WO2018046014A1 - Information processing method, apparatus, electronic device and computer storage medium - Google Patents

Information processing method, apparatus, electronic device and computer storage medium Download PDF

Info

Publication number
WO2018046014A1
WO2018046014A1 PCT/CN2017/101401 CN2017101401W WO2018046014A1 WO 2018046014 A1 WO2018046014 A1 WO 2018046014A1 CN 2017101401 W CN2017101401 W CN 2017101401W WO 2018046014 A1 WO2018046014 A1 WO 2018046014A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
identity information
negotiation
unit
network side
Prior art date
Application number
PCT/CN2017/101401
Other languages
French (fr)
Chinese (zh)
Inventor
刘福文
左敏
庄小君
彭晋
Original Assignee
中国移动通信有限公司研究院
中国移动通信集团公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信有限公司研究院, 中国移动通信集团公司 filed Critical 中国移动通信有限公司研究院
Publication of WO2018046014A1 publication Critical patent/WO2018046014A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Definitions

  • the present invention relates to the field of wireless communications technologies, and in particular, to an information processing method, apparatus, electronic device, and computer storage medium.
  • a temporary identity is allocated to the user equipment (UE) for accessing the network to hide the second identity information of the UE.
  • the second identity information sent by the UE to the network side may be stolen, resulting in leakage of the second identity information of the UE, which may result in poor security of the user's privacy.
  • embodiments of the present invention are directed to providing an information processing method, apparatus, electronic device, and computer storage medium, which can at least partially solve the above problems.
  • a first aspect of the embodiments of the present invention provides an information processing method, including:
  • the network certificate is used for key negotiation with the UE; wherein the key negotiation is used to obtain an encryption key for encrypting the second identity information of the UE;
  • a second aspect of the embodiments of the present invention provides an information processing method, including:
  • the network certificate of the public key infrastructure PKI is used to perform key agreement with the network side.
  • the key negotiation is performed when the network side determines that the first identity information of the user equipment UE is not carried in the attach request. And the key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
  • the second identity information of the UE is encrypted by using the encryption key, and is sent to the network side.
  • a third aspect of the embodiments of the present invention provides an information processing apparatus, including a first receiving unit, a determining unit, a first negotiating unit, and a decrypting unit:
  • the first receiving unit is configured to receive an attach request sent by the user equipment UE;
  • the determining unit is configured to determine whether the first identity information is carried in the attach request
  • the first negotiating unit is configured to perform a key negotiation with the UE according to the public key infrastructure PKI network certificate when the first identity information is not carried in the attach request, where the key negotiation is performed. Obtaining an encryption key for encrypting the second identity information of the UE;
  • the first receiving unit is configured to receive sent second identity information that is encrypted by the UE by using the encryption key;
  • the decrypting unit is configured to decrypt the second identity information by using the encryption key, where the second identity information is used to allocate first identity information to the UE.
  • a fourth aspect of the embodiments of the present invention provides an information processing apparatus, including:
  • a second sending unit configured to send an attach request to the network side
  • the second negotiation unit is used for the network certificate based on the public key infrastructure PKI, and the network side
  • the key negotiation is performed when the network side determines that the first identity information of the user equipment UE is not carried in the attach request, and the key negotiation is used to obtain a pair.
  • the second sending unit is further configured to send the second identity information of the UE by using the encryption key, and send the second identity information to the network side.
  • the information processing method and device when it is determined that the identity request does not carry an identity information, performs key negotiation to form an encryption key for encrypting the second identity information, so that the UE can be encrypted to the network side.
  • the second identity information is encrypted and transmitted, so that the information leakage problem caused by transmitting the second identity information in the plaintext is reduced, and the security of the second identity information is improved.
  • the key negotiation is performed based on the PKI network certificate, and the introduction of the PKI can verify the network certificate by using a digital signature algorithm, and the information of the illegal intermediary in the network certificate transmission process can be avoided. Tampering leads to the problem of deriving key errors or leaks, thus ensuring the security of key negotiation and resisting the active attack of illegal intermediaries.
  • FIG. 1 is a schematic flowchart diagram of a first information processing method according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of a second information processing method according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of a first information processing apparatus according to an embodiment of the present disclosure.
  • FIG. 4 is a schematic structural diagram of a second information processing apparatus according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a third information processing apparatus according to an embodiment of the present invention.
  • this embodiment provides an information processing method, including:
  • Step S110 Receive an attach request sent by the user equipment UE.
  • Step S120 Determine whether the first identity information is carried in the attach request.
  • Step S130 When the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; wherein the key negotiation is used to obtain the UE The second identity information encrypted encryption key;
  • Step S140 Receive second identity information that is sent by the UE by using the encryption key.
  • Step S150 Decrypt the second identity information by using the encryption key, where the second identity information is used to allocate first identity information to the UE.
  • the information processing method in this embodiment may be applied to any network element in the network side, for example, may be applied to a Mobility Management Entity (MME) or a Home Subscriber Server (HSS). ) methods in network elements.
  • MME Mobility Management Entity
  • HSS Home Subscriber Server
  • these network elements may be collectively referred to as a Control Plane-Authentication Unit (CP-AU).
  • CP-AU Control Plane-Authentication Unit
  • the first identity information After receiving the attach request sent by the user equipment in this embodiment, it is first determined whether the first identity information is carried in the attach request, and if the UE has been assigned the first identity information, the default UE attach request carries the first An identity information, if the UE has not assigned the first identity information, the first identity information will not be carried in the attach request, or if the UE is assigned the first identity information, and the first identity If the information is available, the first identity information is carried in the attach request, otherwise it is not carried, and the network side needs to re-allocate the first identity information.
  • the first identity information may be temporary identity information temporarily allocated to the UE.
  • the first identity information may include a Globally Unique Temporary UE Identity (GUTI).
  • GUI Globally Unique Temporary UE Identity
  • the second identity information here may be a reference factor for the network side to generate the first identity information, for example, a correspondence between the first identity information and the second identity information needs to be established, so that the network side can conveniently
  • the first identity information identifies each UE.
  • this The first identity information may be allocated to the UE by the network element on the network side, or generated.
  • the network side can refer to any network element or device other than the UE that constructs the communication network or the data network.
  • the first identity information and the second identity information are all predetermined types of identity information, for example, all of the identity information that the network element allocates for the UE.
  • the correspondence between the second identity information of the UE and the first identity information needs to be established, so that the second identity information of the UE needs to be acquired.
  • the UE may be directly sent an indication to the UE to report the second identity information.
  • the UE will report the second identity information in plain text, which obviously provides an opportunity for the illegal person to steal the second identity information of the UE, resulting in leakage of the second identity information of the UE.
  • the step S130 is performed first, and key negotiation is performed to generate an encryption key.
  • the key negotiation in this embodiment may include performing multiple data interactions with the UE to generate an encryption key.
  • the key negotiation is performed based on the network certificate
  • the step S130 may include: sending the network certificate to the UE, and after receiving the network certificate, the UE receives the network certificate.
  • the validity of the network certificate is verified by using a digital signature verification algorithm. If the network certificate is an original certificate, that is, a certificate that has not been tampered with, the network certificate can be considered valid.
  • the insecure problem of the key is derived, thus ensuring the correctness of the derived key.
  • the key derived using the network certificate in this embodiment may be a component of the encryption key or an intermediate information deriving the encryption key.
  • the key agreement is performed based on the network certificate, which can defend against attacks initiated by the illegal agent in the middle, improve the security in the key negotiation process, and improve the final security of the encryption key, thereby improving the second identity information. Security.
  • the key interaction in the step S130 in this embodiment may be any type of key negotiation, for example, a symmetric key negotiation or an asymmetric key negotiation.
  • the secret generated by the key negotiation may be The key is referred to as an encryption key in this embodiment.
  • the second identity information encrypted with the encryption key will be received in step S140.
  • the second identity information of the UE is not transmitted in the plaintext, and the second identity information of the UE cannot be correctly interpreted after the unauthorized person steals. Since there is no encryption key, the clear text transmission in the network is obviously avoided.
  • the second identity information here may be another identity information that is different from the first identity information and that can uniquely identify the UE, and may be formal identity information, which may be regarded as identity information permanently allocated to the UE, for example, The International Mobile Subscriber Identification Number (IMSI) of the UE.
  • IMSI International Mobile Subscriber Identification Number
  • the second identity information may also be a network slice identifier and a network access identifier and the like allocated to the UE.
  • the method further includes:
  • the step S130 may include:
  • the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; and the encryption key is generated based on the negotiation of the shared key.
  • the shared key may be a shared key DH key or K DH generated by Diffie-Hellman (DH) key negotiation.
  • the shared key is used in a secure mode command phase for deriving intermediate information determining whether the UE is currently subject to a predetermined type of attack.
  • the DH key negotiation in this embodiment may include various types of DH key negotiation, for example, ordinary DH key agreement and elliptic curve DH key agreement.
  • the interaction of the shared key is usually performed after entering the security mode command phase, which is advanced in the attach procedure triggered by the attach request of the UE in this embodiment.
  • the security mode command phase the shared key negotiation is not required, so that the signaling of the interaction between the UE and the network side is reduced, the information exchange process is simplified, and the power consumption of the UE is reduced.
  • the shared key is also used to generate the session key, which changes
  • the session key is derived only by the root key, and the derived key is easily cracked and the security is not high.
  • the authentication vector is also used in the process of generating the session key; if the authentication vector is transmitted on an insecure link, the authentication vector may be leaked, and in this embodiment, the shared secret is introduced.
  • the key is used as the basis for generating the session key. Even if the authentication vector is leaked, the illegal attacker cannot directly obtain the session key, which obviously increases the difficulty of stealing the session key and improves the session key. safety.
  • the key request is triggered in the attach request, and the second identity information of the UE may be encrypted and protected, and at the same time, the UE and the CP-AU save the shared key.
  • the encryption key may be generated by using the shared key saved for the first time negotiation to perform the next encryption protection of the second identity information to simplify the next key agreement.
  • the step S130 may specifically include: when the first identity information is not carried in the attach request, interacting with the information of the UE by using the network certificate, and
  • the shared key is derived using the Diffie Hermann Integrated Encryption DHIES algorithm or the Elliptic Curve Integrated Encryption ECIES algorithm.
  • the DHIES algorithm and the ECIES algorithm are enhanced encryption algorithms with respect to the aforementioned DH key negotiation, which can improve the security of key negotiation and ensure the self-contained security of the shared key and the security of use.
  • step S130 may include:
  • the shared key and the randomly generated first random number are used together to generate the encryption key.
  • the UE randomly generates a first random number, and the first random number and the shared key jointly generate the encryption key.
  • the CP-AU further receives the first random number to generate the encryption key in combination with the shared key, so as to facilitate subsequent decryption of the UE by using the encryption key.
  • Two identity information The decrypted second identity information can be used to perform various authentications to obtain the first identity information of the UE.
  • the second identity information is used for authentication and Keyword Agreement Protocol (AKA) authentication.
  • AKA Keyword Agreement Protocol
  • the shared key and the randomly generated second random number are used together to generate an integrity key; the integrity key is used to The second identity information is described for integrity protection.
  • the second random number may also be randomly generated by the UE, and the subsequent network side may receive the information sent by the UE, and generate an integrity key in combination with the shared key to complete the second identity information sent by the UE.
  • the method further includes:
  • the specific verification method may include: performing integrity calculation on the first information by using the first session key to obtain a first information verification code;
  • the method of the embodiment may further include: performing, by using the second session key, the UE to perform integrity verification on the second information, to obtain a third information verification code, where the network side receives the second information sent by the UE side and The third information verification code, the CP-AU on the network side calculates the second information integrity using the first session key, obtains the fourth information verification verification code, and compares the calculated verification code with the third information verification code. If the comparison is consistent, the network side can complete the verification of the two session keys and pass the verification.
  • the verification is performed by means of encryption and decryption.
  • the first session key decrypts the first information
  • the UE side decrypts by using the second session key. If the decryption is not garbled, the verification may be considered as passing. In short, there are many ways to verify, and are not limited to any of the above.
  • the verification process of the session key generated by the network side and the UE is also introduced to ensure the consistency of the session key generated by the UE side and the network side, thereby reducing the current
  • the subsequent session fails due to the inconsistency of the session key generated by the network side and the UE.
  • the attach procedure triggered by the attach request may be terminated.
  • the subsequent steps may be continued. For example, in the embodiment, the network side verification is performed, and if the network side verification fails, The attach process can be terminated, otherwise subsequent verification is continued.
  • the method further includes:
  • the step S130 may include:
  • key negotiation is performed with the UE.
  • the network side detects whether a predetermined type of attack is received, for example, detecting whether a Denial of Service (DoS) attack is received.
  • DoS Denial of Service
  • Different types of attacks have different methods of determination.
  • the DoS attack can determine whether the resource usage rate on the network side exceeds a preset threshold. If it exceeds, it can be considered that the DoS attack is currently being attacked.
  • the DoS attack causes a problem of repeatedly initiating an attach procedure.
  • a hash challenge indication is sent in this embodiment. If the UE can complete the hash challenge, it can be considered that there is no problem in performing real information interaction with the current UE, so the process proceeds to step S130 to negotiate the encryption key.
  • the hash challenge indication may include a hash value that is an n-bit number x and an attach request is subjected to a predetermined hash process. After receiving the hash value, the UE will use the predetermined hash process to obtain another number y and pass the y through the hash. The challenge response is sent to the network side, and the network side compares x and y. If y is equal to x, the hash challenge is considered successful, otherwise it fails.
  • hash challenges not limited to the above methods. For example, it is also possible to hash the n-bit x with a predetermined message to obtain the hash value. In this embodiment, the x and the attach request are used, and the messages carried in the attach request sent by different UEs may be different, so that the security may be improved with respect to the statically set predetermined message.
  • the method further includes:
  • the difficulty level of the hash challenge is determined based on the severity information of the attack of the predetermined type.
  • the value of n can be determined in this embodiment, and if n is larger, the difficulty of the hash challenge is larger.
  • the n can be determined according to the current resource usage rate of the server.
  • the resource usage rate of the server may be proportional to the value of the value of the n.
  • the resource usage of the server herein may be processor usage, bandwidth usage, and/or storage resource usage. Therefore, in this embodiment, the difficulty level of the hash challenge is determined in combination with the severity information of the predetermined type of attack, so that the hash challenge matches the verification degree of the attack, and the attack defense is better realized.
  • this embodiment provides an information processing method, including:
  • Step S210 Send an attach request to the network side
  • Step S220 Perform a key negotiation with the network side based on the network certificate of the public key infrastructure PKI, where the key negotiation is that the network side determines that the user equipment UE is not carried in the attach request.
  • the identity information is sent, and the key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
  • Step S230 The second identity information of the UE is encrypted by using the encryption key, and sent to the network side.
  • the information processing method described in this embodiment may be an information processing method applied to the UE.
  • the UE sends the attach request to the base station on the network side when it needs to attach to the network. And when the UE sends the attach request, if it finds that it has been assigned the first identity information or does not When only the first identity information is allocated and the assigned first identity information is available, the first identity information is carried in the attach request.
  • the network side After the network side receives the attach request, it is determined whether the UE has been assigned the first identity information and/or the first identity information allocated to the UE is available.
  • the network side needs to obtain the second identity information of the UE, but in order to improve the security of the second identity information, It is required to perform key negotiation with the UE first, and negotiate an encryption key that can encrypt the second identity information transmission of the UE. Therefore, in step S220, the UE will perform key negotiation with the network side based on the public key infrastructure network certificate, where the key negotiation may include data interaction, thereby respectively generating a key that can encrypt the second identity information.
  • the key negotiation may be symmetric key agreement and asymmetric key agreement.
  • the network certificate may be sent to the UE by the CP-AU, and the UE may verify the validity or validity of the network certificate by using a digital signature verification algorithm. Deriving a key (such as a public key) from the certificate after verifying the validity or validity of the network certificate, and using the public key to perform key agreement with the UE, thereby resisting the intermediate illegal person and tampering during transmission Problems caused by public key information.
  • a key such as a public key
  • step S230 the second identity information of the UE to be encrypted by using the encryption key is sent to the network side, which obviously enhances the security of the second identity information in the transmission process.
  • the step S220 may include: performing negotiation of a shared key with the network side based on the network certificate; wherein the shared key is used for generating a session key in a secure mode.
  • the key generation in the step S220 in this embodiment may be the negotiation of the foregoing DH key.
  • the negotiation and calculation of the DH key are not performed in the security mode command phase, and the UE and the network can be reduced.
  • the amount of data interaction on the side and the amount of information calculation reduce the hardware resources and power consumption that the UE consumes.
  • the generation of the DH key here is implemented by DH key negotiation, where the DH key negotiation can be various forms of DH keys.
  • the step S220 may include: utilizing Diffel based on the network certificate.
  • the shared key is derived by a Man integrated encryption algorithm or an elliptic curve integrated encryption algorithm.
  • the derivation of the shared key by using the above two algorithms can make the derived shared key have higher information security and use security.
  • the method further includes:
  • the encryption key is generated based on the shared key and the first random number.
