WO2012028010A1 - Authentication method, apparatus and system - Google Patents

Authentication method, apparatus and system Download PDF

Info

Publication number
WO2012028010A1
WO2012028010A1 PCT/CN2011/075823 CN2011075823W WO2012028010A1 WO 2012028010 A1 WO2012028010 A1 WO 2012028010A1 CN 2011075823 W CN2011075823 W CN 2011075823W WO 2012028010 A1 WO2012028010 A1 WO 2012028010A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
rand
network side
key
autn
Prior art date
Application number
PCT/CN2011/075823
Other languages
French (fr)
Chinese (zh)
Inventor
和峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012028010A1 publication Critical patent/WO2012028010A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • a Long Term Evolution (LTE) network is an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and an Evolved Packet Switching Center (Evolved Universal Terrestrial Radio Access Network).
  • Evolved Packet Core (referred to as EPC), the network is flat.
  • the EUTRAN is connected to the EPC through the S1 interface.
  • the EUTRAN is composed of a plurality of interconnected Evolved NodeBs (eNBs), and each eNB is connected through an X2 interface; the EPC is composed of a Mobility Management Entity (MME) and a monthly service gateway.
  • MME Mobility Management Entity
  • the entity (Serving Gateway, S-GW for short) is composed.
  • HE Home Environment
  • HSS Home Subscriber Server
  • HLR Home Location Register
  • User database It contains user profiles that perform user authentication and authorization, and provides information about the user's physical location.
  • 3GPP Third Generation Partnership Projects 4 danced the Long-Term Evolution advance (LTE-Advanced) standard. .
  • LTE-Advanced retains the core of LTE for the evolution of Long-Term Evolution (LTE) system. Based on this, a series of technologies are used to expand the frequency domain and airspace to improve spectrum utilization. Increase system capacity and other purposes.
  • Wireless relay technology is one of the core technologies in LTE-Advanced. It aims to extend the coverage of cells, reduce dead zones in communications, balance load, transfer services in hotspots, and save user equipment ( User Equipment , Referred to as UE), that is, the transmit power of the terminal.
  • UE User Equipment
  • 2 is a schematic diagram of an access network architecture after a relay node is introduced according to the related art. As shown in FIG. 2, a new relay node (Relay-Node, referred to as RN) is added to the existing network architecture. A wireless connection is used between this new RN and the donor evolved base station (Donor-eNB). The interface between the Donor-eNB and the RN is called the Un port. The radio link between the two is called the backhaul link.
  • Relay-Node referred to as RN
  • Donor-eNB donor evolved base station
  • Un port The interface between the Donor-eNB and the RN
  • the radio link between the two is called the backhaul link.
  • the interface between the RN and the UE is called the Uu port.
  • the wireless link between them is called the Uu port.
  • the path is called the access link.
  • the downlink data arrives at the Donor-eNB first and then passes to the RN, RN. Then transmit to the UE, and vice versa.
  • the donor evolved base station Donor-eNB is uniformly described as an evolved base station eNB.
  • the RN can be used as a common terminal device or as a base station.
  • the RN can access the wireless network like a normal UE.
  • the normal UE will authenticate the user and authenticate the Key Agreement (AKA) on the network side.
  • AKA Key Agreement
  • FIG. 3 is a flow chart of the AKA process of the UE according to the related art.
  • the process includes the following steps: Step 301: The MME initiates an authentication data request message to the HSS, where The user of the UE is only information, such as: International Mobile Subscriber Identity (IMSI) of the UE, and the Internet Service Identity (SN ID) and network type information (Network type).
  • IMSI International Mobile Subscriber Identity
  • SN ID Internet Service Identity
  • Network type Network type information
  • RAND is the random challenge generated by the HSS
  • XRES is the expected user response of the network side
  • Kasme is an intermediate key generated by the HSS.
  • the key is mainly used to derive the non-connected key.
  • Step 305 The MME sends a User Authentication Request message to the UE, where the authentication data RAND and AUTN generated by the HS S are carried.
  • the method of the danger certificate is to use the SQN*AK in RAND, AUTN, and the UE's talent key K to generate a message-risk code XMAC, and - Whether the XMAC and the AUTN have the same MAC value, if they are consistent, they are recognized as the AUTN-risk certificate, then the RES value is calculated according to the agreement algorithm according to the RAND and the key K, and the user authentication response is passed.
  • the message is sent to the MME.
  • the UE is a general term for a mobile device (Mobile Equipment, ME for short) and a Universal Subscriber Identity Module (USIM). The foregoing process is actually performed by the USIM.
  • the USIM certification is completed, that is, user authentication.
  • the USIM generates IK and CK according to the root key K and sends it to the ME.
  • the ME generates the intermediate key Kasme according to IK and CK, and completes the USIM authentication (or contract authentication) of the network to the terminal through the above process. Subscription Authentication ) and key agreement.
  • the above authentication method can only implement the USIM authentication of the RN when the RN is accessed as a terminal, but the above authentication cannot ensure the legitimacy of the RN as a base station, and the security of the user equipment of the RN service is relatively low. .
  • a primary object of the present invention is to provide an authentication method, apparatus, and system for solving the problem that the authentication method in the related art cannot guarantee the legitimacy of the RN as a base station, and the security of the user equipment served by the RN is relatively low.
  • An aspect of the present invention provides an authentication method, including: a relay node RN receiving a device authentication request, where the device authentication request carries device authentication data generated using a user authentication vector; and the RN generates a corresponding device according to the device authentication data.
  • the authentication response value is sent, and the device authentication response carrying the device authentication response value is sent to the network side for authenticating the RN.
  • the method further includes: the network side acquiring the device identifier of the RN or the device certificate information of the RN by using the received non-access stratum (NAS) message; the network side according to the device identifier of the RN or the network side
  • the device certificate information determines the device-related key of the RN; the network side uses the device-related key to generate the device authentication data, and sends the device authentication data to the RN through the device authentication request.
  • the device related key is one of the following: the device related key is a RN device subscription information or a pre-shared key or parameter in the device certificate; the device related key is a new key generated by a pre-shared key or parameter. Or new parameters.
  • the network side uses the device-related key to generate the device authentication data, including: using the device-related key of the RN, optional parameters, RAND and/or AUTN in ⁇ RAND, XRES, Kasme, AUTN ⁇ in the user authentication vector.
  • the predetermined algorithm performs encryption and generates device authentication data RAND D and/or AUTN_D; or uses device related keys, optional parameters, RAND and/or AUTN in ⁇ RAND, XRES, Kasme, AUTN ⁇ in the user authentication vector.
  • the optional parameters are one of the following: RN and data shared by the network side; random numbers generated by the network side and/or the RN.
  • the RN generates a corresponding device authentication response value according to the device authentication data, including: the RN decrypts according to a predetermined algorithm using a device-related key, an optional parameter, the received RAND_D and/or AUTN_D, and obtains RAND and/or AUTN; Generating a user response value RES according to the user authentication method of the packet evolution system authentication and key agreement EPS AKA using RAND and/or AUTN, and determining that the user response value RES is the device authentication response value RES D; or the device related to the RN using the RN
  • the key, the optional parameter, the received RAND_D and/or AUTH_D1 are decrypted according to a predetermined algorithm, and RAND and/or AUTH are obtained; the user response value RES is generated according to the user authentication method of the EPS AKA using RAND and/or AUTN, and is determined.
  • the user response value RES is the device authentication response value RES D.
  • the network side uses the device-related key to generate the device authentication data, including: selecting RAND and AUTN in the user authentication vector ⁇ RAND, XRES, Kasme, AUTN ⁇ as device authentication data; using the device-related key, the user authentication vector ⁇ RAND
  • the desired user response XRES and optional parameters in XRES, Kasme, AUTN ⁇ generate a desired device authentication response XRES_D according to a predetermined algorithm, and determine XRES_D as device authentication data, where RAND is a random number generated by the network side, and Kasme is a medium density
  • the key, AUTN is a network authentication flag, and the optional parameters are one of the following: RN and data shared by the network side; random numbers generated by the network side and/or the RN.
  • the RN generates a corresponding device authentication response value according to the device authentication data, including: the RN generates a user response value RES according to the user authentication method of the EPS AKA; and generates a device authentication response value according to a predetermined algorithm by using the device related key, the RES, and the optional parameter. RES_D.
  • the network side uses the device-related key to generate the device authentication data, including: generating a new random value RAND D according to a predetermined algorithm by using a device-related key, a random value RAND generated by the network side, and an optional parameter, where the optional parameter is One of the following: RN and network side shared data; network side and / or RN generated random number; use RAND_D as a random password to calculate the user authentication vector to generate a new user authentication vector ⁇ RAND_D, XRES D, Kasme D, AUTN D ⁇ ; and determine that the device authentication data sent to the RN is RAND and AUTN_D, where RAND is generated by the network side
  • the random number, XRES_D is the new network side expected response after calculation, Kasme_D is the new intermediate key after calculation, and AUTN_D is the new network authentication mark after calculation.
  • the RN Preferably, the RN generates a corresponding device authentication response value according to the device authentication data, where the RN uses the device-related key, the optional parameter, and the received RAND to generate a new random value RAND D according to a predetermined algorithm; the RN performs user authentication according to the EPS AKA.
  • the method uses the new random value RAND D to perform a risk check on the received AUTN_D, and generates a device authentication response value RES D.
  • the method further includes: The network side receives the device authentication response value RES D; determines whether the device authentication response value RES D is consistent with the expected device response XRES_D; if the determination result is consistent, it is determined that the RN authentication is passed.
  • the method further includes: The RN and the network side set an association key, where the association key is one of the following: a device-related key; a new key generated by using a device-related key and a parameter according to a predetermined derivation algorithm, parameters include: Kasme, derived from Kasme Key, key or parameter related to the user subscription information of the RN.
  • the network side includes: a mobility management entity MME and a home subscriber server HSS.
  • An aspect of the present invention provides a relay node, including: a first receiving module, configured to receive a device authentication request, where the device authentication request carries device authentication data generated by using a user authentication vector; and the first generating module is configured to be based on the device The authentication module generates a corresponding device authentication response value, and the first sending module is configured to send the device authentication response carrying the device authentication response value to the network side for authenticating the RN.
  • the first generating module includes: a first decryption submodule, Set to use the device-related key, optional parameters, received RAND_D and/or AUTN_D to decrypt according to a predetermined algorithm, and get RAND and AUTN; first device authentication response value generation sub-module, set to use RAND and / or AUTN User authentication method based on packet evolution system authentication and key agreement EPS AKA The user response value RES and determining that the user response value RES is the device authentication response value RES_D.
  • the first generation module comprises: a second decryption sub-module configured to use the device-related key, the optional parameter, the received RAND_D, and / or AUTH_D1 decrypted according to a predetermined algorithm, and get RAND and / or AUTH; Second device authentication response value generation sub-module, set to use RAND And/or AUTN generates a user response value RES according to the user authentication method of the EPS AKA, and determines that the user response value RES is the device authentication response value RES D.
  • a second decryption sub-module configured to use the device-related key, the optional parameter, the received RAND_D, and / or AUTH_D1 decrypted according to a predetermined algorithm, and get RAND and / or AUTH
  • Second device authentication response value generation sub-module set to use RAND And/or AUTN generates a user response value RES according to the user authentication method of the EPS AKA, and determines that the user response value
  • the first generation module includes: a user response value generation module, which is set to follow the EPS
  • the user authentication method of the AKA generates a user response value RES
  • the third device authentication response value generation sub-module is configured to generate the device authentication response value RES D according to a predetermined algorithm using the device-related key, RES and optional parameters.
  • the first The generating module includes: a first random value generating submodule configured to generate a new random value RAND D according to a predetermined algorithm by using a device related key, a random value generated by the network side, and an optional parameter, and the optional parameter is one of the following: RN Data shared with the network side; random number generated by the network side and/or the RN; a fourth device authentication response value generation sub-module, configured to perform the received AUTN_D using the new random value RAND D according to the user authentication method of the EPS AKA - a risk certificate, and a device authentication response value RES D provoke D.
  • a first random value generating submodule configured to generate a new random value RAND D according to a predetermined algorithm by using a device related key, a random value generated by the network side, and an optional parameter, and the optional parameter is one of the following: RN Data shared with the network side; random number generated by the network side and/or the RN; a fourth device authentication response value generation sub-module,
  • the device further includes: a first associated key setting module, Set to set the association key, where the association key is one of the following: device-related key; device-related key and parameter-generated new key generated according to a predetermined derivation algorithm, parameters include: Kasme, a key derived from Kasme, The key or parameter associated with the RN's user subscription information.
  • a first associated key setting module Set to set the association key, where the association key is one of the following: device-related key; device-related key and parameter-generated new key generated according to a predetermined derivation algorithm, parameters include: Kasme, a key derived from Kasme, The key or parameter associated with the RN's user subscription information.
  • a further aspect of the present invention provides a network side, including: an obtaining module, configured to acquire, by using a received non-access stratum NAS message, a device identifier of the RN or device credential information of the RN; and a determining module, configured to be according to the RN
  • the device identifier or the device certificate information on the network side determines the device-related key of the RN
  • the second generation module is configured to generate the device authentication data according to the device-related key
  • the second sending module is configured to send the device authentication data through the device authentication request To the RN.
  • the second generation module comprises: a first device authentication data generation submodule, configured to use a device related key of the RN, an optional parameter, and a RAND in the ⁇ RAND, XRES, Kasme, AUTN ⁇ in the user authentication vector.
  • a first device authentication data generation submodule configured to use a device related key of the RN, an optional parameter, and a RAND in the ⁇ RAND, XRES, Kasme, AUTN ⁇ in the user authentication vector.
  • / or AUTN is encrypted according to a predetermined algorithm, and generates device authentication data RAND_D and / or AUTN_D; or a second device authentication data generation sub-module, set to use the device-related key, optional parameters, user authentication vector ⁇ RAND, XRES,
  • the optional parameters are one of the following: data shared by the RN
  • the second generating module comprises: a selecting submodule, configured to select RAND and AUTN in the user authentication vector ⁇ RAND, XRES, Kasme, AUTN ⁇ as device authentication data; and third device authentication data generating submodule, set to use
  • the device-related key, the desired user response XRES and optional parameters in ⁇ RAND, XRES, Kasme, AUTN ⁇ in the user authentication vector generate a desired device authentication response XRES_D according to a predetermined algorithm, and determine XRES_D as device authentication data, wherein RAND It is a random number generated by the network side, Kasme is an intermediate key, and AUTN is a network authentication flag.
  • the optional parameters are one of the following: RN and data shared by the network side; and random numbers generated by the network side and/or the RN.
  • the second generating module includes: a second random value generating submodule, configured to generate a new random value RAND_D according to a predetermined algorithm by using a device-related key of the RN to randomly generate a random value RAND and an optional parameter on the network side, where The optional parameter is one of the following: RN and network side shared data; network side and/or RN generated random number; fourth device authentication data generation submodule, set to use RAND_D as random password generation for calculating user authentication vector A new user authentication vector ⁇ RAND D, XRES D, Kasme D, AUTN D ⁇ ; and determine that the device authentication vector sent to the RN is RAND and AUTN_D, where RAND is a random number generated by the network side, and XRES D is calculated.
  • the new network side expects a response, Kasme_D is the calculated new intermediate key, and AU
  • the apparatus further includes: a second associated key setting module, configured to set an association key, wherein the association key is one of: a device-related key; a device-related key and a parameter generated according to a predetermined derivation algorithm
  • the new key, parameters include: Kasme, the key derived from Kasme, the key or parameter associated with the user subscription information of the RN.
  • the foregoing apparatus further includes: a first setting module, configured to: set a cell in the device authentication request to instruct the RN to perform device authentication; and a second setting module, configured to set an existing cell or a field indirect indication in the device authentication request
  • the RN performs device authentication.
  • the network side comprises: a mobility management entity (MME) and a home subscriber server (HSS).
  • MME mobility management entity
  • HSS home subscriber server
  • an authentication system is provided, including: the foregoing RN and a network side.
  • the relay node receives the device authentication request for authentication, and sends the generated corresponding device authentication response value to the network side for authentication of the RN, which solves the problem that the authentication method in the related art cannot guarantee the RN.
  • FIG. 2 is a schematic diagram of an access network architecture after introducing a relay node according to the related art
  • FIG. 3 is a flowchart of an AKA process of a UE according to the related art
  • 4 is a flowchart of an authentication method according to an embodiment of the present invention
  • FIG. 5 is a flowchart of device authentication according to a preferred embodiment of the present invention
  • FIG. 6 is a schematic diagram of generating a device association key according to the present invention
  • FIG. 8 is a block diagram showing a preferred structure of a relay node according to an embodiment of the present invention
  • FIG. 9 is a structural block diagram of a network side according to an embodiment of the present invention. A preferred block diagram of the network side of the embodiment of the invention.
  • FIG. 4 is a flowchart of an authentication method according to an embodiment of the present invention. As shown in FIG. 4, the method includes: Step S402: A RN receives a device authentication request, where the device authentication request is carried in There is device authentication data generated using the user authentication vector.
  • Step S404 The RN generates a corresponding device authentication response value according to the device authentication data, and sends a device authentication response carrying the device authentication response value to the network side for authenticating the RN.
  • the RN receives the device authentication request for authentication, and sends the generated device authentication response value to the network side for authenticating the RN, which solves the problem that the authentication method in the related art cannot guarantee the legitimacy of the RN as the base station.
  • the problem that the security of the user equipment of the RN service is relatively low is achieved, thereby ensuring the legitimacy of the RN as a base station, thereby improving the security of the user equipment of the RN service.
  • the device authentication request message and the device authentication response message used in steps S402 and S404 may multiplex the user authentication request message and the user authentication response message in the current EPS AKA process.
  • the method further includes: the network side acquires the device identifier of the RN or the device certificate information of the RN by using the received NAS message; the network side determines the RN according to the device identifier of the RN or the device certificate information of the network side. Device-related key; The network side uses the device-related key to generate device authentication data, and sends the device authentication data to the RN through the device authentication request.
  • the network side determines the device related key, and then generates the device authentication data according to the relevant key, thereby improving the reliability of the authentication method.
  • the device related key is one of the following: the device related key is a RN device subscription information or a pre-shared key or parameter in the device certificate; the device related key is a new key generated by a pre-shared key or parameter. Or new parameters.
  • the device-related key of an RN is known only by the RN and the legitimate network operator, and the attacker cannot obtain the information, thereby realizing the flexibility of key setting and improving the reliability of the system. .
  • a preferred embodiment of the device-side key generation device authentication data used by the network side in the above steps will be described below.
  • the RN of step S404 uses the device-related key and optional parameters.
  • the received RAND D and/or AUTN_D are decrypted according to a predetermined algorithm, and RAND and/or AUTN in the original user authentication vector are obtained, and the user response method of the EPS AKA is used to generate the RES of the user response value, and the user response is determined.
  • Value is the device authentication response value RES_D; or
  • the RN uses the device-related key of the RN, optional parameters, receives RAND_D and/or AUTH_D1 to decrypt according to a predetermined algorithm, and obtains RAND and/or AUTH, and generates a user response according to the user authentication method of EPS AKA using RAND and/or AUTN.
  • the value RES and the user response value RES is determined to be the device authentication response value RES_D.
  • the parameter uses the device-related key and the desired device response XRES and optional in the user authentication vector ⁇ RAND, XRES, Kasme, AUTN ⁇
  • the parameter generates a desired device authentication data response XRES D according to a predetermined algorithm, and determines XRES_D as device authentication data, where RAND is a random number generated by the network side, Kasme is an intermediate key, AUTN is a network authentication flag, and optional parameters are as follows One: data shared by the RN and the network side; a random number generated by the network side and/or the RN.
  • the preferred embodiment ensures that only legitimate devices can correctly decrypt the authentication data, thereby generating a legal authentication response value, which ensures the legality and accuracy of the device.
  • a preferred embodiment in which the RN of step S404 generates a corresponding device authentication response value based on the device authentication data will be described below.
  • RN generates user response value according to user authentication method of EPS AKA RES
  • a device authentication response value RES_D is generated according to a predetermined algorithm using a device-related key, RES, and optional parameters.
  • the device authentication response value is generated according to a predetermined algorithm by using the device-related key and the random value, and the legality of the device authentication response value is ensured.
  • a new random value RAND_D is generated according to a predetermined algorithm by using a device-related key, a random value RAND generated by the network side, and an optional parameter, where the optional parameter is one of the following: RN and data shared by the network side; Or the random number generated by the RN; secondly, use RAND_D as a random password for calculating the user authentication vector to generate a new user authentication vector ⁇ RAND_D, XRES D, Kasme D, AUTN D ⁇ , and finally determine the device authentication data sent to the RN as RAND and AUTN_D Sent to the RN.
  • the encryption of the random value is implemented, and then the device-related (or bound) device authentication vector is generated, which improves the reliability of the device authentication data.
  • the RN of step S404 uses the device-related key, optional parameters, and the received RAND to generate a new random value RAND D according to a predetermined algorithm; and uses the RAND_D to perform a risk certificate on the received AUTN_D according to the user authentication method of the EPS AKA and generate a device authentication response.
  • the value RES_D uses the device-related key, optional parameters, and the received RAND to generate a new random value RAND D according to a predetermined algorithm; and uses the RAND_D to perform a risk certificate on the received AUTN_D according to the user authentication method of the EPS AKA and generate a device authentication response.
  • the value RES_D is a preferred embodiment in which the RN of step S404 generates a corresponding device authentication response value based on the device authentication data.
  • the device authentication response value is generated by the network side and the RN of the preferred embodiment according to a predetermined algorithm by using the device related key and the random value. The legality and accuracy of the device certification response value are ensured.
  • the method further includes: a network side receiving device authentication response value RES D; determining whether the device authentication response value RES D is consistent with the expected device response XRES_D; The result is consistent, then it is determined that the RN authentication is passed. It is implemented to determine whether the device authentication response value and the network side expected device response are consistent. In the case of consistency, it is determined that the RN authentication is passed.
  • the RN is used as the legality authentication of the base station, which effectively improves the security of the RN and the user equipment it serves.
  • the method further includes: the RN and the network side setting an association key, where the association key is one of the following: a device-related key; using the device-related key and the parameter generated according to a predetermined derivation algorithm
  • the new key, parameters include: Kasme, a key derived from Kasme, a key or parameter associated with the user subscription information of the RN.
  • the setting of the association key is implemented, thereby effectively preventing the attacker from eavesdropping and tampering with the communication content, thereby ensuring information security of the network side network element.
  • the device is set to indicate that the RN performs device authentication in the device authentication request, or the existing cell or field is set in the device authentication request to indirectly instruct the RN to perform device authentication.
  • Multiplex authentication request cancellation A certain cell or field in the information, for example, may use the reserved bit of the AMF field in the AUTN cell as the indication information, and notify the R N to perform device authentication. Increased flexibility in authentication requests.
  • the authentication data (such as RAND_D, or AUTN_D, or XRES_D, etc.) of all the above embodiments
  • other parameters may be used, such as the network side (ie, MME and / or HSS) a parameter shared with the RN, or a random number generated by the network side and/or the RN, etc.; if the latter, the random value needs to be notified to the opposite end in the corresponding request and/or response message .
  • the method further includes: the RN setting an association key, where the association key is one of the following: a device-related key; generating the device-related key and the parameter according to a predetermined key derivation algorithm
