WO2011006390A1 - Method and device for generating security keys - Google Patents

Method and device for generating security keys Download PDF

Info

Publication number
WO2011006390A1
WO2011006390A1 PCT/CN2010/072691 CN2010072691W WO2011006390A1 WO 2011006390 A1 WO2011006390 A1 WO 2011006390A1 CN 2010072691 W CN2010072691 W CN 2010072691W WO 2011006390 A1 WO2011006390 A1 WO 2011006390A1
Authority
WO
WIPO (PCT)
Prior art keywords
kdf
key
algorithm
string
generating
Prior art date
Application number
PCT/CN2010/072691
Other languages
French (fr)
Chinese (zh)
Inventor
李静岚
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN200910151993.1A external-priority patent/CN101938743B/en
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011006390A1 publication Critical patent/WO2011006390A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • the present invention relates to the field of mobile communication security, and in particular, to a method and apparatus for generating a security key. Background technique
  • the RRC (Radio Resource Control) function of the network is placed on the evolved Node B (eNB, Evolved NodeB), so the corresponding security protection mechanism of the RRC is also followed. Placed in the eNB. Due to the large number of eNB deployments and the wide distribution area, each network entity between the access layers is highly geographically and logically decentralized. The operators cannot implement centralized security control at all. Each eNB is at A non-secure area, so each eNB needs to generate a key for the access layer (AS, Access Stratum) security mechanism between each user equipment (UE, User Equipment).
  • AS Access Stratum
  • the eNB needs to be based on the initial context.
  • the AS root key K eNB carried in the request message is established, and three keys for AS integrity protection and encryption are generated by using a Key Derivation Function (KDF): Signaling integrity protection key ⁇ ⁇ signaling encryption key ⁇ ] ⁇ ⁇ .
  • KDF Key Derivation Function
  • the user data encryption key K UpEne the length of each of the three keys is a fixed length of 128 bits.
  • next hop (NH, Next Hop) value or the current K eNB AS generates a new root key K * eNB RRC network switching occurs immediately or reconstruction, according to the need to provide the core network MME; when no fresh
  • the NH value needs to be based on the target physical cell ID (PCI, Target Physical Cell). ID), the physical target cell ⁇ "the carrier frequency (EARFCN-DL, Target Physical Cell Downlink Frequency) generate K * eNB.
  • K * eNB AS then generates integrity protection and ciphering for use according to the KDF K * eNB Three keys.
  • KDF uses the HMAC-SHA-256 (Keyed-Hash Message Authentication Code - Secure Hash Algorithm-256) algorithm, which has two input parameters, one is the string (S), and the other is the AS root key (Key). These two parameters are variable length.
  • the Key is fixed 256 bits; the output of the KDF is fixed to 256 bits.
  • Step 101 Constructed separately for generating Kfocmt K UpEnc 's KDF string input parameters SI, S2, S3;
  • FC is the KDF instance identifier, which is used to identify different KDF instances.
  • KDF is used to generate three security keys for AS, the value is 0x15
  • POi is the algorithm type identifier ( algorithm type distinguisher ), the specific values are shown in Table 1
  • LOi is the byte length; the above i represents the Rrclnt, RrcEnc, and UpEnc in the formula;
  • the parameters of Rrclnt, RrcEnc, and UpEnc as subscripts are respectively used to generate K UPENC parameters;
  • POfocmt corresponds to RRC-int-alg; ⁇ 0] ⁇ ⁇ in Table 1.
  • P0 UpEnc corresponds to UP-enc-alg; ?1 in Table 1, which is the algorithmic identity of the encryption or integrity protection algorithm used.
  • Table 2 is the algorithmic identity of the encryption or integrity protection algorithm used.
  • the selected encryption algorithm is an empty algorithm, that is, the Null ciphering algorithm in Table 2, the value of Pli is 0x00.
  • the algorithm for ⁇ ] ⁇ ⁇ cannot be an empty algorithm; ⁇ is the length of the byte;
  • Step 102 When the RRC initial security activation of the network, the input parameter of the KDF is S1 and
  • the input parameters of the KDF are S1 and K* eNB ; the KDF is called to obtain a 256-bit KDF output string;
  • Step 103 Intercept the lower 128 bits of the KDF output string as
  • Step 104 When the RRC initial security activation of the network, the input parameters of the KDF are S2 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters of the KDF are S2 and K* eNB ; and the KDF is invoked to obtain the 256-bit KDF. Output string;
  • Step 105 Intercept the lower 128 bits of the KDF output string as 3 ⁇ 4 ⁇ ;
  • Step 106 When the RRC initial security activation of the network, the input parameters of the KDF are S3 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters of the KDF are S3 and K* eNB ; and the KDF is invoked to obtain the 256-bit KDF. Output string;
  • Step 107 Intercept the lower 128 bits of the KDF output string as K UpEnc .
  • the main object of the present invention is to provide a method and apparatus for generating a security key, improve the utilization of key generation resources, and reduce the delay of the entire key generation system.
  • the present invention implements a security key generation method.
  • the method includes:
  • the signaling encryption key and the user data encryption key are directly set to 0; a string input parameter of KDF for generating a signaling integrity protection key is constructed, KDF is called, and signaling integrity is generated by the obtained KDF output string. Protection key
  • the string input parameter of the KDF configured to generate the signaling integrity protection key is specifically: selecting a parameter for generating a signaling integrity protection key: a KDF instance identifier, an algorithm type identifier, and an algorithm type identifier Byte length, integrity protection algorithm identifier, byte length of the integrity protection algorithm identifier, the parameters are concatenated, and the KDF string input parameter is constructed. Number.
  • the string input parameter for generating the KDF of the two keys specifically includes: splicing the parameters respectively used to generate the two keys into a string as a string input parameter of the KDF.
  • the parameters used to generate the two keys are respectively spliced into a string, which is specifically: selecting two secrets used to generate a signaling integrity protection key, a signaling encryption key, and a user data encryption key.
  • the parameters of the key including: the KDF instance identifier, the algorithm type identifier, the byte length of the algorithm type identifier, the encryption or integrity protection algorithm identifier, the encryption or the byte length of the integrity protection algorithm identifier, and the parameters are serially spliced Make up a string.
  • the method for generating a security key if the selected encryption algorithm is not a null algorithm, the generating the two keys is specifically: intercepting 128 bits of the KDF output string as the two secrets a key in the key, and then intercepting 128 bits of the KDF output string as the other of the two keys;
  • the generating the key is specifically: intercepting 128 bits of the KDF output string as the remaining one key.
  • KDF obtains the KDF output string by using an AS root key and the KDF string input parameter as input parameters.
  • the present invention implements a security key generating apparatus, and the apparatus includes:
  • a first string parameter construction module configured to generate two of a signaling integrity protection key, a signaling encryption key, and a user data encryption key when the selected encryption algorithm is not a null algorithm
  • the first string input parameter of KDF
  • a second string parameter construction module configured to: when the selected encryption algorithm is not a null algorithm Generating a second string input parameter of KDF for generating a signaling integrity protection key, a signaling encryption key, and a remaining one of the user data encryption keys, transmitted to the KDF processing module; When the algorithm is an empty algorithm, constructing a second string input parameter of the KDF for generating a signaling integrity protection key, and transmitting the parameter to the KDF processing module;
  • a KDF processing module configured to obtain a KDF output string, and send the KDF output string obtained by the first string input parameter of the KDF to the first key generation module and the second key generation module respectively;
  • the KDF output string obtained by the second string input parameter of the KDF is sent to the third key generation module;
  • a first key generation module configured to generate one of the two keys by using the received KDF output string when the selected encryption algorithm is not a null algorithm; the selected encryption algorithm is empty In the algorithm, 0 is used as a signaling encryption key or a user data encryption key;
  • a second key generating module configured to generate another one of the two keys by using the received KDF output string when the selected encryption algorithm is not a null algorithm; When the algorithm is empty, the module uses 0 as the user data encryption key or the signaling encryption key.
  • the third key generation module is configured to output the character through the received KDF when the selected encryption algorithm is not empty. The string generates the remaining one key; when the selected encryption algorithm is a null algorithm, the signaling integrity protection key is generated by the received KDF output string.
  • the device also includes:
  • the AS root key module is used to provide an AS root key to the KDF processing module.
  • the invention provides a security key generation method and device, when generating three keys of an AS: If the encryption algorithm is an empty algorithm, ⁇ ] ⁇ ⁇ and K UpEnc are directly set to 0, and only need to call KDF once. Generate Kfodnt; If the encryption algorithm is not empty, the parameters used to generate any two keys are spliced, and then the KDF process is called to obtain the two keys, thus, the three keys The generation only needs to call KDF twice, thus omitting a complicated key generation process, and omitting the key generation process twice when the encryption algorithm is empty. However, the amount of calculation of key generation and the delay of the key generation system can be reduced, especially when multiple UEs are simultaneously accessed. DRAWINGS
  • 1 is a schematic diagram of a process of generating three keys for an AS in the prior art
  • FIG. 2 is a schematic flowchart of a method for generating a security key in the present invention
  • FIG. 3 is a schematic flowchart of a method for generating a security key when an encryption algorithm selected in the present invention is an empty algorithm
  • FIG. 4 is a schematic flow chart of a method for generating a security key in a process of calling KDF in a process according to the present invention
  • Figure 5 will be in the present invention Schematic diagram of the method of the security key generated during a call to the KDF process
  • Figure 6 is a view of the present invention Schematic diagram of the method of the security key generated by K UpEnc in a KDF process
  • FIG. 7 is a schematic structural diagram of an apparatus for implementing generation of a security key in the present invention.
  • the basic idea of the present invention is: When generating a security key for an AS, if the selected encryption algorithm is an empty algorithm, which is equal to not performing the encryption process, then the generation may not be performed. ⁇ ⁇ , then directly Otherwise, construct a string input parameter for generating KDF for any two of these keys, call KDF, and generate the two keys from the resulting KDF output string; finally, construct the one used to generate the remaining one.
  • the KDF output string, called KDF is generated from the resulting KDF output string.
  • Embodiment 1 The process of generating a security key is as shown in FIG. 2, before the security key is generated, the communication parties of the network negotiate the interception mode of the KDF output string for generating the three keys, and Preferably, the interception methods are not the same, that is, the generated three keys are different, which can enhance security.
  • the method includes the following steps:
  • Step 201 If the selected encryption algorithm is a null algorithm, and the encryption process is not performed, then the 3 ⁇ 4 ⁇ and K UpEnc keys may be directly set to 0, and the process proceeds to step 205. If the selected encryption algorithm is not empty, then go to step 202;
  • Step 202 When the selected encryption algorithm is not a null algorithm, select The two of K RxcEnc and K UpEnc are the first key K AS1 and the second key K AS2 , respectively, and the respective parameters for generating K AS1 and K AS2 are selected and spliced into one for generating 1 ⁇ 81 and K AS2.
