WO2007041933A1 - An updating method of controlled secret keys and the apparatus thereof - Google Patents

An updating method of controlled secret keys and the apparatus thereof Download PDF

Info

Publication number
WO2007041933A1
WO2007041933A1 PCT/CN2006/002475 CN2006002475W WO2007041933A1 WO 2007041933 A1 WO2007041933 A1 WO 2007041933A1 CN 2006002475 W CN2006002475 W CN 2006002475W WO 2007041933 A1 WO2007041933 A1 WO 2007041933A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
network side
authentication
control parameter
resynchronization
Prior art date
Application number
PCT/CN2006/002475
Other languages
French (fr)
Chinese (zh)
Inventor
Fei Liu
Zhengwei Wang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to CN200680012300.5A priority Critical patent/CN101160780B/en
Publication of WO2007041933A1 publication Critical patent/WO2007041933A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to communication security technologies, and in particular, to a controlled authentication key update method and apparatus.
  • an International Mobile Subscriber Identification (IMSI), an authentication key KI and a serial number SQNMS, a home location register are stored in the mobile terminal.
  • IMSI International Mobile Subscriber Identification
  • HLR/AUC Home Location Register/Authentication Center
  • the IMSI, the KI, and the serial number SQNHE are saved for the mobile terminal for mutual authentication between the mobile terminal and the network.
  • the existing authentication procedures for 3G communication systems are mainly:
  • HLR/AUC generates random number RAND, generates expected response XRES, encryption key CK, integrity key IK according to RAND and KI; generates message authentication code according to RAND, SQNHE, authentication key KI and authentication management domain AMF MAC-A; According to MAC-A, SQNHE, the anonymous key AK and AMF get the authentication token AUTN (Authentication Token).
  • the terminal verifies the consistency of the AUTN according to the KI saved by itself; if the consistency verification fails, the authentication failure information is returned to the MSC/VLR; if the consistency verification is passed, it is determined whether the SQNHE is in an acceptable range: if it belongs, The terminal determines that the network authentication is passed, the terminal returns its own authentication response to the MSC/VLR, and updates the SQNMS according to the SQNHE in the AUTN; the MSC/VLR compares the authentication response returned by the terminal with the XRES in the corresponding quintuple. Consistently determine the legitimacy of the terminal.
  • the terminal If it is judged that SQNHE is not within the acceptable range, then The terminal generates a resynchronization flag AUTS (Resynchi-onisation Token) according to the SQNMS, and returns a resynchronization request or a synchronization failure (Synchronisation Failure) message to the MSC/VLR, and attaches the generated resynchronization flag AUTS, that is, the message includes AUTS;
  • the /VLR sends the AUTS and the RAND in the corresponding quintuple to the HLR/AUC; the HLR/AUC determines the legality of the AUTS according to the corresponding saved KI and the received RAND; if not, Then the HLR/AUC returns AUTS invalid information to the MSC/VLR; if it is determined that the AUTS is legal, the HLR/AUC updates the SQNHE according to the SQNMS in the AUTS, and generates a new authentication
  • the terminal determines whether the SQNHE is acceptable by comparing whether the SQNMS in the saved SQNMS and the AUTN meets a predetermined condition, and the predetermined condition may be that the difference between the SQNHE and the SQNMS is within a predetermined range, for example, whether (SQNHE - SQNMS) ) is greater than 0, or whether (SQNHE - SQNMS ) is greater than 0 and less than 256. If the difference between the SQNHE and the SQNMS is within the predetermined range, it is determined that the SQNHE is acceptable; otherwise, it is determined that the SQNHE is unacceptable.
  • the predetermined condition may be that the difference between the SQNHE and the SQNMS is within a predetermined range, for example, whether (SQNHE - SQNMS) ) is greater than 0, or whether (SQNHE - SQNMS ) is greater than 0 and less than 256. If the difference between the SQNHE
  • the save is saved.
  • Authentication key in HLR/AUC and authentication key in cloned user card After the synchronization update is made, the authentication key in the legal user card becomes an invalid authentication key because it is not updated, and the legitimate user card cannot be used.
  • the legitimate user finds that his user card cannot be used, he can realize that the user card is cloned, and can change the authentication key in the HLR/AUC to the business hall, and refresh the user card.
  • the weight key makes the authentication key in the HLR/AUC and the authentication key of the user card again consistent, so that the legitimate user card can continue to be used, and the illegally cloned user card can no longer be used.
  • this process can cause problems for the user and also increase the workload of the staff of the business hall.
  • the present invention provides a controlled key update method and apparatus, which can prevent an illegal user from updating the authentication key by cloning the user card, thereby causing the legitimate user card to continue to be used.
  • a controlled key update method is provided on a network side for controlling a control parameter for controlling an authentication key update; the method comprising:
  • the resynchronization flag is generated according to the authentication key of the terminal, the received random number, the control parameter saved by the terminal or the user input, and the terminal serial number is replaced by a specific value, and sent to the network side. Synchronizing the request command, attaching the resynchronization flag;
  • the determining, by the terminal, the network side consistency verification and the generating the resynchronization flag further includes: determining, by the terminal according to the terminal serial number, that the network side serial number is within an acceptable range.
  • the method further includes: the terminal determining, according to the terminal serial number, that the serial number of the network side is not within an acceptable range, according to the terminal serial number, the own authentication key, The received random number is used to generate a resynchronization flag, and a resynchronization request command is sent to the network side, and the resynchronization flag is attached.
  • the method further includes: when the terminal serial number is not a specific value, the network side performs the consistency verification on the resynchronization flag according to the random number and the network side authentication key, Synchronization is performed during verification.
  • the home location register/authentication center of the network side sends a synchronization processing result message to the mobile switching center/visit location register, where the message includes illegal synchronization. information.
  • performing the consistency verification on the network side refers to performing consistency verification on the authentication mark sent by the network side according to the authentication key saved by the terminal and the random number sent by the network side.
  • the method further includes: when the terminal fails to pass the consistency verification on the network side, sending the authentication failure information to the network side.
  • the terminal includes a user equipment and a user card.
  • control parameter preset by the terminal refers to a control parameter set in the user equipment or a control parameter set in the user card.
  • control parameter is a password, or an identity of the terminal, or any user-defined value.
  • the method further includes: after generating the new authentication key, the terminal and the network side respectively re-initialize the serial number saved by the terminal and the value of the serial number saved by the network side.
  • the specific value is a specified value, or is a highest byte or any specified byte or some specified bit is any value of the specified value.
  • an apparatus for implementing controlled key update includes: a control parameter storage unit for storing control parameters for controlling an authentication key update; a specific value storage unit for storing an alternate terminal The serial number to generate a specific value for the resynchronization tag;
  • the resynchronization flag generating unit is configured to generate a resynchronization according to the terminal's authentication key, the received random number, the terminal saved or the user input control parameter, and replace the terminal serial number with a specific value.
  • the device is located in the terminal; the terminal includes a user equipment and a user card; the specific value storage unit and the resynchronization flag generating unit are located in the user card; and the control parameter storage unit is located in the user equipment or the user card.
  • the terminal includes a user equipment and a user card; the specific value storage unit and the resynchronization flag generating unit are located in the user card; and the control parameter storage unit is located in the user equipment or the user card.
  • an apparatus for implementing controlled key update includes: a control parameter saving unit, configured to save a control parameter for controlling the update of the authentication key; and a specific value discriminating unit, configured to determine, when the resynchronization request command is received, whether the terminal serial number is a specific value;
  • a resynchronization flag verification unit configured to verify, according to the control parameter saved by the control parameter saving unit, the consistency of the synchronization flag attached to the received resynchronization request command;
  • the authentication key update unit is configured to implement an update of the authentication key when the determination result of the specific value is YES, and the re-synchronization mark verification unit verifies the pass.
  • the device is located in a home location register/authentication center on the network side.
  • the control parameter when the terminal generates the resynchronization flag, the control parameter is added, and the network side may perform the consistency verification on the resynchronization flag according to the control parameter. Therefore, the illegal user cannot clone the user card even if the user card is cloned.
  • the user card updates the authentication key, thereby preventing the illegal user from updating the authentication key through the illegally cloned user card.
  • Figure 1 is a flow chart of an embodiment of the present invention.
  • FIG. 2 is a flow chart of a first embodiment of a specific embodiment of the present invention.
  • FIG. 3 is a flow chart of a second embodiment of a specific embodiment of the present invention.
  • the key update method controlled by the present invention sets a key update control parameter.
  • the terminal uploads the control parameter information to the network side HLR/AUC, and the HLR/AUC passes the judgment. Whether the synchronization tag contains the control parameter information to determine whether to perform a corresponding authentication key update operation.
  • control parameters for controlling the authentication of the authentication key may be set in the subscription data of the HLR/AUC terminal user.
  • the clone user card is not Knowing the control parameter information corresponding to the legal user card setting in the HLR/AUC, therefore, when the cloned user card negotiates with the HLR/AUC to update the authentication key, the resynchronization tag generated by the cloned user card cannot pass the HLR/AUC consistency. Sexual verification, the cloned user card also cannot effectively negotiate the update of the authentication key with the HLR/AUC.
  • the modification of the existing authentication process of the present invention can be limited to the user card and the HLR/AUC, that is, the intermediate devices involved in the synchronization process, including the base station (NodeB), the base station controller (RNC, Radio Network Controller), and the core network. No changes are required to the device (eg MSC).
  • the present invention is easier to implement with respect to methods that result in control authentication key updates that require one or more of the NodeB, RNC, and MSC to be changed.
  • the control parameter used to control the key update of the present invention may be a password, such as a user PIN code (SPIN, Subscriber Personal Identification Number); or an identity of a terminal, such as an international mobile station device identifier of the terminal. (IMEI, International Mobile Station Equipment Identity); Of course, it can also be an arbitrary value customized by the user, for example, the user's alias, the user's avatar information, or the summary information of the user's avatar data, and the like.
  • SPIN Subscriber Personal Identification Number
  • IMEI International Mobile Station Equipment Identity
  • a control parameter for controlling the authentication key update is set in the subscription data of the corresponding end user in the HLR/AUC.
  • the user can save the control parameters in his own subscription data in the HLR/AUC through the business hall or through the service telephone interface or service website provided by the business hall.
  • the terminal includes a user equipment (UE, User Equipment) and a user card.
  • the user card refers to a USIM (UMTS Subscriber Identity Module) for a Wideband Code Division Multiple Access (WCDMA) system.
  • step 101 the terminal initiates a location update request to the network side.
  • This step may also be to initiate a service request to the network side.
  • any message sent by the terminal that can cause the network side to authenticate the terminal may be used.
  • Step 102 The network side MSC/VLR sends the corresponding authentication parameter in the generated authentication tuple to the terminal after receiving the location update request.
  • the authentication tuple may include a random number RAND, a desired response XRES, an encryption key CK:, an integrity key IK, and an authentication token AUTN.
  • the corresponding authentication parameters include RAND and AUTN.
  • the HLR/AUC calculates the XRES, CK, and IK by using the RAND generated by the random number generator and the authentication key KI stored by itself; and also according to RAND, KI, serial number SQNHE, and the authentication management domain.
  • AMF generates AUTN.
  • the authentication token AUTN is 16 bytes long and includes the following contents:
  • SQNHE A AK that is, SQNHE is encrypted with an anonymous key AK, where SQNHE and AK are 6 bytes long, SQNHE refers to SQN stored on the network side to distinguish it from SQNMS stored in the terminal;
  • MAC-A is 8 bytes long; MAC-A is used to verify the data integrity of RAND, SQNHE, AMF, and is used for terminal authentication of HLR/AUC.
  • the HLR/AUC calculates the MAC-A in the AUTN based on RAND, SQNHE, KI, and AMF.
  • the quintuple is composed of RAND, AUTN, XRES, CK, IK, and the like.
  • the HLR/AUC After the HLR/AUC generates the authentication quintuple, it sends the corresponding International Mobile Subscriber Identity (IMSSI) and the authentication quintuple RAND, CK, IK, XRES and AUTN to the MSC/VLR.
  • IMSSI International Mobile Subscriber Identity
  • the MSC/VLR is a circuit domain device.
  • the corresponding device may be a Serving General Packet Radio Service Support Node (SGSN).
  • SGSN Serving General Packet Radio Service Support Node
  • the MSC/VLR on the network side will receive the self.
  • the RAND and AUTN in the authentication tuple of the HLR/AUC are transmitted to the terminal.
  • Step 103 The terminal receives the corresponding authentication parameters (ie, RAND and AUTN) sent by the MSC/VLR, and determines that the consistency verification of the AUTN is passed, and performs calculation according to RAND and KI to obtain a new authentication key NewKI; Controlling parameters, and according to the control parameters, replacing the SQNMS with the specified specific value to generate the resynchronization flag AUTS, initiating a resynchronization request command to the network, and attaching the resynchronization flag AUTS.
  • the initiating a resynchronization request command to the network and attaching the resynchronization flag AUTS that is, sending the synchronization failure to the network side Message, the message contains AUTS.
  • the terminal includes a user equipment UE and a user card.
  • the UE receives the authentication request, and sends the authentication parameters (RAND and AUTN) to the user card, and the user card performs the consistency verification on the received AUTN according to the KI saved by itself. .
  • the resynchronization flag AUTS includes the following:
  • SQNMS A AK which is an SQNMS encrypted with AK, where SQNMS and AK are respectively 6 bytes long, and SQNMS refers to SQN stored on the terminal side to distinguish it from SQNHE stored on the network side;
  • SQNMS needs to be encrypted
  • MAC-S Message authentication code
  • MAC-S is used to verify the data integrity of RAND and SQNMS, and is also used for HLR/AUC to authenticate the terminal, that is, for HLR/AUC authentication.
  • the legality of AUTS In the authentication process of the present invention, the terminal calculates the MAC-S by replacing the specific value of the SQNMS, the self-preserved or user-entered control parameter, the KI, the received RAND, and the AMF, and then according to the specific value. , AK and MAC-S generate resynchronization flag AUTS.
  • the terminal After receiving the RAND and AUTN sent by the network side MSC/VLR, the terminal calculates the MAC in the AUTN according to the received RAND and the KI saved by itself and the SQNHE and the AMF in the received AUTN and the HLR/AUC.
  • the A-based algorithm calculates a calculation result, and the terminal compares the calculation result calculated by itself with the MAC-A in the received AUTN (for example, whether it is the same). If it is inconsistent, it returns the authentication failure to the MSC/VLR.
  • the SQNMS is replaced by the specific value of the agreement to calculate the MAC-S according to its own KI, the self-preserved or user-entered control parameters, the received RAND, and the AMF in the AUTN, etc., according to the specific The value replaces the SQNMS to generate a resynchronization flag AUTS with the AK and the MAC-S, that is, the specific value is encrypted with AK, and the ciphertext and the MAC-S are combined to generate the AUTS.
  • the terminal After generating the AUTS, the terminal sends a resynchronization request command to the network side and attaches the resynchronization flag AUTS, or sends a synchronization failure message to the network side, and includes AUTS in the message.
  • the terminal When the terminal generates the MAC-S, it can first perform the digest calculation with the control parameter and the KI to obtain a calculation result Resultl, and then use the Resultl and the specific value for the digest calculation to obtain a calculation result Result2, and then use the Result2 and the RAND to perform The calculation is performed to obtain a calculation result R esu lt3 , and then the summary calculation is performed by Result3 and the AMF, and the obtained calculation result is taken as MAC-S.
  • the UE since the generation of the MAC-S can be completely implemented in the user card, if the control parameter is set in the user equipment UE, the UE needs to transmit the control parameter to the user when the user card needs to calculate the MAC-S according to the control parameter. card. For example, at the time of authentication, the UE transmits the control parameters to the user card while transmitting the RAND and AUTN to the user card. If the control parameter is set in the user card, when the user card needs to calculate the MAC-S according to the control parameter, the control parameter saved by itself can be directly obtained, and the UE does not need to transmit the control parameter to the user card.
  • the process of generating the MAC-S and the digest algorithm used may be determined according to the actual situation.
  • the algorithm for generating the AUTS and the algorithm used in the generation may also refer to the relevant 3GPP specifications, and details are not described herein.
  • the terminal acquiring the control parameter may be: the UE corresponding to the terminal saves the control parameter, and the terminal directly acquires the control parameter saved by the UE; or the user card saves the control parameter, and the terminal directly obtains the control parameter saved by the user card; The user is prompted to input a control parameter, and the terminal acquires the control parameter according to the user input.
  • the MAC-S When the MAC-S is generated by the user card, when it is performed according to the control parameters, and when it is not performed according to the control parameters, it can be determined by the UE. For example, when the control parameter is saved in the UE, when the UE transmits the control parameter and the RAND and the AUTN to the user card when authenticating, when the user card generates the MAC-S, it is performed according to the control parameter; when authenticating, the UE only When RAND and AUTN are transmitted to the user card, and the control parameters are not included, when the user card generates the MAC-S, it is no longer performed according to the control parameters.
  • the control parameter is saved in the user card
  • the user card when the UE transmits the RAND and AUTN and a special flag indicating whether to generate the MAC-S according to the control parameter to the user card, the user card generates the MAC-S.
  • the special flag it is determined according to the control parameters.
  • the UE may periodically decide to update the authentication key, that is, periodically. Determine the user card ⁇ : Generate MAC-S according to the control parameters.
  • the user card may decide when to update the authentication key, that is, when the MAC-S is generated according to the control parameter, for example, the control parameter is saved in the UE, and when the power is turned on, the terminal transmits the control parameter.
  • the user card saves the control parameter and generates a MAC-S based on the control parameter when an authentication key update is required.
  • the user card may decide to update the authentication key according to the special value set by the authentication management domain AMF in the authentication token.
  • the UE When neither the UE nor the user card saves the control parameter, when the MAC-S needs to be generated according to the control parameter, the UE prompts the user to input the control parameter, and the UE transmits the control parameter input by the user and the RAND to the user card in the AUTN. , or transfer the control parameters to the user card separately.
  • the advantage of storing the control parameters in the UE or the card of the terminal is that the user is not required to enter the control parameters each time the authentication key is updated, which results in a better user experience.
  • Step 104 After receiving the resynchronization request command, the MSC/VLR sends the RAND in the quintuple corresponding to the current authentication and the AUTS received from the terminal to the HLR/AUC.
  • Step 105 After receiving the resynchronization request command, the HLR/AUC first parses out from the AUTS.
  • step 106 is performed; otherwise, Go to step 107.
  • the HLR/AUC performs conformance verification on the AUTS according to the saved KI and the set control parameters.
  • the HLR/AUC adopts according to the KI, the control parameter, the AMF, the specific value and the RAND in the synchronization message.
  • the terminal performs calculation according to the KI, the control parameter, the AMF, the specific value, and the RAND-generated MAC-S algorithm, and obtains a calculation result, and compares the calculated result and the MAC-S in the AUTS in the synchronization message. Whether it is consistent, if it is consistent, it is judged that the consistency verification by AUTS; otherwise, it is judged that the consistency risk of AUTS cannot pass.
  • the SQNMS is parsed from the AUTS: when the SQNMS adopts the encryption mode, the HLR/AUC first calculates the AK according to the KI and the RAND, and decrypts the SQNMS plaintext from the AUTS by using the AK; when the SQNMS adopts the plaintext mode, that is, the AK value is set. In the case of 0, the HLR/AUC directly obtains the SQNMS plaintext from the AUTS.
  • Step 106 The HLR/AUC calculates the new authentication key NewKI according to the method that the KI and the RAND are consistent according to the terminal computing the new authentication key NewKI.
  • a new authentication tuple can also be generated, and a synchronization processing result message is sent to the MSC/VLR, and the new authentication tuple is included in the message.
  • Step 107 The HLR/AUC determines that the resynchronization message is illegal, and ends the processing. Before ending the processing, the method may further include sending a synchronization processing result message to the MSC/VLR, and including illegal synchronization information in the message.
  • the terminal may further include the step of determining whether the SQNHE is within an acceptable range, and when the SQNHE is acceptable, determining that the network authentication is passed, and the terminal is updated according to the SQNHE update.
  • the SQNMS performs a subsequent operation of generating a new authentication key or the like; otherwise, that is, when the SQNHE is unacceptable, it determines that the synchronization fails, and performs a normal synchronization processing flow, that is, generates a resynchronization flag AUTS according to the SQNMS, that is,
  • the MAC-S is calculated according to the SQ MS, the KI, and the received RAND and AMF, and then the resynchronization flag AUTS is generated according to the SQNMS, A, and MAC-S, that is, the SQNMS is encrypted by the AK, and the ciphertext and the MAC-S are combined.
  • To produce AUTS After the terminal generates the AUTS, it returns a resynchronization request command or a synchronization failure message to the network side MSC, and attaches the generated resynchronization flag AUTS.
  • the terminal and the HLR/AUC pre-agreed After receiving the resynchronization request command of the terminal, the HLR/AUC performs an operation of generating a new authentication key NewKI if it is determined that the SQNMS is a specific value of the agreement.
  • the HLR/AUC also needs to verify the validity of the resynchronization request message.
  • the HLR/AUC determines that the SQNMS is not the specific value of the agreement, and processes according to the normal synchronization process, that is, when the AUTS is determined to be legal, the SQNHE is updated according to the SQNMS, and a new authentication tuple is generated.
  • the synchronization processing result message is returned to the MSC/VLR, and the message includes a new authentication tuple.
  • the synchronization processing result message is returned to the MSC/VLR, and the message includes illegal synchronization information.
  • the MSC/VLR After receiving the synchronization processing result message, the MSC/VLR still performs corresponding processing according to the normal synchronization processing flow.
  • FIG. 2 is a specific embodiment 1 of a specific embodiment of the present invention.
  • the embodiment is a process for performing the authentication key update control by using the controlled key update method of the present invention.
  • the terminal and the HLR/AUC negotiate a controlled update of the authentication key, and the control is passed.
  • the control parameter for controlling the update of the authentication key is set in the subscription data of the corresponding user in the HLR/AUC.
  • the control parameter is also saved in the UE of the terminal.
  • the terminal includes a user equipment UE and a user card.
  • step 201 the terminal initiates a location update request to the network
  • This step may also be to initiate a service request to the network side.
  • any message sent by the terminal that can cause the network side to authenticate the terminal may be used.
  • step 202 after receiving the request, the network side MSC/VLR authenticates the terminal, and sends an authentication request to the terminal, and the authentication parameters RAND and AUTN in the current authentication quintuple corresponding to the terminal are Send to the terminal.
  • the HLR/AUC generates RAND based on the random number generator, and calculates XRES and CK IK based on RAND and KI, respectively.
  • MAC-A is generated based on RAND, SQNHE, KI, and AMF calculations
  • AUTN is generated based on MAC-A, SQNHE, AK, and AMF.
  • the HLR/AUC then sends the quintuple of RAND, AUTN, XRES, CK, and IK and the corresponding IMSI to the MSC/VLR.
  • the HLR/AUC sends the generated authentication tuple to the MSC/VLR after receiving the request of the MSC/VLR request authentication quintuple.