  • the UE may generate a first random number by using a random algorithm, and generate the encryption key by using the first random number and the shared key. Other constants may also be introduced to generate the encryption key when implemented.
  • the method further includes:
  • the method further includes:
  • the second identity information is integrity protected by using the integrity key.
  • the second random number may be generated by the UE by using a random algorithm.
  • the UE sends the first random number and the second random number to the network side respectively.
  • the convenient network side also generates an encryption key and an integrity key in combination with a random number and a shared key.
  • other generation factors may also be introduced, for example, another constant is introduced, and the integrity key is generated by using a key generation algorithm.
  • the method further includes:
  • the UE can implement the verification of the session key by interacting with the authentication request message and the result of the verification on the network side, and avoid the problem of session failure caused by the inconsistency of the session key generated by the network side and the UE.
  • the verification of the session key see the above Example.
  • the method further includes:
  • the step S220 may include:
  • key negotiation is performed with the network side.
  • the predetermined type of attack may be the foregoing DoS attack.
  • the UE performs the step S220 by receiving the hash challenge indication and the hash challenge processing to form a hash challenge response, and the DoS attack and the like may be defended.
  • the embodiment provides an information processing apparatus, including a first receiving unit 110, a determining unit 120, a first negotiating unit 130, and a decrypting unit 140:
  • the first receiving unit 110 is configured to receive an attach request sent by the user equipment UE;
  • the determining unit 120 is configured to determine whether the first identity information is carried in the attach request.
  • the first negotiating unit 130 is configured to: when the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; wherein the key negotiation And an encryption key used to obtain second identity information of the UE;
  • the first receiving unit 110 is configured to receive the sent second identity information that is encrypted by the UE by using the encryption key;
  • the decrypting unit 140 is configured to decrypt the second identity information by using the encryption key, where the second identity information is used to allocate first identity information to the UE.
  • This embodiment provides an information processing apparatus, which may be an information processing structure applied to an MME or an HSS, a CP-AU, or the like.
  • the physical structure corresponding to the first receiving unit 110 and the first negotiating unit 130 may include a communication interface.
  • the communication interface can be used to receive data sent by the UE.
  • the hardware structure corresponding to the first negotiating unit 130 may further include a processor or a processing circuit.
  • the determining unit 120 and the decrypting unit 140 may also correspond to a processor or a processing circuit.
  • the processor may include a central processing unit CPU, a digital signal processor DSP, a microprocessor MCU, a digital signal processor DSP or an application processor AP or a programmable array PLC, and the like.
  • the processing circuit can include an application specific integrated circuit.
  • the processor or the processing circuit can implement the data processing of the determining unit 120, the first negotiating unit 130, and the decrypting unit 140 by performing the execution of the predetermined code, so as to avoid the second identity information of the UE by using the key negotiation.
  • the plaintext transmission enhances the protection of the second identity information of the UE.
  • the determining unit 120 is further configured to determine whether the UE completes negotiation of a shared key, where the shared key is used for generating a session key;
  • the first negotiating unit 130 is configured to: when the first identity information is not carried in the attach request, perform a key negotiation with the UE according to the public key infrastructure PKI network certificate; based on the shared key Negotiation generates the encryption key.
  • the determining unit 120 is specifically configured to perform the negotiation of the shared key.
  • the negotiation of the shared key is used as the negotiation of the encryption key, so that the negotiation of the shared key can be completed.
  • the negotiation of the encryption key does not need to repeat the negotiation of the shared key, which simplifies the information interaction with the UE and reduces the calculation amount of the key.
  • the negotiation may be any one of the foregoing DH key negotiation.
  • the first negotiating unit 130 is further configured to generate, by using the network certificate, key sharing to generate the shared key with the UE; wherein the shared key and the randomly generated A random number is used together to generate the encryption key.
  • the shared key is used to generate an encryption key together with the first random number.
  • the first negotiating unit 130 is configured to: when the first identity information is not carried in the attach request, interact with the information of the UE based on the network certificate, and use Diffel
  • the shared key is derived by a Man integrated encryption algorithm or an elliptic curve integrated encryption algorithm.
  • the network certificate may be a certificate for deriving a key, and has a reuse PKI.
  • the characteristics of the validity and validity of the network certificate are verified, and the correctness of the key derived by the legal or valid network certificate is utilized, so that the active attack of the intermediate illegal person can be defended in the key negotiation process.
  • the shared key and the randomly generated second random number are used together to generate an integrity key; the integrity key is used to perform integrity protection on the second identity information.
  • the encryption key and the integrity key are simultaneously generated by using the shared key, so that the second identity information can be encrypted and protected by using the encryption key, and the second identity information can be guaranteed by using the integrity key. protection.
  • the apparatus further includes a first generating unit and a first verifying unit: the first generating unit, configured to generate the first session key according to the shared key;
  • the verification unit is configured to verify whether the first session key and the second session key generated by the UE according to the shared key are consistent by performing information interaction with the UE.
  • the session key generated by the shared key is separately authenticated on the network side and the UE side, and the session key generated by the network side and the UE side may be reduced by verification to cause subsequent The phenomenon of session failure.
  • the apparatus further includes a determining unit and a first sending unit:
  • the determining unit is configured to determine whether a predetermined type of attack is currently received; the first sending unit is configured to send a hash challenge indication to the UE when subjected to a predetermined type of attack; the first receiving unit
  • the first negotiation unit 130 is configured to receive, by the UE, a hash challenge response that is returned by the UE according to the hash challenge indication, where the first negotiation unit 130 is configured to: when the hash challenge response indicates that the hash challenge is successful, Perform key negotiation.
  • a hash challenge process can be performed to defend against the predetermined type of attack.
  • the determining unit is further configured to determine, according to the severity information of the attack of the predetermined type, the difficulty level of the hash challenge. This can be used to target different types of attacks for different severity levels. The challenge is handled to balance the computational complexity and security of the processing.
  • the embodiment further provides an information processing apparatus, including:
  • the second sending unit 210 is configured to send an attach request to the network side
  • the second negotiation unit 220 is configured to perform key negotiation with the network side based on the network certificate of the public key infrastructure PKI, where the key negotiation is that the network side determines that the user does not carry the attach request.
  • the first identity information of the UE is sent, and the key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
  • the second sending unit 220 is further configured to: encrypt the second identity information of the UE by using the encryption key, and send the second identity information to the network side.
  • the information processing apparatus in this embodiment may be an information processing apparatus that is used in the UE, and may reduce the UE to send the second identity information to the network side in the form of a plaintext, and reduce the second identity by using the key negotiation triggered by the attach request.
  • the risk of information exposure increases the security of the second identity information.
  • the second sending unit 220 may correspond to a communication interface such as a transmitting antenna in the UE.
  • the second negotiating unit 220 can include a processor or processing circuitry.
  • the processor or processing circuit herein can be referred to the foregoing embodiment and will not be repeated here. Also the processor or processing circuitry may complete the key negotiation by execution of a predetermined code.
  • the second negotiating unit 220 is configured to perform a negotiation of a shared key with the network side based on the network certificate; wherein the shared key is used for generation of a session key.
  • the shared key is obtained by DH key negotiation.
  • the second negotiating unit 220 is configured to derive the shared key by using a Diffie Hermann integrated encryption algorithm or an elliptic curve integrated encryption algorithm based on the network certificate.
  • the algorithm for deriving the shared key by the second negotiating unit 220 is different.
  • the above-mentioned Dieffie Herman integrated encryption algorithm and the elliptic curve integrated encryption algorithm are only examples, and the specific implementation is not limited to Any of the above algorithms.
  • the apparatus further includes: a second generating unit, configured to generate a first random number; and generate the encryption key based on the shared key and the first random number.
  • the first random number here may be any one of randomly generated values, and the shared key and the first random number generate an encryption key.
  • the second generating unit is further configured to generate a second random number; generate an integrity key based on the shared key and the second random number; the device further includes: integrity And a protection unit configured to perform integrity protection on the second identity information by using the integrity key.
  • the first random number and the second random number are randomly generated, and may be the same or different. When implemented, the first random number and the second random number are preferably different. When the second generating unit generates a random number and finds that the two random numbers are the same, at least one of the first random number and the second random number may be regenerated, so that different encryption keys and integrity keys may be conveniently generated. . However, in some embodiments, the algorithm for generating the encryption key and the integrity key may be the same or different, and is preferably different in this embodiment to improve the security and privacy of the second identity information. .
  • the second generating unit is configured to generate a second session key according to the shared key; the device further includes a second verification unit, configured to perform information interaction with the network side, Verifying whether the second session key and the first session key generated by the network side according to the shared key are consistent.
  • the second generation unit here also generates a second session key.
  • the physical structure corresponding to the second verification unit may also be a processor or a processing circuit, and the processor or the processing circuit may implement the verification of the session key by executing the predetermined code, and avoid the session key generated by the network side and the UE side.
  • the second receiving unit is configured to receive a hash challenge indication sent by the network side when it is determined that the attack is subjected to a predetermined type; the apparatus further includes: a response unit configured to respond to the a hash challenge indication, returning a hash challenge response to the network side; the second negotiation unit 220, configured to perform key negotiation with the network side when the hash challenge response determines that the hash challenge is successful .
  • the device in this embodiment also introduces a response unit whose physical structure can likewise correspond to a processor or processing circuit.
  • the processor or processing circuitry can be executed by code to implement the processing of the hash challenge.
  • the second negotiating unit will perform key negotiation only when the hash challenge is successful; this can avoid the UE that is negotiated and the key that is negotiated is leaked when the key negotiation is received. The problem of the leakage of the second identity information.
  • the present example provides an information processing method that can be divided into multiple stages; as shown in FIG. 5, the stage can include an identity management phase, an AKA phase, and a security mode command phase.
  • the identity management phase may include steps 1-3 in FIG. 5; the AKA phase may include steps 4-6; and the secure mode command phase may include steps 7, 8.
  • the information processing method provided in this example may specifically include:
  • the UE sends an attach request to the CP-AU to initiate an attach procedure.
  • the CP-AU sends an identity request and carries the hash challenge indication and the certificate, which may include: the CP-AU determines that the attachment request does not carry the temporary identity information such as the GUTI, and detects whether the CP-AU and the UE have The DH key K DH is established. If the attach request does not carry temporary identity information such as GUTI and does not establish a DH key with the UE, the identity request is sent. CP-AU will proceed to step 6. Otherwise, the CP-AU sends an identity request back to the UE, which optionally includes a hash challenge indication to defeat the DoS attack. If the attach request message does not contain a temporary identity, the CP-AU also sends an identity request message to the UE.
  • the construction method of the hash challenge is as follows: CP-AU randomly generates a positive integer x with a binary length of n, and calculates the hash value of x and the attach request, ie hash (x, attach request), where n is by CP-AU The degree of use of the resource is determined, and the higher the degree of use of the resource, the larger the value of n. Hash (x, attach request) and n form a hash challenge.
  • the certificate is the aforementioned network certificate.
  • the network certificate here can use a digital signature verification algorithm to verify the validity or legality of the certificate, and can be used to derive a key for key negotiation.
  • the UE solves the hash challenge, generates the DH private key KU pri , and calculates the DH public key KU pub , deducing the shared key K DH between the UE and the CP-AU, generating a random number nonce, and deriving the encryption key K E and integrity key K M .
  • the step 2a may specifically include: the UE receives the identity request message, if the hash challenge indication exists, the UE will first try to find the correct integer x ⁇ , by comparing the hash (x, attach request) with the hash (x, attach request) ) is equal.
  • the integer x ⁇ is used as a hash response.
  • the UE verifies the validity of the certificate by means of a digital signature verification algorithm, and derives the DH public key KU pub with a valid certificate, and generates a shared key with the CP-AU using the KC pub of KU pri and CP-AU. K DH .
  • the UE sends an identity response to the CP-AU.
  • the identity response carries the official identity information encrypted by nonce, KU pub , and K E , and MAC0.
  • the step 3 may include: in order to encrypt the official identity information of the UE, the UE generates a random number nonce, and derives the encryption key K E and the integrity key K M .
  • K E and K M are calculated as follows:
  • K E KDF (nonce, K DH , C1)
  • K M KDF(nonce, K DH , C2)
  • KDF is the key derivation function. If the authentication encryption method is used to encrypt the identity of the UE, only the encryption key K E is generated.
  • the C1 and C2 are two constants.
  • the random numbers nonce, K DH , C1 are known quantities for generating an encryption key.
  • the nonce, K DH and C2 are known quantities that generate an integrity key.
  • the K M here is used for integrity verification.
  • the CP-AU verifies the hash response, derives the shared key K DH between the UE and the CP-AU, derives the encryption key K E and the integrity key K M , and acquires the official identity information of the UE through K E .
  • the step 3a may specifically include: after receiving the identity response from the UE, if the hash response is in the message, the CP-AU compares it with x. If the two are not equal, the CP-AU will abort the attach process. Otherwise, the CP-AU derives the shared key K DH with the UE using its private key KC pri and the public key KU pub of the UE, and calculates the encryption key K E and the integrity key K in the same manner as the UE. M. Then, CP-AU verify MAC0, if authentication is successful, it uses the encrypted portion K E decrypt the message get the real identity of the UE, otherwise, CP-AU terminate the attachment process.
  • CP-AU accounts for Authorization Authorization Accounting Authentication Authorization Accounting,
  • the AAA server sends an authentication data request carrying (official identity information).
  • the AAA server sends the authentication vector to the CP-AU. Specifically, the AAA server searches for the root key Ki of the UE according to the official identity information of the UE, and calculates an authentication vector according to the root key Ki. The AAA server then sends the authentication vector to the CP-AU.
  • the mutual authentication of the CP-AU and the UE may include: calculating the intermediate key K mid based on the authentication vector sent by the AAA server, including: UE and CP-AU are respectively pushed to K mid and calculated by using K mid and K DH respectively .
  • the CP-AU sends the security mode command message and the MAC1 to the UE, and the method may include: the CP-AU sends a security mode command message to the UE, where the authentication code MAC1 of the security mode command message is calculated by using the session key Ks.
  • the UE sends the security mode complete message and the MAC2 to the CP-AU to the CP-AU, which may specifically include: the UE verifies the received MAC1 by using the session key Ks. If the verification fails, the UE terminates the attach procedure. Otherwise, the UE completes the message response CP-AU in a secure mode whose message authentication code MAC2 is calculated by using the session key Ks.
  • the CP-AU checks the correctness of the MAC2. If the check fails, the CP-AU aborts the attach process. Otherwise, the UE and the CP-AU complete the attach procedure.
  • the UE and the CP-AU can guarantee that they have the same session key Ks after successfully verifying MAC1 and MAC2 respectively. This can mean that they already have the same shared key K DH .
  • the last key K DH is stored in the UE and CP-AU, respectively, for generating a new session key in the next attach procedure.
  • An embodiment of the present invention further provides an electronic device, where the electronic device includes: a transceiver, a memory, and a processor; at least a portion of the memory stores computer executable instructions;
  • the processor is respectively connected to the transceiver and the memory, configured to execute the computer executable instruction, and the information processing method applied to the network side by executing the computer executable One or more of them, or for implementing an information processing method applied to the UE by computer executable instructions, for example, one or more of the methods shown in FIG. 1, FIG. 2, and FIG.
  • the computing executable instructions can include: a computer program and/or software.
  • the transceiver in this embodiment may correspond to a network interface, and the network interface may be a cable interface, and may be used for data interaction of other network elements.
  • the memory can include: various types of storage media that can be used for data storage.
  • the memory includes a storage medium that is at least partially a non-volatile storage medium and can be used to store computer-executable instructions such as the computer program.
  • the processor may comprise: a central processing unit, a microprocessor, a digital signal processor, an application processor, an application specific integrated circuit or a programmable array, etc., which may be used to implement second identity information by execution of computer executable instructions.
  • a central processing unit a microprocessor, a digital signal processor, an application processor, an application specific integrated circuit or a programmable array, etc., which may be used to implement second identity information by execution of computer executable instructions.
  • the processor can be connected to the transceiver and the memory through an in-device bus such as an integrated circuit bus.
  • the electronic device provided in this embodiment may include: the foregoing information processing device applied to the network element or the UE, for example, may include the information processing device shown in FIG. 3 or FIG. 4.
  • the embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the information processing method applied to the network side by executing the computer.
  • One or more, or for implementing an information processing method applied to the UE by computer executable instructions for example, one or more of the methods shown in FIGS. 1, 2, and 5 may be performed.
  • the computer storage medium provided by the embodiment of the invention includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. Medium.
  • the computer storage medium can be a non-transitory storage medium.
  • the non-transitory storage medium herein may also be referred to as a non-volatile storage medium.
  • the disclosed apparatus and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed.
  • the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
  • the units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the above integration
  • the unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing storage device includes the following steps: the foregoing storage medium includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk.
  • ROM read-only memory
  • RAM random access memory
  • magnetic disk or an optical disk.
  • optical disk A medium that can store program code.
  • the network element determines whether the connection request sent by the UE carries the predetermined identity information (that is, the first identity information), and if it is not carried, it can be considered that the UE is not currently assigned the predetermined identity information, and then After the key negotiation process is completed, the second identity information is automatically allocated, and the second identity information is sent to the UE.
  • the self-use allocation of the predetermined identity information is realized, and on the other hand, the encrypted transmission is performed by the negotiated key, the probability of the second identity information being secreted is reduced, and the security of the second identity is improved. Therefore, it has a positive industrial effect.
  • the technical solution provided by the embodiment of the present invention can be implemented by modifying the information interaction process between the network element and the UE, and has the advantages of simple implementation and wide promotion in the field of communication and network technologies.

