求信息, 还可以向 HLR/AUC传送更新鉴权算法的请求信息, 还可以向网络侧传 送终端是否执行防盗验证和取消防盗验证信息, 以及向 HLR/AUC传送 终端是否支持变换 SQN验证参数和设置限制 IK和 CK的有效时间的阈 值等等。
对于 HLR/AUC发起密钥更新的情况下, 终端可以利用本发明方法 向 HLR/AUC返回密钥更新是否成功的信息。
实际当中, 可以设定 SQNMS的某些值可以用作约定的特定值, 比 如, 设定 SQNMS小于 256范围内的值作为可以用作约定的特定值, 显 然,这样 SQNMS用于判断 AUTN是否可以接受的初始值应该大于等于 256, 当然, 也可以设置某一个值, 比如 1024为可以用作约定的特定值。 还可以同时设定 SQNMS在某一范围内的值和某些特定值作为可以用作 约定的特定值,例如可以同时设定 SQNMS小于 256范围内的值和 1024、 2048两个特定值作为可以用作约定的特定值。 例如, 约定将 SQNMS = 128表示为终端向 HLR/AUC传送倩求更新鉴权密钥的信息,将 SQNMS = 12表示为终端向 HLR/AUC传送终端设置防盗验证的信息,将 SQNMS = 13表示为终端向 HLR/AUC传送终端取消防盗验证的信息 ,将 SQNMS = 1023表示为终端向 HLR/AUC传送密钥更新成功的信息, 将 SQNMS = 1024表示为终端向 HLR/AUC传送密钥更新失败的信息。
上述 MSC/VLR 为电路域设备, 对于分组域的网络, 对应的 MSC/VLR设备为 SGSN, 因此本发明可以等同应用于分组域。
上述各个具体实施方式或实施例中 , 终端和 HLR/AUC产生新鉴权 密钥可以是使用成熟的摘要算法,相应摘要算法可以参见《应用密码学》 一书或相关的算法论文或报告; 当然,产生新密钥时,也可以使用 3GPP 协议中提到的由随机数 RAND和鉴权密钥 KI产生加密密钥 CK或完整 性密钥 IK的算法来进行。
上述各个具体实施方式或实施例中, 终端对于 AUTN—致性验证, 对于 SQNHE是否属于可接受范围的判断, HLR7AUC对于 AUTS合法 性的验证, 以及 HLR/AUC产生鉴权元组时, 对于 SQNHE的更新; 产 生鉴权元组的算法, 以及产生 AUTS的算法, 等等, 可以参见 3GPP相 关协议, 由于是公知技术, 这里不再赘述。
下面对本发明的具体实施方式二进行介绍, 通过具体实施方式二对 本发明在两个通信单元间的实施及应用予以说明, 所述单元包括第一单 元和第二单元, 在第一单元中保存第一鉴权密钥 AK1 和第一同步密钥 SK1 , 在第二单元对应地保存第二鉴权密钥 AK2和第二同步密钥 SK2; 在第一单元中保存第一序列号 SQN1 , 在第二单元中保存第二序列号 SQN2。 鉴权时, 第二单元将产生的鉴权参数信息发送给第一单元, 所述鉴 权参数信息包括一个随机数 RAND , SQN2 和一个消息鉴权编码 MAC-A; 实际当中, 第二单元产生鉴权参数信息时, 首先产生一个随机 数 RAND, 比如, 第二单元设置一个随机数发生器, 通过随机数发生器 产生该随机数 RAND,然后根据随机数 RAND、 SQN2和 AK2进行计算, 得到消息鉴权编码 MAC-A; 第一单元对接收自第二单元的鉴权参数信 息进行一致性验证,也即,对 MAC-A进行一致性验证,这里是根据 AK1 和接收自第二单元的 RAND以及 SQN2, 按照和第二单元计算 MAC-A 一致的方法进行计算, 得到一个计算结果, 并比较自己计算得到的结果 和接收自第二单元的 MAC-A是否一致, 如果不一致, 则对 MAC-A的 一致性验证不通过, 判断出对第二单元鉴权不通过。 如果 MAC-A的一 致性验证通过, 则第一单元根据自己保存的 SQN1验证 SQN2是否可以 接受, 如果可以接受, 则判断出对第二单元鉴权通过, 并根据 SQN2更 新 SQN1; 如果判断 SQN2不可以接受, 则第一单元根据 RAND、 SQN1 和 SK1进行计算得到一个再同步鉴权编码 MAC-S, 向第二单元发送再 同步消息, 消息中包括 SQN1和 MAC-S。第二单元验证第一单元的再同 步消息的合法性, 也即险证再同步鉴权编码 MAC-S的合法性, 这里是 根据自己保存的 SK2、 RAND和接收自第一单元的 SQN1 , 按照和第一 单元计算 MAC-S—致的方法进行计算, 得到一个计算结果, 并比较自 己计算得到的结果和接收自第一单元的 MAC-S是否一致, 如果一致, 则判断出第一单元的再同步消息合法, 并根据 SQN1更新 SQN2; 如果 不一致, 则判断出第一单元的再同步消息非法。 这里, 第二单元验证 MAC-S 一致性时, 需要用到 RAND, 第二单元可以事先在产生鉴权参 数之后保存了对应的 RAND,也可以是由第一单元将该 RAND回送给第 二单元, 需要注意的是, 由第一单元将该 RAND回送给第二单元的做法 降低了本方法的安全性, 例如, 可能受到消息重放的攻击。
上述第一单元根据 SQN2更新 SQN1 , 可以是将 SQN1的值设置为 等于 SQN2。
上述第二单元根据 SQN1更新 SQN2, 可以是将 SQN2的值设置为 等于 SQN1 , 或者根据 SQN1产生一个新值来代替 SQN2本身的值; 或 在将 SQN2的值设置为等于 SQN1之后, 重新根据 SQN2产生一个新值 来代替 SQN2本身的值。 根据 SQN1 或 SQN2产生一个新值可以是对 SQN1或 SQN2增加一个随机增量, 比如增加一个 1到 256之间的随机 数来得到所述新值。 实际当中, 可以通过随机数发生器来产生 1到 256 之间的随机数。
上述第一单元根据自己保存的 SQN1验证 SQN2是否可以接受, 可 以是判断 SQN1和 SQN2的差值是否在一定的范围内,例如,是否 (SQN1 - SQN2)大于 0, 或者是否 (SQNl - SQN2)大于 0且小于 256, 等等。 如 果差值在所述范围内, 则判断出 SQN2可以接受, 否则, 判断 SQN2不 可以接受。