  • the MSC/VLR initiates an authentication request to the terminal, and simultaneously transmits the authentication parameters RAND and AUTN in the quintuple to the terminal.
  • Step 203 When receiving the authentication request, the terminal first receives the KI according to the saved KI.
  • the AUTN performs the consistency verification, that is, first performs the consistency verification on the AUTN according to the KI and the RAND saved by itself. If the verification is passed, step 205 is performed; otherwise, step 204 is performed.
  • the terminal when the terminal receives the RAND and AUTN from the MSC/VLR, it calculates the MAC-A in the AUTN based on the KI stored by itself, the received RAND, and the SQNHE in the received AUTN and the AMF. The algorithm generates MAC-A, and then the terminal compares the MAC-A generated by itself with the MAC-A in the AUTN. If they are equal, it determines that the AUTN consistency verification is passed. Otherwise, it determines that the AUTN consistency verification is not by.
  • the terminal since the terminal includes the user equipment UE and the user card, in practice, the UE receives the authentication request, and sends the authentication parameters RAND and AUTN to the user card, and the user card is based on the KI saved by the user.
  • the received AUTN performs consistency verification.
  • the step may be further: when the UE receives the authentication request, the saved control parameter and the received RAND and AUTN are transmitted to the user card, and the user card first performs consistency on the received AUTN according to the KI saved by the user. Verification, that is, the AUTN is first verified according to the KI and the RAND saved by itself. If the verification is passed, step 205 is performed; otherwise, step 204 is performed. Specifically, when the user card receives the control parameters, RAND, and AUTN from the UE, the user calculates the MAC in the AUTN according to the KI stored by itself, the received RAND, and the SQNHE in the received AUTN, and the AMF adopts the HLR/AUC.
  • the -A algorithm generates MAC-A, and then compares the MAC-A generated by itself with the MAC-A in the AUTN. If they are equal, it determines that the AUTN consistency verification is passed. Otherwise, it determines that the AUTN is consistent. Sexual verification failed.
  • step 204 the terminal returns the information of "authentication failure” to the network, and then ends the process of updating the authentication key.
  • the user card may return "information failure” to the UE, and the UE returns "authentication failure” information to the network.
  • Step 205 The terminal determines whether the SQNHE is within an acceptable range. If yes, it determines that the network authentication is passed, and performs step 207; otherwise, determines that the synchronization fails, and performs step 206.
  • the user card may determine whether the SQNHE is within an acceptable range. If yes, if it is determined that the network authentication is passed, step 207 is performed; otherwise, the synchronization failure is determined. After step 206 is performed.
  • Step 206 The terminal directly generates a resynchronization flag AUTS according to the SQNMS, and initiates a resynchronization request command to the network, and attaches an AUTS.
  • step 208 is performed. Specifically, the terminal calculates the MAC-S according to its own KI, SQNMS, and received RAND and AMF, and then generates an AUTS according to the SQNMS, AK, and MAC-S, and then initiates a resynchronization request command to the network side, and attaches The AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS.
  • this step may further be that the user card directly generates a resynchronization flag AUTS according to the SQNMS, and initiates a resynchronization request command to the network, and attaches the AUTS. Then step 208 is performed.
  • the UE forwards the synchronization request command of the user card to the network.
  • Step 207 The terminal updates the saved SQNMS according to the SQ HE, and generates a new authentication key NewKI according to the RAND and the KI.
  • the terminal generates the resynchronization flag AUTS according to the control parameter and replaces the SQNMS with the specified specific value 125, and initiates the network. Resynchronize the request command with the resynchronization flag AUTS attached.
  • step 208 is performed. Specifically, the terminal replaces the SQNMS with a specific value of 125 to calculate the MAC-S according to the KI, the control parameters, and the received RAND and AMF, and then encrypts the specific value 125 with the AK, and the ciphertext and the MAC- S combines to produce AUTS.
  • the terminal sends a resynchronization request command to the network side and attaches the AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS.
  • the step may further be that the user card generates the resynchronization flag AUTS according to the control parameter saved by the UE, and replaces the SQNMS with the specified specific value 125, and initiates a resynchronization request command to the network, and attaches a resynchronization flag AUTS.
  • step 208 is performed.
  • the UE forwards the synchronization request command of the user card to the network.
  • the UE transmits the control parameters to the user card together when transmitting the RAND and the AUTN to the user card.
  • the UE transmits the control parameters to the user card in response to a corresponding request from the user card.
  • Step 208 When receiving the synchronization failure message sent by the terminal, the MSC/VLR on the network side sends the AUTS in the message and the RAND in the corresponding quintuple to the HLR/AUC. Then step 209 is performed.
  • a new authentication tuple is requested from the HLR/AUC, and the request message includes the AUTS received from the terminal and the RAND in the corresponding authentication quintuple.
  • Step 209 The HLR/AUC determines whether the SQNMS in the AUTS is the agreed specific value 125. If it is a specific value 125, step 212 is performed; if it is not a specific value 125, step 210 is performed.
  • the HLR/AUC may generate an AK according to the RAND and the KI to decrypt the SQNMS ciphertext and obtain the SQNMS plaintext.
  • Step 210 When receiving the AUTS and RAND sent by the MSC/VLR, the HLR/AUC performs consistency verification on the AUTS according to the KI, that is, according to the AMF, the saved KI, the received RAND, and the SQNMS in the AUTS, etc.
  • KI, SQNMS, RAND, and AMF generate a MAC-S-based algorithm to calculate a calculation result, and then compare whether the calculated calculation result is consistent with the MAC-S in the received AUTS. If they are consistent, the judgment is passed. For the consistency verification of the AUTS, then step 211; otherwise, it is determined that the consistency verification of the AUTS is not passed, and then step 214 is performed;
  • Step 211 The HLR/AUC updates the SQNHE according to the value of the SQNMS, generates a new authentication tuple, and sends a synchronization processing result message to the MSC/VLR, where the message includes a new authentication tuple.
  • Step 212 When receiving the AUTS and RAND sent by the MSC/VLR, the HLR/AUC performs consistency verification on the AUTS according to the KI and the control parameter, that is, according to the AMF, the saved KI, the control parameter, the received RAND, and the AUTS.
  • the SQNMS and the like calculate a calculation result based on the algorithm that the terminal generates a MAC-S according to the KI, the control parameter, the RAND, the specific value, and the AMF, and then compares the calculated result with the MAC of the received AUTS.
  • -S is consistent, if it is consistent, it is determined by the consistency verification of the AUTS, and then step 213; otherwise, it is determined that the consistency verification of the AUTS is not passed, and then step 214 is performed;
  • Step 213 The HLR/AUC executes the agreed content corresponding to the specific value 125, that is, performs an authentication key update action, that is, performs an algorithm according to an algorithm that is consistent with the terminal generating a new authentication key according to RAND and KI, and generates a new authentication.
  • the key NewKI then uses NewKI to generate a new authentication tuple, and sends a synchronization processing result message to the MSC/VLR, which includes the new authentication tuple.
  • Step 214 Send a synchronization processing result message to the MSC/VLR, where the message includes an illegal Step information.
  • the values of the SQNMS and the SQNHE may be re-initialized separately.
  • the terminal does not update the saved SQNMS according to SQNHE in step 207, but initializes the value of the SQNMS to 0; correspondingly, the HLR/AUC initializes the value of SQNHE to a random value less than 65536 in step 213. In this way, the conversion part of SQNHE can be kept short to achieve normal authentication. Because the terminal and the HLR/AUC can perform the authentication key update when the SQNHE has not traversed all the changes, the terminal can ensure the rationality of the network authentication.
  • the length of the actually required SQNMS and SQNHE can be shorter than the length specified by the prior art.
  • the length of the original SQN (referred to as SQNMS > SQNHE) is 6 bytes and 48 bits (bits).
  • the SQN can only require 5 bytes and 40 bits, so that the algorithm does not need to ensure authentication and key negotiation.
  • the extended byte is at the upper level of the SQN, thus, the extended SQNHE for calculating the MAC-A; the extended SQNMS is used when calculating the MAC-S;
  • the non-extended 5-byte SQNMS is still used to compare with the unexpanded 5-byte SQNHE to determine the SQNHE. Whether it is updated, that is, whether SQNHE is within acceptable limits.
  • the extra extended bytes have no other meaning except for participating in the calculation of MAC-A and MAC-S in order to be compatible with the original algorithm operation.
  • the present invention can further use this extended byte to express other information.
  • the method further includes: when the re-synchronization flag AUTS is generated by using the specific value instead of the terminal sequence number SQNMS, the specific value is a 6-byte number, and the highest byte is a specific value, and the other status is 5
  • the bytes are arbitrary values.
  • the terminal generates the resynchronization flag AUTS according to the control parameter and replaces the SQNMS with the specified specific value 125, and may use such a 6-byte special value instead of the SQNMS to generate the AUTS.
  • one byte of the highest bit of this special value is set to 125 or some other specific value such as 255, and the lower 5 bits of the special value can be set to an arbitrary value, for example, a 6-byte random number can be generated. Set one byte of the most significant bit of the random number to 125. Then, the random value of the high byte value is changed as the substitute SQNMS to calculate the special value of the AUTS.
  • the HLR/AUC determines whether the SQNMS in the AUTS is the specified specific value 125, it is actually determining whether the high byte value of the SQ MS is 125, and no longer determining whether the value of the entire SQNMS is specific. The value is 125. Obviously, the special values produced in this way are more random and therefore have higher security.
  • FIG. 3 is a specific embodiment 2 of a specific embodiment of the present invention.
  • the embodiment is a process for performing the authentication key update control by using the controlled key update method of the present invention.
  • the terminal and the HLR/AUC negotiate a controlled update of the authentication key, and the control is passed.
  • the control parameter for controlling the update of the authentication key is set in the subscription data of the corresponding user in the HLR/AUC.
  • the control parameter is also saved in the UE of the terminal.
  • the embodiment stipulates that the specific value is represented by any number with the highest byte of 125, and uses the specific value to indicate that the authentication key needs to be updated, and the specific content corresponds to the agreed content, that is, the network side recognizes the SQNMS.
  • the content of the highest byte being the 125 is "generate a new authentication key to authenticate against the new authentication key".
  • the terminal includes a user equipment UE and a user card.
  • step 301 the terminal initiates a location update request to the network.
  • This step may also be to initiate a service request to the network side.
  • any message sent by the terminal that can cause the network side to authenticate the terminal may be used.
  • step 302 after receiving the request, the network side MSC/VLR authenticates the terminal, and sends an authentication request to the terminal, and the authentication parameters RAND and AUTN in the current authentication quintuple of the terminal are corresponding. Send to the terminal.
  • the HLR/AUC generates RAND based on the random number generator, and calculates XRES, CK, and IK based on RAND and KI, respectively.
  • MAC-A is generated based on RAND, SQNHE, KI, and AMF calculations
  • AUTN is generated based on MAC-A, SQNHE, AK, and AMF.
  • HLR/AUC combines pent, AUTN. XRES, CK and IK into a quintuple and The corresponding IMSI is sent to the MSC/VLR.
  • the HLR/AUC sends the generated authentication tuple to the MSC/VLR after receiving the request of the MSC/VLR for requesting the authentication quintuple.
  • the MSC/VLR initiates an authentication request to the terminal, and simultaneously transmits the authentication parameters RAND and AUTN in the quintuple to the terminal.
  • Step 303 When receiving the authentication request, the terminal first receives the KI according to the saved KI.
  • the AUTN performs the consistency verification, that is, the AUTN is first verified according to the saved KI and the RAND. If the verification is successful, step 305 is performed; otherwise, step 304 is performed.
  • the terminal when the terminal receives the RAND and AUTN from the MSC/VLR, it calculates the MAC-A in the AUTN according to the KI stored by itself, the received RAND, and the SQNHE in the received AUTN and the AMF. The algorithm generates MAC-A, and then the terminal compares the MAC-A generated by itself with the MAC-A in the AUTN. If they are equal, it determines that the AUTN consistency verification is passed. Otherwise, it determines that the AUTN consistency verification is not by.
  • the terminal MS since the terminal MS includes the user equipment UE and the user card, in actuality, the UE receives the authentication request, and sends the authentication parameters RAND and AUTN to the user card, and the user card performs the KI according to the KI saved by itself.
  • the received AUTN performs consistency verification.
  • the step may be further: when the UE receives the authentication request, the saved control parameter and the received RAND and AUTN are transmitted to the user card, and the user card first performs consistency on the received AUTN according to the KI saved by the user. Verification, that is, the AUTN is first verified according to the KI and the RAND saved by itself. If the verification is passed, step 305 is performed, and step 1 is performed. Specifically, when receiving the control parameters, RAND, and AUTN from the UE, the user card calculates the MAC in the AUTN according to the KI stored by itself, the received RAND, and the SQNHE in the received AUTN, and the AMF adopts the HLR/AUC.
  • - A-based algorithm generates MAC-A, and then compares the MAC-A generated by itself with the MAC-A in AUTN. If they are equal, it determines that the consistency verification of AUTN is passed. Otherwise, it determines that the AUTN is consistent. Sexual verification failed.
  • step 304 the terminal returns the information of the authentication failure to the network, and then ends the process of updating the negotiation authentication key.
  • the user card may return the information of the authentication failure to the UE, the UE. Return the information of "authentication failure" to the network.
  • Step 305 The terminal determines whether the SQNHE is within an acceptable range. If yes, it determines that the network authentication is passed, and performs step 307; otherwise, determines that the synchronization fails, and performs step 306.
  • the user card may determine whether the SQNHE is within an acceptable range. If yes, it is determined that the network authentication is passed, and then step 307 is performed; otherwise, the synchronization is determined to be failed, and then step 306 is performed.
  • Step 306 The terminal directly generates a resynchronization flag AUTS according to the SQNMS, and initiates a resynchronization request command to the network, and attaches an AUTS.
  • step 308 is performed. Specifically, the terminal calculates the MAC-S according to its own KI, SQNMS, and received RAND and AMF, and then generates an AUTS according to the SQNMS, AK, and MAC-S, and then initiates a resynchronization request command to the network side, and attaches The AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS.
  • this step may further be that the user card directly generates a resynchronization flag AUTS according to the SQNMS, and initiates a resynchronization request command to the network, and attaches the AUTS. Then step 308 is performed.
  • the UE forwards the synchronization request command of the user card to the network.
  • Step 307 the terminal initializes the value of the SQNMS, for example, set to 0, and generates a new authentication key NewKI according to RAND and KI; the terminal generates an arbitrary number, for example, generates a random number, and sets the highest byte of the arbitrary digit. Is 125, and sets the most significant byte to any number of 125 as a specific value; then, the terminal generates a resynchronization flag AUTS according to the control parameter and replaces the SQNMS with a specific value of the highest byte of 125 generated. , initiate a resynchronization request command to the network, and attach a resynchronization flag AUTS. Then step 308 is performed.
  • the terminal replaces the SQNMS with a specific value generated by the terminal to calculate the MAC-S according to the KI, the control parameters, and the received RAND and AMF, and then encrypts the specific value with the AK, and the ciphertext and the MAC- S combines to produce AUTS.
  • the terminal sends a resynchronization request command to the network side and attaches the AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS.
  • the step may further be that the user card generates the resynchronization flag AUTS according to the control parameter saved by the UE, and replaces the SQNMS with the generated specific value, and initiates a resynchronization request command to the network, and attaches a resynchronization flag AUTS.
  • step 308 is performed.
  • the UE forwards the synchronization request command of the user card to the network. Since the MAC-S is generated by the user card, in step 303, the UE transmits the control parameters to the user card together when transmitting the RAND and the AUTN to the user card.
  • Step 308 When receiving the synchronization failure message sent by the terminal, the MSC/VLR on the network side sends the AUTS in the message and the RAND in the corresponding quintuple to the HLR/AUC. Then step 309 is performed.
  • the MSC/VLR on the network side requests a new authentication tuple from the HLR/AUC, and the request message includes the AUTS received from the terminal and the RAND in the corresponding authentication quintuple.
  • Step 309 the HLR/AUC determines whether one byte of the highest bit of the SQNMS in the AUTS is 125. If it is 125, step 312 is performed; if it is not 125, step 310 is performed.
  • the HLR/AUC may generate an AK according to the RAND and the KI to decrypt the SQNMS ciphertext and obtain the SQNMS plaintext.
  • Step 310 When receiving the AUTS and RAND sent by the MSC/VLR, the HLR/AUC performs consistency verification on the AUTS according to the KI, that is, the terminal and the terminal according to the AMF, the saved KI, the received RAND, and the SQNMS in the AUTS.
  • KI the terminal and the terminal according to the AMF
  • the saved KI the received RAND
  • SQNMS the SQNMS in the AUTS.
  • a MAC-S-generated algorithm is used to calculate a calculation result, and then the self-calculated calculation result is compared with the MAC-S in the received AUTS. If they are consistent, it is determined.
  • step 311 is performed; otherwise, it is determined that the consistency verification of the AUTS is not passed, and then step 314 is performed;
  • Step 311 The HLR/AUC updates the SQNHE according to the value of the SQNMS, generates a new authentication tuple, and sends a synchronization processing result message to the MSC/VLR, where the message includes a new authentication tuple. Then perform step 314.
  • Step 312 When receiving the AUTS and RAND sent by the MSC/VLR, the HLR/AUC performs consistency verification on the AUTS according to the KI and the control parameter, that is, according to the AMF, the saved KI, the control parameter, the received RAND, and the AUTS.
  • the SQNMS calculates a calculation result based on the algorithm that the terminal generates a MAC-S based on the KI, the control parameter, the RAND, the specific value, and the AMF, and then compares the calculated result with the MAC in the received AUTS.
  • -S is consistent, if it is consistent, it is judged to pass the consistency verification of AUTS, and then step 313 is performed; otherwise, it is judged that the consistency verification of AUTS is passed, and then Step 314;
  • Step 313 The HLR/AUC performs the corresponding agreement content when the highest byte of the SQNMS is 125, that is, performs an authentication key update action, that is, an algorithm that is consistent with the terminal to generate a new authentication key according to the RAND and the KI. Perform calculation, generate a new authentication key NewKI, and then initialize the value of SQNHE, for example, set to an arbitrary value less than 65536, and use NewKI to generate a new authentication tuple, and send a synchronization processing result message to the MSC/VLR, message Includes new authentication tuples.
  • an authentication key update action that is, an algorithm that is consistent with the terminal to generate a new authentication key according to the RAND and the KI.
  • Perform calculation generate a new authentication key NewKI, and then initialize the value of SQNHE, for example, set to an arbitrary value less than 65536, and use NewKI to generate a new authentication tuple, and send a synchronization processing result message to the M
  • Step 314 Send a synchronization processing result message to the MSC/VLR, where the message includes illegal synchronization information.
  • the specific value in the present invention may be a specified value, such as a value of 125 bytes in length or 48 bits, or an arbitrary value of 48 bits in length of 125, or a certain value. Any specified number of bytes or some specified bit is a specified value with a length of 48 bits.
  • the above MSC/VLR is a circuit domain device.
  • the corresponding MSC/VLR device is an SGSN, so the present invention can be equally applied to a packet domain.
  • the terminal and the HLR/AUC generate a new authentication key, which may be a mature digest algorithm.
  • a digest algorithm refer to the book Applied Cryptography or related algorithm papers or reports;
  • a new key may also be performed using an algorithm for generating an encryption key CK or an integrity key IK by the random number RAND and the authentication key KI mentioned in the 3GPP protocol.
  • the terminal determines whether the SQNHE is in an acceptable range for the AUTN-conformity verification, the HLR/AUC verifies the validity of the AUTS, and the HLR/AUC generates the authentication tuple.
  • the update of the SQNHE; the algorithm for generating the authentication tuple, and the algorithm for generating the AUTS in the synchronous processing flow under normal conditions, etc. can be referred to the 3GPP related protocol, and is not described here because it is a well-known technology.
  • the terminal when the AUTS is generated in the present invention, when the AUTS is generated, the terminal additionally generates the MAC-S according to the control parameter, and the terminal may first perform the digest calculation with the control parameter and the KI to obtain a calculation result. Resultl, and then use Resultl and the specific value for the digest calculation to obtain a calculation result Result2, and then use Result2 and the RAND to perform The calculation is performed to obtain a calculation result Result3, and then the summary calculation is performed by Result3 and the AMF, and the obtained calculation result is taken as MAC-S.
  • the HLR/AUC calculates the calculation process and the used algorithm and terminal according to the AMF, the saved KI, the set control parameters, the received RAND, and the SQNMS in the AUTS.
  • the process of generating MAC-S is consistent with the algorithm used.
  • the process of generating the MAC-S and the digest algorithm used may be determined according to the actual situation.
  • the 3GPP related specifications may also be referred to, and details are not described herein.
  • the control parameter used to control the key update of the present invention may be a password, for example, a password similar to the user card PIN code, for example, may be a user PIN code SPIN set by the network side for the user to change the service;
  • the identifier of a terminal for example, the IMEI of the terminal; of course, an arbitrary value customized by the user, for example, the alias of the user, the avatar information of the user, or the summary information of the avatar data of the user, and the like.
  • the apparatus for implementing controlled key update includes:
  • control parameter storage unit configured to store a control parameter for controlling the update of the authentication key
  • a specific value storage unit configured to store the substitute terminal serial number to generate a specific value of the resynchronization flag
  • a resynchronization flag generating unit configured to generate a resynchronization flag according to the terminal's authentication key, the received random number, the control parameter storage unit or the user input control parameter, and the specific value saved by the specific value storage unit, replacing the terminal serial number .
  • the device is located in the terminal; the terminal includes a user equipment and a user card; the specific value storage unit and the resynchronization flag generating unit are located in the user card; and the control parameter storage unit is located in the user equipment or the user card.
  • the apparatus for implementing controlled key update includes: a control parameter holding unit, configured to save a control parameter for controlling an authentication key update; and a specific value discriminating unit, configured to receive resynchronization When requesting a command, determine whether the terminal serial number is a specific value;
  • a resynchronization flag verification unit configured to verify consistency of the resynchronization flag attached to the received resynchronization request command according to the control parameter saved by the control parameter saving unit;
  • the authentication key update unit is configured to implement the update of the authentication key when the determination result of the specific value is YES, and the resynchronization mark verification unit verifies the pass.
  • the device is located in the home location register/authentication center on the network side.
  • each unit may be a separate entity, and may be combined according to actual conditions and requirements, and details are not described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An updating method of controlled secret keys applied in the 3G communication network includes: at the network side setting control parameters for controlling the updating of authentication secret key; after the terminal has passed the consistency authentication of the network side, it generates the Resynchronization Token according to the authentication secret key of itself, the received random numbers, the control parameters reserved by itself or input by the user, and by replacing the sequence number of the terminal with particular values, sends the requesting command of the resynchronization to the network side and attaches the Resynchronization Token; when the network side receives the requesting command of the resynchronization and determines that the sequence number of the terminal is the particular value, it performs the consistency authentication for the Resynchronization Token according to the set control parameters, random numbers, and the authentication secret key of the network side, if the authentication is passed, the secret key updating is performed, otherwise the related processes are performed. In the invention, the control parameters are added when generating the resynchronization token, thereby to prevent illegal users updating the authentication secret key by illegally cloning user cards.