  • the new key, parameters include: Kasme or a key derived from Kasme, a key or parameter associated with the RN's user subscription information.
  • the foregoing predetermined algorithm includes: a Key Derivation Function (KDF) or an encryption algorithm.
  • KDF Key Derivation Function
  • the existing key derivation algorithm or encryption algorithm is used to reduce development costs.
  • the embodiment provides a device authentication method, where the method includes: Step 1: The RN sends the device identification information to the MME by using a NAS message;
  • the identifier information of the RN may be a device identifier of the RN, such as an International Mobile Equipment Identity (IMEI) of the RN, or device certificate information of the RN.
  • Step 2 The MME initiates a device authentication request to the RN according to the device authentication data, and notifies the RN to perform device authentication, and the RN generates a device authentication response value according to the device authentication request, and sends the device authentication response value to the MME, and the MME confirms the device authentication. whether succeed.
  • IMEI International Mobile Equipment Identity
  • the authentication process initiated by the RN device may reuse an existing AKA process or may use a new message flow.
  • the method for notifying the RN to perform device authentication may be: in the device authentication request message, the RN may be notified by adding an explicit cell to perform device authentication; The message is implicitly notified to the RN, that is, a certain cell or field in the multiplex device authentication request message.
  • the reserved bit of the AMF field in the AUTN cell can be used as the indication information, and the RN is notified to perform device authentication.
  • the device authentication data in step 4 can be generated in one of the following ways: (1) using a device-related key pair specifying parameters (such as a user authentication vector ⁇ RAND, XRES,
  • Kasme, RAND and / or AUTN in AUTN ⁇ , or one or more fields in AUTN, are encrypted according to the convention algorithm to generate new parameters (such as RAND_D and / or AUTN_D )
  • RAND generates a new random value RAND D according to the agreed algorithm, then uses RAND_D to generate other authentication vector components, and finally generates a new device authentication vector ⁇ RAND , XRES D , Kasme D, AUTN D ⁇ . (The other components outside RAND are calculated according to the new random value RAND D).
  • the foregoing authentication data may be generated by the MME, or may be generated by the HSS and sent to the HSS.
  • the RN generating device authentication response value in step 2 may be generated by using one of the following methods:
  • the RN first decrypts the parameters in the authentication request message (such as RAND D and/or AUTN_D, or one or more fields in AUTN_D) according to the agreed algorithm by using the device-related key information to obtain RAND and/or AUTN. Then according to the processing method of the ordinary UE, first to the AUTN After verification, the authentication response value RES is calculated according to the existing calculation method after verification, and the response value RES is also the device authentication response value RES Dministered.
  • the parameters in the authentication request message such as RAND D and/or AUTN_D, or one or more fields in AUTN_D
  • the RN first performs AUTN verification according to the existing method, and generates a user authentication response value RES.
  • the RN then calculates the new device response value RES_D in the same way as the network side generates XRES_D using the device-related key and RES.
  • RAND D is obtained by using the same method as the network side calculation new random value RAND D according to the RAND value in the device authentication request message, and then using AUTN_D in the RAND_D and device request according to the processing method of the ordinary UE to the AUTN D Conduct a risk certificate and generate RES_D.
  • AUTN_D in the RAND_D and device request according to the processing method of the ordinary UE to the AUTN D
  • the time used by the network side to calculate the expected device response XRES may be postponed until after the device authentication response message is received.
  • the convention algorithm in this embodiment may be a known Key Derivation Function (KDF) or an encryption algorithm, which is not described in detail.
  • KDF Key Derivation Function
  • the method for generating the above authentication data and the method for generating the response value of the corresponding RN may also be combined with each other according to actual conditions, but are all within the scope of the present invention.
  • the agreement on the device association key may also be completed in the device authentication process.
  • the device association key refers to a key associated with the authenticated device identity, which can be used to protect the communication between the device and the network side, and can also be used to protect the device and the network side. Other keys for secure communication between.
  • the device association key may be a key related to the RN device, or may be a new key derived by using the RN device-related key and additional input.
  • the additional input may be the intermediate key Kasme of the user authentication process agreement, or other keys derived from Kasme, or a value shared by other RNs and the network side, such as a key in the user subscription data of the RN. Or parameters, etc.
  • the above-mentioned RN device-related key information refers to a pre-shared key (which may be a symmetric key or an asymmetric key) known to both the RN and the network side.
  • the above network side may be an MME or an HSS.
  • Embodiment 2 In this embodiment, the foregoing embodiment and its preferred embodiments are combined.
  • This embodiment provides a device authentication method.
  • the process of the device authentication method in this embodiment multiplexes the user authentication message flow, and the new message is used.
  • FIG. 5 is a flowchart of device authentication according to a preferred embodiment of the present invention.
  • the method includes: Step S501: The RN initiates a NAS (such as an Attach Request) message to the MME, where the message carries the device identification information IMEI of the RN.
  • the device-related key information of the RN in the foregoing process may also be obtained by the MME itself according to the device identification information of the RN, for example, from the RN device related to the MME, or from other network elements, such as OAM.
  • Step S507 The MME encrypts the AUTN in the user authentication vector of the RN according to the device-related key information (such as K_D) according to a predetermined encryption algorithm, generates new authentication data AUTN_D, and then sends an authentication request message to the RN.
  • the RAND and the authentication data AUTN_D are carried, and the RN device authentication indication information is also carried in the message.
  • the expected device response value XRES_D corresponding to the above-described authentication data still uses the expected response value XRES in the user authentication vector.
  • other encryption parameters may be used in the encryption process of the foregoing authentication data.
  • the other input parameters may be a certain value shared by the MME and the RN, and/or a random number generated by the MME, and the MME needs to pass the random number.
  • the message is sent to the RN.
  • the authentication data may also multiplex the RAND in the request message, and the MME encrypts the RAND according to a predetermined algorithm by using the key associated with the RN device to obtain the authentication data RAND D, and the MME sends the request message to the RN.
  • the authentication data is the encrypted RAND value (RAND_D) and AUTN. After receiving the RN, the RN can decrypt the RAND D to obtain the initial RAND value, and then perform subsequent AUTN-risk and RES calculations, etc.
  • the UE is consistent.
  • Step S509 After the RN receives the message, if the message indicates that the device is authenticated, the RN first decrypts the authentication data AUTN_D to obtain the AUTN, and then authenticates the AUTN by using the same authentication method as the normal UE, and if the authentication is passed, the UT is used. The same method of the UE generates a response RES, which also serves as the device authentication response value RES_D. The RES_D (ie RES) is then sent to the MME via an authentication response message.
  • RES_D ie RES
  • Step S 511 After receiving the MME, the MME compares the RES D with the expected device response value XRES D . If the two are consistent, the RN successfully completes the device authentication. Preferably, after the foregoing process is completed, the MME and the RN may also complete the agreement of the RN device association key K_RN.
  • K_RN may directly use the RN device.
  • the associated key K_D can also be derived using K_D and other additional input-constellation key derivation algorithms.
  • K_RN KDF(Kasme, KD)
  • the device is authenticated by the notification RN displayed by the newly added indicator cell in the message, and the cell in the request message is used as the authentication data. In the actual application, the authentication process may also be hidden. In this way, the RN is notified to perform device authentication.
  • Embodiment 3 In this embodiment, the foregoing embodiment and its preferred embodiments are combined.
  • This embodiment provides a device authentication method. In this embodiment, the process of the device authentication method multiplexes the user authentication message flow, and the message is passed. The notification RN displayed by the newly added indicator cell performs device authentication, and multiplexes the cell in the request message as the authentication data.
  • the method includes the following steps: Step 1: Step S501 of the second embodiment. Step 4: 2: Step S4 of the second embodiment is combined with S503.
  • Step 3 The HSS first generates a random number RAND, and then uses the device-related key information (such as K_D) and RAND as input according to the RN's IMEI index RN corresponding device-related key information.
  • RAND_D KDF ( RAND, KD )
  • other input parameters can be used in the calculation.
  • RAND_D KDF ( RAND, KD )
  • a new user authentication vector ⁇ RAND_D, XRES D, Kasme D, AUTN D ⁇ for generating the RN is calculated (the generation method of the authentication vector is known content, Do a narrative ;).
  • the HSS uses the initial random value RAND instead of the random password RAND D in the new authentication vector to obtain the new authentication vector ⁇ RAND , XRES D , Kasme D , AUTN D ⁇ and authenticates the new authentication with an Authentication Data Response message.
  • the vector is sent to the MME.
  • the process of forming a new authentication vector using the initial RAND instead of RAND_D may also be done by the MME.
  • the new user authentication vector ⁇ RAND , XRES D , Kasme D , AUTN D ⁇ and the initial random value RAND need to be sent to the MME by the HSS.
  • Step 4 The MME initiates an authentication request to the RN, where the message carries the initial RAND and the authentication data AUTN_D, and the device authentication indication information, which is used to instruct the RN to perform device authentication.
  • Step 5 After the RN receives the message, if the message indicates that the device is authenticated, the RN first calculates the RAND_D according to the agreed algorithm by using the RAND and the RN device-related key, and then uses RAND_D to perform the risk certificate on the AUTN D, and the specific-risk method and In the user authentication process, the UE-risk AUTN method is the same.
  • Step 6 After receiving the MME, the MME compares the RES D with the XRES_D sent by the previous HSS. If the two are consistent, the RN successfully completes the device authentication. Preferably, the agreement of the RN device association key Kasme_D is also completed by the above procedure. This key can be used to secure communication between the RN and the network side, and can also be used to derive other keys for securing communication between the RN and the network side.
  • the device is authenticated by the notification RN displayed by the newly added indicator cell in the message, and the RN may be notified in the implicit manner to perform device authentication, for example, the AMF field in the AUTN_D may be modified. Some/some reserved bits, which are used to inform the RN to perform device authentication.
  • Embodiment 4 In this embodiment, the foregoing embodiment and its preferred embodiments are combined.
  • This embodiment provides a device authentication method.
  • the process of the device authentication method multiplexes the user authentication message flow in the multiplexing message.
  • the cell implicitly notifies the RN to perform device authentication, and also uses RAND and AUTN in the user authentication vector as device authentication data.
  • the method includes: Step 1: Step S501 of the second embodiment.
  • the calculation of the authentication data in the foregoing process may also be completed in the HSS, and then sent by the HSS to the MME, and the calculation method is the same as the calculation method of the MME in the foregoing process.
  • Step 4 After receiving the RN, the RN and the AUTN use the same user authentication process as the normal UE, first authenticate the AUTN, and then generate the response value RES, and if the RN finds that the AMF indication in the AUTN requires device authentication.
  • the device authentication response message in the above process may also carry RES and RES_D at the same time.
  • the MME compares RES and XRES, and RES D and XRES_D respectively after owing. It is consistently stated that the RN successfully completes device authentication.
  • the MME and the RN may also complete the agreement of the device association key K RN .
  • FIG. 1 A parameter shared by the RN and the MME, or a random number generated by the network side/RN. If a random number parameter is used, the corresponding parameter needs to be authenticated.
  • the response message carries the parameter to notify the MME.
  • the time for the MME to calculate the XRES_D in step 5 needs to be placed after the MME receives the device authentication response.
  • Step 6 After the MME receives the comparison, the RES D and the XRES_D calculated by the MME are compared. This indicates that the RN successfully completed device authentication.
  • the MME and the RN may also complete the agreement of the device association key K RN .
  • FIG. 6 is a schematic diagram of generating a device association key according to the present invention, as shown in FIG. 6 , where the K_RN may directly use the RN device.
  • the associated key K_D can also be derived using K_D and other additional input-constellation key derivation algorithms.
  • K_RN KDF (Kasme, KD)
  • Embodiment 5 the foregoing embodiment and its preferred embodiments are combined.
  • This embodiment provides a device authentication method.
  • the device that notifies the RN implicitly by multiplexing the AMF field in the AUTN is used.
  • Step 1 Step S501 of the second embodiment.
  • Step 4 2: Step S4 of the second embodiment is combined with S503.
  • Step 3 The HSS first generates a user authentication vector ⁇ RAND, XRES, Kasme, AUTN ⁇ of the RN, and indexes the corresponding device-related key information of the RN according to the IMEI of the RN.
  • the HSS encrypts the MAC fields in the RAND and AUTN of the user authentication vector according to the RN device-related key (such as K_D) to obtain the authentication data RAND_D and AUTN_D (where only the MAC field is secretly encrypted, and the others are the same as the AUTN;), And ⁇ ⁇ ⁇ ⁇ A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A
  • the calculation of the authentication data in the above process may also be completed in the MME, and the calculation method is consistent with the calculation method of the HSS in the above process.
  • Step 5 After receiving the RN, the RN indicates through the AMF field in the AUTN_D that device authentication is required. Therefore, the device-related key root is used first. Conventions algorithm RAND_D AUTN_D the MAC field and decrypts the obtained initial RAND and AUTN.
  • RN preclude the use of ordinary
  • the same authentication method of the UE authenticates the AUTN, and uses the RAND to generate a response value RES, which is also used as the device authentication response value RES D, and then sends the RES to the MME through the authentication response message.
  • RES response value
  • other input parameters such as random values generated by the MME
  • the calculation method is the same, and finally the corresponding device response value RES_D is generated.
  • the MME needs to send the random value to the RN in the request message.
  • Step 6 The MME compares the RES_D (ie RES) and the XRES_D (ie, XRES). If the MME is consistent, the RN successfully completes the device authentication. . Preferably, after the foregoing process is completed, the MME and the RN also complete the agreement of the device association key K_RN.
  • FIG. 6 is a schematic diagram of generating a device association key according to the present invention, as shown in FIG. 6, where the K_RN can directly use the RN device.
  • the key K_D can also be derived using K_D and other additional input-constellation key derivation algorithms.
  • K_RN KDF (Kasme, KD), or RN A value shared with the network side.
  • K_RN KDF (Kasme, KD), or RN A value shared with the network side.
  • Embodiment 6 In this embodiment, the foregoing embodiment and its preferred embodiments are combined.
  • This embodiment provides a device authentication method.
  • the notification RN is displayed by adding a new cell in the request message.
  • Device authentication and add new cells as authentication data in the response message.
  • the method includes the following steps: Step 4: 1 is the same as step 4 of the second embodiment. Step 4: 2: Same as step 4 of Example 2, 03.
  • Step 3 The HSS first calculates the user authentication vector ⁇ RAND, XRES, Kasme, AUTN ⁇ of the RN, and sends the authentication data to the MME through an Authentication Data Response message.
  • Step 4 The MME sends an authentication request message to the RN, where the message carries the authentication data RAND and AUTN, and the device authentication indication information.
  • Step 5 After receiving the RN, the RN first authenticates the AUTN by using the same authentication method as the normal UE. If the authentication passes and uses the same authentication method of the UE, the response RES is generated.
  • the message sends the RES to the MME along with the new cell RES_D and RAND D.
  • Step 6 After receiving the MME, compare the RES and the XRES sent by the HSS. If they are consistent, the user authentication of the RN is successfully completed.
  • the MME uses the XRES and the received RAND_D and the RN device to generate the XRES_D in the same way as the RN, and compares the received RES_D with the XRES_D calculated by the MME. If the RN is consistent, the RN successfully completes the device authentication. .
  • the calculation of the authentication data in the foregoing process may also be completed in the HSS.
  • the HSS generates new authentication data by using the same method as the foregoing process MME, and sends the new authentication data to the MME, and the subsequent process is consistent with the foregoing process.
  • the key information related to the RN device in the MME may be obtained from O AM or HS S.
  • FIG. 6 is a schematic diagram of generating a device association key according to the present invention, as shown in FIG. 6, where the K_RN can directly use the RN device.
  • the key K_D can also be derived using K_D and other additional input-constellation key derivation algorithms.
  • the present embodiment provides a relay node.
  • FIG. 7 is a structural block diagram of a relay node according to an embodiment of the present invention. As shown in FIG.
  • the relay node includes: a first receiving module 72, and a first generating module 74.
  • the first sending module 76 the foregoing structure is described in detail: the first receiving module 72 is configured to receive a device authentication request, where the device authentication request carries the device authentication data generated by using the user authentication vector; 74. Connect to the first receiving module 72, and set to generate a corresponding device authentication response value according to the device authentication data received by the first receiving module 72.
  • the first sending module 76 is connected to the first generating module 74, and is configured to carry The device authentication response of the device authentication response value generated by the first generation module 74 is sent to the network side for authenticating the RN.
  • the relay node includes a first associated key setting module 82.
  • the first generating module 74 includes: a first decrypting submodule 801, a first device authentication response value generation submodule 802; a second decryption submodule 803, a second device The authentication response value generation sub-module 804; the user response value generation module 805, the third device authentication response value generation sub-module 806; the first random value generation sub-module 807, the fourth device authentication response value generation sub-module 808,
  • the first decryption sub-module 801 is configured to decrypt using a device-related key of the RN, an optional parameter, the received RAND_D and/or AUTN_D according to a predetermined algorithm, and obtain RAND and AUTN;
  • the authentication response value generation sub-module 802 is connected to the first decryption sub-module 80
  • Generating a user response value RES and determining that the user response value RES is a device authentication response value RES D taken from the device-related key of the RN, optional parameters, received RAND_D and AUTH_D1 according to a predetermined algorithm Decrypting, and obtaining RAND and / or AUTH; second device authentication response value generation sub-module 804, connected to the second decryption sub-module 803, set
  • the RAND and/or AUTN obtained using the second decryption sub-module 803 generates a user response value RES according to the user authentication method of the EPS AKA, and determines that the user response value RES is the device authentication response value RES D.
  • the user response value generation module 805 is set to Generating a user response value RES according to the user authentication method of the EPS AKA; a third device authentication response value generation sub-module 806, connected to the user response value generation module 805, configured to generate a device-related key, RES, and optional parameters according to a predetermined algorithm
  • the device authentication response value RES D crried the first random value generation sub-module 807 is configured to generate a new random value RAND D according to a predetermined algorithm using a device-related key of the RN, a random value generated by the network side, and an optional parameter, and an optional parameter.
  • the user authentication method of AKA performs a risk certificate on the received AUTN_D using the new random value RAND D generated by the first random value generation sub-module 807, and generates Preparation of the authentication response value RES_D.
  • the relay node further includes: a first association key setting module 82 configured to set an association key, wherein the association key is one of: a device-related key; a device-related key and a parameter generated according to a predetermined derivation algorithm
  • the key, parameters include: Kasme or a key derived from Kasme, a key or parameter related to the user subscription information of the RN.
  • FIG. 9 is a structural block diagram of a network side according to an embodiment of the present invention. As shown in FIG. 9, the network side includes: an obtaining module 92, a determining module 94, and a second generation.
  • the module 96 and the second sending module 98 are described in detail below.
  • the obtaining module 92 is configured to obtain the device identifier of the RN or the device certificate information of the RN by using the received NAS message.
  • the determining module 94 is connected to the acquiring module. And determining, according to the device identifier of the RN or the device certificate information of the network side acquired by the obtaining module 92, the device-related key of the RN; the second generating module 96 is connected to the determining module 94, and is configured to determine by the determining module 94.
  • the device-related key generates the device authentication data.
  • the second sending module 98 is connected to the second generating module 96, and is configured to send the device authentication data generated by the second generating module 96 to the RN through the device authentication request.
  • FIG. 10 is a block diagram showing a preferred structure of a network side according to an embodiment of the present invention, as shown in FIG.
  • the MME further includes: a second associated key setting module 101, a first setting module 102, a second setting module 104, a second receiving module 106, an authentication response value determining module 108, and an authentication module 109.
  • the second generating module 96 includes: a device authentication data generation sub-module 942, a second device authentication data generation sub-module 944, a selection sub-module 945, a third device authentication data generation sub-module 946, a second random value generation sub-module 948, and a fourth device authentication data generator.
  • First device authentication data generation sub-module 942 set to use the device-related key of the RN, optional parameters, ⁇ RAND, XRES, Kasme, AUTN ⁇ in the user authentication vector
  • the RAND and/or AUTN are encrypted according to a predetermined algorithm, and generate device authentication data RAND_D and/or AUTN D, where RAND is a random number generated by the network side, XRES is a user response expected by the network side, and Kasme is an intermediate key.
  • the second device authentication data generation sub-module 944 is configured to use a device-related key of the RN, an optional parameter, a field in the RAND and/or AUTN in ⁇ RAND, XRES, Kasme, AUTN ⁇ in the user authentication vector according to the predetermined
  • the optional parameters are one of the following: RN and data shared by the network side; and random numbers generated by the network side and/or the RN.
  • the sub-module 945 is selected to select RAND and AUTN in the user authentication vector ⁇ RAND, XRES, Kasme, AUTN ⁇ as device authentication data; the third device authentication data generation sub-module 946 is connected to the selection sub-module 945, and is set to use
  • the device-related key, the XRES and optional parameters in ⁇ RAND, XRES, Kasme, AUTN ⁇ in the user authentication vector generate a desired device authentication response XRES_D according to a predetermined algorithm, and determine the XRES_D as device authentication data, wherein,
  • the parameters are one of the following: data shared by the RN and the network side; random numbers generated by the network side and/or the RN, RAND is a random number generated by the network side, XRES is a user response expected by the network side, Kasme is an intermediate key, AUTN I
  • the second random value generation sub-module 948 is configured to encrypt the random value RAND and the optional parameter randomly generated by the network side according to a predetermined algorithm by using the device-related key of the RN, and generate a new random value RAND D, where
  • the parameter is one of the following: data shared by the RN and the network side; a random number generated by the network side and/or the RN; a fourth device authentication data generation submodule 949 connected to the second random value generation submodule 948, set to use
  • the RAND_D generated by the two random value generating sub-module 948 is used as the random password generating device authentication data ⁇ RAND_D, XRES D , Kasme D , AUTN D ⁇ for calculating the user authentication vector; and determining that the device authentication vectors sent to the RN are RAND and AUTN D, Where RAND is the random number generated by the network side, XRES_D is the calculated new network side user response, Kasme_D calculates the new intermediate key, and
  • the foregoing MME further includes: a first setting module 102, configured to: set a cell in the device authentication request to instruct the RN to perform device authentication; and the second setting module 104 is configured to set an existing cell or a field indirect indication in the device authentication request.
  • the RN performs device authentication.
  • the MME further includes: a second receiving module 106, configured to receive a device authentication response value RES_D; an authentication response value determining module 108, connected to the second receiving module 106, configured to determine a device authentication response value received by the second receiving module 106
  • the authentication module 109 is connected to the authentication response value judging module 108, and is configured to determine that the RN authentication is passed when the judgment result of the authentication response value judging module 108 is consistent.
  • the MME further includes: a second association key setting module 101, configured to set an association key, where the association key is one of the following: a device-related key; the device-related key and the parameter are distributed according to a predetermined
  • the new key generated by the algorithm, the parameters include: Kasme, the key derived from Kasme, the key or parameter related to the user subscription information of the RN.
  • 11 is a structural block diagram of an authentication system according to an embodiment of the present invention. As shown in FIG. 11, the authentication system includes: RN 2 and network side 4, and the specific structure of the RN 2 and the network side 4 is as shown above, and is no longer Praise.
  • the relay node receives the device authentication request for authentication, and sends the generated device authentication response value to the MME, which is used to authenticate the RN, and can implement authentication of the relay node device by the network to ensure The legality of the RN effectively protects the security of the RN and the user equipment it serves. Minimize changes to current standard protocols to ensure maximum version compatibility issues.
  • the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • the computing device may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An authentication method, apparatus and system are disclosed by the present invention. The method includes that: a Relay Node (RN) receives a device authentication request, wherein the device authentication request carries device authentication data generated by using a user authentication vector (S402); the RN generates a corresponding device authentication response value according to the device authentication data, and sends a device authentication response carrying the device authentication response value to a network side for RN authentication (S404). The present invention ensures the validity of the RN as a base station, thereby the security of user equipments served by the RN is improved.