  • S1 FC II P0 Keyl II L0 Keyl II Pl Keyl II Ll Keyl II P0 Key2 II L0 Key2 ll Pl Key2 II Ll Key2;
  • is the series, PO ⁇ selected according to Table 1, Pl ⁇ selected according to Table 3, 1 ⁇ 0 1 is? 0 1 byte length, !
  • is the length of the byte, according to Table 1 and Table 3, !
  • the value of ⁇ , is 0x0001, that is, one byte length, where i represents Keyl, Key2, Keyl, and Key2 are respectively two of Rrclnt, RrcEnc, and UpEnc corresponding to K AS1 and K AS2 ;
  • Step 203 Invoke KDF.
  • the input parameters are S1 and K eNB ;
  • the input parameters are S1 and K* eNB ; and the 256-bit KDF output character is obtained. string;
  • Step 204 According to the interception manner negotiated by the communication parties of the network, respectively intercept different 128 bits of the KDF output string as K AS1 and K AS2 ;
  • Step 205 When the selected encryption algorithm is a null algorithm, Kfocmt is used as the third key K AS3 ; when the selected encryption algorithm is not empty, the remaining one of ⁇ ] ⁇ , 3 ⁇ 4 ⁇ , and K UpEnc is selected . is K AS3; configured for generating a character string of the input parameters of the KDF K AS3 (S2);
  • Llfocmt has a value of 0x0001, which is one byte in length
  • P0 Key3 is selected according to Table 1
  • Pl Key3 is selected according to Table 3
  • L0 Key3 is the byte length of P0 Key3
  • Ll Key3 is the byte length of Pl Key3 , according to Table 1 and Table 3
  • L0 Key3 , Ll Key3 The value is 0x0001, which is a byte length
  • Key 3 is one of Rrclnt, RrcEnc and UpEnc corresponding to K AS3 ;
  • Step 206 Invoke KDF, when the initial RRC security activation of the network, the input parameter is
  • the input parameters are S2 and K* eNB ; obtaining a 256-bit KDF output string;
  • Step 207 According to the interception manner negotiated by both parties of the network, intercept 128 bits of the KDF output string as K AS3 , and the current security key generation process ends.
  • Embodiment 2 When the selected encryption algorithm is a null algorithm, the interception of the KDF output string is performed by intercepting the high or low 128 bits of the KDF output string.
  • the embodiment of the method for generating a security key in the present invention such as As shown in Figure 3, the following steps are included:
  • Step 302 Construct for generation KDF string input parameter (S);
  • Step 303 Invoke KDF.
  • the input parameters are S and K eNB ;
  • the input parameters are S and K* eNB ; and the 256-bit KDF output character is obtained. string;
  • Step 304 Intercept the high or low 128 bits of the KDF output string as ⁇ ] ⁇ ⁇ .
  • Embodiment 3 When the selected encryption algorithm is not a null algorithm, 3 ⁇ 4 ⁇ and K UpEnc are generated in a process of calling KDF, and the interception of the KDF output string is performed by intercepting a high 128 bits of the KDF output string.
  • An embodiment of the method for generating a security key includes the following steps: Step 401: Select for generation K UpEnc parameters, and spliced into KDF string input parameters (S1);
  • KfocEnc PORrcEnc.LO RrcEnc ⁇ PlRrcEnc ⁇ L1 ⁇ ⁇
  • K UpEnc P0 UpEnc , L0 UpEnc , Pl UpEnc , Ll UpEnc ;
  • PO according to Table 1 Select, Pl ⁇ selected according to Table 3, ! ⁇ is the length of the byte, ! ⁇ ?
  • the byte length of ⁇ is 0x0001, which is a byte length, where i represents RrcEnc, UpEnc, that is, according to Table 1, ⁇ 0] ⁇ ⁇ is 0x03, P0 UpEnc is 0x05 ;
  • String input parameters spliced into KDF for generating 3 ⁇ 4 ⁇ and K UpEnc are:
  • Step 402 Invoke KDF, when the initial RRC security activation of the network, the input parameter is
  • the input parameters are S1 and K* eNB ; obtaining a 256-bit KDF output string;
  • Step 403 Intercept the high 128 bits of the KDF output string as the lower 128 bits of the KDF output as K UpEnc ; or, intercept the upper 128 bits of the KDF output string as K UpEnc , and intercept the lower 128 bits of the KDF output as ⁇ ] ⁇ ⁇ ;
  • Step 404 Construct for generation KDF string input parameter (S2):
  • P0 RrcInt is selected according to Table 1
  • PO focmt is 0x04
  • Pl R ⁇ nt is selected according to Table 3
  • the length of the byte of P0 RrcInt is the byte length of Pl RrcInt .
  • the value of LOfocmt Llfocmt is 0x0001, which is a byte length, for example:
  • Step 405 Invoke KDF.
  • the input parameters are S2 and K eNB ;
  • the input parameters are S2 and K* eNB ; and the 256-bit KDF output character is obtained. string;
  • Step 406 Intercept the high or low 128 bits of the KDF output string as 3 ⁇ 4 ⁇ 113 ⁇ 4 .
  • Embodiment 4 When the selected encryption algorithm is not a null algorithm, 3 ⁇ 4 ⁇ and 3 ⁇ 4 ⁇ are generated in a process of calling KDF, and the interception of the KDF output string is performed by intercepting the KDF output string by 128.
  • An embodiment of the method for generating a security key, as shown in FIG. 5, includes the following steps:
  • Step 501 Select various parameters for generating 3 ⁇ 4 ⁇ 113 ⁇ 4 and ⁇ ] ⁇ ⁇ , and splicing into a string input parameter (S1) of KDF;
  • the string input parameters for KDF are:
  • POfocEnc is 0x03; for example:
  • Step 502 Invoke KDF, when the RRC initial security activation of the network, its input parameters are S1 and K eNB ; when the network is RRC handover or re-establishment, its input parameters are S1 and K* eNB ; get 256 bits KDF output string;
  • Step 503 Intercept the high 128 bits of the KDF output string as Intercept the lower 128 bits of the KDF output string as Or intercept the high 128 bits of the KDF output string as Intercept the lower 128 bits of the KDF output string as
  • Step 504 Construct a string input parameter (S2) for generating KDF of K UpEnc ; select parameters for generating K UpEnc : P0 UpEnc , L0 UpEnc , Ll UpEnc , FC,
  • the string input parameters of the KDF constructed to generate K UpEnc are:
  • P0 UpEnc is selected according to Table 1
  • Pl UpEnc is selected according to Table 3
  • L0 UpEnc is the byte length of P0 UpEnc
  • Ll UpEnc is the byte length of Pl UpEnc , according to Table 1 and Table 3
  • FC 0xl5
  • Step 505 Invoke KDF, when the initial RRC security activation of the network, the input parameter is
  • the input parameters are S2 and K* eNB ; obtaining a 256-bit KDF output string;
  • Step 506 Intercept the high or low 128 bits of the KDF output string as K UpEnc .
  • Embodiment 5 When the selected encryption algorithm is not a null algorithm, the interception of the KDF output string is performed by intercepting the high or low 128 bits of the KDF output string.
  • the present invention implements a method for generating a security key, as shown in FIG. , including the following steps:
  • Step 601 Select for generation ⁇ ⁇ .
  • Step 605 Invoke KDF.
  • the input parameters are S2 and K ENB ;
  • the network is RRC switched or re-established, its input parameters are S2 and K* ENB ; and 256-bit KDF output characters are obtained. string;
  • Step 606 Intercept the high or low 128 bits of the KDF output string as 3 ⁇ 4 ⁇ .
  • the communication parties of the network negotiate the interception mode of the KDF output string for generating the three keys, and each interception method is best. Don't be the same, that is, the generated three keys are different.
  • the device includes:
  • the first string parameter construction module 71 is configured to generate two parameters, namely, a signaling integrity protection key, a signaling encryption key, and a user data encryption key when the selected encryption algorithm is not a null algorithm.
  • the first string input parameter of the KDF the first string input parameter is transferred to the KDF processing module 74; constructing a string input parameter of the KDF for generating the two keys, specifically:
  • the parameters of the keys are combined into a string, which is used as a string input parameter of KDF.
  • the selected parameters are: KDF instance identifier, algorithm type identifier, algorithm type identifier byte length, encryption or integrity related to each key. The length of the byte identified by the protection algorithm identification, encryption, or integrity protection algorithm. When the selected encryption algorithm is an empty algorithm, the module does not participate in the work.
  • a second string parameter construction module 72 configured to: when the selected encryption algorithm is not a null algorithm, Constructing a second string input parameter for generating a signaling integrity protection key, a signaling encryption key, and a KDF remaining in the user data encryption key, and transmitting the same to the KDF processing module 74; When the algorithm is a null algorithm, the second string input parameter of the KDF for generating the signaling integrity protection key is transmitted to the KDF processing module 74;
  • the KDF processing module 74 is configured to: when the selected encryption algorithm is not a null algorithm, obtain a KDF output string, and send the KDF output string obtained by the first string input parameter sent by the first string parameter construction module 71 respectively. Go to the first key generation module 75 and the second key generation module 76; send the KDF output string obtained by the second character string input parameter transmitted by the second string parameter construction module 72 to the third key generation module 77.
  • the selected encryption algorithm is a null algorithm
  • only the KDF output string obtained by the second string parameter input module 72 is sent to the third key generation module 77;
  • the first key generation module 75 is configured to generate one of the two keys by using the received KDF output string according to the interception manner negotiated by the communication parties of the network when the selected encryption algorithm is not a null algorithm. Key; when the selected encryption algorithm is a null algorithm, 0 is used as a signaling encryption key or a user data encryption key;
  • the second key generating module 76 is configured to: when the selected encryption algorithm is not a null algorithm, generate another one of the two keys by using the received KDF output string according to a truncation manner negotiated by the communication parties of the network. a key; when the selected encryption algorithm is an empty algorithm, the module uses 0 as a user data encryption key or a signaling encryption key;
  • the third key generating module 77 is configured to: when the selected encryption algorithm is not a null algorithm, generate the remaining one key by using the received KDF output string according to the interception manner negotiated by the communication parties of the network; When the encryption algorithm is an empty algorithm, the signaling integrity protection key is generated by the received KDF output string;
  • the first character string parameter construction module 71 may be configured to correspond to the first key generation module 75 and the second key generation module 76, which is to be first
  • the KDF output string obtained by the first string input parameter transmitted by the string parameter constructing module 71 is sent to the first key generating module 75 and the second key generating module 76 respectively; correspondingly, the second string parameter constructing module is set.
  • 72 corresponds to the third key generation module 77, that is, the KDF output character string obtained by the second character string input parameter transmitted by the second character string parameter construction module 72 is sent to the third key generation module 77.
  • the KDF output string described above may be 256 bits, and each key generation module intercepts any 128 bits of the KDF output string as the obtained key.
  • the apparatus further includes: an AS root key module 73;
  • the AS root key module 73 is configured to provide an AS root key to the KDF processing module 74. Specifically, when the RRC initial security activation of the network is performed, another input parameter of the KDF is provided: K eNB ; RRC switching or reestablishing in the network For the time being, provide another input parameter for KDF: K* eNB .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for generating security keys is disclosed. During generating the three keys of the Access Stratum(AS), if the encryption algorithm is a null algorithm, a Key Derivation Function (KDF) needs to be called only once to generate the signaling integrity protection key, while the signaling confidentiality key and the user data confidentiality key are directly set to zero; if the encryption algorithm is not a null algorithm, the parameters for generating any two of the cipher keys are spliced to obtain the two keys during the process of calling the KDF once. Therefore, generating the three keys needs to call the KDF only twice. A device for generating security keys is disclosed simultaneously by the invention. With the method or device of the invention, the resource utilization ratio of generating keys can be improved and the delay of the whole cipher key generating system can be decreased.

