WO2010094206A1 - Procédé d'authentification de sécurité de liaison dans des réseaux à relais sans fil, dispositif et système correspondants - Google Patents

Procédé d'authentification de sécurité de liaison dans des réseaux à relais sans fil, dispositif et système correspondants Download PDF

Info

Publication number
WO2010094206A1
WO2010094206A1 PCT/CN2009/076217 CN2009076217W WO2010094206A1 WO 2010094206 A1 WO2010094206 A1 WO 2010094206A1 CN 2009076217 W CN2009076217 W CN 2009076217W WO 2010094206 A1 WO2010094206 A1 WO 2010094206A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
message
authentication code
count value
authentication
Prior art date
Application number
PCT/CN2009/076217
Other languages
English (en)
Chinese (zh)
Inventor
李波杰
卢磊
梁文亮
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2010094206A1 publication Critical patent/WO2010094206A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • WiMAX Worldwide Interoperability for Microwave Access
  • IEEE 802.16d is a standard for fixed wireless access and can be applied to 2 to llGHz Non-Line of Sight (NLOS) transmission and 10 to 66 GHz (Light of Sight) transmission.
  • IEEE 802.16e adds new features to support mobility based on IEEE 802.16d.
  • a method for preventing management message playback is defined in the IEEE 802.16e protocol, that is, a CMAC (Cipher-based message authentication code, referred to herein as a message authentication code) packet number counter value at any time.
  • a CMAC Cipher-based message authentication code
  • the combination of the corresponding key that generates the CMAC message authentication code is unique.
  • these keys must be updated frequently, and the CMAC_KEY_COUNT (message authentication code key count) count value is used to ensure the freshness of the key; meanwhile, the message authentication code packet number count value is Each time a management message with a message authentication code is sent, it is also updated to further enhance the ability of the message authentication code to defend against attacks.
  • the CMAC_KEY_COUNT count value is updated before the RNG-REQ (Ranging Request) message is sent to the base station, and the message authentication code packet number is updated.
  • the count value is set to zero, and the terminal generates a new message authentication code key by using the updated count value, and then the terminal uses the message authentication code key and the zeroed message to recognize
  • the code group number count value is a RNG-REQ message to generate a CMAC message authentication code, and the network side also uses the updated count value to generate a corresponding key for verifying the RNG-REQ message, thereby preventing a replay attack.
  • an embodiment of the present invention provides a link security authentication method in a wireless relay network, including:
  • the first management message carries the first message authentication code and the first message authentication code key count value included in the first authentication key context saved by the mobile station itself, and the first message authentication a first packet authentication code according to the first authentication key, the first authentication key identifier, the first message authentication code key count value, and the first message authentication code group number in the first authentication key context.
  • Count value calculation is generated, and the first authentication key in the first authentication key context is calculated according to the mobile station identifier and the access relay station identifier according to the setting rule;
  • the verification result determines whether the access link between the mobile station and the access relay station is secure, and the second authentication key and the first authentication key are peer keys.
  • the embodiment of the invention further provides a link security authentication method in a wireless relay network, and a package Includes:
  • the second management message carries a third message authentication code, a third message authentication code key count value, a third message authentication code packet number count value, and a third message authentication code according to the third
  • the third message authentication code key count value, the third message authentication code group number count value, and the third authentication key in the third authentication key context are calculated and generated, and the third authentication key is generated according to the access.
  • the relay station identifier and the multi-hop relay base station identifier are obtained according to a setting rule, where the third authentication key context is an authentication key context related to the access relay station saved by the access relay station;
  • the verification result determines whether the relay link between the access relay station and the multi-hop relay base station is secure, and the fourth authentication key and the third authentication key are peer keys.
  • the embodiment of the invention further provides a link security authentication device, including:
  • a first receiving module configured to receive a first management message sent by the mobile station, where the first management message carries the first message authentication code and the first message authentication code key included in the context of the first authentication key saved by the mobile station itself a count value, a first message authentication code packet number count value, the first message authentication code is based on the first authentication key, the first authentication key identifier, and the first message authentication code key count value in the first authentication key context, The first message authentication code group number count value calculation calculation is generated, and the first authentication key is calculated according to the mobile station identifier and the access relay station identifier according to the setting rule; the first processing module is configured to include according to the second authentication key context The second authentication key, the second authentication key identifier, and the first message authentication code key count value, the first message authentication code packet number count value verify the first message authentication code, and determine the mobile station and the access relay station according to the verification result. Whether the access link is secure, and the second authentication key and the first authentication key are peer keys.
  • the embodiment of the invention further provides a multi-hop relay base station, including:
  • a second receiving module configured to receive a second management message sent by the access relay station, where the second management message carries a third message authentication code and a third message authentication code key count value, and the third message acknowledges a code group number count value, the third message authentication code is based on the third message authentication code key count value, the third message authentication code packet number count value, and the third authentication key and the third authentication in the third authentication key context Key identification calculation is generated, and the third authentication key is calculated according to the access relay identifier and the multi-hop relay base station identifier according to a set rule;
  • a second processing module configured to verify, according to the fourth authentication key, the fourth authentication key identifier, and the third message authentication code key count value and the third message authentication code group number count value included in the fourth authentication key context
  • the third message authentication code determines whether the relay link between the access relay station and the multi-hop relay base station is secure according to the verification result, and the fourth authentication key and the third authentication key are peer keys.
  • the embodiment of the invention further provides a wireless relay network system, including:
  • An access relay station configured to receive a first management message sent by the mobile station, according to the second authentication key, the second authentication key identifier, and the first message authentication code key count value included in the second authentication key context, a message authentication code packet number count value verifies the first message authentication code, determines, according to the verification result, whether the access link between the mobile station and the access relay station is secure, and converts the first management message into a second management message and sends,
  • the first management message carries the first message authentication code and the first message authentication code key count value included in the first authentication key context saved by the mobile station itself, the first message authentication code packet number count value, and the first message.
  • the authentication code is generated according to the first authentication key, the first authentication key identifier, the first message authentication code key count value, and the first message authentication code group number count value in the first authentication key context, and the first authentication key is generated.