Abstract

Disclosed in the embodiments of the present invention are an information processing method and apparatus, the method comprising: receiving an attach request sent by a user equipment (UE); determining whether the attach request carries first identity information; performing key negotiation with the UE on the basis of a network certificate of a public key infrastructure (PKI) when the attach request does not carry the first identity information; and receiving sent second identity information encrypted by the UE using an encryption key obtained from the negotiation; In the present embodiment, interaction is carried out by means of triggering a key in the attach request. Also provided in the embodiments of the present invention are an electronic device and computer storage medium.

Description

信息处理方法、装置、电子设备及计算机存储介质Information processing method, device, electronic device and computer storage medium
本申请基于申请号为201610818484.X、申请日为2016年09月12日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。The present application is based on a Chinese patent application filed on Apr. 12, 2016, the entire disclosure of which is hereby incorporated by reference.
技术领域Technical field
本发明涉及无线通信领域技术,尤其涉及一种信息处理方法、装置、电子设备及计算机存储介质。The present invention relates to the field of wireless communications technologies, and in particular, to an information processing method, apparatus, electronic device, and computer storage medium.
背景技术Background technique
在现有技术中为了提升信息安全性,确保用户的隐私性。会在用户设备(User Equiment,UE)分配一个临时身份用于接入网络,以隐藏UE的第二身份信息。但是在UE首次接入到网络的过程中,还是可能会被窃取到UE发送给网络侧的第二身份信息,导致UE的第二身份信息的泄漏,进而导致用户的隐私的安全性差的问题。In the prior art, in order to improve information security, the privacy of the user is ensured. A temporary identity is allocated to the user equipment (UE) for accessing the network to hide the second identity information of the UE. However, in the process of the UE accessing the network for the first time, the second identity information sent by the UE to the network side may be stolen, resulting in leakage of the second identity information of the UE, which may result in poor security of the user's privacy.
发明内容Summary of the invention
有鉴于此,本发明实施例期望提供一种信息处理方法、装置、电子设备及计算机存储介质,可以至少部分解决上述问题。In view of this, embodiments of the present invention are directed to providing an information processing method, apparatus, electronic device, and computer storage medium, which can at least partially solve the above problems.
本发明实施例的技术方案是这样实现的:The technical solution of the embodiment of the present invention is implemented as follows:
本发明实施例第一方面提供一种信息处理方法,包括:A first aspect of the embodiments of the present invention provides an information processing method, including:
接收用户设备UE发送的附着请求;Receiving an attach request sent by the user equipment UE;
判断所述附着请求中是否有携带第一身份信息;Determining whether the first identity information is carried in the attach request;
当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI 的网络证书与所述UE进行密钥协商;其中,所述密钥协商用于获得对所述UE的第二身份信息加密的加密密钥;When the first identity information is not carried in the attach request, based on the public key infrastructure PKI The network certificate is used for key negotiation with the UE; wherein the key negotiation is used to obtain an encryption key for encrypting the second identity information of the UE;
接收所述UE利用所述加密密钥加密的发送的第二身份信息;Receiving the transmitted second identity information that is encrypted by the UE by using the encryption key;
利用所述加密密钥解密所述第二身份信息;其中,所述第二身份信息用于为所述UE分配第一身份信息。Decrypting the second identity information by using the encryption key; wherein the second identity information is used to allocate first identity information to the UE.
本发明实施例第二方面提供一种信息处理方法,包括:A second aspect of the embodiments of the present invention provides an information processing method, including:
向网络侧发送附着请求;Send an attach request to the network side;
基于公钥基础设施PKI的网络证书,与网络侧进行密钥协商;其中,所述密钥协商是在所述网络侧确定出所述附着请求中未携带有用户设备UE的第一身份信息时发送的,且所述密钥协商用于获得对用户设备UE的第二身份信息加密的加密密钥;The network certificate of the public key infrastructure PKI is used to perform key agreement with the network side. The key negotiation is performed when the network side determines that the first identity information of the user equipment UE is not carried in the attach request. And the key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
将利用所述加密密钥加密所述UE的第二身份信息,发送给所述网络侧。The second identity information of the UE is encrypted by using the encryption key, and is sent to the network side.
本发明实施例第三方面提供一种信息处理装置,包括第一接收单元、判断单元、第一协商单元及解密单元:A third aspect of the embodiments of the present invention provides an information processing apparatus, including a first receiving unit, a determining unit, a first negotiating unit, and a decrypting unit:
所述第一接收单元,用于接收用户设备UE发送的附着请求;The first receiving unit is configured to receive an attach request sent by the user equipment UE;
所述判断单元,用于判断所述附着请求中是否有携带第一身份信息;The determining unit is configured to determine whether the first identity information is carried in the attach request;
所述第一协商单元,用于当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商;其中,所述密钥协商用于获得对所述UE的第二身份信息加密的加密密钥;The first negotiating unit is configured to perform a key negotiation with the UE according to the public key infrastructure PKI network certificate when the first identity information is not carried in the attach request, where the key negotiation is performed. Obtaining an encryption key for encrypting the second identity information of the UE;
所述第一接收单元,用于接收所述UE利用所述加密密钥加密的发送的第二身份信息;The first receiving unit is configured to receive sent second identity information that is encrypted by the UE by using the encryption key;
所述解密单元,用于利用所述加密密钥解密所述第二身份信息;其中,所述第二身份信息用于为所述UE分配第一身份信息。The decrypting unit is configured to decrypt the second identity information by using the encryption key, where the second identity information is used to allocate first identity information to the UE.
本发明实施例第四方面提供一种信息处理装置,包括:A fourth aspect of the embodiments of the present invention provides an information processing apparatus, including:
第二发送单元,用于向网络侧发送附着请求;a second sending unit, configured to send an attach request to the network side;
第二协商单元,用于基于公钥基础设施PKI的网络证书,与网络侧进 行密钥协商;其中,所述密钥协商是在所述网络侧确定出所述附着请求中未携带有用户设备UE的第一身份信息时发送的,且所述密钥协商用于获得对用户设备UE的第二身份信息加密的加密密钥;The second negotiation unit is used for the network certificate based on the public key infrastructure PKI, and the network side The key negotiation is performed when the network side determines that the first identity information of the user equipment UE is not carried in the attach request, and the key negotiation is used to obtain a pair. An encryption key encrypted by the second identity information of the user equipment UE;
所述第二发送单元,还用于将利用所述加密密钥加密所述UE的第二身份信息,发送给所述网络侧。The second sending unit is further configured to send the second identity information of the UE by using the encryption key, and send the second identity information to the network side.
本发明实施例提供的信息处理方法及装置,在判断出附着请求中没有携带一身份信息时,将进行密钥协商,形成加密第二身份信息的加密密钥,这样可以使UE加密向网络侧加密传输第二身份信息,这样可以减少以明文传输第二身份信息导致的信息泄露问题,提升第二身份信息的使用安全性。且在本实施例中进行密钥协商时,是基于PKI的网络证书进行的,而PKI的引入,可以通过数字签名算法对网络证书的验证,可以避免非法中间者在网络证书传输过程中的信息篡改导致的推导出密钥错误或泄漏的问题,从而确保密钥协商的安全性,抵御了非法中间者的主动攻击。The information processing method and device provided by the embodiment of the present invention, when it is determined that the identity request does not carry an identity information, performs key negotiation to form an encryption key for encrypting the second identity information, so that the UE can be encrypted to the network side. The second identity information is encrypted and transmitted, so that the information leakage problem caused by transmitting the second identity information in the plaintext is reduced, and the security of the second identity information is improved. In the embodiment, the key negotiation is performed based on the PKI network certificate, and the introduction of the PKI can verify the network certificate by using a digital signature algorithm, and the information of the illegal intermediary in the network certificate transmission process can be avoided. Tampering leads to the problem of deriving key errors or leaks, thus ensuring the security of key negotiation and resisting the active attack of illegal intermediaries.
附图说明DRAWINGS
图1为本发明实施例提供的第一种信息处理方法的流程示意图;FIG. 1 is a schematic flowchart diagram of a first information processing method according to an embodiment of the present disclosure;
图2为本发明实施例提供的第二种信息处理方法的流程示意图;2 is a schematic flowchart of a second information processing method according to an embodiment of the present invention;
图3为本发明实施例提供的第一种信息处理装置的结构示意图;FIG. 3 is a schematic structural diagram of a first information processing apparatus according to an embodiment of the present disclosure;
图4为本发明实施例提供的第二种信息处理装置的结构示意图;4 is a schematic structural diagram of a second information processing apparatus according to an embodiment of the present invention;
图5为本发明实施例提供的第三种信息处理装置的结构示意图。FIG. 5 is a schematic structural diagram of a third information processing apparatus according to an embodiment of the present invention.
具体实施方式detailed description
以下结合说明书附图及具体实施例对本发明的技术方案做可选的详细阐述,应当理解,以下所说明的优选实施例仅用于说明和解释本发明,并不用于限定本发明。The present invention is described in detail with reference to the accompanying drawings and specific embodiments.
如图1所示,本实施例提供一种信息处理方法,包括: As shown in FIG. 1 , this embodiment provides an information processing method, including:
步骤S110:接收用户设备UE发送的附着请求;Step S110: Receive an attach request sent by the user equipment UE.
步骤S120:判断所述附着请求中是否有携带第一身份信息;Step S120: Determine whether the first identity information is carried in the attach request.
步骤S130:当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商;其中,所述密钥协商用于获得对所述UE的第二身份信息加密的加密密钥;Step S130: When the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; wherein the key negotiation is used to obtain the UE The second identity information encrypted encryption key;
步骤S140:接收所述UE利用所述加密密钥加密的发送的第二身份信息;Step S140: Receive second identity information that is sent by the UE by using the encryption key.
步骤S150:利用所述加密密钥解密所述第二身份信息;其中,所述第二身份信息用于为所述UE分配第一身份信息。Step S150: Decrypt the second identity information by using the encryption key, where the second identity information is used to allocate first identity information to the UE.
本实施例所述的信息处理方法可为应用于网络侧任意一个网元中的方法,例如,可为应用于移动管理实体(Mobility Management Entity,MME)或归属签约用户服务器(Home Subscriber Server,HSS)等网元中的方法。在本实施例中这些网元可以统称为控制面认证单元(Control Plane-Authentication Unit,CP-AU)。这些实体可以通过基站与用户设备进行信息交互。The information processing method in this embodiment may be applied to any network element in the network side, for example, may be applied to a Mobility Management Entity (MME) or a Home Subscriber Server (HSS). ) methods in network elements. In this embodiment, these network elements may be collectively referred to as a Control Plane-Authentication Unit (CP-AU). These entities can exchange information with the user equipment through the base station.
在本实施例中接收到用户设备发送的附着请求之后,先判断附着请求中是否携带有第一身份信息,若UE已经被分配了第一身份信息,则默认UE的附着请求中就会携带第一身份信息,若UE还未分配第一身份信息,则所述附着请求中将不会携带所述第一身份信息,或者,若所述UE被分配了第一身份信息,且该第一身份信息可用,则所述附着请求中会携带所述第一身份信息,否则就不会携带,需要网络侧重新分配所述第一身份信息。这里的第一身份信息可为临时分配给UE使用的临时身份信息,例如,所述第一身份信息可包括全球唯一临时UE标识(Globally Unique Temporary UE Identity,GUTI)。当然,这里的第二身份信息可为网络侧生成所述第一身份信息的参考因素,例如,需要建立所述第一身份信息和所述第二身份信息的对应关系,方便网络侧根据所述第一身份信息识别各个UE。总之,这 里的第一身份信息可为网络侧的网元为UE分配的,或者,生成的。这里的网络侧,可以泛指构建通信网络或数据网络的UE以外的任意网元或设备。在一些实施例中,所述第一身份信息和所述第二身份信息,均为预定类型的身份信息,例如,均是网元为UE分配的身份信息。After receiving the attach request sent by the user equipment in this embodiment, it is first determined whether the first identity information is carried in the attach request, and if the UE has been assigned the first identity information, the default UE attach request carries the first An identity information, if the UE has not assigned the first identity information, the first identity information will not be carried in the attach request, or if the UE is assigned the first identity information, and the first identity If the information is available, the first identity information is carried in the attach request, otherwise it is not carried, and the network side needs to re-allocate the first identity information. The first identity information may be temporary identity information temporarily allocated to the UE. For example, the first identity information may include a Globally Unique Temporary UE Identity (GUTI). Of course, the second identity information here may be a reference factor for the network side to generate the first identity information, for example, a correspondence between the first identity information and the second identity information needs to be established, so that the network side can conveniently The first identity information identifies each UE. In short, this The first identity information may be allocated to the UE by the network element on the network side, or generated. Here, the network side can refer to any network element or device other than the UE that constructs the communication network or the data network. In some embodiments, the first identity information and the second identity information are all predetermined types of identity information, for example, all of the identity information that the network element allocates for the UE.
而在分配第一身份信息的过程中,为了方便后续用户设备的识别,需要建立该UE的第二身份信息与第一身份信息的对应关系,故需要获取该UE的第二身份信息。在现有技术中,可能就会直接向UE发送指示,让UE上报第二身份信息。通常此时,所述UE就会明文上报所述第二身份信息,这样显然为窃取所述UE的第二身份信息的非法者提供了可趁之机,导致了UE的第二身份信息的泄漏。而在本实施例中首先会执行所述步骤S130将进行密钥协商,生成加密密钥。在本实施例中所述密钥协商可包括与UE进行多次数据交互,以生成加密密钥。在本实施例中在进行密钥协商时,将基于所述网络证书进行所述密钥协商,所述步骤S130可包括:将所述网络证书发送给UE,UE接收到所述网络证书之后,利用数字签名验证算法验证所述网络证书的有效性,若所述网络证书为原始证书,即未被篡改的证书,则可认为该网络证书的有效。再利用验证有效的所述网络证书获得密钥,(从网络证书获得的密钥为公钥),显然利用网络证书进行的密钥协商,可以避免中间非法者对所述网络证书信息篡改导致的推导密钥的不安全性问题,从而保证了推导的密钥的正确性。在本实施例中利用所述网络证书推导出的密钥可为所述加密密钥的组成部分或推导所述加密密钥的中间信息。显然在本实施例中基于网络证书进行密钥协商,可以抵御中间非法者主动发起的攻击,提升密钥协商过程中的安全性,并提升加密密钥的最终安全性,从而提升第二身份信息的安全性。In the process of allocating the first identity information, in order to facilitate the identification of the subsequent user equipment, the correspondence between the second identity information of the UE and the first identity information needs to be established, so that the second identity information of the UE needs to be acquired. In the prior art, the UE may be directly sent an indication to the UE to report the second identity information. Generally, the UE will report the second identity information in plain text, which obviously provides an opportunity for the illegal person to steal the second identity information of the UE, resulting in leakage of the second identity information of the UE. . In the embodiment, the step S130 is performed first, and key negotiation is performed to generate an encryption key. The key negotiation in this embodiment may include performing multiple data interactions with the UE to generate an encryption key. In the embodiment, when the key negotiation is performed, the key negotiation is performed based on the network certificate, and the step S130 may include: sending the network certificate to the UE, and after receiving the network certificate, the UE receives the network certificate. The validity of the network certificate is verified by using a digital signature verification algorithm. If the network certificate is an original certificate, that is, a certificate that has not been tampered with, the network certificate can be considered valid. Reusing the network certificate obtained by the verification to obtain the key, (the key obtained from the network certificate is a public key), obviously using the key agreement performed by the network certificate, the intermediate illegal person may be prevented from tampering with the network certificate information. The insecure problem of the key is derived, thus ensuring the correctness of the derived key. The key derived using the network certificate in this embodiment may be a component of the encryption key or an intermediate information deriving the encryption key. Obviously, in this embodiment, the key agreement is performed based on the network certificate, which can defend against attacks initiated by the illegal agent in the middle, improve the security in the key negotiation process, and improve the final security of the encryption key, thereby improving the second identity information. Security.
在本实施例中所述步骤S130中的密钥交互,可以为任意一种密钥协商,例如,可以是对称密钥协商,也可以是非对称密钥的协商,总之,密钥协商生成的密钥在本实施例中都称为加密密钥。 The key interaction in the step S130 in this embodiment may be any type of key negotiation, for example, a symmetric key negotiation or an asymmetric key negotiation. In short, the secret generated by the key negotiation may be The key is referred to as an encryption key in this embodiment.
在步骤S140中将接收到利用加密密钥加密后的第二身份信息。这样在传输过程中,UE的第二身份信息不会以明文传输,非法者窃取到之后不能够正确解读出UE的第二身份信息因没有加密密钥,显然避免了在网络中以明文传输所述UE的第二身份信息导致的第二身份信息的泄漏,。这里的第二身份信息可为与所述第一身份信息不同的另一个可以唯一标识所述UE的身份信息,可为正式身份信息,可认为是永久分配给所述UE的身份信息,例如,所述UE的国际移动用户识别码(International Mobile Subscriber Identification Number,IMSI)。当然在本实施例中所述第二身份信息还可以是分配给UE的网络切片标识以及网络接入标识符等。The second identity information encrypted with the encryption key will be received in step S140. In this way, during the transmission process, the second identity information of the UE is not transmitted in the plaintext, and the second identity information of the UE cannot be correctly interpreted after the unauthorized person steals. Since there is no encryption key, the clear text transmission in the network is obviously avoided. The leakage of the second identity information caused by the second identity information of the UE. The second identity information here may be another identity information that is different from the first identity information and that can uniquely identify the UE, and may be formal identity information, which may be regarded as identity information permanently allocated to the UE, for example, The International Mobile Subscriber Identification Number (IMSI) of the UE. Of course, in the embodiment, the second identity information may also be a network slice identifier and a network access identifier and the like allocated to the UE.
在一些实施例中,所述方法,还包括:In some embodiments, the method further includes:
判断所述UE是否完成共享密钥的协商;其中,所述共享密钥用于会话密钥的生成;Determining whether the UE completes the negotiation of the shared key; wherein the shared key is used for generating the session key;
所述步骤S130可包括:The step S130 may include:
当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商;基于所述共享密钥的协商生成所述加密密钥。When the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; and the encryption key is generated based on the negotiation of the shared key.
在本实施例中所述共享密钥可为利用迪菲赫尔曼(Diffie-Hellman,DH)密钥协商,生成的共享密钥DH密钥或称为KDH。通常所述共享密钥是用于安全模式命令阶段用于导出确定所述UE当前是否有受到预定类型的攻击的中间信息。在本实施例中所述DH密钥协商可包括各种类型的DH密钥协商,例如,普通的DH密钥协商以及椭圆曲线DH密钥协商。In this embodiment, the shared key may be a shared key DH key or K DH generated by Diffie-Hellman (DH) key negotiation. Typically, the shared key is used in a secure mode command phase for deriving intermediate information determining whether the UE is currently subject to a predetermined type of attack. The DH key negotiation in this embodiment may include various types of DH key negotiation, for example, ordinary DH key agreement and elliptic curve DH key agreement.
在现有技术中,通常共享密钥的交互是在进入安全模式命令阶段之后进行的,在本实施例中将其提前到UE的附着请求触发的附着流程中。这样后续在安全模式命令阶段,就不用再进行所述共享密钥的协商了,这样就减少了UE与网络侧交互的信令,简化信息交互流程,减少了UE的功耗。In the prior art, the interaction of the shared key is usually performed after entering the security mode command phase, which is advanced in the attach procedure triggered by the attach request of the UE in this embodiment. In this way, in the security mode command phase, the shared key negotiation is not required, so that the signaling of the interaction between the UE and the network side is reduced, the information exchange process is simplified, and the power consumption of the UE is reduced.
在本实施例中所述共享密钥还用于生成所述会话密钥,这样就改变了 现有技术中仅依据根密钥推导所述会话密钥,导致的推导出的密钥容易被破解及安全性不高的问题。此外,生成所述会话密钥的过程中,还会使用到认证向量;若认证向量在不安全的链路传输,则可能会导致认证向量的泄露,而在本实施例中由于引入了共享密钥作为所述会话密钥的生成依据,即便所述认证向量泄露了,非法攻击者也无法直接获得所述会话密钥,显然增大了会话密钥被窃取的难度,提升了会话密钥的安全性。与此同时,在本实施例中在附着请求触发了密钥协商,一方面可以对所述UE的第二身份信息进行加密保护,与此同时UE和CP-AU都会保存着所述共享密钥,另外下一次发送附着请求时,可以利用首次协商保存的共享密钥生成所述加密密钥,以进行下一次所述第二身份信息的加密保护,以简化下一次的密钥协商。In the embodiment, the shared key is also used to generate the session key, which changes In the prior art, the session key is derived only by the root key, and the derived key is easily cracked and the security is not high. In addition, the authentication vector is also used in the process of generating the session key; if the authentication vector is transmitted on an insecure link, the authentication vector may be leaked, and in this embodiment, the shared secret is introduced. The key is used as the basis for generating the session key. Even if the authentication vector is leaked, the illegal attacker cannot directly obtain the session key, which obviously increases the difficulty of stealing the session key and improves the session key. safety. At the same time, in the embodiment, the key request is triggered in the attach request, and the second identity information of the UE may be encrypted and protected, and at the same time, the UE and the CP-AU save the shared key. When the attach request is sent next time, the encryption key may be generated by using the shared key saved for the first time negotiation to perform the next encryption protection of the second identity information to simplify the next key agreement.
作为本实施例的可选改进,所述步骤S130具体可包括:当所述附着请求中未携带有所述第一身份信息时,基于所述网络证书,通过与所述UE的信息交互,并利用迪菲赫尔曼集成加密DHIES算法或椭圆曲线集成加密ECIES算法推导所述共享密钥。这里的DHIES算法和ECIES算法相对于前述的DH密钥协商,是增强的加密算法,可以提升密钥协商的安全性,确保协商出的共享密钥的自身和使用安全性。As an optional improvement of the embodiment, the step S130 may specifically include: when the first identity information is not carried in the attach request, interacting with the information of the UE by using the network certificate, and The shared key is derived using the Diffie Hermann Integrated Encryption DHIES algorithm or the Elliptic Curve Integrated Encryption ECIES algorithm. Here, the DHIES algorithm and the ECIES algorithm are enhanced encryption algorithms with respect to the aforementioned DH key negotiation, which can improve the security of key negotiation and ensure the self-contained security of the shared key and the security of use.
可选地,所述步骤S130可包括:Optionally, the step S130 may include:
与所述UE,利用所述网络证书进行密钥协商生成所述共享密钥;And the UE, using the network certificate to perform key agreement to generate the shared key;
其中,所述共享密钥和随机产生的第一随机数,共同用于生成所述加密密钥。The shared key and the randomly generated first random number are used together to generate the encryption key.
完成所述共享密钥的协商之后,UE将随机产生一个第一随机数,该第一随机数和共享密钥,共同生成所述加密密钥。当然在具体实现时,所述CP-AU还会接收到所述第一随机数,以结合所述共享密钥生成所述加密密钥,方便后续利用所述加密密钥解密所述UE的第二身份信息。解密出的第二身份信息可用于进行各种认证,从而获得所述UE的第一身份信息。例如, 利用所述第二身份信息进行认证与密钥协商协议(Authentication and Key Agreement,,AKA)认证。After the negotiation of the shared key is completed, the UE randomly generates a first random number, and the first random number and the shared key jointly generate the encryption key. Certainly, in a specific implementation, the CP-AU further receives the first random number to generate the encryption key in combination with the shared key, so as to facilitate subsequent decryption of the UE by using the encryption key. Two identity information. The decrypted second identity information can be used to perform various authentications to obtain the first identity information of the UE. E.g, The second identity information is used for authentication and Keyword Agreement Protocol (AKA) authentication.
为了确保信息在传输过程中的完整性,在本实施例中,所述共享密钥和随机产生的第二随机数,共同用于生成完整性密钥;所述完整性密钥用于对所述第二身份信息进行完整性保护。这里的第二随机数也可以是UE随机产生的,后续网络侧会从UE发送的信息中接收到,并结合所述共享密钥生成完整性密钥,对UE发送的第二身份信息进行完整性验证,以确保第二身份信息在传输此外,所述方法还包括:In order to ensure the integrity of the information in the transmission process, in the embodiment, the shared key and the randomly generated second random number are used together to generate an integrity key; the integrity key is used to The second identity information is described for integrity protection. The second random number may also be randomly generated by the UE, and the subsequent network side may receive the information sent by the UE, and generate an integrity key in combination with the shared key to complete the second identity information sent by the UE. Sexual verification to ensure that the second identity information is transmitted. In addition, the method further includes:
根据所述共享密钥生成所述第一会话密钥;Generating the first session key according to the shared key;
通过与所述UE进行信息交互,验证所述第一会话密钥和所述UE根据所述共享密钥生成的第二会话密钥是否一致。And verifying whether the first session key and the second session key generated by the UE according to the shared key are consistent by performing information interaction with the UE.
具体的验证方法,可包括:利用所述第一会话密钥对第一信息进行完整性计算,得到第一信息验证码;The specific verification method may include: performing integrity calculation on the first information by using the first session key to obtain a first information verification code;
将所述第一信息及第一信息验证码发送给所述UE;其中,所述第一信息用于触发所述UE利用自身生成的第二会话密钥对第一信息进行完整性计算得到第二信息验证码,并将所述第二信息验证码与所述第一信息验证码进行比对,验证所述第一会话密钥和所述第二会话密钥是否相同;所述第二会话密钥是基于所述共享密钥生成的,这样就在UE侧完成了两个会话密钥的验证;Sending the first information and the first information verification code to the UE, where the first information is used to trigger the UE to perform integrity calculation on the first information by using the second session key generated by the UE. And comparing the second information verification code with the first information verification code to verify whether the first session key and the second session key are the same; the second session The key is generated based on the shared key, so that the verification of the two session keys is completed on the UE side;
接着,所述UE可以将验证的结果告知网络侧即可;这样的话,验证双方就都知道了验证结果。当然,本实施例所述的方法还可包括:UE侧利用第二会话密钥对第二信息进行完整性验证,得到第三信息验证码;这样网络侧接收到UE侧发送的第二信息及第三信息验证码,网络侧的CP-AU将利用第一会话密钥对所述第二信息完整性计算,得第四信息验证验证码,将计算得到的验证码与第三信息验证码比对,比对出一致可认为网络侧完成两个会话密钥的验证且验证通过。当然验证的方法还有很多,例如可以 通过加密解密的方式进行验证,例如,有第一会话密钥解密所述第一信息,UE侧利用第二会话密钥进行解密,若解密后不是乱码则可认为验证通过。总之,验证的方式有多种,不局限于上述任意一种。Then, the UE can notify the network side of the result of the verification; in this case, both sides of the verification know the verification result. The method of the embodiment may further include: performing, by using the second session key, the UE to perform integrity verification on the second information, to obtain a third information verification code, where the network side receives the second information sent by the UE side and The third information verification code, the CP-AU on the network side calculates the second information integrity using the first session key, obtains the fourth information verification verification code, and compares the calculated verification code with the third information verification code. If the comparison is consistent, the network side can complete the verification of the two session keys and pass the verification. Of course, there are many ways to verify, for example, The verification is performed by means of encryption and decryption. For example, the first session key decrypts the first information, and the UE side decrypts by using the second session key. If the decryption is not garbled, the verification may be considered as passing. In short, there are many ways to verify, and are not limited to any of the above.
在本实施例中所述DH密钥协商过程中,还引入了网络侧和UE生成的会话密钥的验证过程,以确保UE侧和网络侧生成的会话密钥的一致性,从而可以减少现有技术中由于网络侧和UE生成的会话密钥的不一致导致的后续会话失败的问题。UE侧,发现验证不通过时,可种终止附着请求触发的附着流程,若验证通过,可继续后续步骤,例如在本实施例中还会进行网络侧的验证,若网络侧验证不通过,也可以终止所述附着流程,否则继续后续验证。In the DH key negotiation process in the embodiment, the verification process of the session key generated by the network side and the UE is also introduced to ensure the consistency of the session key generated by the UE side and the network side, thereby reducing the current There is a problem in the technology that the subsequent session fails due to the inconsistency of the session key generated by the network side and the UE. On the UE side, if the verification fails, the attach procedure triggered by the attach request may be terminated. If the verification succeeds, the subsequent steps may be continued. For example, in the embodiment, the network side verification is performed, and if the network side verification fails, The attach process can be terminated, otherwise subsequent verification is continued.
此外,所述方法还包括:In addition, the method further includes:
确定当前所述是否有受到预定类型的攻击;Determining whether there is a predetermined type of attack currently described;
当受到预定类型的攻击时,向所述UE发送哈希挑战指示;Sending a hash challenge indication to the UE when subjected to a predetermined type of attack;
接收所述UE基于所述哈希挑战指示返回的哈希挑战响应;Receiving a hash challenge response returned by the UE based on the hash challenge indication;
所述步骤S130可包括:The step S130 may include:
当所述哈希挑战响应指示哈希挑战成功时,与所述UE进行密钥协商。When the hash challenge response indicates that the hash challenge is successful, key negotiation is performed with the UE.
在本实施例中所述网络侧会检测是否收到预定类型的攻击,例如,检测是否收到拒绝服务(Denial of Service,DoS)攻击。不同类型的攻击,具有不同的确定方法。例如,所述DoS攻击,可以判断网络侧的资源使用率是否超过预设的阈值,若超过,可认为当前受到所述DoS攻击。为了避免所述预定类型的攻击导致的问题,例如,所述DoS攻击导致的反复发起附着流程的问题。在本实施例中会发送哈希挑战指示。若UE能够完成哈希挑战,则可认为与当前UE进行真实信息交互是不存在问题的,故将进入步骤S130进行加密密钥的协商。例如,所述哈希挑战指示可包括哈希值,该哈希值是一个n位的数x与附着请求经过预定哈希处理得到的。UE接收到哈希值之后,将利用预定哈希处理,得到另一个数y,并将该y通过所述哈希 挑战响应发送给网络侧,网络侧比对x和y,若y等于x可认为哈希挑战成功,否则失败。当然,哈希挑战的方法还很多,不局限于上述方法。例如,还可以将n位的x与某一个预定消息哈希得到所述哈希值。在本实施例利用x与附着请求,由于不同的UE发送的附着请求中携带的消息可能不同,从而相对于静态设置的预定消息,可以提升安全性。In this embodiment, the network side detects whether a predetermined type of attack is received, for example, detecting whether a Denial of Service (DoS) attack is received. Different types of attacks have different methods of determination. For example, the DoS attack can determine whether the resource usage rate on the network side exceeds a preset threshold. If it exceeds, it can be considered that the DoS attack is currently being attacked. In order to avoid problems caused by the predetermined type of attack, for example, the DoS attack causes a problem of repeatedly initiating an attach procedure. A hash challenge indication is sent in this embodiment. If the UE can complete the hash challenge, it can be considered that there is no problem in performing real information interaction with the current UE, so the process proceeds to step S130 to negotiate the encryption key. For example, the hash challenge indication may include a hash value that is an n-bit number x and an attach request is subjected to a predetermined hash process. After receiving the hash value, the UE will use the predetermined hash process to obtain another number y and pass the y through the hash. The challenge response is sent to the network side, and the network side compares x and y. If y is equal to x, the hash challenge is considered successful, otherwise it fails. Of course, there are still many ways to hash challenges, not limited to the above methods. For example, it is also possible to hash the n-bit x with a predetermined message to obtain the hash value. In this embodiment, the x and the attach request are used, and the messages carried in the attach request sent by different UEs may be different, so that the security may be improved with respect to the statically set predetermined message.
所述方法还包括:The method further includes:
根据受到所述预定类型的攻击的严重程度信息,确定所述哈希挑战的难易程度。The difficulty level of the hash challenge is determined based on the severity information of the attack of the predetermined type.
例如,在本实施例中可以决定所述n的值,若n越大,则哈希挑战的难度越大。例如,可以根据目前服务器的资源使用率的高低,确定所述n。在本实施例中所述服务器的资源使用率的高低与所述n的取值大小,可呈正比。这里的服务器的资源使用率可为处理器的使用率、带宽的使用率和/或存储资源的使用率等。故在本实施例中将结合预定类型的攻击的严重程度信息,确定哈希挑战的难易程度,这样实现了哈希挑战与受到的攻击的验证程度的匹配,更好的实现了攻击防御。For example, the value of n can be determined in this embodiment, and if n is larger, the difficulty of the hash challenge is larger. For example, the n can be determined according to the current resource usage rate of the server. In this embodiment, the resource usage rate of the server may be proportional to the value of the value of the n. The resource usage of the server herein may be processor usage, bandwidth usage, and/or storage resource usage. Therefore, in this embodiment, the difficulty level of the hash challenge is determined in combination with the severity information of the predetermined type of attack, so that the hash challenge matches the verification degree of the attack, and the attack defense is better realized.
如图2所示,本实施例提供一种信息处理方法,包括:As shown in FIG. 2, this embodiment provides an information processing method, including:
步骤S210:向网络侧发送附着请求;Step S210: Send an attach request to the network side;
步骤S220:基于公钥基础设施PKI的网络证书,与网络侧进行密钥协商;其中,所述密钥协商是在所述网络侧确定出所述附着请求中未携带有用户设备UE的第一身份信息时发送的,且所述密钥协商用于获得对用户设备UE的第二身份信息加密的加密密钥;Step S220: Perform a key negotiation with the network side based on the network certificate of the public key infrastructure PKI, where the key negotiation is that the network side determines that the user equipment UE is not carried in the attach request. The identity information is sent, and the key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
步骤S230:将利用所述加密密钥加密所述UE的第二身份信息,发送给所述网络侧。Step S230: The second identity information of the UE is encrypted by using the encryption key, and sent to the network side.
本实施例所述的信息处理方法可为应用于UE中的信息处理方法。在步骤S210中所述UE在需要附着到网络时,向网络侧的基站发送所述附着请求。且UE在发送附着请求时,若发现自身已经被分配了第一身份信息或不 仅分配了第一身份信息且分配的第一身份信息可用时,则会将所述第一身份信息携带在所述附着请求中。The information processing method described in this embodiment may be an information processing method applied to the UE. In step S210, the UE sends the attach request to the base station on the network side when it needs to attach to the network. And when the UE sends the attach request, if it finds that it has been assigned the first identity information or does not When only the first identity information is allocated and the assigned first identity information is available, the first identity information is carried in the attach request.
这样方便网络侧接收到所述附着请求之后,判断所述UE是否已经被分配了第一身份信息和/或分配给UE的第一身份信息是否可用。In this way, after the network side receives the attach request, it is determined whether the UE has been assigned the first identity information and/or the first identity information allocated to the UE is available.
在步骤S220中若UE被网络侧确定出未分配第一身份信息和/或第一身份信息不可用,网络侧需要获得UE的第二身份信息,但是为了提升第二身份信息的安全性,则需要和UE首先进行密钥协商,协商出可以加密所述UE的第二身份信息传输的加密密钥。故在步骤S220UE将基于公钥基础设施网络证书,与网络侧进行密钥协商,这里的密钥协商可包括数据交互,从而各自生成可以加密所述第二身份信息的密钥。在本实施例中所述密钥协商可以为对称密钥协商和非对称密钥协商。在本实施例中,所述网络证书可为所述CP-AU发送给UE的,UE可以采用数字签名验证算法验证所述网络证书的合法性或有效性。在利用验证具有合法性或有效性的该网络证书后从证书中导出密钥(例如公钥),并利用该公钥与UE进行密钥协商,从而可以抵御中间非法者,在传输过程中篡改公钥信息带来的问题。If the UE is determined by the network side that the first identity information is not allocated and/or the first identity information is unavailable, the network side needs to obtain the second identity information of the UE, but in order to improve the security of the second identity information, It is required to perform key negotiation with the UE first, and negotiate an encryption key that can encrypt the second identity information transmission of the UE. Therefore, in step S220, the UE will perform key negotiation with the network side based on the public key infrastructure network certificate, where the key negotiation may include data interaction, thereby respectively generating a key that can encrypt the second identity information. In this embodiment, the key negotiation may be symmetric key agreement and asymmetric key agreement. In this embodiment, the network certificate may be sent to the UE by the CP-AU, and the UE may verify the validity or validity of the network certificate by using a digital signature verification algorithm. Deriving a key (such as a public key) from the certificate after verifying the validity or validity of the network certificate, and using the public key to perform key agreement with the UE, thereby resisting the intermediate illegal person and tampering during transmission Problems caused by public key information.
在步骤S230中,将会利用加密密钥加密的UE的第二身份信息发送给网络侧,显然这样提升第二身份信息在传输过程中的安全性。In step S230, the second identity information of the UE to be encrypted by using the encryption key is sent to the network side, which obviously enhances the security of the second identity information in the transmission process.
在一些实施例中,所述步骤S220可包括:基于所述网络证书,与网络侧进行共享密钥的协商;其中,所述共享密钥用于安全模式下会话密钥的生成。In some embodiments, the step S220 may include: performing negotiation of a shared key with the network side based on the network certificate; wherein the shared key is used for generating a session key in a secure mode.