Description

一种受控的密钥更新方法及装置  Controlled key update method and device
技术领域 Technical field
本发明涉及通信安全技术, 具体涉及一种受控的鉴权密钥更新方法 及装置。  The present invention relates to communication security technologies, and in particular, to a controlled authentication key update method and apparatus.
背景技术 Background technique
现有的第三代(3G, 3rd Generation )移动通信系统中, 在移动终端中 保存国际移动用户标识 ( IMSI, International Mobile Subscriber Identification Number ), 鉴权密钥 KI 和序列号 SQNMS, 归属位置寄存器 /鉴权中心 ( HLR/AUC, Home Location Register/ Authentication Center )中针对该移动 终端对应保存 IMSI、 KI和序列号 SQNHE, 以用于移动终端和网络相互鉴 权。 In the existing third generation (3G, 3 rd Generation) mobile communication system, an International Mobile Subscriber Identification (IMSI), an authentication key KI and a serial number SQNMS, a home location register are stored in the mobile terminal. In the HLR/AUC (Home Location Register/Authentication Center), the IMSI, the KI, and the serial number SQNHE are saved for the mobile terminal for mutual authentication between the mobile terminal and the network.
3 G通信系统的现有鉴权流程主要为:  The existing authentication procedures for 3G communication systems are mainly:
HLR/AUC产生随机数 RAND,根据 RAND和 KI产生期望响应 XRES、 加密密钥 CK、 完整性密钥 IK; 根据 RAND、 SQNHE, 鉴权密钥 KI和鉴 权管理域 AMF产生出消息鉴权编码 MAC-A; 根据 MAC- A、 SQNHE, 匿 名密钥 AK和 AMF得到鉴权标记 AUTN ( Authentication Token )。  HLR/AUC generates random number RAND, generates expected response XRES, encryption key CK, integrity key IK according to RAND and KI; generates message authentication code according to RAND, SQNHE, authentication key KI and authentication management domain AMF MAC-A; According to MAC-A, SQNHE, the anonymous key AK and AMF get the authentication token AUTN (Authentication Token).
由 RAND和 XRES、 CK、 IK和 AUTN组成鉴权五元组, 将该五元组 发送给移动交换中心 /拜访位置寄存器 (MSC/VLR , Mobile Switch Center/Visit Location Register )保存。 当然, 实际当中, HLR/AUC 是应 MSC/VLR 的请求才将产生的相应的一个或多个五元组发送给 MSC/VLR 的。 端根据自己保存的 KI验证 AUTN的一致性; 如果一致性验证不通过, 则 向 MSC/VLR返回鉴权失败信息; 若一致性验证通过, 则判断 SQNHE是 否属于可接受的范围: 若属于, 则终端判断出对网络鉴权通过, 终端向 MSC/VLR返回自己产生的鉴权响应, 并根据 AUTN 中的 SQNHE 更新 SQNMS; MSC/VLR比较终端返回的鉴权响应和对应五元组中的 XRES是 否一致来判断终端的合法性。 若判断出 SQNHE不属于可接受范围, 则终 端根据 SQNMS 产生再同步标记 AUTS ( Resynchi-onisation Token ), 对 MSC/VLR返回再同步请求或同步失败(Synchronisation Failure ) 消息, 同 时附上产生的再同步标记 AUTS, 也即消息中包含 AUTS; MSC/VLR接收 到再同步标记 AUTS 时, 将 AUTS 和对应五元组中的 RAND发送给 HLR/AUC; HLR/AUC根据对应保存的 KI和接收到的 RAND, 判断 AUTS 的合法性; 如果不合法, 则 HLR/AUC向 MSC/VLR返回 AUTS不合法信 息; 如果判断出 AUTS合法, 则 HLR/AUC根据 AUTS中的 SQNMS更新 SQNHE , 并产生一个新的鉴权五元组发送给 MSC/VLR; MSC/VLR接收到 新的五元组后 , 删除对应的旧的五元組并利用新五元组重新对终端鉴权。 The authentication quintuple is composed of RAND and XRES, CK, IK and AUTN, and the quintuple is sent to the mobile switching center/visit location register (MSC/VLR, Mobile Switch Center/Visit Location Register) for saving. Of course, in practice, the HLR/AUC sends the corresponding one or more 5-tuples to the MSC/VLR at the request of the MSC/VLR. The terminal verifies the consistency of the AUTN according to the KI saved by itself; if the consistency verification fails, the authentication failure information is returned to the MSC/VLR; if the consistency verification is passed, it is determined whether the SQNHE is in an acceptable range: if it belongs, The terminal determines that the network authentication is passed, the terminal returns its own authentication response to the MSC/VLR, and updates the SQNMS according to the SQNHE in the AUTN; the MSC/VLR compares the authentication response returned by the terminal with the XRES in the corresponding quintuple. Consistently determine the legitimacy of the terminal. If it is judged that SQNHE is not within the acceptable range, then The terminal generates a resynchronization flag AUTS (Resynchi-onisation Token) according to the SQNMS, and returns a resynchronization request or a synchronization failure (Synchronisation Failure) message to the MSC/VLR, and attaches the generated resynchronization flag AUTS, that is, the message includes AUTS; When receiving the resynchronization flag AUTS, the /VLR sends the AUTS and the RAND in the corresponding quintuple to the HLR/AUC; the HLR/AUC determines the legality of the AUTS according to the corresponding saved KI and the received RAND; if not, Then the HLR/AUC returns AUTS invalid information to the MSC/VLR; if it is determined that the AUTS is legal, the HLR/AUC updates the SQNHE according to the SQNMS in the AUTS, and generates a new authentication quintuple to send to the MSC/VLR; MSC/ After receiving the new quintuple, the VLR deletes the corresponding old quintuple and re-authenticates the terminal with the new quintuple.
其中, 终端通过比较自己保存的 SQNMS和 AUTN中的 SQNHE是否 满足预定的条件来判断 SQNHE是否可以接受,该预定条件可以是 SQNHE 和 SQNMS 的差值在一个预定范围内, 例如, 是否 ( SQNHE - SQNMS ) 大于 0, 或者是否 ( SQNHE - SQNMS ) 大于 0且小于 256。 如果 SQNHE 和 SQNMS的差值在所述预定范围内, 则判断出 SQNHE是可接受的; 否 则判断出 SQNHE是不可接受的。  The terminal determines whether the SQNHE is acceptable by comparing whether the SQNMS in the saved SQNMS and the AUTN meets a predetermined condition, and the predetermined condition may be that the difference between the SQNHE and the SQNMS is within a predetermined range, for example, whether (SQNHE - SQNMS) ) is greater than 0, or whether (SQNHE - SQNMS ) is greater than 0 and less than 256. If the difference between the SQNHE and the SQNMS is within the predetermined range, it is determined that the SQNHE is acceptable; otherwise, it is determined that the SQNHE is unacceptable.
在现实中, 存在用户卡克隆现象, 此种现象不但给合法用户带来损失, 还会影响到运营商的服务质量。 现有技术中通过不断地更新用户卡的鉴权 密钥来避免或发现合法用户卡被克隆。  In reality, there is a phenomenon of user card cloning, which not only causes losses to legitimate users, but also affects the service quality of operators. In the prior art, a legitimate user card is avoided or discovered by continuously updating the authentication key of the user card.
例如, 现有技术中存在一种通过假同步更新鉴权密钥的方法, 在产生 同步标记时,使用特定值替代 SQNMS,使得网络侧 HLR/AUC可以根据该 特定值判断同步请求为一个假同步, 即是一个要更新鉴权密钥的同步, 而 不是要更新 SQNHE的同步, 因此, HLR/AUC和用户卡可以完成更新鉴权 密钥的协商, 从而完成鉴权密钥的更新。 根据此种方法, 通过鉴权密钥更 新, 可以有效地防止合法用户卡和克隆用户卡同时使用的情况出现。 例如, 合法用户卡通过更新鉴权密钥, 可以使得克隆用户卡无法通过鉴权, 从而 不能继续使用。  For example, in the prior art, there is a method for updating an authentication key by using a pseudo-synchronization. When a synchronization flag is generated, a specific value is used instead of the SQNMS, so that the network-side HLR/AUC can determine that the synchronization request is a fake synchronization according to the specific value. That is, a synchronization to update the authentication key, instead of updating the synchronization of the SQNHE, therefore, the HLR/AUC and the user card can complete the negotiation of updating the authentication key, thereby completing the update of the authentication key. According to this method, by updating the authentication key, it is possible to effectively prevent the simultaneous use of the legitimate user card and the cloned user card. For example, by updating the authentication key, the legitimate user card can make the cloned user card unable to pass the authentication, and thus cannot continue to use.
但是, 在合法用户卡更新鉴权密钥之前, 即克隆用户卡与合法用户卡 所持有的鉴权密钥还相同时, 如果克隆用户卡抢先发起更新鉴权密钥的协 商流程, 使得保存在 HLR/AUC中的鉴权密钥与克隆用户卡中的鉴权密钥 得到同步更新, 合法用户卡里的鉴权密钥由于没有更新, 反而变成无效鉴 权密钥, 从而导致合法用户卡不能使用。 However, before the legal user card updates the authentication key, that is, when the cloned user card and the authentication key held by the legitimate user card are the same, if the cloned user card preemptively initiates the negotiation process of updating the authentication key, the save is saved. Authentication key in HLR/AUC and authentication key in cloned user card After the synchronization update is made, the authentication key in the legal user card becomes an invalid authentication key because it is not updated, and the legitimate user card cannot be used.
虽然, 此种情况下, 合法用户发现自己的用户卡不能使用时, 可意识 到用户卡被人克隆, 并可以到营业厅更改 HLR/AUC 中的鉴权密钥, 同时 刷新自己用户卡的鉴权密钥, 使得 HLR/AUC 中的鉴权密钥和自己用户卡 的鉴权密钥再次保持一致, 从而使得合法用户卡可以继续使用, 非法克隆 用户卡无法再继续使用。 但是, 此处理过程会给用户带来麻烦, 同时也会 增加营业厅工作人员的工作量。  Although, in this case, when the legitimate user finds that his user card cannot be used, he can realize that the user card is cloned, and can change the authentication key in the HLR/AUC to the business hall, and refresh the user card. The weight key makes the authentication key in the HLR/AUC and the authentication key of the user card again consistent, so that the legitimate user card can continue to be used, and the illegally cloned user card can no longer be used. However, this process can cause problems for the user and also increase the workload of the staff of the business hall.
因此, 如何有效地控制鉴权密钥的更新, 使得克隆用户卡无法实现有 效的鉴权密钥更新, 是一个值得研究的问题。  Therefore, how to effectively control the update of the authentication key makes it impossible for the cloned user card to implement an effective authentication key update, which is a problem worth studying.
发明内容 Summary of the invention
本发明提供一种受控的密钥更新方法及装置, 可以防止非法用户通过 克隆用户卡更新鉴权密钥而导致合法用户卡不能继续使用的情况出现。  The present invention provides a controlled key update method and apparatus, which can prevent an illegal user from updating the authentication key by cloning the user card, thereby causing the legitimate user card to continue to be used.
根据本发明的一个方面, 一种受控的密钥更新方法, 在网络侧预设用 于控制鉴权密钥更新的控制参数; 所述方法包括:  According to an aspect of the present invention, a controlled key update method is provided on a network side for controlling a control parameter for controlling an authentication key update; the method comprising:
终端对网络侧一致性验证通过后, 根据终端的鉴权密钥、 接收的随机 数、 终端保存的或用户输入的控制参数并用特定值替代终端序列号来生成 再同步标记, 向网络侧发送再同步请求命令, 附上所述再同步标记;  After the terminal passes the network side consistency verification, the resynchronization flag is generated according to the authentication key of the terminal, the received random number, the control parameter saved by the terminal or the user input, and the terminal serial number is replaced by a specific value, and sent to the network side. Synchronizing the request command, attaching the resynchronization flag;
网络侧接收到所述再同步请求命令, 在终端序列号为特定值时, 根据 预设的所述控制参数、 随机数、 网络侧的鉴权密钥对所述再同步标记进行 一致性验证; 在通过验证时执行密钥更新。  Receiving, by the network side, the resynchronization request command, when the terminal serial number is a specific value, performing consistency verification on the resynchronization flag according to the preset control parameter, the random number, and the network side authentication key; Perform a key update when passing verification.
可选地, 所述终端对网络侧一致性验证通过和生成再同步标记之间还 包括: 终端根据终端序列号判断网络侧的序列号在可接受的范围内。  Optionally, the determining, by the terminal, the network side consistency verification and the generating the resynchronization flag further includes: determining, by the terminal according to the terminal serial number, that the network side serial number is within an acceptable range.
可选地, 所述终端对网络侧一致性 r证通过后, 还包括: 终端根据终 端序列号判断网络侧的序列号不在可接受的范围内, 根据终端序列号、 自 身的鉴权密钥、 接收的随机数来生成再同步标记, 向网络侧发送再同步请 求命令, 附上所述再同步标记。  Optionally, after the terminal passes the network side consistency r certificate, the method further includes: the terminal determining, according to the terminal serial number, that the serial number of the network side is not within an acceptable range, according to the terminal serial number, the own authentication key, The received random number is used to generate a resynchronization flag, and a resynchronization request command is sent to the network side, and the resynchronization flag is attached.
可选地, 该方法还包括: 在终端序列号不是特定值时, 所述网络侧根 据随机数、 网络侧的鉴权密钥对所述再同步标记进行一致性验证, 在通过 验证时执行同步处理。 Optionally, the method further includes: when the terminal serial number is not a specific value, the network side performs the consistency verification on the resynchronization flag according to the random number and the network side authentication key, Synchronization is performed during verification.
可选地, 在对所述再同步标记进行一致性验证不通过时 , 所述网络侧 的归属位置寄存器 /鉴权中心向移动交换中心 /拜访位置寄存器发送同步处 理结果消息, 消息中包括非法同步信息。  Optionally, when the consistency verification of the resynchronization flag fails, the home location register/authentication center of the network side sends a synchronization processing result message to the mobile switching center/visit location register, where the message includes illegal synchronization. information.
可选地, 所述对网络侧进行一致性验证是指根据终端保存的鉴权密钥 和网络侧发送的随机数对网络侧发送的鉴权标记进行一致性验证。  Optionally, performing the consistency verification on the network side refers to performing consistency verification on the authentication mark sent by the network side according to the authentication key saved by the terminal and the random number sent by the network side.
可选地, 该方法还包括: 终端对网络侧的一致性验证未通过时, 向网 络侧发送鉴权失败信息。  Optionally, the method further includes: when the terminal fails to pass the consistency verification on the network side, sending the authentication failure information to the network side.
可选地, 所述终端包括用户设备和用户卡。  Optionally, the terminal includes a user equipment and a user card.
可选地, 所述终端预设的控制参数是指设置于用户设备中的控制参数 或者设置于用户卡中的控制参数。  Optionally, the control parameter preset by the terminal refers to a control parameter set in the user equipment or a control parameter set in the user card.
可选地, 所述控制参数是密码, 或终端的身份标识, 或用户自定义的 任意值。  Optionally, the control parameter is a password, or an identity of the terminal, or any user-defined value.
可选地, 该方法还包括: 终端和网絡侧在产生新的鉴权密钥后, 分别 重新初始化终端保存的序列号和网络侧保存的序列号的值。  Optionally, the method further includes: after generating the new authentication key, the terminal and the network side respectively re-initialize the serial number saved by the terminal and the value of the serial number saved by the network side.
可选地, 所述特定值是一个指定的数值, 或者是一个最高位字节或者 某个指定字节或某些指定的位为指定值的任意数值。  Optionally, the specific value is a specified value, or is a highest byte or any specified byte or some specified bit is any value of the specified value.
根据本发明的另一方面, 一种实现受控的密钥更新的装置, 包括: 控制参数存储单元, 用于存储控制鉴权密钥更新的控制参数; 特定值存储单元, 用于存储替代终端序列号来生成再同步标记的特定 值;  According to another aspect of the present invention, an apparatus for implementing controlled key update includes: a control parameter storage unit for storing control parameters for controlling an authentication key update; a specific value storage unit for storing an alternate terminal The serial number to generate a specific value for the resynchronization tag;
再同步标记生成单元, 用于根据终端的鉴权密钥、 接收的随机数、 终 端保存的或用户输入的控制参数并用特定值替代终端序列号来生成再同步 才示己。  The resynchronization flag generating unit is configured to generate a resynchronization according to the terminal's authentication key, the received random number, the terminal saved or the user input control parameter, and replace the terminal serial number with a specific value.
可选地, 所述装置位于终端内; 所述终端包括用户设备和用户卡; 所 述特定值存储单元和再同步标记生成单元位于用户卡内; 所述控制参数存 储单元位于用户设备或用户卡内。  Optionally, the device is located in the terminal; the terminal includes a user equipment and a user card; the specific value storage unit and the resynchronization flag generating unit are located in the user card; and the control parameter storage unit is located in the user equipment or the user card. Inside.
根据本发明的又一方面, 一种实现受控的密钥更新的装置, 包括: 控制参数保存单元, 用于保存控制鉴权密钥更新的控制参数; 特定值判别单元, 用于在收到再同步请求命令时, 判断终端序列号是 否为特定值; According to still another aspect of the present invention, an apparatus for implementing controlled key update includes: a control parameter saving unit, configured to save a control parameter for controlling the update of the authentication key; and a specific value discriminating unit, configured to determine, when the resynchronization request command is received, whether the terminal serial number is a specific value;
再同步标记验证单元, 用于根据所述控制参数保存单元保存的控制参 数验证所述收到的再同步请求命令所附的在同步标记的一致性;  a resynchronization flag verification unit, configured to verify, according to the control parameter saved by the control parameter saving unit, the consistency of the synchronization flag attached to the received resynchronization request command;
鉴权密钥更新单元, 用于在所述特定值的判断结果为是, 且所述再同 步标记验证单元验证通过时实现鉴权密钥的更新。  The authentication key update unit is configured to implement an update of the authentication key when the determination result of the specific value is YES, and the re-synchronization mark verification unit verifies the pass.
可选地, 所述装置位于网络侧的归属位置寄存器 /鉴权中心内。  Optionally, the device is located in a home location register/authentication center on the network side.
本发明提供的上述技术方案中, 终端生成再同步标记时加入了控制参 数, 网络侧对再同步标记进行一致性验证时也许根据控制参数, 由此, 非 法用户即使克隆了用户卡也无法通过克隆的用户卡更新鉴权密钥, 进而达 到防止非法用户通过非法克隆的用户卡更新鉴权密钥的目的。  In the above technical solution provided by the present invention, when the terminal generates the resynchronization flag, the control parameter is added, and the network side may perform the consistency verification on the resynchronization flag according to the control parameter. Therefore, the illegal user cannot clone the user card even if the user card is cloned. The user card updates the authentication key, thereby preventing the illegal user from updating the authentication key through the illegally cloned user card.
附图说明 图 1为本发明具体实施方式的流程图。 BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a flow chart of an embodiment of the present invention.
图 2是本发明的具体实施方式的具体实施例一的流程图。  2 is a flow chart of a first embodiment of a specific embodiment of the present invention.
图 3是本发明的具体实施方式的具体实施例二的流程图。  3 is a flow chart of a second embodiment of a specific embodiment of the present invention.