  • the key is obtained according to the setting rule according to the mobile station identifier and the access relay station identifier, and the second authentication key and the first authentication key are equal. ;
  • a multi-hop relay base station configured to receive a second management message sent by the access relay station, and according to the fourth authentication key, the fourth authentication key identifier, and the third message authentication code key included in the fourth authentication key context And the third message authentication code is verified by the count value and the third message authentication code packet number, and the relay link between the access relay station and the multi-hop relay base station is determined according to the verification result, wherein the second management message carries the first The third message authentication code and the third message authentication code key count value, the third message authentication code group number count value, and the third message authentication code according to the third message authentication code key The count value, the third message authentication code packet number count value, and the third authentication key and the third authentication key identifier in the third authentication key context are calculated and generated, and the third authentication key is according to the access relay station identifier and the multi-hop. After the base station identifier is calculated according to the setting rule, the fourth authentication key and the third authentication key are peer keys.
  • the embodiment of the invention provides a specific technical solution for detecting the security of the access link and the relay link in the wireless relay network, and can effectively prevent the replay attack in the wireless relay network.
  • FIG. 1 is a flowchart of detecting security of an access link in a wireless relay network according to an embodiment of the present invention
  • FIG. 2 is a flowchart of detecting security of a relay link in a wireless relay network according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of a link security authentication method in a wireless relay network according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart of a link security authentication method in a wireless relay network according to an embodiment of the present invention
  • FIG. 6 is a schematic flowchart of a link security authentication method in a wireless relay network according to an embodiment of the present invention
  • FIG. 7 is a schematic flowchart of a link security authentication method in a wireless relay network according to an embodiment of the present invention.
  • FIG. 8 is a block diagram of a link security authentication apparatus according to an embodiment of the present invention
  • FIG. 9 is a block diagram of a multi-hop relay base station according to an embodiment of the present invention.
  • FIG. 10 is a block diagram of a wireless relay network system according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE INVENTION
  • a method for detecting security of an access link in a wireless relay network is as shown in FIG. 1 , and includes the following steps:
  • Step 101 The multi-hop relay base station or the access relay station receives the first management message sent by the mobile station.
  • the first management message carries the first message authentication code and the first message authentication code key count value and the first message authentication code group number count value included in the first authentication key context saved by the mobile station itself.
  • the authentication key context includes an authentication key, an authentication key identifier, a message authentication code key, a message authentication code key count value, a message authentication code packet number count value, and an authentication key and a message authentication code key count value are used together.
  • the message authentication code key, the message authentication code key and the authentication key identifier, and the message authentication code group number count value are jointly used to calculate or verify the message authentication code of the management message.
  • the first message authentication code is generated according to the first authentication key, the first authentication key identifier, the first message authentication code key count value, and the first message authentication code group number count value in the first authentication key context. .
  • the first authentication key in the first authentication key context is calculated according to the mobile station identity and the access relay station identity according to a set rule.
  • Step 102 Verify the first message authentication according to the second authentication key, the second authentication key identifier, and the first message authentication code key count value and the first message authentication code group number count value included in the second authentication key context.
  • the code determines whether the access link between the mobile station and the access relay station is secure according to the verification result.
  • the second authentication key and the first authentication key are peer keys.
  • the executor of the above solution may be an A-RS (Acces s Relay Station) or an MS-BS (Mul ti- hop Relay Base) Stat ion, multi-hop relay base station).
  • the second authentication key context may be stored locally at the A-RS or the MS-BS, or may be obtained from an authenticator to which the MS belongs.
  • a method for detecting security of a relay link in a wireless relay network is as shown in FIG. 2, and includes the following steps:
  • Step 201 Receive a second management message sent by the access relay station.
  • the second management message carries a third message authentication code and a third message authentication code key count value, a third message authentication code packet number count value, and the third message authentication code is based on the third message authentication code key count value, and the third The message authentication code packet number count value and the third authentication key and the third authentication key identifier in the third authentication key context are generated, and the third authentication key is set according to the access relay station identifier and the multi-hop relay base station identifier. Rule calculation is obtained;
  • Step 202 Verify third message authentication according to the fourth authentication key, the fourth authentication key identifier, and the third message authentication code key count value and the third message authentication code group number count value included in the fourth authentication key context.
  • the code determines whether the relay link between the access relay station and the multi-hop relay base station is secure according to the verification result.
  • the fourth authentication key and the third authentication key are peer keys.
  • the executor of the foregoing solution may be an MS-BS, and the fourth authentication key context may be stored locally in the MS-BS.
  • IEEE 802.16j is an air interface protocol developed by the IEEE organization to implement relay capability based on 16e.
  • the network architecture defined by it is shown in Figure 3, which includes:
  • MR-BS A device that provides connection, management, and control for relay stations and user terminals
  • RS Relay Station
  • RS Relay Station
  • Some RSs can also provide management and control for subordinate RSs or user terminals.
  • the air interface between the RS and the MS is the same as the air interface between the MR-BS and the MS.
  • the RS is a station that relays data between the base station and the terminal, so that the wireless signal can reach the destination through multiple transmissions (multi-hop).
  • MS Mobile Station
  • the user uses this device to access the WiMAX network.
  • the security of the access link is verified first, and then the security of the relay link is verified.
  • the security verification of the access link is based on the MS related AK (Authentication). Key, authentication key) context, security verification of the relay link is based on the A-RS related AK context; in an alternative to this embodiment, the security verification of the access link is based on the MS-related AK context, the security of the relay link The verification is also based on the MS related AK context.
  • the AK key in the MS-related AK context is generated by the MS or the MS-affiliated authenticator according to the MS identifier and the A-RS identifier
  • the AK key in the A-RS related AK context is The A-RS or A-RS belonging authenticator is calculated and generated according to a certain rule according to the A-RS identifier and the MR-BS identifier.
  • MS-related AK MS maintains a context that contains CMAC- KEY- COUNT value X M
  • A-RS MS maintains a correlation AK context, which context includes CMAC- KEY- COUNT value Y M
  • the authenticator maintains an MS-related AK context, which contains the CMAC_KEY_COUNT value Z M
  • the A-RS also maintains an A-RS related AK context, which includes CMAC_KEY_COUNT value X R
  • MR -BS a-RS maintains a correlation AK context
  • context includes CMAC- KEY- COUNT value Y R.
