WO2008069627A1 - Procédé de génération et procédé de mise à jour de clé d'autorisation pour communication mobile - Google Patents

Procédé de génération et procédé de mise à jour de clé d'autorisation pour communication mobile Download PDF

Info

Publication number
WO2008069627A1
WO2008069627A1 PCT/KR2007/006380 KR2007006380W WO2008069627A1 WO 2008069627 A1 WO2008069627 A1 WO 2008069627A1 KR 2007006380 W KR2007006380 W KR 2007006380W WO 2008069627 A1 WO2008069627 A1 WO 2008069627A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
authorization key
message
base station
random value
Prior art date
Application number
PCT/KR2007/006380
Other languages
English (en)
Inventor
Seok-Heon Cho
Chul-Sik Yoon
Original Assignee
Electronics And Telecommunications Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from KR1020070102551A external-priority patent/KR101447726B1/ko
Application filed by Electronics And Telecommunications Research Institute filed Critical Electronics And Telecommunications Research Institute
Publication of WO2008069627A1 publication Critical patent/WO2008069627A1/fr
Priority to US12/480,521 priority Critical patent/US8397071B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Definitions

  • the present invention relates to an authentication key generating method and an authorization key updating method in a mobile communication system.
  • terminal authorization and authentication are performed in order to safely provide a service. Through the terminal authorization and authentication, terminal device authentication or user authentication is successfully performed, and an authorization key is generated.
  • a root key shared in a base station and a terminal authorized to generate the authorization key is used as an input key, a media access control (MAC) address, a base station identifier, and a predetermined string are used, and the authorization key is generated.
  • the generated authorization key is periodically updated, and device and user re- authentication is performed between the terminal and the base station when the key is updated.
  • the terminal and the base station use wireless link resources to exchange control messages.
  • the present invention has been made in an effort to provide an authorization key generating method and an authorization key updating method for minimizing wireless link resource waste and increasing safety of an authorization key in a mobile communication system.
  • a root key is obtained in an authentication procedure with a terminal; a base station random value is generated; a first message including the base station random value is transmitted to the terminal; a second message including a terminal random value is received from the terminal; an authorization key is generated by using the root key, the base station random value, and the terminal random value; and a third message including a message authentication parameter that is generated by using a message authorization key corresponding to the authorization key is transmitted to the terminal.
  • a root key is obtained by performing an authentication procedure with a base station; a first message including a base station random value is received from the base station; a terminal random value is generated; an authorization key is generated by using the root key, the base station random value, and the terminal random value; a second message including the terminal random value is transmitted to the base station; and a third message that is a response to the second message is received.
  • a root key is obtained by performing an authentication procedure with a terminal, an authorization key is generated by using the root key, a lifetime of the authorization key is established to be shorter than a lifetime of the root key, and the authorization key is updated before the lifetime of the authorization key has expired.
  • an authorization key is generated by using a root key, a first base station random value, and a first terminal random value; a first message including a second terminal random value is received from the terminal before a lifetime of the authorization key has expired; a second base station random value is generated; the authorization key is updated by using the root key, the second terminal random value, and the second base station random value; a second message including the second base station random value is transmitted to the terminal; and a third message that is a response to the second message is received.
  • an authorization key is generated by using a root key, a first base station random value, and a first terminal random value; a second terminal random value is generated; a first message including the second terminal random value is transmitted to a base station; a second message including a second base station random value is received from the base station; and the authorization key is updated by using the root key, the second base station random value, and the second terminal random value.
  • FIG. 1 is a flowchart representing an authorization key generating method in a mobile communication system according to an exemplary embodiment of the present invention.
  • FIG. 2 is a flowchart representing an authorization key updating method according to the exemplary embodiment of the present invention. Best Mode for Carrying Out the Invention
  • a mobile station may refer to a terminal, a mobile terminal
  • the mobile station may include all or some functions of the mobile terminal, the subscriber station, the portable subscriber station, the user equipment apparatus, or the like.
  • a base station may refer to an access point (AP), a radio access station
  • the base station may include all or some functions of the access point, the radio access station, the Node-B, the base transceiver station, the MMR-BS, or the like.