Description

i人证方法、 装置及系统 技术领域 本发明涉及通信领域, 具体而言, 涉及一种认证方法、 装置及系统。 背景技术 长期演进(Long Term Evolution, 简称为 LTE ) 网络, 如图 1所示, 由演 进全求陆地无线接入网 (Evolved Universal Terrestrial Radio Access Network, 简 称为 E-UTRAN)和演进分组交换中心 ( Evolved Packet Core, 简称为 EPC )组 成, 网络呈现扁平化。 EUTRAN通过 S 1接口与 EPC相连。 其中, EUTRAN 由多个相互连接的演进基站 (Evolved NodeB, 简称为 eNB ) 组成, 各个 eNB 之间通过 X2接口连接; EPC由移动性管理实体 ( Mobility Management Entity, 简称为 MME ) 和月艮务网关实体 (Serving Gateway, 简称为 S-GW ) 组成。 另 夕卜, 在系统架构中还有一个归属环境 ( Home Environment, 简称为 HE ), 即归 属用户服务器(Home Subscriber Server,简称为 HSS )或归属位置寄存器( Home Location Register , 简称为 HLR ), 作为用户数据库。 它包含用户配置文件, 用 来执行用户的身份验证和授权, 并可提供有关用户物理位置的信息等。 为了满足日益增长的大带宽高速移动接入的需求, 第三代伙伴组织计划 ( Third Generation Partnership Projects , 简称为 3GPP ) 4舞出高级长期演进 ( Long-Term Evolution advance , 简称为 LTE- Advanced ) 标准。 LTE- Advanced 对于长期演进 ( Long-Term Evolution , 简称为 LTE ) 系统的演进保留了 LTE的 核心, 并在此基础上釆用一系列技术对频域、 空域进行扩充, 以达到提高频谱 利用率、 增加系统容量等目的。 无线中继 ( Relay )技术即是 LTE- Advanced中 的核心技术之一, 旨在扩展小区的覆盖范围, 减少通信中的死角地区, 平衡负 载, 转移热点地区的业务, 节省用户设备( User Equipment , 简称为 UE ) 即终 端的发射功率。图 2是根据相关技术的引入中继节点后的接入网络架构示意图, 如图 2所示, 在现有的网络架构中增加一种新的中继节点 (Relay-Node, 简称 为 RN ), 这种新增的 RN和施主演进基站 (Donor-eNB ) 之间使用无线连接。 其中, Donor-eNB和 RN之间的接口称为 Un口, 两者之间的无线链路称为回 程链路( backhaul link ); RN和 UE之间的接口称为 Uu口, 其间的无线链路称 为接入链路 ( access link )„ 下行数据先到达 Donor-eNB , 然后传递给 RN, RN 再传输至 UE, 上行反之。 在本申请的后续描述中, 施主演进基站 Donor-eNB 统一描述为演进基站 eNB。 在实际通信过程中, RN 即可以作为一个普通的终端设备, 也可以作为一 个基站。 当 RN作为一个终端设备时, RN可以像普通 UE—样接入无线网络。 普通 UE 在接入时网络侧会对其进行用户 的鉴权认证和密钥协定 ( Authentication and Key Agreement, 简称为 AKA ), 在 LTE系统中该过程也 称为演进分组系统( Evolved Packet System, 简称为 EPS ) AKA, 即 EPS AKA, 图 3是根据相关技术的 UE的 AKA过程流程图, 如图 3所示, 该过程包括如 下步骤: 步骤 301 : MME向 HSS发起认证数据请求消息, 其中携带了 UE的用户 标 i只信息, 比:^ UE 的国际移动用户标 i只 ( International Mobile Subscriber Identity, 简称为 IMSI ), 以及月艮务网络标识( SN ID )和网络类型信息( Network type )。 步骤 303 : HSS 根据请求消息生成认证向量 {RAND , XRES , Kasme , AUTN} , 并通过认证数据响应消息发送给 ΜΜΕ。 其中认证向量中各个分量的 意义为: RAND为 HSS产生的随机口令 ( random challenge ), XRES为网络侧 期望的用户响应, Kasme为 HSS产生的一个中间密钥, 该密钥主要用于派生非 接入层 ( Non-access stratum, 简称为 NAS ) 和接入层 ( Access Stratum, 简称 为 AS ) 的安全密钥, 而 AUTN为网络认证标志 ( Authentication token ), 包含 了多个字段, 具体为 AUTN = SQN * AK || AMF || MAC, 其中 SQN* AK是指 由 HSS生成的序列号 SQN和匿名密钥 AK的异或操作, AMF是认证管理 i或 ( Authentication Management field ), MAC为消息-险证码。 步骤 305: MME向 UE发送用户认证请求 ( User Authentication Request ) 消息, 其中携带了 HS S生成的认证数据 RAND和 AUTN。 步 4聚 307: UE ) 到后对 AUTN进行-险证, -险证的方法是利用 RAND、 AUTN 中的 SQN*AK, 以及 UE的才艮密钥 K生成消息-险证码 XMAC, 并 -险证 XMAC 与 AUTN中的 MAC值是否一致, 如果一致则认作为 AUTN -险证通过, 则才艮据 RAND 和才艮密钥 K按照约定算法计算 RES 值, 并通过用户认证响应 (User Authentication Response ) 消息发送给 MME。 步 4聚 309: MME收到后会比较 UE发来的 RES和最初从 HSS收到的 XRES , 如果两者一致, 则认为用户的 AKA过程成功完成。 需要说明的是, 上述描述中 UE是指移动设备 (Mobile Equipment, 简称 为 ME ) 和全球用户标识模块 (Universal Subscriber Identity Module, 简称为 USIM ) 的总称, 上述过程实际是由 USIM完成的, 该过程完成了 USIM的认 证, 即用户认证。 上述过程完成后, USIM会根据根密钥 K生成 IK和 CK发 送给 ME, ME才艮据 IK和 CK生成中间密钥 Kasme, 通过上述过程完成了网络 对终端的 USIM认证 (或称签约认证, subscription Authentication )和密钥协定。 相关技术中, 釆用上述认证方法只能实现 RN作为一个终端接入时, 实现 RN的 USIM认证, 但是上述认证无法确保 RN作为基站的合法性, 继而导致 RN服务的用户设备的安全性比较低。 发明内容 本发明的主要目的在于提供一种认证方法、 装置及系统, 以解决相关技术 中的认证方法无法保证 RN作为基站的合法性, 继而导致 RN服务的用户设备 的安全性比较低的问题。 本发明的一个方面提供了一种认证方法, 包括: 中继节点 RN接收设备认 证请求,其中,设备认证请求中携带有使用用户认证向量生成的设备认证数据; RN根据设备认证数据生成对应的设备认证响应值, 并将携带有设备认证响应 值的设备认证响应发送至网络侧, 用于认证 RN。 优选地, 在 RN接收设备认证请求之前, 还包括: 网络侧通过接收到的非 接入层 ( NAS ) 消息获取 RN的设备标识或 RN的设备证书信息; 网络侧根据 RN的设备标识或网络侧的设备证书信息确定 RN的设备相关密钥; 网络侧使 用设备相关密钥生成设备认证数据, 并将设备认证数据通过设备认证请求发送 给 RN。 优选地, 设备相关密钥为以下之一: 设备相关密钥是 RN设备签约信息或 者设备证书中的预共享密钥或参数; 设备相关密钥是由预共享密钥或参数生成 的新密钥或新参数。 优选地, 网络侧使用设备相关密钥生成设备认证数据包括: 使用 RN的设 备相关密钥、 可选参数、 用户认证向量中的 {RAND, XRES , Kasme, AUTN} 中的 RAND 和 /或 AUTN 按照预定算法进行加密, 并生成设备认证数据 RAND D和 /或 AUTN_D; 或使用设备相关密钥、 可选参数、 用户认证向量中 的 {RAND, XRES , Kasme, AUTN}中的 RAND和 /或 AUTN中的字段按照预 定算法进行加密,并生成设备认证数据 RAND D和 /或 AUTH_D1 ,其中, RAND 是网络侧生成的随机数, XRES是期望设备响应, Kasme是中间密钥, AUTN 是网络认证标志, 且包含了多个字段, 具体为 AUTN = SQN * AK || AMF || MAC, 其中 SQN* AK是指由归属用户服务器 HSS生成的序列号 SQN和匿名 密钥 AK的异或操作, AMF是认证管理域, MAC为消息-险证码, 可选参数为 以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的随机数。 优选地, RN根据设备认证数据生成对应的设备认证响应值包括: RN使用 设备相关密钥、可选参数、接收到的 RAND_D和 /或 AUTN_D按照预定算法进 行解密, 并得到 RAND和 /或 AUTN; 使用 RAND和 /或 AUTN按照分组演进 系统鉴权认证和密钥协定 EPS AKA的用户认证方法生成用户响应值 RES , 并 确定用户响应值 RES为设备认证响应值 RES D; 或 RN使用 RN的设备相关 密钥、可选参数、接收到的 RAND_D和 /或 AUTH_D1按照预定算法进行解密, 并得到 RAND和 /或 AUTH;使用 RAND和 /或 AUTN按照 EPS AKA的用户认 证方法生成用户响应值 RES , 并确定用户响应值 RES 为设备认证响应值 RES D。 优选地, 网络侧使用设备相关密钥生成设备认证数据包括: 选取用户认证 向量 {RAND, XRES , Kasme, AUTN}中的 RAND和 AUTN为设备认证数据; 使用设备相关密钥、 用户认证向量 {RAND, XRES , Kasme, AUTN}中的期望 用户响应 XRES和可选参数按照预定算法生成期望设备认证响应 XRES_D, 并 确定 XRES_D作为设备认证数据,其中, RAND是网络侧生成的随机数, Kasme 是中间密钥, AUTN是网络认证标志, 可选参数为以下之一: RN和网络侧共 享的数据; 网络侧和 /或 RN生成的随机数。 优选地, RN根据设备认证数据生成对应的设备认证响应值包括: RN按照 EPS AKA的用户认证方法生成用户响应值 RES; 使用设备相关密钥、 RES和 可选参数按照预定算法生成设备认证响应值 RES_D。 优选地, 网络侧使用设备相关密钥生成设备认证数据包括: 使用设备相关 密钥、 网络侧生成的随机值 RAND 和可选参数按照预定算法生成新的随机值 RAND D, 其中, 可选参数为以下之一: RN和网络侧共享的数据; 网络侧和 / 或 RN生成的随机数; 使用 RAND_D作为计算用户认证向量的随机口令生成 新的用户认证向量 {RAND_D, XRES D, Kasme D, AUTN D}; 并确定发送 给 RN的设备认证数据为 RAND和 AUTN_D, 其中, RAND是网络侧生成的 随机数, XRES_D是计算后新的网络侧期望响应, Kasme_D是计算后新的中间 密钥, AUTN_D是计算后新的网络认证标志。 优选地, RN根据设备认证数据生成对应的设备认证响应值包括: RN使用 设备相关密钥、 可选参数和接收到的 RAND 按照预定算法生成新的随机值 RAND D; RN按照 EPS AKA的用户认证方法使用新的随机值 RAND D对接 收到的 AUTN_D进行-险证, 并生成设备认证响应值 RES D„ 优选地, 在将设备认证响应值发送至网络侧, 用于认证 RN之后, 还包括: 网络侧接收设备认证响应值 RES D; 判断设备认证响应值 RES D与期望设备 响应 XRES_D是否一致; 如果判断结果为一致, 则确定 RN认证通过。 优选地, 在确定 RN认证通过之后, 还包括: RN和网络侧设置关联密钥, 其中, 关联密钥为以下之一: 设备相关密钥; 使用设备相关密钥与参量按照预 定派生算法生成的新密钥, 参量包括: Kasme、 由 Kasme派生的密钥、 与 RN 的用户签约信息相关的密钥或参数。 优选地, 在设备认证请求中设置信元指示 RN进行设备认证; 或在设备认 证请求中设置已有信元或字段间接指示 RN进行设备认证。 优选地, 网络侧包括: 移动管理实体 MME和归属用户月艮务器 HSS。 本发明的另一个方面提供了一种中继节点, 包括: 第一接收模块, 设置为 接收设备认证请求, 其中设备认证请求中携带有使用用户认证向量生成的设备 认证数据; 第一生成模块, 设置为根据设备认证数据生成对应的设备认证响应 值; 第一发送模块, 设置为将携带有设备认证响应值的设备认证响应发送至网 络侧, 用于认证 RN。 第一生成模块包括: 第一解密子模块, 设置为使用设备相关密钥、 可选参 数、接收到的 RAND_D和 /或 AUTN_D按照预定算法进行解密,并得到 RAND 和 AUTN; 第一设备认证响应值生成子模块, 设置为使用 RAND和 /或 AUTN 按照分组演进系统鉴权认证和密钥协定 EPS AKA的用户认证方法生成用户响 应值 RES , 并确定用户响应值 RES为设备认证响应值 RES_D。 优选地, 第一生成模块包括: 第二解密子模块,设置为使用设备相关密钥、 可选参数、 接收到的 RAND_D和 /或 AUTH_D1按照预定算法进行解密, 并得 到 RAND和 /或 AUTH; 第二设备认证响应值生成子模块, 设置为使用 RAND 和 /或 AUTN按照 EPS AKA的用户认证方法生成用户响应值 RES ,并确定用户 响应值 RES为设备认证响应值 RES D„ 优选地, 第一生成模块包括: 用户响应值生成模块, 设置为按照 EPS AKA 的用户认证方法生成用户响应值 RES; 第三设备认证响应值生成子模块, 设置 为使用设备相关密钥、 RES 和可选参数按照预定算法生成设备认证响应值 RES D。 优选地, 第一生成模块包括: 第一随机值生成子模块, 设置为使用设备相 关密钥、 网络侧生成的随机值和可选参数按照预定算法生成新的随机值 RAND D, 可选参数为以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN 生成的随机数; 第四设备认证响应值生成子模块, 设置为按照 EPS AKA的用 户认证方法使用新的随机值 RAND D对接收到的 AUTN_D进行-险证, 并生成 设备认证响应值 RES D„ 优选地, 上述装置还包括: 第一关联密钥设置模块, 设置为设置关联密钥, 其中, 关联密钥为以下之一: 设备相关密钥; 设备相关密钥与参量按照预定派 生算法生成的新密钥, 参量包括: Kasme, 由 Kasme派生的密钥、 与 RN的用 户签约信息相关的密钥或参数。 本发明的再一个方面提供了一种网络侧, 包括: 获取模块, 设置为通过接 收到的非接入层 NAS消息获取 RN的设备标识或 RN的设备证书信息;确定模 块, 设置为根据 RN的设备标识或网络侧的设备证书信息确定 RN的设备相关 密钥; 第二生成模块, 设置为根据设备相关密钥生成设备认证数据; 第二发送 模块, 设置为将设备认证数据通过设备认证请求发送给 RN。 优选地, 第二生成模块包括: 第一设备认证数据生成子模块, 设置为使用 RN的设备相关密钥、 可选参数、 用户认证向量中的 {RAND, XRES , Kasme, AUTN}中的 RAND和 /或 AUTN按照预定算法进行加密,并生成设备认证数据 RAND_D和/或 AUTN_D; 或第二设备认证数据生成子模块, 设置为使用设备 相关密钥、可选参数、用户认证向量 {RAND, XRES , Kasme, AUTN}中的 RAND 和 /或 AUTN中的字段按照预定算法进行加密, 并生成设备认证数据 RAND_D 和 /或 AUTH_D 1 , 其中, RAND是网络侧生成的随机数, XRES是期望设备响 应, Kasme是中间密钥, AUTN是网络认证标志, 且包含了多个字段, 具体为 AUTN = SQN * AK || AMF || MAC, 其中 SQN* AK是指由 HSS生成的序列号 SQN和匿名密钥 AK的异或操作, AMF是认证管理域, MAC为消息 -险证码, 可选参数为以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的随机 数。 优选地, 第二生成模块包括: 选取子模块, 设置为选取用户认证向量 {RAND, XRES , Kasme, AUTN}中的 RAND和 AUTN为设备认证数据; 第 三设备认证数据生成子模块, 设置为使用设备相关密钥、 用户认证向量中的 {RAND, XRES , Kasme, AUTN}中的期望用户响应 XRES和可选参数按照预 定算法生成期望设备认证响应 XRES_D, 并确定 XRES_D作为设备认证数据, 其中, RAND是网络侧生成的随机数, Kasme是中间密钥, AUTN是网络认证 标志, 可选参数为以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成 的随机数。 优选地, 第二生成模块包括: 第二随机值生成子模块, 设置为使用 RN的 设备相关密钥对网络侧随机生成的随机值 RAND 和可选参数按照预定算法生 成新的随机值 RAND_D, 其中, 可选参数为以下之一: RN和网络侧共享的数 据; 网络侧和 /或 RN生成的随机数; 第四设备认证数据生成子模块, 设置为使 用 RAND_D 作为计算用户认证向量的随机口令生成新的用户认证向量 {RAND D, XRES D, Kasme D, AUTN D}; 并确定发送给 RN的设备认证 向量为 RAND和 AUTN_D, 其中, RAND是网络侧生成的随机数, XRES D 是计算后的新的网络侧期望响应, Kasme_D 是计算后的新的中间密钥, AUTN D是计算后的新的网络认证标志。 优选地, 上述装置还包括: 第二接收模块, 设置为接收设备认证响应值TECHNICAL FIELD The present invention relates to the field of communications, and in particular to an authentication method, apparatus, and system. A Long Term Evolution (LTE) network, as shown in FIG. 1, is an Evolved Universal Terrestrial Radio Access Network (E-UTRAN) and an Evolved Packet Switching Center (Evolved Universal Terrestrial Radio Access Network). Evolved Packet Core (referred to as EPC), the network is flat. The EUTRAN is connected to the EPC through the S1 interface. The EUTRAN is composed of a plurality of interconnected Evolved NodeBs (eNBs), and each eNB is connected through an X2 interface; the EPC is composed of a Mobility Management Entity (MME) and a monthly service gateway. The entity (Serving Gateway, S-GW for short) is composed. In addition, in the system architecture, there is also a Home Environment (HE), which is a Home Subscriber Server (HSS) or a Home Location Register (HLR). User database. It contains user profiles that perform user authentication and authorization, and provides information about the user's physical location. In order to meet the growing demand for large-bandwidth high-speed mobile access, the Third Generation Partnership Projects (3GPP) 4 danced the Long-Term Evolution advance (LTE-Advanced) standard. . LTE-Advanced retains the core of LTE for the evolution of Long-Term Evolution (LTE) system. Based on this, a series of technologies are used to expand the frequency domain and airspace to improve spectrum utilization. Increase system capacity and other purposes. Wireless relay technology is one of the core technologies in LTE-Advanced. It aims to extend the coverage of cells, reduce dead zones in communications, balance load, transfer services in hotspots, and save user equipment ( User Equipment , Referred to as UE), that is, the transmit power of the terminal. 2 is a schematic diagram of an access network architecture after a relay node is introduced according to the related art. As shown in FIG. 2, a new relay node (Relay-Node, referred to as RN) is added to the existing network architecture. A wireless connection is used between this new RN and the donor evolved base station (Donor-eNB). The interface between the Donor-eNB and the RN is called the Un port. The radio link between the two is called the backhaul link. The interface between the RN and the UE is called the Uu port. The wireless link between them is called the Uu port. The path is called the access link. The downlink data arrives at the Donor-eNB first and then passes to the RN, RN. Then transmit to the UE, and vice versa. In the subsequent description of the present application, the donor evolved base station Donor-eNB is uniformly described as an evolved base station eNB. In the actual communication process, the RN can be used as a common terminal device or as a base station. When the RN acts as a terminal device, the RN can access the wireless network like a normal UE. The normal UE will authenticate the user and authenticate the Key Agreement (AKA) on the network side. In the LTE system, the process is also called the Evolved Packet System (referred to as the Evolved Packet System). FIG. 3 is a flow chart of the AKA process of the UE according to the related art. As shown in FIG. 3, the process includes the following steps: Step 301: The MME initiates an authentication data request message to the HSS, where The user of the UE is only information, such as: International Mobile Subscriber Identity (IMSI) of the UE, and the Internet Service Identity (SN ID) and network type information (Network type). Step 303: The HSS generates an authentication vector {RAND, XRES, Kasme, AUTN} according to the request message, and sends it to the UI through the authentication data response message. The meaning of each component in the authentication vector is: RAND is the random challenge generated by the HSS, XRES is the expected user response of the network side, and Kasme is an intermediate key generated by the HSS. The key is mainly used to derive the non-connected key. The security key of the Non-access stratum (NAS) and the Access Stratum (AS), and the AUTN is an authentication token, which contains multiple fields, specifically AUTN = SQN * AK || AMF || MAC, where SQN* AK refers to the exclusive OR operation of the serial number SQN generated by the HSS and the anonymous key AK, the AMF is the authentication management i or (Authentication Management field), and the MAC is the message-risk Certificate code. Step 305: The MME sends a User Authentication Request message to the UE, where the authentication data RAND and AUTN generated by the HS S are carried. Step 4: 307: UE) After the AUTN-risk certificate, the method of the danger certificate is to use the SQN*AK in RAND, AUTN, and the UE's talent key K to generate a message-risk code XMAC, and - Whether the XMAC and the AUTN have the same MAC value, if they are consistent, they are recognized as the AUTN-risk certificate, then the RES value is calculated according to the agreement algorithm according to the RAND and the key K, and the user authentication response is passed. The message is sent to the MME. Step 4: 309: After receiving the MME, the MME compares the RES sent by the UE with the XRES originally received from the HSS. If the two are consistent, the user's AKA process is considered to be successfully completed. It should be noted that, in the above description, the UE is a general term for a mobile device (Mobile Equipment, ME for short) and a Universal Subscriber Identity Module (USIM). The foregoing process is actually performed by the USIM. The USIM certification is completed, that is, user authentication. After the above process is completed, the USIM generates IK and CK according to the root key K and sends it to the ME. The ME generates the intermediate key Kasme according to IK and CK, and completes the USIM authentication (or contract authentication) of the network to the terminal through the above process. Subscription Authentication ) and key agreement. In the related art, the above authentication method can only implement the USIM authentication of the RN when the RN is accessed as a terminal, but the above authentication cannot ensure the legitimacy of the RN as a base station, and the security of the user equipment of the RN service is relatively low. . SUMMARY OF THE INVENTION A primary object of the present invention is to provide an authentication method, apparatus, and system for solving the problem that the authentication method in the related art cannot guarantee the legitimacy of the RN as a base station, and the security of the user equipment served by the RN is relatively low. An aspect of the present invention provides an authentication method, including: a relay node RN receiving a device authentication request, where the device authentication request carries device authentication data generated using a user authentication vector; and the RN generates a corresponding device according to the device authentication data. The authentication response value is sent, and the device authentication response carrying the device authentication response value is sent to the network side for authenticating the RN. Preferably, before the RN receives the device authentication request, the method further includes: the network side acquiring the device identifier of the RN or the device certificate information of the RN by using the received non-access stratum (NAS) message; the network side according to the device identifier of the RN or the network side The device certificate information determines the device-related key of the RN; the network side uses the device-related key to generate the device authentication data, and sends the device authentication data to the RN through the device authentication request. Preferably, the device related key is one of the following: the device related key is a RN device subscription information or a pre-shared key or parameter in the device certificate; the device related key is a new key generated by a pre-shared key or parameter. Or new parameters. Preferably, the network side uses the device-related key to generate the device authentication data, including: using the device-related key of the RN, optional parameters, RAND and/or AUTN in {RAND, XRES, Kasme, AUTN} in the user authentication vector. The predetermined algorithm performs encryption and generates device authentication data RAND D and/or AUTN_D; or uses device related keys, optional parameters, RAND and/or AUTN in {RAND, XRES, Kasme, AUTN} in the user authentication vector. Field according to pre The algorithm performs encryption and generates device authentication data RAND D and/or AUTH_D1, where RAND is a random number generated by the network side, XRES is a desired device response, Kasme is an intermediate key, AUTN is a network authentication flag, and contains many Fields, specifically AUTN = SQN * AK || AMF || MAC, where SQN* AK refers to the exclusive OR operation of the serial number SQN and the anonymous key AK generated by the home subscriber server HSS, AMF is the authentication management domain, MAC For the message-risk code, the optional parameters are one of the following: RN and data shared by the network side; random numbers generated by the network side and/or the RN. Preferably, the RN generates a corresponding device authentication response value according to the device authentication data, including: the RN decrypts according to a predetermined algorithm using a device-related key, an optional parameter, the received RAND_D and/or AUTN_D, and obtains RAND and/or AUTN; Generating a user response value RES according to the user authentication method of the packet evolution system authentication and key agreement EPS AKA using RAND and/or AUTN, and determining that the user response value RES is the device authentication response value RES D; or the device related to the RN using the RN The key, the optional parameter, the received RAND_D and/or AUTH_D1 are decrypted according to a predetermined algorithm, and RAND and/or AUTH are obtained; the user response value RES is generated according to the user authentication method of the EPS AKA using RAND and/or AUTN, and is determined. The user response value RES is the device authentication response value RES D. Preferably, the network side uses the device-related key to generate the device authentication data, including: selecting RAND and AUTN in the user authentication vector {RAND, XRES, Kasme, AUTN} as device authentication data; using the device-related key, the user authentication vector {RAND The desired user response XRES and optional parameters in XRES, Kasme, AUTN} generate a desired device authentication response XRES_D according to a predetermined algorithm, and determine XRES_D as device authentication data, where RAND is a random number generated by the network side, and Kasme is a medium density The key, AUTN is a network authentication flag, and the optional parameters are one of the following: RN and data shared by the network side; random numbers generated by the network side and/or the RN. Preferably, the RN generates a corresponding device authentication response value according to the device authentication data, including: the RN generates a user response value RES according to the user authentication method of the EPS AKA; and generates a device authentication response value according to a predetermined algorithm by using the device related key, the RES, and the optional parameter. RES_D. Preferably, the network side uses the device-related key to generate the device authentication data, including: generating a new random value RAND D according to a predetermined algorithm by using a device-related key, a random value RAND generated by the network side, and an optional parameter, where the optional parameter is One of the following: RN and network side shared data; network side and / or RN generated random number; use RAND_D as a random password to calculate the user authentication vector to generate a new user authentication vector {RAND_D, XRES D, Kasme D, AUTN D }; and determine that the device authentication data sent to the RN is RAND and AUTN_D, where RAND is generated by the network side The random number, XRES_D is the new network side expected response after calculation, Kasme_D is the new intermediate key after calculation, and AUTN_D is the new network authentication mark after calculation. Preferably, the RN generates a corresponding device authentication response value according to the device authentication data, where the RN uses the device-related key, the optional parameter, and the received RAND to generate a new random value RAND D according to a predetermined algorithm; the RN performs user authentication according to the EPS AKA. The method uses the new random value RAND D to perform a risk check on the received AUTN_D, and generates a device authentication response value RES D. Preferably, after the device authentication response value is sent to the network side for authenticating the RN, the method further includes: The network side receives the device authentication response value RES D; determines whether the device authentication response value RES D is consistent with the expected device response XRES_D; if the determination result is consistent, it is determined that the RN authentication is passed. Preferably, after determining that the RN authentication is passed, the method further includes: The RN and the network side set an association key, where the association key is one of the following: a device-related key; a new key generated by using a device-related key and a parameter according to a predetermined derivation algorithm, parameters include: Kasme, derived from Kasme Key, key or parameter related to the user subscription information of the RN. Preferably, setting the letter in the device authentication request Instructing the RN to perform device authentication; or setting an existing cell or field in the device authentication request to indirectly instruct the RN to perform device authentication. Preferably, the network side includes: a mobility management entity MME and a home subscriber server HSS. An aspect of the present invention provides a relay node, including: a first receiving module, configured to receive a device authentication request, where the device authentication request carries device authentication data generated by using a user authentication vector; and the first generating module is configured to be based on the device The authentication module generates a corresponding device authentication response value, and the first sending module is configured to send the device authentication response carrying the device authentication response value to the network side for authenticating the RN. The first generating module includes: a first decryption submodule, Set to use the device-related key, optional parameters, received RAND_D and/or AUTN_D to decrypt according to a predetermined algorithm, and get RAND and AUTN; first device authentication response value generation sub-module, set to use RAND and / or AUTN User authentication method based on packet evolution system authentication and key agreement EPS AKA The user response value RES and determining that the user response value RES is the device authentication response value RES_D. Preferably, the first generation module comprises: a second decryption sub-module configured to use the device-related key, the optional parameter, the received RAND_D, and / or AUTH_D1 decrypted according to a predetermined algorithm, and get RAND and / or AUTH; Second device authentication response value generation sub-module, set to use RAND And/or AUTN generates a user response value RES according to the user authentication method of the EPS AKA, and determines that the user response value RES is the device authentication response value RES D. Preferably, the first generation module includes: a user response value generation module, which is set to follow the EPS The user authentication method of the AKA generates a user response value RES; the third device authentication response value generation sub-module is configured to generate the device authentication response value RES D according to a predetermined algorithm using the device-related key, RES and optional parameters. Preferably, the first The generating module includes: a first random value generating submodule configured to generate a new random value RAND D according to a predetermined algorithm by using a device related key, a random value generated by the network side, and an optional parameter, and the optional parameter is one of the following: RN Data shared with the network side; random number generated by the network side and/or the RN; a fourth device authentication response value generation sub-module, configured to perform the received AUTN_D using the new random value RAND D according to the user authentication method of the EPS AKA - a risk certificate, and a device authentication response value RES D „ D. Preferably, the device further includes: a first associated key