  • the link security authentication method in the wireless relay network includes the following steps:
  • Step 301 The MS generates a first management message, that is, an RNG-REQ message.
  • the first message authentication code key count value included in the authentication key context (referred to as the first authentication key context in this embodiment) maintained by the MS before sending the first management message to the A-RS, that is, CMAC— KEY_ COUNT value X M is self-powered B 1, and sets the first message authentication code packet number count value in the MS-related AK context (ie, the first AK context) saved locally by the MS to zero, using the MS-related AK context locally saved by the MS.
  • Generating a first message authentication code for the RNG-REQ message; the specific process is that the MS uses the AK key in the AK context, the MS identifier (specifically, the MS media access control layer address), the RS identifier, and the X M to be calculated in a specific manner.
  • the authentication code key is used to calculate and generate the first message authentication code by using the message authentication code key and the AK identifier in the AK context and the first message authentication code packet number count value as the RNG-REQ message.
  • the specific calculation method refer to 802.16e. Protocol, the difference is that the BS identifier in the 802.16e calculation method needs to be changed to the RS identifier.
  • the various AK contexts mentioned herein include the AK key, the AK identifier, the message authentication code key, the message authentication code key count value CMAC_KEY_COUNT, and the message authentication code group number count. value.
  • the AK key (also referred to as the first authentication key in this embodiment) in the first AK context saved by the MS is the MS according to the MS ID (specifically, the media access control layer address of the MS) and the RS. The ID is calculated according to the set rules.
  • the MS initiates this step if the A-RS performs network re-entry or performs a secure location update or handover to a target access relay station.
  • Step 302 The MS sends an RNG-REQ message to the A-RS, where the message carries the current X M , the first message authentication code packet number count value, and the first message authentication code.
  • Step 303 the A-RS determines whether the MS related AK context (ie, the second AK context) is saved locally, and if so, proceeds to step 310; otherwise, proceeds to step 304;
  • MS related AK context ie, the second AK context
  • the second AK context is an AK context including a second authentication key, and the second authentication key and the first authentication key are peer keys.
  • Step 304 The A-RS sends an MS_Context-REQ (Mobile Station Context Request) message to the MR-BS, where the message carries the MS ID (MS identifier);
  • MS_Context-REQ Mobile Station Context Request
  • the MS ID may be carried by the MS in the RNG-REQ message and sent to the A-RS, or may be
  • A-RS is known by other prior art means.
  • the message between the A-RS and the MR-BS and the MR-BS and the authenticator may be directly or indirectly sent, so that the indirect transmission to the A-RS passes through other RSs.
  • the message is sent to the MR-BS, and the MR-BS can send the message to the authenticator via other network elements (such as a gateway).
  • Step 305 the MR-BS sends a Context_Req to the Authenticator (up and down) Message request) message, the message carries the MS ID and the A-RS ID;
  • the authenticators mentioned in this document are all authenticators to which the MS belongs.
  • Step 306 The authenticator calculates an MS-related AK key according to the same setting rule as the MS according to the MS ID and the RS ID, and generates an MS-related AK context (ie, a second AK context).
  • Step 307 the authenticator to the MR-BS Sending a Context_Rpt (Context Report) message, the message carries a second AK Context, and the second AK Context includes an MS-related CMAC-KEY-COUNT value ZM locally saved by the authenticator ;
  • Step 308 The MR-BS returns an MS_Context-RSP (Mobile Station Context Response) message to the A-RS, where the message carries the second AK context provided by the authenticator, and the second AK context includes the locally saved by the authenticator.
  • MS_Context-RSP Mobile Station Context Response
  • Step 309 A-RS makes Y M equal to Z M , and Y M is the MS-related CMAC-KEY_COUNT value maintained by the A-RS;
  • Step 310 it is determined whether X M is greater than or equal to Y M , and if so, proceed to step 311, otherwise, proceed to step 325;
  • This step is an auxiliary means for verifying whether the access link is secure. If it is determined that X M is less than Y M , it is understood that an access link replay attack occurs. It is not necessary to perform the message authentication code verification of the RNG-REQ message. It can be seen that with this step, it is possible to know whether the access link is secure by using a simple judgment means.
  • Step 311 A-RS using X M RNG-REQ message includes the message authentication code value and the packet count number associated MS AK context (i.e., a second context AK) in key AK, AK verify identification in the RNG-REQ message
  • the specific authentication mode refer to the 802.16e protocol.
  • the difference is that the BS identifier in the 802.16e calculation method needs to be changed to the RS identifier. If the verification is successful, proceed to step 312, otherwise proceed to step 325;
  • the access link between the MS and the A-RS can be determined to be secure, otherwise the access link is determined. Not safe.
  • Step 312 A-RS makes Y M equal to X M ;
  • Step 313, the A-RS generates a second management message, that is, a new RNG-REQ message.
  • the method for generating the second management message by the A-RS in this step is: A-RS related AK context maintained by itself (ie, the third AK) Third CMAC - KEY - COUNT value in context) The first CMAC- KEY- COUNT value X M and a first message authentication code value of said third count number of packets message authentication code value of the packet count number replacing step 302 RNG-REQ message, and using A-RS Related AK context (i.e. The third message authentication code key and the third message authentication code packet number in the three AK contexts are the replaced RNG-REQ message (excluding the original message authentication code part).
  • the message authentication code is recalculated, that is, the third message.
  • the authentication code replaces the third message authentication code with the original first message authentication code to obtain a new RNG-REQ message, that is, the second management message.
  • Step 314 the A-RS sends the second management obtained in step 313 to the MR-BS.
  • Message ie new RNG-REQ message, which includes X R;
  • Step 315 the MR-BS determines whether the X R included in the received RNG-REQ message is greater than or equal to the locally saved Y R , and if yes, proceeds to step 316, otherwise proceeds to step 324;
  • this step it is determined whether the third message authentication code key count value is not less than the fourth message authentication code key count value included in the fourth authentication key context saved by the MR-BS, and if it is determined that X R is less than Y M , It is understood that a relay link replay attack has occurred.
  • Step 316 the MR-BS receives the X R according to the RNG-REQ message received in step 314, the message authentication code packet number count value, and the AK key in the locally saved A-RS related AK context (fourth AK context).
  • the AK identifies the message authentication code in the RNG-REQ message received by the verification step 314; the specific process is that the MR-BS utilizes the AK key in the A-RS related AK context (fourth AK context), and the A-RS media access control layer address, MR-BS and identify] calculated message authentication code key in a specific way, reuse of the identification AK message authentication code key a-RS and the AK context related, RNG-REQ message received in step 314
  • the message authentication code packet number count value in the verification of the message authentication code of the RNG-REQ message, the specific verification method is similar
  • the 802.16e protocol method differs in that the terminal identifier in the 802.16e authentication method needs to be changed to the RS identifier. If the
  • the success of the verification can determine the security of the relay link between the A-RS and the MR-BS, otherwise it is determined that the trunk link is not secure.
  • Step 317 the MR-BS makes Y R equal to X R , and sends an RNG-RSP (Ranging Response) message with a success indication to the A-RS;
  • RNG-RSP Rastering Response
  • Step 318 The A-RS returns an RNG-RSP message with a success indication to the MS.
  • Step 319 the A-RS sends an MS_Context-REQ message to the MR-BS, where the message carries the MS ID ⁇ n X M ⁇ t;
  • steps 318 and 319 do not have a certain order.
  • Step 320 The MR-BS sends a Context_RPt message to the authenticator, where the message carries XM ; the message may also be a CMAC_Key_Count_Update message authentication step, and the corresponding step