上述计算 MAC-A和 MAC-S值的计算可以是已知的摘要计算,也可 以是使用业界公知的一些算法来进行。
上述第二单元更新 SQN2以后, 可以重新开始上述鉴权流程, 即第 二单元产生一个随机数 RAND, 比如, 第二单元通过设置的随机数发生 器产生该随机数 RAND。 第二单元根据随机数 RAND、 SQN2和 AK2 进行计算, 得到一个消息鉴权编码 MAC-A, 并将 RAND、 SQN2 和 MAC-A发送给第一单元, 第一单元进行相应处理, 等等。
第一单元和第二单元预先约定: 第二单元在接收到第一单元的再同 步消息后, 如果判断出 SQN1为约定的特定值时, 则根据该特定值执行 对应的约定内容, 也即执行对应操作。 根据约定, 第一单元可以向第二单元传送特定的信息, 使第二单元 根据特定信息执行对应的特定操作。
第一单元可以和第二单元预先约定: 第二单元在接收到第一单元的 再同步消息后, 如果判断出 SQN1为约定的特定值时, 则根据该特定值 执行对应的约定内容, 也即执行对应操作。 所述执行对应约定的内容可 以是执行密钥更新、 执行鉴权算法更新、 获得相关信息和返回特殊操作 执行结果信息等等操作中的一个或者多个。 所述获得相关信息可以是获 得第一单元是否具备某种能力, 例如, 根据 SQN1的值获得第一单元是 否支持 GPS定位功能, 是否支持移动支付等等, 所述特殊操作可以第一 单元执行的一些特定操作, 例如根据某种配置进行初始化操作执行结 果, 等等。
请参阅图 4, 为本发明具体实施方式二的第一实施例中, 第一单元 需要向第二单元传送特定的信息时的主流程:
在步骤 402, 鉴权时, 第二单元将产生的鉴权参数信息发送给第一 单元。
所述鉴权参数信息包括一个随机数 RAND, SQN2和一个消息鉴权 编码 MAC-A; 实际当中, 第二单元产生鉴权参数时, 首先产生一个随 机数 RAND, 比如, 第二单元通过设置的随机数发生器产生该随机数 RAND, 然后根据随机数 RAND、 SQN2和 AK2进行计算, 得到一个消 息鉴权编码 MAC-A, 并将 RAND、 SQN2和 MAC-A作为要发送给第一 单元的鉴权参数;
在步骤 403 , 第一单元对接收自第二单元的消息进行一致性验证, 也即, 根据 AK1和接收自第二单元的 RAND以及 SQN2, 按照和第二 单元计算 MAC-A—致的方法进行计算, 得到一个计算结果, 并比较自 己计算得到的结果和接收的 MAC-A是否一致, 如果不一致, 则判断出 对第二单元鉴权不通过。 如果一致性验证通过, 则执行步驟 404。
在步骤 404, 第一单元根据自己保存的 SQN1验证 SQN2是否可以 接受, 如果可以接受, 则判断出对第二单元鉴权通过, 并根据 SQN2更 新 SQN1 , 执行步骤 405; 否则, 如果判断 SQN2 不可以接受, 则执行 步骤 406。
在步骤 405,第一单元用约定的特定值代替 SQN1并根据自己的 SK1 和接收到的 RAND等进行计算得到一个再同步鉴权编码 MAC-S, 向第 二单元发送再同步消息, 消息中包括代替 SQN1的所述约定的特定值和 MAC-S , 第二单元接收到再同步消息后进入执行同步处理的子流程。
在步骤 406, 第一单元根据 RAND, SQN1和 SK1进行计算得到一 个消息鉴权编码 MAC-S, 第一单元向第二单元发送再同步消息, 消息中 包括 SQN1和 MAC-S,第二单元接收到再同步消息后进入执行同步处理 的子流程。
上述步骤 404第一单元根据自己保存的 SQN1验证 SQN2是否可以 接受, 可以是判断 SQN1和 SQN2的差值是否在一定的范围内, 例如, 是否 (SQN1 - SQN2)大于 0,或者是否 (SQN1 - SQN2)大于 0且小于 256, 等等。 如果差值在所述范围内, 则判断出 SQN2可以接受, 否则, 判断 SQN2不可以接受。
请参阅图 5, 为本发明具体实施方式二的第一实施例中, 第一单元 不需要向第二单元传送特定的信息时的主流程:
在步骤 502, 鉴权时, 第二单元将产生的鉴权参数信息发送给第一 单元。
所述鉴权参数信息包括一个随机数 RAND, SQN2和一个消息鉴权 编码 MAC-A; 实际当中, 第二单元产生鉴权参数时, 首先产生一个随 机数 RAND, 比如, 第二单元通过设置的随机数发生器产生该随机数 RAND, 第二单元根据随机数 RAND、 SQN2和 AK2进行计算, 得到一 个消息鉴权编码 MAC-A, 并将 RAND、 SQN2和 MAC-A作为要发送给 第一单元的鉴权参数;
在步骤 503 , 第一单元对接收自第二单元的消息进行一致性验证, 也即, 根据 AK1和接收自第二单元的 RAND以及 SQN2, 按照和第二 单元计算 MAC-A—致的方法进行计算, 得到一个计算结果, 并比较自 己计算得到的结果和接收的 MAC-A是否一致, 如果不一致, 则判断出 对第二单元鉴权不通过。 如果一致性验证通过, 则执行步骤 504。
在步骤 504, 第一单元根据自己保存的 SQN1验证 SQN2是否可以 接受, 如果可以接受, 则判断出对第二单元鉴权通过, 执行步骤 506, 即根据 SQN2更新 SQN1 , 并结束流程; 否则, 如果判断 SQN2不可以 接受, 则执行步驟 505。
在步骤 505, 第一单元根据 RAND、 SQNl和 SKI进行计算得到一 个消息鉴权编码 MAC-S,第一单元向第二单元发送再同步消息, 消息中 包括 SQN1和 MAC-S,第二单元接收到再同步消息后进入执行同步处理 的子流程。
上述步骤 504第一单元根据自己保存的 SQN1验证 SQN2是否可以 接受, 可以是判断 SQN1和 SQN2的差值是否在一定的范围内, 例如, 是否 (SQN1 - SQN2)大于 0,或者是否 (SQN1 - SQN2)大于 0且小于 256, 等等。 如果差值在所述范围内, 则判断出 SQN2可以接受, 否则, 判断 SQN2不可以接受。