  • FIG. 1 is a flowchart representing the authorization key generating method in the mobile communication system according to the exemplary embodiment of the present invention, and it illustrates an initial authorization key generating procedure after a terminal 100 and a base station 200 perform an initial authentication procedure or perform a re- authentication procedure.
  • the authentication procedure is performed by a Rivest Shamir Adleman (RSA)-based authentication method for authenticating the terminal 100 and the base station 200 and an extensible authentication protocol (EAP)-based authentication method using a higher authentication protocol, and device and user authentication for the terminal 100 and the base station 200 may be performed by the authentication procedure.
  • RSA Rivest Shamir Adleman
  • EAP extensible authentication protocol
  • device and user authentication for the terminal 100 and the base station 200 may be performed by the authentication procedure.
  • RSA Rivest Shamir Adleman
  • EAP extensible authentication protocol
  • the base station 200 randomly generates a base station random value (BS Random).
  • BS Random base station random value
  • a root key corresponding to the corresponding terminal 100 is used as an input key
  • the base station 200 generates a temporary authorization key (TAK) by using the base station random value (BS Random) randomly generated by the base station 200, a terminal MAC address used to identify the terminal 100, a base station identifier used to identify the base station 200, and a predetermined string as input data in step S 102.
  • the generated temporary authorization key is used to generate a temporary message authentication key.
  • the base station 200 does not know a terminal random value (SS Random) that is randomly generated by the terminal 100, the terminal random value is not included in the input data when the temporary authorization key is generated.
  • SS Random terminal random value
  • the base station 200 transmits an authorization-key-exchange-challenge message to the terminal 100 in step S 103.
  • Table 1 shows parameters in the authorization-key-exchange-challenge message according to the exemplary embodiment of the present invention.
  • the authorization-key-exchange-challenge message includes root key lifetime, root key sequence number, base station random value (BS Random), key lifetime, key sequence number, authorization key identifier (AKID), and Cipher- based message authentication code (CMAC) parameter (CMAC-Digest).
  • BS Random base station random value
  • AKID authorization key identifier
  • CMAC Cipher- based message authentication code
  • the root key lifetime is a lifetime of the root key, and the terminal 100 is required to request re-authentication from the base station 200 when the root key lifetime has expired.
  • the root key sequence number is used to identify the root key, and is used to identify two root keys when the re-authentication is performed. That is, the terminal 100 and the base station 200 perform the re-authentication before the root key lifetime has expired, and there may be two root keys for a predetermined time when the re- authentication is performed. Accordingly, the terminal 100 or the base station 200 uses the root key sequence number to identify the two different root keys. In addition, the root key sequence number is generated by the base station 200, and the base station 200 uses the authorization-key-exchange-challenge message sent to the terminal 100 to share the root key sequence number.
  • the base station random value is randomly generated by the base station 200, and is used to generate the authorization key.
  • the base station 200 may encrypt the base station random value and transmit it, and the base station 200 uses the temporary authorization key or a predetermined key that is generated by the temporary authorization key to encrypt the base station random value.
  • the key lifetime is a lifetime of a newly generated authorization key, and the terminal 100 is required to request the base station 200 to update the authorization key before the key lifetime has expired.
  • the lifetime of the authorization key is established to be shorter than the root key lifetime, and is independently managed from the root key. That is, while the root key is updated once by performing the re- authentication between the terminal 100 and the base station 200, the authorization key is updated several times.
  • the lifetime of the authorization key is established to be shorter than the root key lifetime as described, resources in a wireless link are prevented from being wasted, and the safety of the authorization key may be increased.
  • the key sequence number that is a sequence number of the temporary authorization key that is generated by the base station 200 is used to identify two temporary authorization keys shared by the terminal 100 and the base station 200 when the authorization key is updated.
  • the terminal 100 and the base station 200 are required to update the authorization key before the lifetime of the authorization key has expired, and there may be two temporary authorization keys for a predetermined time when the authorization key is updated. Accordingly, the terminal 100 or the base station 200 uses the key sequence number to identify the two temporary authorization keys.
  • the temporary message authentication key is generated by using each temporary authorization key, two temporary message authentication keys may exist for a predetermined time. Accordingly, a sequence number of the temporary message authentication key is required to identify the two temporary message authentication keys, and a sequence number of the temporary authorization key is used as the sequence number of the temporary message authentication key.