  • the response message in 322 is CMAC_Key_Count_Update_ Ack (Message Authentication Code Key Count Update Confirmation) message.
  • the X M should be notified to the authenticator after confirming the security of the access link, and the authenticator updates the MS-related CMAC locally saved by the authenticator— Key—Count value.
  • Step 322 The authenticator sends a Context_Ack (Context Acknowledgement) message to the MR-BS.
  • Step 323 After receiving the Context_Ack message, the MR-BS sends an MS_Context-RSP message to the A-RS to respond to the MS-Context. -REQ message, end;
  • Step 324 The MR-BS sends an RNG-RSP carrying the rejection information to the A-RS.
  • the specific processing method of this step may be: setting the Ranging Status in the RNG-RSP message to Abort, or setting the Location Update Response (bit) Set update response) to failure.
  • Step 325 The A-RS sends an RNG-RSP carrying the rejection information to the MS.
  • the specific processing method of this step may be: setting the Ranging Status in the RNG-RSP message to Abort, or setting the Location Update Response to failure.
  • the RNG-REQ message may carry the CMAC_Key_Count value X M of the MS and the CMAC_Key_Count value X R of the RS. Then, the MR-BS can know X M at this time, and if the result of the determination in step 315 is YES, steps 320 to 322 are performed, and X M is notified to the authenticator. Thus, steps 319 and 323 can be omitted.
  • the MR-BS also needs to maintain an MS-related AK context (second AK context), and the second AK context includes an MS-related CMAC-Key- Count value Y M , at this time: Steps 305 ⁇ 307, 313, 319, 323 can be omitted.
  • the reason for retaining steps 320-322 is that there may be other MR-BSs that can communicate with the authenticator that need to obtain the relevant AK context of the MS from the authenticator. If all MR-BSs that can communicate with the authenticator save the MS-related AK context, steps 320-322 may be omitted.
  • step 313-317 may be omitted.
  • step 318 is directly performed.
  • step 303 may be omitted. 312, 319-323
  • the situation of the following embodiments is similar to that of the embodiment, and those skilled in the art can determine whether to detect only according to whether the steps are related to the security detection of the access link or the security detection of the relay link. The case when the access link is secure or the case where only the relay link is safe is not described in the following embodiments.
  • the access link is first verified to be secure, and the relay link is verified.
  • the security verification of the access link is based on the MS correlation.
  • the AK context, the security verification of the relay link is based on the A-RS related AK context and the CMAC_KEY_COUNT value used by the access link RNG-REQ.
  • MS maintains a relevant MS AK context, which context includes CMAC- KEY- COUNT value X M
  • A-RS MS maintains a correlation AK context, which context includes CMAC- KEY- COUNT value Y M
  • authenticator maintains a MS Related AK context, which context includes CMAC- KEY- COUNT value Z M
  • a-RS still maintains a relevant a-RS AK context
  • MR-BS maintains a relevant a-RS AK context, while maintaining a MS associated CMAC- KEY—COUNT value YMR.
  • the link security authentication method in the wireless relay network provided in this embodiment is as shown in FIG. 5, and includes the following steps:
  • Step 401 The MS generates a first management message, that is, an RNG-REQ message.
  • the first management message carries the first message authentication code and the first message authentication code key count value X M and the first message authentication code group number count value included in the first authentication key context saved by the mobile station itself.
  • Step 402 The MS sends the RNG-REQ message to the A-RS, where the message carries the current X M , the first message authentication code packet number count value, and the first message authentication code.
  • Step 403 the A-RS determines whether the MS-related AK context (ie, the second AK context) is saved locally, and if yes, proceeds to step 410; otherwise, proceeds to step 404;
  • Step 404 The A-RS sends an MS_Context-REQ message to the MR-BS, where the message carries the MS ID.
  • Step 405 The MR-BS sends a Context_Req message to the authenticator, where the message carries the MS ID and the A-RS ID.
  • the authenticators mentioned in this document are all authenticators to which the MS belongs.
  • Step 406 The authenticator calculates an MS-related AK key according to the same setting rule as the MS according to the MS ID and the RS ID, and generates an MS-related AK context (ie, a second AK context).
  • Step 407 the authenticator to the MR-BS Send a Context_Rpt message, the message carries a second AK context, and the second AK context contains a second locally saved by the authenticator CMAC—KEY—COUNT value Z M;
  • Step 408 the MR-BS maintains the MS related CMAC-KEY- COUNT value Y MR is equal to Z M;
  • Step 409 The MR-BS returns an MS_Context-RSP message to the A-RS, where the message carries the second AK context provided by the authenticator;
  • Step 410 A-RS makes Y M equal to Z M ;
  • Step 411 it is determined whether X M is greater than or equal to Y M , and if so, proceed to step 412, otherwise, proceed to step 424;
  • Step 412 A-RS using X M RNG-REQ message includes the message authentication code packet number counter value and MS-related AK context of the AK, AK identification verification RNG-REQ message is a message authentication code, the specific authentication manner Referring to the 802.16e protocol, the difference is that the BS identifier in the 802.16e calculation method needs to be changed to the RS identifier. If the verification is successful, proceed to step 413, otherwise proceed to step 424;
  • the access link between the MS and the A-RS can be determined. Otherwise, the access link is determined to be insecure.
  • Step 413 A-RS makes Y M equal to X M;
  • Step 414 the A-RS generates a second management message, that is, a new RNG-REQ message.
  • the A-RS uses the AK key, AK in the A-RS related AK context (ie, the third AK context) maintained by itself.
  • the authentication code replaces the original message authentication code to obtain a new RNG-REQ message;
  • Step 415 The A-RS sends a new RNG-REQ message to the MR-BS.
  • Step 416 The MR-BS determines whether the X M included in the received RNG-REQ message is greater than or Is equal to the locally saved Y MR , if yes, proceed to step 417, otherwise proceed to step 423;
  • Step 417 the MR-BS according to the X M , the message authentication code packet number count value included in the received RNG-REQ message, and the AK key, AK in the locally saved A-RS related AK context (fourth AK context) Identifying the message authentication code in the RNG-REQ message; the specific procedure is that the MR-BS utilizes the AK key in the A-RS related AK context (fourth AK context), the A-RS media access control layer address, and the MR-BS identifier.
  • And X M calculates the message authentication code key in a specific manner, and then utilizes the message authentication code key and the AK identifier in the A-RS related AK context (fourth AK context), and the message authentication code in the RNG-REQ message.
  • the packet number count value verifies the message authentication code of the RNG-REQ message, and the specific verification method is similar to the 802.16e protocol method. The difference is that the terminal identifier in the 802.16e authentication method needs to be changed to the RS identifier, and the parameters required for the verification are from different contexts. . If the verification is successful, go to step 418, otherwise go to step 423; verify the success to determine the security of the relay link between the A-RS and the MR-BS, otherwise determine that the relay link is not secure.
  • Step 418 MR-BS causes YMR to be equal to X M , and sends a success indication to the A-RS.
  • Step 419 The A-RS returns an RNG-RSP message with a success indication to the MS.
  • Step 420 The MR-BS sends a Context_RPt message to the authenticator, where the message carries XM .
  • steps 419 and 420 do not have a certain sequence.
  • Step 421 After the authenticator receives the Context_RPt message, the update identifier is locally saved.
  • the CMAC-Key-Count value in the context of the MS is specifically the larger of Z M and X M plus
  • Step 422 the authenticator sends a Context_Ack message 4 to the MR-BS, and ends; Step 423, the MR-BS sends the RNG-RSP carrying the rejection information to the A-RS;
  • Step 424 The A-RS sends an RNG-RSP carrying the rejection information to the MS.
  • the security of the relay link is verified first, and then the security of the access link is verified.
  • the security verification of the access link is based on the MS-related AK context, and the security verification of the relay link is based on the A-RS related AK context.
  • MS-related AK MS maintains a context that contains CMAC- KEY- COUNT value X M
  • A-RS MS maintains a correlation AK context, which context includes CMAC- KEY- COUNT value Y M
  • the authenticator maintains an MS-related AK context, which contains CMAC_KEY_COUNT value Z M
  • the A-RS maintains an A-RS related AK context, which includes CMAC_KEY_COUNT value X R