Description

一种安全密钥的生成方法和装置 技术领域  Method and device for generating security key
本发明涉及移动通信安全领域, 尤其涉及一种安全密钥的生成方法和 装置。 背景技术  The present invention relates to the field of mobile communication security, and in particular, to a method and apparatus for generating a security key. Background technique
在长期演进( LTE, Long Term Evolution ) 系统中, 网络的无线资源控 制(RRC, Radio Resource Control )功能放在演进的节点 B ( eNB, Evolved NodeB )上,因此 RRC相应的安全保护机制也随之放在 eNB之中。由于 eNB 部署的数量众多, 分布面积广, 接入层之间各个网络实体无论从地理位置 上还是逻辑上都是高度分散化的, 运营商根本无法对其实行安全集中控制, 每个 eNB都处于非安全区域,所以各个 eNB都需要自身生成和各个用户设 备(UE, User Equipment )之间用于接入层(AS, Access Stratum )安全机 制的密钥。  In the Long Term Evolution (LTE) system, the RRC (Radio Resource Control) function of the network is placed on the evolved Node B (eNB, Evolved NodeB), so the corresponding security protection mechanism of the RRC is also followed. Placed in the eNB. Due to the large number of eNB deployments and the wide distribution area, each network entity between the access layers is highly geographically and logically decentralized. The operators cannot implement centralized security control at all. Each eNB is at A non-secure area, so each eNB needs to generate a key for the access layer (AS, Access Stratum) security mechanism between each user equipment (UE, User Equipment).
根据 3GPP TS33.401协议的描述,在核心网的移动性管理实体( MME, Mobility Management Entity )发起的初始上下文建立过程中, eNB在收到 MME的初始上下文建立请求消息后,需要根据该初始上下文建立请求消息 中所携带的 AS 根密钥 KeNB, 使用密钥生成函数(KDF, Key Derivation Function )生成用于 AS完整性保护和加密的三个密钥: 信令完整性保护密 钥 Κι^ΙηΡ 信令加密密钥 Κ]^Εη。、 用户数据加密密钥 KUpEne, 这三个密钥的 长度均为 128比特的固定长度。 According to the description of the 3GPP TS33.401 protocol, in the initial context establishment process initiated by the Mobility Management Entity (MME) of the core network, after receiving the initial context setup request message of the MME, the eNB needs to be based on the initial context. The AS root key K eNB carried in the request message is established, and three keys for AS integrity protection and encryption are generated by using a Key Derivation Function (KDF): Signaling integrity protection key Κι^ ΙηΡ signaling encryption key Κ]^ Εη . The user data encryption key K UpEne , the length of each of the three keys is a fixed length of 128 bits.
当网络的 RRC发生切换或重建立时, 需要根据核心网的 MME提供的 新鲜的下一跳( NH, Next Hop )值或当前 KeNB,生成新的 AS根密钥 K*eNB; 当没有新鲜的 NH值时,需要根据目标物理小区 ID( PCI, Target Physical Cell ID )、 目标物理小区下^ "载频( EARFCN-DL, Target Physical Cell Downlink Frequency )生成 K*eNB。 生成 K*eNB后, 再根据 K*eNB使用 KDF产生用于 AS完整性保护和加密的三个密钥。 When fresh next hop (NH, Next Hop) value or the current K eNB, AS generates a new root key K * eNB RRC network switching occurs immediately or reconstruction, according to the need to provide the core network MME; when no fresh The NH value needs to be based on the target physical cell ID (PCI, Target Physical Cell). ID), the physical target cell ^ "the carrier frequency (EARFCN-DL, Target Physical Cell Downlink Frequency) generate K * eNB. Generate K * eNB, AS then generates integrity protection and ciphering for use according to the KDF K * eNB Three keys.
KDF采用的是 HMAC-SHA-256 ( Keyed-Hash Message Authentication Code - Secure Hash Algorithm-256 )运算法则, 它有两输入参数, 一个是字 符串 (S ), —个是 AS根密钥 (Key ), 这两个参数都是可变长的, 在 LTE 系统中, Key为固定 256比特; KDF的输出固定为 256比特。  KDF uses the HMAC-SHA-256 (Keyed-Hash Message Authentication Code - Secure Hash Algorithm-256) algorithm, which has two input parameters, one is the string (S), and the other is the AS root key (Key). These two parameters are variable length. In the LTE system, the Key is fixed 256 bits; the output of the KDF is fixed to 256 bits.
现有技术中, 使用 KDF生成三个密钥 Kfocmt KfocEnc KUpEnc的过程, 如图 1 所示: In the prior art, the process of generating three keys Kfocmt KfocEnc K UpEnc using KDF is as shown in FIG. 1:
步骤 101 : 分别构造用于生成 Kfocmt
Figure imgf000004_0001
KUpEnc的 KDF的字符串 输入参数 SI、 S2、 S3; Step 101: Constructed separately for generating Kfocmt
Figure imgf000004_0001
K UpEnc 's KDF string input parameters SI, S2, S3;
分别构造用于生成 Κ ηι、
Figure imgf000004_0002
KUpEnc的 KDF的字符串输入参数 S1、 S2、 S3 , 其中,
Figure imgf000004_0003
Constructed separately to generate Κ η ι,
Figure imgf000004_0002
K UpEnc 's KDF string input parameters S1, S2, S3, where
Figure imgf000004_0003
其中: ΊΓ表示串联; FC是 KDF实例标识, 用于标识不同 KDF实例, 当使用 KDF生成用于 AS的三个安全密钥时, 其取值均为 0x15; POi是算 法类型标识( algorithm type distinguisher ), 具体取值见表 1; LOi是 的字 节长度; 上述的 i表示式中的 Rrclnt、 RrcEnc和 UpEnc; 本文中, Rrclnt、 RrcEnc和 UpEnc作为下标的参数分别对应用于生成
Figure imgf000004_0004
KUPENC 的参数; 其中, POfocmt对应表 1 中的 RRC-int-alg; Ρ0]^Εη。对应表 1 中的 RRC-enc-alg; P0UpEnc对应表 1中的 UP-enc-alg; ?1,是所采用的加密或完整 性保护算法的标识( algorithm identity ), 具体取值见表 2, 比如: 当选择的 加密算法为空算法, 即表 2中的 Null ciphering algorithm, Pli取值为 0x00, 但根据 3GPP TS33.401协议的描述, 对 Κ]^Ιηί的算法不能为空算法; !^是 的字节长度; Where: ΊΓ indicates concatenation; FC is the KDF instance identifier, which is used to identify different KDF instances. When KDF is used to generate three security keys for AS, the value is 0x15; POi is the algorithm type identifier ( algorithm type distinguisher ), the specific values are shown in Table 1; LOi is the byte length; the above i represents the Rrclnt, RrcEnc, and UpEnc in the formula; In this paper, the parameters of Rrclnt, RrcEnc, and UpEnc as subscripts are respectively used to generate
Figure imgf000004_0004
K UPENC parameters; where POfocmt corresponds to RRC-int-alg; Ρ0]^ Εη in Table 1. Corresponding to RRC-enc-alg in Table 1; P0 UpEnc corresponds to UP-enc-alg; ?1 in Table 1, which is the algorithmic identity of the encryption or integrity protection algorithm used. The specific values are shown in Table 2. For example: When the selected encryption algorithm is an empty algorithm, that is, the Null ciphering algorithm in Table 2, the value of Pli is 0x00. However, according to the description of the 3GPP TS33.401 protocol, the algorithm for Κ]^ Ιηί cannot be an empty algorithm; ^ is the length of the byte;
Figure imgf000005_0002
Figure imgf000005_0002
表 2  Table 2
步骤 102: 在网络的 RRC初始安全激活时, KDF的输入参数为 S1和 Step 102: When the RRC initial security activation of the network, the input parameter of the KDF is S1 and
KeNB; 在网络的 RRC切换或重建立时, KDF的输入参数为 S1和 K*eNB; 调 用 KDF, 得到 256比特的 KDF输出字符串; K eNB ; In the RRC handover or re-establishment of the network, the input parameters of the KDF are S1 and K* eNB ; the KDF is called to obtain a 256-bit KDF output string;
步骤 103: 截取 KDF输出字符串的低 128比特作为
Figure imgf000005_0001
Step 103: Intercept the lower 128 bits of the KDF output string as
Figure imgf000005_0001
步骤 104: 在网络的 RRC初始安全激活时, KDF的输入参数为 S2和 KeNB; 在网络的 RRC切换或重建立时, KDF的输入参数为 S2和 K*eNB; 调 用 KDF, 得到 256比特的 KDF输出字符串; Step 104: When the RRC initial security activation of the network, the input parameters of the KDF are S2 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters of the KDF are S2 and K* eNB ; and the KDF is invoked to obtain the 256-bit KDF. Output string;
步骤 105: 截取 KDF输出字符串的低 128比特作为 ¾^^;  Step 105: Intercept the lower 128 bits of the KDF output string as 3⁄4^^;
步骤 106: 在网络的 RRC初始安全激活时, KDF的输入参数为 S3和 KeNB; 在网络的 RRC切换或重建立时, KDF的输入参数为 S3和 K*eNB; 调 用 KDF, 得到 256比特的 KDF输出字符串; Step 106: When the RRC initial security activation of the network, the input parameters of the KDF are S3 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters of the KDF are S3 and K* eNB ; and the KDF is invoked to obtain the 256-bit KDF. Output string;
步骤 107: 截取 KDF输出字符串的低 128比特作为 KUpEncStep 107: Intercept the lower 128 bits of the KDF output string as K UpEnc .
从上面的过程可以看出为了生成用于 AS 的三个密钥, 需要调用三次 KDF, 每次调用得到一个密钥; 并且每次 KDF的输出是 256比特, 但每个 密钥的长度却只要求 128比特, 所以每次调用过程只利用了 KDF输出的一 部分。 显而易见, 这样的密钥生成方法不但降低了资源利用率, 而且增加 了整个密钥生成系统的时延。 发明内容 As you can see from the above process, in order to generate three keys for the AS, you need to call it three times. KDF, each call gets a key; and each time the KDF output is 256 bits, but each key requires only 128 bits, so each call process only utilizes a portion of the KDF output. Obviously, such a key generation method not only reduces resource utilization, but also increases the latency of the entire key generation system. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种安全密钥的生成方法和装 置, 提高密钥生成资源利用率, 并降低整个密钥生成系统的时延。  In view of this, the main object of the present invention is to provide a method and apparatus for generating a security key, improve the utilization of key generation resources, and reduce the delay of the entire key generation system.
为达到上述目的, 本发明的技术方案是这样实现的:  In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明实现一种安全密钥的生成方法, 在生成接入层 AS 的安全密钥 时, 该方法包括:  The present invention implements a security key generation method. When generating a security key of an access layer AS, the method includes:
如果选择的加密算法为空算法:  If the encryption algorithm chosen is an empty algorithm:
信令加密密钥和用户数据加密密钥直接置为 0;构造用于生成信令完整 性保护密钥的 KDF的字符串输入参数, 调用 KDF, 通过得到的 KDF输出 字符串生成信令完整性保护密钥;  The signaling encryption key and the user data encryption key are directly set to 0; a string input parameter of KDF for generating a signaling integrity protection key is constructed, KDF is called, and signaling integrity is generated by the obtained KDF output string. Protection key
如果选择的加密算法不为空算法:  If the chosen encryption algorithm is not empty:
构造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密 钥其中两个密钥的 KDF的字符串输入参数, 调用 KDF, 通过得到的 KDF 输出字符串生成所述两个密钥;  Constructing a string input parameter of KDF for generating a signaling integrity protection key, a signaling encryption key, and a user data encryption key, and calling KDF, generating the two by using the obtained KDF output string Key
构造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密 钥中剩下的一个密钥的 KDF 的字符串输入参数, 调用 KDF, 通过得到的 KDF输出字符串生成所述密钥。  Constructing a string input parameter of KDF for generating a signaling integrity protection key, a signaling encryption key, and a remaining one of the user data encryption keys, calling KDF, and generating a KDF output string Said key.