  • a sequence number for the authorization key and a sequence number for a message authentication key that is generated by using the authorization key use the same value as the sequence number of the temporary authorization key.
  • the CMAC parameter is a parameter for authenticating the authorization- key-exchange-challenge message.
  • the base station 200 generates the CMAC parameter by applying parameters (except for the CMAC parameter) in the authorization-key-exchange-challenge message to a message hash function by using the temporary message authentication key that is generated based on the temporary authorization key.
  • the terminal 100 receiving the authorization- key-exchange-challenge message authenticates the authorization- key-exchange-challenge message.
  • the terminal 100 uses the CMAC parameter in the authorization-key-exchange-challenge message to perform the message authentication. That is, the terminal 100 generates the CMAC parameter by using the parameters in the authorization-key-exchange-challenge message except for the CMAC parameter.
  • the terminal 100 uses a temporary message authentication key that is generated by the terminal 100 to generate the CMAC parameter.
  • the terminal 100 uses the root key as the input key and uses the base station random value, the terminal MAC address, the base station identifier, and the predetermined string in the authorization-key-exchange-challenge message as the input data to generate the temporary authorization key, and generates the temporary message authentication key from the generated temporary authorization key.
  • the terminal 100 compares the generated CMAC parameter and the CMAC parameter in the authorization-key-exchange-challenge message to authenticate the corresponding message.
  • the terminal 100 discards the corresponding message.
  • the terminal 100 acknowledges that the base station 200 has the same root key, and generates a terminal random value (SS Random).
  • SS Random terminal random value
  • the terminal 100 uses the root key as the input key and uses the base station random value, the terminal random value, the terminal MAC address, the base station identifier, and the predetermined string as the input data to generate an authorization key (AK) in step S 104.
  • the terminal 100 uses the generated authorization key to generate a message authentication key.
  • the terminal 100 may respectively generate the message authentication keys for uplink and downlink, or may generate the same uplink and downlink message authentication keys.
  • the terminal 100 transmits an authorization key exchange request message to the base station 200 in step S 105.
  • Table 2 shows parameters in the authorization key exchange request message according to the exemplary embodiment of the present invention.
  • BS random Random number included in an Autho ⁇ zation-Key-Exchange-Challenge message I his attribute may be encrypted
  • This attribute may be encrypted.
  • the authorization key exchange request message includes a base station random value (BS Random), a terminal random value (SS Random), a key sequence number, an authorization key identifier (AKID), security capabilities, and a CMAC parameter (CMAC-Digest).
  • BS Random base station random value
  • SS Random terminal random value
  • AKID authorization key identifier
  • CMAC-Digest CMAC parameter
  • the base station random value that is randomly generated by the base station 200 is the same as the base station random value in the authorization-key-exchange-challenge message.
  • the terminal 100 may encrypt the base station random value to transmit it.
  • the terminal random value is randomly generated by the terminal 100. Like the base station random value, the terminal 100 may encrypt the terminal random value to transmit it.
  • the terminal 100 may use a newly generated authorization key or a predetermined key that is generated from the newly generated authorization key to encrypt the base station random value and the terminal random value.
  • the key sequence number that is a sequence number of the authorization key to identify the newly generated authorization key is the same value as a key sequence number corresponding to the temporary authorization key in the authorization- key-exchange-challenge message.
  • the authorization key sequence number is used to identify two authorization keys existing for a predetermined time when the authorization key is updated.
  • two message authentication keys may exist since there may be two authorization keys for a predetermined time when the authorization key is updated. Accordingly, a message authentication key sequence number for identifying the message authentication key is required, and the terminal 100 or the base station 200 may use the authorization key sequence number as the sequence number of the message authentication key.
  • the authorization key identifier is generated by using the authorization key that is generated by the terminal 100, the authorization key sequence number, the terminal MAC address, and the base station identifier, and is used to identify the authorization key.
  • the terminal 100 and the base station 200 may generate the authorization key identifier, and the terminal 100 transmits the authorization key identifier to the base station to confirm that the base station 200 has the same authorization key identifier.
  • the security capabilities parameter shows security-related algorithms supported by the terminal 100, and the terminal 100 accepts the security capabilities parameter from the authorization key exchange request message when the base station 200 knows the security-related capabilities of the corresponding terminal 100.
  • base station 200 does not know the security-related capabilities of the corresponding terminal 100