在本实施例中所述步骤S220中的密钥生成,可为前述DH密钥的协商,这样的话,后续在安全模式命令阶段就不用在进行DH密钥的协商和计算,可以减少UE与网络侧的数据交互量及信息计算量,减少UE因此消耗的硬件资源和功耗等。这里的DH密钥的生成,是通过DH密钥协商实现的,这里的DH密钥协商可为各种形式的DH密钥。The key generation in the step S220 in this embodiment may be the negotiation of the foregoing DH key. In this way, the negotiation and calculation of the DH key are not performed in the security mode command phase, and the UE and the network can be reduced. The amount of data interaction on the side and the amount of information calculation reduce the hardware resources and power consumption that the UE consumes. The generation of the DH key here is implemented by DH key negotiation, where the DH key negotiation can be various forms of DH keys.
具体地如,所述步骤S220可包括:基于所述网络证书,利用迪菲赫尔 曼集成加密算法或椭圆曲线集成加密算法推导所述共享密钥。Specifically, the step S220 may include: utilizing Diffel based on the network certificate. The shared key is derived by a Man integrated encryption algorithm or an elliptic curve integrated encryption algorithm.
利用上述两种算法进行所述共享密钥的推导,能够使推导出的共享密钥具有更高的信息安全性和使用安全性。The derivation of the shared key by using the above two algorithms can make the derived shared key have higher information security and use security.
在一些实施例中,所述方法还包括:In some embodiments, the method further includes:
生成第一随机数;Generating a first random number;
基于所述共享密钥和所述第一随机数,生成所述加密密钥。The encryption key is generated based on the shared key and the first random number.
在本实施例中所述UE可以采用随机算法生成第一随机数,利用第一随机数和共享密钥生成所述加密密钥。在实现时,还可以引入其他常数来生成所述加密密钥。In this embodiment, the UE may generate a first random number by using a random algorithm, and generate the encryption key by using the first random number and the shared key. Other constants may also be introduced to generate the encryption key when implemented.
可选地,所述方法还包括:Optionally, the method further includes:
生成第二随机数;Generating a second random number;
基于所述共享密钥和所述第二随机数,生成完整性密钥;Generating an integrity key based on the shared key and the second random number;
所述方法还包括:The method further includes:
利用所述完整性密钥,对所述第二身份信息进行完整性保护。The second identity information is integrity protected by using the integrity key.
这里的第二随机数,也可以UE采用随机算法生成的,在后续与网络侧的信息交互过程中,所述UE会将所述第一随机数和所述第二随机数分别发送给网络侧,方便网络侧也结合随机数和共享密钥生成加密密钥和完整性密钥。当然在生成完整性密钥生成的过程中,也可以引入其他生成因素,例如,引入另一个常数,利用密钥生成算法生成所述完整性密钥。The second random number may be generated by the UE by using a random algorithm. In the subsequent information exchange with the network side, the UE sends the first random number and the second random number to the network side respectively. The convenient network side also generates an encryption key and an integrity key in combination with a random number and a shared key. Of course, in the process of generating the integrity key generation, other generation factors may also be introduced, for example, another constant is introduced, and the integrity key is generated by using a key generation algorithm.
在一些实施例中,所述方法还包括:In some embodiments, the method further includes:
根据所述共享密钥生成第二会话密钥;Generating a second session key according to the shared key;
通过与所述网络侧进行信息交互,验证所述第二会话密钥和所述网络侧根据所述共享密钥生成的第一会话密钥是否一致。And verifying whether the second session key and the first session key generated by the network side according to the shared key are consistent by performing information interaction with the network side.
在本实施例中UE通过与网络侧的认证请求消息及验证的结果的交互,可以实现会话密钥的验证,可以避免网络侧和UE生成的会话密钥的不一致导致的会话失败的问题。这里的会话密钥的验证详细描述,可以参见前述 实施例。In this embodiment, the UE can implement the verification of the session key by interacting with the authentication request message and the result of the verification on the network side, and avoid the problem of session failure caused by the inconsistency of the session key generated by the network side and the UE. Here is a detailed description of the verification of the session key, see the above Example.
此外,所述方法还包括:In addition, the method further includes:
接收网络侧在确定出有受到预定类型的攻击时,发送的哈希挑战指示;a receiving hash challenge indication sent by the receiving network side when it is determined that there is a predetermined type of attack;
响应所述哈希挑战指示,向所述网络侧返回哈希挑战响应;Returning a hash challenge response to the network side in response to the hash challenge indication;
所述步骤S220可包括:The step S220 may include:
当所述哈希挑战响应确定出哈希挑战成功时,与所述网络侧进行密钥协商。When the hash challenge response determines that the hash challenge is successful, key negotiation is performed with the network side.
在本实施例中所述预定类型的攻击,可为前述DoS攻击。在本实施例中UE通过所述哈希挑战指示的接收,以及哈希挑战的处理,形成哈希挑战响应的成功时,才进行所述步骤S220,可以防御所述DoS攻击等。In the embodiment, the predetermined type of attack may be the foregoing DoS attack. In the embodiment, the UE performs the step S220 by receiving the hash challenge indication and the hash challenge processing to form a hash challenge response, and the DoS attack and the like may be defended.
如图3所示,本实施例提供一种信息处理装置,包括第一接收单元110、判断单元120、第一协商单元130及解密单元140:As shown in FIG. 3, the embodiment provides an information processing apparatus, including a first receiving unit 110, a determining unit 120, a first negotiating unit 130, and a decrypting unit 140:
所述第一接收单元110,配置为接收用户设备UE发送的附着请求;The first receiving unit 110 is configured to receive an attach request sent by the user equipment UE;
所述判断单元120,配置为判断所述附着请求中是否有携带第一身份信息;The determining unit 120 is configured to determine whether the first identity information is carried in the attach request.
所述第一协商单元130,配置为当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商;其中,所述密钥协商用于获得对所述UE的第二身份信息加密的加密密钥;The first negotiating unit 130 is configured to: when the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; wherein the key negotiation And an encryption key used to obtain second identity information of the UE;
所述第一接收单元110,配置为接收所述UE利用所述加密密钥加密的发送的第二身份信息;The first receiving unit 110 is configured to receive the sent second identity information that is encrypted by the UE by using the encryption key;
所述解密单元140,配置为利用所述加密密钥解密所述第二身份信息;其中,所述第二身份信息用于为所述UE分配第一身份信息。The decrypting unit 140 is configured to decrypt the second identity information by using the encryption key, where the second identity information is used to allocate first identity information to the UE.
本实施例提供了一种信息处理装置,该信息处理装置可为应用于MME或HSS,CP-AU等的信息处理结构。This embodiment provides an information processing apparatus, which may be an information processing structure applied to an MME or an HSS, a CP-AU, or the like.
所述第一接收单元110及所述第一协商单元130对应的物理结构可包括通信接口。该通信接口可用于接收UE发送的数据。 The physical structure corresponding to the first receiving unit 110 and the first negotiating unit 130 may include a communication interface. The communication interface can be used to receive data sent by the UE.
所述第一协商单元130对应的硬件结构还可包括处理器或处理电路。The hardware structure corresponding to the first negotiating unit 130 may further include a processor or a processing circuit.
所述判断单元120和所述解密单元140同样可对应于处理器或处理电路。所述处理器可包括中央处理器CPU、数字信号处理器DSP、微处理器MCU、数字信号处理器DSP或应用处理器AP或可编程阵列PLC等。所述处理电路可包括专用集成电路。所述处理器或处理电路可通过预定代码的执行,可以实现上述判断单元120、第一协商单元130及解密单元140的数据处理,从而通过密钥的协商,避免所述UE的第二身份信息的明文传输,提升UE的第二身份信息的保护。The determining unit 120 and the decrypting unit 140 may also correspond to a processor or a processing circuit. The processor may include a central processing unit CPU, a digital signal processor DSP, a microprocessor MCU, a digital signal processor DSP or an application processor AP or a programmable array PLC, and the like. The processing circuit can include an application specific integrated circuit. The processor or the processing circuit can implement the data processing of the determining unit 120, the first negotiating unit 130, and the decrypting unit 140 by performing the execution of the predetermined code, so as to avoid the second identity information of the UE by using the key negotiation. The plaintext transmission enhances the protection of the second identity information of the UE.
在一些实施例中,所述判断单元120,还配置为判断所述UE是否完成共享密钥的协商;其中,所述共享密钥用于会话密钥的生成;In some embodiments, the determining unit 120 is further configured to determine whether the UE completes negotiation of a shared key, where the shared key is used for generating a session key;
所述第一协商单元130,配置为当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商;基于所述共享密钥的协商生成所述加密密钥。The first negotiating unit 130 is configured to: when the first identity information is not carried in the attach request, perform a key negotiation with the UE according to the public key infrastructure PKI network certificate; based on the shared key Negotiation generates the encryption key.
在本实施例中所述判断单元120,具体用于进行共享密钥的协商,在本实施例将共享密钥的协商作为所述加密密钥的协商,这样可以利用共享密钥的协商,完成加密密钥的协商,后续也不用再重复所述共享密钥的协商,简化了与UE之间的信息交互,减少密钥的计算量。在本实施例中所述协商可为前述任意一种DH密钥协商。In the embodiment, the determining unit 120 is specifically configured to perform the negotiation of the shared key. In this embodiment, the negotiation of the shared key is used as the negotiation of the encryption key, so that the negotiation of the shared key can be completed. The negotiation of the encryption key does not need to repeat the negotiation of the shared key, which simplifies the information interaction with the UE and reduces the calculation amount of the key. In the embodiment, the negotiation may be any one of the foregoing DH key negotiation.
在一些实施例中,所述第一协商单元130,还配置为与所述UE,利用所述网络证书进行密钥协商生成所述共享密钥;其中,所述共享密钥和随机产生的第一随机数,共同用于生成所述加密密钥。在本实施例中所述共享密钥用于和第一随机数,共同生成加密密钥。In some embodiments, the first negotiating unit 130 is further configured to generate, by using the network certificate, key sharing to generate the shared key with the UE; wherein the shared key and the randomly generated A random number is used together to generate the encryption key. In this embodiment, the shared key is used to generate an encryption key together with the first random number.
例如,所述第一协商单元130,配置为当所述附着请求中未携带有所述第一身份信息时,基于所述网络证书,通过与所述UE的信息交互,并利用迪菲赫尔曼集成加密算法或椭圆曲线集成加密算法推导所述共享密钥。For example, the first negotiating unit 130 is configured to: when the first identity information is not carried in the attach request, interact with the information of the UE based on the network certificate, and use Diffel The shared key is derived by a Man integrated encryption algorithm or an elliptic curve integrated encryption algorithm.
在本实施例中所述网络证书可为推导密钥的证书,且具有再利用PKI 验证该网络证书的合法性和有效性的特点,利用合法或有效的网络证书推导出的密钥的正确性的特点,从而可以在密钥协商过程中,防御中间非法者的主动攻击。In this embodiment, the network certificate may be a certificate for deriving a key, and has a reuse PKI. The characteristics of the validity and validity of the network certificate are verified, and the correctness of the key derived by the legal or valid network certificate is utilized, so that the active attack of the intermediate illegal person can be defended in the key negotiation process.
在一些实施例中,所述共享密钥和随机产生的第二随机数,共同用于生成完整性密钥;所述完整性密钥用于对所述第二身份信息进行完整性保护。In some embodiments, the shared key and the randomly generated second random number are used together to generate an integrity key; the integrity key is used to perform integrity protection on the second identity information.
在本实施例中同时利用共享密钥生成加密密钥和完整性密钥,这样利用加密密钥可以对第二身份信息进行加密保护,还可以利用完整性密钥对第二身份信息进行保证性保护。In this embodiment, the encryption key and the integrity key are simultaneously generated by using the shared key, so that the second identity information can be encrypted and protected by using the encryption key, and the second identity information can be guaranteed by using the integrity key. protection.
在一些实施例中,所所述装置还包括第一生成单元及第一验证单元:所述第一生成单元,配置为根据所述共享密钥生成所述第一会话密钥;所述第一验证单元,配置为通过与所述UE进行信息交互,验证所述第一会话密钥和所述UE根据所述共享密钥生成的第二会话密钥是否一致。In some embodiments, the apparatus further includes a first generating unit and a first verifying unit: the first generating unit, configured to generate the first session key according to the shared key; The verification unit is configured to verify whether the first session key and the second session key generated by the UE according to the shared key are consistent by performing information interaction with the UE.
在本实施例中还会对进行网络侧和UE侧,分别给予共享密钥生成的会话密钥进行密钥的验证,可以通过验证减少因为网络侧和UE侧生成的会话密钥不一致导致后续的会话失败的现象。In this embodiment, the session key generated by the shared key is separately authenticated on the network side and the UE side, and the session key generated by the network side and the UE side may be reduced by verification to cause subsequent The phenomenon of session failure.
在一些实施例中,所述装置还包括确定单元及第一发送单元:In some embodiments, the apparatus further includes a determining unit and a first sending unit:
所述确定单元,配置为确定当前是否有受到预定类型的攻击;所述第一发送单元,用于当受到预定类型的攻击时,向所述UE发送哈希挑战指示;所述第一接收单元110,用于接收所述UE基于所述哈希挑战指示返回的哈希挑战响应;所述第一协商单元130,用于当所述哈希挑战响应指示哈希挑战成功时,与所述UE进行密钥协商。The determining unit is configured to determine whether a predetermined type of attack is currently received; the first sending unit is configured to send a hash challenge indication to the UE when subjected to a predetermined type of attack; the first receiving unit The first negotiation unit 130 is configured to receive, by the UE, a hash challenge response that is returned by the UE according to the hash challenge indication, where the first negotiation unit 130 is configured to: when the hash challenge response indicates that the hash challenge is successful, Perform key negotiation.
在本实施例中还会在检测到受到预定类型的攻击时,可以进行哈希挑战的处理,从而防御所述预定类型的攻击。可选地,所述确定单元,还用于根据受到所述预定类型的攻击的严重程度信息,确定所述哈希挑战的难易程度。这样可以针对不同严重程度预定类型的攻击,实现不同难度的哈 希挑战的处理,以平衡计算量和安全性的处理。In the present embodiment, when a predetermined type of attack is detected, a hash challenge process can be performed to defend against the predetermined type of attack. Optionally, the determining unit is further configured to determine, according to the severity information of the attack of the predetermined type, the difficulty level of the hash challenge. This can be used to target different types of attacks for different severity levels. The challenge is handled to balance the computational complexity and security of the processing.
如图4所示,本实施例还提供了一种信息处理装置,包括:As shown in FIG. 4, the embodiment further provides an information processing apparatus, including:
第二发送单元210,配置为向网络侧发送附着请求;The second sending unit 210 is configured to send an attach request to the network side;
第二协商单元220,配置为基于公钥基础设施PKI的网络证书,与网络侧进行密钥协商;其中,所述密钥协商是在所述网络侧确定出所述附着请求中未携带有用户设备UE的第一身份信息时发送的,且所述密钥协商用于获得对用户设备UE的第二身份信息加密的加密密钥;The second negotiation unit 220 is configured to perform key negotiation with the network side based on the network certificate of the public key infrastructure PKI, where the key negotiation is that the network side determines that the user does not carry the attach request. The first identity information of the UE is sent, and the key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
所述第二发送单元220,还配置为将利用所述加密密钥加密所述UE的第二身份信息,发送给所述网络侧。The second sending unit 220 is further configured to: encrypt the second identity information of the UE by using the encryption key, and send the second identity information to the network side.
本实施例所述信息处理装置,可为运行在UE中的信息处理装置,通过在附着请求触发的密钥协商,可以减少UE以明文的形式向网络侧发送第二身份信息,减少第二身份信息暴露的风险,提升第二身份信息的安全性。The information processing apparatus in this embodiment may be an information processing apparatus that is used in the UE, and may reduce the UE to send the second identity information to the network side in the form of a plaintext, and reduce the second identity by using the key negotiation triggered by the attach request. The risk of information exposure increases the security of the second identity information.
所述第二发送单元220可对应于UE中的发送天线等通信接口。所述第二协商单元220可包括处理器或处理电路。这里的处理器或处理电路可参见前述实施例中,此处就不在重复了。同样所述处理器或处理电路可通过预定代码的执行,完成所述密钥协商。The second sending unit 220 may correspond to a communication interface such as a transmitting antenna in the UE. The second negotiating unit 220 can include a processor or processing circuitry. The processor or processing circuit herein can be referred to the foregoing embodiment and will not be repeated here. Also the processor or processing circuitry may complete the key negotiation by execution of a predetermined code.
在一些实施例中,所述第二协商单元220,配置为基于所述网络证书,与网络侧进行共享密钥的协商;其中,所述共享密钥用于会话密钥的生成。例如,通过DH密钥协商,获得所述共享密钥。In some embodiments, the second negotiating unit 220 is configured to perform a negotiation of a shared key with the network side based on the network certificate; wherein the shared key is used for generation of a session key. For example, the shared key is obtained by DH key negotiation.
例如,所述第二协商单元220,配置为基于所述网络证书,利用迪菲赫尔曼集成加密算法或椭圆曲线集成加密算法推导所述共享密钥。For example, the second negotiating unit 220 is configured to derive the shared key by using a Diffie Hermann integrated encryption algorithm or an elliptic curve integrated encryption algorithm based on the network certificate.
当然所述第二协商单元220推导所述共享密钥的算法有多种,以上所述迪菲赫尔曼集成加密算法及所述椭圆曲线集成加密算法都仅是举例,具体实现时不局限于上述任何一种算法。Certainly, the algorithm for deriving the shared key by the second negotiating unit 220 is different. The above-mentioned Dieffie Herman integrated encryption algorithm and the elliptic curve integrated encryption algorithm are only examples, and the specific implementation is not limited to Any of the above algorithms.
在一些实施例中,所述装置还包括:第二生成单元,用于生成第一随机数;基于所述共享密钥和所述第一随机数,生成所述加密密钥。 In some embodiments, the apparatus further includes: a second generating unit, configured to generate a first random number; and generate the encryption key based on the shared key and the first random number.
这里的第一随机数可为随机生成的任意的一个数值,所述共享密钥和第一随机数生成加密密钥。The first random number here may be any one of randomly generated values, and the shared key and the first random number generate an encryption key.
在一些实施例中,所述第二生成单元,还用于生成第二随机数;基于所述共享密钥和所述第二随机数,生成完整性密钥;所述装置还包括:完整性保护单元,配置为利用所述完整性密钥,对所述第二身份信息进行完整性保护。In some embodiments, the second generating unit is further configured to generate a second random number; generate an integrity key based on the shared key and the second random number; the device further includes: integrity And a protection unit configured to perform integrity protection on the second identity information by using the integrity key.
所述第一随机数和所述第二随机数都是随机生成的,可以相同,也可以不同,在实现时,所述第一随机数和所述第二随机优选为不同。所述第二生成单元在生成随机数,发现两个随机数相同,则可以至少重新生成第一随机数和第二随机数中的一个,从而可以方便生成不同的加密密钥和完整性密钥。但是在一些实施例中,生成所述加密密钥和所述完整性密钥的算法可以相同,也可以不同,在本实施例中优选为不同,以提升第二身份信息的安全性和隐私性。The first random number and the second random number are randomly generated, and may be the same or different. When implemented, the first random number and the second random number are preferably different. When the second generating unit generates a random number and finds that the two random numbers are the same, at least one of the first random number and the second random number may be regenerated, so that different encryption keys and integrity keys may be conveniently generated. . However, in some embodiments, the algorithm for generating the encryption key and the integrity key may be the same or different, and is preferably different in this embodiment to improve the security and privacy of the second identity information. .