setting module, Set to set the association key, where the association key is one of the following: device-related key; device-related key and parameter-generated new key generated according to a predetermined derivation algorithm, parameters include: Kasme, a key derived from Kasme, The key or parameter associated with the RN's user subscription information. A further aspect of the present invention provides a network side, including: an obtaining module, configured to acquire, by using a received non-access stratum NAS message, a device identifier of the RN or device credential information of the RN; and a determining module, configured to be according to the RN The device identifier or the device certificate information on the network side determines the device-related key of the RN; the second generation module is configured to generate the device authentication data according to the device-related key; and the second sending module is configured to send the device authentication data through the device authentication request To the RN. Preferably, the second generation module comprises: a first device authentication data generation submodule, configured to use a device related key of the RN, an optional parameter, and a RAND in the {RAND, XRES, Kasme, AUTN} in the user authentication vector. / or AUTN is encrypted according to a predetermined algorithm, and generates device authentication data RAND_D and / or AUTN_D; or a second device authentication data generation sub-module, set to use the device-related key, optional parameters, user authentication vector {RAND, XRES, The fields in RAND and/or AUTN in Kasme, AUTN} are encrypted according to a predetermined algorithm, and device authentication data RAND_D and/or AUTH_D 1 are generated, where RAND is a random number generated by the network side, and XRES is a desired device response, Kasme Is an intermediate key, AUTN is a network authentication flag, and contains multiple fields, specifically AUTN = SQN * AK || AMF || MAC, where SQN* AK refers to the serial number SQN and anonymous key AK generated by the HSS XOR operation, AMF is the authentication management domain, MAC is the message-risk code, The optional parameters are one of the following: data shared by the RN and the network side; random numbers generated by the network side and/or the RN. Preferably, the second generating module comprises: a selecting submodule, configured to select RAND and AUTN in the user authentication vector {RAND, XRES, Kasme, AUTN} as device authentication data; and third device authentication data generating submodule, set to use The device-related key, the desired user response XRES and optional parameters in {RAND, XRES, Kasme, AUTN} in the user authentication vector generate a desired device authentication response XRES_D according to a predetermined algorithm, and determine XRES_D as device authentication data, wherein RAND It is a random number generated by the network side, Kasme is an intermediate key, and AUTN is a network authentication flag. The optional parameters are one of the following: RN and data shared by the network side; and random numbers generated by the network side and/or the RN. Preferably, the second generating module includes: a second random value generating submodule, configured to generate a new random value RAND_D according to a predetermined algorithm by using a device-related key of the RN to randomly generate a random value RAND and an optional parameter on the network side, where The optional parameter is one of the following: RN and network side shared data; network side and/or RN generated random number; fourth device authentication data generation submodule, set to use RAND_D as random password generation for calculating user authentication vector A new user authentication vector {RAND D, XRES D, Kasme D, AUTN D}; and determine that the device authentication vector sent to the RN is RAND and AUTN_D, where RAND is a random number generated by the network side, and XRES D is calculated. The new network side expects a response, Kasme_D is the calculated new intermediate key, and AUTN D is the calculated new network authentication flag. Preferably, the foregoing apparatus further includes: a second receiving module, configured to receive a device authentication response value
RES_D; 认证响应值判断模块, 设置为判断设备认证响应值 RES_D与期望设 备响应 XRES_D是否一致; 认证模块,设置为在认证响应值判断模块的判断结 果为一致时, 确定 RN认证通过。 优选地, 上述装置还包括: 第二关联密钥设置模块, 设置为设置关联密钥, 其中, 关联密钥为以下之一: 设备相关密钥; 设备相关密钥与参量按照预定派 生算法生成的新密钥, 参量包括: Kasme, 由 Kasme派生的密钥、 与 RN的用 户签约信息相关的密钥或参数。 优选地, 上述装置还包括: 第一设置模块, 设置为在设备认证请求中设置 信元指示 RN进行设备认证; 第二设置模块, 设置为在设备认证请求中设置已 有信元或字段间接指示 RN进行设备认证。 优选地, 网络侧包括: 移动管理实体 ( MME )和归属用户服务器( HSS )。 本发明的再一个方面提供了一种认证系统, 包括: 上述的 RN和网络侧。 通过本发明, 釆用中继节点接收用于认证的设备认证请求, 并将生成的对 应的设备认证响应值发送给网络侧, 用于认证 RN, 解决了相关技术中的认证 方法无法保证 RN作为基站的合法性, 继而导致 RN月艮务的用户设备的安全性 比较低的问题, 进而实现了保证 RN作为基站的合法性, 从而提高了 RN服务 的用户设备的安全性的效果。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不 当限定。 在附图中: 图 1是根据相关技术的 LTE网络架构示意图; 图 2是根据相关技术的引入中继节点后的接入网络架构示意图; 图 3是根据相关技术的 UE的 AKA过程流程图; 图 4是根据本发明实施例的认证方法的流程图; 图 5是根据本发明优选实施例的设备认证流程图; 图 6是根据本发明设备关联密钥的生成示意图; 图 7是 居本发明实施例的中继节点的结构框图; 图 8是 居本发明实施例的中继节点的优选的结构框图; 图 9是 居本发明实施例的网络侧的结构框图; 图 10是才艮据本发明实施例的网络侧的优选的结构框图; 以及 图 11是根据本发明实施例的认证系统的结构框图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在不 冲突的情况下, 本申请中的实施例及实施例中的特征可以相互组合。 本实施例提供了一种认证方法, 图 4是根据本发明实施例的认证方法的流 程图, 如图 4所示, 该方法包括: 步骤 S402 , RN接收设备认证请求, 其中设备认证请求中携带有使用用户 认证向量生成的设备认证数据。 步骤 S404, RN根据设备认证数据生成对应的设备认证响应值, 并将携带 有设备认证响应值的设备认证响应发送至网络侧, 用于认证 RN。 通过上述步骤, RN接收用于认证的设备认证请求, 并将生成的对应的设 备认证响应值发送给网络侧, 用于认证 RN, 解决了相关技术中的认证方法无 法保证 RN作为基站的合法性, 继而导致 RN服务的用户设备的安全性比较低 的问题, 实现了保证 RN作为基站的合法性, 从而提高了 RN服务的用户设备 的安全性的效果。 优选地, 步骤 S402和 S404中使用的设备认证请求消息和设备认证响应消 息可以复用当前 EPS AKA过程中的用户认证请求消息和用户认证响应消息。 优选地, 在步骤 S402之前, 上述方法还包括: 网络侧通过接收到的 NAS 消息获取 RN的设备标识或 RN的设备证书信息; 网络侧根据 RN的设备标识 或网络侧的设备证书信息确定 RN的设备相关密钥; 网络侧使用设备相关密钥 生成设备认证数据, 并将设备认证数据通过设备认证请求发送给 RN。 通过本 优选实施例的确定步骤, 实现了网络侧确定设备相关密钥, 然后根据相关密钥 生成设备认证数据, 提高了认证方法的可靠性。 优选地, 设备相关密钥为以下之一: 设备相关密钥是 RN设备签约信息或 者设备证书中的预共享密钥或参数; 设备相关密钥是由预共享密钥或参数生成 的新密钥或新参数。通过本优选实施例,某个 RN的设备相关的密钥只有该 RN 和合法的网络运营商知晓,攻击者无法获得该信息, 实现了密钥设定的灵活性, 并提高了系统的可靠性。 下面对上述步骤中网络侧使用设备相关密钥生成设备认证数据的优选的 实施方式进行说明。 首先使用 RN的设备相关密钥、 可选参数、 用户认证向量 {RAND, XRES , Kasme, AUTN}中的 RAND和 /或 AUTN按照预定算法进行 加密, 并生成设备认证数据 RAND_D和/或 AUTN_D; 或 使用 AUTN 中的设备相关密钥、 可选参数、 用户认证向量中的 {RAND, XRES , Kasme, AUTN}中的 RAND和 /或 AUTN中的字段 (比如 MAC字段 ) 按照预定算法进行加密,生成设备认证数据 RAND_D和 /或 AUTN_D 1; 其中, RAND是网络侧生成的随机数, XRES是网络侧期望的用户响应, Kasme是中 间密钥, AUTN是网络认证标志, 且包含了多个字段, 具体为 AUTN = SQN * AK || AMF (I MAC,其中 SQN* AK是指由 HSS生成的序列号 SQN和匿名密钥 AK的异或操作, AMF是认证管理域, MAC为消息验证码, 可选参数为以下 之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的随机数。 通过本优选 实施例的生成步骤,实现了对用户认证向量中的 RAND和 /或 AUTN进行加密, 提高了认证参数的可靠性。 下面对步骤 S404的 RN根据设备认证数据生成对应的设备认证响应值的 优选实施方式进行说明。 RN 首先使用设备相关密钥、 可选参数、 接收到的 RAND D和 /或 AUTN_D按照预定算法进行解密, 并得到原始用户认证向量中 的 RAND和 /或 AUTN, 并使用 EPS AKA的用户认证方法生成用户响应值的 RES , 并确定该用户响应值为设备认证响应值 RES_D; 或 The RES_D; the authentication response value judging module is configured to determine whether the device authentication response value RES_D is consistent with the expected device response XRES_D; and the authentication module is configured to determine that the RN authentication is passed when the judgment result of the authentication response value judging module is consistent. Preferably, the apparatus further includes: a second associated key setting module, configured to set an association key, wherein the association key is one of: a device-related key; a device-related key and a parameter generated according to a predetermined derivation algorithm The new key, parameters include: Kasme, the key derived from Kasme, the key or parameter associated with the user subscription information of the RN. Preferably, the foregoing apparatus further includes: a first setting module, configured to: set a cell in the device authentication request to instruct the RN to perform device authentication; and a second setting module, configured to set an existing cell or a field indirect indication in the device authentication request The RN performs device authentication. Preferably, the network side comprises: a mobility management entity (MME) and a home subscriber server (HSS). According to still another aspect of the present invention, an authentication system is provided, including: the foregoing RN and a network side. According to the present invention, the relay node receives the device authentication request for authentication, and sends the generated corresponding device authentication response value to the network side for authentication of the RN, which solves the problem that the authentication method in the related art cannot guarantee the RN. The legality of the base station, which in turn leads to the problem that the security of the user equipment of the RN service is relatively low, thereby ensuring the legitimacy of the RN as a base station, thereby improving the security of the user equipment of the RN service. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 1 is a schematic diagram of an LTE network architecture according to the related art; FIG. 2 is a schematic diagram of an access network architecture after introducing a relay node according to the related art; FIG. 3 is a flowchart of an AKA process of a UE according to the related art; 4 is a flowchart of an authentication method according to an embodiment of the present invention; FIG. 5 is a flowchart of device authentication according to a preferred embodiment of the present invention; FIG. 6 is a schematic diagram of generating a device association key according to the present invention; FIG. 8 is a block diagram showing a preferred structure of a relay node according to an embodiment of the present invention; FIG. 9 is a structural block diagram of a network side according to an embodiment of the present invention; A preferred block diagram of the network side of the embodiment of the invention; and FIG. 11 is a block diagram showing the structure of the authentication system according to an embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The present embodiment provides an authentication method. FIG. 4 is a flowchart of an authentication method according to an embodiment of the present invention. As shown in FIG. 4, the method includes: Step S402: A RN receives a device authentication request, where the device authentication request is carried in There is device authentication data generated using the user authentication vector. Step S404: The RN generates a corresponding device authentication response value according to the device authentication data, and sends a device authentication response carrying the device authentication response value to the network side for authenticating the RN. Through the above steps, the RN receives the device authentication request for authentication, and sends the generated device authentication response value to the network side for authenticating the RN, which solves the problem that the authentication method in the related art cannot guarantee the legitimacy of the RN as the base station. The problem that the security of the user equipment of the RN service is relatively low is achieved, thereby ensuring the legitimacy of the RN as a base station, thereby improving the security of the user equipment of the RN service. Preferably, the device authentication request message and the device authentication response message used in steps S402 and S404 may multiplex the user authentication request message and the user authentication response message in the current EPS AKA process. Preferably, before the step S402, the method further includes: the network side acquires the device identifier of the RN or the device certificate information of the RN by using the received NAS message; the network side determines the RN according to the device identifier of the RN or the device certificate information of the network side. Device-related key; The network side uses the device-related key to generate device authentication data, and sends the device authentication data to the RN through the device authentication request. Through the determining step of the preferred embodiment, the network side determines the device related key, and then generates the device authentication data according to the relevant key, thereby improving the reliability of the authentication method. Preferably, the device related key is one of the following: the device related key is a RN device subscription information or a pre-shared key or parameter in the device certificate; the device related key is a new key generated by a pre-shared key or parameter. Or new parameters. With the preferred embodiment, the device-related key of an RN is known only by the RN and the legitimate network operator, and the attacker cannot obtain the information, thereby realizing the flexibility of key setting and improving the reliability of the system. . A preferred embodiment of the device-side key generation device authentication data used by the network side in the above steps will be described below. First, using the RN's device-related key, optional parameters, RAND and/or AUTN in the user authentication vector {RAND, XRES, Kasme, AUTN} to perform encryption according to a predetermined algorithm, and generate device authentication data RAND_D and/or AUTN_D; or Use the device-related key in the AUTN, optional parameters, RAND in the {RAND, XRES, Kasme, AUTN} in the user authentication vector and/or fields in the AUTN (such as the MAC field) to encrypt according to a predetermined algorithm to generate the device. Authentication data RAND_D and/or AUTN_D 1; wherein RAND is a random number generated by the network side, XRES is a user response expected by the network side, Kasme is an intermediate key, AUTN is a network authentication flag, and includes a plurality of fields, specifically AUTN = SQN * AK || AMF (I MAC, where SQN* AK refers to the exclusive OR operation of the serial number SQN generated by the HSS and the anonymous key AK, AMF is the authentication management domain, MAC is the message authentication code, optional parameters One of the following: data shared by the RN and the network side; random number generated by the network side and/or the RN. By the generating step of the preferred embodiment, encryption of the RAND and/or AUTN in the user authentication vector is implemented, The reliability of the authentication parameter is described below. The following describes a preferred embodiment in which the RN of step S404 generates a corresponding device authentication response value according to the device authentication data. The RN first uses the device-related key and optional parameters. The received RAND D and/or AUTN_D are decrypted according to a predetermined algorithm, and RAND and/or AUTN in the original user authentication vector are obtained, and the user response method of the EPS AKA is used to generate the RES of the user response value, and the user response is determined. Value is the device authentication response value RES_D; or
RN使用 RN的设备相关密钥、可选参数、接收到 RAND_D和 /或 AUTH_D1 按照预定算法进行解密, 并得到 RAND和 /或 AUTH,使用 RAND和 /或 AUTN 按照 EPS AKA的用户认证方法生成用户响应值 RES , 并确定用户响应值 RES 为设备认证响应值 RES_D。 通过本优选实施例的生成步骤, 确保了只有合法设 备才能正确解密认证数据, 从而生成合法的认证响应值, 保证了设备的合法性 和准确性。 下面对上述步骤生成设备认证数据的优选的另一实施方式进行说明。 选取 用户认证向量 {RAND, XRES , Kasme, AUTN}中的 RAND和 AUTN为设备 认证数据;使用设备相关密钥和用户认证向量 {RAND, XRES , Kasme, AUTN} 中的期望设备响应 XRES和可选参数按照预定算法生成期望设备认证数据响应 XRES D, 并确定 XRES_D作为设备认证数据, 其中, RAND是网络侧生成的 随机数, Kasme是中间密钥, AUTN是网络认证标志, 可选参数为以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的随机数。 过本优选实施例的, 确保了只有合法设备才能正确解密认证数据, 从而生成合法的认证响应值, 保 证了设备的合法性和准确性。 下面对步骤 S404的 RN根据设备认证数据生成对应的设备认证响应值的 优选实施方式进行说明。 RN按照 EPS AKA的用户认证方法生成用户响应值 RES , 使用设备相关密钥、 RES和可选参数按照预定算法生成设备认证响应值 RES_D。 通过本优选实施例的生成步骤, 实现了通过设备相关密钥和随机值按 照预定算法生成设备认证响应值, 确保了设备认证响应值的合法性。 下面对上述步骤生成设备认证数据的优选的再一实施方式进行说明。 首先 使用设备相关密钥、网络侧生成的随机值 RAND和可选参数按照预定算法生成 新的随机值 RAND_D, 其中, 可选参数为以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的随机数; 其次使用 RAND_D作为计算用户认证向量的 随机口令生成新的用户认证向量 {RAND_D, XRES D, Kasme D, AUTN D} , 最后确定发送给 RN的设备认证数据为 RAND和 AUTN_D发送给 RN。 通过 本优选实施例的生成步骤, 实现了对随机值的加密, 继而生成了与设备相关的 (或绑定的) 对设备认证向量, 提高了设备认证数据的可靠性。 下面对步骤 S404的 RN根据设备认证数据生成对应的设备认证响应值的 优选实施方式进行说明。 RN使用设备相关密钥、 可选参数和接收到的 RAND 按照预定算法生成新的随机值 RAND D; 并按照 EPS AKA的用户认证方法使 用 RAND_D对接收到的 AUTN_D进行-险证并生成设备认证响应值 RES_D。 通过本优选实施例的网络侧和 RN通过设备相关密钥和随机值按照预定算法生 成设备认证响应值。 确保了设备认证响应值的合法性和准确性。 优选地, 在将设备认证响应值发送至网络侧, 用于认证 RN之后, 还包括: 网络侧接收设备认证响应值 RES D; 判断设备认证响应值 RES D与期望设备 响应 XRES_D是否一致; 如果判断结果为一致, 则确定 RN认证通过。 实现了 判断设备认证响应值和网络侧期望设备响应是否一致, 在一致的情况下, 确定 RN认证通过。 实现了 RN作为基站的合法性认证, 有效提高了 RN及其服务 的用户设备的安全性。 优选地, 在确定 RN认证通过之后, 还包括: RN和网络侧设置关联密钥, 其中, 关联密钥为以下之一: 设备相关密钥; 使用设备相关密钥与参量按照预 定派生算法生成的新密钥, 参量包括: Kasme, 由 Kasme派生的密钥、 与 RN 的用户签约信息相关的密钥或参数。 通过本优选实施例, 实现了关联密钥的设 置, 从而有效防止攻击者对通信内容的窃听及篡改, 进而保证了网络侧网元的 信息安全。 优选地, 在设备认证请求中设置信元指示 RN进行设备认证; 或在设备认 证请求中设置已有信元或字段间接指示 RN进行设备认证。 即复用认证请求消 息中的某个信元或字段, 比如可以使用 AUTN信元中 AMF字段的保留比特位 作为指示信息, 通知 RN进行设备认证。 提高了认证请求的灵活性。 优选地,上面的所有实施方式的认证数据(比如 RAND_D,或 AUTN_D, 或 XRES_D等) 的生成过程中, 除了使用上述的必选参数外, 还可以使用其他参 数, 比如是网络侧 (即 MME和 /或 HSS )与 RN共享的某个参数, 或者网络侧 和 /或 RN 生成的随机数等; 如果是后者, 则需要在相应的请求和 /或响应消息 中将该随机值通知给对端。 优选地, 在上述步骤确定 RN认证通过之后, 还包括: RN设置关联密钥, 其中, 关联密钥为以下之一: 设备相关密钥; 使用设备相关密钥与参量按照预定密钥派生算法生成的新密钥, 参量包 括: Kasme或由 Kasme派生的密钥,与 RN的用户签约信息相关的密钥或参数。 优选地, 上述预定算法包括: 密钥派生算法 (Key Derivation Function, 简 称为 KDF )或加密算法。 通过本优选实施例, 釆用现有的密钥派生算法或加密 算法, 减小了开发成本。 实施例一 在本实施例结合了上述实施例及其中的优选实施方式, 本实施例提供了一 种设备认证方法, 该方法包括: 步骤 1 : RN通过 NAS消息将设备标识信息发送给 MME; 其中所述的 RN 的标识信息可以是 RN 的设备标识, 比如 RN 的国际移动设备识别码 ( International Mobile Equipment Identify, 简称为 IMEI ), 或者是 RN的设备证 书信息等。 步骤 2: MME才艮据设备认证数据对 RN发起设备认证请求, 通知 RN进行 设备认证, RN 才艮据设备认证请求生成设备认证响应值, 并通过设备认证响应 发送给 MME , 由 MME确认设备认证是否成功。 优选地, 对 RN设备发起的认证过程, 可以复用现有的 AKA流程, 也可 以使用新的消息流程。 优选地, 其中通知 RN进行设备认证的方法可以是: 在设备认证请求消息 中可以通过增加显式的信元通知 RN需要进行设备认证; 也可以在设备认证请 求消息中隐式地通知 RN, 即复用设备认证请求消息中的某个信元或字段, 比 如可以使用 AUTN信元中 AMF字段的保留比特位作为指示信息, 通知 RN进 行设备认证。 优选地, 步 4聚 2中的设备认证数据的可以釆用以下方式之一生成: ( 1 )利用设备相关的密钥对指定参数(比如用户认证向量 {RAND, XRES ,The RN uses the device-related key of the RN, optional parameters, receives RAND_D and/or AUTH_D1 to decrypt according to a predetermined algorithm, and obtains RAND and/or AUTH, and generates a user response according to the user authentication method of EPS AKA using RAND and/or AUTN. The value RES and the user response value RES is determined to be the device authentication response value RES_D. Through the generating step of the preferred embodiment, it is ensured that only the legal device can correctly decrypt the authentication data, thereby generating a legal authentication response value, thereby ensuring the legality and accuracy of the device. Next, another preferred embodiment of generating the device authentication data in the above steps will be described. Select RAND and AUTN in the user authentication vector {RAND, XRES, Kasme, AUTN} as the device authentication data; use the device-related key and the desired device response XRES and optional in the user authentication vector {RAND, XRES, Kasme, AUTN} The parameter generates a desired device authentication data response XRES D according to a predetermined algorithm, and determines XRES_D as device authentication data, where RAND is a random number generated by the network side, Kasme is an intermediate key, AUTN is a network authentication flag, and optional parameters are as follows One: data shared by the RN and the network side; a random number generated by the network side and/or the RN. The preferred embodiment ensures that only legitimate devices can correctly decrypt the authentication data, thereby generating a legal authentication response value, which ensures the legality and accuracy of the device. A preferred embodiment in which the RN of step S404 generates a corresponding device authentication response value based on the device authentication data will be described below. RN generates user response value according to user authentication method of EPS AKA RES , a device authentication response value RES_D is generated according to a predetermined algorithm using a device-related key, RES, and optional parameters. Through the generating step of the preferred embodiment, the device authentication response value is generated according to a predetermined algorithm by using the device-related key and the random value, and the legality of the device authentication response value is ensured. A preferred embodiment of generating device authentication data in the above steps will be described below. First, a new random value RAND_D is generated according to a predetermined algorithm by using a device-related key, a random value RAND generated by the network side, and an optional parameter, where the optional parameter is one of the following: RN and data shared by the network side; Or the random number generated by the RN; secondly, use RAND_D as a random password for calculating the user authentication vector to generate a new user authentication vector {RAND_D, XRES D, Kasme D, AUTN D}, and finally determine the device authentication data sent to the RN as RAND and AUTN_D Sent to the RN. Through the generating step of the preferred embodiment, the encryption of the random value is implemented, and then the device-related (or bound) device authentication vector is generated, which improves the reliability of the device authentication data. A preferred embodiment in which the RN of step S404 generates a corresponding device authentication response value based on the device authentication data will be described below. The RN uses the device-related key, optional parameters, and the received RAND to generate a new random value RAND D according to a predetermined algorithm; and uses the RAND_D to perform a risk certificate on the received AUTN_D according to the user authentication method of the EPS AKA and generate a device authentication response. The value RES_D. The device authentication response value is generated by the network side and the RN of the preferred embodiment according to a predetermined algorithm by using the device related key and the random value. The legality and accuracy of the device certification response value are ensured. Preferably, after the device authentication response value is sent to the network side for authenticating the RN, the method further includes: a network side receiving device authentication response value RES D; determining whether the device authentication response value RES D is consistent with the expected device response XRES_D; The result is consistent, then it is determined that the RN authentication is passed. It is implemented to determine whether the device authentication response value and the network side expected device response are consistent. In the case of consistency, it is determined that the RN authentication is passed. The RN is used as the legality authentication of the base station, which effectively improves the security of the RN and the user equipment it serves. Preferably, after determining that the RN authentication is passed, the method further includes: the RN and the network side setting an association key, where the association key is one of the following: a device-related key; using the device-related key and the parameter generated according to a predetermined derivation algorithm The new key, parameters include: Kasme, a key derived from Kasme, a key or parameter associated with the user subscription information of the RN. With the preferred embodiment, the setting of the association key is implemented, thereby effectively preventing the attacker from eavesdropping and tampering with the communication content, thereby ensuring information security of the network side network element. Preferably, the device is set to indicate that the RN performs device authentication in the device authentication request, or the existing cell or field is set in the device authentication request to indirectly instruct the RN to perform device authentication. Multiplex authentication request cancellation A certain cell or field in the information, for example, may use the reserved bit of the AMF field in the AUTN cell as the indication information, and notify the R N to perform device authentication. Increased flexibility in authentication requests. Preferably, in the process of generating the authentication data (such as RAND_D, or AUTN_D, or XRES_D, etc.) of all the above embodiments, in addition to using the above mandatory parameters, other parameters may be used, such as the network side (ie, MME and / or HSS) a parameter shared with the RN, or a random number generated by the network side and/or the RN, etc.; if the latter, the random value needs to be notified to the opposite end in the corresponding request and/or response message . Preferably, after determining, by the foregoing step, that the RN authentication is passed, the method further includes: the RN setting an association key, where the association key is one of the following: a device-related key; generating the device-related key and the parameter according to a predetermined key derivation algorithm The new key, parameters include: Kasme or a key derived from Kasme, a key or parameter associated with the RN's user subscription information. Preferably, the foregoing predetermined algorithm includes: a Key Derivation Function (KDF) or an encryption algorithm. With the preferred embodiment, the existing key derivation algorithm or encryption algorithm is used to reduce development costs. Embodiment 1 In this embodiment, the foregoing embodiment and its preferred embodiments are combined. The embodiment provides a device authentication method, where the method includes: Step 1: The RN sends the device identification information to the MME by using a NAS message; The identifier information of the RN may be a device identifier of the RN, such as an International Mobile Equipment Identity (IMEI) of the RN, or device certificate information of the RN. Step 2: The MME initiates a device authentication request to the RN according to the device authentication data, and notifies the RN to perform device authentication, and the RN generates a device authentication response value according to the device authentication request, and sends the device authentication response value to the MME, and the MME confirms the device authentication. whether succeed. Preferably, the authentication process initiated by the RN device may reuse an existing AKA process or may use a new message flow. Preferably, the method for notifying the RN to perform device authentication may be: in the device authentication request message, the RN may be notified by adding an explicit cell to perform device authentication; The message is implicitly notified to the RN, that is, a certain cell or field in the multiplex device authentication request message. For example, the reserved bit of the AMF field in the AUTN cell can be used as the indication information, and the RN is notified to perform device authentication. Preferably, the device authentication data in step 4 can be generated in one of the following ways: (1) using a device-related key pair specifying parameters (such as a user authentication vector {RAND, XRES,