所述构造用于生成信令完整性保护密钥的 KDF的字符串输入参数, 具 体为: 选取用于生成信令完整性保护密钥的参数: KDF实例标识、 算法类 型标识、 算法类型标识的字节长度、 完整性保护算法标识、 完整性保护算 法标识的字节长度, 将所述各参数进行串联, 构造成 KDF的字符串输入参 数。 The string input parameter of the KDF configured to generate the signaling integrity protection key is specifically: selecting a parameter for generating a signaling integrity protection key: a KDF instance identifier, an algorithm type identifier, and an algorithm type identifier Byte length, integrity protection algorithm identifier, byte length of the integrity protection algorithm identifier, the parameters are concatenated, and the KDF string input parameter is constructed. Number.
所述在选择的加密算法为空算法时, 通过收到的 KDF输出字符串生成 信令完整性保护密钥, 具体为: 截取 KDF输出字符串的 128比特作为所述 信令完整性保护密钥。  And when the selected encryption algorithm is an empty algorithm, generating a signaling integrity protection key by using the received KDF output string, specifically: intercepting 128 bits of the KDF output string as the signaling integrity protection key .
所述构造用于生成两个密钥的 KDF的字符串输入参数, 具体包括: 将 分别用于生成所述两个密钥的参数拼接组成一个字符串, 作为 KDF的字符 串输入参数。  The string input parameter for generating the KDF of the two keys specifically includes: splicing the parameters respectively used to generate the two keys into a string as a string input parameter of the KDF.
所述将分别用于生成两个密钥的参数拼接组成一个字符串, 具体为: 选取用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密钥中 的两个密钥的参数, 包括: KDF实例标识、 算法类型标识、 算法类型标识 的字节长度、 加密或者完整性保护算法标识、 加密或者完整性保护算法标 识的字节长度, 将所述各参数进行串联拼接组成一个字符串。  The parameters used to generate the two keys are respectively spliced into a string, which is specifically: selecting two secrets used to generate a signaling integrity protection key, a signaling encryption key, and a user data encryption key. The parameters of the key, including: the KDF instance identifier, the algorithm type identifier, the byte length of the algorithm type identifier, the encryption or integrity protection algorithm identifier, the encryption or the byte length of the integrity protection algorithm identifier, and the parameters are serially spliced Make up a string.
所述的一种安全密钥的生成方法, 如果选择的加密算法不为空算法, 所述生成所述两个密钥具体为: 截取所述 KDF输出字符串的 128比特 作为所述两个密钥中的一个密钥, 再截取所述 KDF输出字符串的 128比特 作为所述两个密钥中的另一个密钥;  The method for generating a security key, if the selected encryption algorithm is not a null algorithm, the generating the two keys is specifically: intercepting 128 bits of the KDF output string as the two secrets a key in the key, and then intercepting 128 bits of the KDF output string as the other of the two keys;
所述生成所述密钥具体为: 截取所述 KDF输出字符串的 128比特作为 所述剩下的一个密钥。  The generating the key is specifically: intercepting 128 bits of the KDF output string as the remaining one key.
所述的调用 KDF, 具体为: KDF以 AS根密钥和所述 KDF的字符串输 入参数作为输入参数得到所述 KDF输出字符串。  The calling KDF is specifically as follows: KDF obtains the KDF output string by using an AS root key and the KDF string input parameter as input parameters.
本发明实现一种安全密钥的生成装置, 该装置包括:  The present invention implements a security key generating apparatus, and the apparatus includes:
第一字符串参数构造模块, 用于在选择的加密算法不为空算法时, 构 造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密钥其中 两个密钥的 KDF的第一字符串输入参数;  a first string parameter construction module, configured to generate two of a signaling integrity protection key, a signaling encryption key, and a user data encryption key when the selected encryption algorithm is not a null algorithm The first string input parameter of KDF;
第二字符串参数构造模块, 用于在选择的加密算法不为空算法时, 构 造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密钥中剩 下的一个密钥的 KDF的第二字符串输入参数, 传送到 KDF处理模块; 在 选择的加密算法为空算法时, 构造用于生成信令完整性保护密钥的 KDF的 第二字符串输入参数, 传送到 KDF处理模块; a second string parameter construction module, configured to: when the selected encryption algorithm is not a null algorithm Generating a second string input parameter of KDF for generating a signaling integrity protection key, a signaling encryption key, and a remaining one of the user data encryption keys, transmitted to the KDF processing module; When the algorithm is an empty algorithm, constructing a second string input parameter of the KDF for generating a signaling integrity protection key, and transmitting the parameter to the KDF processing module;
KDF处理模块, 用于得到 KDF输出字符串, 将由所述 KDF的第一字 符串输入参数得到的所述 KDF输出字符串分别发送到第一密钥生成模块和 第二密钥生成模块;将由所述 KDF的第二字符串输入参数得到的所述 KDF 输出字符串发送到第三密钥生成模块;  a KDF processing module, configured to obtain a KDF output string, and send the KDF output string obtained by the first string input parameter of the KDF to the first key generation module and the second key generation module respectively; The KDF output string obtained by the second string input parameter of the KDF is sent to the third key generation module;
第一密钥生成模块, 用于在选择的加密算法不为空算法时, 通过收到 的所述 KDF输出字符串生成所述两个密钥中的一个密钥; 在选择的加密算 法为空算法时, 将 0作为信令加密密钥或用户数据加密密钥;  a first key generation module, configured to generate one of the two keys by using the received KDF output string when the selected encryption algorithm is not a null algorithm; the selected encryption algorithm is empty In the algorithm, 0 is used as a signaling encryption key or a user data encryption key;
第二密钥生成模块, 用于在选择的加密算法不为空算法时, 通过收到 的所述 KDF输出字符串生成所述两个密钥中的另一个密钥; 在选择的加密 算法为空算法时, 该模块将 0作为用户数据加密密钥或信令加密密钥; 第三密钥生成模块, 用于在选择的加密算法不为空算法时, 通过收到 的所述 KDF输出字符串生成所述剩下的一个密钥; 在选择的加密算法为空 算法时, 通过收到的 KDF输出字符串生成信令完整性保护密钥。  a second key generating module, configured to generate another one of the two keys by using the received KDF output string when the selected encryption algorithm is not a null algorithm; When the algorithm is empty, the module uses 0 as the user data encryption key or the signaling encryption key. The third key generation module is configured to output the character through the received KDF when the selected encryption algorithm is not empty. The string generates the remaining one key; when the selected encryption algorithm is a null algorithm, the signaling integrity protection key is generated by the received KDF output string.
该装置还包括:  The device also includes:
AS根密钥模块, 用于向 KDF处理模块提供 AS根密钥。  The AS root key module is used to provide an AS root key to the KDF processing module.
本发明提供的一种安全密钥生成方法和装置, 在生成 AS 的三个密钥 时: 如果加密算法为空算法时, Κ]^Εικ、 KUpEnc直接置为 0, 只需要调用一 次 KDF来生成 Kfodnt; 如果加密算法不为空算法时, 将用于生成任意两个 的密钥的参数进行拼接, 再调用一次 KDF的过程, 就能得到这两个密钥, 这样, 三个密钥的生成只需要调用两次 KDF即可, 从而省略了一次复杂的 密钥的生成过程, 并且当加密算法为空时可省略两次密钥的生成过程, 显 然可以降低密钥生成的计算量和密钥生成系统的时延, 尤其是在同时接入 多个 UE时, 这个优点更为显著。 附图说明 The invention provides a security key generation method and device, when generating three keys of an AS: If the encryption algorithm is an empty algorithm, Κ]^ Εικ and K UpEnc are directly set to 0, and only need to call KDF once. Generate Kfodnt; If the encryption algorithm is not empty, the parameters used to generate any two keys are spliced, and then the KDF process is called to obtain the two keys, thus, the three keys The generation only needs to call KDF twice, thus omitting a complicated key generation process, and omitting the key generation process twice when the encryption algorithm is empty. However, the amount of calculation of key generation and the delay of the key generation system can be reduced, especially when multiple UEs are simultaneously accessed. DRAWINGS
图 1为现有技术中用于 AS的三个密钥的生成过程示意图;  1 is a schematic diagram of a process of generating three keys for an AS in the prior art;
图 2为本发明中实现安全密钥的生成方法流程示意图;  2 is a schematic flowchart of a method for generating a security key in the present invention;
图 3 为本发明中选择的加密算法为空算法时安全密钥的生成方法流程 示意图;  FIG. 3 is a schematic flowchart of a method for generating a security key when an encryption algorithm selected in the present invention is an empty algorithm;
图 4为本发明中将 ¾^^和 KUpEnc在一次调用 KDF过程中生成的安全 密钥的方法流程示意图; 4 is a schematic flow chart of a method for generating a security key in a process of calling KDF in a process according to the present invention;
图 5为本发明中将
Figure imgf000009_0001
在一次调用 KDF过程中生成的安全 密钥的方法流程示意图; Figure 5 will be in the present invention
Figure imgf000009_0001
Schematic diagram of the method of the security key generated during a call to the KDF process;
图 6为本发明中将
Figure imgf000009_0002
和 KUpEnc在一次 KDF过程中生成的安全密钥 的方法流程示意图; Figure 6 is a view of the present invention
Figure imgf000009_0002
Schematic diagram of the method of the security key generated by K UpEnc in a KDF process;
图 7为本发明中实现安全密钥的生成的装置的结构示意图。 具体实施方式 本发明的基本思想是: 生成用于 AS的安全密钥时,如果选用的加密算 法为空算法, 等于不进行加密过程, 那么可以不生成
Figure imgf000009_0003
ΚυρΕ , 则直 接将
Figure imgf000009_0004
否则, 构造 用于生成其中任意两个密钥的 KDF的字符串输入参数,调用 KDF, 通过得 到的 KDF输出字符串生成这两个密钥; 最后, 构造用于生成剩下的一个密 钥的 KDF输出字符串, 调用 KDF, 通过得到的 KDF输出字符串生成此密 钥。 FIG. 7 is a schematic structural diagram of an apparatus for implementing generation of a security key in the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The basic idea of the present invention is: When generating a security key for an AS, if the selected encryption algorithm is an empty algorithm, which is equal to not performing the encryption process, then the generation may not be performed.
Figure imgf000009_0003
Κ υρΕ , then directly
Figure imgf000009_0004
Otherwise, construct a string input parameter for generating KDF for any two of these keys, call KDF, and generate the two keys from the resulting KDF output string; finally, construct the one used to generate the remaining one. The KDF output string, called KDF, is generated from the resulting KDF output string.
实施例一: 安全密钥的生成过程如图 2所示, 在生成安全密钥前, 网 络的通信双方协商好对生成三个密钥的 KDF输出字符串的截取方式, 并且 各截取方式最好不要相同, 即生成的三个密钥各不相同, 能够增强安全性, 该方法包括以下几个步骤: Embodiment 1: The process of generating a security key is as shown in FIG. 2, before the security key is generated, the communication parties of the network negotiate the interception mode of the KDF output string for generating the three keys, and Preferably, the interception methods are not the same, that is, the generated three keys are different, which can enhance security. The method includes the following steps:
步骤 201 : 如果所选择的加密算法为空算法, 等于不进行加密过程, 那 么可以不生成 ¾^^和 KUpEnc, 则将 ¾^^和 KUpEnc两个密钥直接置为 0, 转步骤 205, 如果所选择的加密算法不为空算法, 则转步骤 202; Step 201: If the selected encryption algorithm is a null algorithm, and the encryption process is not performed, then the 3⁄4 ^^ and K UpEnc keys may be directly set to 0, and the process proceeds to step 205. If the selected encryption algorithm is not empty, then go to step 202;