  • MR- a-RS BS maintains a correlation AK context, which context includes CMAC- KEY- COUNT value Y R.
  • this embodiment first verifies the security of the relay link and then verifies the security of the access link.
  • the link security authentication method in the wireless relay network provided in this embodiment is as shown in FIG. 6, and includes the following steps:
  • Step 501 The MS generates a first management message, that is, an RNG-REQ message.
  • Step 502 The MS sends an RNG-REQ message to the A-RS, where the message carries the current X M , the first message authentication code packet number count value, and the first message authentication code.
  • Step 503 The A-RS generates a second management message, that is, a new RNG-REQ message.
  • the A-RS will maintain the A-RS related AK context (ie, the third AK context) CMAC_KEY. — COUNT value ] ⁇ and the message authentication code packet number count value replaces the CMAC_KEY_COUNT value X M and the message authentication code packet number count value in the received RNG-REQ message, and utilizes the A-RS related AK context
  • the message authentication code key and the message authentication code packet number count value are the replaced RNG-REQ message (excluding the original message authentication code part).
  • the message authentication code is recalculated, and the recalculated message authentication code is replaced with the original message authentication code. Obtain a new RNG-REQ message;
  • Step 504 The A-RS sends a new RNG-REQ message to the MR-BS.
  • Step 505 The MR-BS determines whether the X R included in the received RNG-REQ message is greater than or Is equal to the locally saved Y R , if yes, proceed to step 506, otherwise proceed to step 522;
  • Step 506 The MR-BS according to the X R included in the received RNG-REQ message, the message authentication code packet number count value, and the AK key in the locally saved A-RS related AK context (ie, the fourth AK context),
  • the AK identifier verifies the message authentication code in the received RNG-REQ message; the specific process is that the MR-BS utilizes the AK key in the A-RS related AK context, the A-RS media access control layer address, the MR-BS identifier, and the pass
  • the message authentication code key is calculated in a specific manner, and the RNG- is verified by using the message authentication code key and the AK identifier in the A-RS related AK context, and the message authentication code packet number count value in the received RNG-REQ message.
  • the message authentication code of the REQ message is similar to the 802.16e protocol method. The difference is that the terminal identifier in the 802.16e authentication method needs to be changed to the RS identifier. If the verification is successful, proceed to step 507, otherwise proceed to step 522;
  • the success of the verification can determine the security of the relay link between the A-RS and the MR-BS, otherwise it is determined that the trunk link is not secure.
  • Step 507 the MR-BS makes Y R equal to X R , and sends an RNG-RSP message with a success indication to the A-RS.
  • Step 508 The MR-BS sends a Context_Req message to the authenticator, where the message carries the MS ID and the A-RS ID.
  • Step 509 The authenticator calculates an MS-related AK key according to the same setting rule as the MS according to the MS ID and the RS ID, and generates an MS-related AK context (ie, a second AK context).
  • Step 510 the authenticator to the MR-BS Context- Rpt send message, and the message carries a second AK context, the second context includes AK locally stored authentication MS-related CMAC- KEY- COUNT value Z M;
  • Step 511 The MR-BS returns an MS_Context-RSP message to the A-RS, where the message carries the second AK context provided by the authenticator;
  • Step 512 A-RS makes Y M equal to Z M ;
  • Step 513 it is determined whether X M is greater than or equal to Y M , and if so, proceed to step 514, otherwise, proceed to step 523;
  • Step 514 X M RNG-REQ message received from A-RS 502 utilizing the step comprising, MS AK context 511 associated message authentication code received packet count value and the number of steps AK, AK identification verification RNG-REQ message
  • the message authentication code in the medium can be referred to the 802.16e protocol.
  • the difference is that the BS identifier in the 802.16e calculation method needs to be changed to the RS identifier. If the verification is successful, proceed to step 515, otherwise proceed to step 523;
  • the access link between the MS and the A-RS can be determined. Otherwise, the access link is determined to be insecure.
  • Step 515 A-RS makes Y M equal to X M;
  • Step 516 The A-RS returns an RNG-RSP message with a success indication to the MS.
  • Step 517 the A-RS sends an MS_Context-REQ message to the MR-BS, where the message carries the MS ID ⁇ n X M ⁇ t;
  • steps 516 and 517 do not have a certain order.
  • Step 518 The MR-BS sends a Context_RPt message to the authenticator, where the message carries XM .
  • the updater locally saves the identifier.
  • Step 520 The authenticator sends a Context_Ack message to the MR-BS.
  • Step 521 After receiving the Context_Ack message, the MR-BS sends the message to the A-RS.
  • the MS_Context-RSP message responds to the above MS_Context-REQ message, and ends;
  • Step 522 The MR-BS sends an RNG-RSP carrying the rejection information to the A-RS.
  • Step 523 The A-RS sends the RNG-RSP carrying the rejection information to the MS.
  • the MR-BS can determine whether the A-RS holds the MS-related AK context, and if so, steps 508-511 can be omitted.
  • the security verification of the access link and the security verification of the relay link are performed on the MR-BS.
  • the security verification of the access link is based on the MS-related AK context
  • the security verification of the relay link is based on the A-RS related AK context.
  • MS-related AK MS maintains a context that contains CMAC- KEY- COUNT value X M
  • MS-related authenticator maintains a AK context, which context includes CMAC- KEY- COUNT value Z M
  • a-RS a-RS maintains a correlation AK context, which context includes CMAC- KEY- COUNT value X R
  • MR-BS maintains a relevant a-RS AK context, which context includes CMAC- KEY- COUNT values Y R
  • the MR-BS may also maintain an MS related AK context. Compared with the first one, the access link security and the relay link security in this embodiment are all performed in the MR-BS.
  • the link security authentication method in the wireless relay network provided in this embodiment is as shown in FIG. 7, and includes the following steps:
  • Step 601 The MS generates a first management message, that is, an RNG-REQ message.
  • Step 602 The MS sends an RNG-REQ message to the A-RS, where the message carries the current X M , the first message authentication code packet number count value, and the first message authentication code.
  • Step 603 the A-RS generates a second management message, that is, a new RNG-REQ message.
  • the A-RS will maintain the third message in the A-RS related AK context (ie, the third AK context) maintained by itself.
  • the authentication code key count value and the third message authentication code packet number count value are added to the end of the RNG-REQ message, and the A-RS related third message authentication is calculated by using the A-RS related AK context for adding the new field after the RNG-REQ message.
  • the code adds a new message authentication code to the RNG-REQ message after adding the new field, and generates a new RNG-REQ message.
  • the specific calculation method of the A-RS related message authentication code can refer to the 802.16e protocol, and the difference is 802.16e.
  • the terminal identifier in the calculation method needs to be changed to the RS identifier;
  • the new RNG-REQ message includes a first message authentication code, a first message authentication code key count value, a first message authentication code packet number count value, and a third message authentication code key count value X R , The third message authentication code packet number count value and the third message authentication code.
  • the A-RS sends a new RNG-REQ message to the MR-BS.
  • Step 606 The authenticator calculates an MS-related AK key according to the same setting rule as the MS according to the MS ID and the RS ID, and generates an MS-related AK context (ie, a second AK context).
  • Step 607 the authenticator to the MR-BS Sending a Context_RPpt message, where the message carries a second AK context, where the second AK context includes an MS-related CMAC-KEY_COUNT value ZM locally saved by the authenticator ;
  • Step 608 MR-BS judges whether] ⁇ RNG-REQ message includes greater than or equal locally stored and ⁇ 0- ⁇ X M 0 contained in the message is greater than or equal to Z M, if yes, proceeds to step 609, otherwise proceeds Step 615;
  • Step 609 The MR-BS according to the X R and A-RS related message authentication code group number count value included in the received RNG-REQ message and the locally saved A-RS related AK context (ie, the fourth AK context)