Kasme, AUTN}中的 RAND和 /或 AUTN,或者 AUTN中的某个或某几个字段 ), 按照约定算法进行加密生成新的参数 (比如 RAND_D和 /或 AUTN_D )„ Kasme, RAND and / or AUTN in AUTN}, or one or more fields in AUTN, are encrypted according to the convention algorithm to generate new parameters (such as RAND_D and / or AUTN_D )
( 2 )利用设备相关的密钥和用户认证向量 {RAND, XRES , Kasme, AUTN} 中的期望响应值 XRES按照约定算法生成新的期望设备响应值 XRES_D。 ( 3 ) 在用户认证向量生成之前利用设备相关的密钥和网络侧随机生成的(2) Generate a new expected device response value XRES_D according to the agreed algorithm using the device-related key and the expected response value XRES in the user authentication vector {RAND, XRES, Kasme, AUTN}. (3) Using the device-related key and the network-side randomly generated before the user authentication vector is generated
RAND按照约定算法生成新的随机值 RAND D , 然后利用 RAND_D , 生成其 他的认证向量分量, 并最终生成新的设备认证向量 {RAND , XRES D , Kasme D, AUTN D }。(其中 RAND外的其他分量都是按照新随机值 RAND D 计算的)。 优选地, 上述认证数据可以由 MME生成, 也可以由 HSS 生成并发送给RAND generates a new random value RAND D according to the agreed algorithm, then uses RAND_D to generate other authentication vector components, and finally generates a new device authentication vector {RAND , XRES D , Kasme D, AUTN D }. (The other components outside RAND are calculated according to the new random value RAND D). Preferably, the foregoing authentication data may be generated by the MME, or may be generated by the HSS and sent to the HSS.
MME。 优选地, 为了增加设备认证数据的安全性, 在网络侧计算认证数据或者 RN生成设备响应值时还可以引入其他参数, 比如 RN与网络侧共享的某个参 数, 或者是网络侧 /RN生成的随机数等, 如果使用了随机数参数, 则相应参数 需要在认证流程消息中携带该参数以通知对方。 需要说明的是, 相应于不同的设备认证数据生成方法, 在设备请求消息中 携带的信息可以是 RAND或者 RAND_D,以及 AUTN或 AUTN_D。 即如果有 新的 RAND_D和 /或 AUTN_D, 则替代消息中的 RAND和 /或 AUTN, 否则不 做替换。 优选地, 相应于不同的设备认证数据生成方法, 步骤 2中的 RN生成设备 认证响应值可以釆用以下之一的方法生成: MME. Preferably, in order to increase the security of the device authentication data, when the network side calculates the authentication data or the RN generates the device response value, other parameters may also be introduced, such as a certain parameter shared by the RN and the network side, or generated by the network side/RN. If a random number parameter is used, the corresponding parameter needs to be carried in the authentication process message to notify the other party. It should be noted that, corresponding to different device authentication data generating methods, the information carried in the device request message may be RAND or RAND_D, and AUTN or AUTN_D. That is, if there is a new RAND_D and / or AUTN_D, replace RAND and / or AUTN in the message, otherwise do not replace. Preferably, corresponding to different device authentication data generating methods, the RN generating device authentication response value in step 2 may be generated by using one of the following methods:
( 1 ) RN 首先利用设备相关的密钥信息对认证请求消息中的参数 (比如 RAND D和 /或 AUTN_D,或者 AUTN_D中的某个或某几个字段)按照约定算 法进行解密获得 RAND和 /或 AUTN。然后按照普通 UE的处理方法,先对 AUTN 进行验证, 验证通过后按照现有的计算方法计算认证响应值 RES , 此时响应值 RES也即设备认证响应值 RES D„ (1) The RN first decrypts the parameters in the authentication request message (such as RAND D and/or AUTN_D, or one or more fields in AUTN_D) according to the agreed algorithm by using the device-related key information to obtain RAND and/or AUTN. Then according to the processing method of the ordinary UE, first to the AUTN After verification, the authentication response value RES is calculated according to the existing calculation method after verification, and the response value RES is also the device authentication response value RES D„
( 2 ) RN首先按照现有的方法进行 AUTN验证, 并生成用户认证响应值 RES。然后 RN利用设备相关的密钥和 RES按照与网络侧生成 XRES_D相同的 方法计算新的设备响应值 RES_D。 (2) The RN first performs AUTN verification according to the existing method, and generates a user authentication response value RES. The RN then calculates the new device response value RES_D in the same way as the network side generates XRES_D using the device-related key and RES.
( 3 ) 首先利用根据设备认证请求消息中的 RAND值釆用与网络侧计算新 随机值 RAND D相同的方法获得 RAND D, 然后利用 RAND_D和设备请求 中的 AUTN_D按照普通 UE的处理方法对 AUTN D进行-险证,并生成 RES_D。 优选地, 如果在 RN生成设备响应值时还也用到了其他参数 (比如 RN生 成的随机数), 则网络侧用于计算期望设备响应 XRES 的时间可以推迟到收到 设备认证响应消息之后。 本实施例中的约定算法可以是已知的密钥派生算法 ( Key Derivation Function, 简称为 KDF ) 或者加密算法, 具体不故赘述。 需要说明的是, 在具体的实施过程中上面认证数据的生成方法和相应的 RN 生成设备响应值的方法也可以根据实际情况相互组合, 但都在本发明的范 围之内。 优选地, 在上述设备认证过程中还可以完成对设备关联密钥的协定。 其中 设备关联密钥指的是与通过认证过的设备身份相关联的密钥, 该密钥可以用来 保护设备与网络侧之间的通信安全, 也可以用来派生用于保护设备与网络侧之 间的通信安全的其他密钥。 其中的设备关联密钥可以是 RN设备相关的密钥, 也可以是利用 RN设备相关的密钥和额外输入派生的新密钥。 其中所述的额外 输入可以是用户认证过程协定的中间密钥 Kasme,或者由 Kasme派生的其他密 钥, 也可以是其他 RN和网络侧共享的一个数值, 比如 RN的用户签约数据中 的密钥或参数等。 其中上述的 RN设备相关密钥信息, 是指 RN和网络侧都知道的预共享密 钥 (可以是对称密钥, 也可以是非对称密钥)。 其中上述的网络侧可以是 MME或者 HSS。 实施例二 在本实施例结合了上述实施例及其中的优选实施方式, 本实施例提供了一 种设备认证方法, 在本实施例中的设备认证方法的流程复用用户认证消息流 程, 通过消息中的新增指示信元显示的通知 RN进行设备认证, 并复用请求消 息中的信元作为认证数据, 图 5是根据本发明优选实施例的设备认证流程图, 如图 5所示, 该方法包括: 步骤 S501 : RN向 MME发起 NAS (比如 Attach Request)消息, 消息中携带 了 RN的设备标识信息 IMEI。 步骤 S503 : MME收到后向 HSS发起认证数据请求 (Authentication data Request ) 消息, 消息中携带 RN设备标识信息 IMEI; 步 4聚 S505 : HSS首先生成 RN的用户认证向量 {RAND, XRES , Kasme,(3) First, RAND D is obtained by using the same method as the network side calculation new random value RAND D according to the RAND value in the device authentication request message, and then using AUTN_D in the RAND_D and device request according to the processing method of the ordinary UE to the AUTN D Conduct a risk certificate and generate RES_D. Preferably, if other parameters (such as random numbers generated by the RN) are also used when the RN generates the device response value, the time used by the network side to calculate the expected device response XRES may be postponed until after the device authentication response message is received. The convention algorithm in this embodiment may be a known Key Derivation Function (KDF) or an encryption algorithm, which is not described in detail. It should be noted that, in the specific implementation process, the method for generating the above authentication data and the method for generating the response value of the corresponding RN may also be combined with each other according to actual conditions, but are all within the scope of the present invention. Preferably, the agreement on the device association key may also be completed in the device authentication process. The device association key refers to a key associated with the authenticated device identity, which can be used to protect the communication between the device and the network side, and can also be used to protect the device and the network side. Other keys for secure communication between. The device association key may be a key related to the RN device, or may be a new key derived by using the RN device-related key and additional input. The additional input may be the intermediate key Kasme of the user authentication process agreement, or other keys derived from Kasme, or a value shared by other RNs and the network side, such as a key in the user subscription data of the RN. Or parameters, etc. The above-mentioned RN device-related key information refers to a pre-shared key (which may be a symmetric key or an asymmetric key) known to both the RN and the network side. The above network side may be an MME or an HSS. Embodiment 2 In this embodiment, the foregoing embodiment and its preferred embodiments are combined. This embodiment provides a device authentication method. The process of the device authentication method in this embodiment multiplexes the user authentication message flow, and the new message is used. The notification RN displayed by the indication cell performs device authentication, and multiplexes the cells in the request message as authentication data. FIG. 5 is a flowchart of device authentication according to a preferred embodiment of the present invention. As shown in FIG. 5, the method includes: Step S501: The RN initiates a NAS (such as an Attach Request) message to the MME, where the message carries the device identification information IMEI of the RN. Step S503: The MME sends an Authentication Data Request message to the HSS, and the message carries the RN device identification information IMEI. Step 4: S505: The HSS first generates the user authentication vector of the RN {RAND, XRES, Kasme,
AUTN} , 并才艮据 RN的 IMEI索引 RN相应的设备相关密钥信息, 并将用户认 证向量和 RN 的设备相关密钥信息通过认证数据响应 ( Authentication data Response ) 消息发送给 MME。 优选地, 上述过程中 RN相应的设备相关密钥信息也可以由 MME 自己才艮 据 RN的设备标识信息获取, 比如从 MME存储的 RN设备相关中, 或者从其 他网元, 比如 OAM等。 步骤 S507: MME才艮据设备相关的密钥信息 (比如 K_D )对 RN的用户认 证向量中的 AUTN按照预定加密算法进行加密, 生成新的认证数据 AUTN_D , 然后向 RN发送认证请求消息, 消息中携带 RAND和认证数据 AUTN_D , 同 时消息中还携带 RN设备认证指示信息。 与上述的认证数据对应的期望设备响 应值 XRES_D, 仍然使用用户认证向量中的期望响应值 XRES。 优选地, 上述认证数据的加密过程中还可以使用其他入参, 所述其他入参 可以是 MME和 RN共享的某个数值, 和 /或 MME生成的随机数, 时需要 MME将该随机数通过消息发送给 RN。 优选地, 上述认证数据也可以复用请求消息中的 RAND , 此时由 MME利 用 RN 设备相关的密钥对 RAND 按照预定算法进行加密得到认证数据 RAND D ,此时 MME发送给 RN的请求消息中的认证数据就是加密后的 RAND 值 (RAND_D)和 AUTN, RN 收到后可以先对 RAND D 进行解密, 获得初始 RAND值, 然后进行后续的 AUTN -险证和 RES计算等处理, 处理方法与普通 UE一致。 步骤 S509: RN收到后, 如果消息指示进行设备认证, 则 RN首先对认证 数据 AUTN_D进行解密获得 AUTN, 然后釆用与普通 UE相同的认证方法对 AUTN进行认证, 如果认证通过则釆用与普通 UE相同的方法生成响应 RES , 该响应值同时也作为设备认证响应值 RES_D。然后通过认证响应消息将 RES_D (也就是 RES ) 发送给 MME。 需要说明的是,上述过程中设备响应 RAND_D和 /或 AUTN_D的加密和解 密过程中, 也可以有其他的入参, 比如 MME生成的新随机值, 其计算方法方 法相同, 只是此时需要 MME在请求消息中将该随机值发送给 RN. 步骤 S 511: MME收到后比较 RES D与期望设备响应值 XRES D , 如果 两者一致, 则表示 RN成功完成了设备认证。 优选地, 上述过程完成之后, MME和 RN也可以完成 RN设备关联密钥 K_RN的协定, 图 6为根据本发明设备关联密钥的生成示意图, 如图 6所示, 其中 K_RN可以直接使用 RN设备相关的密钥 K_D , 也可以利用 K_D与其他 额外输入 居约定密钥派生算法派生, 其他额外输入可以包括通过 AKA过程 协定的中间密钥 Kasme , 比如 K_RN = KDF(Kasme, K D) , 也可以是 RN与网 络侧共享的一个数值。 需要说明的是, 在本实施例中, 通过消息中的新增指示信元显示的通知 RN 进行设备认证, 并复用请求消息中的信元作为认证数据, 实际应用中认证 过程也可以通过隐式的方式通知 RN 进行设备认证, 比如可以爹改 AUTN_D 中 AMF字段中的某个 /些保留比特位, 利用该比特位通知 RN进行设备设备认 证。 实施例三 在本实施例结合了上述实施例及其中的优选实施方式, 本实施例提供了一 种设备认证方法,在本实施例中,设备认证方法的流程复用用户认证消息流程, 通过消息中的新增指示信元显示的通知 RN进行设备认证, 并复用请求消息中 的信元作为认证数据, 该方法包括: 步骤 1: 同实施例二的步骤 S501。 步 4聚 2: 同实施例二的步 4聚 S503。 步骤 3: HSS首先生成一个随机数 RAND, 然后才艮据 RN的 IMEI索引 RN 相应的设备相关密钥信息, 利用设备相关的密钥信息 (比如称之为 K_D ) 和 RAND作为输入, 按照约定的派生算法计算新的 RAND_D: RAND D = KDF ( RAND, K D ), 可选的, 计算过程中也可以再使用其他输入参数。 .然后利 用该 RAND_D作为计算用户认证向量的随机口令 ( random challenge ) 计算生 成 RN的新用户认证向量 {RAND_D, XRES D, Kasme D, AUTN D} (该认 证向量的生成方法为已知内容,不做赘述;)。然后 HSS利用初始的随机值 RAND 代替新认证向量中的随机口令 RAND D得到新认证向量 {RAND , XRES D , Kasme D , AUTN D} , 并通过认证数据响应 ( Authentication data Response ) 消息将该新认证向量发送给 MME。 可选地, 使用初始的 RAND代替 RAND_D形成新认证向量的过程也可以 由 MME完成。相应的,之前需要由 HSS将新的用户认证向量 {RAND , XRES D , Kasme D , AUTN D }和初始的随机值 RAND发送给 MME。 步骤 4: MME向 RN发起认证请求, 消息中携带初始的 RAND和认证数 据 AUTN_D, 以及设备认证指示信息, 用于指示 RN进行设备认证。 步骤 5: RN收到后, 如果消息指示进行设备认证, 则 RN首先利用 RAND 和 RN设备相关的密钥按照约定算法计算 RAND_D, 然后利用 RAND_D 对 AUTN D进行 -险证,具体 -险证方法与用户认证过程中 UE -险证 AUTN方法一样, 如果-险证通过则生成响应值 RES D(计算方法与用户认证过程中 UE生成 RES 方法一致;), 然后将 RES D通过认证响应消息发送给 MME。 步骤 6: MME收到后比较 RES D与之前 HSS发来的 XRES_D,如果两者 一致, 则表示 RN成功完成了设备认证。 优选地, 通过上述流程还完成了 RN设备关联密钥 Kasme_D的协定。 该 密钥可以用来保护 RN 与网络侧之间的通信安全 , 也可以用来派生用于保护 RN与网络侧之间的通信安全的其他密钥。 需要说明的是, 在本实施例中, 通过消息中的新增指示信元显示的通知 RN进行设备认证, 也可以通过隐式的方式通知 RN进行设备认证, 比如可以 修改 AUTN_D中 AMF字段中的某个 /些保留比特位,利用该比特位通知 RN进 行设备认证。 实施例四 在本实施例结合了上述实施例及其中的优选实施方式, 本实施例提供了一 种设备认证方法,在本实施例中,设备认证方法的流程复用用户认证消息流程, 复用消息中的信元隐式的通知 RN 进行设备认证, 并将用户认证向量中的 RAND和 AUTN也作为设备认证数据。 该方法包括: 步骤 1: 同实施例二的步骤 S501。 步 4聚 2: 同实施例二的步 4聚 S503。 步骤 3: 同实施例二的步骤 S505。 步骤 4: MME利用 XRES和 RN设备相关的密钥 (K_D) , 按照约定派生算 法计算新的期望设备响应 XRES D= KDF(XRES, K_D)。然后 MME向 RN发送 认证请求消息, 其中设备认证数据复用用户认证向量中的 RAND和 AUTN, 即 消息中携带 RAND和 AUTN, 其中复用 AUTN中的 AMF字段,使用其预留的 比特位指示 RN需要进行设备认证。 可选的, 上述过程中认证数据的计算也可以在 HSS完成, 然后由 HSS发 给 MME, 计算的方法与上述过程中 MME的计算方法相同。 步 4聚 5: RN收到后, 对 RAND和 AUTN釆用与普通 UE相同的用户认证 处理流程, 首先对 AUTN进行认证, 然后生成响应值 RES , 同时如果 RN发现 AUTN中 AMF指示需要进行设备认证, 则 RN利用 RN设备相关的密钥(比如 K_D)和 RES 按照与 MME 生成 XRES_D 相同的派生算法生成设备响应值 RES D: RES D = KDF(RES, K D), 并通过认证响应消息将 RES D 发送给 MME。 优选地,上述流程中设备认证响应消息中也可以同时携带 RES和 RES_D , 此时 MME 欠到后分别比较 RES与 XRES, 以及 RES D与 XRES_D。
Figure imgf000019_0001
一致说明 RN成功完成设备认证。 需要说明的是, 该计算过程中还可以使用其他参数, 比如 RN与 MME共 享的某个参数, 或者是网络侧 /RN生成的随机数等, 如果使用了随机数参数, 则相应参数需要在认证响应消息中携带该参数以通知 MME, 这时步骤 5 中 MME计算 XRES_D的时间需要放在 MME收到设备认证响应之后. 步骤 6: MME收到后比较 RES D和 MME计算的 XRES_D, 如果一致, 则表示 RN成功完成了设备认证。 优选地,上述过程完成之后, MME和 RN也可以完成设备关联密钥 K RN 的协定, 图 6 为根据本发明设备关联密钥的生成示意图, 如图 6 所示, 其中 K_RN可以直接使用 RN设备相关的密钥 K_D, 也可以利用 K_D与其他额外 输入 居约定密钥派生算法派生, 其他额外输入可以包括通过 AKA过程协定 的中间密钥 Kasme, 比如 K_RN = KDF(Kasme, K D), 也可以是 RN与网络侧 共享的一个数值。 实施例五 在本实施例结合了上述实施例及其中的优选实施方式, 本实施例提供了一 种设备认证方法,在本实施例中,通过复用 AUTN中 AMF字段隐式的通知 RN 的设备认证,并在请求消息中的将新计算的 RAND_D和 AUTN_D作为认证数 据。 该方法包括: 步骤 1: 同实施例二的步骤 S501。 步 4聚 2: 同实施例二的步 4聚 S503。 步骤 3: HSS 首先生成 RN 的用户认证向量 {RAND, XRES , Kasme, AUTN} , 并根据 RN的 IMEI索引 RN相应的设备相关密钥信息。 然后 HSS根 据 RN设备相关的密钥 (比如 K_D ) 对用户认证向量的 RAND和 AUTN中的 MAC字段进行加密得到认证数据 RAND_D和 AUTN_D (其中只力口密了 MAC 字段, 其他与 AUTN相同;), 并^ ί'爹改 AUTN_D中 AMF字段中的保留比特位, 用于指示 RN需要进行设备认证, 最终生成设备认证向量 {RAND_D, XRES , Kasme, AUTN D}„ 并将用户认证向量和 RN的设备相关密钥信息通过认证数 据响应 ( Authentication data Response ) 消息发送给 MME。 优选地, 上述过程中认证数据的计算也可以在 MME完成, 计算的方法与 上述过程中 HSS的计算方法一致。 步 4聚 4: MME向 RN发送认证请求消息,消息中携带 RAND_D和 AUTN_D , 其中与该设备认证数据对应的期望设备响应值 XRES_D 使用用户认证向量中 的期望用户响应 XRES , 即 XRES D = XRES。 步骤 5 : RN收到后, 通过 AUTN_D中 AMF字段指示知道需要进行设备 认证, 因此首先利用设备相关的密钥根据约定算法对 RAND_D和 AUTN_D中 的 MAC字段进行解密, 获得初始的 RAND和 AUTN。 然后 RN釆用与普通 UE相同的认证方法对 AUTN进行认证, 并利用 RAND生成响应值 RES , 该响 应值同时也作为设备认证响应值 RES D, 然后通过认证响应消息将 RES发送 给 MME。 需要说明的是, 上述过程中设备响应 RAND_D、 AUTN_D的加密过程中, 也可以有其他的入参, 比如 MME生成的随机值, 其计算方法方法相同, 最终 生成相应的设备响应值 RES_D。 相应地, 此时需要 MME在请求消息中将该随 机值发送给 RN. 步骤 6: MME收到后比较 RES_D (即 RES)和 XRES_D (即 XRES), 如果一 致, 则表示 RN成功完成了设备认证。 优选地, 上述过程完成之后, MME和 RN也完成了设备关联密钥 K_RN 的协定, 图 6 为根据本发明设备关联密钥的生成示意图, 如图 6 所示, 其中 K_RN可以直接使用 RN设备相关的密钥 K_D, 也可以利用 K_D与其他额外 输入 居约定密钥派生算法派生, 其他额外输入可以包括通过 AKA过程协定 的中间密钥 Kasme, 比如 K_RN = KDF(Kasme, K D), 也可以是 RN与网络侧 共享的一个数值。 实施例六 在本实施例结合了上述实施例及其中的优选实施方式, 本实施例提供了一 种设备认证方法, 在本实施例中, 通过请求消息中的新增信元显示的通知 RN 的设备认证, 并在响应消息中增加新信元作为认证数据。 该方法包括: 步 4聚 1: 同实施例二的步 4聚 01。 步 4聚 2: 同实施例二的步 4聚 03。 步骤 3: HSS首先计算 RN的用户认证向量 {RAND, XRES , Kasme, AUTN} , 并将该认证数据通过认证数据响应 ( Authentication data Response ) 消息发送给 MME。 步 4聚 4: MME向 RN发送认证请求消息, 消息中携带设认证数据 RAND 和 AUTN , 以及设备认证指示信息。 步骤 5: RN收到后, RN首先釆用与普通 UE相同的认证方法对 AUTN进 行认证, 如果认证通过并釆用 UE相同的认证方法生成响应 RES , 如果消息中 的指示信息指示需要进行设备认证,则 RN利用 RES、RN设备相关的密钥 K_D 和随机参数 RAND_D,按照约定算法生成设备响应 RES_D: RES D = KDF(RES RAND D, K D) , 并通过认证响应消息将 RES 和新增信元 RES_D 以及 RAND D一起发给 MME。 步骤 6: MME收到后比较 RES和 HSS发来的 XRES ,如果一致则说明 RN 的用户认证成功完成。 同时 MME利用 XRES和收到的 RAND_D和 RN设备 相关的密钥, 釆用与 RN相同的方法生成 XRES_D, 并比较收到的 RES_D与 MME计算的 XRES_D, 如果一致, 则表示 RN成功完成了设备认证。 优选地, 上述过程中认证数据的计算也可以在 HSS完成, 此时 HSS利用 与上述过程 MME相同的方法生成新的认证数据, 并发送给 MME, 后续过程 与上述流程一致。 优选地, MME中的 RN设备相关的密钥信息, 可以从 O AM或者 HS S获 得。 优选地, 上述过程完成之后, MME和 RN也完成了设备关联密钥 K_RN 的协定, 图 6 为根据本发明设备关联密钥的生成示意图, 如图 6 所示, 其中 K_RN可以直接使用 RN设备相关的密钥 K_D, 也可以利用 K_D与其他额外 输入 居约定密钥派生算法派生, 其他额外输入可以包括通过 AKA过程协定 的中间密钥 Kasme, 比如 K_RN = KDF(Kasme, K D), 也可以是 RN与网络侧 共享的一个数值。 本实施例提供了一种中继节点, 图 7是根据本发明实施例的中继节点的结 构框图, 如图 7所示, 该中继节点包括: 第一接收模块 72、 第一生成模块 74 和第一发送模块 76 , 下面对上述结构进行详细描述: 第一接收模块 72 , 设置为接收设备认证请求, 其中设备认证请求中携带有 使用用户认证向量生成的设备认证数据; 第一生成模块 74 , 连接至第一接收模 块 72 , 设置为根据第一接收模块 72接收的设备认证数据生成对应的设备认证 响应值; 第一发送模块 76 , 连接至第一生成模块 74 , 设置为将携带有第一生 成模块 74生成的设备认证响应值的设备认证响应发送至网络侧,用于认证 RN。 图 8是 居本发明实施例的中继节点的优选的结构框图, 如图 8所示, 该 中继节点包括第一关联密钥设置模块 82 ; 第一生成模块 74包括: 第一解密子 模块 801、 第一设备认证响应值生成子模块 802 ; 第二解密子模块 803、 第二设 备认证响应值生成子模块 804; 用户响应值生成模块 805、 第三设备认证响应 值生成子模块 806; 第一随机值生成子模块 807、 第四设备认证响应值生成子 模块 808 , 下面对上述结构进行详细描述: 第一解密子模块 801 , 设置为使用 RN的设备相关密钥、 可选参数、 接收 到的 RAND_D和 /或 AUTN_D按照预定算法进行解密,并得到 RAND和 AUTN; 第一设备认证响应值生成子模块 802 , 连接至第一解密子模块 801 , 设置为使 用第一解密子模块 801得到的 RAND和 /或 AUTN按照分组演进系统鉴权认证 和密钥协定 EPS AKA的用户认证方法生成用户响应值 RES , 并确定用户响应 值 RES为设备认证响应值 RES D„ 第二解密子模块 803 , 设置为使用 RN的设备相关密钥、 可选参数、 接收 到的 RAND_D 和 AUTH_D1 按照预定算法进行解密, 并得到 RAND 和 /或 AUTH; 第二设备认证响应值生成子模块 804 , 连接至第二解密子模块 803 , 设 置为使用第二解密子模块 803得到的 RAND和 /或 AUTN按照 EPS AKA的用 户认证方法生成用户响应值 RES , 并确定用户响应值 RES 为设备认证响应值 RES D。 用户响应值生成模块 805 ,设置为按照 EPS AKA的用户认证方法生成用户 响应值 RES; 第三设备认证响应值生成子模块 806 , 连接至用户响应值生成模 块 805 , 设置为使用设备相关密钥、 RES和可选参数按照预定算法生成设备认 证响应值 RES D„ 第一随机值生成子模块 807, 设置为使用 RN的设备相关密钥、 网络侧生 成的随机值和可选参数按照预定算法生成新的随机值 RAND D,可选参数为以 下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的随机数; 第四设备 认证响应值生成子模块 808 , 连接至第一随机值生成子模块 807 , 设置为按照 EPS AKA的用户认证方法使用第一随机值生成子模块 807生成的新的随机值 RAND D对接收到的 AUTN_D进行-险证, 并生成设备认证响应值 RES_D。 中继节点还包括: 第一关联密钥设置模块 82 ,设置为设置关联密钥,其中, 关联密钥为以下之一: 设备相关密钥; 设备相关密钥与参量按照预定派生算法生成的新密钥, 参量包括: Kasme 或由 Kasme派生的密钥、 与 RN的用户签约信息相关的密钥或参数。 本实施例还提供了一种网络侧, 图 9是才艮据本发明实施例的网络侧的结构 框图, 如图 9所示, 该网络侧包括: 获取模块 92、 确定模块 94、 第二生成模 块 96和第二发送模块 98 , 下面对上述结构进行详细描述: 获取模块 92 , 设置为通过接收到的 NAS 消息获取 RN的设备标识或 RN 的设备证书信息; 确定模块 94 , 连接至获取模块 92 , 设置为根据获取模块 92 获取到的 RN的设备标识或网络侧的设备证书信息确定 RN的设备相关密钥; 第二生成模块 96 , 连接至确定模块 94 , 设置为 居确定模块 94确定的设备相 关密钥生成设备认证数据; 第二发送模块 98 , 连接至第二生成模块 96 , 设置 为将第二生成模块 96生成的设备认证数据通过设备认证请求发送给 RN。 图 10是才艮据本发明实施例的网络侧的优选的结构框图, 如图 10所示, 该AUTN}, according to the RN's IMEI index RN corresponding device-related key information, and the user authentication vector and the RN's device-related key information are sent to the MME through an Authentication Data Response message. Preferably, the device-related key information of the RN in the foregoing process may also be obtained by the MME itself according to the device identification information of the RN, for example, from the RN device related to the MME, or from other network elements, such as OAM. Step S507: The MME encrypts the AUTN in the user authentication vector of the RN according to the device-related key information (such as K_D) according to a predetermined encryption algorithm, generates new authentication data AUTN_D, and then sends an authentication request message to the RN. The RAND and the authentication data AUTN_D are carried, and the RN device authentication indication information is also carried in the message. The expected device response value XRES_D corresponding to the above-described authentication data still uses the expected response value XRES in the user authentication vector. Preferably, other encryption parameters may be used in the encryption process of the foregoing authentication data. The other input parameters may be a certain value shared by the MME and the RN, and/or a random number generated by the MME, and the MME needs to pass the random number. The message is sent to the RN. Preferably, the authentication data may also multiplex the RAND in the request message, and the MME encrypts the RAND according to a predetermined algorithm by using the key associated with the RN device to obtain the authentication data RAND D, and the MME sends the request message to the RN. The authentication data is the encrypted RAND value (RAND_D) and AUTN. After receiving the RN, the RN can decrypt the RAND D to obtain the initial RAND value, and then perform subsequent AUTN-risk and RES calculations, etc. The UE is consistent. Step S509: After the RN receives the message, if the message indicates that the device is authenticated, the RN first decrypts the authentication data AUTN_D to obtain the AUTN, and then authenticates the AUTN by using the same authentication method as the normal UE, and if the authentication is passed, the UT is used. The same method of the UE generates a response RES, which also serves as the device authentication response value RES_D. The RES_D (ie RES) is then sent to the MME via an authentication response message. It should be noted that, in the process of encrypting and decrypting the device in response to RAND_D and/or AUTN_D in the foregoing process, other parameters may be input, such as a new random value generated by the MME, and the calculation method is the same, but only the MME is required at this time. The random value is sent to the RN in the request message. Step S 511: After receiving the MME, the MME compares the RES D with the expected device response value XRES D . If the two are consistent, the RN successfully completes the device authentication. Preferably, after the foregoing process is completed, the MME and the RN may also complete the agreement of the RN device association key K_RN. FIG. 6 is a schematic diagram of generating a device association key according to the present invention. As shown in FIG. 6, the K_RN may directly use the RN device. The associated key K_D can also be derived using K_D and other additional input-constellation key derivation algorithms. Other additional inputs can include the intermediate key Kasme agreed by the AKA process, such as K_RN = KDF(Kasme, KD), or A value shared by the RN and the network side. It should be noted that, in this embodiment, the device is authenticated by the notification RN displayed by the newly added indicator cell in the message, and the cell in the request message is used as the authentication data. In the actual application, the authentication process may also be hidden. In this way, the RN is notified to perform device authentication. For example, one or some reserved bits in the AMF field in the AUTN_D can be falsified, and the RN is used to notify the RN to perform device device authentication. Embodiment 3 In this embodiment, the foregoing embodiment and its preferred embodiments are combined. This embodiment provides a device authentication method. In this embodiment, the process of the device authentication method multiplexes the user authentication message flow, and the message is passed. The notification RN displayed by the newly added indicator cell performs device authentication, and multiplexes the cell in the request message as the authentication data. The method includes the following steps: Step 1: Step S501 of the second embodiment. Step 4: 2: Step S4 of the second embodiment is combined with S503. Step 3: The HSS first generates a random number RAND, and then uses the device-related key information (such as K_D) and RAND as input according to the RN's IMEI index RN corresponding device-related key information. The derived algorithm calculates the new RAND_D: RAND D = KDF ( RAND, KD ), optionally, other input parameters can be used in the calculation. Then, using the RAND_D as a random challenge for calculating the user authentication vector, a new user authentication vector {RAND_D, XRES D, Kasme D, AUTN D} for generating the RN is calculated (the generation method of the authentication vector is known content, Do a narrative ;). The HSS then uses the initial random value RAND instead of the random password RAND D in the new authentication vector to obtain the new authentication vector {RAND , XRES D , Kasme D , AUTN D} and authenticates the new authentication with an Authentication Data Response message. The vector is sent to the MME. Alternatively, the process of forming a new authentication vector using the initial RAND instead of RAND_D may also be done by the MME. Correspondingly, the new user authentication vector {RAND , XRES D , Kasme D , AUTN D } and the initial random value RAND need to be sent to the MME by the HSS. Step 4: The MME initiates an authentication request to the RN, where the message carries the initial RAND and the authentication data AUTN_D, and the device authentication indication information, which is used to instruct the RN to perform device authentication. Step 5: After the RN receives the message, if the message indicates that the device is authenticated, the RN first calculates the RAND_D according to the agreed algorithm by using the RAND and the RN device-related key, and then uses RAND_D to perform the risk certificate on the AUTN D, and the specific-risk method and In the user authentication process, the UE-risk AUTN method is the same. If the risk certificate passes, the response value RES D is generated (the calculation method is consistent with the UE generation RES method in the user authentication process;), and then the RES D is sent to the MME through the authentication response message. . Step 6: After receiving the MME, the MME compares the RES D with the XRES_D sent by the previous HSS. If the two are consistent, the RN successfully completes the device authentication. Preferably, the agreement of the RN device association key Kasme_D is also completed by the above procedure. This key can be used to secure communication between the RN and the network side, and can also be used to derive other keys for securing communication between the RN and the network side. It should be noted that, in this embodiment, the device is authenticated by the notification RN displayed by the newly added indicator cell in the message, and the RN may be notified in the implicit manner to perform device authentication, for example, the AMF field in the AUTN_D may be modified. Some/some reserved bits, which are used to inform the RN to perform device authentication. Embodiment 4 In this embodiment, the foregoing embodiment and its preferred embodiments are combined. This embodiment provides a device authentication method. In this embodiment, the process of the device authentication method multiplexes the user authentication message flow in the multiplexing message. The cell implicitly notifies the RN to perform device authentication, and also uses RAND and AUTN in the user authentication vector as device authentication data. The method includes: Step 1: Step S501 of the second embodiment. Step 4: 2: Step S4 of the second embodiment is combined with S503. Step 3: Same as step S505 of the second embodiment. Step 4: The MME uses the key associated with the XRES and the RN device (K_D) to calculate a new expected device response XRES D = KDF(XRES, K_D) according to the convention derivation algorithm. The MME then sends an authentication request message to the RN, where the device authentication data multiplexes the RAND and the AUTN in the user authentication vector, that is, the message carries RAND and AUTN, where the AMF field in the AUTN is multiplexed, and the reserved bit is used to indicate the RN. Equipment certification is required. Optionally, the calculation of the authentication data in the foregoing process may also be completed in the HSS, and then sent by the HSS to the MME, and the calculation method is the same as the calculation method of the MME in the foregoing process. Step 4: After receiving the RN, the RN and the AUTN use the same user authentication process as the normal UE, first authenticate the AUTN, and then generate the response value RES, and if the RN finds that the AMF indication in the AUTN requires device authentication. Then, the RN uses the RN device-related key (such as K_D) and RES to generate the device response value RES D according to the same derived algorithm as the MME generates XRES_D: RES D = KDF(RES, KD), and RES D through the authentication response message Send to the MME. Preferably, the device authentication response message in the above process may also carry RES and RES_D at the same time. At this time, the MME compares RES and XRES, and RES D and XRES_D respectively after owing.