步骤 202:在选择的加密算法不为空算法时,选取
Figure imgf000010_0001
K RxcEnc和 KUpEnc 中的两个分别为第一密钥 KAS1和第二密钥 KAS2,选取用于生成 KAS1和 KAS2 的各个参数, 并拼接成用于生成 1^81和 KAS2的 KDF 的字符串输入参数 ( S1 ); Step 202: When the selected encryption algorithm is not a null algorithm, select
Figure imgf000010_0001
The two of K RxcEnc and K UpEnc are the first key K AS1 and the second key K AS2 , respectively, and the respective parameters for generating K AS1 and K AS2 are selected and spliced into one for generating 1^ 81 and K AS2. The KDF string input parameter (S1);
选取用于生成 KAS 々参数: P0Keyl、 L0Keyl
Figure imgf000010_0002
LlKeyl, 以及用于 生成 KAS2的参数: P0Key2、 L0Key2、 PlKey2和 LlKey2; FC=0xl5; 将用于生成 KAS1 ^ KAS2的参数拼接成 KDF的字符串输入参数 S1 , 即: Select the parameters used to generate the K AS :: P0 Keyl , L0 Keyl ,
Figure imgf000010_0002
Ll Keyl, and a parameter for generating the K AS2: P0 Key2, L0 Key2, Pl Key2 and Ll Key2; FC = 0xl5; the parameters used to generate K AS1 ^ K AS2 spliced to a string input parameter S1 KDF, i.e. :
S1=FC II P0Keyl II L0Keyl II PlKeyl II LlKeyl II P0Key2 II L0Key2 ll PlKey2 II LlKey2; 其中, ΊΓ 表示串联, PO^^据表 1选取, Pl^^据表 3选取, 1^01为?01 的字节长度, !^为 的字节长度, 根据表 1和表 3, !^、 的取值都为 0x0001 , 即一个字节长度, 这里的 i表示 Keyl、 Key2, Keyl、 Key2分别 为 KAS1和 KAS2对应的 Rrclnt、 RrcEnc和 UpEnc中的两个; S1 = FC II P0 Keyl II L0 Keyl II Pl Keyl II Ll Keyl II P0 Key2 II L0 Key2 ll Pl Key2 II Ll Key2; wherein, ΊΓ is the series, PO ^^ selected according to Table 1, Pl ^^ selected according to Table 3, 1^0 1 is? 0 1 byte length, ! ^ is the length of the byte, according to Table 1 and Table 3, ! The value of ^, is 0x0001, that is, one byte length, where i represents Keyl, Key2, Keyl, and Key2 are respectively two of Rrclnt, RrcEnc, and UpEnc corresponding to K AS1 and K AS2 ;
Figure imgf000010_0003
Figure imgf000010_0003
表 3  table 3
步骤 203: 调用 KDF, 在网络的 RRC初始安全激活时, 其输入参数为 S1和 KeNB; 在网络的 RRC切换或重建立时, 其输入参数为 S1和 K*eNB; 得到 256比特的 KDF输出字符串; 步骤 204: 按照网络的通信双方协商好的截取方式, 分别截取 KDF输 出字符串的不同的 128比特作为 KAS1和 KAS2; Step 203: Invoke KDF. When the RRC initial security activation of the network, the input parameters are S1 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters are S1 and K* eNB ; and the 256-bit KDF output character is obtained. string; Step 204: According to the interception manner negotiated by the communication parties of the network, respectively intercept different 128 bits of the KDF output string as K AS1 and K AS2 ;
步骤 205:在选择的加密算法为空算法时,将 Kfocmt作为第三密钥 KAS3; 在选择的加密算法不为空算法时, 选取 Κ]^ 、 ¾^^和 KUpEnc中剩下的一 个为 KAS3; 构造用于生成 KAS3的 KDF的字符串输入参数( S2 ); Step 205: When the selected encryption algorithm is a null algorithm, Kfocmt is used as the third key K AS3 ; when the selected encryption algorithm is not empty, the remaining one of Κ]^, 3⁄4 ^^, and K UpEnc is selected . is K AS3; configured for generating a character string of the input parameters of the KDF K AS3 (S2);
在选择的加密算法为空算法时, 则选取用于生成 的 S2的参数 POfocmp LOfoe , Plfoc 0X15 , 构造 S2为: S2=FC II PORrcint II LORrcint II PlRrcI  When the selected encryption algorithm is an empty algorithm, the parameter Pfocmp LOfoe , Plfoc 0X15 for constructing S2 is selected, and the structure S2 is: S2=FC II PORrcint II LORrcint II PlRrcI
其中,
Figure imgf000011_0001
1选取; 选取为 0x04; 为 POfoe 的字节长度, Llfocmt为 Plfocmt的字节长度, 根据表 1和表 3, LOfoe ,among them,
Figure imgf000011_0001
1 select; select 0x04; be the byte length of POfoe, Llfocmt is the byte length of Plfocmt, according to Table 1 and Table 3, LOfoe,
Llfocmt的取值都为 0x0001 , 即一个字节长度; Llfocmt has a value of 0x0001, which is one byte in length;
在选择的加密算法不为空算法时, 选取 ¾^^和 KUpEnc中剩下 的一个为 KAS3,选取用于生成 KAS3的 S2的参数 P0Key3、L0Key3、PlKey3、LlKey3、 FC = 0xl5, 构造 S2为: When the selected encryption algorithm is not empty, select the remaining one of 3⁄4 ^^ and K UpEnc as K AS3 , and select the parameters P0 Key3 , L0 Key3 , Pl Key3 , Ll Key3 , FC for generating S2 of K AS3 . = 0xl5, construct S2 as:
S2=FC II P0Key3 II L0Key3 II PlKey3 II LlKey3; S2=FC II P0 Key3 II L0 Key3 II Pl Key3 II Ll Key3 ;
其中, P0Key3根据表 1选取, PlKey3根据表 3选取, L0Key3为 P0Key3的字 节长度, LlKey3为 PlKey3的字节长度, 根据表 1和表 3, L0Key3、 LlKey3的取 值都为 0x0001 , 即一个字节长度, Key 3为 KAS3对应的 Rrclnt, RrcEnc和 UpEnc中的一个; Among them, P0 Key3 is selected according to Table 1, Pl Key3 is selected according to Table 3, L0 Key3 is the byte length of P0 Key3 , Ll Key3 is the byte length of Pl Key3 , according to Table 1 and Table 3, L0 Key3 , Ll Key3 The value is 0x0001, which is a byte length, and Key 3 is one of Rrclnt, RrcEnc and UpEnc corresponding to K AS3 ;
步骤 206: 调用 KDF, 在网络的 RRC初始安全激活时, 其输入参数为 Step 206: Invoke KDF, when the initial RRC security activation of the network, the input parameter is
S2和 KeNB; 在网络的 RRC切换或重建立时, 其输入参数为 S2和 K*eNB; 得到 256比特的 KDF输出字符串; S2 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters are S2 and K* eNB ; obtaining a 256-bit KDF output string;
步骤 207: 按照网络的通信双方协商好的截取方式, 截取 KDF输出字 符串的 128比特作为 KAS3, 当前安全密钥生成过程结束。 Step 207: According to the interception manner negotiated by both parties of the network, intercept 128 bits of the KDF output string as K AS3 , and the current security key generation process ends.
通过上述方法,可以得到 KAS1、 KAS2和 KAS3各自所对应的 和 KUpEncBy the above method, each of K AS1 , K AS2 and K AS3 can be obtained. And K UpEnc
实施例二: 当选择的加密算法为空算法时, 对 KDF输出字符串的截取 采用的是对 KDF输出字符串截取高或低 128比特, 本发明实现安全密钥的 生成方法的实施例, 如图 3所示, 包括以下步骤:  Embodiment 2: When the selected encryption algorithm is a null algorithm, the interception of the KDF output string is performed by intercepting the high or low 128 bits of the KDF output string. The embodiment of the method for generating a security key in the present invention, such as As shown in Figure 3, the following steps are included:
步骤 301 : 直接将信令加密密钥和数据加密密钥置为 0, 即 Κ]^Ε =0,Step 301: Directly set the signaling encryption key and the data encryption key to 0, that is, Κ]^ Ε =0,
KupEnc-0; KupEnc-0;
步骤 302: 构造用于生成
Figure imgf000012_0001
的 KDF的字符串输入参数 ( S ); Step 302: Construct for generation
Figure imgf000012_0001
KDF string input parameter (S);
选取用于生成 Kfocmt的参数: POfoe , LOfoe . Plfoe ,
Figure imgf000012_0002
FC = 0x15 , 构造 的 KDF的字符串输入参数为: Select the parameters used to generate Kfocmt: POfoe , LOfoe . Plfoe ,
Figure imgf000012_0002
FC = 0x15 , the string input parameters of the constructed KDF are:
S=FC II PORrcint II LORrcint II PIRTC II LI J-C ,  S=FC II PORrcint II LORrcint II PIRTC II LI J-C ,
其中,
Figure imgf000012_0003
1选取, 即 POfocmt为 0x04, 3选取,
Figure imgf000012_0004
PO W的字节长度, ΡΙ Μ的字节长度,根据表 1和表 3, LOfoe , Llfocmt的取值都为 0x0001 , 即一个字节长度, 例如: among them,
Figure imgf000012_0003
1 select, that is, POfocmt is 0x04, 3 is selected,
Figure imgf000012_0004
The byte length of PO W, 字节 字节 byte length, according to Table 1 and Table 3, LOfoe, Llfocmt are all 0x0001, that is, one byte length, for example:
根据表 3, 当 Plfocmt为 128-EIA1 SNOW 3G时:  According to Table 3, when Plfocmt is 128-EIA1 SNOW 3G:
S=Oxl5IIOx04IIOx0001IIOx01IIOx0001 ,  S=Oxl5IIOx04IIOx0001IIOx01IIOx0001,
又如, 当 PlRrdnt为 128-EIA2 AES时:  As another example, when PlRrdnt is 128-EIA2 AES:
S=Oxl5IIOx04IIOx0001IIOx02IIOx0001 ;  S=Oxl5IIOx04IIOx0001IIOx02IIOx0001;
步骤 303: 调用 KDF, 在网络的 RRC初始安全激活时, 其输入参数为 S和 KeNB; 在网络的 RRC切换或重建立时, 其输入参数为 S和 K*eNB; 得 到 256比特的 KDF输出字符串; Step 303: Invoke KDF. When the RRC initial security activation of the network, the input parameters are S and K eNB ; when the RRC handover or re-establishment of the network, the input parameters are S and K* eNB ; and the 256-bit KDF output character is obtained. string;
步骤 304: 截取 KDF输出字符串的高或低 128比特作为 Κ]^ΙηίStep 304: Intercept the high or low 128 bits of the KDF output string as Κ]^ Ιηί .
实施例三: 当选择的加密算法不为空算法时, 将 ¾^^和 KUpEnc在一 次调用 KDF的过程中生成, 对 KDF输出字符串的截取采用的是对 KDF输 出字符串截取高 128比特或低 128比特, 本发明实现一种安全密钥的生成 方法的实施例, 如图 4所示, 包括以下步骤: 步骤 401: 选取用于生成
Figure imgf000013_0001
KUpEnc的各个参数, 并拼接成 KDF 的字符串输入参数 ( S1 ); Embodiment 3: When the selected encryption algorithm is not a null algorithm, 3⁄4 ^^ and K UpEnc are generated in a process of calling KDF, and the interception of the KDF output string is performed by intercepting a high 128 bits of the KDF output string. An embodiment of the method for generating a security key, as shown in FIG. 4, includes the following steps: Step 401: Select for generation
Figure imgf000013_0001
K UpEnc parameters, and spliced into KDF string input parameters (S1);
具体的,选取用于生成 KfocEnc的参数: PORrcEnc.LO RrcEnc ^ PlRrcEnc ^ L1 ^οΕώο, 和用于生成 KUpEnc的参数: P0UpEnc、 L0UpEnc、 PlUpEnc、 LlUpEnc; 其中, PO, 根据表 1选取, Pl ^据表 3选取, !^为 的字节长度, !^为?^的字节 长度, 根据表 1和表 3, 的取值都为 0x0001 , 即一个字节长度, 这 里的 i表示 RrcEnc、 UpEnc, 即根据表 1 , Ρ0]^Εικ为 0x03 , P0UpEnc为 0x05; 拼接成用于生成 ¾^^和 KUpEnc的 KDF的字符串输入参数为: Specifically, select the parameters used to generate KfocEnc: PORrcEnc.LO RrcEnc ^ PlRrcEnc ^ L1 ^ οΕώο , and the parameters used to generate K UpEnc : P0 UpEnc , L0 UpEnc , Pl UpEnc , Ll UpEnc ; where PO, according to Table 1 Select, Pl ^ selected according to Table 3, ! ^ is the length of the byte, ! ^为? The byte length of ^, according to Table 1 and Table 3, is 0x0001, which is a byte length, where i represents RrcEnc, UpEnc, that is, according to Table 1, Ρ0]^ Εικ is 0x03, P0 UpEnc is 0x05 ; String input parameters spliced into KDF for generating 3⁄4 ^^ and K UpEnc are:
S 1 =FCI IPO TCEOCI ILO rcEncl IP 1 RrcEncl IL 1 RrcEncl IPOupEncl ILOupEncl IP 1 UpEncl IL 1 UpEnc, 列^口:  S 1 =FCI IPO TCEOCI ILO rcEncl IP 1 RrcEncl IL 1 RrcEncl IPOupEncl ILOupEncl IP 1 UpEncl IL 1 UpEnc, Column ^:
根据表 3, 当 PlfocEnc和 PlUpEnc为 128-EIA1 SNOW 3G, 时: According to Table 3, when PlfocEnc and Pl UpEnc are 128-EIA1 SNOW 3G,
Sl=Oxl5IIOx03IIOx0001IIOx01IIOx0001IIOx05IIOx0001IIOx01IIOx0001 , 或者, 当 PlfocEnc和 PlUpEnc为 128-EEA2 AES based algorithm时: Sl=Oxl5IIOx03IIOx0001IIOx02IIOx0001IIOx05IIOx0001IIOx02IIOx0001; Sl=Oxl5IIOx03IIOx0001IIOx01IIOx0001IIOx05IIOx0001IIOx01IIOx0001, or, when PlfocEnc and Pl UpEnc are 128-EEA2 AES based algorithm: Sl=Oxl5IIOx03IIOx0001IIOx02IIOx0001IIOx05IIOx0001IIOx02IIOx0001;
步骤 402: 调用 KDF, 在网络的 RRC初始安全激活时, 其输入参数为 Step 402: Invoke KDF, when the initial RRC security activation of the network, the input parameter is