  • the AK key and the AK identifier verify the A-RS related message authentication code in the received RNG-REQ message; the specific process is that the MR-BS utilizes the AK key in the A-RS related AK context, and the A-RS media access control
  • the layer address, the MR-BS identifier, and the X R calculate the message authentication code key in a specific manner, and then use the message authentication code key and the AK identifier in the A-RS related AK context, and the received RNG-REQ message.
  • the message authentication code packet number count value verifies the A-RS related message authentication code of the RNG-REQ message, and the specific verification method is similar to the 802.16e protocol method. The difference is that the terminal identifier in the 802.16e authentication method needs to be changed to the RS identifier. If the verification is successful, proceed to step 610, otherwise proceed to step 615;
  • the success of the verification can determine the security of the relay link between the A-RS and the MR-BS, otherwise it is determined that the trunk link is not secure.
  • Step 610 Verify the MS-related message authentication code in the RNG-REQ message by using the X M and MS-related message authentication code packet number count value included in the RNG-REQ message and the AK and AK identifiers in the MS-related AK context, and the specific verification mode.
  • the access link between the MS and the A-RS can be determined. Otherwise, the access link is determined to be insecure.
  • Step 611 the MR-BS makes Y R equal to X R , and sends an RNG-RSP message with a success indication to the A-RS, and the A-RS sends an RNG-RSP message with a success indication to the MS.
  • Step 612 The MR-BS sends a Context_RPt message to the authenticator, where the message carries XM .
  • Step 614 The authenticator sends a Context_Ack message to the MR-BS, and ends.
  • Step 615 The MR-BS sends an RNG-RSP carrying the rejection information to the A-RS.
  • Step 616 The A-RS sends the RNG-RSP carrying the rejection information to the MS.
  • step 604 it may be determined whether the A-RS saves the MS-related AK context, and if so, the related operations in the first embodiment may be performed to verify the security of the access link and the relay link. Otherwise, step 604 can be performed to perform corresponding processing by using the technical solution of the embodiment.
  • the new RNG-REQ may not be generated, that is, the third message authentication code key count value in the second management message is the first message.
  • the authentication code key count value, the third message authentication code group number count value is a first message authentication code packet number count value, the first message authentication code key count value, the first message authentication code group number count value is included in the mobile station
  • the second management message is the first management message forwarded by the A-RS. Subsequent steps involving verifying the security of the relay link can be omitted.
  • the device security authentication device in this embodiment includes: a first receiving module, configured to receive a first management message sent by the mobile station, where the first management message carries the first message authentication code and the first authentication key in the first authentication key context saved by the mobile station itself, and the first The authentication key identifier and the first message authentication code key count value and the first message authentication code group number count value are calculated and generated, and the first authentication key is calculated according to the mobile station identifier and the access relay station identifier according to the setting rule;
  • a first processing module configured to verify, according to the second authentication key, the second authentication key identifier, and the first message authentication code key count value and the first message authentication code group number count value included in the second authentication key context
  • the first message authentication code determines whether the access link between the mobile station and the access relay station is secure according to the verification result, and the second authentication key and the first authentication key are peer keys.
  • the relay station can also include:
  • a first key obtaining module configured to: after the first receiving module receives the first management message, determine whether the first storage module saves the second authentication key context, and if not saved, send the identifier to the authenticator to which the mobile station belongs
  • a context request including a mobile station identity and an access relay station identity is provided to the first processing module with a second authentication key context obtained from the authenticator.
  • steps 301 to 312 of the first embodiment steps 401-413 of the second embodiment, and related parts described in steps 501 and 513 to 516 of the third embodiment.
  • the above device may be an access relay station or a multi-hop relay base station.
  • the multi-hop relay base station in this embodiment includes: a second receiving module, configured to receive a second management message sent by the access relay station, where the second management message carries The third message authentication code and the third message authentication code key count value, the third message authentication code group number count value, and the third message authentication code according to the third message authentication code key count value and the third message authentication code group number count value And generating, by the third authentication key and the third authentication key identifier in the third authentication key context, the third authentication key is obtained according to the setting rule according to the access relay identifier and the multi-hop relay base station identifier;
  • a second processing module configured to: according to the fourth authentication key, the fourth authentication key identifier, and the third message authentication code key count value, the third message authentication code group included in the fourth authentication key context The number of the counters verifies the third message authentication code, and according to the verification result, it is determined whether the relay link between the access relay station and the multi-hop relay base station is secure, and the fourth authentication key and the third authentication key are peer keys.
  • the wireless relay network system in this embodiment includes: an access relay station, configured to receive a first management message sent by the mobile station, according to a second The second authentication key, the second authentication key identifier, and the first message authentication code key count value, and the first message authentication code packet number count value verify the first message authentication code, and determine, between the mobile station and the access relay station, according to the verification result.
  • the first management message carries the first message authentication code and the first authentication key context saved by the mobile station itself a first message authentication code key count value, a first message authentication code packet number count value, and the first message authentication code is based on the first authentication key, the first authentication key identifier, and the first message in the first authentication key context
  • the authentication code key count value and the first message authentication code group number count value are calculated and generated, and the first authentication key is determined according to the mobile station identifier and the access Station identification by setting rule obtained by calculation, the second authentication key and the authentication key for the first key and the like;
  • a multi-hop relay base station configured to receive a second management message sent by the access relay station, and according to the fourth authentication key, the fourth authentication key identifier, and the third message authentication code key included in the fourth authentication key context And the third message authentication code is verified by the count value and the third message authentication code packet number, and the relay link between the access relay station and the multi-hop relay base station is determined according to the verification result, wherein the second management message carries the first The third message authentication code and the third message authentication code key count value, the third message authentication code group number count value, and the third message authentication code according to the third message authentication code key count value and the third message authentication code group number count value And calculating, by the third authentication key and the third authentication key identifier in the third authentication key context, the third authentication key is obtained according to the setting rule according to the access relay identifier and the multi-hop relay base station identifier, and the fourth The authentication key and the third authentication key are peer keys.
  • the embodiment of the present invention provides a specific technical solution for detecting the security of the access link