具体实施方式 本发明受控的密钥更新方法设置密钥更新控制参数, 在协商密钥更新 的同步处理流程中, 终端将该控制参数信息上传给网络侧 HLR/AUC , HLR/AUC 通过判断再同步标记符是否包含有该控制参数信息来判断是否 执行对应的鉴权密钥更新操作。 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The key update method controlled by the present invention sets a key update control parameter. In the synchronization process of the negotiation key update, the terminal uploads the control parameter information to the network side HLR/AUC, and the HLR/AUC passes the judgment. Whether the synchronization tag contains the control parameter information to determine whether to perform a corresponding authentication key update operation.
本发明中, 可以在 HLR/AUC终端用户的签约数据里设置用于控制鉴 权密钥更新的控制参数。通过扩展改造现有的鉴权流程中的同步处理流程, 当终端需要和 HLR/AUC协商更新鉴权密钥时, 终端在产生的再同步标记 符中引入自己保存的或用户输入的控制参数; 相应地, HLR/AUC在验证再 同步标记符的一致性时, 也根据自己设置的控制参数来进行。 从而, 当终 端保存的或终端用户输入的控制参数和 HLR7AUC设置的控制参数一致时, HLR/AUC才能够通过对再同步标记符的一致性判断。由于克隆用户卡并不 知道 HLR/AUC 中对应合法用户卡设置的所述控制参数信息, 因此, 克隆 用户卡在与 HLR/AUC协商更新鉴权密钥时, 其产生的再同步标记符将无 法通过 HLR/AUC的一致性验证, 克隆用户卡也无法与 HLR/AUC有效地 协商鉴权密钥的更新。 In the present invention, control parameters for controlling the authentication of the authentication key may be set in the subscription data of the HLR/AUC terminal user. By extending the synchronization process in the existing authentication process, when the terminal needs to negotiate with the HLR/AUC to update the authentication key, the terminal introduces a control parameter saved by itself or input by the user in the generated resynchronization tag; Correspondingly, when the HLR/AUC verifies the consistency of the resynchronization marker, it also performs according to the control parameters set by itself. Therefore, when the control parameters saved by the terminal or input by the terminal user are consistent with the control parameters set by the HLR7AUC, the HLR/AUC can determine the consistency of the resynchronization marker. Because the clone user card is not Knowing the control parameter information corresponding to the legal user card setting in the HLR/AUC, therefore, when the cloned user card negotiates with the HLR/AUC to update the authentication key, the resynchronization tag generated by the cloned user card cannot pass the HLR/AUC consistency. Sexual verification, the cloned user card also cannot effectively negotiate the update of the authentication key with the HLR/AUC.
本发明对现有鉴权流程的更改可以仅限于用户卡和 HLR/AUC, 也即, 同步流程涉及到的中间设备,包括基站( NodeB ),基站控制器( RNC, Radio Network Controller )和核心网设备 (例如 MSC )等都不需要作任何更改。 因此, 本发明相对于那些导致 NodeB、 RNC和 MSC中的一个或多个需要 更改的控制鉴权密钥更新的方法更加容易实施。  The modification of the existing authentication process of the present invention can be limited to the user card and the HLR/AUC, that is, the intermediate devices involved in the synchronization process, including the base station (NodeB), the base station controller (RNC, Radio Network Controller), and the core network. No changes are required to the device (eg MSC). Thus, the present invention is easier to implement with respect to methods that result in control authentication key updates that require one or more of the NodeB, RNC, and MSC to be changed.
本发明用于控制密钥更新的所述控制参数可以是一个密码, 例如是一 个用户 PIN码 ( SPIN, Subscriber Personal Identification Number ); 也可以 一个终端的身份标识, 例如是终端的国际移动台设备标识 (IMEI , International Mobile Station Equipment Identity ); 当然, 也可以是用户自定 义的一个任意值, 例如, 用户的別名、 用户的头像信息、 或者是用户的头 像数据的摘要信息, 等等。  The control parameter used to control the key update of the present invention may be a password, such as a user PIN code (SPIN, Subscriber Personal Identification Number); or an identity of a terminal, such as an international mobile station device identifier of the terminal. (IMEI, International Mobile Station Equipment Identity); Of course, it can also be an arbitrary value customized by the user, for example, the user's alias, the user's avatar information, or the summary information of the user's avatar data, and the like.
下面结合附图对本发明的具体实施方式进行详细的说明。  The specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
该具体实施方式中, 在 HLR/AUC 中对应终端用户的签约数据里设置 用于控制鉴权密钥更新的控制参数。 用户可以通过营业厅, 或者通过营业 厅提供的服务电话接口或服务网站, 在 HLR/AUC 中自己的签约数据里保 存所述控制参数。 所述终端包括用户设备 ( UE, User Equipment )和用户 卡。 所述用户卡对于宽带码分多址(WCDMA, Wideband Code Division Multiple Access )系统来说,是指 USIM ( UMTS Subscriber Identity Module, 通用移动通信系统用户识别模块)。  In this embodiment, a control parameter for controlling the authentication key update is set in the subscription data of the corresponding end user in the HLR/AUC. The user can save the control parameters in his own subscription data in the HLR/AUC through the business hall or through the service telephone interface or service website provided by the business hall. The terminal includes a user equipment (UE, User Equipment) and a user card. The user card refers to a USIM (UMTS Subscriber Identity Module) for a Wideband Code Division Multiple Access (WCDMA) system.
请参阅图 1 , 在需要更新鉴权密钥时, 执行如下流程:  Referring to Figure 1, when the authentication key needs to be updated, the following process is performed:
在步骤 101中, 终端向网络侧发起位置更新请求。  In step 101, the terminal initiates a location update request to the network side.
本步驟也可以是向网络侧发起业务请求。 实际当中可以是终端发送的 任何可以引起网络侧对终端进行鉴权的消息。  This step may also be to initiate a service request to the network side. In practice, any message sent by the terminal that can cause the network side to authenticate the terminal may be used.
步骤 102, 网络侧 MSC/VLR接收到该位置更新请求后将产生的鉴 权元组中的相应鉴权参数发送给终端。 所述鉴权元组可以包括随机数 RAND、 期望响应 XRES、 加密密钥 CK:、 完整性密钥 IK和鉴权标记 AUTN。 Step 102: The network side MSC/VLR sends the corresponding authentication parameter in the generated authentication tuple to the terminal after receiving the location update request. The authentication tuple may include a random number RAND, a desired response XRES, an encryption key CK:, an integrity key IK, and an authentication token AUTN.
所述相应鉴权参数包括 RAND和 AUTN。  The corresponding authentication parameters include RAND and AUTN.
产生鉴权元组时, HLR/AUC用随机数发生器产生的 RAND和自身 保存的鉴权密钥 KI分别计算出 XRES、 CK、 IK; 还根据 RAND、 KI、 序列号 SQNHE、 鉴权管理域 AMF产生 AUTN。  When the authentication tuple is generated, the HLR/AUC calculates the XRES, CK, and IK by using the RAND generated by the random number generator and the authentication key KI stored by itself; and also according to RAND, KI, serial number SQNHE, and the authentication management domain. AMF generates AUTN.
所述鉴权标记 AUTN长 16字节, 包括以下内容:  The authentication token AUTN is 16 bytes long and includes the following contents:
1 ) SQNHEA AK, 也即用匿名密钥 AK加密 SQNHE, 其中 SQNHE 与 AK长 6字节, SQNHE指保存在网络侧的 SQN, 以区别于保存在终 端的 SQNMS; 当需要对 SQNHE进行加密时, HLR/AUC根据 RAND和 KI产生 AK, 使用 AK对 SQNHE作异或运算, 从而加密 SQNHE; 当不 需要对 SQNHE进行加密时, AK = 0; 1) SQNHE A AK, that is, SQNHE is encrypted with an anonymous key AK, where SQNHE and AK are 6 bytes long, SQNHE refers to SQN stored on the network side to distinguish it from SQNMS stored in the terminal; When SQNHE needs to be encrypted , HLR / AUC generates AK according to RAND and KI, uses AK to XOR the SQNHE, thereby encrypting SQNHE; when it is not necessary to encrypt SQNHE, AK = 0;
2 ) 鉴权管理域 AMF长 2字节。  2) Authentication management domain AMF is 2 bytes long.
3 ) 消息鉴权编码 MAC- A长 8字节; MAC-A用于验证 RAND、 SQNHE , AMF 的数据完整性, 用于终端对 HLR/AUC 进行鉴权。 HLR/AUC根据 RAND、 SQNHE、 KI和 AMF计算出 AUTN中的 MAC-A。  3) Message authentication code MAC-A is 8 bytes long; MAC-A is used to verify the data integrity of RAND, SQNHE, AMF, and is used for terminal authentication of HLR/AUC. The HLR/AUC calculates the MAC-A in the AUTN based on RAND, SQNHE, KI, and AMF.
这样, 由 RAND、 AUTN, XRES、 CK、 IK等组成鉴权五元组。 HLR/AUC 产生鉴权五元组后将相应的国际移动用户识别码 IMSI 和鉴权五元組 RAND、 CK、 IK、 XRES和 AUTN发送给 MSC/VLR。 MSC/VLR 为电路域设备, 对于分组域的网络, 对应的设备可以为服务 通用无线分组业务支持节点 ( SGSN , Serving General Packet Radio Service Support Node )„鉴权时,网络侧的 MSC/VLR将接收自 HLR/AUC 的鉴权元组中的 RAND和 AUTN传送给终端。  Thus, the quintuple is composed of RAND, AUTN, XRES, CK, IK, and the like. After the HLR/AUC generates the authentication quintuple, it sends the corresponding International Mobile Subscriber Identity (IMSSI) and the authentication quintuple RAND, CK, IK, XRES and AUTN to the MSC/VLR. The MSC/VLR is a circuit domain device. For a packet domain network, the corresponding device may be a Serving General Packet Radio Service Support Node (SGSN). When the authentication is performed, the MSC/VLR on the network side will receive the self. The RAND and AUTN in the authentication tuple of the HLR/AUC are transmitted to the terminal.
步骤 103 , 终端接收到 MSC/VLR发送的相应鉴权参数(即 RAND 和 AUTN ) 并判断出对 AUTN的一致性验证通过后, 根据 RAND和 KI 进行计算, 得到新鉴权密钥 NewKI; 终端获取控制参数, 并根据所述控 制参数, 用约定的特定值代替 SQNMS来产生再同步标记 AUTS, 向网 络发起再同步请求命令, 并附上再同步标记 AUTS。 所述的向网络发起 再同步请求命令并附上再同步标记 AUTS , 也即向网络侧发送同步失败 消息, 消息中包含 AUTS。 Step 103: The terminal receives the corresponding authentication parameters (ie, RAND and AUTN) sent by the MSC/VLR, and determines that the consistency verification of the AUTN is passed, and performs calculation according to RAND and KI to obtain a new authentication key NewKI; Controlling parameters, and according to the control parameters, replacing the SQNMS with the specified specific value to generate the resynchronization flag AUTS, initiating a resynchronization request command to the network, and attaching the resynchronization flag AUTS. The initiating a resynchronization request command to the network and attaching the resynchronization flag AUTS, that is, sending the synchronization failure to the network side Message, the message contains AUTS.
需要说明的是, 所述的终端包括用户设备 UE和用户卡。 实际当中, 是 UE接收所述鉴权请求, 并将鉴权参数 ( RAND和 AUTN )发送给用户 卡, 用户卡才艮据自己保存的 KI来对接收到的 AUTN进行一致性验证, 此 不赘述。  It should be noted that the terminal includes a user equipment UE and a user card. In practice, the UE receives the authentication request, and sends the authentication parameters (RAND and AUTN) to the user card, and the user card performs the consistency verification on the received AUTN according to the KI saved by itself. .
所述再同步标记 AUTS包括以下内容:  The resynchronization flag AUTS includes the following:
1 ) SQNMSA AK, 也即用 AK加密的 SQNMS , 其中 SQNMS与 AK分别长 6字节, SQNMS指保存在终端侧的 SQN, 以区别于保存在 网络侧的 SQNHE; 当需要对 SQNMS进行加密时, 终端根据 RAND和 KI产生 AK, 使用 AK对 SQNMS作异或运算, 从而加密 SQNMS; 当 不需要对 SQNMS进行加密时, AK = 0; 1) SQNMS A AK, which is an SQNMS encrypted with AK, where SQNMS and AK are respectively 6 bytes long, and SQNMS refers to SQN stored on the terminal side to distinguish it from SQNHE stored on the network side; When SQNMS needs to be encrypted The terminal generates an AK according to RAND and KI, and performs an exclusive OR operation on the SQNMS by using AK to encrypt the SQNMS; when it is not necessary to encrypt the SQNMS, AK = 0;
2 ) 消息鉴权编码 MAC-S, 长 8字节; MAC- S用于验证 RAND、 SQNMS 的数据完整性, 也用于 HLR/AUC对终端进行鉴权, 也即, 用 于 HLR/AUC验证 AUTS的合法性。 在在本发明的鉴权流程里, 终端用 代替 SQNMS 的特定值、 所述自己保存的或用户输入的控制参数、 KI 和接收到的 RAND 以及 AMF等计算得到 MAC-S , 再根据该特定值、 AK和 MAC-S产生再同步标记 AUTS。  2) Message authentication code MAC-S, length 8 bytes; MAC-S is used to verify the data integrity of RAND and SQNMS, and is also used for HLR/AUC to authenticate the terminal, that is, for HLR/AUC authentication. The legality of AUTS. In the authentication process of the present invention, the terminal calculates the MAC-S by replacing the specific value of the SQNMS, the self-preserved or user-entered control parameter, the KI, the received RAND, and the AMF, and then according to the specific value. , AK and MAC-S generate resynchronization flag AUTS.
具体地说,终端在接收到网络侧 MSC/VLR发送的 RAND和 AUTN 后, 根据接收到的 RAND 与自身保存的 KI 和接收到的 AUTN 中的 SQNHE以及 AMF采用与 HLR/AUC计算 AUTN中 MAC-A—致的算法 进行计算得到一个计算结果, 终端比较自己计算得到的计算结果与接收 到的 AUTN中的 MAC-A是否一致(例如是否相同) , 若不一致, 则向 MSC/VLR返回鉴权失败信息; 若一致则用约定的特定值代替 SQNMS 来根据自己的 KI、 所述自己保存的或用户输入的控制参数和接收到的 RAND以及 AUTN中的 AMF等计算得到 MAC-S,再根据该特定值代替 SQNMS来和 AK以及 MAC-S产生再同步标记 AUTS , 即用 AK对该特 定值进行加密, 将密文和 MAC-S组合来产生 AUTS。 终端产生 AUTS 后向网络侧发送再同步请求命令并附上所述再同步标记 AUTS, 或者向 网络侧发送同步失败消息, 并在该消息中包含 AUTS。 终端产生 MAC-S时, 可以先用控制参数和 KI进行摘要计算, 得到 一个计算结果 Resultl , 再用 Resultl和所述特定值进行摘要计算, 得到 一个计算结果 Result2, 再用 Result2和所述 RAND进行摘要计算, 得到 一个计算结果 Result3 , 再用 Result3和所述 AMF进行摘要计算, 并将 得到的计算结果作为 MAC-S。 Specifically, after receiving the RAND and AUTN sent by the network side MSC/VLR, the terminal calculates the MAC in the AUTN according to the received RAND and the KI saved by itself and the SQNHE and the AMF in the received AUTN and the HLR/AUC. The A-based algorithm calculates a calculation result, and the terminal compares the calculation result calculated by itself with the MAC-A in the received AUTN (for example, whether it is the same). If it is inconsistent, it returns the authentication failure to the MSC/VLR. Information; if it is consistent, the SQNMS is replaced by the specific value of the agreement to calculate the MAC-S according to its own KI, the self-preserved or user-entered control parameters, the received RAND, and the AMF in the AUTN, etc., according to the specific The value replaces the SQNMS to generate a resynchronization flag AUTS with the AK and the MAC-S, that is, the specific value is encrypted with AK, and the ciphertext and the MAC-S are combined to generate the AUTS. After generating the AUTS, the terminal sends a resynchronization request command to the network side and attaches the resynchronization flag AUTS, or sends a synchronization failure message to the network side, and includes AUTS in the message. When the terminal generates the MAC-S, it can first perform the digest calculation with the control parameter and the KI to obtain a calculation result Resultl, and then use the Resultl and the specific value for the digest calculation to obtain a calculation result Result2, and then use the Result2 and the RAND to perform The calculation is performed to obtain a calculation result R esu lt3 , and then the summary calculation is performed by Result3 and the AMF, and the obtained calculation result is taken as MAC-S.
实际当中, 由于产生 MAC-S可以完全在用户卡中实现, 因此, 如 果控制参数在用户设备 UE中设置时, 在用户卡需要根据控制参数计算 MAC- S时, UE需要将控制参数传送给用户卡。 例如, 鉴权时, UE在 将 RAND和 AUTN传送给用户卡的同时将所述控制参数也传送给用户 卡。 如果控制参数在用户卡中设置时, 在用户卡需要根据控制参数计算 MAC- S时, 可以直接获取自己保存的控制参数, UE就不需要将控制参 数传送给用户卡。  In practice, since the generation of the MAC-S can be completely implemented in the user card, if the control parameter is set in the user equipment UE, the UE needs to transmit the control parameter to the user when the user card needs to calculate the MAC-S according to the control parameter. card. For example, at the time of authentication, the UE transmits the control parameters to the user card while transmitting the RAND and AUTN to the user card. If the control parameter is set in the user card, when the user card needs to calculate the MAC-S according to the control parameter, the control parameter saved by itself can be directly obtained, and the UE does not need to transmit the control parameter to the user card.
当然, 这里产生 MAC-S 的过程和采用的摘要算法, 可以根据实际 情况而定, 关于具体产生 AUTS过程, 以及产生时使用的算法还可以参 照 3GPP相关规范, 在此不再赘述。  Of course, the process of generating the MAC-S and the digest algorithm used may be determined according to the actual situation. The algorithm for generating the AUTS and the algorithm used in the generation may also refer to the relevant 3GPP specifications, and details are not described herein.
所述终端获取控制参数可以是, 终端的 UE对应保存控制参数, 终 端直接获取 UE保存的控制参数; 也可以是用户卡保存了控制参数, 终 端直接获取用户卡保存的控制参数; 也可以是终端提示用户输入控制参 数, 终端根据用户输入获取所述控制参数。  The terminal acquiring the control parameter may be: the UE corresponding to the terminal saves the control parameter, and the terminal directly acquires the control parameter saved by the UE; or the user card saves the control parameter, and the terminal directly obtains the control parameter saved by the user card; The user is prompted to input a control parameter, and the terminal acquires the control parameter according to the user input.
对于用户卡产生 MAC-S时, 何时根据控制参数来进行, 何时又不 根据控制参数来进行, 可以由 UE来决定。 例如, 对于控制参数保存在 UE的情况, 当鉴权时, UE将控制参数和 RAND以及 AUTN传送给用 户卡时, 用户卡产生 MAC-S时, 根据控制参数来进行; 当鉴权时, UE 仅仅将 RAND和 AUTN传送给用户卡, 而没有包括控制参数时 , 用户 卡产生 MAC-S时, 不再根据控制参数来进行。 相应的, 对于控制参数 保存在用户卡的情况, 当鉴权时, UE将 RAND和 AUTN以及一个用于 表示是否根据控制参数产生 MAC-S的特殊标志传送给用户卡时, 用户 卡产生 MAC-S时, 将根据特殊标志来决定是否根据控制参数来进行。 一般的, UE 可以周期性地决定进行鉴权密钥的更新, 也就是周期性地 决定用户卡^ :艮据控制参数来产生 MAC-S。 当然, 也可以由用户卡来决 定何时进行鉴权密钥的更新, 也即何时根据控制参数来产生 MAC-S, 例如, 在 UE中保存控制参数, 开机时, 终端将该控制参数传送给用户 卡, 用户卡保存该控制参数, 并在需要进行鉴权密钥更新时, 根据该控 制参数来产生 MAC-S。 用户卡可以是根据鉴权标记中鉴权管理域 AMF 所设置的特殊值来决定需要进行鉴权密钥的更新。 When the MAC-S is generated by the user card, when it is performed according to the control parameters, and when it is not performed according to the control parameters, it can be determined by the UE. For example, when the control parameter is saved in the UE, when the UE transmits the control parameter and the RAND and the AUTN to the user card when authenticating, when the user card generates the MAC-S, it is performed according to the control parameter; when authenticating, the UE only When RAND and AUTN are transmitted to the user card, and the control parameters are not included, when the user card generates the MAC-S, it is no longer performed according to the control parameters. Correspondingly, in the case that the control parameter is saved in the user card, when the UE transmits the RAND and AUTN and a special flag indicating whether to generate the MAC-S according to the control parameter to the user card, the user card generates the MAC-S. When it is determined according to the special flag, it is determined according to the control parameters. Generally, the UE may periodically decide to update the authentication key, that is, periodically. Determine the user card ^ : Generate MAC-S according to the control parameters. Of course, it is also possible for the user card to decide when to update the authentication key, that is, when the MAC-S is generated according to the control parameter, for example, the control parameter is saved in the UE, and when the power is turned on, the terminal transmits the control parameter. To the user card, the user card saves the control parameter and generates a MAC-S based on the control parameter when an authentication key update is required. The user card may decide to update the authentication key according to the special value set by the authentication management domain AMF in the authentication token.