S1和 KeNB; 在网络的 RRC切换或重建立时, 其输入参数为 S1和 K*eNB; 得到 256比特的 KDF输出字符串; S1 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters are S1 and K* eNB ; obtaining a 256-bit KDF output string;
步骤 403: 截取 KDF输出字符串的高 128比特作为 截取 KDF 输出的低 128比特作为 KUpEnc; 或者, 截取 KDF输出字符串的高 128比特 作为 KUpEnc, 截取 KDF输出的低 128比特作为 Κ]^^; Step 403: Intercept the high 128 bits of the KDF output string as the lower 128 bits of the KDF output as K UpEnc ; or, intercept the upper 128 bits of the KDF output string as K UpEnc , and intercept the lower 128 bits of the KDF output as Κ]^ ^;
步骤 404: 构造用于生成
Figure imgf000013_0002
的 KDF的字符串输入参数 ( S2 ): Step 404: Construct for generation
Figure imgf000013_0002
KDF string input parameter (S2):
选取用于生成 Kfocmt的参数: POfoe , LOfoe . Plfoe ,
Figure imgf000013_0003
FC = 0x15 , 用于生成 的 KDF的字符串输入参数为: Select the parameters used to generate Kfocmt: POfoe , LOfoe . Plfoe ,
Figure imgf000013_0003
FC = 0x15 , the string input parameters for the generated KDF are:
S2=FCIIP0RrcintIIL0RrcintIIPlRrcintIILl Rrclnt? S2=FCIIP0 Rrc i nt IIL0 Rrc i nt IIPl Rrc i nt IILl Rrclnt?
其中, P0 RrcInt根据表 1选取, PO focmt为 0x04; Pl R^nt根据表 3选取,
Figure imgf000014_0001
为 P0RrcInt的字节长度, 为 PlRrcInt的字节长度, 根据表 1和表 3, LOfocmt Llfocmt的取值都为 0x0001, 即一个字节长度, 例如: Where P0 RrcInt is selected according to Table 1, PO focmt is 0x04; Pl R^nt is selected according to Table 3,
Figure imgf000014_0001
The length of the byte of P0 RrcInt is the byte length of Pl RrcInt . According to Table 1 and Table 3, the value of LOfocmt Llfocmt is 0x0001, which is a byte length, for example:
根据表 3, 当 Plfocmt为 128-EIA1 SNOW 3G时:  According to Table 3, when Plfocmt is 128-EIA1 SNOW 3G:
S2=0X15II0X04II0X0001II0X01II0X0001,  S2=0X15II0X04II0X0001II0X01II0X0001,
或者当 PlRrdnt为 128-EIA2AES时:  Or when PlRrdnt is 128-EIA2AES:
S2=0X15II0X04II0X0001II0X02II0X0001;  S2=0X15II0X04II0X0001II0X02II0X0001;
步骤 405: 调用 KDF, 在网络的 RRC初始安全激活时, 其输入参数为 S2和 KeNB; 在网络的 RRC切换或重建立时, 其输入参数为 S2和 K*eNB; 得到 256比特的 KDF输出字符串; Step 405: Invoke KDF. When the RRC initial security activation of the network, the input parameters are S2 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters are S2 and K* eNB ; and the 256-bit KDF output character is obtained. string;
步骤 406: 截取 KDF输出字符串的高或低 128比特作为 ¾^11¾Step 406: Intercept the high or low 128 bits of the KDF output string as 3⁄4 ^ 113⁄4 .
实施例四: 当选择的加密算法不为空算法时,将 ¾^^和¾^^在一次 调用 KDF的过程中生成, 对 KDF输出字符串的截取采用的是对 KDF输出 字符串截取高 128比特或低 128比特, 本发明实现一种安全密钥的生成方 法的实施例, 如图 5所示, 包括以下步骤:  Embodiment 4: When the selected encryption algorithm is not a null algorithm, 3⁄4^^ and 3⁄4^^ are generated in a process of calling KDF, and the interception of the KDF output string is performed by intercepting the KDF output string by 128. An embodiment of the method for generating a security key, as shown in FIG. 5, includes the following steps:
步骤 501: 选取用于生成 ¾^11¾和 Κ]^Εικ的各个参数, 并拼接成 KDF 的字符串输入参数 (S1 ); Step 501: Select various parameters for generating 3⁄4 ^ 113⁄4 and Κ]^ Εικ , and splicing into a string input parameter (S1) of KDF;
具体的, 选取用于生成
Figure imgf000014_0002
Specifically, select for generation
Figure imgf000014_0002
用于生成 KRrcEnc的参数: PORTCEIIC、 L0 RrcEnc、 P 1 RrcEnc、 L 1 RrcEnc; FC=0x 15; 拼接成用于生成
Figure imgf000014_0003
的 KDF的字符串输入参数为: Parameters used to generate KRrcEnc: PORTCEIIC, L0 RrcEnc, P 1 RrcEnc, L 1 RrcEnc; FC=0x 15; stitched into for generation
Figure imgf000014_0003
The string input parameters for KDF are:
SlzFCIIPO rcintllLO rcintllPl rcintlLl rcintllPO rcEncllLO rcEncllPl RrcEnc IILl RxcEnc, 其中, ΡΟ^^据表 1选取, Pl^^据表 3选取, !^为 的字节长度, !^为 的字节长度, 根据表 1和表 3, LO 的取值都为 0x0001, 即一 个字节长度, 这里的 i表示 Rrclnt、 RrcEnc, 即根据表 1, POR W为 0x04, SlzFCIIPO rcintllLO rcintllPl rcintlLl rcintllPO rcEncllLO rcEncllPl RrcEnc IILl RxcEnc, where ΡΟ^^ is selected according to Table 1, Pl^^ according to Table 3, ! ^ is the length of the byte, ! ^ is the length of the byte, according to Table 1 and Table 3, the value of LO is 0x0001, that is, a byte length, where i represents Rrclnt, RrcEnc, that is, according to Table 1, POR W is 0x04,
POfocEnc为 0x03; 例如: POfocEnc is 0x03; for example:
根据表 3, 当 Plfodnt为 128-EIA1 SNOW 3G和 Ρ1]^Εη。为 128-EEA1 SNOW 3G based algorithm时: According to Table 3, when Plfodnt is 128-EIA1 SNOW 3G and Ρ1]^ Εη . 128-EEA1 When SNOW 3G based algorithm:
Sl=Oxl5IIOx04IIOx0001IIOx01IIOx0001IIOx03IIOx0001IIOx01IIOx0001;  Sl=Oxl5IIOx04IIOx0001IIOx01IIOx0001IIOx03IIOx0001IIOx01IIOx0001;
又如, 当 PlRrClnt为 128-EIA2 AES和 PlRrcEnc为 128-EEA2 AES based algorithm时: For another example, when PlRr Clnt is 128-EIA2 AES and PlRr cEnc is 128-EEA2 AES based algorithm:
Sl=OxlllOx04IIOx0001IIOx02IIOx00015IIOx03IIOx0001IIOx02IIOx0001;  Sl=OxlllOx04IIOx0001IIOx02IIOx00015IIOx03IIOx0001IIOx02IIOx0001;
又如, 当 PlRrdnt为 128-EIA1 SNOW 3G和 PlRrcEnc为 128-EEA2 AES based algorithm时: For another example, when PlRrdnt is 128-EIA1 SNOW 3G and PlRr cEnc is 128-EEA2 AES based algorithm:
Sl=Oxl5IIOx04IIOx0001IIOx01IIOx0001IIOx03IIOx0001IIOx02IIOx0001;  Sl=Oxl5IIOx04IIOx0001IIOx01IIOx0001IIOx03IIOx0001IIOx02IIOx0001;
再如, 当 Plfodnt为 128-EIA2 AES和 1]^1^为 128-EEA1 SNOW 3G based algorithm时:  For another example, when Plfodnt is 128-EIA2 AES and 1]^1^ is 128-EEA1 SNOW 3G based algorithm:
Sl=Oxl5IIOx04IIOx0001IIOx02IIOx0001IIOx03IIOx0001IIOx01IIOx0001 ; 步骤 502: 调用 KDF, 在网络的 RRC初始安全激活时, 其输入参数为 S1和 KeNB; 在网络的 RRC切换或重建立时, 其输入参数为 S1和 K*eNB; 得到 256比特的 KDF输出字符串; Sl=Oxl5IIOx04IIOx0001IIOx02IIOx0001IIOx03IIOx0001IIOx01IIOx0001; Step 502: Invoke KDF, when the RRC initial security activation of the network, its input parameters are S1 and K eNB ; when the network is RRC handover or re-establishment, its input parameters are S1 and K* eNB ; get 256 bits KDF output string;
步骤 503: 截取 KDF输出字符串的高 128比特作为
Figure imgf000015_0001
截取 KDF 输出字符串的低 128比特作为
Figure imgf000015_0002
或者截取 KDF输出字符串的高 128 比特作为
Figure imgf000015_0003
截取 KDF输出字符串的低 128比特作为 Step 503: Intercept the high 128 bits of the KDF output string as
Figure imgf000015_0001
Intercept the lower 128 bits of the KDF output string as
Figure imgf000015_0002
Or intercept the high 128 bits of the KDF output string as
Figure imgf000015_0003
Intercept the lower 128 bits of the KDF output string as
步骤 504: 构造用于生成 KUpEnc 的 KDF的字符串输入参数 ( S2 ); 选取用于生成 KUpEnc的参数: P0UpEnc、 L0UpEnc
Figure imgf000015_0004
LlUpEnc, FC, 构造用于生成 KUpEnc的 KDF的字符串输入参数为:Step 504: Construct a string input parameter (S2) for generating KDF of K UpEnc ; select parameters for generating K UpEnc : P0 UpEnc , L0 UpEnc ,
Figure imgf000015_0004
Ll UpEnc , FC, The string input parameters of the KDF constructed to generate K UpEnc are:
Figure imgf000015_0005
Figure imgf000015_0005
其中, ΊΓ表示串联, P0UpEnc根据表 1选取, 即 P0UpEnc为 0x05 , PlUpEnc 根据表 3选取, L0UpEnc为 P0UpEnc的字节长度, LlUpEnc为 PlUpEnc的字节长 度, 根据表 1和表 3, L0UpEnc、 LlUpEnc的取值都为 0x0001 , 即一个字节长 度, FC = 0xl5; 例如: 根据表 3 , 当 PlUpEnc为 128-EIA1 SNOW 3G时: Where ΊΓ denotes concatenation, P0 UpEnc is selected according to Table 1, ie P0 UpEnc is 0x05, Pl UpEnc is selected according to Table 3, L0 UpEnc is the byte length of P0 UpEnc , Ll UpEnc is the byte length of Pl UpEnc , according to Table 1 and Table 3, L0 UpEnc , Ll UpEnc are all 0x0001, that is, one byte length, FC = 0xl5; For example: According to Table 3, when Pl UpEnc is 128-EIA1 SNOW 3G:
S2=0X15II0X05II0X0001 II0X01 II0X0001 ;  S2=0X15II0X05II0X0001 II0X01 II0X0001;
又如, 当 PlUpEnc为 128-EIA2 AES时: As another example, when Pl UpEnc is 128-EIA2 AES:
S2=0X15II0X05II0X0001 II0X02II0X0001 ;  S2=0X15II0X05II0X0001 II0X02II0X0001;
步骤 505: 调用 KDF, 在网络的 RRC初始安全激活时, 其输入参数为 Step 505: Invoke KDF, when the initial RRC security activation of the network, the input parameter is
S2和 KeNB; 在网络的 RRC切换或重建立时, 其输入参数为 S2和 K*eNB; 得到 256比特的 KDF输出字符串; S2 and K eNB ; when the RRC handover or re-establishment of the network, the input parameters are S2 and K* eNB ; obtaining a 256-bit KDF output string;
步骤 506: 截取 KDF输出字符串的高或低 128比特作为 KUpEncStep 506: Intercept the high or low 128 bits of the KDF output string as K UpEnc .
实施例五: 当选择的加密算法不为空算法时, 将
Figure imgf000016_0001
在一次 调用 KDF过程中生成, 对 KDF输出字符串的截取采用的是对 KDF输出字 符串截取高或低 128比特, 本发明实现一种安全密钥的生成方法的实施例, 如图 6所示, 包括以下步骤: Embodiment 5: When the selected encryption algorithm is not a null algorithm,
Figure imgf000016_0001
In the process of invoking the KDF, the interception of the KDF output string is performed by intercepting the high or low 128 bits of the KDF output string. The present invention implements a method for generating a security key, as shown in FIG. , including the following steps:
步骤 601 : 选取用于生成
Figure imgf000016_0002
ΚυρΕη。的各个参数, 并拼接成用于生 成 和 KUpEnc的 KDF的字符串输入参数 ( S1 ); Step 601: Select for generation
Figure imgf000016_0002
Κ υρΕη . Each parameter, and spliced into a string input parameter (S1) for generating KDF and KUpEnc ;
具体的,选取用于生成 Kfocmt的参数: POfocmt . LOfoe . Plfoeint ^ Ll^, 用于生成 KUpEnc的参数: P0UpEnc 、 L0 UpEnc 、 PlUpEnc 、 LlUpEnc; FC=0xl5; 拼接成用于生成
Figure imgf000016_0003
和 KUpEnc的 KDF的字符串输入参数为: Specifically, select the parameters used to generate Kfocmt: POfocmt . LOfoe . Plfoeint ^ Ll^, parameters for generating K UpEnc : P0 UpEnc , L0 UpEnc , Pl Up Enc , Ll UpEnc ; FC=0xl5;
Figure imgf000016_0003
And K UpEnc 's KDF string input parameters are:
S 1 =FCI IPORrdntllLORrcintl IP 1 Rrclntl IL 1 Rrclntl IPOupEncl ILOupEncl IP 1 UpEncl IL 1 UpEnc; 其中, ΊΓ 表示串联, 根据表 1选取, 根据表 3选取, 1^01为?01 的字节长度, !^为 的字节长度, 根据表 1和表 3 , !^、 的取值都为 0x0001 ,即一个字节长度,这里的 i表示 Rrclnt、 UpEnc,即根据表 1 , ΡΟ^ι^ 为 0x04, P0UpEnc为 0x05; S 1 =FCI IPORrdntllLORrcintl IP 1 Rrclntl IL 1 Rrclntl IPOupEncl ILOupEncl IP 1 UpEncl IL 1 UpEnc; where ΊΓ indicates concatenation, selected according to Table 1, selected according to Table 3, 1^0 1 is? 0 1 byte length, ! ^ is the length of the byte, according to Table 1 and Table 3, ! The value of ^, is 0x0001, which is a byte length, where i represents Rrclnt, UpEnc, that is, according to Table 1, ΡΟ^ι^ is 0x04, P0 UpEnc is 0x05;
例如:  E.g:
根据表 3 ,当 PlRrdnt为 128-EIA1 SNOW 3G, PlUpEnc为 128-EEA1 SNOW 3G based algorithm时: ^F ^ —^ Ί ooo^o ™ ^uaoj¾oi i Ύ
Figure imgf000017_0001
£ According to Table 3, when PlRrdnt is 128-EIA1 SNOW 3G and Pl UpEnc is 128-EEA1 SNOW 3G based algorithm: ^F ^ —^ Ί ooo^o TM ^ uaoj3⁄4 oi i Ύ
Figure imgf000017_0001
£