请参阅图 6, 为本发明具体实施方式二的第一实施例中的第二单元 执行同步处理的子流程:
在步骤 601, 第二单元验证第一单元的再同步消息的合法性, 如果 第一单元的再同步消息合法则执行步骤 602, 如果第一单元的再同步消 息非法则执行步驟 603 , 即返回同步失败信息, 结束流程。
在步骤 602, 第二单元判断再同步消息中 SQN1是否为约定的特定 值, 如果不是, 则执行步驟 604; 如果是, 则执行步骤 605。
在步驟 604, 根据 SQN1更新 SQN2, 结束流程。
在步骤 605 , 第二单元执行对应约定的内容, 也即执行对应操作。 实际当中, 可以预先约定第二单元在接收到第一单元的再同步消息后, 如果判断出再同步消息中 SQN1为约定的特定值时, 则根据该特定值执 行对应的约定内容, 也即执行对应操作。 然后, 结束流程。
请一并参阅本发明的图 4、 图 5及图 7, 为本发明的具体实施方式二 的第二实施例, 与上述第一实施例的区别在于: 第一实施例中第二单元 执行同步处理的子流程时, 先进行再同步消息的合法性判断, 而后进行 再同步消息中 SQN1是否为约定的特定值的判断。 在本实施例中, 先判 断再同步消息中 SQN1是否为约定的特定值, 而后进行再同步消息的合 法性判断, 如图 7所示:
在步骤 701 , 第二单元验证第一单元的再同步消息中 SQN1是否为 约定的特定值, 如果是, 则执行步骤 702, 否则, 执行步骤 703。
在步骤 702, 第二单元验证第一单元的再同步消息的合法性, 如果 第一单元的再同步消息合法则执行步骤 704, 如果第一单元的再同步消 息非法, 则执行步骤 706。
在步骤 703 , 第二单元验证第一单元的再同步消息的合法性, 如果 第一单元的再同步消息合法则执行步骤 705, 否则, 如果第一单元的再 同步消息非法,则执行步骤 706。
在步骤 704, 第二单元执行对应约定的内容, 也即执行对应操作。 实际当中,可以预先约定 B单元在接收到 A单元的再同步消息后,如果 判断出再同步消息中 SQN1为约定的特定值时, 则 居该特定值执行对 应的约定内容, 也即执行对应操作。 然后结束流程。
在步骤 705, 根据 SQN1更新 SQN2, 然后结束流程。
步骤 706, 返回同步失败信息, 然后结束流程。
上述具体实施方式二中, 第二单元执行同步处理的子流程时, 第二 单元验证第一单元的再同步消息的合法性具体可以是, 第二单元根据自 己保存的 SK2、 RAND和接收自第一单元的 SQN1 , 按照和第一单元计 算 MAC-S—致的方法进行计算, 得到一个计算结果, 并比较自己计算 得到的结果和接收自第一单元的 MAC-S是否一致, 如果一致, 则判断 出 MAC-S合法, 也即第一单元的再同步消息合法; 如果不一致, 则判 断出 MAC-S非法, 也即第一单元的再同步消息非法。 这里, 第二单元 验证 MAC-S—致性时, 需要用到 RAND, 第二单元可以事先在产生鉴 权参数之后保存了对应的 RAND,也可以是由第一单元将该 RAND回送 给第二单元, 当然, 后者可能会存在一定的安全隐患, 例如, 可能受到 消息重放的攻击。
上述具体实施方式或实施例中, 说明了对于 SQN1是否为约定的特 定值的判断, 以及对于再同步消息的合法性判断, 其顺序可以调换, 一 般情况下, 调换判断顺序并不影响到实施效果。 但值得注意的是, 在具 体实施方式二的第二实施例中, 即先判断 SQN1是否为约定的特定值, 后判断再同步消息的合法性的情况下, 第二单元在判断出 SQN1为约定 的特定值后, 可以根据 SQN1的特定值来进一步确定判断再同步消息合 法性时所使用的判断处理方式, 比如, 根据所述约定的特定值确定使用 何种算法或采用哪些参数来执行所述对再同步消息的合法性判断, 等 等。 因此, 先判断 SQN1是否为约定的特定值, 后判断再同步消息的合 法性的情况可以使得本方法具有更强的扩展性。
上述具体实施方式或实施例中,第一单元再计算再同步鉴权编码时, 可以不使用随机数参与运算, 相应的, 第二单元验证第一单元的再同步 消息的合法性时, 也不使用随机数参与运算。 不过, 这样会降低第一同 步密钥的安全性, 是针对本发明的一种改劣实现, 因此, 这里不再详细 阐述这种改劣方法的具体实施步骤。
上述具体实施方式或实施例中, 在第一单元中, 第一鉴权密钥 AK1 和第一同步密钥 SK1可以相同, 也即, 第一鉴权密钥 AK1和第一同步 密钥 SK1 可以是同一个密钥; 相应地, 在第二单元中, 第二鉴权密钥 AK2和第二同步密钥 SK2也可以相同, 也即, 第二鉴权密钥 AK2和第 二同步密钥 SK2也可以是同一个密钥。
上述第二实施方式及相关实施例中, 可以设定 SQN1的某些值用作 约定的特定值, 比如, 设定 SQN1小于 256范围内的值作为可以用作约 定的特定值, 显然, 这样 SQN1用于判断 SQN2是否可以接受的初始值 应该大于等于 256。 当然, 也可以设置某一个值, 比如 1024为可以用作 约定的特定值。 还可以同时设定 SQN1在某一范围内的值和某些特定值 作为可以用作约定的特定值, 例如可以同时设定 SQN1小于 256范围内 的值和 1024、 2048 两个特定值作为可以用作约定的特定值。 例如, 约 定将 SQN1 = 128表示为向第二单元传送更新鉴权密钥的信息,将 SQN1 = 1023表示为向第二单元传送密钥更新成功的信息,将 SQN1 = 1024表 示为向第二单元传送密钥更新失败的信息。
可以理解, 以上所述仅为本发明的较佳实施例 , 并不用以限制本发 明, 凡在本发明的精神和原则之内所作的任何修改、等同替换、 改进等, 均应包含在本发明的保护范围之内。