当 UE和用户卡都不保存控制参数时, 可以是在需要根据控制参数 产生 MAC- S时, 由 UE提示用户输入控制参数, UE将用户输入的控制 参数和 RAND以 AUTN—起传送给用户卡, 或者单独将控制参数传送 给用户卡。 将控制参数保存在终端的 UE或者用卡里的好处是, 不需要 在每次更新鉴权密钥时, 都让用户输入控制参数, 这样会具有更好的用 户体猃。  When neither the UE nor the user card saves the control parameter, when the MAC-S needs to be generated according to the control parameter, the UE prompts the user to input the control parameter, and the UE transmits the control parameter input by the user and the RAND to the user card in the AUTN. , or transfer the control parameters to the user card separately. The advantage of storing the control parameters in the UE or the card of the terminal is that the user is not required to enter the control parameters each time the authentication key is updated, which results in a better user experience.
步骤 104, MSC/VLR接收到再同步请求命令后, 将对应本次鉴权的五 元组中的 RAND和接收自终端的 AUTS发送给 HLR/AUC。  Step 104: After receiving the resynchronization request command, the MSC/VLR sends the RAND in the quintuple corresponding to the current authentication and the AUTS received from the terminal to the HLR/AUC.
步骤 105, HLR/AUC接收到再同步请求命令后, 先从 AUTS中解析出 Step 105: After receiving the resynchronization request command, the HLR/AUC first parses out from the AUTS.
SQNMS, 并在判断出 SQNMS为所述特定值时, 根据自己保存的 KI和设 置的所述控制参数对 AUTS进行一致性验证, 并在对 AUTS的一致性验证 通过后, 执行步骤 106; 否则, 执行步骤 107。 SQNMS, and when it is determined that the SQNMS is the specific value, the AUTS is consistently verified according to the saved KI and the set control parameter, and after the consistency verification of the AUTS is passed, step 106 is performed; otherwise, Go to step 107.
HLR/AUC根据自己保存的 KI和设置的所述控制参数对 AUTS进行一 致性验证是指: HLR/AUC根据所述自己保存的 KI、 控制参数、 AMF、 特 定值和同步消息中的 RAND采用与终端根据 KI、 控制参数、 AMF、 所述 特定值和所述 RAND产生 MAC-S—致的算法进行计算, 得到一个计算结 果, 比较自己计算得到的计算结果和同步消息中 AUTS 中的 MAC-S是否 一致,如果一致,则判断出通过 AUTS的一致性验证;否则,判断出对 AUTS 的一致性险证通不过。  The HLR/AUC performs conformance verification on the AUTS according to the saved KI and the set control parameters. The HLR/AUC adopts according to the KI, the control parameter, the AMF, the specific value and the RAND in the synchronization message. The terminal performs calculation according to the KI, the control parameter, the AMF, the specific value, and the RAND-generated MAC-S algorithm, and obtains a calculation result, and compares the calculated result and the MAC-S in the AUTS in the synchronization message. Whether it is consistent, if it is consistent, it is judged that the consistency verification by AUTS; otherwise, it is judged that the consistency risk of AUTS cannot pass.
所述从 AUTS中解析出 SQNMS是指: 当 SQNMS采用加密模式, 则 HLR/AUC先根据 KI和 RAND计算出 AK,用 AK从 AUTS中解密出 SQNMS 明文; 当 SQNMS采用明文模式, 即 AK值设置为 0的情况下, HLR/AUC 从 AUTS中直接得到 SQNMS明文。 步骤 106 , HLR/AUC根据 KI和 RAND按照终端计算新鉴权密钥 NewKI 一致的方法进行计算得到新鉴权密钥 NewKI。 The SQNMS is parsed from the AUTS: when the SQNMS adopts the encryption mode, the HLR/AUC first calculates the AK according to the KI and the RAND, and decrypts the SQNMS plaintext from the AUTS by using the AK; when the SQNMS adopts the plaintext mode, that is, the AK value is set. In the case of 0, the HLR/AUC directly obtains the SQNMS plaintext from the AUTS. Step 106: The HLR/AUC calculates the new authentication key NewKI according to the method that the KI and the RAND are consistent according to the terminal computing the new authentication key NewKI.
更新鉴权密钥之后, 还可以产生新鉴权元组, 并向 MSC/VLR发送同 步处理结果消息, 在消息中包括新鉴权元组。  After updating the authentication key, a new authentication tuple can also be generated, and a synchronization processing result message is sent to the MSC/VLR, and the new authentication tuple is included in the message.
步骤 107, HLR/AUC判断出再同步消息非法, 结束处理。 在结束处理 之前, 还可以包括向 MSC/VLR发送同步处理结果消息, 并在消息中包括 非法同步信息。  Step 107: The HLR/AUC determines that the resynchronization message is illegal, and ends the processing. Before ending the processing, the method may further include sending a synchronization processing result message to the MSC/VLR, and including illegal synchronization information in the message.
上述步骤 103 中, 终端产生新鉴权密钥之前, 还可以进一步包括判断 SQNHE是否在可接受范围内的步骤, 并在 SQNHE可接受时, 判断出对网 络鉴权通过, 终端根据 SQNHE更新保存的 SQNMS并执行产生新鉴权密 钥等等的后续操作; 否则, 即, 在 SQNHE不可接受时, 判断出同步失败, 并执行正常的同步处理流程, 也即根据 SQNMS产生再同步标记 AUTS, 即, 根据 SQ MS、 KI和接收到的 RAND以及 AMF等计算得到 MAC-S, 再根据 SQNMS、 A 和 MAC-S产生再同步标记 AUTS,即用 AK对 SQNMS 进行加密, 将密文和 MAC-S组合来产生 AUTS。 终端产生 AUTS后, 对网 络侧 MSC返回再同步请求命令或同步失败消息 ,同时附上产生的再同步标 记 AUTS。  In the foregoing step 103, before the terminal generates a new authentication key, the terminal may further include the step of determining whether the SQNHE is within an acceptable range, and when the SQNHE is acceptable, determining that the network authentication is passed, and the terminal is updated according to the SQNHE update. The SQNMS performs a subsequent operation of generating a new authentication key or the like; otherwise, that is, when the SQNHE is unacceptable, it determines that the synchronization fails, and performs a normal synchronization processing flow, that is, generates a resynchronization flag AUTS according to the SQNMS, that is, The MAC-S is calculated according to the SQ MS, the KI, and the received RAND and AMF, and then the resynchronization flag AUTS is generated according to the SQNMS, A, and MAC-S, that is, the SQNMS is encrypted by the AK, and the ciphertext and the MAC-S are combined. To produce AUTS. After the terminal generates the AUTS, it returns a resynchronization request command or a synchronization failure message to the network side MSC, and attaches the generated resynchronization flag AUTS.
终端和 HLR/AUC预先约定: HLR/AUC在接收到终端的再同步请求命 令后, 如果判断出 SQNMS 为约定的特定值时, 则执行产生新鉴权密钥 NewKI的操作。 当然, 为了更新鉴权密钥的协商的安全性, HLR/AUC还 需要对再同步请求消息进行合法性验证。  The terminal and the HLR/AUC pre-agreed: After receiving the resynchronization request command of the terminal, the HLR/AUC performs an operation of generating a new authentication key NewKI if it is determined that the SQNMS is a specific value of the agreement. Of course, in order to update the security of the negotiation of the authentication key, the HLR/AUC also needs to verify the validity of the resynchronization request message.
上述 HLR/AUC接收到再同步请求命令后, 判断出 SQNMS不是所述 约定的特定值时 ,按正常同步流程处理,即判断 AUTS合法时,根据 SQNMS 更新 SQNHE,并产生新的鉴权元组,向 MSC/VLR返回同步处理结果消息, 消息中包括新的鉴权元组; 判断 AUTS非法时, 向 MSC/VLR返回同步处 理结果消息, 消息中包括非法同步信息。  After receiving the resynchronization request command, the HLR/AUC determines that the SQNMS is not the specific value of the agreement, and processes according to the normal synchronization process, that is, when the AUTS is determined to be legal, the SQNHE is updated according to the SQNMS, and a new authentication tuple is generated. The synchronization processing result message is returned to the MSC/VLR, and the message includes a new authentication tuple. When it is determined that the AUTS is illegal, the synchronization processing result message is returned to the MSC/VLR, and the message includes illegal synchronization information.
MSC/VLR接收到同步处理结果消息后,仍然按照正常的同步处理流程 进行相应处理。  After receiving the synchronization processing result message, the MSC/VLR still performs corresponding processing according to the normal synchronization processing flow.
为了更好地展现本发明的思想和意义, 以下将通过具体实施例来对本 发明进行详细阐述。 In order to better demonstrate the idea and meaning of the present invention, the following will be The invention is elaborated.
请参阅图 2, 图 2所示为本发明具体实施方式的具体实施例一。 本实 施例是使用本发明的受控密钥更新方法进行鉴权密钥更新控制的流程, 在 本实施例中, 终端和 HLR/AUC协商对鉴权密钥进行有控制的更新, 控制 是通过在 HLR/AUC 中对应用户的签约数据里设置用于控制鉴权密钥更新 的的控制参数来进行的, 相应的, 本实施例中, 还在终端的 UE里对应保 存了所述控制参数。本实施例还约定用特定值 125表示需要更新鉴权密钥, 该特定值对应的约定内容,也即网络侧识别到该特定值时执行的内容为 "产 生新的鉴权密钥以便根据新的鉴权密钥进行鉴权"。所述终端包括用户设备 UE和用户卡。  Please refer to FIG. 2. FIG. 2 is a specific embodiment 1 of a specific embodiment of the present invention. The embodiment is a process for performing the authentication key update control by using the controlled key update method of the present invention. In this embodiment, the terminal and the HLR/AUC negotiate a controlled update of the authentication key, and the control is passed. The control parameter for controlling the update of the authentication key is set in the subscription data of the corresponding user in the HLR/AUC. Correspondingly, in this embodiment, the control parameter is also saved in the UE of the terminal. This embodiment also stipulates that the specific value 125 indicates that the authentication key needs to be updated, and the content corresponding to the specific value, that is, the content executed when the network side recognizes the specific value, is "generating a new authentication key to be based on the new one. The authentication key is authenticated." The terminal includes a user equipment UE and a user card.
在需要更新鉴权密钥时, 执行如下流程:  When the authentication key needs to be updated, the following process is performed:
在步骤 201 , 终端向网络发起位置更新请求;  In step 201, the terminal initiates a location update request to the network;
本步骤也可以是向网络侧发起业务请求。 实际当中可以是终端发送的 任何可以引起网络侧对终端进行鉴权的消息。  This step may also be to initiate a service request to the network side. In practice, any message sent by the terminal that can cause the network side to authenticate the terminal may be used.
在步骤 202, 网絡侧 MSC/VLR接收到所述请求后, 对终端进行鉴 权, 并通过对终端发送鉴权请求, 将对应该终端的当前鉴权五元组中的 鉴权参数 RAND和 AUTN发送给终端。  In step 202, after receiving the request, the network side MSC/VLR authenticates the terminal, and sends an authentication request to the terminal, and the authentication parameters RAND and AUTN in the current authentication quintuple corresponding to the terminal are Send to the terminal.
具体地说, HLR/AUC根据随机数发生器产生 RAND, 根据 RAND 和 KI分别计算出 XRES、 CK IK。 根据 RAND、 SQNHE、 KI和 AMF 计算产生出 MAC-A,再根据 MAC-A、 SQNHE、 AK及 AMF产生 AUTN。 这里, 当需要对 SQNHE进行加密时, HLR/AUC根据 RAND和 KI产生 AK, 使用 AK对 SQNHE作异或运算, 从而加密 SQNHE; 当不需要对 SQNHE进行加密时, AK = 0;  Specifically, the HLR/AUC generates RAND based on the random number generator, and calculates XRES and CK IK based on RAND and KI, respectively. MAC-A is generated based on RAND, SQNHE, KI, and AMF calculations, and AUTN is generated based on MAC-A, SQNHE, AK, and AMF. Here, when it is necessary to encrypt the SQNHE, the HLR/AUC generates an AK according to the RAND and the KI, and performs an exclusive OR operation on the SQNHE by using the AK to encrypt the SQNHE; when it is not necessary to encrypt the SQNHE, AK = 0;
然后 HLR/AUC将 RAND、 AUTN、 XRES、 CK和 IK组成的五元组和 对应的 IMSI—起发送给 MSC/VLR。 HLR/AUC是在接收到 MSC/VLR的 请求鉴权五元组的请求后才将产生的鉴权元组发送给 MSC/VLR的。  The HLR/AUC then sends the quintuple of RAND, AUTN, XRES, CK, and IK and the corresponding IMSI to the MSC/VLR. The HLR/AUC sends the generated authentication tuple to the MSC/VLR after receiving the request of the MSC/VLR request authentication quintuple.
鉴权时, MSC/VLR向终端发起鉴权请求, 并同时将五元组中的鉴权参 数 RAND和 AUTN发送给终端。  During authentication, the MSC/VLR initiates an authentication request to the terminal, and simultaneously transmits the authentication parameters RAND and AUTN in the quintuple to the terminal.
步骤 203, 终端接收到鉴权请求时, 先根据自己保存的 KI对接收的 AUTN进行一致性验证,也即先根据自己保存的 KI和所述 RAND对 AUTN 进行一致性验证, 若验证通过, 则执行步骤 205; 否则, 执行步驟 204。 Step 203: When receiving the authentication request, the terminal first receives the KI according to the saved KI. The AUTN performs the consistency verification, that is, first performs the consistency verification on the AUTN according to the KI and the RAND saved by itself. If the verification is passed, step 205 is performed; otherwise, step 204 is performed.
具体地说, 终端接收到来自 MSC/VLR的 RAND和 AUTN时, 根据自 身保存的 KI、 接收到的 RAND和接收到的 AUTN中的 SQNHE以及 AMF 采用与 HLR/AUC计算 AUTN中 MAC-A—致的算法生成 MAC-A,然后终 端对自身生成的 MAC-A与 AUTN中的 MAC-A进行比较, 若相等则判断 出对 AUTN的一致性验证通过, 否则, 判断出对 AUTN的一致性验证不通 过。  Specifically, when the terminal receives the RAND and AUTN from the MSC/VLR, it calculates the MAC-A in the AUTN based on the KI stored by itself, the received RAND, and the SQNHE in the received AUTN and the AMF. The algorithm generates MAC-A, and then the terminal compares the MAC-A generated by itself with the MAC-A in the AUTN. If they are equal, it determines that the AUTN consistency verification is passed. Otherwise, it determines that the AUTN consistency verification is not by.
需要说明的是, 由于终端包括了用户设备 UE和用户卡, 实际当中, 是 UE接收所述鉴权请求, 并将鉴权参数 RAND和 AUTN发送给用户卡, 用户卡根据自己保存的 KI来对接收到的 AUTN进行一致性验证。  It should be noted that, since the terminal includes the user equipment UE and the user card, in practice, the UE receives the authentication request, and sends the authentication parameters RAND and AUTN to the user card, and the user card is based on the KI saved by the user. The received AUTN performs consistency verification.
因此, 实际当中, 本步骤可以进一步是: UE接收到鉴权请求时, 将保 存的控制参数和接收的 RAND和 AUTN传送给用户卡,用户卡先根据自己 保存的 KI对接收的 AUTN进行一致性验证,也即先根据自己保存的 KI和 所述 RAND对 AUTN进行一致性验证, 若验证通过, 则执行步骤 205; 否 则, 执行步骤 204。 具体地说, 用户卡接收到来自 UE 的所述控制参数、 RAND和 AUTN时,根据自身保存的 KI、接收到的 RAND和接收到的 AUTN 中的 SQNHE以及 AMF采用与 HLR/AUC计算 AUTN中 MAC-A—致的算 法生成 MAC- A,然后对自身生成的 MAC-A与 AUTN中的 MAC-A进行比 较, 若相等则判断出对 AUTN的一致性验证通过, 否则, 判断出对 AUTN 的一致性验证不通过。  Therefore, in practice, the step may be further: when the UE receives the authentication request, the saved control parameter and the received RAND and AUTN are transmitted to the user card, and the user card first performs consistency on the received AUTN according to the KI saved by the user. Verification, that is, the AUTN is first verified according to the KI and the RAND saved by itself. If the verification is passed, step 205 is performed; otherwise, step 204 is performed. Specifically, when the user card receives the control parameters, RAND, and AUTN from the UE, the user calculates the MAC in the AUTN according to the KI stored by itself, the received RAND, and the SQNHE in the received AUTN, and the AMF adopts the HLR/AUC. The -A algorithm generates MAC-A, and then compares the MAC-A generated by itself with the MAC-A in the AUTN. If they are equal, it determines that the AUTN consistency verification is passed. Otherwise, it determines that the AUTN is consistent. Sexual verification failed.
步骤 204 中, 终端向网络返回"鉴权失败"的信息, 然后结束本次协商 鉴权密钥更新的流程。 实际当中, 可以是用户卡将"鉴权失败,,的信息返回 给 UE, UE向网络返回"鉴权失败"的信息。  In step 204, the terminal returns the information of "authentication failure" to the network, and then ends the process of updating the authentication key. In practice, the user card may return "information failure" to the UE, and the UE returns "authentication failure" information to the network.
步骤 205, 终端判断 SQNHE是否在可接受范围内, 如果是, 则判断出 对网络鉴权通过, 并执行步骤 207; 否则, 判断出同步失败, 并执行步骤 206。  Step 205: The terminal determines whether the SQNHE is within an acceptable range. If yes, it determines that the network authentication is passed, and performs step 207; otherwise, determines that the synchronization fails, and performs step 206.
实际当中, 可以是用户卡判断 SQNHE是否在可接受范围内, 如果是, 则判断出对网络鉴权通过, 则执行步驟 207; 否则, 判断出同步失败, 然 后执行步骤 206。 In practice, the user card may determine whether the SQNHE is within an acceptable range. If yes, if it is determined that the network authentication is passed, step 207 is performed; otherwise, the synchronization failure is determined. After step 206 is performed.
步骤 206 , 终端直接根据 SQNMS产生再同步标记 AUTS ,对网络发起 再同步请求命令, 并附上 AUTS。 然后执行步驟 208。 具体地说, 终端根据 自己的 KI、 SQNMS和接收到的 RAND以及 AMF等计算得到 MAC-S, 再根据 SQNMS、 AK和 MAC-S产生 AUTS , 然后对网络侧发起再同步请 求命令, 并附上该 AUTS。 也即, 向 MSC/VLR发送同步失败消息, 该同 步失败消息中包含了 AUTS。 实际当中, 本步驟可以进一步是用户卡直接 根据 SQNMS产生再同步标记 AUTS, 对网络发起再同步请求命令, 并附 上 AUTS。 然后执行步骤 208。 这里, 是 UE将用户卡的同步请求命令转发 给网络。  Step 206: The terminal directly generates a resynchronization flag AUTS according to the SQNMS, and initiates a resynchronization request command to the network, and attaches an AUTS. Then step 208 is performed. Specifically, the terminal calculates the MAC-S according to its own KI, SQNMS, and received RAND and AMF, and then generates an AUTS according to the SQNMS, AK, and MAC-S, and then initiates a resynchronization request command to the network side, and attaches The AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS. In practice, this step may further be that the user card directly generates a resynchronization flag AUTS according to the SQNMS, and initiates a resynchronization request command to the network, and attaches the AUTS. Then step 208 is performed. Here, the UE forwards the synchronization request command of the user card to the network.