Figure imgf000019_0001
It is consistently stated that the RN successfully completes device authentication. It should be noted that other parameters may be used in the calculation process, such as a parameter shared by the RN and the MME, or a random number generated by the network side/RN. If a random number parameter is used, the corresponding parameter needs to be authenticated. The response message carries the parameter to notify the MME. In this case, the time for the MME to calculate the XRES_D in step 5 needs to be placed after the MME receives the device authentication response. Step 6: After the MME receives the comparison, the RES D and the XRES_D calculated by the MME are compared. This indicates that the RN successfully completed device authentication. Preferably, after the foregoing process is completed, the MME and the RN may also complete the agreement of the device association key K RN . FIG. 6 is a schematic diagram of generating a device association key according to the present invention, as shown in FIG. 6 , where the K_RN may directly use the RN device. The associated key K_D can also be derived using K_D and other additional input-constellation key derivation algorithms. Other additional inputs can include the intermediate key Kasme through the AKA process agreement, such as K_RN = KDF (Kasme, KD), or A value shared by the RN and the network side. Embodiment 5 In this embodiment, the foregoing embodiment and its preferred embodiments are combined. This embodiment provides a device authentication method. In this embodiment, the device that notifies the RN implicitly by multiplexing the AMF field in the AUTN is used. Authentication, and the newly calculated RAND_D and AUTN_D in the request message are used as authentication data. The method includes: Step 1: Step S501 of the second embodiment. Step 4: 2: Step S4 of the second embodiment is combined with S503. Step 3: The HSS first generates a user authentication vector {RAND, XRES, Kasme, AUTN} of the RN, and indexes the corresponding device-related key information of the RN according to the IMEI of the RN. Then, the HSS encrypts the MAC fields in the RAND and AUTN of the user authentication vector according to the RN device-related key (such as K_D) to obtain the authentication data RAND_D and AUTN_D (where only the MAC field is secretly encrypted, and the others are the same as the AUTN;), And ί 爹 爹 爹 A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A A The related key information is sent to the MME through an authentication data response message. Preferably, the calculation of the authentication data in the above process may also be completed in the MME, and the calculation method is consistent with the calculation method of the HSS in the above process. 4: The MME sends an authentication request message to the RN, where the message carries RAND_D and AUTN_D, wherein the expected device response value XRES_D corresponding to the device authentication data uses the expected user response XRES in the user authentication vector, that is, XRES D = XRES. Step 5: After receiving the RN, the RN indicates through the AMF field in the AUTN_D that device authentication is required. Therefore, the device-related key root is used first. Conventions algorithm RAND_D AUTN_D the MAC field and decrypts the obtained initial RAND and AUTN. RN then preclude the use of ordinary The same authentication method of the UE authenticates the AUTN, and uses the RAND to generate a response value RES, which is also used as the device authentication response value RES D, and then sends the RES to the MME through the authentication response message. It should be noted that, in the encryption process of the device responding to RAND_D and AUTN_D in the foregoing process, other input parameters, such as random values generated by the MME, may be used, and the calculation method is the same, and finally the corresponding device response value RES_D is generated. Correspondingly, the MME needs to send the random value to the RN in the request message. Step 6: The MME compares the RES_D (ie RES) and the XRES_D (ie, XRES). If the MME is consistent, the RN successfully completes the device authentication. . Preferably, after the foregoing process is completed, the MME and the RN also complete the agreement of the device association key K_RN. FIG. 6 is a schematic diagram of generating a device association key according to the present invention, as shown in FIG. 6, where the K_RN can directly use the RN device. The key K_D can also be derived using K_D and other additional input-constellation key derivation algorithms. Other additional inputs can include the intermediate key Kasme through the AKA process agreement, such as K_RN = KDF (Kasme, KD), or RN A value shared with the network side. Embodiment 6 In this embodiment, the foregoing embodiment and its preferred embodiments are combined. This embodiment provides a device authentication method. In this embodiment, the notification RN is displayed by adding a new cell in the request message. Device authentication, and add new cells as authentication data in the response message. The method includes the following steps: Step 4: 1 is the same as step 4 of the second embodiment. Step 4: 2: Same as step 4 of Example 2, 03. Step 3: The HSS first calculates the user authentication vector {RAND, XRES, Kasme, AUTN} of the RN, and sends the authentication data to the MME through an Authentication Data Response message. Step 4: The MME sends an authentication request message to the RN, where the message carries the authentication data RAND and AUTN, and the device authentication indication information. Step 5: After receiving the RN, the RN first authenticates the AUTN by using the same authentication method as the normal UE. If the authentication passes and uses the same authentication method of the UE, the response RES is generated. The indication information indicates that device authentication is required, and the RN uses the RES, the RN device-related key K_D, and the random parameter RAND_D to generate a device response RES_D according to the agreed algorithm: RES D = KDF(RES RAND D, KD), and passes the authentication response. The message sends the RES to the MME along with the new cell RES_D and RAND D. Step 6: After receiving the MME, compare the RES and the XRES sent by the HSS. If they are consistent, the user authentication of the RN is successfully completed. At the same time, the MME uses the XRES and the received RAND_D and the RN device to generate the XRES_D in the same way as the RN, and compares the received RES_D with the XRES_D calculated by the MME. If the RN is consistent, the RN successfully completes the device authentication. . Preferably, the calculation of the authentication data in the foregoing process may also be completed in the HSS. At this time, the HSS generates new authentication data by using the same method as the foregoing process MME, and sends the new authentication data to the MME, and the subsequent process is consistent with the foregoing process. Preferably, the key information related to the RN device in the MME may be obtained from O AM or HS S. Preferably, after the foregoing process is completed, the MME and the RN also complete the agreement of the device association key K_RN. FIG. 6 is a schematic diagram of generating a device association key according to the present invention, as shown in FIG. 6, where the K_RN can directly use the RN device. The key K_D can also be derived using K_D and other additional input-constellation key derivation algorithms. Other additional inputs can include the intermediate key Kasme through the AKA process agreement, such as K_RN = KDF (Kasme, KD), or RN A value shared with the network side. The present embodiment provides a relay node. FIG. 7 is a structural block diagram of a relay node according to an embodiment of the present invention. As shown in FIG. 7, the relay node includes: a first receiving module 72, and a first generating module 74. And the first sending module 76, the foregoing structure is described in detail: the first receiving module 72 is configured to receive a device authentication request, where the device authentication request carries the device authentication data generated by using the user authentication vector; 74. Connect to the first receiving module 72, and set to generate a corresponding device authentication response value according to the device authentication data received by the first receiving module 72. The first sending module 76 is connected to the first generating module 74, and is configured to carry The device authentication response of the device authentication response value generated by the first generation module 74 is sent to the network side for authenticating the RN. FIG. 8 is a block diagram of a preferred structure of a relay node according to an embodiment of the present invention. As shown in FIG. 8, the relay node includes a first associated key setting module 82. The first generating module 74 includes: a first decrypting submodule 801, a first device authentication response value generation submodule 802; a second decryption submodule 803, a second device The authentication response value generation sub-module 804; the user response value generation module 805, the third device authentication response value generation sub-module 806; the first random value generation sub-module 807, the fourth device authentication response value generation sub-module 808, The foregoing structure is described in detail: the first decryption sub-module 801 is configured to decrypt using a device-related key of the RN, an optional parameter, the received RAND_D and/or AUTN_D according to a predetermined algorithm, and obtain RAND and AUTN; The authentication response value generation sub-module 802 is connected to the first decryption sub-module 801, and is configured to use the RAND and/or AUTN obtained by the first decryption sub-module 801 according to the packet evolution system authentication authentication and the key agreement EPS AKA user authentication method. Generating a user response value RES and determining that the user response value RES is a device authentication response value RES D „ second decryption sub-module 803, set to use the device-related key of the RN, optional parameters, received RAND_D and AUTH_D1 according to a predetermined algorithm Decrypting, and obtaining RAND and / or AUTH; second device authentication response value generation sub-module 804, connected to the second decryption sub-module 803, set The RAND and/or AUTN obtained using the second decryption sub-module 803 generates a user response value RES according to the user authentication method of the EPS AKA, and determines that the user response value RES is the device authentication response value RES D. The user response value generation module 805 is set to Generating a user response value RES according to the user authentication method of the EPS AKA; a third device authentication response value generation sub-module 806, connected to the user response value generation module 805, configured to generate a device-related key, RES, and optional parameters according to a predetermined algorithm The device authentication response value RES D „ the first random value generation sub-module 807 is configured to generate a new random value RAND D according to a predetermined algorithm using a device-related key of the RN, a random value generated by the network side, and an optional parameter, and an optional parameter. One of the following: data shared by the RN and the network side; a random number generated by the network side and/or the RN; a fourth device authentication response value generation sub-module 808, connected to the first random value generation sub-module 807, set to follow the EPS The user authentication method of AKA performs a risk certificate on the received AUTN_D using the new random value RAND D generated by the first random value generation sub-module 807, and generates Preparation of the authentication response value RES_D. The relay node further includes: a first association key setting module 82 configured to set an association key, wherein the association key is one of: a device-related key; a device-related key and a parameter generated according to a predetermined derivation algorithm The key, parameters include: Kasme or a key derived from Kasme, a key or parameter related to the user subscription information of the RN. This embodiment also provides a network side. FIG. 9 is a structural block diagram of a network side according to an embodiment of the present invention. As shown in FIG. 9, the network side includes: an obtaining module 92, a determining module 94, and a second generation. The module 96 and the second sending module 98 are described in detail below. The obtaining module 92 is configured to obtain the device identifier of the RN or the device certificate information of the RN by using the received NAS message. The determining module 94 is connected to the acquiring module. And determining, according to the device identifier of the RN or the device certificate information of the network side acquired by the obtaining module 92, the device-related key of the RN; the second generating module 96 is connected to the determining module 94, and is configured to determine by the determining module 94. The device-related key generates the device authentication data. The second sending module 98 is connected to the second generating module 96, and is configured to send the device authentication data generated by the second generating module 96 to the RN through the device authentication request. FIG. 10 is a block diagram showing a preferred structure of a network side according to an embodiment of the present invention, as shown in FIG.
MME还包括: 第二关联密钥设置模块 101、 第一设置模块 102、 第二设置模块 104、 第二接收模块 106、 认证响应值判断模块 108和认证模块 109; 第二生成 模块 96包括: 第一设备认证数据生成子模块 942 , 第二设备认证数据生成子模 块 944、 选取子模块 945、 第三设备认证数据生成子模块 946、 第二随机值生成 子模块 948、 第四设备认证数据生成子模块 949 , 下面对上述结构进行详细描 述: 第一设备认证数据生成子模块 942 , 设置为使用 RN的设备相关密钥、 可 选参数、 用户认证向量中的 {RAND, XRES , Kasme, AUTN}中的 RAND和 / 或 AUTN 按照预定算法进行加密, 并生成设备认证数据 RAND_D 和 /或 AUTN D , 其中, RAND是网络侧生成的随机数, XRES是网络侧期望的用户 响应, Kasme是中间密钥, AUTN是网络认证标志, 且包含了多个字段, 具体 为 AUTN = SQN * AK || AMF || MAC, 其中 SQN* AK是指由 HSS生成的序列 号 SQN和匿名密钥 AK的异或操作, AMF是认证管理域, MAC为消息 -险证 码, 可选参数为以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的 随机数。 第二设备认证数据生成子模块 944 , 设置为使用 RN的设备相关密钥、 可 选参数、 用户认证向量中的 {RAND, XRES , Kasme, AUTN}中的 RAND和 / 或 AUTN中的字段按照预定算法进行加密, 并生成设备认证数据 RAND_D和 / 或 AUTH_D 1 , 其中, RAND是网络侧生成的随机数, XRES是期望设备响应, Kasme是中间密钥, AUTN是网络认证标志,且包含了多个字段,具体为 AUTN = SQN * AK || AMF || MAC, 其中 SQN* AK是指由 HSS生成的序列号 SQN和 匿名密钥 AK的异或操作, AMF是认证管理域, MAC为消息-险证码, 可选参 数为以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的随机数。 选取子模块 945,设置为选取用户认证向量 {RAND , XRES , Kasme , AUTN} 中的 RAND和 AUTN为设备认证数据; 第三设备认证数据生成子模块 946, 连 接至选取子模块 945, 设置为使用设备相关密钥、 用户认证向量中的 {RAND, XRES , Kasme, AUTN}中的 XRES和可选参数按照预定算法生成期望设备认 证响应 XRES_D, 并确定该 XRES_D作为设备认证数据, 其中,, 可选参数为 以下之一: RN和网络侧共享的数据; 网络侧和 /或 RN生成的随机数, RAND 是网络侧生成的随机数, XRES是网络侧期望的用户响应, Kasme是中间密钥, AUTN是网络认证标志。 第二随机值生成子模块 948, 设置为使用 RN的设备相关密钥对网络侧随 机生成的随机值 RAND和可选参数按照预定算法进行加密,并生成新的随机值 RAND D, 其中, 可选参数为以下之一: RN和网络侧共享的数据; 网络侧和 / 或 RN生成的随机数; 第四设备认证数据生成子模块 949, 连接至第二随机值 生成子模块 948,设置为使用第二随机值生成子模块 948生成的 RAND_D作为 计算用户认证向量的随机口令生成设备认证数据 {RAND_D , XRES D , Kasme D , AUTN D}; 并确定发送给 RN 的设备认证向量为 RAND 和 AUTN D, 其中, RAND是网络侧生成的随机数, XRES_D是计算后的新的网 络侧期望的用户响应, Kasme_D计算后的新的是中间密钥, AUTN_D是计算 后的新的网络认证标志。 上述的 MME还包括: 第一设置模块 102 , 设置为在设备认证请求中设置 信元指示 RN进行设备认证; 第二设置模块 104, 设置为在设备认证请求中设 置已有信元或字段间接指示 RN进行设备认证。 上述 MME 还包括: 第二接收模块 106 , 设置为接收设备认证响应值 RES_D; 认证响应值判断模块 108, 连接至第二接收模块 106, 设置为判断第 二接收模块 106接收到的设备认证响应值与用户网络侧期望设备响应 XRES_D 是否一致; 认证模块 109, 连接至认证响应值判断模块 108, 设置为在认证响 应值判断模块 108的判断结果为一致时, 确定 RN认证通过。 上述 MME还包括: 第二关联密钥设置模块 101 , 设置为设置关联密钥, 其中, 关联密钥为以下之一: 设备相关密钥; 设备相关密钥与参量按照预定派 生算法生成的新密钥, 参量包括: Kasme、 由 Kasme派生的密钥、 与 RN的用 户签约信息相关的密钥或参数。 图 11是根据本发明实施例的认证系统的结构框图, 如图 11所示, 该认证 系统包括: RN 2和网络侧 4 , RN 2和网络侧 4的具体结构如上所示, 在此不 再赞述。 通过上述实施例, 釆用中继节点接收用于认证的设备认证请求, 并将生成 的对应的设备认证响应值发送给 MME, 用于认证 RN, 可以实现网络对中继节 点设备的认证, 确保 RN的合法性, 有效保护 RN及其服务的用户设备的安全 性。 可以最大程度的减小对当前标准协议的改动, 确保了最大程度的版本兼容 性问题。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以 用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多 个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码 来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 并且在某些 情况下, 可以以不同于此处的顺序执行所示出或描述的步骤, 或者将它们分别 制作成各个集成电路模块, 或者将它们中的多个模块或步骤制作成单个集成电 路模块来实现。 这样, 本发明不限制于任何特定的硬件和软件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领 域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的 ^"神和原则 之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之 内。 The MME further includes: a second associated key setting module 101, a first setting module 102, a second setting module 104, a second receiving module 106, an authentication response value determining module 108, and an authentication module 109. The second generating module 96 includes: a device authentication data generation sub-module 942, a second device authentication data generation sub-module 944, a selection sub-module 945, a third device authentication data generation sub-module 946, a second random value generation sub-module 948, and a fourth device authentication data generator. Module 949, the above structure is described in detail below: First device authentication data generation sub-module 942, set to use the device-related key of the RN, optional parameters, {RAND, XRES, Kasme, AUTN} in the user authentication vector The RAND and/or AUTN are encrypted according to a predetermined algorithm, and generate device authentication data RAND_D and/or AUTN D, where RAND is a random number generated by the network side, XRES is a user response expected by the network side, and Kasme is an intermediate key. AUTN is a network authentication flag and contains multiple fields, specifically AUTN = SQN * AK || AMF || MAC, where SQN* AK refers to the sequence generated by HSS The XOR of the SQN and the anonymous key AK, the AMF is the authentication management domain, the MAC is the message-risk code, and the optional parameters are one of the following: RN and data shared by the network side; network side and/or RN generated random number. The second device authentication data generation sub-module 944 is configured to use a device-related key of the RN, an optional parameter, a field in the RAND and/or AUTN in {RAND, XRES, Kasme, AUTN} in the user authentication vector according to the predetermined The algorithm performs encryption and generates device authentication data RAND_D and/or AUTH_D 1 , where RAND is a random number generated by the network side, XRES is a desired device response, Kasme is an intermediate key, AUTN is a network authentication flag, and includes multiple Field, specifically AUTN = SQN * AK || AMF || MAC, where SQN* AK refers to the serial number SQN generated by the HSS and The XOR of the anonymous key AK, the AMF is the authentication management domain, and the MAC is the message-risk code. The optional parameters are one of the following: RN and data shared by the network side; and random numbers generated by the network side and/or the RN. The sub-module 945 is selected to select RAND and AUTN in the user authentication vector {RAND, XRES, Kasme, AUTN} as device authentication data; the third device authentication data generation sub-module 946 is connected to the selection sub-module 945, and is set to use The device-related key, the XRES and optional parameters in {RAND, XRES, Kasme, AUTN} in the user authentication vector generate a desired device authentication response XRES_D according to a predetermined algorithm, and determine the XRES_D as device authentication data, wherein, The parameters are one of the following: data shared by the RN and the network side; random numbers generated by the network side and/or the RN, RAND is a random number generated by the network side, XRES is a user response expected by the network side, Kasme is an intermediate key, AUTN Is the network certification mark. The second random value generation sub-module 948 is configured to encrypt the random value RAND and the optional parameter randomly generated by the network side according to a predetermined algorithm by using the device-related key of the RN, and generate a new random value RAND D, where The parameter is one of the following: data shared by the RN and the network side; a random number generated by the network side and/or the RN; a fourth device authentication data generation submodule 949 connected to the second random value generation submodule 948, set to use The RAND_D generated by the two random value generating sub-module 948 is used as the random password generating device authentication data {RAND_D, XRES D , Kasme D , AUTN D} for calculating the user authentication vector; and determining that the device authentication vectors sent to the RN are RAND and AUTN D, Where RAND is the random number generated by the network side, XRES_D is the calculated new network side user response, Kasme_D calculates the new intermediate key, and AUTN_D is the calculated new network authentication flag. The foregoing MME further includes: a first setting module 102, configured to: set a cell in the device authentication request to instruct the RN to perform device authentication; and the second setting module 104 is configured to set an existing cell or a field indirect indication in the device authentication request. The RN performs device authentication. The MME further includes: a second receiving module 106, configured to receive a device authentication response value RES_D; an authentication response value determining module 108, connected to the second receiving module 106, configured to determine a device authentication response value received by the second receiving module 106 The authentication module 109 is connected to the authentication response value judging module 108, and is configured to determine that the RN authentication is passed when the judgment result of the authentication response value judging module 108 is consistent. The MME further includes: a second association key setting module 101, configured to set an association key, where the association key is one of the following: a device-related key; the device-related key and the parameter are distributed according to a predetermined The new key generated by the algorithm, the parameters include: Kasme, the key derived from Kasme, the key or parameter related to the user subscription information of the RN. 11 is a structural block diagram of an authentication system according to an embodiment of the present invention. As shown in FIG. 11, the authentication system includes: RN 2 and network side 4, and the specific structure of the RN 2 and the network side 4 is as shown above, and is no longer Praise. With the above-mentioned embodiment, the relay node receives the device authentication request for authentication, and sends the generated device authentication response value to the MME, which is used to authenticate the RN, and can implement authentication of the relay node device by the network to ensure The legality of the RN effectively protects the security of the RN and the user equipment it serves. Minimize changes to current standard protocols to ensure maximum version compatibility issues. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种认证方法, 包括: 1. An authentication method, including:
中继节点 RN接收设备认证请求, 其中, 所述设备认证请求中携带 有使用用户认证向量生成的设备认证数据;  The relay node RN receives the device authentication request, where the device authentication request carries the device authentication data generated by using the user authentication vector;
所述 RN根据所述设备认证数据生成对应的设备认证响应值, 并将 携带有所述设备认证响应值的设备认证响应发送至网络侧, 用于认证所 述 RN。  The RN generates a corresponding device authentication response value according to the device authentication data, and sends a device authentication response carrying the device authentication response value to the network side for authenticating the RN.
2. 根据权利要求 1所述的方法, 其中, 在 RN接收设备认证请求之前, 还 包括: The method according to claim 1, wherein before the RN receives the device authentication request, the method further includes:
所述网络侧通过接收到的非接入层 NAS消息获取所述 RN的设备标 识或所述 RN的设备证书信息;  Obtaining, by the network side, the device identifier of the RN or the device certificate information of the RN by using the received non-access stratum NAS message;
所述网络侧根据所述 RN的设备标识或所述网络侧的设备证书信息 确定所述 RN的设备相关密钥;  Determining, by the network side, a device-related key of the RN according to the device identifier of the RN or the device certificate information of the network side;
所述网络侧使用所述设备相关密钥生成所述设备认证数据, 并将所 述设备认证数据通过所述设备认证请求发送给所述 RN。  The network side generates the device authentication data by using the device related key, and sends the device authentication data to the RN by using the device authentication request.
3. 根据权利要求 2所述的方法, 其中, 所述设备相关密钥为以下之一: 所述设备相关密钥是 RN设备签约信息或者设备证书中的预共享密 钥或参数; The method according to claim 2, wherein the device related key is one of: the device related key is a pre-shared key or parameter in the RN device subscription information or the device certificate;
所述设备相关密钥是由所述预共享密钥或所述参数生成的新密钥或 新参数。  The device related key is a new key or new parameter generated by the pre-shared key or the parameter.
4. 根据权利要求 2所述的方法, 其中, 所述网络侧使用所述设备相关密钥 生成所述设备认证数据包括: The method according to claim 2, wherein the generating, by the network side, the device authentication data by using the device related key comprises:
使用所述 RN的设备相关密钥、 可选参数、 所述用户认证向量中的 {RAND, XRES , Kasme, AUTN}中的 RAND和 /或 AUTN按照预定算 法进行加密, 并生成设备认证数据 RAND_D和/或 AUTN_D; 或  Encrypting according to a predetermined algorithm using a device-related key of the RN, an optional parameter, RAND and/or AUTN in {RAND, XRES, Kasme, AUTN} in the user authentication vector, and generating device authentication data RAND_D and / or AUTN_D; or
使用所述设备相关密钥、 所述可选参数、 所述用户认证向量中的 {RAND, XRES , Kasme, AUTN}中的 RAND和 /或 AUTN中的字段按 照所述预定算法进行加密, 并生成设备认证数据 RAND D 和 /或 AUTH Dl , 其中, RAND是网络侧生成的随机数, XRES是期望设备响 应, Kasme是中间密钥, AUTN是网络认证标志, 且包含了多个字段, 具体为 AUTN = SQN * AK || AMF || MAC,其中 SQN* AK是指由归属用 户服务器 HSS生成的序列号 SQN和匿名密钥 AK的异或操作, AMF是 认证管理域, MAC为消息-险证码, 可选参数为以下之一: 所述 RN和所 述网络侧共享的数据; 所述网络侧和 /或所述 RN生成的随机数。 根据权利要求 4所述的方法, 其中, 所述 RN根据所述设备认证数据生 成对应的设备认证响应值包括: Encrypting according to the predetermined algorithm using the device-related key, the optional parameter, a field in RAND and/or AUTN in {RAND, XRES, Kasme, AUTN} in the user authentication vector, and generating Equipment certification data RAND D and / or AUTH Dl , where RAND is a random number generated by the network side, XRES is the expected device response, Kasme is the intermediate key, AUTN is the network authentication flag, and contains multiple fields, specifically AUTN = SQN * AK || AMF | MAC, where SQN* AK refers to the exclusive OR operation of the serial number SQN and the anonymous key AK generated by the home subscriber server HSS. The AMF is the authentication management domain, and the MAC is the message-risk code. The optional parameter is one of the following: : data shared by the RN and the network side; a random number generated by the network side and/or the RN. The method according to claim 4, wherein the generating, by the RN, the corresponding device authentication response value according to the device authentication data comprises:
所述 RN使用所述设备相关密钥、所述可选参数、接收到的 RAND_D 和 /或 AUTN_D按照所述预定算法进行解密,并得到 RAND和 /或 AUTN; 使用所述 RAND和 /或所述 AUTN按照分组演进系统鉴权认证和密钥协 定 EPS AKA的用户认证方法生成用户响应值 RES , 并确定所述用户响 应值 RES为设备认证响应值 RES D; 或  Decrypting the RN and/or AUTN using the device-related key, the optional parameter, the received RAND_D and/or AUTN_D, and obtaining the RAND and/or AUTN; using the RAND and/or the The AUTN generates a user response value RES according to the user authentication method of the packet evolution system authentication authentication and the key agreement EPS AKA, and determines that the user response value RES is the device authentication response value RES D; or
所述 RN使用所述 RN的设备相关密钥、 所述可选参数、 接收到的 RAND D和 /或 AUTH_D1 按照预定算法进行解密, 并得到 RAND和 / 或 AUTH;使用所述 RAND和 /或所述 AUTN按照所述 EPS AKA的用户 认证方法生成用户响应值 RES ,并确定所述用户响应值 RES为设备认证 响应值 RES_D。 根据权利要求 2所述的方法, 其中, 所述网络侧使用所述设备相关密钥 生成所述设备认证数据包括:  Determining, by the RN, the device-related key of the RN, the optional parameter, the received RAND D and/or AUTH_D1 according to a predetermined algorithm, and obtaining RAND and/or AUTH; using the RAND and/or the The AUTN generates a user response value RES according to the user authentication method of the EPS AKA, and determines that the user response value RES is a device authentication response value RES_D. The method according to claim 2, wherein the generating, by the network side, the device authentication data by using the device related key comprises:
选取所述用户认证向量 {RAND, XRES , Kasme, AUTN}中的 RAND 和 AUTN为设备认证数据;  Selecting RAND and AUTN in the user authentication vector {RAND, XRES, Kasme, AUTN} as device authentication data;
使用所述设备相关密钥、 用户认证向量 {RAND, XRES , Kasme, AUTN}中的期望用户响应 XRES和可选参数按照预定算法生成期望设备 认证响应 XRES_D, 并确定所述 XRES D 作为设备认证数据, 其中, RAND是网络侧生成的随机数, Kasme是中间密钥, AUTN是网络认证 标志, 所述可选参数为以下之一: 所述 RN和所述网络侧共享的数据; 所述网络侧和 /或所述 RN生成的随机数。 根据权利要求 6所述的方法, 其中, 所述 RN根据所述设备认证数据生 成对应的设备认证响应值包括:  Generating a desired device authentication response XRES_D according to a predetermined algorithm using the device-related key, the desired user response XRES and optional parameters in the user authentication vector {RAND, XRES, Kasme, AUTN}, and determining the XRES D as device authentication data The RAND is a random number generated by the network side, Kasme is an intermediate key, and the AUTN is a network authentication flag, and the optional parameter is one of the following: the RN and the data shared by the network side; And/or a random number generated by the RN. The method according to claim 6, wherein the generating, by the RN, the corresponding device authentication response value according to the device authentication data comprises:
所述 RN按照 EPS AKA的用户认证方法生成用户响应值 RES; 使用所述设备相关密钥、所述 RES和所述可选参数按照所述预定算 法生成设备认证响应值 RES D„ The RN generates a user response value RES according to the user authentication method of the EPS AKA; Generating a device authentication response value RES D according to the predetermined algorithm using the device related key, the RES, and the optional parameter
8. 根据权利要求 2所述的方法, 其中, 所述网络侧使用所述设备相关密钥 生成所述设备认证数据包括: The method according to claim 2, wherein the generating, by the network side, the device authentication data by using the device related key comprises:
使用所述设备相关密钥、 网络侧生成的随机值 RAND和可选参数按 照预定算法生成新的随机值 RAND_D,其中,所述可选参数为以下之一: 所述 RN和所述网络侧共享的数据; 所述网络侧和 /或所述 RN生成的随 机数;  And generating, by using a device-related key, a random value RAND generated by the network side, and an optional parameter, a new random value RAND_D according to a predetermined algorithm, where the optional parameter is one of the following: the RN and the network side share Data; the network side and/or the random number generated by the RN;
使用所述 RAND_D 作为计算所述用户认证向量的随机口令生成新 的用户认证向量 {RAND_D, XRES D, Kasme D, AUTN D} ; 并确定 发送给所述 RN的设备认证数据为所述 RAND和所述 AUTN_D, 其中, RAND是网络侧生成的随机数, XRES_D是所述计算后新的网络侧期望 响应, Kasme_D是所述计算后新的中间密钥, AUTN_D是所述计算后新 的网络认证标志。  Generating a new user authentication vector {RAND_D, XRES D, Kasme D, AUTN D} using the RAND_D as a random password for calculating the user authentication vector; and determining that the device authentication data sent to the RN is the RAND and the AUTN_D, where RAND is a random number generated by the network side, XRES_D is the new network side expected response after the calculation, Kasme_D is the calculated new intermediate key, and AUTN_D is the new network authentication flag after the calculation. .
9. 才艮据权利要求 8所述的方法, 其中, 所述 RN才艮据所述设备认证数据生 成对应的设备认证响应值包括: 9. The method according to claim 8, wherein the RN generates a corresponding device authentication response value according to the device authentication data, including:
所述 RN 使用所述设备相关密钥、 所述可选参数和接收到的所述 RAND按照所述预定算法生成所述新的随机值 RAND D;  The RN generates the new random value RAND D according to the predetermined algorithm by using the device related key, the optional parameter, and the received RAND;
所述 RN 按照 EPS AKA 的用户认证方法使用所述新的随机值 RAND D对接收到的所述 AUTN D进行-险证, 并生成设备认证响应值 RES D。  The RN performs a risk certificate on the received AUTN D according to the user authentication method of the EPS AKA, and generates a device authentication response value RES D using the new random value RAND D.
10. 根据权利要求 5、 7或 9所述的方法, 其中, 在将所述设备认证响应值发 送至网络侧, 用于认证所述 RN之后, 还包括: The method according to claim 5, 7 or 9, wherein, after the device authentication response value is sent to the network side, for authenticating the RN, the method further includes:
所述网络侧接收所述设备认证响应值 RES_D;  The network side receives the device authentication response value RES_D;
判断所述设备认证响应值 RES D与期望设备响应 XRES_D是否一 致;  Determining whether the device authentication response value RES D is consistent with the expected device response XRES_D;
如果判断结果为一致, 则确定所述 RN认证通过。  If the judgment result is consistent, it is determined that the RN authentication is passed.
11. 根据权利要求 10所述的方法, 其中, 在确定所述 RN认证通过之后, 还 包括: 所述 RN和所述网络侧设置关联密钥, 其中, 所述关联密钥为以下 之一: 所述设备相关密钥; The method according to claim 10, after determining that the RN authentication is passed, the method further includes: The RN and the network side set an association key, where the association key is one of: the device related key;
使用所述设备相关密钥与参量按照预定派生算法生成的新密钥, 所 述参量包括: Kasme、 由 Kasme派生的密钥、 与所述 RN的用户签约信 息相关的密钥或参数。  A new key generated using the device-related key and parameters in accordance with a predetermined derivation algorithm, the parameters including: Kasme, a key derived from Kasme, a key or parameter associated with user subscription information of the RN.
12. 根据权利要求 1-9中任一项所述的方法, 其中, The method according to any one of claims 1 to 9, wherein
在所述设备认证请求中设置信元指示所述 RN进行设备认证; 或 在所述设备认证请求中设置已有信元或字段间接指示所述 RN进行 设备认证。  Setting a cell in the device authentication request to instruct the RN to perform device authentication; or setting an existing cell or field in the device authentication request to indirectly instruct the RN to perform device authentication.
13. 根据权利要求 1-9 中任一项所述的方法, 其中, 所述网络侧包括: 移动 管理实体 MME和归属用户月艮务器 HSS。 The method according to any one of claims 1-9, wherein the network side comprises: a mobility management entity MME and a home subscriber server HSS.
14. 一种中继节点 RN, 包括: 14. A relay node RN, comprising:
第一接收模块, 设置为接收设备认证请求, 其中所述设备认证请求 中携带有使用用户认证向量生成的设备认证数据;  The first receiving module is configured to receive a device authentication request, where the device authentication request carries device authentication data generated by using a user authentication vector;
第一生成模块, 设置为根据所述设备认证数据生成对应的设备认证 响应值;  a first generation module, configured to generate a corresponding device authentication response value according to the device authentication data;
第一发送模块, 设置为将携带有所述设备认证响应值的设备认证响 应发送至网络侧, 用于认证所述 RN。  The first sending module is configured to send a device authentication response carrying the device authentication response value to the network side for authenticating the RN.
15. 根据权利要求 14所述的 RN, 其中, 所述第一生成模块包括: The RN according to claim 14, wherein the first generating module comprises:
第一解密子模块, 设置为使用所述设备相关密钥、 所述可选参数、 接收到的 RAND_D 和 /或 AUTN_D 按照预定算法进行解密, 并得到 RAND和 AUTN;  a first decryption sub-module, configured to use the device-related key, the optional parameter, the received RAND_D and/or AUTN_D to decrypt according to a predetermined algorithm, and obtain RAND and AUTN;
第一设备认证响应值生成子模块, 设置为使用 RAND 和 /或所述 AUTN按照分组演进系统鉴权认证和密钥协定 EPS AKA的用户认证方 法生成用户响应值 RES ,并确定所述用户响应值 RES为设备认证响应值 RES D。 根据权利要求 14所述的 RN, 其中, 所述第一生成模块包括: 第二解密子模块, 设置为使用所述设备相关密钥、 可选参数、 接收 到的 RAND_D和 /或 AUTH_D1按照预定算法进行解密, 并得到 RAND 和 /或 AUTH; a first device authentication response value generation submodule, configured to generate a user response value RES according to a user authentication method of the packet evolution system authentication authentication and the key agreement EPS AKA using RAND and/or the AUTN, and determine the user response value RES is the device authentication response value RES D. The RN according to claim 14, wherein the first generation module comprises: a second decryption sub-module, configured to decrypt using a device-related key, an optional parameter, the received RAND_D and/or AUTH_D1 according to a predetermined algorithm, and obtain RAND and/or AUTH;
第二设备认证响应值生成子模块, 设置为使用所述 RAND 和 /或所 述 AUTN按照所述 EPS AKA的用户认证方法生成用户响应值 RES , 并 确定所述用户响应值 RES为设备认证响应值 RES_D。  a second device authentication response value generating submodule, configured to generate a user response value RES according to the user authentication method of the EPS AKA using the RAND and/or the AUTN, and determine that the user response value RES is a device authentication response value RES_D.
17. 根据权利要求 14所述的 RN, 其中, 所述第一生成模块包括: The RN according to claim 14, wherein the first generating module comprises:
用户响应值生成模块, 设置为按照 EPS AKA的用户认证方法生成 用户响应值 RES;  a user response value generating module, configured to generate a user response value RES according to a user authentication method of the EPS AKA;
第三设备认证响应值生成子模块, 设置为使用所述设备相关密钥、 所述 RES和所述可选参数按照预定算法生成设备认证响应值 RES_D。  The third device authentication response value generating submodule is configured to generate the device authentication response value RES_D according to a predetermined algorithm using the device related key, the RES, and the optional parameter.
18. 根据权利要求 14所述的 RN, 其中, 所述第一生成模块包括: The RN according to claim 14, wherein the first generating module comprises:
第一随机值生成子模块, 设置为使用所述设备相关密钥、 网络侧生 成的随机值和可选参数按照预定算法生成新的随机值 RAND D, 所述可 选参数为以下之一: 所述 RN和所述网络侧共享的数据; 所述网络侧和 / 或所述 RN生成的随机数;  And a first random value generating submodule, configured to generate a new random value RAND D according to a predetermined algorithm by using the device related key, a random value generated by the network side, and an optional parameter, where the optional parameter is one of the following: Determining data shared by the RN and the network side; a random number generated by the network side and/or the RN;
第四设备认证响应值生成子模块, 设置为按照 EPS AKA的用户认 证方法使用所述新的随机值 RAND D对接收到的所述 AUTN_D进行-险 证, 并生成设备认证响应值 RES_D。  The fourth device authentication response value generating submodule is configured to perform the risk on the received AUTN_D using the new random value RAND D according to the user authentication method of the EPS AKA, and generate a device authentication response value RES_D.
19. 根据权利要求 14所述的 RN, 其中, 还包括: The RN according to claim 14, further comprising:
第一关联密钥设置模块, 设置为设置关联密钥, 其中, 所述关联密 钥为以下之一: 所述设备相关密钥;  a first associated key setting module, configured to set an association key, where the associated key is one of: the device related key;
所述设备相关密钥与参量按照预定派生算法生成的新密钥, 所述参 量包括: Kasme、 由 Kasme派生的密钥、 与所述 RN的用户签约信息相 关的密钥或参数。  The device-related key and the parameter are generated according to a predetermined derivation algorithm, and the parameters include: Kasme, a key derived from Kasme, a key or a parameter related to the user subscription information of the RN.
20. 一种网络侧, 包括: 20. A network side that includes:
获取模块,设置为通过接收到的非接入层 NAS消息获取所述 RN的 设备标识或所述 RN的设备证书信息; 确定模块, 设置为根据所述 RN的设备标识或所述网络侧的设备证 书信息确定所述 RN的设备相关密钥; An acquiring module, configured to acquire, by using the received non-access stratum NAS message, a device identifier of the RN or device credential information of the RN; a determining module, configured to determine a device related key of the RN according to the device identifier of the RN or the device certificate information of the network side;
第二生成模块, 设置为根据所述设备相关密钥生成所述设备认证数 据;  a second generating module, configured to generate the device authentication data according to the device related key;
第二发送模块, 设置为将所述设备认证数据通过所述设备认证请求 发送给所述 RN。  The second sending module is configured to send the device authentication data to the RN by using the device authentication request.
21. 根据权利要求 20所述的网络侧, 其中, 所述第二生成模块包括: The network side according to claim 20, wherein the second generating module comprises:
第一设备认证数据生成子模块, 设置为使用所述 RN的设备相关密 钥、 可选参数、 所述用户认证向量中的 {RAND, XRES , Kasme, AUTN} 中的 RAND和 /或 AUTN按照预定算法进行加密, 并生成设备认证数据 RAND D和 /或 AUTN D; 或  a first device authentication data generating submodule, configured to use a device related key of the RN, an optional parameter, RAND and/or AUTN in {RAND, XRES, Kasme, AUTN} in the user authentication vector according to a predetermined The algorithm performs encryption and generates device authentication data RAND D and/or AUTN D; or
第二设备认证数据生成子模块, 设置为使用所述设备相关密钥、 所 述可选参数、用户认证向量 {RAND, XRES, Kasme, AUTN}中的 RAND 和 /或 AUTN中的字段按照所述预定算法进行加密,并生成设备认证数据 RAND D和 /或 AUTH_D1 ,其中, RAND是网络侧生成的随机数, XRES 是期望设备响应, Kasme是中间密钥, AUTN是网络认证标志, 且包含 了多个字段, 具体为 AUTN = SQN * AK || AMF || MAC, 其中 SQN* AK 是指由 HSS生成的序列号 SQN和匿名密钥 AK的异或操作, AMF是认 证管理域, MAC为消息验证码, 所述可选参数为以下之一: 所述 RN和 所述网络侧共享的数据; 所述网络侧和 /或所述 RN生成的随机数。  a second device authentication data generating submodule, configured to use a field in the RAND and/or AUTN in the device related key, the optional parameter, the user authentication vector {RAND, XRES, Kasme, AUTN} The predetermined algorithm performs encryption and generates device authentication data RAND D and/or AUTH_D1, where RAND is a random number generated by the network side, XRES is a desired device response, Kasme is an intermediate key, AUTN is a network authentication flag, and contains many Fields, specifically AUTN = SQN * AK || AMF || MAC, where SQN* AK refers to the exclusive OR operation of the serial number SQN and the anonymous key AK generated by the HSS, AMF is the authentication management domain, and MAC is the message verification. The optional parameter is one of the following: data shared by the RN and the network side; a random number generated by the network side and/or the RN.
22. 根据权利要求 20所述的网络侧, 其中, 所述第二生成模块包括: 22. The network side according to claim 20, wherein the second generating module comprises:
选取子模块,设置为选取所述用户认证向量 {RAND, XRES , Kasme, AUTN}中的 RAND和 AUTN为设备认证数据;  Selecting a submodule, and setting RAND and AUTN in the user authentication vector {RAND, XRES, Kasme, AUTN} as device authentication data;
第三设备认证数据生成子模块, 设置为使用所述设备相关密钥、 用 户认证向量中的 {RAND , XRES , Kasme , AUTN}中的期望用户响应 XRES和可选参数按照预定算法生成期望设备认证响应 XRES_D, 并确 定所述 XRES_D作为设备认证数据, 其中, RAND是网络侧生成的随机 数, Kasme是中间密钥, AUTN是网络认证标志, 所述可选参数为以下 之一: 所述 RN和所述网络侧共享的数据; 所述网络侧和 /或所述 RN生 成的随机数。 根据权利要求 20所述的网络侧, 其中, 所述第二生成模块包括: 第二随机值生成子模块, 设置为使用所述 RN的设备相关密钥对网 络侧随机生成的随机值 RAND和可选参数按照预定算法生成新的随机值 RAND D, 其中, 所述可选参数为以下之一: 所述 RN和所述网络侧共 享的数据; 所述网络侧和 /或所述 RN生成的随机数; a third device authentication data generating submodule configured to generate a desired device authentication according to a predetermined algorithm using the device related key, the expected user response XRES in the {RAND, XRES, Kasme, AUTN} in the user authentication vector and optional parameters Responding to XRES_D, and determining the XRES_D as device authentication data, where RAND is a random number generated by the network side, Kasme is an intermediate key, AUTN is a network authentication flag, and the optional parameter is one of the following: Data shared by the network side; a random number generated by the network side and/or the RN. The network side according to claim 20, wherein the second generation module comprises: a second random value generating submodule, configured to generate a new random value RAND D according to a predetermined algorithm by using a device-related key of the RN to randomly generate a random value RAND and an optional parameter on the network side, where the optional parameter One of the following: data shared by the RN and the network side; a random number generated by the network side and/or the RN;
第四设备认证数据生成子模块,设置为使用所述 RAND_D作为计算 所述用户认证向量的随机口令生成新的用户认证向量 {RAND_D , XRES D, Kasme D, AUTN D}; 并确定发送给所述 RN的设备认证向 量为所述 RAND和所述 AUTN_D, 其中, RAND是网络侧生成的随机 数, XRES_D是所述计算后的新的网络侧期望响应, Kasme_D是所述计 算后的新的中间密钥, AUTN_D是所述计算后的新的网络认证标志。  a fourth device authentication data generating submodule configured to generate a new user authentication vector {RAND_D, XRES D, Kasme D, AUTN D} using the RAND_D as a random password for calculating the user authentication vector; and determining to send to the The device authentication vector of the RN is the RAND and the AUTN_D, where RAND is a random number generated by the network side, XRES_D is the calculated new network side expected response, and Kasme_D is the calculated new intermediate density. The key, AUTN_D, is the calculated new network authentication flag.
24. 根据权利要求 20所述的网络侧, 其中, 还包括: 24. The network side of claim 20, further comprising:
第二接收模块, 设置为接收所述设备认证响应值 RES_D; 认证响应值判断模块,设置为判断所述设备认证响应值 RES_D与期 望设备响应 XRES_D是否一致;  The second receiving module is configured to receive the device authentication response value RES_D; and the authentication response value determining module is configured to determine whether the device authentication response value RES_D is consistent with the expected device response XRES_D;
认证模块, 设置为在认证响应值判断模块的判断结果为一致时, 确 定所述 RN认证通过。  The authentication module is configured to determine that the RN authentication is passed when the judgment result of the authentication response value judging module is consistent.
25. 根据权利要求 20所述的网络侧, 其中, 还包括: 25. The network side of claim 20, further comprising:
第二关联密钥设置模块, 设置为设置关联密钥, 其中, 所述关联密 钥为以下之一: 所述设备相关密钥;  a second associated key setting module, configured to set an association key, where the associated key is one of: the device related key;
所述设备相关密钥与参量按照预定派生算法生成的新密钥, 所述参 量包括: Kasme, 由 Kasme派生的密钥、 与所述 RN的用户签约信息相 关的密钥或参数。  The device-related key and the parameter are generated according to a predetermined derivation algorithm, and the parameters include: Kasme, a key derived by Kasme, a key or a parameter related to the user subscription information of the RN.
26. 根据权利要求 20所述的网络侧, 其中, 还包括: 26. The network side according to claim 20, further comprising:
第一设置模块 ,设置为在所述设备认证请求中设置信元指示所述 RN 进行设备认证;  a first setting module, configured to set a cell in the device authentication request to instruct the RN to perform device authentication;
第二设置模块, 设置为在所述设备认证请求中设置已有信元或字段 间接指示所述 RN进行设备认证。  The second setting module is configured to set an existing cell or field in the device authentication request to indirectly instruct the RN to perform device authentication.
27. 根据权利要求 20所述的网络侧, 其中, 所述网络侧包括: 移动管理实体 MME和归属用户月艮务器 HSS。 The network side according to claim 20, wherein the network side comprises: a mobility management entity MME and a home subscriber server HSS.
8. 一种认证系统, 包括: 根据权利要求 14-19中任一项所述的 RN和根据 权利要求 20-27中任一项所述的网络侧。 An authentication system, comprising: the RN according to any one of claims 14-19 and the network side according to any one of claims 20-27.
PCT/CN2011/075823 2010-09-03 2011-06-16 Authentication method, apparatus and system WO2012028010A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010276570.5A CN101931955B (en) 2010-09-03 2010-09-03 Authentication method, device and system
CN201010276570.5 2010-09-03