Claims

权利要求书
1. 一种信息传递方法, 用于 3G网络中终端向网络传递信息, 其特 征在于, 所述方法包括以下步骤:
a. 终端用约定的特定值代替 SQNMS产生再同步标记 AUTS, 对网 络发送再同步请求命令且附上所述再同步标记 AUTS;
b. 网络侧在接收到所述再同步请求命令并判断出所述再同步标记 AUTS中的 SQNMS为所述约定的特定值时, 执行所述约定的特定值对 应的操作。
2. 根据权利要求 1所述的方法, 其特征在于, 所述方法还包括, 在 步骤 a之前终端对网络侧发送可引起鉴权流程的消息, 网络侧接收到所 述消息时对终端发起鉴权请求且附上产生的相应的鉴权参数, 终端接收 所述鉴权参数; 相应地, 在步骤 a中, 终端在向网络侧发送再同步请求 命令前根据所述鉴权参数对网络进行鉴权。
3. 根据权利要求 2所述的方法, 其特征在于, 所述步骤 a之前终端 对网络侧发送可引起鉴权流程的消息可以是位置更新请求或业务请求。
4. 根据权利要求 2所述的方法, 其特征在于, 所述鉴权参数包括随 机数 RAND和鉴权标记 AUTN, 相应的, 在步骤 a中所述对网络进行鉴 权是根据 RAND和 AUTN对网络鉴权。
5.根据权利要求 4所述的方法,其特征在于,根据 RAND和 AUTN 对网络鉴权是指判断 AUTN是否满足一致性要求, 如果不满足, 则对网 絡鉴权失败。
6. 根据权利要求 5所述的方法, 其特征在于, 判断出 AUTN满足 一致性要求后, 进一步判断 SQNHE是否在可接受的范围内, 如果是, 则确认对网络鉴权通过, 用所述约定的特定值代替 SQNMS产生再同步 标记 AUTS, 否则, 直接根据 SQNMS产生再同步标记 AUTS。
7. 根据权利要求 1所述的方法, 其特征在于, 步骤 b还包括判断 AUTS是否合法。
8. 根据权利要求 7所述的方法, 其特征在于, 所述步驟 b中: 判断 出 SQNMS为所述约定的特定值后进一步判断 AUTS是否合法, 若合法 则执行对应的约定内容。
9. 根据权利要求 7所述的方法, 其特征在于, 所述步骤 b中: 判断 出 AUTS合法后进一步判断 SQNMS是否为所述约定的特定值, 若是则 执行对应的约定内容, 否则, 根据 SQNMS更新 SQNHE。
10. 根据权利要求 1所述的方法, 其特征在于, 所述约定的特定值 是指约定某一范围内的值或某个或多个具体值。
11. 根据权利要求 1所述的方法, 其特征在于, 所述执行约定内容 可以是执行密钥更新、 执行鉴权算法更新、 执行防盗验证、 取消防盗验 证、 获得相关信息和返回特殊操作执行结果信息中一个或多个。
12. 一种鉴权方法, 用于通信网络中终端与网络间的鉴权, 其特征 在于, 所述方法包括以下步驟:
a. 网络侧产生随机数, 并根据随机数、 终端的鉴权密钥和序列号生 成鉴权元組, 发送给终端;
b. 终端根据自身保存的鉴权密钥对所述鉴权元组进行一致性验证, 并根据自身保存的序列号判断来自网络的序列号是否可接受, 判断出对 所述鉴权元组的一致性验证通过, 且所述来自网络的序列号可接受时, 对网络鉴权通过, 并用约定的特定值代替终端保存的序列号生成再同步 标记, 向网络发送再同步请求且附上所述再同步标记;
c 网络在接收到所述再同步请求, 判断出所述再同步标记中的所述 序列号为所述约定的特定值时, 行约定的对应操作。
13. 根据权利要求 12所述的方法, 其特征在于, 所述方法还包括: 在步骤 a之前, 终端对网络侧发送可引起鉴权流程的消息, 所述消息可 以是位置更新请求或业务请求。
14. 根据权利要求 12所述的方法, 其特征在于, 所述步骤 b中还包 括, 当终端判断出对来自网络的所述鉴权元組一致性验证通过但来自网 络的序列号不属于可接受的范围时, 直接根据终端保存的序列号生成再 同步标记, 向网络发送再同步请求且附上所述再同步标记。
15. 根据权利要求 12所述的方法, 其特征在于, 所述步骤 b中还包 括, 当终端判断出对来自网络的所述鉴权元组一致性验证未通过时, 则 向网络发送鉴权失败信息。
16. 根据权利要求 12所述的方法, 其特征在于, 所述步骤 b中还包 括, 终端判断出对所述鉴权元组的一致性验证通过, 且所述来自网络的 序列号可接受时, 根据所述来自网络侧的序列号更新终端侧保存的序列 号。
17. 根据权利要求 12所述的方法, 其特征在于, 所述步驟 c中还包 括: 网络侧对所述再同步标记进行合法性判断。
18. 根据权利要求 17所述的方法, 其特征在于, 所述步骤 c可以进 一步是: 判断出所述来自终端的序列号为所述约定的特定值后进一步判 断再同步标记是否合法 , 若合法则执行对应的约定内容。
19. 根据权利要求 17所述的方法, 其特征在于, 所述步骤 c可以进 一步是: 判断出再同步标记合法后进一步判断所述来自终端的序列号是 否为所述约定的特定值, 若是则执行对应的约定内容, 否则, 根据所述 来自终端的序列号更新网络侧保存的序列号。
20. 根据权利要求 12到 19中任一项所述的方法, 其特征在于, 所 述约定的特定值是指约定某一范围内的值或某个或多个具体值。