步骤 207, 终端根据 SQ HE更新保存的 SQNMS, 根据 RAND和 KI 产生新的鉴权密钥 NewKI;终端根据所述控制参数,并用约定的特定值 125 代替 SQNMS来产生再同步标记 AUTS, 对网络发起再同步请求命令, 并 附上再同步标记 AUTS。 然后执行步骤 208。 具体地说, 终端用特定值 125 代替 SQNMS来根据自己保存的 KI、控制参数和接收到的 RAND以及 AMF 等计算得到 MAC- S, 再用 AK对特定值 125进行加密, 将密文和 MAC- S 组合来产生 AUTS。 终端向网络侧发送再同步请求命令并附上该 AUTS。 也即, 向 MSC/VLR发送同步失败消息 , 该同步失败消息中包含 AUTS。 实际当中, 本步骤可以进一步是用户卡根据 UE保存的所述控制参数, 并 用约定的特定值 125代替 SQNMS来产生再同步标记 AUTS, 对网絡发起 再同步请求命令, 并附上再同步标记 AUTS。 然后执行步驟 208。 这里, 是 UE将用户卡的同步请求命令转发给网络。  Step 207: The terminal updates the saved SQNMS according to the SQ HE, and generates a new authentication key NewKI according to the RAND and the KI. The terminal generates the resynchronization flag AUTS according to the control parameter and replaces the SQNMS with the specified specific value 125, and initiates the network. Resynchronize the request command with the resynchronization flag AUTS attached. Then step 208 is performed. Specifically, the terminal replaces the SQNMS with a specific value of 125 to calculate the MAC-S according to the KI, the control parameters, and the received RAND and AMF, and then encrypts the specific value 125 with the AK, and the ciphertext and the MAC- S combines to produce AUTS. The terminal sends a resynchronization request command to the network side and attaches the AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS. In practice, the step may further be that the user card generates the resynchronization flag AUTS according to the control parameter saved by the UE, and replaces the SQNMS with the specified specific value 125, and initiates a resynchronization request command to the network, and attaches a resynchronization flag AUTS. Then step 208 is performed. Here, the UE forwards the synchronization request command of the user card to the network.
由于 MAC-S由用户卡产生, 因此, 步骤 203 中, UE在将 RAND和 AUTN传送给用户卡时, 将所述控制参数一同传送给用户卡。 当然, 一个 可替换的方法是 UE应用户卡的相应请求将所述控制参数传送给用户卡。  Since the MAC-S is generated by the user card, in step 203, the UE transmits the control parameters to the user card together when transmitting the RAND and the AUTN to the user card. Of course, an alternative method is for the UE to transmit the control parameters to the user card in response to a corresponding request from the user card.
步骤 208, 网络侧的 MSC/VLR接收到终端发送的同步失败消息时,将 消息中的 AUTS和对应五元組中的 RAND—并发送给 HLR/AUC。 然后执 行步骤 209。  Step 208: When receiving the synchronization failure message sent by the terminal, the MSC/VLR on the network side sends the AUTS in the message and the RAND in the corresponding quintuple to the HLR/AUC. Then step 209 is performed.
实际当中, 网絡侧的 MSC/VLR接收到终端发送的同步失败消息时, 向 HLR/AUC请求新鉴权元组, 请求消息中包括接收自终端的 AUTS和对 应鉴权五元组中的 RAND。 In practice, when the MSC/VLR on the network side receives the synchronization failure message sent by the terminal, A new authentication tuple is requested from the HLR/AUC, and the request message includes the AUTS received from the terminal and the RAND in the corresponding authentication quintuple.
步骤 209, HLR/AUC判断 AUTS中的 SQNMS是否为约定的特定值 125。 如果为特定值 125则执行步骤 212; 如果不为特定值 125则执行步骤 210。  Step 209: The HLR/AUC determines whether the SQNMS in the AUTS is the agreed specific value 125. If it is a specific value 125, step 212 is performed; if it is not a specific value 125, step 210 is performed.
需要说明的是,如果 AUTS中 SQNMS根据 AK进行了加密, HLR/AUC 可以根据 RAND和 KI产生 AK来解密 SQNMS密文, 得到 SQNMS明文。  It should be noted that if the SQNMS in the AUTS is encrypted according to the AK, the HLR/AUC may generate an AK according to the RAND and the KI to decrypt the SQNMS ciphertext and obtain the SQNMS plaintext.
步骤 210, HLR/AUC接收到 MSC/VLR发送的 AUTS和 RAND时, 根据 KI对 AUTS进行一致性验证, 即, 根据 AMF、 保存的 KI、 接收到的 RAND和 AUTS中的 SQNMS等采用与终端根据 KI、 SQNMS、 RAND和 AMF产生 MAC- S—致的算法进行计算得到一个计算结果, 然后比较自己 计算得到的计算结果与接收到的 AUTS中的 MAC-S是否一致, 若一致, 则判断出通过对 AUTS的一致性验证, 然后执行步驟 211; 否则, 判断出 对 AUTS的一致性验证通不过, 然后执行步骤 214;  Step 210: When receiving the AUTS and RAND sent by the MSC/VLR, the HLR/AUC performs consistency verification on the AUTS according to the KI, that is, according to the AMF, the saved KI, the received RAND, and the SQNMS in the AUTS, etc. KI, SQNMS, RAND, and AMF generate a MAC-S-based algorithm to calculate a calculation result, and then compare whether the calculated calculation result is consistent with the MAC-S in the received AUTS. If they are consistent, the judgment is passed. For the consistency verification of the AUTS, then step 211; otherwise, it is determined that the consistency verification of the AUTS is not passed, and then step 214 is performed;
步骤 211 , HLR/AUC根据 SQNMS的值更新 SQNHE, 产生新鉴权元 组, 向 MSC/VLR发送同步处理结果消息, 消息中包括了新鉴权元组。  Step 211: The HLR/AUC updates the SQNHE according to the value of the SQNMS, generates a new authentication tuple, and sends a synchronization processing result message to the MSC/VLR, where the message includes a new authentication tuple.
步驟 212, HLR/AUC接收到 MSC/VLR发送的 AUTS和 RAND时, 根据 KI和控制参数对 AUTS进行一致性验证, 即,根据 AMF、保存的 KI、 控制参数、 接收到的 RAND和 AUTS中的 SQNMS等采用与终端根据 KI、 控制参数、 RAND, 所述特定值和 AMF产生 MAC-S—致的算法进行计算 得到一个计算结果, 然后比较自己计算得到的计算结果与接收到的 AUTS 中的 MAC-S是否一致, 若一致, 则判断出通过对 AUTS的一致性验证, 然后执行步骤 213; 否则, 判断出对 AUTS的一致性验证通不过, 然后执 行步骤 214;  Step 212: When receiving the AUTS and RAND sent by the MSC/VLR, the HLR/AUC performs consistency verification on the AUTS according to the KI and the control parameter, that is, according to the AMF, the saved KI, the control parameter, the received RAND, and the AUTS. The SQNMS and the like calculate a calculation result based on the algorithm that the terminal generates a MAC-S according to the KI, the control parameter, the RAND, the specific value, and the AMF, and then compares the calculated result with the MAC of the received AUTS. -S is consistent, if it is consistent, it is determined by the consistency verification of the AUTS, and then step 213; otherwise, it is determined that the consistency verification of the AUTS is not passed, and then step 214 is performed;
步骤 213 , HLR/AUC执行特定值 125对应的约定内容, 即执行鉴权密 钥更新动作, 也就是根据 RAND和 KI采用与终端产生新鉴权密钥一致的 算法进行计算,产生新的鉴权密钥 NewKI, 然后使用 NewKI产生新鉴权元 组, 向 MSC/VLR发送同步处理结果消息, 消息中包括新鉴权元组。  Step 213: The HLR/AUC executes the agreed content corresponding to the specific value 125, that is, performs an authentication key update action, that is, performs an algorithm according to an algorithm that is consistent with the terminal generating a new authentication key according to RAND and KI, and generates a new authentication. The key NewKI, then uses NewKI to generate a new authentication tuple, and sends a synchronization processing result message to the MSC/VLR, which includes the new authentication tuple.
步骤 214, 向 MSC/VLR发送同步处理结果消息, 消息中包括了非法同 步信息。 Step 214: Send a synchronization processing result message to the MSC/VLR, where the message includes an illegal Step information.
上述终端和 HLR/AUC在产生新的鉴权密钥后, 可以分别重新初始化 SQNMS和 SQNHE的值。 例如, 终端在步骤 207并不根据 SQNHE来更新 保存的 SQNMS, 而是将 SQNMS的值初始化为 0; 对应地, HLR/AUC在 步骤 213将 SQNHE的值初始化为一个小于 65536的随机值。这样, SQNHE 的变换部分可以保留的较短即可实现正常的鉴权。 因为,终端和 HLR/AUC 可以在 SQNHE尚没有遍历所有变化时, 就执行鉴权密钥更新, 这样, 一 样可以保证终端对于网络鉴权的合理性。  After the terminal and the HLR/AUC generate a new authentication key, the values of the SQNMS and the SQNHE may be re-initialized separately. For example, the terminal does not update the saved SQNMS according to SQNHE in step 207, but initializes the value of the SQNMS to 0; correspondingly, the HLR/AUC initializes the value of SQNHE to a random value less than 65536 in step 213. In this way, the conversion part of SQNHE can be kept short to achieve normal authentication. Because the terminal and the HLR/AUC can perform the authentication key update when the SQNHE has not traversed all the changes, the terminal can ensure the rationality of the network authentication.
基于密钥不断更新所带来的安全性增强, 以及每次密钥更新时对 SQNMS和 SQNHE的初始化, 可以知道, 实际需要的 SQNMS和 SQNHE 的长度可以比现有技术的规定的长度短。 例如, 原来规定 SQN (泛指 SQNMS > SQNHE ) 的长度为 6字节 48bit (位), 在本发明中, SQN可以 仅需要 5 字节 40bit, 为了保证鉴权认证以及密钥协商时算法不需要因为 SQN长度而改变, 可以将 5字节的 SQN扩展为 6字节, 扩展字节在 SQN 的高位, 这样, 在计算 MAC-A用扩展的 SQNHE; 在计算 MAC-S时使用 扩展的 SQNMS; 在根据 SQNMS 判断 SQNHE 的新颖性时, 也即根据 SQNMS判断 SQNHE是否在可以接受范围内时,仍然用没有扩展的 5字节 的 SQNMS来与没有扩展的 5字节的 SQNHE进行比较,以判断 SQNHE是 否被更新, 也即 SQNHE是否在可以接受范围内。 这里, 多出来的扩展字 节除了为兼容原来的算法运算而参与 MAC-A和 MAC-S的计算外,没有其 它意义。 这样, 本发明就可以进一步使用这个扩展字节来表达其它信息。  Based on the security enhancement caused by the constant update of the key and the initialization of the SQNMS and SQNHE each time the key is updated, it can be known that the length of the actually required SQNMS and SQNHE can be shorter than the length specified by the prior art. For example, the length of the original SQN (referred to as SQNMS > SQNHE) is 6 bytes and 48 bits (bits). In the present invention, the SQN can only require 5 bytes and 40 bits, so that the algorithm does not need to ensure authentication and key negotiation. Because the SQN length changes, the 5-byte SQN can be expanded to 6 bytes, the extended byte is at the upper level of the SQN, thus, the extended SQNHE for calculating the MAC-A; the extended SQNMS is used when calculating the MAC-S; When judging the novelty of SQNHE according to the SQNMS, that is, whether the SQNHE is within the acceptable range according to the SQNMS, the non-extended 5-byte SQNMS is still used to compare with the unexpanded 5-byte SQNHE to determine the SQNHE. Whether it is updated, that is, whether SQNHE is within acceptable limits. Here, the extra extended bytes have no other meaning except for participating in the calculation of MAC-A and MAC-S in order to be compatible with the original algorithm operation. Thus, the present invention can further use this extended byte to express other information.
本发明中, 进一步包括, 在利用特定值替代终端序列号 SQNMS来生 成再同步标记 AUTS时, 所述特定值是一个 6字节的数字, 其最高位字节 为一个特定值, 其它地位的 5个字节为任意值。 例如, 在上述步骤 207, 终端根据所述控制参数, 并用约定的特定值 125代替 SQNMS来产生再同 步标记 AUTS, 可以是采用这样的一个 6字节的特殊值来代替 SQNMS来 产生所述的 AUTS, 这个特殊值的最高位的一个字节被设置为 125或者其 它某一特定值例如 255, 而后面低位的 5个字节可以设置为任意值, 例如, 可以产生一个 6 字节的随机数, 将该随机数的最高位的一个字节设置为 125, 而后, 用这个改变了高位字节值的随机数作为所述替代 SQNMS来计 算所述 AUTS的特殊值。 相应的, 步骤 209, HLR/AUC判断 AUTS中的 SQNMS是否为约定的特定值 125时,实际上是判断 SQ MS的高位字节值 是否为 125, 而不再是判断整个 SQNMS的值是否为特定值 125。 显然, 这 样产生的特殊值具有更高的随机性, 因此, 也就具有更高的安全性。 In the present invention, the method further includes: when the re-synchronization flag AUTS is generated by using the specific value instead of the terminal sequence number SQNMS, the specific value is a 6-byte number, and the highest byte is a specific value, and the other status is 5 The bytes are arbitrary values. For example, in step 207 above, the terminal generates the resynchronization flag AUTS according to the control parameter and replaces the SQNMS with the specified specific value 125, and may use such a 6-byte special value instead of the SQNMS to generate the AUTS. , one byte of the highest bit of this special value is set to 125 or some other specific value such as 255, and the lower 5 bits of the special value can be set to an arbitrary value, for example, a 6-byte random number can be generated. Set one byte of the most significant bit of the random number to 125. Then, the random value of the high byte value is changed as the substitute SQNMS to calculate the special value of the AUTS. Correspondingly, in step 209, when the HLR/AUC determines whether the SQNMS in the AUTS is the specified specific value 125, it is actually determining whether the high byte value of the SQ MS is 125, and no longer determining whether the value of the entire SQNMS is specific. The value is 125. Obviously, the special values produced in this way are more random and therefore have higher security.
请参阅图 3 , 图 3所示为本发明具体实施方式的具体实施例二。 本实 施例是使用本发明的受控密钥更新方法进行鉴权密钥更新控制的流程, 在 本实施例中, 终端和 HLR/AUC协商对鉴权密钥进行有控制的更新, 控制 是通过在 HLR/AUC中对应用户的签约数据里设置用于控制鉴权密钥更新 的的控制参数来进行的, 相应的, 本实施例中, 还在终端的 UE里对应保 存所述控制参数。 本实施例还约定用最高位字节为 125的任意数表示所述 特定值, 并用该特定值表示需要更新鉴权密钥, 该特定值对应的约定内容, 也即.网络侧识别到 SQNMS的最高位字节为该 125时执行的内容为 "产生 新的鉴权密钥以便根据新的鉴权密钥进行鉴权"。 所述终端包括用户设备 UE和用户卡。  Please refer to FIG. 3, which is a specific embodiment 2 of a specific embodiment of the present invention. The embodiment is a process for performing the authentication key update control by using the controlled key update method of the present invention. In this embodiment, the terminal and the HLR/AUC negotiate a controlled update of the authentication key, and the control is passed. The control parameter for controlling the update of the authentication key is set in the subscription data of the corresponding user in the HLR/AUC. Correspondingly, in this embodiment, the control parameter is also saved in the UE of the terminal. The embodiment also stipulates that the specific value is represented by any number with the highest byte of 125, and uses the specific value to indicate that the authentication key needs to be updated, and the specific content corresponds to the agreed content, that is, the network side recognizes the SQNMS. The content of the highest byte being the 125 is "generate a new authentication key to authenticate against the new authentication key". The terminal includes a user equipment UE and a user card.
在需要更新鉴权密钥时, 执行如下流程:  When the authentication key needs to be updated, the following process is performed:
在步骤 301 , 终端向网络发起位置更新请求;  In step 301, the terminal initiates a location update request to the network.
本步骤也可以是向网络侧发起业务请求。 实际当中可以是终端发送的 任何可以引起网络侧对终端进行鉴权的消息。  This step may also be to initiate a service request to the network side. In practice, any message sent by the terminal that can cause the network side to authenticate the terminal may be used.
在步驟 302, 网络侧 MSC/VLR接收到所述请求后, 对终端进行鉴 权, 并通过对终端发送鉴权请求, 将对应该终端的当前鉴权五元组中的 鉴权参数 RAND和 AUTN发送给终端。  In step 302, after receiving the request, the network side MSC/VLR authenticates the terminal, and sends an authentication request to the terminal, and the authentication parameters RAND and AUTN in the current authentication quintuple of the terminal are corresponding. Send to the terminal.
具体地说, HLR/AUC根据随机数发生器产生 RAND, 根据 RAND 和 KI分别计算出 XRES、 CK、 IK。 根据 RAND、 SQNHE、 KI和 AMF 计算产生出 MAC-A,再根据 MAC-A、 SQNHE、 AK及 AMF产生 AUTN。 这里 , 当需要对 SQNHE进行加密时, HLR/AUC根据 RAND和 KI产生 AK, 使用 AK对 SQNHE作异或运算, 从而加密 SQNHE; 当不需要对 SQNHE进行加密时, AK = 0;  Specifically, the HLR/AUC generates RAND based on the random number generator, and calculates XRES, CK, and IK based on RAND and KI, respectively. MAC-A is generated based on RAND, SQNHE, KI, and AMF calculations, and AUTN is generated based on MAC-A, SQNHE, AK, and AMF. Here, when SQNHE needs to be encrypted, HLR/AUC generates AK according to RAND and KI, uses AK to XOR the SQNHE, and encrypts SQNHE; when it is not necessary to encrypt SQNHE, AK = 0;
然后 HLR/AUC将 RAND、 AUTN. XRES、 CK和 IK组成的五元組和 对应的 IMSI—起发送给 MSC/VLR。 HLR/AUC是在接收到 MSC/VLR的 请求鉴权五元组的请求后才将产生的鉴权元组发送给 MSC/VLR的。 Then HLR/AUC combines pent, AUTN. XRES, CK and IK into a quintuple and The corresponding IMSI is sent to the MSC/VLR. The HLR/AUC sends the generated authentication tuple to the MSC/VLR after receiving the request of the MSC/VLR for requesting the authentication quintuple.
鉴权时, MSC/VLR向终端发起鉴权请求, 并同时将五元组中的鉴权参 数 RAND和 AUTN发送给终端。  During authentication, the MSC/VLR initiates an authentication request to the terminal, and simultaneously transmits the authentication parameters RAND and AUTN in the quintuple to the terminal.
步骤 303 , 终端接收到鉴权请求时, 先根据自己保存的 KI对接收的 Step 303: When receiving the authentication request, the terminal first receives the KI according to the saved KI.
AUTN进行一致性验证,也即先根据自己保存的 KI和所述 RAND对 AUTN 进行一致性验证, 若验证通过, 则执行步骤 305; 否则, 执行步骤 304。 The AUTN performs the consistency verification, that is, the AUTN is first verified according to the saved KI and the RAND. If the verification is successful, step 305 is performed; otherwise, step 304 is performed.
具体地说, 终端接收到来自 MSC/VLR的 RAND和 AUTN时, 根据自 身保存的 KI、 接收到的 RAND和接收到的 AUTN中的 SQNHE以及 AMF 采用与 HLR/AUC计算 AUTN中 MAC- A—致的算法生成 MAC-A,然后终 端对自身生成的 MAC-A与 AUTN中的 MAC-A进行比较, 若相等则判断 出对 AUTN的一致性验证通过, 否则, 判断出对 AUTN的一致性验证不通 过。  Specifically, when the terminal receives the RAND and AUTN from the MSC/VLR, it calculates the MAC-A in the AUTN according to the KI stored by itself, the received RAND, and the SQNHE in the received AUTN and the AMF. The algorithm generates MAC-A, and then the terminal compares the MAC-A generated by itself with the MAC-A in the AUTN. If they are equal, it determines that the AUTN consistency verification is passed. Otherwise, it determines that the AUTN consistency verification is not by.
需要说明的是, 由于终端 MS包括用户设备 UE和用户卡, 实际当中, 是 UE接收所述鉴权请求, 并将鉴权参数 RAND和 AUTN发送给用户卡, 用户卡根据自己保存的 KI来对接收到的 AUTN进行一致性验证。  It should be noted that, since the terminal MS includes the user equipment UE and the user card, in actuality, the UE receives the authentication request, and sends the authentication parameters RAND and AUTN to the user card, and the user card performs the KI according to the KI saved by itself. The received AUTN performs consistency verification.
因此, 实际当中, 本步骤可以进一步是: UE接收到鉴权请求时, 将保 存的控制参数和接收的 RAND和 AUTN传送给用户卡,用户卡先根据自己 保存的 KI对接收的 AUTN进行一致性验证, 也即先根据自己保存的 KI和 所述 RAND对 AUTN进行一致性验证, 若验证通过, 则执行步骤 305, 否 贝1 执行步骤 304。 具体地说, 用户卡接收到来自 UE的所述控制参数、 RAND和 AUTN时,根据自身保存的 KI、接收到的 RAND和接收到的 AUTN 中的 SQNHE以及 AMF采用与 HLR/AUC计算 AUTN中 MAC- A—致的算 法生成 MAC- A,然后对自身生成的 MAC-A与 AUTN中的 MAC- A进行比 较, 若相等则判断出对 AUTN的一致性验证通过, 否则, 判断出对 AUTN 的一致性验证不通过。 Therefore, in practice, the step may be further: when the UE receives the authentication request, the saved control parameter and the received RAND and AUTN are transmitted to the user card, and the user card first performs consistency on the received AUTN according to the KI saved by the user. Verification, that is, the AUTN is first verified according to the KI and the RAND saved by itself. If the verification is passed, step 305 is performed, and step 1 is performed. Specifically, when receiving the control parameters, RAND, and AUTN from the UE, the user card calculates the MAC in the AUTN according to the KI stored by itself, the received RAND, and the SQNHE in the received AUTN, and the AMF adopts the HLR/AUC. - A-based algorithm generates MAC-A, and then compares the MAC-A generated by itself with the MAC-A in AUTN. If they are equal, it determines that the consistency verification of AUTN is passed. Otherwise, it determines that the AUTN is consistent. Sexual verification failed.