ouaoj¾id 'εοχο ^ ouaoj¾od ^ '¾ I f »ouaoj¾od '^ ^ "ii,, 'ψ^ o uaoj3⁄4 id 'εοχο ^ ouaoj3⁄4 od ^ ' 3⁄4 I f » ouaoj3⁄4 od '^ ^ "ii,, 'ψ^
: ^ Y φ da¾ ^ ouaoj¾¾ ^l O=Dd : ^ Y φ da3⁄4 ^ ouaoj3⁄4 3⁄4 ^l O=Dd
' ouaoj¾ i 、 ouaoj¾ J 、' ou a oj 3⁄4 i , ou a oj 3⁄4 J ,
Figure imgf000017_0002
Figure imgf000017_0002
:( ) Y φ d Dl ^™¾ " - -ί- :W)9  :( ) Y φ d Dl ^TM3⁄4 " - -ί- :W)9
8Π dd¾ ' '°uadn¾ 8Π φ ^^ si da¾ '™¾ ^^' φ da¾ : εο9 ^ 8Π dd3⁄4 ''° uadn 3⁄4 8Π φ ^^ si da3⁄4 'TM3⁄4 ^^' φ da3⁄4 : εο9 ^
9N3,¾ 4 is ^ Y ^ ' ¾ ^罩 ^ D¾¾ ·9Ν3¾ 4 is 9N3 , 3⁄4 4 is ^ Y ^ ' 3⁄4 ^ Cover ^ D3⁄43⁄4 · 9Ν3 3⁄4 4 is
^:^ ^ ' ^¾- D¾¾ k^U^ 'da¾ tirT : Π)9 ^  ^:^ ^ ' ^3⁄4- D3⁄43⁄4 k^U^ 'da3⁄4 tirT : Π)9 ^
• I000X0III0X0III000X0IIS0X0III000X0II^0X0III000X0II170X0IISIX0=IS Οΐ ssBq og 7 ONS 1¥33"8^1 ^ouadnId 'SHV ^¥13"8^1 ^™Id '。f世 • I000 X 0III0 X 0III000 X 0IIS0 X 0III000 X 0II^0 X 0III000 X 0II170 X 0IISI X 0=IS Οΐ ssBq og 7 ONS 1¥33"8^1 ^ ouadn Id 'SHV ^¥13"8^1 ^TM Id '. F
• I000X0II^0X0III000X0IIS0X0III000X0III0X0III000X0II170X0IISIX0=IS 9SBq SHV ^VHH-8^I ^ ouadnId 'DC AONS 1¥13"8^1 ^™Id '。f Y s• I000 X 0II^0 X 0III000 X 0IIS0 X 0III000 X 0III0 X 0III000 X 0II170 X 0IISI X 0=IS 9SBq SHV ^VHH-8^I ^ ouadn Id 'DC AONS 1¥13"8^1 ^ TMId '. f Y s
• I000X0II^0X0III000X0IIS0X0III000X0II^0X0III000X0II170X0IISIX0=IS • I000 X 0II^0 X 0III000 X 0IIS0 X 0III000 X 0II^0 X 0III000 X 0II170 X 0IISI X 0=IS
•I000X0III0X0III000X0IIS0X0III000X0III0X0III000X0II170X0IISIX0=IS • I000 X 0III0 X 0III000 X 0IIS0 X 0III000 X 0III0 X 0III000 X 0II170 X 0IISI X 0 = IS
T69Z.0/0l0ZN3/X3d 06C900/llOZ OAV 根据表 3 , 当?1]^^为 128-EIA1 SNOW 3G 时: T69Z.0/0l0ZN3/X3d 06C900/llOZ OAV According to Table 3, when? 1]^^ is 128-EIA1 SNOW 3G:
S2=0X15II0X03II0X0001II0X01II0X0001 ;  S2=0X15II0X03II0X0001II0X01II0X0001;
又如, 当?1]^^为 128-EIA2 AES 时:  Another example, when? 1]^^ is 128-EIA2 AES:
S2=0X15II0X03II0X0001II0X02II0X0001 ;  S2=0X15II0X03II0X0001II0X02II0X0001;
步骤 605 : 调用 KDF, 在网络的 RRC初始安全激活时, 其输入参数为 S2和 KENB; 在网络的 RRC切换或重建立时, 其输入参数为 S2和 K*ENB; 得到 256比特的 KDF输出字符串; Step 605: Invoke KDF. When the RRC initial security activation of the network, the input parameters are S2 and K ENB ; when the network is RRC switched or re-established, its input parameters are S2 and K* ENB ; and 256-bit KDF output characters are obtained. string;
步骤 606: 截取 KDF输出字符串的高或低 128比特作为 ¾^^。  Step 606: Intercept the high or low 128 bits of the KDF output string as 3⁄4^^.
基于上述的方法, 本发明中实现安全密钥生成的装置, 在生成安全密 钥前, 网络的通信双方协商好对生成三个密钥的 KDF输出字符串的截取方 式, 并且各截取方式最好不要相同, 即生成的三个密钥各不相同, 如图 7 所示, 该装置包括:  Based on the above method, in the device for implementing security key generation in the present invention, before the security key is generated, the communication parties of the network negotiate the interception mode of the KDF output string for generating the three keys, and each interception method is best. Don't be the same, that is, the generated three keys are different. As shown in Figure 7, the device includes:
第一字符串参数构造模块 71、 第二字符串参数构造模块 72、 KDF处理 模块 74、 第一密钥生成模块 75、 第二密钥生成模块 76、 第三密钥生成模块 77; 其中,  The first character string parameter construction module 71, the second character string parameter construction module 72, the KDF processing module 74, the first key generation module 75, the second key generation module 76, and the third key generation module 77;
第一字符串参数构造模块 71 , 用于在选择的加密算法不为空算法时, 构造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密钥其 中两个密钥的 KDF的第一字符串输入参数, 将第一字符串输入参数传送到 KDF处理模块 74; 构造用于生成两个密钥的 KDF的字符串输入参数, 具 体是: 将用于生成所述两个密钥的参数拼接组成一个字符串, 作为 KDF的 字符串输入参数, 选取的参数是; 与各密钥有关的 KDF实例标识、 算法类 型标识、 算法类型标识的字节长度、 加密或者完整性保护算法标识、 加密 或者完整性保护算法标识的字节长度, 在选择的加密算法为空算法时, 该 模块不参加工作。  The first string parameter construction module 71 is configured to generate two parameters, namely, a signaling integrity protection key, a signaling encryption key, and a user data encryption key when the selected encryption algorithm is not a null algorithm. The first string input parameter of the KDF, the first string input parameter is transferred to the KDF processing module 74; constructing a string input parameter of the KDF for generating the two keys, specifically: The parameters of the keys are combined into a string, which is used as a string input parameter of KDF. The selected parameters are: KDF instance identifier, algorithm type identifier, algorithm type identifier byte length, encryption or integrity related to each key. The length of the byte identified by the protection algorithm identification, encryption, or integrity protection algorithm. When the selected encryption algorithm is an empty algorithm, the module does not participate in the work.
第二字符串参数构造模块 72, 用于在选择的加密算法不为空算法时, 构造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密钥中 剩下一个密钥的 KDF的第二字符串输入参数, 传送到 KDF处理模块 74; 在选择的加密算法为空算法时, 构造用于生成信令完整性保护密钥的 KDF 的第二字符串输入参数, 传送到 KDF处理模块 74; a second string parameter construction module 72, configured to: when the selected encryption algorithm is not a null algorithm, Constructing a second string input parameter for generating a signaling integrity protection key, a signaling encryption key, and a KDF remaining in the user data encryption key, and transmitting the same to the KDF processing module 74; When the algorithm is a null algorithm, the second string input parameter of the KDF for generating the signaling integrity protection key is transmitted to the KDF processing module 74;
KDF处理模块 74, 用于在选择的加密算法不为空算法时, 得到 KDF 输出字符串, 将由第一字符串参数构造模块 71传来的第一字符串输入参数 得到的 KDF输出字符串分别发送到第一密钥生成模块 75和第二密钥生成 模块 76;将由第二字符串参数构造模块 72传来的第二字符串输入参数得到 的 KDF输出字符串发送到第三密钥生成模块 77;在选择的加密算法为空算 法时, 只将由第二字符串参数构造模块 72传来的第二字符串输入参数得到 的 KDF输出字符串发送到第三密钥生成模块 77;  The KDF processing module 74 is configured to: when the selected encryption algorithm is not a null algorithm, obtain a KDF output string, and send the KDF output string obtained by the first string input parameter sent by the first string parameter construction module 71 respectively. Go to the first key generation module 75 and the second key generation module 76; send the KDF output string obtained by the second character string input parameter transmitted by the second string parameter construction module 72 to the third key generation module 77. When the selected encryption algorithm is a null algorithm, only the KDF output string obtained by the second string parameter input module 72 is sent to the third key generation module 77;
第一密钥生成模块 75, 用于在选择的加密算法不为空算法时, 按照网 络的通信双方协商好的截取方式, 通过收到的 KDF输出字符串生成所述两 个密钥中的一个密钥; 在选择的加密算法为空算法时, 将 0作为信令加密 密钥或用户数据加密密钥;  The first key generation module 75 is configured to generate one of the two keys by using the received KDF output string according to the interception manner negotiated by the communication parties of the network when the selected encryption algorithm is not a null algorithm. Key; when the selected encryption algorithm is a null algorithm, 0 is used as a signaling encryption key or a user data encryption key;
第二密钥生成模块 76, 用于在选择的加密算法不为空算法时, 按照网 络的通信双方协商好的截取方式, 通过收到的 KDF输出字符串生成所述两 个密钥中的另一个密钥; 在选择的加密算法为空算法时, 该模块将 0作为 用户数据加密密钥或信令加密密钥;  The second key generating module 76 is configured to: when the selected encryption algorithm is not a null algorithm, generate another one of the two keys by using the received KDF output string according to a truncation manner negotiated by the communication parties of the network. a key; when the selected encryption algorithm is an empty algorithm, the module uses 0 as a user data encryption key or a signaling encryption key;
第三密钥生成模块 77, 用于在选择的加密算法不为空算法时, 按照网 络的通信双方协商好的截取方式, 通过收到的 KDF输出字符串生成剩下的 一个密钥; 在选择的加密算法为空算法时, 通过收到的 KDF输出字符串生 成信令完整性保护密钥;  The third key generating module 77 is configured to: when the selected encryption algorithm is not a null algorithm, generate the remaining one key by using the received KDF output string according to the interception manner negotiated by the communication parties of the network; When the encryption algorithm is an empty algorithm, the signaling integrity protection key is generated by the received KDF output string;
所述 KDF处理模块 74设置对应时, 可以设置第一字符串参数构造模 块 71与第一密钥生成模块 75、 第二密钥生成模块 76相对应, 即将由第一 字符串参数构造模块 71传送的第一字符串输入参数得到的 KDF输出字符 串分别发送到第一密钥生成模块 75、 第二密钥生成模块 76; 相应地, 设置 第二字符串参数构造模块 72与第三密钥生成模块 77相对应, 即将由第二 字符串参数构造模块 72传送的第二字符串输入参数得到的 KDF输出字符 串发送到第三密钥生成模块 77。 When the KDF processing module 74 is configured to correspond, the first character string parameter construction module 71 may be configured to correspond to the first key generation module 75 and the second key generation module 76, which is to be first The KDF output string obtained by the first string input parameter transmitted by the string parameter constructing module 71 is sent to the first key generating module 75 and the second key generating module 76 respectively; correspondingly, the second string parameter constructing module is set. 72 corresponds to the third key generation module 77, that is, the KDF output character string obtained by the second character string input parameter transmitted by the second character string parameter construction module 72 is sent to the third key generation module 77.
以上所述 KDF输出字符串可以为 256比特,各密钥生成模块截取 KDF 输出字符串的任意 128比特作为所得密钥。  The KDF output string described above may be 256 bits, and each key generation module intercepts any 128 bits of the KDF output string as the obtained key.
进一步的, 该装置还包括: AS根密钥模块 73;  Further, the apparatus further includes: an AS root key module 73;
AS根密钥模块 73 ,用于向 KDF处理模块 74提供 AS根密钥,具体地, 在网络的 RRC初始安全激活时, 提供 KDF的另一输入参数: KeNB; 在网 络的 RRC切换或重建立时, 提供 KDF的另一输入参数: K*eNBThe AS root key module 73 is configured to provide an AS root key to the KDF processing module 74. Specifically, when the RRC initial security activation of the network is performed, another input parameter of the KDF is provided: K eNB ; RRC switching or reestablishing in the network For the time being, provide another input parameter for KDF: K* eNB .
以上所述, 仅为本发明的较佳实施例而已, 并非用于限定本发明的保 护范围, 凡在本发明的精神和原则之内所作的任何修改、 等同替换和改进 等, 均应包含在本发明的保护范围之内。  The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included. Within the scope of protection of the present invention.