21. 根据权利要求 12到 19中任一项所述的方法, 其特征在于, 所 述执行约定内容可以是执行密钥更新、 执行鉴权算法更新、 执行防盗验 证、 取消防盗验证、 获得相关信息和返回特殊操作执行结果信息中一个 或多个。
22. —种鉴权方法, 用于可相互通信的单元之间的鉴权, 所述单元 至少包括: 保存了第一鉴权密钥、 第一同步密钥和第一序列号的第一单 元,以及保存了第二鉴权密钥、第二同步密钥和第二序列号的第二单元, 其特征在于, 所述方法至少包括以下步骤:
a. 第二单元产生随机数, 并根据随机数、 第二鉴权密钥和第二序列 号生成消息鉴权编码, 将所述随机数、 第二序列号和生成的消息鉴权编 码发送给第一单元;
b. 第一单元根据第一鉴权密钥和所述随机数以及第二序列号对所 述消息鉴权编码进行一致性验证, 并根据第一序列号判断第二序列号是 否可接受, 判断出对所述消息鉴权编码的一致性验证通过, 且第二序列 号可接受时, 对第二单元的鉴权通过, 并用约定的特定值代替第一序列 号和所述随机数以及第一同步密钥生成再同步鉴权编码, 向第二单元发 送再同步请求且附上所述再同步鉴权编码和代替第一序列号的所述约 定的特定值; .
c 第二单元在接收到所述再同步请求, 判断出来自第一单元的第一 序列号为所述约定的特定值时 , 执行约定的对应操作。
23. 根据权利要求 22所述的方法, 其特征在于, 所述步骤 b中所述 用约定的特定值代替第一序列号和第一同步密钥生成再同步鉴权编码 进一步是: 用约定的特定值代替第一序列号和所述随机数以及第一同步 密钥生成再同步鉴权编码。
24. 根据权利要求 23所述的方法, 其特征在于, 所述步骤 b中还包 括, 第一单元判断出对所述消息鉴权编码的一致性验证通过 且第二序 列号可接受时 , 根据所述第二序列号更新第一序列号。
25. 根据权利要求 23所述的方法, 其特征在于, 所述步骤 b中还包 括, 当第一单元判断出对所述消息鉴权编码的一致性验证通过但第二序 列号不属于可接受的范围时, 直接根据终第一序列号和所述随机数以及 第一同步密钥生成再同步鉴权编码, 向网络发送再同步请求且附上所述 再同步鉴权编码和第一序列号。
26. 根据权利要求 23所述的方法, 其特征在于, 所述步骤 b中还包 括, 当第一单元判断出对所述消息鉴权编码的一致性验证未通过时, 则 向第二单元发送鉴权失败信息。
27. 根据权利要求 23所述的方法, 其特征在于, 所述步骤 b中, 第 一单元对所述消息鉴权编码进行一致性验证进一步是: 第一单元根据第 一鉴权密钥、 所述随机数和第二序列号采用和第二单元根据所述随机 数、 第二鉴权密钥和第二序列号产生消息鉴权编码一致的方法产生一个 运算结果, 比较自己产生的运算结果和所述消息鉴权编码是否一致, 如 果一致, 则对所述消息鉴权编码的一致性验证通过, 否则, 对所述消息 鉴权编码的一致性验证不通过。
28. 根据权利要求 23所述的方法, 其特征在于, 所述步骤 b中, 第 一单元判断第二序列号是否可接受进一步是: 判断第二序列号和第一序 列号的差值是否在一定的范围内,如果是,则判断出第二序列号可接受, 否则, 判断出第二序列号不可以接受。
29. 根据权利要求 23所述的方法, 其特征在于, 所述步驟 c中还包 括: 第二单元对所述再同步鉴权编码进行合法性判断。
30. 根据权利要求 29所述的方法, 其特征在于, 所述步骤 c可以进 一步是: 判断出所述来自第一单元的第一序列号为所述约定的特定值后 进一步判断再同步鉴权编码是否合法, 若合法则执行对应的约定内容;
3 1. 根据权利要求 29所述的方法, 其特征在于, 所述步骤 c可以进 一步是: 判断出来自第一单元的再同步鉴权编码合法后进一步判断所述 第一序列号是否为所述约定的特定值, 若是则执行对应的约定内容, 否 则, 根据所述第一序列号更新保存的第二序列号。
32. 根据权利要求 29所述的方法, 其特征在于, 所述步骤 c进一步 包括: 判断出来自第一单元的再同步鉴权编码非法后, 返回失败信息。
33. 根据权利要求 30到 32中任一项所述的方法, 其特征在于, 所 述步骤 c中第二单元对所述再同步鉴权编码进行合法性判断进一步是: 第二单元根据第二同步密钥、 所述随机数和第一序列号釆用和第一单元 根据所述随机数、 第一同步密钥和第一序列号产生再同步鉴权编码一致 的方法产生一个运算结果, 比较自己产生的运算结果和所述再同步鉴权 编码是否一致, 如果一致, 则判断出再同步鉴权编码合法, 否则, 判断 出再同步鉴权编码非法。
34. 根据权利要求 22中所述的方法, 其特征在于, 所述约定的特定 值是指约定某一范围内的值或某个或多个具体值。
35. 根据权利要求 22中所述的方法, 其特征在于, 所述执行约定内 容可以是执行密钥更新、 执行鉴权算法更新、 获得相关信息和返回特殊 操作执行结果信息中一个或多个。
PCT/CN2006/001193 2005-06-04 2006-06-02 Procede d'authentification et procede de transmission d'informations correspondant WO2006131061A1 (fr)