在一些实施例中,所述第二生成单元,配置为根据所述共享密钥生成第二会话密钥;所述装置还包括第二验证单元,用于通过与所述网络侧进行信息交互,验证所述第二会话密钥和所述网络侧根据所述共享密钥生成的第一会话密钥是否一致。In some embodiments, the second generating unit is configured to generate a second session key according to the shared key; the device further includes a second verification unit, configured to perform information interaction with the network side, Verifying whether the second session key and the first session key generated by the network side according to the shared key are consistent.
这里的第二生成单元,还会生成第二会话密钥。所述第二验证单元对应的物理结构同样可为处理器或处理电路,处理器或处理电路通过预定代码的执行,可以实现会话密钥的验证,避免网络侧和UE侧生成的会话密钥的不同导致的问题。The second generation unit here also generates a second session key. The physical structure corresponding to the second verification unit may also be a processor or a processing circuit, and the processor or the processing circuit may implement the verification of the session key by executing the predetermined code, and avoid the session key generated by the network side and the UE side. Different problems.
在一些实施例中,所述第二接收单元,配置为接收网络侧在确定出有受到预定类型的攻击时,发送的哈希挑战指示;所述装置还包括:响应单元,配置为响应所述哈希挑战指示,向所述网络侧返回哈希挑战响应;所述第二协商单元220,用于当所述哈希挑战响应确定出哈希挑战成功时,与所述网络侧进行密钥协商。 In some embodiments, the second receiving unit is configured to receive a hash challenge indication sent by the network side when it is determined that the attack is subjected to a predetermined type; the apparatus further includes: a response unit configured to respond to the a hash challenge indication, returning a hash challenge response to the network side; the second negotiation unit 220, configured to perform key negotiation with the network side when the hash challenge response determines that the hash challenge is successful .
在本实施例中所述装置还引入了响应单元,该响应单元的物理结构同样可对应于处理器或处理电路。所述处理器或处理电路可通过代码执行,实现哈希挑战的处理。所述第二协商单元,将在哈希挑战成功时,才进行密钥协商;这样可以避免在收到预定类型的攻击时,还进行密钥协商导致协商的密钥被泄漏,从而导致的UE的第二身份信息的泄漏的问题。The device in this embodiment also introduces a response unit whose physical structure can likewise correspond to a processor or processing circuit. The processor or processing circuitry can be executed by code to implement the processing of the hash challenge. The second negotiating unit will perform key negotiation only when the hash challenge is successful; this can avoid the UE that is negotiated and the key that is negotiated is leaked when the key negotiation is received. The problem of the leakage of the second identity information.
以下结合上述实施例提供一个应用示例:An application example is provided below in conjunction with the above embodiments:
本示例提供一种信息处理方法,可分为多个阶段;如图5所示,所述阶段可包括身份管理阶段、AKA阶段及安全模式命令阶段。在图5中身份管理阶段可包括步骤1-3;所述AKA阶段可包括步骤4-6;安全模式命令阶段可包括步骤7、8。本示例提供的信息处理方法可具体包括:The present example provides an information processing method that can be divided into multiple stages; as shown in FIG. 5, the stage can include an identity management phase, an AKA phase, and a security mode command phase. The identity management phase may include steps 1-3 in FIG. 5; the AKA phase may include steps 4-6; and the secure mode command phase may include steps 7, 8. The information processing method provided in this example may specifically include:
1:UE向CP-AU发送附着请求,以发起附着流程。1: The UE sends an attach request to the CP-AU to initiate an attach procedure.
2:CP-AU发送身份请求,并携带有哈希挑战指示和证书,具体可包括:CP-AU判断出附着请求中未携带GUTI等临时身份信息,并检测到CP-AU与UE是否已将建立了DH密钥KDH。若附着请求中未携带GUTI等临时身份信息且未与UE建立DH密钥,则发送身份请求。CP-AU将进入第6步。否则,CP-AU发送身份请求返回给UE,其可选地包括用以挫败DoS攻击的哈希挑战指示。如果附着请求消息中不含有临时身份,CP-AU同样也发身份请求消息给UE。如果CP-AU确定自己受到DoS攻击,CP-AU就会把哈希挑战指示嵌入到身份请求里。哈希挑战的构造方法如下:CP-AU随机生成与二进制长度为n的正整数x,并计算x和附着请求的哈希值,即hash(x,附着请求),其中n是由CP-AU使用资源的程度确定的,使用资源程度越高,n值越大。hash(x,附着请求)和n构成哈希挑战。在本实施例中所述证书即为前述的网络证书。这里的网络证书可以利用数字签名验证算法验证该证书的有效性或合法性的证书,可用于推导密钥,以实现密钥协商。2: The CP-AU sends an identity request and carries the hash challenge indication and the certificate, which may include: the CP-AU determines that the attachment request does not carry the temporary identity information such as the GUTI, and detects whether the CP-AU and the UE have The DH key K DH is established. If the attach request does not carry temporary identity information such as GUTI and does not establish a DH key with the UE, the identity request is sent. CP-AU will proceed to step 6. Otherwise, the CP-AU sends an identity request back to the UE, which optionally includes a hash challenge indication to defeat the DoS attack. If the attach request message does not contain a temporary identity, the CP-AU also sends an identity request message to the UE. If the CP-AU determines that it is subject to a DoS attack, the CP-AU will embed the hash challenge indication into the identity request. The construction method of the hash challenge is as follows: CP-AU randomly generates a positive integer x with a binary length of n, and calculates the hash value of x and the attach request, ie hash (x, attach request), where n is by CP-AU The degree of use of the resource is determined, and the higher the degree of use of the resource, the larger the value of n. Hash (x, attach request) and n form a hash challenge. In the embodiment, the certificate is the aforementioned network certificate. The network certificate here can use a digital signature verification algorithm to verify the validity or legality of the certificate, and can be used to derive a key for key negotiation.
2a:UE解出哈希挑战,生成DH私钥KUpri,并计算DH公钥 KUpub,推导UE和CP-AU间的共享密钥KDH,产生随机数nonce,并推导出加密密钥KE和完整性密钥KM。步骤2a具体可包括:UE在收到身份请求消息,如果哈希挑战指示存在,UE将首先尝试找到正确的整数x`,通过比较hash(x`,附着请求)是否与hash(x,附着请求)相等得出。整数x`作为哈希响应。UE借助数字签名验证算法验证所述证书的有效性,并利用有效的证书推导出DH公钥KUpub,并使用KUpri和CP-AU的KCpub派生成与CP-AU之间的共享密钥KDH2a: The UE solves the hash challenge, generates the DH private key KU pri , and calculates the DH public key KU pub , deducing the shared key K DH between the UE and the CP-AU, generating a random number nonce, and deriving the encryption key K E and integrity key K M . The step 2a may specifically include: the UE receives the identity request message, if the hash challenge indication exists, the UE will first try to find the correct integer x`, by comparing the hash (x, attach request) with the hash (x, attach request) ) is equal. The integer x` is used as a hash response. The UE verifies the validity of the certificate by means of a digital signature verification algorithm, and derives the DH public key KU pub with a valid certificate, and generates a shared key with the CP-AU using the KC pub of KU pri and CP-AU. K DH .
3:UE向CP-AU发送身份响应。该身份响应中携带有nonce、KUpub、KE加密的正式身份信息、MAC0。所述步骤3可包括:为了加密UE的正式身份信息,UE产生一个随机数nonce,并导出加密密钥KE和完整性密钥KM。KE和KM的计算方法如下:3: The UE sends an identity response to the CP-AU. The identity response carries the official identity information encrypted by nonce, KU pub , and K E , and MAC0. The step 3 may include: in order to encrypt the official identity information of the UE, the UE generates a random number nonce, and derives the encryption key K E and the integrity key K M . K E and K M are calculated as follows:
KE=KDF(nonce,KDH,C1);K E = KDF (nonce, K DH , C1);
KM=KDF(nonce,KDH,C2);K M =KDF(nonce, K DH , C2);
这里KDF是密钥推导函数。如果采用认证加密方法用于加密UE的身份,只要生成加密密钥KE。所述C1和C2为两个常数。所述随机数nonce、KDH,C1为生成加密密钥的已知量。所述nonce,KDH及C2为生成完整性密性密钥的已知量。这里的KM用于进行完整性验证。Here KDF is the key derivation function. If the authentication encryption method is used to encrypt the identity of the UE, only the encryption key K E is generated. The C1 and C2 are two constants. The random numbers nonce, K DH , C1 are known quantities for generating an encryption key. The nonce, K DH and C2 are known quantities that generate an integrity key. The K M here is used for integrity verification.
3a:CP-AU验证哈希响应,推导UE和CP-AU间的共享密钥KDH,推导加密密钥KE及完整性密钥KM,并通过KE获取所述UE的正式身份信息。所述步骤3a具体可包括:接收到来自UE的身份响应后,如果哈希响应在该消息中,CP-AU把它与x进行比较。如果两者不相等,CP-AU将中止附着流程。否则,CP-AU使用其私钥KCpri和UE的公钥KUpub派生出与UE之间的共享密钥KDH,并与UE同样的方式计算出加密密钥KE和完整性密钥KM。然后,CP-AU验证MAC0,如果验证成功,它使用KE解密消息的加密部分得到UE的真实身份信息,否则,CP-AU终止附着流程。3a: The CP-AU verifies the hash response, derives the shared key K DH between the UE and the CP-AU, derives the encryption key K E and the integrity key K M , and acquires the official identity information of the UE through K E . The step 3a may specifically include: after receiving the identity response from the UE, if the hash response is in the message, the CP-AU compares it with x. If the two are not equal, the CP-AU will abort the attach process. Otherwise, the CP-AU derives the shared key K DH with the UE using its private key KC pri and the public key KU pub of the UE, and calculates the encryption key K E and the integrity key K in the same manner as the UE. M. Then, CP-AU verify MAC0, if authentication is successful, it uses the encrypted portion K E decrypt the message get the real identity of the UE, otherwise, CP-AU terminate the attachment process.
4:CP-AU向认证授权记账(Authentication Authorization Accounting, AAA服务器)服务器发送认证数据请求,该认证数据请求携带有(正式身份信息)。4: CP-AU accounts for Authorization Authorization Accounting (Authentication Authorization Accounting, The AAA server) server sends an authentication data request carrying (official identity information).
5:AAA服务器向CP-AU发送认证向量,具体可包括:AAA服务器根据UE的正式身份信息查找UE的根密钥Ki,并依据根密钥Ki计算出认证向量。然后AAA服务器发送认证向量给CP-AU。5: The AAA server sends the authentication vector to the CP-AU. Specifically, the AAA server searches for the root key Ki of the UE according to the official identity information of the UE, and calculates an authentication vector according to the root key Ki. The AAA server then sends the authentication vector to the CP-AU.
6:CP-AU与UE相互认证,具体可包括:基于AAA服务器发送的认证向量,计算出中间密钥Kmid,包括:UE和CP-AU分别推到Kmid并使用Kmid和KDH计算会话密钥Ks。例如,可利用Ks=KDF(KDH,Kmid)计算得到所述会话密钥Ks。6: The mutual authentication of the CP-AU and the UE may include: calculating the intermediate key K mid based on the authentication vector sent by the AAA server, including: UE and CP-AU are respectively pushed to K mid and calculated by using K mid and K DH respectively . Session key Ks. For example, the session key Ks can be calculated using Ks=KDF(K DH , K mid ).
7:CP-AU向UE发送安全模式命令消息及MAC1,具体可包括:CP-AU发送安全模式命令消息给UE,该安全模式命令消息的认证码MAC1是通过使用会话密钥Ks来计算。7: The CP-AU sends the security mode command message and the MAC1 to the UE, and the method may include: the CP-AU sends a security mode command message to the UE, where the authentication code MAC1 of the security mode command message is calculated by using the session key Ks.
8:UE向CP-AU发送安全模式完成消息及MAC2给CP-AU,可具体包括:UE通过使用会话密钥Ks验证所接收的MAC1。如果验证失败,则UE终止附着流程。否则,UE用安全模式完成消息响应CP-AU,其消息认证码MAC2是通过使用会话密钥Ks来计算。接到安全模式完成消息后,CP-AU检查MAC2的正确性。如果检查失败,CP-AU中止附着流程。否则,UE和CP-AU完成附着流程。8: The UE sends the security mode complete message and the MAC2 to the CP-AU to the CP-AU, which may specifically include: the UE verifies the received MAC1 by using the session key Ks. If the verification fails, the UE terminates the attach procedure. Otherwise, the UE completes the message response CP-AU in a secure mode whose message authentication code MAC2 is calculated by using the session key Ks. After receiving the security mode completion message, the CP-AU checks the correctness of the MAC2. If the check fails, the CP-AU aborts the attach process. Otherwise, the UE and the CP-AU complete the attach procedure.
UE和CP-AU在分别成功验证MAC1和MAC2后可以保证他们拥有相同的会话密钥Ks。这可意味着,他们已经拥有相同的共享密钥KDH。最后密钥KDH被存储分别在UE和CP-AU里,以用于在下一次附着流程中生成新的会话密钥。The UE and the CP-AU can guarantee that they have the same session key Ks after successfully verifying MAC1 and MAC2 respectively. This can mean that they already have the same shared key K DH . The last key K DH is stored in the UE and CP-AU, respectively, for generating a new session key in the next attach procedure.
本发明实施例还提供一种电子设备,其中,所述电子设备包括:收发器、存储器及处理器;至少部分所述存储器存储有计算机可执行指令;An embodiment of the present invention further provides an electronic device, where the electronic device includes: a transceiver, a memory, and a processor; at least a portion of the memory stores computer executable instructions;
所述处理器,分别与所述收发器及存储器连接,配置为执行所述计算机可执行指令,通过执行所述计算机可执行应用于网络侧的信息处理方法 中的一个或多个,或者,用于通过计算机可执行指令实现应用于UE中的信息处理方法,例如,可执行如图1、图2及图5所示方法中的一个或多个。The processor is respectively connected to the transceiver and the memory, configured to execute the computer executable instruction, and the information processing method applied to the network side by executing the computer executable One or more of them, or for implementing an information processing method applied to the UE by computer executable instructions, for example, one or more of the methods shown in FIG. 1, FIG. 2, and FIG.
所述计算可执行指令可包括:计算机程序和/或软件。The computing executable instructions can include: a computer program and/or software.
本实施例中所述收发器可对应于网络接口,所述网络接口可为电缆接口、可以用于其他网元进行数据交互。The transceiver in this embodiment may correspond to a network interface, and the network interface may be a cable interface, and may be used for data interaction of other network elements.
所述存储器可包括:各种类型的存储介质,可以用于数据存储。在本实施例中,所述存储器包括的存储介质至少部分为非易失性存储介质,可以用于存储所述计算机程序等计算机可执行指令。The memory can include: various types of storage media that can be used for data storage. In this embodiment, the memory includes a storage medium that is at least partially a non-volatile storage medium and can be used to store computer-executable instructions such as the computer program.
所述处理器可包括:中央处理器、微处理器、数字信号处理器、应用处理器、专用集成电路或可编程阵列等,可以用于通过计算机可执行指令的执行,实现第二身份信息的分配、信息传输的加密等上述一个或多个技术方案中的信息处理方法的实现。The processor may comprise: a central processing unit, a microprocessor, a digital signal processor, an application processor, an application specific integrated circuit or a programmable array, etc., which may be used to implement second identity information by execution of computer executable instructions. Implementation of an information processing method in one or more of the above-described technical solutions, such as allocation, encryption of information transmission, and the like.
在本实施例中,所述处理器可通过集成电路总线等设备内总线,与所述收发器及存储器连接。In this embodiment, the processor can be connected to the transceiver and the memory through an in-device bus such as an integrated circuit bus.
本实施例提供的电子设备可包括:前述的应用于网元中或UE中的信息处理装置,例如,可包括:图3或图4所示的信息处理装置。The electronic device provided in this embodiment may include: the foregoing information processing device applied to the network element or the UE, for example, may include the information processing device shown in FIG. 3 or FIG. 4.
本发明实施例还提供一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于通过执行所述计算机可执行应用于网络侧的信息处理方法中的一个或多个,或者,用于通过计算机可执行指令实现应用于UE中的信息处理方法,例如,可执行如图1、图2及图5所示方法中的一个或多个。The embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the information processing method applied to the network side by executing the computer. One or more, or for implementing an information processing method applied to the UE by computer executable instructions, for example, one or more of the methods shown in FIGS. 1, 2, and 5 may be performed.
本发明实施例提供的计算机存储介质包括:移动存储设备、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。可选为,所述计算机存储介质可为非瞬间存储介质。这里的非瞬间存储介质又可以称为非易失性存储介质。 The computer storage medium provided by the embodiment of the invention includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. Medium. Optionally, the computer storage medium can be a non-transitory storage medium. The non-transitory storage medium herein may also be referred to as a non-volatile storage medium.
在本申请所提供的几个实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。以上所描述的设备实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,如:多个单元或组件可以结合,或可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的各组成部分相互之间的耦合、或直接耦合、或通信连接可以是通过一些接口,设备或单元的间接耦合或通信连接,可以是电性的、机械的或其它形式的。In the several embodiments provided by the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed. In addition, the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
上述作为分离部件说明的单元可以是、或也可以不是物理上分开的,作为单元显示的部件可以是、或也可以不是物理单元,即可以位于一个地方,也可以分布到多个网络单元上;可以根据实际的需要选择其中的部分或全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各实施例中的各功能单元可以全部集成在一个处理模块中,也可以是各单元分别单独作为一个单元,也可以两个或两个以上单元集成在一个单元中;上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the above integration The unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述的程序可以存储于一计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质包括:移动存储设备、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。A person skilled in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by using hardware related to the program instructions. The foregoing program may be stored in a computer readable storage medium, and the program is executed when executed. The foregoing storage device includes the following steps: the foregoing storage medium includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk. A medium that can store program code.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,凡按照本发明原理所作的修改,都应当理解为落入本发明的保护范围。 The above is only the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and modifications made in accordance with the principles of the present invention should be understood as falling within the scope of the present invention.
工业实用性Industrial applicability
本发明实施例中基站等网元会判断UE发送的附着请求中是否有携带预定的身份信息(即第一身份信息),若未携带可认为当前未给该UE分配预定的身份信息,则发起密钥协商的流程,在完成密钥协商流程之后,自动分配第二身份信息,并将第二身份信息发送给UE。这样的话,一方面实现了预定的身份信息的自用分配,另一方面通过协商的密钥进行加密传输,降低了第二身份信息被窃密的概率,提升了第二身份的安全性。故具有积极的工业效果。于此同时,可以通过改造网元和UE之间的信息交互流程实现本发明实施例提供的技术方案,具有实现简单及可在通信和网络技术领域内广泛推广的前景。 In the embodiment of the present invention, the network element, such as the base station, determines whether the connection request sent by the UE carries the predetermined identity information (that is, the first identity information), and if it is not carried, it can be considered that the UE is not currently assigned the predetermined identity information, and then After the key negotiation process is completed, the second identity information is automatically allocated, and the second identity information is sent to the UE. In this way, on the one hand, the self-use allocation of the predetermined identity information is realized, and on the other hand, the encrypted transmission is performed by the negotiated key, the probability of the second identity information being secreted is reduced, and the security of the second identity is improved. Therefore, it has a positive industrial effect. At the same time, the technical solution provided by the embodiment of the present invention can be implemented by modifying the information interaction process between the network element and the UE, and has the advantages of simple implementation and wide promotion in the field of communication and network technologies.