步驟 304 中, 终端向网络返回"鉴权失败,,的信息, 然后结束本次协商 鉴权密钥更新的流程。 实际当中, 可以是用户卡将"鉴权失败"的信息返回 给 UE, UE向网络返回"鉴权失败"的信息。 步驟 305 , 终端判断 SQNHE是否在可接受范围内, 如果是, 则判断出 对网絡鉴权通过, 并执行步骤 307; 否则, 判断出同步失败, 并执行步骤 306。 In step 304, the terminal returns the information of the authentication failure to the network, and then ends the process of updating the negotiation authentication key. In practice, the user card may return the information of the authentication failure to the UE, the UE. Return the information of "authentication failure" to the network. Step 305: The terminal determines whether the SQNHE is within an acceptable range. If yes, it determines that the network authentication is passed, and performs step 307; otherwise, determines that the synchronization fails, and performs step 306.
实际当中, 可以是用户卡判断 SQNHE是否在可接受范围内, 如果是, 则判断出对网络鉴权通过, 然后执行步骤 307; 否则, 判断出同步失败, 然后执行步骤 306。  In practice, the user card may determine whether the SQNHE is within an acceptable range. If yes, it is determined that the network authentication is passed, and then step 307 is performed; otherwise, the synchronization is determined to be failed, and then step 306 is performed.
步骤 306, 终端直接根据 SQNMS产生再同步标记 AUTS,对网络发起 再同步请求命令, 并附上 AUTS。 然后执行步骤 308。 具体地说, 终端根据 自己的 KI、 SQNMS和接收到的 RAND以及 AMF等计算得到 MAC- S, 再根据 SQNMS、 AK和 MAC-S产生 AUTS, 然后对网络侧发起再同步请 求命令, 并附上该 AUTS。 也即, 向 MSC/VLR发送同步失败消息, 该同 步失败消息中包含了 AUTS。 实际当中, 本步骤可以进一步是用户卡直接 根据 SQNMS产生再同步标记 AUTS , 对网络发起再同步请求命令, 并附 上 AUTS。 然后执行步骤 308。 这里, 是 UE将用户卡的同步请求命令转发 给网络。  Step 306: The terminal directly generates a resynchronization flag AUTS according to the SQNMS, and initiates a resynchronization request command to the network, and attaches an AUTS. Then step 308 is performed. Specifically, the terminal calculates the MAC-S according to its own KI, SQNMS, and received RAND and AMF, and then generates an AUTS according to the SQNMS, AK, and MAC-S, and then initiates a resynchronization request command to the network side, and attaches The AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS. In practice, this step may further be that the user card directly generates a resynchronization flag AUTS according to the SQNMS, and initiates a resynchronization request command to the network, and attaches the AUTS. Then step 308 is performed. Here, the UE forwards the synchronization request command of the user card to the network.
步骤 307, 终端将 SQNMS的值初始化, 例如设置为 0, 根据 RAND 和 KI产生新的鉴权密钥 NewKI; 终端产生一个任意数字, 例如产生一个 随机数, 将该任意数字的最高位字节设置为 125 , 并将该最高位字节设置 为 125的任意数作为一个特定值; 而后, 终端根据所述控制参数, 并用产 生的最高位字节为 125的特定值代替 SQNMS来产生再同步标记 AUTS, 对网络发起再同步请求命令,并附上再同步标记 AUTS。然后执行步骤 308。  Step 307, the terminal initializes the value of the SQNMS, for example, set to 0, and generates a new authentication key NewKI according to RAND and KI; the terminal generates an arbitrary number, for example, generates a random number, and sets the highest byte of the arbitrary digit. Is 125, and sets the most significant byte to any number of 125 as a specific value; then, the terminal generates a resynchronization flag AUTS according to the control parameter and replaces the SQNMS with a specific value of the highest byte of 125 generated. , initiate a resynchronization request command to the network, and attach a resynchronization flag AUTS. Then step 308 is performed.
具体地说, 终端用产生的特定值代替 SQNMS来根据自己保存的 KI、 控制参数和接收到的 RAND以及 AMF等计算得到 MAC- S, 再用 AK对特 定值进行加密, 将密文和 MAC-S組合来产生 AUTS。 终端向网络侧发送再 同步请求命令并附上该 AUTS。 也即, 向 MSC/VLR发送同步失败消息, 该同步失败消息中包含了 AUTS。 实际当中, 本步骤可以进一步是用户卡 根据 UE保存的所述控制参数, 并用产生的特定值代替 SQNMS来产生再 同步标记 AUTS, 对网络发起再同步请求命令, 并附上再同步标记 AUTS。 然后执行步骤 308。 这里, 是 UE将用户卡的同步请求命令转发给网络。 由于 MAC- S由用户卡产生, 因此, 步骤 303 中, UE在将 RAND和 AUTN传送给用户卡时, 将所述控制参数一同传送给用户卡。 Specifically, the terminal replaces the SQNMS with a specific value generated by the terminal to calculate the MAC-S according to the KI, the control parameters, and the received RAND and AMF, and then encrypts the specific value with the AK, and the ciphertext and the MAC- S combines to produce AUTS. The terminal sends a resynchronization request command to the network side and attaches the AUTS. That is, a synchronization failure message is sent to the MSC/VLR, and the synchronization failure message includes AUTS. In practice, the step may further be that the user card generates the resynchronization flag AUTS according to the control parameter saved by the UE, and replaces the SQNMS with the generated specific value, and initiates a resynchronization request command to the network, and attaches a resynchronization flag AUTS. Then step 308 is performed. Here, the UE forwards the synchronization request command of the user card to the network. Since the MAC-S is generated by the user card, in step 303, the UE transmits the control parameters to the user card together when transmitting the RAND and the AUTN to the user card.
步骤 308 , 网络侧的 MSC/VLR接收到终端发送的同步失败消息时,将 消息中的 AUTS和对应五元组中的 RAND—并发送给 HLR/AUC。 然后执 行步骤 309。  Step 308: When receiving the synchronization failure message sent by the terminal, the MSC/VLR on the network side sends the AUTS in the message and the RAND in the corresponding quintuple to the HLR/AUC. Then step 309 is performed.
实际当中, 网絡侧的 MSC/VLR接收到终端发送的同步失败消息时, 向 HLR/AUC请求新鉴权元组, 请求消息中包括接收自终端的 AUTS和对 应鉴权五元组中的 RAND。  In actuality, when receiving the synchronization failure message sent by the terminal, the MSC/VLR on the network side requests a new authentication tuple from the HLR/AUC, and the request message includes the AUTS received from the terminal and the RAND in the corresponding authentication quintuple.
步骤 309, HLR/AUC判断 AUTS中的 SQNMS最高位的一个字节是否 为 125。 如果为 125则执行步骤 312; 如果不为 125则执行步骤 310。  Step 309, the HLR/AUC determines whether one byte of the highest bit of the SQNMS in the AUTS is 125. If it is 125, step 312 is performed; if it is not 125, step 310 is performed.
需要说明的是, 如果 AUTS中 SQNMS根据 AK进行加密, HLR/AUC 可以根据 RAND和 KI产生 AK来解密 SQNMS密文, 得到 SQNMS明文。  It should be noted that if the SQNMS in the AUTS is encrypted according to the AK, the HLR/AUC may generate an AK according to the RAND and the KI to decrypt the SQNMS ciphertext and obtain the SQNMS plaintext.
步骤 310, HLR/AUC接收到 MSC/VLR发送的 AUTS和 RAND时, 根据 KI对 AUTS进行一致性验证, 即, 根据 AMF、 保存的 KI、 接收到的 RAND和 AUTS中的 SQNMS等釆用与终端根据 KI、 SQNMS、 RAND和 AMF产生 MAC- S—致的算法进行计算得到一个计算结果, 然后比较自己 计算得到的计算结果与接收到的 AUTS中的 MAC-S是否一致, 若一致, 则判断出通过对 AUTS的一致性验证, 然后执行步骤 311; 否则, 判断出 对 AUTS的一致性验证通不过, 然后执行步骤 314;  Step 310: When receiving the AUTS and RAND sent by the MSC/VLR, the HLR/AUC performs consistency verification on the AUTS according to the KI, that is, the terminal and the terminal according to the AMF, the saved KI, the received RAND, and the SQNMS in the AUTS. According to KI, SQNMS, RAND and AMF, a MAC-S-generated algorithm is used to calculate a calculation result, and then the self-calculated calculation result is compared with the MAC-S in the received AUTS. If they are consistent, it is determined. After the consistency verification of the AUTS, then step 311 is performed; otherwise, it is determined that the consistency verification of the AUTS is not passed, and then step 314 is performed;
步骤 311 , HLR/AUC根据 SQNMS的值更新 SQNHE, 产生新鉴权元 组, 向 MSC/VLR发送同步处理结果消息, 消息中包括了新鉴权元组。 然 后执行步驟 314。  Step 311: The HLR/AUC updates the SQNHE according to the value of the SQNMS, generates a new authentication tuple, and sends a synchronization processing result message to the MSC/VLR, where the message includes a new authentication tuple. Then perform step 314.
步骤 312, HLR/AUC接收到 MSC/VLR发送的 AUTS和 RAND时, 根据 KI和控制参数对 AUTS进行一致性验证, 即,根据 AMF、保存的 KI、 控制参数、 接收到的 RAND和 AUTS中的 SQNMS等采用与终端根据 KI、 控制参数、 RAND、 所述特定值和 AMF产生 MAC-S—致的算法进行计算 得到一个计算结果, 然后比较自己计算得到的计算结果与接收到的 AUTS 中的 MAC-S是否一致, 若一致, 则判断出通过对 AUTS的一致性验证, 然后执行步骤 313; 否则, 判断出对 AUTS的一致性验证通不过, 然后执 行步骤 314; Step 312: When receiving the AUTS and RAND sent by the MSC/VLR, the HLR/AUC performs consistency verification on the AUTS according to the KI and the control parameter, that is, according to the AMF, the saved KI, the control parameter, the received RAND, and the AUTS. The SQNMS calculates a calculation result based on the algorithm that the terminal generates a MAC-S based on the KI, the control parameter, the RAND, the specific value, and the AMF, and then compares the calculated result with the MAC in the received AUTS. -S is consistent, if it is consistent, it is judged to pass the consistency verification of AUTS, and then step 313 is performed; otherwise, it is judged that the consistency verification of AUTS is passed, and then Step 314;
步骤 313 , HLR/AUC执行 SQNMS的最高位的一个字节为 125时对应 的约定内容, 即执行鉴权密钥更新动作, 也就是根据 RAND和 KI采用与 终端产生新鉴权密钥一致的算法进行计算, 产生新的鉴权密钥 NewKI, 然 后将 SQNHE的值初始化, 例如设置为一个小于 65536的任意值, 并使用 NewKI产生新鉴权元组, 向 MSC/VLR发送同步处理结果消息, 消息中包 括新鉴权元組。  Step 313: The HLR/AUC performs the corresponding agreement content when the highest byte of the SQNMS is 125, that is, performs an authentication key update action, that is, an algorithm that is consistent with the terminal to generate a new authentication key according to the RAND and the KI. Perform calculation, generate a new authentication key NewKI, and then initialize the value of SQNHE, for example, set to an arbitrary value less than 65536, and use NewKI to generate a new authentication tuple, and send a synchronization processing result message to the MSC/VLR, message Includes new authentication tuples.
步骤 314, 向 MSC/VLR发送同步处理结果消息, 消息中包括了非法同 步信息。  Step 314: Send a synchronization processing result message to the MSC/VLR, where the message includes illegal synchronization information.
可见, 本发明中所述特定值, 可以是一个指定的数值如长度为 6字节 或 48bit的值为 125的数值, 或者是一个最高位字节为 125的长度为 48bit 的任意数值, 或者某个指定字节或某些指定的位为指定值的长度为 48bit 的任意数值。  It can be seen that the specific value in the present invention may be a specified value, such as a value of 125 bytes in length or 48 bits, or an arbitrary value of 48 bits in length of 125, or a certain value. Any specified number of bytes or some specified bit is a specified value with a length of 48 bits.
上述 MSC/VLR为电路域设备,对于分组域的网络, 对应的 MSC/VLR 设备为 SGSN, 因此本发明可以等同应用于分组域。  The above MSC/VLR is a circuit domain device. For a packet domain network, the corresponding MSC/VLR device is an SGSN, so the present invention can be equally applied to a packet domain.
上述各个具体实施方式或实施例中, 终端和 HLR/AUC产生新鉴权密 钥可以是使用成熟的摘要算法, 相应摘要算法可以参见 《应用密码学》一 书或相关的算法论文或报告; 当然, 产生新密钥时, 也可以使用 3GPP协 议中提到的由随机数 RAND和鉴权密钥 KI产生加密密钥 CK或完整性密 钥 IK的算法来进行。  In each of the foregoing specific implementations or embodiments, the terminal and the HLR/AUC generate a new authentication key, which may be a mature digest algorithm. For the corresponding digest algorithm, refer to the book Applied Cryptography or related algorithm papers or reports; When a new key is generated, it may also be performed using an algorithm for generating an encryption key CK or an integrity key IK by the random number RAND and the authentication key KI mentioned in the 3GPP protocol.
上述各个具体实施方式或实施例中, 终端对于 AUTN—致性验证, 对 于 SQNHE是否属于可接受范围的判断, HLR/AUC对于 AUTS合法性的验 证, 以及 HLR/AUC产生鉴权元组时, 对于 SQNHE的更新; 产生鉴权元 组的算法, 以及正常情况下的同步处理流程中产生 AUTS的算法, 等等, 可以参见 3GPP相关协议, 由于是公知技术, 这里不再赘述。  In each of the foregoing specific embodiments or embodiments, the terminal determines whether the SQNHE is in an acceptable range for the AUTN-conformity verification, the HLR/AUC verifies the validity of the AUTS, and the HLR/AUC generates the authentication tuple. The update of the SQNHE; the algorithm for generating the authentication tuple, and the algorithm for generating the AUTS in the synchronous processing flow under normal conditions, etc., can be referred to the 3GPP related protocol, and is not described here because it is a well-known technology.
对于本发明中需要控制协商鉴权密钥更新时在产生 AUTS时, 终端又 额外根据了所述控制参数来产生 MAC-S时, 终端可以先用控制参数和 KI 进行摘要计算, 得到一个计算结果 Resultl , 再用 Resultl和所述特定值进 行摘要计算, 得到一个计算结果 Result2, 再用 Result2和所述 RAND进行 摘要计算, 得到一个计算结果 Result3, 再用 Result3和所述 AMF进行摘要 计算,并将得到的计算结果作为 MAC-S。相应的, HLR/AUC在判断 AUTS 一致性时, 根据 AMF、 保存的 KI、 设置的控制参数、 接收到的 RAND和 AUTS 中的 SQNMS等进行计算得到一个计算结果的计算过程与使用的算 法和终端产生 MAC-S的过程与使用的算法一致。 当然, 这里产生 MAC- S 的过程和采用的摘要算法, 可以根据实际情况而定, 关于具体产生 AUTS 过程, 以及产生时使用的算法还可以参照 3GPP相关规范, 在此不再赘述。 When the AUTS is generated in the present invention, when the AUTS is generated, the terminal additionally generates the MAC-S according to the control parameter, and the terminal may first perform the digest calculation with the control parameter and the KI to obtain a calculation result. Resultl, and then use Resultl and the specific value for the digest calculation to obtain a calculation result Result2, and then use Result2 and the RAND to perform The calculation is performed to obtain a calculation result Result3, and then the summary calculation is performed by Result3 and the AMF, and the obtained calculation result is taken as MAC-S. Correspondingly, when determining the AUTS consistency, the HLR/AUC calculates the calculation process and the used algorithm and terminal according to the AMF, the saved KI, the set control parameters, the received RAND, and the SQNMS in the AUTS. The process of generating MAC-S is consistent with the algorithm used. Of course, the process of generating the MAC-S and the digest algorithm used may be determined according to the actual situation. For the specific AUTS process, and the algorithm used in the generation, the 3GPP related specifications may also be referred to, and details are not described herein.
本发明用于控制密钥更新的所述控制参数可以是一个密码, 例如是一 个类似于用户卡 PIN码的密码, 例如, 可以是网络侧设置的用于用户更改 业务的用户 PIN码 SPIN;也可以一个终端的身份标识,例如是终端的 IMEI; 当然, 也可以用户自定义的一个任意值, 例如, 用户的别名, 用户的头像 信息, 或者是用户的头像数据的摘要信息, 等等。  The control parameter used to control the key update of the present invention may be a password, for example, a password similar to the user card PIN code, for example, may be a user PIN code SPIN set by the network side for the user to change the service; The identifier of a terminal, for example, the IMEI of the terminal; of course, an arbitrary value customized by the user, for example, the alias of the user, the avatar information of the user, or the summary information of the avatar data of the user, and the like.
本发明的一个实施例中, 实现受控的密钥更新的装置包括:  In an embodiment of the invention, the apparatus for implementing controlled key update includes:
控制参数存储单元, 用于存储控制鉴权密钥更新的控制参数; 特定值存储单元, 用于存储替代终端序列号来生成再同步标记的特定 值;  a control parameter storage unit, configured to store a control parameter for controlling the update of the authentication key; a specific value storage unit, configured to store the substitute terminal serial number to generate a specific value of the resynchronization flag;
再同步标记生成单元, 用于根据终端的鉴权密钥、 接收的随机数、 控 制参数存储单元保存的或用户输入的控制参数、 特定值存储单元保存的特 定值替代终端序列号生成再同步标记。  a resynchronization flag generating unit, configured to generate a resynchronization flag according to the terminal's authentication key, the received random number, the control parameter storage unit or the user input control parameter, and the specific value saved by the specific value storage unit, replacing the terminal serial number .
所述装置位于终端内; 所述终端包括用户设备和用户卡; 所述特定值 存储单元和再同步标记生成单元位于用户卡内; 所述控制参数存储单元位 于用户设备或用户卡内。  The device is located in the terminal; the terminal includes a user equipment and a user card; the specific value storage unit and the resynchronization flag generating unit are located in the user card; and the control parameter storage unit is located in the user equipment or the user card.
本发明的另一个实施例中, 实现受控的密钥更新的装置包括: 控制参数保存单元, 用于保存控制鉴权密钥更新的控制参数; 特定值判别单元, 用于在收到再同步请求命令时, 判断终端序列号是 否为特定值;  In another embodiment of the present invention, the apparatus for implementing controlled key update includes: a control parameter holding unit, configured to save a control parameter for controlling an authentication key update; and a specific value discriminating unit, configured to receive resynchronization When requesting a command, determine whether the terminal serial number is a specific value;
再同步标记验证单元, 用于根据所述控制参数保存单元保存的控制参 数验证所述收到的再同步请求命令所附的再同步标记的一致性; 鉴权密钥更新单元, 用于在所述特定值的判断结果为是, 且所述再同 步标记验证单元验证通过时实现鉴权密钥的更新。 a resynchronization flag verification unit, configured to verify consistency of the resynchronization flag attached to the received resynchronization request command according to the control parameter saved by the control parameter saving unit; The authentication key update unit is configured to implement the update of the authentication key when the determination result of the specific value is YES, and the resynchronization mark verification unit verifies the pass.
所述装置位于网络侧的归属位置寄存器 /鉴权中心内。  The device is located in the home location register/authentication center on the network side.
需要说明的是, 所述的各个单元可以是单独的实体, 也可以根据实际 情况和需求进行组合, 此不赘述。  It should be noted that each unit may be a separate entity, and may be combined according to actual conditions and requirements, and details are not described herein.
可以理解, 以上所述仅为本发明的较佳实施例, 并不用以限制本发明, 凡在本发明的精神和原则之内所作的任何修改、 等同替换、 改进等, 均应 包含在本发明的保护范围之内。  It is understood that the above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principles of the present invention are included in the present invention. Within the scope of protection.