Priority Applications (5)

Application Number Priority Date Filing Date Title
AT06742080T ATE431050T1 (de) 2005-06-04 2006-06-02 Informationsübertragungsverfahren
EP06742080A EP1768426B1 (en) 2005-06-04 2006-06-02 Method for transmitting information
DE602006006629T DE602006006629D1 (de) 2005-06-04 2006-06-02 Informationsübertragungsverfahren
CN2006800119391A CN101160985B (zh) 2005-06-04 2006-06-02 一种鉴权方法及相应的信息传递方法
US11/626,989 US7773973B2 (en) 2005-06-04 2007-01-25 Method for authentication between a mobile station and a network

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN200510035162 2005-06-04
CN200510035162.X 2005-06-04
CNB2005100858884A CN100488280C (zh) 2005-06-04 2005-07-07 一种鉴权方法及相应的信息传递方法
CN200510085888.4 2005-07-07

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US11/626,989 Continuation US7773973B2 (en) 2005-06-04 2007-01-25 Method for authentication between a mobile station and a network

Publications (1)

Publication Number Publication Date
WO2006131061A1 true WO2006131061A1 (fr) 2006-12-14

Family

ID=37298579

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/001193 WO2006131061A1 (fr) 2005-06-04 2006-06-02 Procede d'authentification et procede de transmission d'informations correspondant

Country Status (7)