Claims (32)

  1. 一种信息处理方法,包括:An information processing method includes:
    接收用户设备UE发送的附着请求;Receiving an attach request sent by the user equipment UE;
    判断所述附着请求中是否有携带第一身份信息;Determining whether the first identity information is carried in the attach request;
    当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商;其中,所述密钥协商用于获得对所述UE的第二身份信息加密的加密密钥;When the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; wherein the key negotiation is used to obtain a second for the UE Encryption key for identity information encryption;
    接收所述UE利用所述加密密钥加密的发送的第二身份信息;Receiving the transmitted second identity information that is encrypted by the UE by using the encryption key;
    利用所述加密密钥解密所述第二身份信息;其中,所述第二身份信息用于为所述UE分配第一身份信息。Decrypting the second identity information by using the encryption key; wherein the second identity information is used to allocate first identity information to the UE.
  2. 根据权利要求1所述的方法,其中,The method of claim 1 wherein
    所述方法,还包括:The method further includes:
    判断所述UE是否完成共享密钥的协商;其中,所述共享密钥用于会话密钥的生成;Determining whether the UE completes the negotiation of the shared key; wherein the shared key is used for generating the session key;
    所述当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商,包括:When the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE, including:
    当所述附着请求中未携带有第一身份信息时且所述UE未完成共享密钥的协商时,利用所述网络证书与所述UE进行所述共享密钥的协商;When the first identity information is not carried in the attach request, and the UE does not complete the negotiation of the shared key, the network certificate is used to negotiate the shared key with the UE;
    基于所述共享密钥的协商生成所述加密密钥。The encryption key is generated based on the negotiation of the shared key.
  3. 根据权利要求2所述的方法,其中,The method of claim 2, wherein
    所述当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商,包括:When the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE, including:
    当所述附着请求中未携带有所述第一身份信息时,基于所述网络证书,通过与所述UE的信息交互,并利用迪菲赫尔曼集成加密算法或椭圆曲线集成加密算法推导所述共享密钥。 When the first identity information is not carried in the attach request, based on the network certificate, the information is exchanged with the UE, and the Diffel Herman integrated encryption algorithm or the elliptic curve integrated encryption algorithm is used to derive the location. The shared key.
  4. 根据权利要求2所述的方法,其中,The method of claim 2, wherein
    所述当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商,包括:When the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE, including:
    与所述UE,利用所述网络证书进行密钥协商生成所述共享密钥;And the UE, using the network certificate to perform key agreement to generate the shared key;
    其中,所述共享密钥和随机产生的第一随机数,共同用于生成所述加密密钥。The shared key and the randomly generated first random number are used together to generate the encryption key.
  5. 根据权利要求4所述的方法,其中,The method of claim 4, wherein
    所述共享密钥和随机产生的第二随机数,共同用于生成完整性密钥;所述完整性密钥用于对所述第二身份信息进行完整性保护。The shared key and the randomly generated second random number are used together to generate an integrity key; the integrity key is used for integrity protection of the second identity information.
  6. 根据权利要求2所述的方法,其中,The method of claim 2, wherein
    所述方法还包括:The method further includes:
    根据所述共享密钥生成所述第一会话密钥;Generating the first session key according to the shared key;
    通过与所述UE进行信息交互,验证所述第一会话密钥和所述UE根据所述共享密钥生成的第二会话密钥是否一致。And verifying whether the first session key and the second session key generated by the UE according to the shared key are consistent by performing information interaction with the UE.
  7. 根据权利要求1至6任一项所述的方法,其中,The method according to any one of claims 1 to 6, wherein
    所述方法还包括:The method further includes:
    确定当前是否有受到预定类型的攻击;Determine if there is currently a predetermined type of attack;
    当受到预定类型的攻击时,向所述UE发送哈希挑战指示;Sending a hash challenge indication to the UE when subjected to a predetermined type of attack;
    接收所述UE基于所述哈希挑战指示返回的哈希挑战响应;Receiving a hash challenge response returned by the UE based on the hash challenge indication;
    所述当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商,包括:When the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE, including:
    当所述哈希挑战响应指示哈希挑战成功时,与所述UE进行密钥协商。When the hash challenge response indicates that the hash challenge is successful, key negotiation is performed with the UE.
  8. 根据权利要求7所述的方法,其中,The method of claim 7 wherein
    所述方法还包括:The method further includes:
    根据受到所述预定类型的攻击的严重程度信息,确定所述哈希挑战的难易程度。 The difficulty level of the hash challenge is determined based on the severity information of the attack of the predetermined type.
  9. 一种信息处理方法,包括:An information processing method includes:
    向网络侧发送附着请求;Send an attach request to the network side;
    基于公钥基础设施PKI的网络证书,与网络侧进行密钥协商;其中,所述密钥协商是在所述网络侧确定出所述附着请求中未携带有用户设备UE的第一身份信息时发送的,且所述密钥协商用于获得对用户设备UE的第二身份信息加密的加密密钥;The network certificate of the public key infrastructure PKI is used to perform key agreement with the network side. The key negotiation is performed when the network side determines that the first identity information of the user equipment UE is not carried in the attach request. And the key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
    将利用所述加密密钥加密所述UE的第二身份信息,发送给所述网络侧。The second identity information of the UE is encrypted by using the encryption key, and is sent to the network side.
  10. 根据权利要求9所述的方法,其中,The method of claim 9 wherein
    所述基于公钥基础设施PKI的网络证书,与网络侧进行密钥协商,包括:The network certificate based on the PKI of the public key infrastructure performs key agreement with the network side, including:
    基于所述网络证书,与网络侧进行共享密钥的协商;其中,所述共享密钥用于安全模式下会话密钥的生成。Negotiating a shared key with the network side based on the network certificate; wherein the shared key is used for generating a session key in a secure mode.
  11. 根据权利要求10所述的方法,其中,The method of claim 10, wherein
    所述基于公钥基础设施PKI的网络证书,与网络侧进行密钥协商,包括:The network certificate based on the PKI of the public key infrastructure performs key agreement with the network side, including:
    基于所述网络证书,利用迪菲赫尔曼集成加密算法或椭圆曲线集成加密算法推导所述共享密钥。Based on the network certificate, the shared key is derived using a Diffie Hermann integrated encryption algorithm or an elliptic curve integrated encryption algorithm.
  12. 根据权利要求10所述的方法,其中,The method of claim 10, wherein
    所述方法还包括:The method further includes:
    生成第一随机数;Generating a first random number;
    基于所述共享密钥和所述第一随机数,生成所述加密密钥。The encryption key is generated based on the shared key and the first random number.
  13. 根据权利要求12所述的方法,其中,The method of claim 12, wherein
    所述方法还包括:The method further includes:
    生成第二随机数;Generating a second random number;
    基于所述共享密钥和所述第二随机数,生成完整性密钥;Generating an integrity key based on the shared key and the second random number;
    所述方法还包括: The method further includes:
    利用所述完整性密钥,对所述第二身份信息进行完整性保护。The second identity information is integrity protected by using the integrity key.
  14. 根据权利要求10所述的方法,其中,The method of claim 10, wherein
    所述方法还包括:The method further includes:
    根据所述共享密钥生成第二会话密钥;Generating a second session key according to the shared key;
    通过与所述网络侧进行信息交互,验证所述第二会话密钥和所述网络侧根据所述共享密钥生成的第一会话密钥是否一致。And verifying whether the second session key and the first session key generated by the network side according to the shared key are consistent by performing information interaction with the network side.
  15. 根据权利要求9至14任一项所述的方法,其中,The method according to any one of claims 9 to 14, wherein
    所述方法还包括:The method further includes:
    接收网络侧在确定出有受到预定类型的攻击时,发送的哈希挑战指示;a receiving hash challenge indication sent by the receiving network side when it is determined that there is a predetermined type of attack;
    响应所述哈希挑战指示,向所述网络侧返回哈希挑战响应;Returning a hash challenge response to the network side in response to the hash challenge indication;
    所述基于公钥基础设施PKI的网络证书,与网络侧进行密钥协商,包括:The network certificate based on the PKI of the public key infrastructure performs key agreement with the network side, including:
    当所述哈希挑战响应确定出哈希挑战成功时,与所述网络侧进行密钥协商。When the hash challenge response determines that the hash challenge is successful, key negotiation is performed with the network side.
  16. 一种信息处理装置,包括第一接收单元、判断单元、第一协商单元及解密单元:An information processing apparatus includes a first receiving unit, a determining unit, a first negotiating unit, and a decrypting unit:
    所述第一接收单元,配置为接收用户设备UE发送的附着请求;The first receiving unit is configured to receive an attach request sent by the user equipment UE;
    所述判断单元,配置为判断所述附着请求中是否有携带第一身份信息;The determining unit is configured to determine whether the first identity information is carried in the attach request;
    所述第一协商单元,配置为当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商;其中,所述密钥协商用于获得对所述UE的第二身份信息加密的加密密钥;The first negotiating unit is configured to: when the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; where the key negotiation is used Obtaining an encryption key for encrypting the second identity information of the UE;
    所述第一接收单元,配置为接收所述UE利用所述加密密钥加密的发送的第二身份信息;The first receiving unit is configured to receive the sent second identity information that is encrypted by the UE by using the encryption key;
    所述解密单元,配置为利用所述加密密钥解密所述第二身份信息;其中,所述第二身份信息用于为所述UE分配第一身份信息。The decrypting unit is configured to decrypt the second identity information by using the encryption key; wherein the second identity information is used to allocate first identity information to the UE.
  17. 根据权利要求16所述的装置,其中, The device according to claim 16, wherein
    所述判断单元,还配置为判断所述UE是否完成共享密钥的协商;其中,所述共享密钥用于会话密钥的生成;The determining unit is further configured to determine whether the UE completes the negotiation of the shared key, where the shared key is used for generating the session key;
    所述第一协商单元,配置为当所述附着请求中未携带有第一身份信息时,基于公钥基础设施PKI的网络证书与所述UE进行密钥协商;基于所述共享密钥的协商生成所述加密密钥。The first negotiation unit is configured to: when the first identity information is not carried in the attach request, the network certificate based on the public key infrastructure PKI performs key negotiation with the UE; and the negotiation based on the shared key The encryption key is generated.
  18. 根据权利要求17所述的装置,其中,The device according to claim 17, wherein
    所述第一协商单元,配置为与所述UE,利用所述网络证书进行密钥协商生成所述共享密钥;The first negotiating unit is configured to generate, by using the network certificate, key sharing by using the network certificate to generate the shared key;
    其中,所述共享密钥和随机产生的第一随机数,共同用于生成所述加密密钥。The shared key and the randomly generated first random number are used together to generate the encryption key.
  19. 根据权利要求18所述的装置,其中,The device according to claim 18, wherein
    所述第一协商单元,配置为当所述附着请求中未携带有所述第一身份信息时,基于所述网络证书,通过与所述UE的信息交互,并利用迪菲赫尔曼集成加密算法或椭圆曲线集成加密算法推导所述共享密钥。The first negotiating unit is configured to: when the first identity information is not carried in the attach request, interact with the information of the UE based on the network certificate, and use Dieffie Herman integrated encryption An algorithm or elliptic curve integrated encryption algorithm derives the shared key.
  20. 根据权利要求18所述的装置,其中,The device according to claim 18, wherein
    所述共享密钥和随机产生的第二随机数,共同用于生成完整性密钥;所述完整性密钥用于对所述第二身份信息进行完整性保护。The shared key and the randomly generated second random number are used together to generate an integrity key; the integrity key is used for integrity protection of the second identity information.
  21. 根据权利要求17所述的装置,其中,The device according to claim 17, wherein
    所述装置还包括第一生成单元及第一验证单元:The device further includes a first generating unit and a first verifying unit:
    所述第一生成单元,配置为根据所述共享密钥生成所述第一会话密钥;The first generating unit is configured to generate the first session key according to the shared key;
    所述第一验证单元,配置为通过与所述UE进行信息交互,验证所述第一会话密钥和所述UE根据所述共享密钥生成的第二会话密钥是否一致。The first verification unit is configured to verify whether the first session key and the second session key generated by the UE according to the shared key are consistent by performing information interaction with the UE.
  22. 根据权利要求16至21任一项所述的装置,其中,A device according to any one of claims 16 to 21, wherein
    所述装置还包括确定单元及第一发送单元:The device further includes a determining unit and a first sending unit:
    所述确定单元,配置为确定当前是否有受到预定类型的攻击;The determining unit is configured to determine whether there is currently a predetermined type of attack;
    所述第一发送单元,配置为当受到预定类型的攻击时,向所述UE发送 哈希挑战指示;The first sending unit is configured to send to the UE when subjected to a predetermined type of attack Hash challenge indication;
    所述第一接收单元,配置为接收所述UE基于所述哈希挑战指示返回的哈希挑战响应;The first receiving unit is configured to receive a hash challenge response returned by the UE based on the hash challenge indication;
    所述第一协商单元,配置为当所述哈希挑战响应指示哈希挑战成功时,与所述UE进行密钥协商。The first negotiating unit is configured to perform key negotiation with the UE when the hash challenge response indicates that the hash challenge is successful.
  23. 根据权利要求22所述的装置,其中,The device according to claim 22, wherein
    所述确定单元,还配置为根据受到所述预定类型的攻击的严重程度信息,确定所述哈希挑战的难易程度。The determining unit is further configured to determine a difficulty level of the hash challenge according to the severity information of the attack of the predetermined type.
  24. 一种信息处理装置,包括:An information processing apparatus comprising:
    第二发送单元,配置为向网络侧发送附着请求;a second sending unit, configured to send an attach request to the network side;
    第二协商单元,配置为基于公钥基础设施PKI的网络证书,与网络侧进行密钥协商;其中,所述密钥协商是在所述网络侧确定出所述附着请求中未携带有用户设备UE的第一身份信息时发送的,且所述密钥协商用于获得对用户设备UE的第二身份信息加密的加密密钥;a second negotiation unit, configured to perform a key negotiation with the network side based on the network certificate of the public key infrastructure PKI, where the key negotiation is that the network side determines that the attach request does not carry the user equipment The first identity information of the UE is sent, and the key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
    所述第二发送单元,还配置为将利用所述加密密钥加密所述UE的第二身份信息,发送给所述网络侧。The second sending unit is further configured to: encrypt the second identity information of the UE by using the encryption key, and send the second identity information to the network side.
  25. 根据权利要求24所述的装置,其中,The device according to claim 24, wherein
    所述第二协商单元,配置为基于所述网络证书,与网络侧进行共享密钥的协商;其中,所述共享密钥用于安全模式下会话密钥的生成。The second negotiating unit is configured to perform a negotiation of a shared key with the network side based on the network certificate, where the shared key is used for generating a session key in a secure mode.
  26. 根据权利要求25所述的装置,其中,The device according to claim 25, wherein
    所述第二协商单元,配置为基于所述网络证书,利用迪菲赫尔曼集成加密算法或椭圆曲线集成加密算法推导所述共享密钥。The second negotiating unit is configured to derive the shared key by using a Diffie Hermann integrated encryption algorithm or an elliptic curve integrated encryption algorithm based on the network certificate.
  27. 根据权利要求25所述的装置,其中,The device according to claim 25, wherein
    所述装置还包括:The device also includes:
    第二生成单元,配置为生成第一随机数;基于所述共享密钥和所述第一随机数,生成所述加密密钥。 a second generating unit configured to generate a first random number; and generate the encryption key based on the shared key and the first random number.
  28. 根据权利要求26所述的装置,其中,The device according to claim 26, wherein
    所述第二生成单元,还配置为生成第二随机数;基于所述共享密钥和所述第二随机数,生成完整性密钥;The second generating unit is further configured to generate a second random number; generate an integrity key based on the shared key and the second random number;
    所述装置还包括:The device also includes:
    完整性保护单元,配置为利用所述完整性密钥,对所述第二身份信息进行完整性保护。An integrity protection unit configured to perform integrity protection on the second identity information by using the integrity key.
  29. 根据权利要求25所述的装置,其中,The device according to claim 25, wherein
    所述第二生成单元,配置为根据所述共享密钥生成第二会话密钥;The second generating unit is configured to generate a second session key according to the shared key;
    所述装置还包括:The device also includes:
    第二验证单元,配置为通过与所述网络侧进行信息交互,验证所述第二会话密钥和所述网络侧根据所述共享密钥生成的第一会话密钥是否一致。The second verification unit is configured to verify whether the second session key and the first session key generated by the network side according to the shared key are consistent by performing information interaction with the network side.
  30. 根据权利要求24至29任一项所述的装置,其中,A device according to any one of claims 24 to 29, wherein
    所述第二接收单元,配置为接收网络侧在确定出有受到预定类型的攻击时,发送的哈希挑战指示;The second receiving unit is configured to receive a hash challenge indication sent by the network side when it is determined that the attack is subjected to a predetermined type;
    所述装置还包括:The device also includes:
    响应单元,配置为响应所述哈希挑战指示,向所述网络侧返回哈希挑战响应;a response unit configured to return a hash challenge response to the network side in response to the hash challenge indication;
    所述第二协商单元,配置为当所述哈希挑战响应确定出哈希挑战成功时,与所述网络侧进行密钥协商。The second negotiating unit is configured to perform key negotiation with the network side when the hash challenge response determines that the hash challenge is successful.
  31. 一种电子设备,其中,所述电子设备包括:收发器、存储器及处理器;至少部分所述存储器存储有计算机可执行指令;An electronic device, comprising: a transceiver, a memory, and a processor; at least a portion of the memory stores computer executable instructions;
    所述处理器,分别与所述收发器及存储器连接,配置为执行所述计算机可执行指令,通过执行所述计算机可执行指令实现权利要求1至8,或9至15任一项提供的方法。The processor, coupled to the transceiver and the memory, respectively, configured to execute the computer executable instructions, and the method of any one of claims 1 to 8, or 9 to 15 is implemented by executing the computer executable instructions .
  32. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行权利要求实现权利要求1至8,或 9至15任一项提供的方法。 A computer storage medium having stored therein computer executable instructions for performing the claims implementing claims 1 to 8, or The method provided in any of 9 to 15.
PCT/CN2017/101401 2016-09-12 2017-09-12 Information processing method, apparatus, electronic device and computer storage medium WO2018046014A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610818484.X 2016-09-12
CN201610818484.XA CN107820239B (en) 2016-09-12 2016-09-12 Information processing method and device