Claims

权 利 要 求 Rights request
1. 一种受控的密钥更新方法, 其特征在于, 在网络侧预设用于控制鉴 权密钥更新的控制参数; 所述方法包括:  A control key update method, wherein a control parameter for controlling an authentication key update is preset on a network side; the method includes:
终端对网络侧一致性验证通过后, 根据终端的鉴权密钥、 接收的随机 数、 终端保存的或用户输入的控制参数并用特定值替代终端序列号来生成 再同步标记, 向网絡侧发送再同步请求命令, 附上所述再同步标记; 网络侧接收到所述再同步请求命令, 在终端序列号为特定值时, 根据 预设的所述控制参数、 随机数、 网络侧的鉴权密钥对所述再同步标记进行 一致性验证; 在通过验证时执行密钥更新。  After the terminal passes the network side consistency verification, the resynchronization flag is generated according to the authentication key of the terminal, the received random number, the control parameter saved by the terminal or the user input, and the terminal serial number is replaced by a specific value, and sent to the network side. a synchronization request command, the resynchronization flag is attached; the network side receives the resynchronization request command, and when the terminal serial number is a specific value, according to the preset control parameter, the random number, and the network side authentication secret The key performs consistency verification on the resynchronization flag; performs key update when passing verification.
2. 根据权利要求 1所述的方法, 其特征在于: 所述终端对网络侧一致 性验证通过和生成再同步标记之间还包括: 终端根据终端序列号判断网络 侧的序列号在可接受的范围内。  The method according to claim 1, wherein: the determining, by the terminal, the network side consistency verification and the generating the resynchronization flag further comprises: determining, by the terminal, the serial number of the network side according to the terminal serial number is acceptable Within the scope.
3. 根据权利要求 2所述的方法, 其特征在于: 所述终端对网络侧一致 性验证通过后, 还包括: 终端才 据终端序列号判断网络侧的序列号不在可 接受的范围内, 根据终端序列号、 自身的鉴权密钥、 接收的随机数来生成 再同步标记, 向网络侧发送再同步请求命令, 附上所述再同步标记。  The method according to claim 2, wherein: after the terminal passes the network side consistency verification, the method further comprises: determining, by the terminal, the serial number of the network side according to the terminal serial number is not within an acceptable range, according to The terminal serial number, its own authentication key, and the received random number are used to generate a resynchronization flag, and a resynchronization request command is sent to the network side, and the resynchronization flag is attached.
4. 根据权利要求 3所述的方法, 其特征在于: 还包括: 在终端序列号 不是特定值时, 所述网络侧根据随机数、 网络侧的鉴权密钥对所述再同步 标记进行一致性验证, 在通过验证时执行同步处理。  The method according to claim 3, further comprising: when the terminal serial number is not a specific value, the network side performs the resynchronization flag according to the random number and the network side authentication key. Sexual verification, performing synchronization processing when passing verification.
5. 根据权利要求 4所述的方法, 其特征在于: 在对所述再同步标记进 行一致性-臉证不通过时, 所述网络侧的归属位置寄存器 /鉴权中心向移动交 换中心 /拜访位置寄存器发送同步处理结果消息, 消息中包括非法同步信 息。  The method according to claim 4, wherein: when the consistency-face certificate fails to pass the resynchronization flag, the home location register/authentication center of the network side moves to the mobile switching center/visiting The location register sends a synchronization processing result message, and the message includes illegal synchronization information.
6. 根据权利要求 1所述的方法, 其特征在于: 所述对网络侧进行一致 性验证是指根据终端保存的鉴权密钥和网络侧发送的随机数对网络侧发送 的鉴权标记进行一致性验证。  The method according to claim 1, wherein the performing the consistency verification on the network side refers to performing the authentication mark sent by the network side according to the authentication key saved by the terminal and the random number sent by the network side. Consistency verification.
7. 根据权利要求 1所述的方法, 其特征在于: 还包括: 终端对网络侧 的一致性-险证未通过时, 向网络侧发送鉴权失败信息。  The method according to claim 1, further comprising: transmitting, by the terminal to the network side, the authentication failure information to the network side when the risk certificate fails.
8. 根据权利要求 1所述的方法, 其特征在于: 所述终端包括用户设备 和用户卡。 8. The method according to claim 1, wherein: the terminal comprises a user equipment And user card.
9. 根据权利要求 8所述的方法, 其特征在于: 所述终端预设的控制参 数是指设置于用户设备中的控制参数或者设置于用户卡中的控制参数。  9. The method according to claim 8, wherein: the control parameter preset by the terminal refers to a control parameter set in the user equipment or a control parameter set in the user card.
10. 根据权利要求 1所述的方法, 其特征在于: 所述控制参数是密码, 或终端的身份标识, 或用户自定义的任意值。  10. The method according to claim 1, wherein: the control parameter is a password, or an identity of the terminal, or any value customized by the user.
11. 根据权利要求 1所述的方法, 其特征在于: 还包括: 终端和网络 侧在产生新的鉴权密钥后, 分别重新初始化终端保存的序列号和网络侧保 存的序列号的值。  The method according to claim 1, further comprising: after the terminal and the network side generate a new authentication key, respectively re-initializing the serial number saved by the terminal and the value of the serial number saved by the network side.
12. 根据权利要求 1所述的方法, 其特征在于: 所述特定值是一个指 定的数值, 或者是一个最高位字节或者某个指定字节或某些指定的位为指 定值的任意数值。  12. The method according to claim 1, wherein: the specific value is a specified value, or a highest byte or any specified byte or some specified bit is a specified value. .
13. 一种实现受控的密钥更新的装置, 其特征在于, 包括:  13. An apparatus for implementing controlled key update, comprising:
控制参数存储单元, 用于存储控制鉴权密钥更新的控制参数; 值;  a control parameter storage unit, configured to store a control parameter for controlling an update of the authentication key;
再同步标记生成单元, 用于根据终端的鉴权密钥、 接收的随机数、 所 述控制参数存储单元保存的或用户输入的控制参数、 所述特定值存储单元 存储的特定值来生成再同步标记。  a resynchronization flag generating unit, configured to generate resynchronization according to the authentication key of the terminal, the received random number, the control parameter saved by the control parameter storage unit or the user input, and the specific value stored by the specific value storage unit mark.
14.根据权利要求 13所述的装置,其特征在于,所述装置位于终端内; 所述终端包括用户设备和用户卡; 所述特定值存储单元和再同步标记生成 单元位于用户卡内; 所述控制参数存储单元位于用户设备或用户卡内。  The device according to claim 13, wherein the device is located in a terminal; the terminal comprises a user equipment and a user card; and the specific value storage unit and the resynchronization flag generating unit are located in the user card; The control parameter storage unit is located in the user equipment or the user card.
15. 一种实现受控的密钥更新的装置, 其特征在于, 包括:  15. An apparatus for implementing controlled key update, comprising:
控制参数保存单元, 用于保存控制鉴权密钥更新的控制参数; 特定值判别单元, 用于在收到再同步请求命令时, 判断终端序列号是 否为特定值;  a control parameter saving unit, configured to save a control parameter for controlling the update of the authentication key; and a specific value determining unit, configured to determine, when the resynchronization request command is received, whether the terminal serial number is a specific value;
再同步标记验证单元, 用于根据所述控制参数保存单元保存的控制参 数脸证所述收到的再同步请求命令所附的再同步标记的一致性;  a resynchronization flag verification unit, configured to: according to the control parameter saved by the control parameter holding unit, the consistency of the resynchronization flag attached to the received resynchronization request command;
鉴权密钥更新单元, 用于在所述特定值的判断结果为是, 且所述再同 步标记验证单元验证通过时实现鉴权密钥的更新。 An authentication key update unit, configured to determine that the specific value is YES, and the same The step mark verification unit verifies the update of the authentication key when it passes.
16. 根据权利要求 15所述的装置, 其特征在于, 所述装置位于网络侧 的归属位置寄存器 /鉴权中心内。  16. The apparatus according to claim 15, wherein the apparatus is located in a home location register/authentication center on the network side.
PCT/CN2006/002475 2005-10-10 2006-09-21 An updating method of controlled secret keys and the apparatus thereof WO2007041933A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200680012300.5A CN101160780B (en) 2005-10-10 2006-09-21 Controlled cipher key updating method and apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200510100290.8A CN100479569C (en) 2005-10-10 2005-10-10 Controlled key updating method
CN200510100290.8 2005-10-10

Publications (1)

Publication Number Publication Date
WO2007041933A1 true WO2007041933A1 (en) 2007-04-19

Family

ID=37298584

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/002475 WO2007041933A1 (en) 2005-10-10 2006-09-21 An updating method of controlled secret keys and the apparatus thereof

Country Status (2)

Country Link
CN (2) CN100479569C (en)
WO (1) WO2007041933A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100461938C (en) * 2005-08-08 2009-02-11 华为技术有限公司 Updating method of controlled secret key
CN100479569C (en) * 2005-10-10 2009-04-15 华为技术有限公司 Controlled key updating method
CN107222306A (en) * 2017-01-22 2017-09-29 天地融科技股份有限公司 A kind of key updating method, apparatus and system
CN109802827B (en) * 2018-12-19 2022-02-01 中国长城科技集团股份有限公司 Key updating method and key updating system
CN111292089A (en) * 2020-02-12 2020-06-16 北京智慧云测科技有限公司 PSAM card protection management method and PSAM card
US20220103354A1 (en) * 2020-09-25 2022-03-31 Renesas Electronics Corporation Secure encryption key generation and management in open and secure processor environments
CN112235799B (en) * 2020-10-14 2021-11-16 中国电力科学研究院有限公司 Network access authentication method and system for terminal equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001078306A1 (en) * 2000-04-06 2001-10-18 Nokia Corporation Method and system for generating a sequence number to be used for authentication
CN1835623A (en) * 2005-08-08 2006-09-20 华为技术有限公司 Updating method of controlled secret key
CN1859734A (en) * 2005-10-10 2006-11-08 华为技术有限公司 Controlled key updating method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1457173A (en) * 2002-05-08 2003-11-19 英华达股份有限公司 Updating network encrypted pins method
CN100525182C (en) * 2004-03-11 2009-08-05 西安西电捷通无线网络通信有限公司 Authentication and encryption method for wireless network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001078306A1 (en) * 2000-04-06 2001-10-18 Nokia Corporation Method and system for generating a sequence number to be used for authentication
CN1835623A (en) * 2005-08-08 2006-09-20 华为技术有限公司 Updating method of controlled secret key
CN1859734A (en) * 2005-10-10 2006-11-08 华为技术有限公司 Controlled key updating method

Also Published As

Publication number Publication date
CN101160780B (en) 2010-05-19
CN1859734A (en) 2006-11-08
CN101160780A (en) 2008-04-09
CN100479569C (en) 2009-04-15

Similar Documents

Publication Publication Date Title
EP3493502B1 (en) Supplying an iot-device with an authentication key
US20200287720A1 (en) Devices and methods for client device authentication
JP6732095B2 (en) Unified authentication for heterogeneous networks
CN108141355B (en) Method and system for generating session keys using Diffie-Hellman procedure
EP2033479B1 (en) Method and apparatus for security protection of an original user identity in an initial signaling message
JP6727294B2 (en) User equipment UE access method, access device, and access system
WO2006131061A1 (en) Authentication method and corresponding information transmission method
KR101309426B1 (en) Method and system for recursive authentication in a mobile network
US20110004754A1 (en) Method And Apparatuses For Authentication And Reauthentication Of A User With First And Second Authentication Procedures
WO2010012203A1 (en) Authentication method, re-certification method and communication device
US20050271209A1 (en) AKA sequence number for replay protection in EAP-AKA authentication
KR20120052396A (en) Security access control method and system for wired local area network
WO2003077467A1 (en) The method for distributes the encrypted key in wireless lan
WO2004043006A1 (en) A method for the access of the mobile terminal to the wlan and for the data communication via the wireless link securely
WO2012028010A1 (en) Authentication method, apparatus and system
WO2010091563A1 (en) Management method, device and system for wapi terminal certificates
WO2007028328A1 (en) Method, system and device for negotiating about cipher key shared by ue and external equipment
WO2006137625A1 (en) Device for realizing security function in mac of portable internet system and authentication method using the device
WO2009097789A1 (en) Method and communication system for establishing security association
WO2007121669A1 (en) Method and device and system for establishing wireless connection
WO2007041933A1 (en) An updating method of controlled secret keys and the apparatus thereof
WO2012028043A1 (en) Method, device and system for authentication
WO2009074050A1 (en) A method, system and apparatus for authenticating an access point device
WO2007022731A1 (en) Encryption key negotiation method, system and equipment in the enhanced universal verify frame
WO2011088770A1 (en) Method and system for deriving air interface encryption keys

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 200680012300.5

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 1430/KOLNP/2008

Country of ref document: IN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06791066

Country of ref document: EP

Kind code of ref document: A1