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention porte sur un procédé, un dispositif et un système d'authentification de sécurité de liaison dans des réseaux à relais sans fil, le procédé comprenant les opérations suivantes : une station de base relais à sauts multiples ou une station relais d'accès reçoit un premier message de gestion envoyé par une station mobile, le premier message de gestion transportant un premier code d'authentification de message, et le premier message de gestion transportant également une valeur de compte de la clé de premier code d'authentification de message et une valeur de compte du nombre de paquets de premier code d'authentification de message qui sont contenues dans un contexte de première clé d'authentification stocké par la station mobile elle-même ; le premier code d'authentification de message est vérifié sur la base d'une seconde clé d'authentification et d'une identification de seconde clé d'authentification qui sont contenues dans un contexte de seconde clé d'authentification, de la valeur de compte de la clé de premier code d'authentification de message, et de la valeur de compte du nombre de paquets de premier code d'authentification de message, et il est déterminé si la liaison d'accès entre la station mobile et la station relais d'accès est sécurisée ou non sur la base du résultat de vérification. Avec la technique de la présente invention, des attaques par réinsertion dans des réseaux à relais sans fil peuvent être efficacement empêchées.
PCT/CN2009/076217 2009-02-20 2009-12-29 Procédé d'authentification de sécurité de liaison dans des réseaux à relais sans fil, dispositif et système correspondants WO2010094206A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910004704.5 2009-02-20
CN2009100047045A CN101815293B (zh) 2009-02-20 2009-02-20 无线中继网络中的链路安全认证方法、装置和系统