Publications (1)

Publication Number Publication Date
WO2012028010A1 true WO2012028010A1 (en) 2012-03-08

Family

ID=43370810

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/075823 WO2012028010A1 (en) 2010-09-03 2011-06-16 Authentication method, apparatus and system

Country Status (2)

Country Link
CN (1) CN101931955B (en)
WO (1) WO2012028010A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111327583A (en) * 2019-08-22 2020-06-23 刘高峰 Identity authentication method, intelligent equipment and authentication server

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101931955B (en) * 2010-09-03 2015-01-28 中兴通讯股份有限公司 Authentication method, device and system
CN101951590B (en) * 2010-09-03 2015-07-22 中兴通讯股份有限公司 Authentication method, device and system
CN102594555B (en) * 2011-01-17 2015-04-29 华为技术有限公司 Security protection method for data, entity on network side and communication terminal
CN103686651B (en) * 2012-09-12 2018-05-11 中兴通讯股份有限公司 A kind of authentication method based on urgent call, equipment and system
CN103906051B (en) * 2012-12-25 2017-11-21 中国移动通信集团北京有限公司 A kind of mthods, systems and devices for accessing LTE network
CN104754575B (en) * 2013-12-31 2018-07-31 华为技术有限公司 A kind of method, apparatus and system of terminal authentication
AU2014410591B2 (en) 2014-11-07 2018-07-12 Godo Kaisha Ip Bridge 1 Connection establishment method, device, and system
CN108012266B (en) * 2016-10-31 2021-04-09 华为技术有限公司 Data transmission method and related equipment
CN111756523B (en) * 2016-11-04 2022-08-12 北京紫光展锐通信技术有限公司 Data transmission method and device
BR112019004143A2 (en) 2017-04-11 2019-12-31 Huawei Tech Co Ltd method, device, and network authentication system
CN109246701B (en) * 2017-04-11 2019-11-19 华为技术有限公司 Method for network authorization, equipment and system
CN108809903B (en) * 2017-05-02 2021-08-10 中国移动通信有限公司研究院 Authentication method, device and system
CN109150807B (en) * 2017-06-19 2022-06-17 中兴通讯股份有限公司 Voucher distribution method, user terminal, user contract signing authentication management unit and medium
CN109819439B (en) * 2017-11-19 2020-11-17 华为技术有限公司 Method for updating key and related entity
CN110167025B (en) * 2018-02-13 2021-01-29 华为技术有限公司 Communication method and communication device
EP3657752A1 (en) * 2018-11-23 2020-05-27 Thales Dis France SA A method and apparatuses for authenticating a group of wireless communication devices
CN110012467B (en) * 2019-04-18 2022-04-15 苏州博联科技有限公司 Grouping authentication method of narrow-band Internet of things

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101500230A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101500229A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
WO2009131388A2 (en) * 2008-04-23 2009-10-29 Samsung Electronics Co., Ltd. Network entry apparatus and method for relay station using full duplex in mobile communication system
CN101640887A (en) * 2008-07-29 2010-02-03 上海华为技术有限公司 Authentication method, communication device and communication system
CN101931955A (en) * 2010-09-03 2010-12-29 中兴通讯股份有限公司 Authentication method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101500230A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
CN101500229A (en) * 2008-01-30 2009-08-05 华为技术有限公司 Method for establishing security association and communication network system
WO2009131388A2 (en) * 2008-04-23 2009-10-29 Samsung Electronics Co., Ltd. Network entry apparatus and method for relay station using full duplex in mobile communication system
CN101640887A (en) * 2008-07-29 2010-02-03 上海华为技术有限公司 Authentication method, communication device and communication system
CN101931955A (en) * 2010-09-03 2010-12-29 中兴通讯股份有限公司 Authentication method, device and system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111327583A (en) * 2019-08-22 2020-06-23 刘高峰 Identity authentication method, intelligent equipment and authentication server
CN111327583B (en) * 2019-08-22 2022-03-04 刘高峰 Identity authentication method, intelligent equipment and authentication server

Also Published As

Publication number Publication date
CN101931955A (en) 2010-12-29
CN101931955B (en) 2015-01-28

Similar Documents

Publication Publication Date Title
WO2012028010A1 (en) Authentication method, apparatus and system
US11026084B2 (en) Mobile network authentication method, terminal device, server, and network authentication entity
US20200287720A1 (en) Devices and methods for client device authentication
CN108781366B (en) Authentication mechanism for 5G technology
US10931445B2 (en) Method and system for session key generation with diffie-hellman procedure
EP3493462B1 (en) Authentication method, authentication apparatus and authentication system
JP6732095B2 (en) Unified authentication for heterogeneous networks
KR101617607B1 (en) Method and apparatus for base station self-configuration
KR101554396B1 (en) Method and apparatus for binding subscriber authentication and device authentication in communication systems
ES2706540T3 (en) User equipment credentials system
EP2730113B1 (en) Methods and devices for authenticating a wireless device to a foreign domain
WO2017185999A1 (en) Method, apparatus and system for encryption key distribution and authentication
CN101640886B (en) Authentication method, re-authentication method and communication device
Mun et al. 3G-WLAN interworking: security analysis and new authentication and key agreement based on EAP-AKA
US11044084B2 (en) Method for unified network and service authentication based on ID-based cryptography
WO2012028043A1 (en) Method, device and system for authentication
CN101945387B (en) The binding method of a kind of access layer secret key and equipment and system
WO2012031510A1 (en) Method and system for implementing synchronous binding of security key
US20240080316A1 (en) Methods and apparatus for provisioning, authentication, authorization, and user equipment (ue) key generation and distribution in an on-demand network
EP3413508A1 (en) Devices and methods for client device authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11821036

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11821036

Country of ref document: EP

Kind code of ref document: A1