Country Link
US (1) US7773973B2 (zh)
EP (1) EP1768426B1 (zh)
CN (1) CN100488280C (zh)
AT (1) ATE431050T1 (zh)
DE (1) DE602006006629D1 (zh)
ES (1) ES2324836T3 (zh)
WO (1) WO2006131061A1 (zh)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9889214B2 (en) 2009-03-19 2018-02-13 Emd Millipore Corporation Removal of microorganisms from fluid samples using nanofiber filtration media
US10252199B2 (en) 2010-08-10 2019-04-09 Emd Millipore Corporation Method for retrovirus removal
US10675588B2 (en) 2015-04-17 2020-06-09 Emd Millipore Corporation Method of purifying a biological material of interest in a sample using nanofiber ultrafiltration membranes operated in tangential flow filtration mode
US11154821B2 (en) 2011-04-01 2021-10-26 Emd Millipore Corporation Nanofiber containing composite membrane structures
US12059644B2 (en) 2014-06-26 2024-08-13 Emd Millipore Corporation Filter structure with enhanced dirt holding capacity

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101160985B (zh) * 2005-06-04 2010-05-19 华为技术有限公司 一种鉴权方法及相应的信息传递方法
CN100488280C (zh) * 2005-06-04 2009-05-13 华为技术有限公司 一种鉴权方法及相应的信息传递方法
US8183980B2 (en) * 2005-08-31 2012-05-22 Assa Abloy Ab Device authentication using a unidirectional protocol
US9135612B1 (en) 2011-04-17 2015-09-15 Proctor Consulting, LLC Proximity detection, virtual detection, or location based triggering of the exchange of value and information
CN102638794B (zh) * 2007-03-22 2016-03-30 华为技术有限公司 鉴权和密钥协商方法、认证方法、系统及设备
JP4677463B2 (ja) * 2007-07-26 2011-04-27 成均館大学校産学協力団 移動通信端末機での再同期化方法
CN102572833B (zh) 2008-04-28 2016-08-10 华为技术有限公司 一种保持用户业务连续性的方法、系统及装置
EP2316180A4 (en) 2008-08-11 2011-12-28 Assa Abloy Ab SECURE WIEGAND INTERFACE COMMUNICATIONS
US8116749B2 (en) * 2008-09-08 2012-02-14 Proctor Jr James Arthur Protocol for anonymous wireless communication
JP5517187B2 (ja) * 2009-04-10 2014-06-11 日本電気株式会社 フェムトセル用基地局、認証装置、通信システム、制御方法及びプログラム
GB2509975A (en) * 2013-01-21 2014-07-23 Nec Corp PDN service rejection
US10861763B2 (en) 2016-11-26 2020-12-08 Texas Instruments Incorporated Thermal routing trench by additive processing
US11004680B2 (en) 2016-11-26 2021-05-11 Texas Instruments Incorporated Semiconductor device package thermal conduit
US10811334B2 (en) 2016-11-26 2020-10-20 Texas Instruments Incorporated Integrated circuit nanoparticle thermal routing structure in interconnect region
US11676880B2 (en) 2016-11-26 2023-06-13 Texas Instruments Incorporated High thermal conductivity vias by additive processing
US10256188B2 (en) 2016-11-26 2019-04-09 Texas Instruments Incorporated Interconnect via with grown graphitic material
US10452877B2 (en) 2016-12-16 2019-10-22 Assa Abloy Ab Methods to combine and auto-configure wiegand and RS485
US10608822B2 (en) * 2017-04-26 2020-03-31 Nxp B.V. Efficient calculation of message authentication codes for related data
WO2018208221A1 (zh) 2017-05-09 2018-11-15 华为国际有限公司 网络认证方法、网络设备及终端设备
EP3506668A1 (en) * 2017-12-27 2019-07-03 Gemalto Sa A method for updating a one-time secret key
JP7185978B2 (ja) * 2018-07-03 2022-12-08 株式会社ソラコム 認証情報の設定を仲介するための装置及び方法
US12081972B2 (en) * 2019-01-18 2024-09-03 Qualcomm Incorporated Protection of sequence numbers in authentication and key agreement protocol
CN111464306B (zh) * 2019-01-18 2022-12-02 中兴通讯股份有限公司 认证处理方法、装置、存储介质及电子装置
CN114513330A (zh) * 2019-04-24 2022-05-17 华为技术有限公司 一种参数发送方法及装置
US10681547B1 (en) * 2019-05-22 2020-06-09 Frank Yang Access verification network device and method
CN112585549B (zh) * 2020-02-29 2022-05-31 华为技术有限公司 一种故障诊断方法、装置及车辆

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002052874A2 (en) * 2000-12-27 2002-07-04 Convergelabs Corporation System and method for connection-oriented access to packet data networks for wireless devices
CN1430400A (zh) * 2002-01-01 2003-07-16 哈尔滨万博信息技术有限公司 专门用于移动电话联网接入服务的身份认证方法
EP1414260A1 (de) * 2002-10-21 2004-04-28 Swisscom Mobile AG Verfahren, System und Vorrichtungen zur Teilnehmerauthentifizierung in einem Telekommunikationsnetz
EP1414259A1 (de) * 2002-10-21 2004-04-28 Swisscom Mobile AG Verfahren zum Detektieren eines duplizierten Identifizierungsmoduls

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6980796B1 (en) * 1999-06-15 2005-12-27 Siemens Aktiengesellschaft Method and system for verifying the authenticity of a first communication participants in a communications network
AU4398400A (en) * 2000-04-06 2001-10-23 Nokia Corporation Method and system for generating a sequence number to be used for authentication
CN100488280C (zh) * 2005-06-04 2009-05-13 华为技术有限公司 一种鉴权方法及相应的信息传递方法
US8010778B2 (en) * 2007-06-13 2011-08-30 Intel Corporation Apparatus and methods for negotiating a capability in establishing a peer-to-peer communication link