Claims

权利要求书 Claim
1、 一种安全密钥的生成方法, 其特征在于, 生成接入层 AS的安全密 钥时, 该方法包括:  A method for generating a security key, characterized in that, when generating a security key of an access layer AS, the method includes:
如果选择的加密算法为空算法:  If the encryption algorithm chosen is an empty algorithm:
信令加密密钥和用户数据加密密钥直接置为 0;构造用于生成信令完整 性保护密钥的密钥生成函数(KDF ) 的字符串输入参数, 调用 KDF, 通过 得到的 KDF输出字符串生成信令完整性保护密钥;  The signaling encryption key and the user data encryption key are directly set to 0; a string input parameter of a key generation function (KDF) for generating a signaling integrity protection key is constructed, KDF is called, and the obtained KDF output character is obtained. The string generates a signaling integrity protection key;
如果选择的加密算法不为空算法:  If the chosen encryption algorithm is not empty:
构造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密 钥其中两个密钥的 KDF的字符串输入参数, 调用 KDF, 通过得到的 KDF 输出字符串生成所述两个密钥;  Constructing a string input parameter of KDF for generating a signaling integrity protection key, a signaling encryption key, and a user data encryption key, and calling KDF, generating the two by using the obtained KDF output string Key
构造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密 钥中剩下的一个密钥的 KDF 的字符串输入参数, 调用 KDF, 通过得到的 KDF输出字符串生成所述密钥。  Constructing a string input parameter of KDF for generating a signaling integrity protection key, a signaling encryption key, and a remaining one of the user data encryption keys, calling KDF, and generating a KDF output string Said key.
2、 根据权利要求 1所述的一种安全密钥的生成方法, 其特征在于, 所 述构造用于生成信令完整性保护密钥的 KDF的字符串输入参数, 具体为: 选取用于生成信令完整性保护密钥的参数: KDF实例标识、 算法类型标识、 算法类型标识的字节长度、 完整性保护算法标识、 完整性保护算法标识的 字节长度, 将所述各参数进行串联, 构造成 KDF的字符串输入参数。  The method for generating a security key according to claim 1, wherein the string input parameter of the KDF configured to generate a signaling integrity protection key is specifically: The parameters of the signaling integrity protection key: the KDF instance identifier, the algorithm type identifier, the byte length of the algorithm type identifier, the integrity protection algorithm identifier, and the byte length of the integrity protection algorithm identifier, and the parameters are connected in series. A string input parameter constructed as KDF.
3、根据权利要求 1或 2所述的一种安全密钥的生成方法,其特征在于, 所述在选择的加密算法为空算法时, 通过收到的 KDF输出字符串生成信令 完整性保护密钥, 具体为: 截取 KDF输出字符串的 128比特作为所述信令 完整性保护密钥。  The method for generating a security key according to claim 1 or 2, wherein when the selected encryption algorithm is an empty algorithm, signaling integrity protection is generated by the received KDF output string. The key is specifically: intercepting 128 bits of the KDF output string as the signaling integrity protection key.
4、 根据权利要求 1所述的一种安全密钥的生成方法, 其特征在于, 所 述构造用于生成两个密钥的 KDF的字符串输入参数, 具体包括: 将分别用 于生成所述两个密钥的参数拼接组成一个字符串, 作为 KDF的字符串输入 参数。 The method for generating a security key according to claim 1, wherein the string input parameter for generating the KDF of the two keys specifically includes: The parameters for generating the two keys are concatenated to form a string as a string input parameter of the KDF.
5、 根据权利要求 4所述的一种安全密钥的生成方法, 其特征在于, 所 述将分别用于生成两个密钥的参数拼接组成一个字符串, 具体为: 选取用 于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密钥中的两个 密钥的参数, 包括: KDF实例标识、 算法类型标识、 算法类型标识的字节 长度、 加密或者完整性保护算法标识、 加密或者完整性保护算法标识的字 节长度, 将所述各参数进行串联拼接组成一个字符串。  The method for generating a security key according to claim 4, wherein the parameters used to generate the two keys are spliced to form a character string, specifically: selecting for generating signaling The parameters of the two keys in the integrity protection key, the signaling encryption key, and the user data encryption key, including: KDF instance identifier, algorithm type identifier, byte length of the algorithm type identifier, encryption or integrity protection algorithm The length of the identifier identified by the identification, encryption, or integrity protection algorithm, and the parameters are concatenated in series to form a string.
6、 根据权利要求 1、 4或 5所述的一种安全密钥的生成方法, 其特征 在于, 如果选择的加密算法不为空算法,  6. A method of generating a security key according to claim 1, 4 or 5, wherein if the selected encryption algorithm is not an empty algorithm,
所述生成所述两个密钥具体为: 截取所述 KDF输出字符串的 128比特 作为所述两个密钥中的一个密钥, 再截取所述 KDF输出字符串的 128比特 作为所述两个密钥中的另一个密钥;  The generating the two keys is specifically: intercepting 128 bits of the KDF output string as one of the two keys, and then intercepting 128 bits of the KDF output string as the two Another key in the key;
所述生成所述密钥具体为: 截取所述 KDF输出字符串的 128比特作为 所述剩下的一个密钥。  The generating the key is specifically: intercepting 128 bits of the KDF output string as the remaining one key.
7、 根据权利要求 1所述的一种安全密钥的生成方法, 其特征在于, 所 述的调用 KDF, 具体为: KDF以 AS根密钥和所述 KDF的字符串输入参数 作为输入参数得到所述 KDF输出字符串。  The method for generating a security key according to claim 1, wherein the calling KDF is specifically: KDF is obtained by using an AS root key and the KDF string input parameter as input parameters. The KDF output string.
8、 一种安全密钥的生成装置, 其特征在于, 该装置包括:  8. A device for generating a security key, the device comprising:
第一字符串参数构造模块, 用于在选择的加密算法不为空算法时, 构 造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密钥其中 两个密钥的 KDF的第一字符串输入参数;  a first string parameter construction module, configured to generate two of a signaling integrity protection key, a signaling encryption key, and a user data encryption key when the selected encryption algorithm is not a null algorithm The first string input parameter of KDF;
第二字符串参数构造模块, 用于在选择的加密算法不为空算法时, 构 造用于生成信令完整性保护密钥、 信令加密密钥和用户数据加密密钥中剩 下的一个密钥的 KDF的第二字符串输入参数, 传送到 KDF处理模块; 在 选择的加密算法为空算法时, 构造用于生成信令完整性保护密钥的 KDF的 第二字符串输入参数, 传送到 KDF处理模块; a second string parameter construction module, configured to generate a signaling integrity protection key, a signaling encryption key, and a remaining one of the user data encryption keys when the selected encryption algorithm is not a null algorithm The second string input parameter of the key KDF is passed to the KDF processing module; When the selected encryption algorithm is an empty algorithm, constructing a second string input parameter of the KDF for generating a signaling integrity protection key, and transmitting the parameter to the KDF processing module;
KDF处理模块, 用于得到 KDF输出字符串, 将由所述 KDF的第一字 符串输入参数得到的所述 KDF输出字符串分别发送到第一密钥生成模块和 第二密钥生成模块;将由所述 KDF的第二字符串输入参数得到的所述 KDF 输出字符串发送到第三密钥生成模块;  a KDF processing module, configured to obtain a KDF output string, and send the KDF output string obtained by the first string input parameter of the KDF to the first key generation module and the second key generation module respectively; The KDF output string obtained by the second string input parameter of the KDF is sent to the third key generation module;
第一密钥生成模块, 用于在选择的加密算法不为空算法时, 通过收到 的所述 KDF输出字符串生成所述两个密钥中的一个密钥; 在选择的加密算 法为空算法时, 将 0作为信令加密密钥或用户数据加密密钥;  a first key generation module, configured to generate one of the two keys by using the received KDF output string when the selected encryption algorithm is not a null algorithm; the selected encryption algorithm is empty In the algorithm, 0 is used as a signaling encryption key or a user data encryption key;
第二密钥生成模块, 用于在选择的加密算法不为空算法时, 通过收到 的所述 KDF输出字符串生成所述两个密钥中的另一个密钥; 在选择的加密 算法为空算法时, 该模块将 0作为用户数据加密密钥或信令加密密钥; 第三密钥生成模块, 用于在选择的加密算法不为空算法时, 通过收到 的所述 KDF输出字符串生成所述剩下的一个密钥; 在选择的加密算法为空 算法时, 通过收到的 KDF输出字符串生成信令完整性保护密钥。  a second key generating module, configured to generate another one of the two keys by using the received KDF output string when the selected encryption algorithm is not a null algorithm; When the algorithm is empty, the module uses 0 as the user data encryption key or the signaling encryption key. The third key generation module is configured to output the character through the received KDF when the selected encryption algorithm is not empty. The string generates the remaining one key; when the selected encryption algorithm is a null algorithm, the signaling integrity protection key is generated by the received KDF output string.
9、 根据权利要求 8所述的一种安全密钥的生成装置, 其特征在于, 该 装置还包括:  The apparatus for generating a security key according to claim 8, wherein the apparatus further comprises:
AS根密钥模块, 用于向 KDF处理模块提供 AS根密钥。  The AS root key module is used to provide an AS root key to the KDF processing module.
PCT/CN2010/072691 2009-07-15 2010-05-12 Method and device for generating security keys WO2011006390A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910151993.1 2009-07-15
CN200910151993.1A CN101938743B (en) 2009-06-30 2009-07-15 Generation method and device of safe keys

Publications (1)

Publication Number Publication Date
WO2011006390A1 true WO2011006390A1 (en) 2011-01-20

Family

ID=43450112

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/072691 WO2011006390A1 (en) 2009-07-15 2010-05-12 Method and device for generating security keys

Country Status (1)

Country Link
WO (1) WO2011006390A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1601957A (en) * 2003-09-22 2005-03-30 华为技术有限公司 Method of distributing group secret keys
US20080120728A1 (en) * 2006-11-21 2008-05-22 Innovative Sonic Limited Method and apparatus for performing integrity protection in a wireless communications system
CN101257723A (en) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 Method, apparatus and system for generating cipher key
CN101267668A (en) * 2008-04-16 2008-09-17 中兴通讯股份有限公司 Secret key generation method, device and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1601957A (en) * 2003-09-22 2005-03-30 华为技术有限公司 Method of distributing group secret keys
US20080120728A1 (en) * 2006-11-21 2008-05-22 Innovative Sonic Limited Method and apparatus for performing integrity protection in a wireless communications system
CN101257723A (en) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 Method, apparatus and system for generating cipher key
CN101267668A (en) * 2008-04-16 2008-09-17 中兴通讯股份有限公司 Secret key generation method, device and system

Similar Documents

Publication Publication Date Title
US11777716B2 (en) Key exchange method and apparatus
CN102257842B (en) Enhanced security for direct link communications
WO2017114123A1 (en) Key configuration method and key management center, and network element
JP5597676B2 (en) Key material exchange
CN107079023B (en) User plane security for next generation cellular networks
KR101485279B1 (en) Switch equipment and data processing method for supporting link layer security transmission
WO2013185735A2 (en) Encryption realization method and system
CN104618901A (en) Method for processing NAS information in WTRU and WTRU
WO2012024906A1 (en) Mobile communication system and voice call encryption method thereof
CN106134231A (en) Key generation method, equipment and system
WO2020133543A1 (en) Communication method and related product
WO2012083873A1 (en) Method, apparatus and system for key generation
WO2022027476A1 (en) Key management method and communication apparatus
CN101938743B (en) Generation method and device of safe keys
WO2017032298A1 (en) Key distribution and receiving method, key management center, first network element and second network element
WO2017080142A1 (en) Key distribution, generation and reception method, and related apparatus
WO2022237561A1 (en) Communication method and apparatus
WO2011006390A1 (en) Method and device for generating security keys
WO2016176902A1 (en) Terminal authentication method, management terminal and application terminal
WO2011127775A1 (en) Update method for air interface key and radio access system
WO2022198671A1 (en) Communication method and apparatus
CN108965262B (en) MPTCP authentication method and system for private network
CN101527905A (en) Wireless local area network identification and privacy infrastructure unicast key agreement method and system thereof
WO2012009981A1 (en) Method, core network node and radio access system for updating air interface keys
Huang et al. A secure wireless communication system by integrating RSA and Diffie-Hellman PKDS in 4G environments and an intelligent protection-key chain with a data connection core

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10799388

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10799388

Country of ref document: EP

Kind code of ref document: A1