Publications (1)

Publication Number Publication Date
WO2018046014A1 true WO2018046014A1 (en) 2018-03-15

Family

ID=61561718

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/101401 WO2018046014A1 (en) 2016-09-12 2017-09-12 Information processing method, apparatus, electronic device and computer storage medium

Country Status (2)

Country Link
CN (1) CN107820239B (en)
WO (1) WO2018046014A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111988138A (en) * 2020-08-13 2020-11-24 潘显富 Information encryption system based on education cloud
CN112134694A (en) * 2020-08-11 2020-12-25 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN114172740A (en) * 2021-12-16 2022-03-11 广州城市理工学院 Distribution network certificate verification-based power distribution network secure access method

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111404669B (en) * 2019-01-02 2023-05-09 中国移动通信有限公司研究院 Key generation method, terminal equipment and network equipment
CN111404667B (en) * 2019-01-02 2023-05-09 中国移动通信有限公司研究院 Key generation method, terminal equipment and network equipment
CN111404670A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Key generation method, UE and network equipment
CN111404666A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Key generation method, terminal equipment and network equipment
CN113141327B (en) * 2020-01-02 2023-05-09 中国移动通信有限公司研究院 Information processing method, device and equipment
EP4254861A4 (en) * 2020-12-24 2024-01-17 Huawei Tech Co Ltd Secure access method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123501A (en) * 2006-08-08 2008-02-13 西安电子科技大学 A WAPI authentication and secret key negotiation method and system
CN102905266A (en) * 2012-10-11 2013-01-30 大唐移动通信设备有限公司 Mobile equipment (ME) attaching method and device
CN106888092A (en) * 2016-09-12 2017-06-23 中国移动通信有限公司研究院 Information processing method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729568B (en) * 2009-12-11 2012-08-08 北京交通大学 Safety access system and method for guaranteeing source address authenticity by using token mechanism
CN102395130B (en) * 2011-11-01 2014-06-04 重庆邮电大学 LTE authentication method
KR102100159B1 (en) * 2014-01-13 2020-04-13 삼성전자 주식회사 Security supporting method and system for service discovery and group communication in mobile telecommunication system environment
CN104581710B (en) * 2014-12-18 2018-11-23 中国科学院信息工程研究所 It is a kind of in the method and system of upper safe transmission LTE user IMSI of eating dishes without rice or wine
CN105847247B (en) * 2016-03-21 2020-04-10 飞天诚信科技股份有限公司 Authentication system and working method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101123501A (en) * 2006-08-08 2008-02-13 西安电子科技大学 A WAPI authentication and secret key negotiation method and system
CN102905266A (en) * 2012-10-11 2013-01-30 大唐移动通信设备有限公司 Mobile equipment (ME) attaching method and device
CN106888092A (en) * 2016-09-12 2017-06-23 中国移动通信有限公司研究院 Information processing method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHINA MOBILE: "pCR Security enhancement to the attach procedure relying on PKI", 3GPP TSG SA WG3 (SECURITY) ADHOC MEETING ON FS NSA , S 3-161380, 29 September 2016 (2016-09-29), XP051170337 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112134694A (en) * 2020-08-11 2020-12-25 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN112134694B (en) * 2020-08-11 2024-01-23 北京智芯微电子科技有限公司 Data interaction method, master station, terminal and computer readable storage medium
CN111988138A (en) * 2020-08-13 2020-11-24 潘显富 Information encryption system based on education cloud
CN111988138B (en) * 2020-08-13 2023-09-22 广东介诚信息服务有限公司 Information encryption system based on education cloud
CN114172740A (en) * 2021-12-16 2022-03-11 广州城市理工学院 Distribution network certificate verification-based power distribution network secure access method

Also Published As

Publication number Publication date
CN107820239A (en) 2018-03-20
CN107820239B (en) 2021-11-19

Similar Documents

Publication Publication Date Title
WO2018046014A1 (en) Information processing method, apparatus, electronic device and computer storage medium
WO2018046017A1 (en) Information processing method, device, electronic equipment and computer storage medium
US10812969B2 (en) System and method for configuring a wireless device for wireless network access
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
RU2480925C2 (en) Generation of cryptographic key
US9917692B2 (en) Key exchange system, key exchange method, key exchange device, control method thereof, and recording medium for storing control program
JP2018509117A (en) Method, apparatus and system for identity authentication
CN108809903B (en) Authentication method, device and system
KR100842267B1 (en) Server, Client and Method for integrated user authentication in a system of multi-authentication means
KR20150092719A (en) Device and method certificate generation
CN109068321B (en) Method and system for negotiating session key, mobile terminal and intelligent household equipment
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN112351037B (en) Information processing method and device for secure communication
EP3174324A1 (en) Mobility management entity, home server, terminal, and identity authentication system and method
CN105323754A (en) Distributed authentication method based on pre-shared key
Patel et al. Vehiclechain: Blockchain-based vehicular data transmission scheme for smart city
CN111031061A (en) Verification method and gateway equipment
CN101192927B (en) Authorization based on identity confidentiality and multiple authentication method
CN104243452A (en) Method and system for cloud computing access control
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
KR100957044B1 (en) Method and system for providing mutual authentication using kerberos
WO2017020530A1 (en) Enhanced wlan certificate authentication method, device and system
CN109309648B (en) Information transmission method and equipment
KR102415628B1 (en) Method and apparatus for authenticating drone using dim
CN112118568B (en) Method and equipment for authenticating equipment identity

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17848187

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 15/07/2019)

122 Ep: pct application non-entry in european phase

Ref document number: 17848187

Country of ref document: EP

Kind code of ref document: A1