  • an initial authentication procedure according to an initial access of the terminal 100 is successfully performed, and a security capabilities field is added to the authorization key exchange request message to initially generate the authorization key.
  • the security capabilities field is excepted from the authorization key exchange request message that is included in the authorization key generation procedure performed in the re-authentication procedure.
  • the CMAC parameter (CMAC-Digest) is a parameter for authenticating the authorization key exchange request message.
  • the terminal 100 applies parameters in the message authorization key exchange request message to a message hash function except for the CMAC parameter based on an uplink message authentication key that is generated from the authorization key generated by the terminal 100, and generates the CMAC parameter.
  • the base station 200 receiving the authorization key exchange request message uses the CMAC parameter in the authorization key exchange request message to authenticate the authorization key exchange request message. That is, in a like manner of the authentication method for the authorization- key-exchange-challenge message by the terminal 100, the base station 200 generates the CMAC parameter by using the received authorization key exchange request message. In addition, the base station 200 compares the generated CMAC parameter and the CMAC parameter in the authorization key exchange request message to authenticate the corresponding message.
  • the base station 200 discards the corresponding message.
  • the base station 200 uses the root key as the input key, and uses the base station random value, the terminal random value, the terminal MAC address, the base station identifier, and the predetermined string as the input data to generate an authorization key in step S 106.
  • a message authentication key is generated by using the generated authorization key.
  • the base station 200 may separately generate message authentication keys for uplink and downlink, or may generate the same authorization keys for uplink and downlink.
  • the base station 200 transmits an authorization-key-exchange-response message to the terminal 100 in step S 107.
  • Table 3 shows parameters in the authorization-key-exchange-response message according to the exemplary embodiment of the present invention.
  • Each compound SA-Descriptor attribute specifies an SA identifier and Desc ⁇ ptor(s) additional properties of the SA
  • the authorization-key-exchange-response message includes the base station random value (BS Random), the terminal random value (SS Random), the key sequence number, the authorization key identifier (AKID), at least one security association (SA) descriptor, and the CMAC parameter (CMAC-Digest).
  • BS Random base station random value
  • SS Random terminal random value
  • AKID authorization key identifier
  • SA security association
  • CMAC-Digest CMAC-Digest
  • the base station random value is the same as the base station random value in the authorization-key-exchange-challenge message
  • the terminal random value is the same as the terminal random value in the authorization key exchange request message.
  • the base station 200 may encrypt the base station random value and the terminal random value to transmit them, and may use a newly generated authorization key or a predetermined key that is generated from the newly generated authorization key to encrypt the base station random value and the terminal random value.
  • the key sequence number is a sequence number for the authorization key, and is used to identify the authorization key.
  • the authorization key identifier is generated by the base station 200 by using the authorization key that is generated by the base station, the authorization key sequence number, the terminal MAC address, and the base station identifier, and is used to identify the authorization key. As described, the authorization key identifier is re- spectively generated by the terminal 100 and the base station 200, and the base station 200 transmits the authorization key identifier to the terminal 100 so as to confirm that the terminal 100 and the base station 200 have the same authorization key identifiers.
  • the SA descriptor includes SA information including an SA identifier (SAID), an
  • the base station 200 may define SA descriptors corresponding to the number of basic SAs and static SAs.
  • an SA descriptor field is added to the authorization- key-exchange-response message in the initial authorization key generating procedure performed after the initial authentication procedure is successfully performed when the initial access of the terminal 100 is performed, but the SA descriptor parameter is excepted from the authorization-key-exchange-response message of the authorization key updating procedure performed after the re- authentication procedure is successfully performed between the terminal 100 and the base station 200.
  • the CMAC parameter (CMAC-Digest) is a parameter for authenticating the authorization-key-exchange-response message.
  • the base station 200 applies parameters in the authorization-key-exchange-response message to a message hash function except for the CMAC parameter based on the downlink message authentication key that is generated from the authorization key generated by the base station 200 to generate the CMAC parameter.
  • the authorization-key-exchange-response message may additionally include security capabilities, and the security capabilities shows security-related algorithms supported by the terminal 200.
  • the terminal 100 receives the authorization- key-exchange-response message from the base station 200, and authenticates the received authorization-key-exchange-response message.
  • the authorization key generating procedure is performed, and the terminal 100 and the base station 200 communicate with each other by using a newly generated authorization key.
  • FIG. 2 is a flowchart representing an authorization key updating method according to the exemplary embodiment of the present invention, in which the terminal 100 and the base station 200 periodically update an authorization key by using a root key.
  • the terminal 100 and the base station 200 share a root key, and share an authorization key that is generated based on the root key.
  • the terminal 100 and the base station 200 increase a lifetime of the root key so as to reduce wireless link resources used in the re- authentication procedure, and increase a re-authentication period.
  • the lifetime of the authorization key is established to be shorter than the lifetime of the root key so as to reduce an authentication updating period.
  • the terminal 100 and the base station 200 perform an authorization key updating procedure shown in FIG. 2 in addition to the re- authentication procedure.
  • the terminal 100 before the lifetime of the authorization key has expired, the terminal 100 newly generates a terminal random value in step S201, and transmits an authorization-key-update-request message including the terminal random value to the base station 200 in step S202.
  • Table 4 shows parameters in the authorization-key-update-request message according to the exemplary embodiment of the present invention.
  • This attribute may be encrypted
  • the authorization-key-update-request message includes a terminal random value (SS Random), a key sequence number, an authorization key identifier (AKID), and a CMAC parameter (CMAC-Digest).
  • SS Random terminal random value
  • AKID authorization key identifier
  • CMAC-Digest CMAC parameter
  • the terminal random value is a random value that is newly generated by the terminal
  • the terminal 100 may encrypt the terminal random value to transmit it.
  • the terminal 100 may use the currently used authorization key or a predetermined key that is generated by the currently used authorization key to encrypt the terminal random value.
  • the key sequence number is a sequence number for the authorization key that is shared by the terminal 100 and the base station 200 (i.e., the authorization key before the update).
  • the authorization key identifier is an identifier for the authorization key that is currently shared by the terminal 100 and the base station 200.
  • the CMAC parameter is used to authenticate the authorization-key-update-request message.
  • the terminal 100 applies parameters in the authorization-key-update-request message to a message hash function by using the uplink message authentication key to generate the CMAC parameter.
  • the message authentication key is generated based on the authorization key that is currently shared by the terminal 100 and the base station 200.
  • the terminal 100 or the base station 200 uses the message authentication key sequence number to identify the respective message authentication keys. In this case, the terminal 100 or the base station 200 may use a sequence number of the authorization key as the message authentication key sequence number.
  • the base station 200 receiving the authorization- key-update-request message from the terminal 100 uses the CMAC parameter in the received authorization-key-update-request message to perform message authentication, and discards the corresponding message when the message authentication has failed.
  • the base station 200 uses the uplink message authentication key that is generated based on the authorization key that is currently shared by the terminal 100 and the base station 200 to authenticate the authorization-key-update-request message.
  • the base station 200 When the message authentication has succeeded, the base station 200 newly generates a base station random value (BS Random) to update the authorization key.
  • BS Random base station random value
  • the base station 200 uses a root key allocated to the corresponding terminal 100 as an input key, and uses the terminal random value in the authorization- key-update-request message, the base station random value that is newly generated by the base station 200, the terminal MAC address, the base station identifier, and the predetermined string as input data to generate a new authorization key in step S203. Further, a new message authentication key is generated by using the newly generated authorization key.
  • the base station 200 transmits an au- thorization-key-update-response message to the corresponding terminal 100 in step S204.
  • Table 5 shows parameters in the authorization-key-update-response message according to the exemplary embodiment of the present invention.
  • This attribute may be encrypted.
  • the authorization-key-update-response message includes a base station random value (BS Random), a terminal random value (SS Random), a key lifetime, a key sequence number, an authorization key identifier (AKID), and a CMAC parameter (CMAC-Digest).
  • BS Random base station random value
  • SS Random terminal random value
  • AKID authorization key identifier
  • CMAC-Digest CMAC parameter
  • the base station random value is randomly generated by the base station 200 to update an authorization key, and the base station 200 may encrypt the base station random value to transmit it.
  • the terminal random value is the same as the terminal random value in the au- thorization-key-update-request message, and the terminal random value may also be encrypted to be transmitted.
  • the base station 200 may use a newly generated authorization key or a predetermined key that is generated by the newly generated authorization key to encrypt the base station random value and the terminal random value.
  • the key lifetime indicates a lifetime of the newly generated authorization key (i.e., a period for updating the authorization key).
  • the key sequence number is a sequence number for the newly generated authorization key
  • the base station 200 generates a new key sequence number that is different from the sequence number of the authorization key that is currently used by the terminal 100 and the base station 200, and uses the new key sequence number as the sequence number of the newly generated authorization key. That is, the key sequence number in the authorization-key-update-request message is different from the key sequence number in the authorization-key-update-response message.
  • the authorization key identifier is an identifier for the newly generated authorization key.
  • the CMAC parameter is used to authenticate the authorization-key-update-response message.
  • the base station 200 uses a downlink message authentication key that is generated based on the newly generated authorization key to generate the CMAC parameter.
  • the terminal 100 receiving the authorization- key-update-response message from the base station 200 uses the CAMC parameter in the received authorization-key-update-response message to perform message authentication, and discards the corresponding message when the authentication has failed.
  • the terminal 100 uses the downlink message authentication key that is generated based on the authorization key newly shared by the terminal 100 and the base station 200 to authenticate the authorization-key-update-response message.
  • the terminal 100 uses a root key allocated to the terminal 100 as an input key, and uses the terminal random value in the authorization-key-update-request message, the base station random value in the au- thorization-key-update-response message, the terminal MAC address, the base station identifier, and the predetermined string as input data to generate a new authorization key in step S205.
  • the terminal 100 generates a new message authentication key based on the generated authorization key, and transmits an authorization- key-update- acknowledgement message to the base station 200.
  • Table 6 shows parameters in the authorization-key-update-acknowledgement message according to the exemplary embodiment of the present invention.
  • This attribute may be encrypted
  • the authorization-key-update-acknowledgement message includes a base station random value (BS Random), a terminal random value (SS Random), a key sequence number, an authorization key identifier (AKID), and a CMAC parameter (CMAC-Digest).
  • BS Random base station random value
  • SS Random terminal random value
  • AKID authorization key identifier
  • CMAC-Digest CMAC parameter
  • the base station random value is the same as the base station random value in the au- thorization-key-update-response message.
  • the terminal random value is the same as the terminal random value in the au- thorization-key-update-request message.
  • the base station random value and the terminal random value may be encrypted to be transmitted, and the terminal 100 may use a newly generated au- thorization key or a predetermined key that is generated by the newly generated authorization key to encrypt the base station random value and the terminal random value.
  • the key sequence number is a sequence number of the newly generated authorization key, and is the same as the key sequence number in the authorization- key-update-response message.
  • the authorization key identifier is an identifier for the newly generated authorization key.
  • the CMAC parameter is used to authenticate the authorization- key-update- acknowledgement message, and is generated by using an uplink message authentication key that is generated based on the newly generated authorization key.
  • the base station 200 receiving the authorization- key-update- acknowledgement message authenticates the corresponding message, and discards the corresponding message when the message authentication has failed.
  • the base station 200 uses the uplink message authentication key that is generated based on the authorization key that is newly shared by the terminal 100 and the base station 200 to authenticate the authorization-key-update-acknowledgement message.
  • the base station 200 acknowledges that the terminal newly generates an authorization key that is the same as the authorization key that is newly generated by the base station 200, and successfully performs the authorization key updating procedure. Subsequently, the terminal 100 and the base station 200 share and use the newly generated authorization key rather than using the previous authorization key, and use a newly updated authorization key so as to safely transmit and received data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé de génération de clé d'autorisation et un procédé de mise à jour de clé d'autorisation dans un système de communication mobile. Un terminal et une station de base génèrent une clé d'autorisation au moyen d'une valeur aléatoire de terminal et d'une valeur aléatoire de station de base qui sont échangées dans une procédure de génération de clé d'autorisation en tant que données d'entrée. En outre, une durée de vie d'une clé d'autorisation est établie comme étant plus courte qu'une durée de vie d'une clé racine, et la clé d'autorisation est mise à jour avec une période de mise à jour plus courte que celle de la période racine.
PCT/KR2007/006380 2006-12-08 2007-12-07 Procédé de génération et procédé de mise à jour de clé d'autorisation pour communication mobile WO2008069627A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/480,521 US8397071B2 (en) 2006-12-08 2009-06-08 Generation method and update method of authorization key for mobile communication

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
KR20060124955 2006-12-08
KR10-2006-0124955 2006-12-08
KR10-2007-0102551 2007-10-11
KR1020070102551A KR101447726B1 (ko) 2006-12-08 2007-10-11 이동통신시스템에서의 인증키 생성 방법 및 갱신 방법

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/480,521 Continuation US8397071B2 (en) 2006-12-08 2009-06-08 Generation method and update method of authorization key for mobile communication

Publications (1)

Publication Number Publication Date
WO2008069627A1 true WO2008069627A1 (fr) 2008-06-12

Family

ID=39492418

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2007/006380 WO2008069627A1 (fr) 2006-12-08 2007-12-07 Procédé de génération et procédé de mise à jour de clé d'autorisation pour communication mobile

Country Status (1)

Country Link
WO (1) WO2008069627A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741497B (zh) * 2008-11-17 2012-05-09 财团法人资讯工业策进会 金钥更新装置及方法及包含所述装置的无线网络系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR970031534A (ko) * 1995-11-08 1997-06-26 양승택 디지틀 이동통신망의 인증센터에 사용되는 인증키 생성방법
KR20060039564A (ko) * 2004-11-03 2006-05-09 에스케이 텔레콤주식회사 휴대 인터넷망에서 가입자 인증 방법 및 시스템

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR970031534A (ko) * 1995-11-08 1997-06-26 양승택 디지틀 이동통신망의 인증센터에 사용되는 인증키 생성방법
KR20060039564A (ko) * 2004-11-03 2006-05-09 에스케이 텔레콤주식회사 휴대 인터넷망에서 가입자 인증 방법 및 시스템

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101741497B (zh) * 2008-11-17 2012-05-09 财团法人资讯工业策进会 金钥更新装置及方法及包含所述装置的无线网络系统

Similar Documents

Publication Publication Date Title
US8397071B2 (en) Generation method and update method of authorization key for mobile communication
JP6492115B2 (ja) 暗号鍵の生成
US10841784B2 (en) Authentication and key agreement in communication network
KR100704675B1 (ko) 무선 휴대 인터넷 시스템의 인증 방법 및 관련 키 생성방법
US20200305001A1 (en) Routing method, apparatus, and system
JP4903792B2 (ja) 無線携帯インターネットシステム用の認証キー識別子の割り当て方法
US20190149329A1 (en) Network authentication method, and related device and system
CN108880813B (zh) 一种附着流程的实现方法及装置
EP2879421B1 (fr) Procédé de confirmation de l'identité d'un terminal et d'authentification d'un service, système et terminal
CN108353279B (zh) 一种认证方法和认证系统
WO2022111187A1 (fr) Procédé et appareil d'authentification de terminal, dispositif informatique et support de stockage
US11381973B2 (en) Data transmission method, related device, and related system
Maccari et al. Security analysis of IEEE 802.16
WO2005041532A1 (fr) Attribution d'un nom a des cles de groupe 802.11 pour permettre le support de multiples diffusions et de domaines multidesinations
US10700854B2 (en) Resource management in a cellular network
KR100330418B1 (ko) 이동통신 환경에서의 가입자 인증 방법
WO2008069627A1 (fr) Procédé de génération et procédé de mise à jour de clé d'autorisation pour communication mobile
Wang et al. An efficient EAP-based pre-authentication for inter-WRAN handover in TV white space
CN110536289A (zh) 密钥发放方法及其装置、移动终端、通信设备和存储介质
Kucharzewski et al. Mobile identity management system in heterogeneous wireless networks
KR20100054191A (ko) 3지 네트워크에서 효율적인 인증 관리를 위한 개선된 3 지피피 - 에이케이에이 방법
CN111432404A (zh) 信息处理方法及装置
Yang A Survey of WiMAX and Mobile Broadband Security
KR20130062965A (ko) 무선 네트워크 접속 인증 방법 및 그 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07851351

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07851351

Country of ref document: EP

Kind code of ref document: A1