Publications (1)

Publication Number Publication Date
WO2010094206A1 true WO2010094206A1 (fr) 2010-08-26

Family

ID=42622380

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/076217 WO2010094206A1 (fr) 2009-02-20 2009-12-29 Procédé d'authentification de sécurité de liaison dans des réseaux à relais sans fil, dispositif et système correspondants

Country Status (2)

Country Link
CN (1) CN101815293B (fr)
WO (1) WO2010094206A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8769283B2 (en) 2010-01-29 2014-07-01 Huawei Technologies Co., Ltd. MTC device authentication method, MTC gateway, and related device

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102056159B (zh) 2009-11-03 2014-04-02 华为技术有限公司 一种中继系统的安全密钥获取方法、装置
CN102724197B (zh) * 2012-06-25 2015-08-12 上海交通大学 无线中继网络中的链路双向安全认证方法
JP6199335B2 (ja) * 2014-06-05 2017-09-20 Kddi株式会社 通信ネットワークシステム及びメッセージ検査方法
JP7372527B2 (ja) * 2019-09-26 2023-11-01 富士通株式会社 通信中継プログラム、中継装置、及び通信中継方法
CN116828468A (zh) * 2020-01-08 2023-09-29 华为技术有限公司 一种校验中继用户设备的方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060405A (zh) * 2006-04-19 2007-10-24 华为技术有限公司 防止重放攻击的方法及系统
WO2008030667A2 (fr) * 2006-09-07 2008-03-13 Motorola, Inc. Authentification de sécurité et gestion de clés au sein d'un réseau multi-saut sans fil basé sur une infrastructure
CN101232378A (zh) * 2007-12-29 2008-07-30 西安西电捷通无线网络通信有限公司 一种无线多跳网络的认证接入方法
KR20080090733A (ko) * 2007-04-05 2008-10-09 삼성전자주식회사 다중 홉 기반의 광대역 무선통신 시스템에서 보안연결 방법및 시스템

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101060405A (zh) * 2006-04-19 2007-10-24 华为技术有限公司 防止重放攻击的方法及系统
WO2008030667A2 (fr) * 2006-09-07 2008-03-13 Motorola, Inc. Authentification de sécurité et gestion de clés au sein d'un réseau multi-saut sans fil basé sur une infrastructure
KR20080090733A (ko) * 2007-04-05 2008-10-09 삼성전자주식회사 다중 홉 기반의 광대역 무선통신 시스템에서 보안연결 방법및 시스템
CN101232378A (zh) * 2007-12-29 2008-07-30 西安西电捷通无线网络通信有限公司 一种无线多跳网络的认证接入方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8769283B2 (en) 2010-01-29 2014-07-01 Huawei Technologies Co., Ltd. MTC device authentication method, MTC gateway, and related device

Also Published As

Publication number Publication date
CN101815293B (zh) 2012-08-15
CN101815293A (zh) 2010-08-25

Similar Documents

Publication Publication Date Title
EP3576446B1 (fr) Procédé de dérivation de clé
US10542425B2 (en) Method and apparatus for reducing overhead for integrity check of data in wireless communication system
US10091175B2 (en) Authenticating a device in a network
KR100764153B1 (ko) 휴대 인터넷 시스템에서의 단말 복제 검출 방법 및 장치
KR100991522B1 (ko) 휴대인터넷 시스템의 핸드오버용 보안 콘텍스트 전달 방법
EP2432265B1 (fr) Procédé et appareille pour envoyer un cléf dans un réseau local sans fil
EP2418883B1 (fr) Méthode de pré-authentification d'un terminal de réseau local sans fil et système de réseau local sans fil
US8707045B2 (en) Method and apparatus for traffic count key management and key count management
US8959333B2 (en) Method and system for providing a mesh key
EP1890518B1 (fr) Système de communication, dispositif de communication sans fil et leurs procédés de commande
WO2009132599A1 (fr) Procédé d'obtention de clé de cryptage de trafic
JP2008533609A (ja) 無線携帯インターネットシステムにおける端末保安関連パラメター交渉方法
WO2010094206A1 (fr) Procédé d'authentification de sécurité de liaison dans des réseaux à relais sans fil, dispositif et système correspondants
WO2007032499A1 (fr) Systeme de communication sans fil et procede de communication sans fil
AU2010284792B2 (en) Method and apparatus for reducing overhead for integrity check of data in wireless communication system
KR101718096B1 (ko) 무선통신 시스템에서 인증방법 및 시스템
KR101042839B1 (ko) 무선 이동 통신 시스템에서 인증 시스템 및 방법
CN111615837A (zh) 数据传输方法、相关设备以及系统
WO2011003352A1 (fr) Procédé et dispositif pour protéger une confidentialité de terminal
Kim et al. Improving Cross-domain Authentication overWireless Local Area Networks
JP2012510232A (ja) 通信システムにおける競り下げ攻撃の防止
CN1997212A (zh) 无线通信网络中实现位置更新的方法
WO2015064475A1 (fr) Procédé de régulation de communications, serveur d'authentification et équipement d'utilisateur
Zhang et al. Research on Key Management Scheme of X2 Handover Protocol in LTE-R
KR200427594Y1 (ko) 휴대 인터넷 시스템에서의 단말 복제 검출 장치

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09840257

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09840257

Country of ref document: EP

Kind code of ref document: A1