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002052874A2 (en) * 2000-12-27 2002-07-04 Convergelabs Corporation System and method for connection-oriented access to packet data networks for wireless devices
CN1430400A (zh) * 2002-01-01 2003-07-16 哈尔滨万博信息技术有限公司 专门用于移动电话联网接入服务的身份认证方法
EP1414260A1 (de) * 2002-10-21 2004-04-28 Swisscom Mobile AG Verfahren, System und Vorrichtungen zur Teilnehmerauthentifizierung in einem Telekommunikationsnetz
EP1414259A1 (de) * 2002-10-21 2004-04-28 Swisscom Mobile AG Verfahren zum Detektieren eines duplizierten Identifizierungsmoduls

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
XIAO N.: "Study of access security mechanism of WCDMA", CHONGQING YOUDIAN XUEYUANXUEBAO (ZIRAN KEXUE BAN), vol. 16, no. 3, June 2004 (2004-06-01), pages 43 - 46, XP008073806 *
ZHANG F.-Z. ET AL.: "A study of Authentication and Authorization in 3G Access", WEIDIANZIXUE YU JISUANJI, vol. 21, no. 9, 2004, pages 33 - 37, XP008073805 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9889214B2 (en) 2009-03-19 2018-02-13 Emd Millipore Corporation Removal of microorganisms from fluid samples using nanofiber filtration media
US9943616B2 (en) 2009-03-19 2018-04-17 Emd Millipore Corporation Removal of microorganisms from fluid samples using nanofiber filtration media
US10064965B2 (en) 2009-03-19 2018-09-04 Emd Millipore Corporation Removal of microorganisms from fluid samples using nanofiber filtration media
US10722602B2 (en) 2009-03-19 2020-07-28 Emd Millipore Corporation Removal of microorganisms from fluid samples using nanofiber filtration media
US10252199B2 (en) 2010-08-10 2019-04-09 Emd Millipore Corporation Method for retrovirus removal
US11154821B2 (en) 2011-04-01 2021-10-26 Emd Millipore Corporation Nanofiber containing composite membrane structures
US12059644B2 (en) 2014-06-26 2024-08-13 Emd Millipore Corporation Filter structure with enhanced dirt holding capacity
US10675588B2 (en) 2015-04-17 2020-06-09 Emd Millipore Corporation Method of purifying a biological material of interest in a sample using nanofiber ultrafiltration membranes operated in tangential flow filtration mode

Also Published As

Publication number Publication date
US7773973B2 (en) 2010-08-10
US20070178886A1 (en) 2007-08-02
EP1768426A4 (en) 2008-02-20
CN100488280C (zh) 2009-05-13
DE602006006629D1 (de) 2009-06-18
ES2324836T3 (es) 2009-08-17
EP1768426A1 (en) 2007-03-28
CN1859729A (zh) 2006-11-08
EP1768426B1 (en) 2009-05-06
ATE431050T1 (de) 2009-05-15

Similar Documents

Publication Publication Date Title
WO2006131061A1 (fr) Procede d'authentification et procede de transmission d'informations correspondant
US7352866B2 (en) Enhanced subscriber authentication protocol
US8312278B2 (en) Access authentication method applying to IBSS network
CN102036242B (zh) 一种移动通讯网络中的接入认证方法和系统
KR20120052396A (ko) 유선 근거리 통신망을 위한 보안 액세스 제어 방법 및 시스템
JP5399404B2 (ja) 一方向アクセス認証の方法
WO2013087039A1 (zh) 一种安全传输数据方法,装置和系统
JP2002541685A (ja) 認証方法
WO2010012203A1 (zh) 鉴权方法、重认证方法和通信装置
WO2006128364A1 (fr) Procede et systeme de mise a jour d'une cle secrete
JP2018533883A (ja) Diffie−Hellman手順によるセッション鍵生成のための方法およびシステム
WO2012097723A1 (zh) 数据的安全保护方法、网络侧实体和通信终端
WO2012174959A1 (zh) 一种机器到机器通信中组认证的方法、系统及网关
WO2005120156A2 (en) Method and system for aka sequence number for replay protection in eap-aka authentication
US20190239071A1 (en) Enhanced aggregated re-authentication for wireless devices
WO2009074050A1 (fr) Procede, systeme et appareil d'authentification de dispositif de point d'acces
WO2012075825A1 (zh) 无线局域网中端站的安全配置方法、ap、sta、as及系统
WO2007041933A1 (fr) Procédé de mise à jour de clés secrètes contrôlées et appareil idoine
CN112333705B (zh) 一种用于5g通信网络的身份认证方法及系统
CN101399603A (zh) 重同步方法、认证方法及设备
CN213938340U (zh) 5g应用接入认证网络架构
WO2007025484A1 (fr) Procede de negociation de mise a jour pour cle d'autorisation et dispositif associe
WO2012000313A1 (zh) 一种家庭网关认证方法和系统
KR20080056055A (ko) 통신 사업자간 로밍 인증방법 및 키 설정 방법과 그 방법을포함하는 프로그램이 저장된 기록매체
WO2018222133A2 (zh) 数据保护方法、装置以及系统

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 11626989

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 2006742080

Country of ref document: EP

Ref document number: 383/CHENP/2007

Country of ref document: IN

WWP Wipo information: published in national office

Ref document number: 2006742080

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 11626989

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 200680011939.1

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE