WO2018046017A1 - Procédé et dispositif de traitement d'informations, équipement électronique et support de stockage informatique - Google Patents

Procédé et dispositif de traitement d'informations, équipement électronique et support de stockage informatique Download PDF

Info

Publication number
WO2018046017A1
WO2018046017A1 PCT/CN2017/101445 CN2017101445W WO2018046017A1 WO 2018046017 A1 WO2018046017 A1 WO 2018046017A1 CN 2017101445 W CN2017101445 W CN 2017101445W WO 2018046017 A1 WO2018046017 A1 WO 2018046017A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
identity information
negotiation
unit
network side
Prior art date
Application number
PCT/CN2017/101445
Other languages
English (en)
Chinese (zh)
Inventor
刘福文
左敏
庄小君
彭晋
Original Assignee
中国移动通信有限公司研究院
中国移动通信集团公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信有限公司研究院, 中国移动通信集团公司 filed Critical 中国移动通信有限公司研究院
Publication of WO2018046017A1 publication Critical patent/WO2018046017A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/26Network addressing or numbering for mobility support

Definitions

  • the present invention relates to the field of wireless communications technologies, and in particular, to an information processing method, apparatus, electronic device, and computer storage medium.
  • a temporary identity is allocated to the user equipment (User Equipment, UE) for accessing the network to hide the second identity information of the UE.
  • UE User Equipment
  • the second identity information sent by the UE to the network side may be stolen, resulting in leakage of the second identity information of the UE, which may result in poor security of the user's privacy.
  • embodiments of the present invention are directed to providing an information processing method, apparatus, electronic device, and computer storage medium, which can at least partially solve the above problems.
  • An embodiment of the present invention provides an information processing method, including:
  • the key negotiation is used to obtain an encryption key for encrypting the second identity information of the UE.
  • An embodiment of the present invention further provides an information processing method, including:
  • the second identity information of the UE is encrypted by using the encryption key, and is sent to the network side.
  • An embodiment of the present invention provides an information processing apparatus, including a first receiving unit, a determining unit, a first negotiating unit, and a decrypting unit:
  • the first receiving unit is configured to receive an attach request sent by the user equipment UE;
  • the determining unit is configured to determine whether the first identity information is carried in the attach request
  • the first negotiation unit is configured to perform key negotiation with the UE when the first identity information is not carried in the attach request, where the key negotiation is used to obtain a second for the UE Encryption key for identity information encryption;
  • the first receiving unit is configured to receive the sent second identity information that is encrypted by the UE by using the encryption key;
  • the decrypting unit is configured to decrypt the second identity information by using the encryption key; wherein the second identity information is used to allocate first identity information to the UE.
  • Another embodiment of the present invention provides an information processing apparatus, including:
  • a second sending unit configured to send an attach request to the network side
  • a second negotiation unit configured to perform key negotiation with the network side, where the key negotiation is sent when the network side determines that the first identity information of the user equipment UE is not carried in the attach request, And the key negotiation is used to obtain the second identity information of the user equipment UE.
  • Secret encryption key
  • the second sending unit is further configured to: encrypt the second identity information of the UE by using the encryption key, and send the second identity information to the network side.
  • An embodiment of the present invention further provides an electronic device, where the electronic device includes: a transceiver, a memory, and a processor; at least a portion of the memory stores computer executable instructions;
  • the processor is respectively coupled to the transceiver and the memory, configured to execute the computer executable instructions, and implement the information processing method provided by the one or more technical solutions by executing the computer executable instructions.
  • the embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used in the information processing method provided by the foregoing one or more technical solutions.
  • the key negotiation is performed to form an encryption key for encrypting the second identity information, so that the UE can be encrypted to the network side.
  • the second identity information is encrypted and transmitted, so that the information leakage problem caused by transmitting the second identity information in the plaintext is reduced, and the security of the second identity information is improved.
  • FIG. 1 is a schematic flowchart diagram of a first information processing method according to an embodiment of the present disclosure
  • FIG. 2 is a schematic flowchart of a second information processing method according to an embodiment of the present invention.
  • FIG. 3 is a schematic structural diagram of a first information processing apparatus according to an embodiment of the present disclosure.
  • FIG. 4 is a schematic structural diagram of a second information processing apparatus according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a third information processing apparatus according to an embodiment of the present invention.
  • this embodiment provides an information processing method, including:
  • Step S110 Receive an attach request sent by the user equipment UE.
  • Step S120 Determine whether the first identity information is carried in the attach request.
  • Step S130 Perform key agreement with the UE when the first identity information is not carried in the attach request, where the key negotiation is used to obtain an encryption key for encrypting the second identity information of the UE. key;
  • Step S140 Receive second identity information that is sent by the UE by using the encryption key.
  • Step S150 Decrypt the second identity information by using the encryption key, where the second identity information is used to allocate first identity information to the UE.
  • the information processing method in this embodiment may be: a method applied to any one of the network elements on the network side, for example, may be applied to a Mobility Management Entity (MME) or a Home Subscriber Server (Home Subscriber Server, HSS) and other methods in network elements.
  • MME Mobility Management Entity
  • HSS Home Subscriber Server
  • these network elements may be collectively referred to as a Control Plane-Authentication Unit (CP-AU).
  • CP-AU Control Plane-Authentication Unit
  • the first identity information After receiving the attach request sent by the user equipment in this embodiment, it is first determined whether the first identity information is carried in the attach request, and if the UE has been assigned the first identity information, the default UE attach request carries the first An identity information, if the UE has not assigned the first identity information, the first identity information will not be carried in the attach request, or if the UE is assigned the first identity information, and the first identity If the information is available, the first identity information is carried in the attach request, otherwise it is not carried, and the network side needs to re-allocate the first identity information.
  • the first identity information may be temporary identity information temporarily allocated to the UE.
  • the first identity information may include a Globally Unique Temporary UE Identity (GUTI).
  • GUI Globally Unique Temporary UE Identity
  • the second identity information here may generate the first body for the network side.
  • a reference factor of the information for example, a correspondence between the first identity information and the second identity information needs to be established, so that the network side can identify each UE according to the first identity information.
  • the first identity information herein may be allocated to the UE by the network element on the network side, or generated.
  • the network side can refer to any network element or device other than the UE that constructs the communication network or the data network.
  • the first identity information and the second identity information are all predetermined types of identity information, for example, all of the identity information that the network element allocates for the UE.
  • the correspondence between the second identity information of the UE and the first identity information needs to be established, so that the second identity information of the UE needs to be acquired.
  • the UE may be directly sent an indication to the UE to report the second identity information.
  • the UE will report the second identity information in plain text, which obviously provides an opportunity for the illegal person to steal the second identity information of the UE, resulting in leakage of the second identity information of the UE.
  • the step S130 is performed first, and key negotiation is performed to generate an encryption key.
  • the key negotiation in this embodiment may include performing multiple data interactions with the UE to generate an encryption key.
  • the key interaction in the step S130 in this embodiment may be any type of key negotiation, for example, a symmetric key negotiation or an asymmetric key negotiation.
  • the secret generated by the key negotiation may be The key is referred to as an encryption key in this embodiment.
  • the second identity information encrypted with the encryption key will be received in step S140.
  • the second identity information of the UE is not transmitted in the plaintext, and the second identity information of the UE cannot be correctly interpreted after the unauthorized person steals. Since the encryption key is not known, the plaintext in the network is obviously avoided. Transmitting the leakage of the second identity information caused by the second identity information of the UE.
  • the second identity information here may be another identity information that is different from the first identity information and that can uniquely identify the UE, and may be formal identity information, which may be regarded as identity information permanently allocated to the UE, for example, The International Mobile Subscriber Identification Number (IMSI) of the UE.
  • IMSI International Mobile Subscriber Identification Number
  • the second identity information may also be a network slice identifier and a network access identifier and the like allocated to the UE.
  • the method further includes:
  • performing key negotiation with the UE includes:
  • the shared key is negotiated with the UE; and the shared key is negotiated based on the shared key.
  • the encryption key is negotiated based on the shared key.
  • the shared key may be a shared key DH key or K DH generated by Diffie-Hellman (DH) key negotiation.
  • the shared key is used in a secure mode command phase for deriving intermediate information determining whether the UE is currently subject to a predetermined type of attack.
  • the DH key negotiation in this embodiment may include various types of DH key negotiation, for example, ordinary DH key agreement and elliptic curve DH key agreement.
  • the shared key is further used to generate the session key, which changes the derivation of the session key based on the root key only in the prior art, and the derivation due to the leakage of the root key. The key is easy to crack and the security is not high.
  • the authentication vector is also used in the process of generating the session key; if the authentication vector is transmitted on an insecure link, the authentication vector may be leaked, and in this embodiment, the shared secret is introduced.
  • the key is used as the basis for generating the session key. Even if the authentication vector is leaked, the illegal attacker cannot directly obtain the session key, which obviously increases the difficulty of stealing the session key and improves the session key. safety.
  • the key negotiation is usually performed after entering the security mode command phase, which is advanced in the embodiment to the attach procedure triggered by the attach request of the UE.
  • the security mode command phase the shared key negotiation is not required, so that the signaling of the interaction between the UE and the network side is reduced, the information exchange process is simplified, and the power consumption of the UE is reduced.
  • the key request is triggered in the attach request, and the second identity information of the UE may be encrypted and protected, and the shared key is saved by the UE and the CP-AU.
  • the encryption key may be generated by using the shared key saved for the first time negotiation to perform the next encryption protection of the second identity information to simplify the next key agreement.
  • step S130 may include:
  • the shared key and the randomly generated first random number are used together to generate the encryption key.
  • the UE randomly generates a first random number, and the first random number and the shared key jointly generate the encryption key.
  • the CP-AU further receives the first random number to generate the encryption key in combination with the shared key, so as to facilitate subsequent decryption of the second identity of the UE by using the encryption key.
  • the decrypted second identity information can be used to perform various authentications to obtain the first identity information of the UE.
  • the second identity information is used to perform Authentication and Key Agreement (AKA) authentication.
  • AKA Authentication and Key Agreement
  • the shared key and the randomly generated second random number are used together to generate an integrity key; the integrity key is used to The second identity information is described for integrity protection.
  • the second random number may also be randomly generated by the UE, and the subsequent network side may receive the information sent by the UE, and generate an integrity key in combination with the shared key to complete the second identity information sent by the UE.
  • the method further includes:
  • the specific verification method may include: performing integrity calculation on the first information by using the first session key to obtain a first information verification code;
  • the information is used to trigger the UE to perform the integrity calculation on the first information by using the second session key generated by the UE to obtain a second information verification code, and compare the second information verification code with the first information verification code. And verifying whether the first session key and the second session key are the same; the second session key is generated based on the shared key, so that two session keys are completed on the UE side Verification
  • the method of the embodiment may further include: performing, by using the second session key, the UE to perform integrity verification on the second information, to obtain a third information verification code, where the network side receives the second information sent by the UE side and The third information verification code, the CP-AU on the network side calculates the second information integrity using the first session key, obtains the fourth information verification verification code, and compares the calculated verification code with the third information verification code. If the comparison is consistent, the network side can complete the verification of the two session keys and pass the verification.
  • the method can be verified by means of encryption and decryption.
  • the first session key decrypts the first information
  • the UE side uses the second session key to decrypt. If the decryption is not garbled, The verification can be considered as passed. In short, there are many ways to verify, and are not limited to any of the above.
  • the verification process of the session key generated by the network side and the UE is also introduced to ensure the consistency of the session key generated by the UE side and the network side, thereby reducing the current
  • the subsequent session fails due to the inconsistency of the session key generated by the network side and the UE.
  • the attach procedure triggered by the attach request may be terminated. If the verification succeeds, the subsequent steps may be continued.
  • the network side verification is performed, and if the network side verification fails, the UE side may also perform the verification. Terminate the attach process, otherwise continue subsequent verification.
  • the method further includes:
  • the step S130 may include:
  • key negotiation is performed with the UE.
  • the network side detects whether a predetermined type of attack is received, for example, detecting whether a Denial of Service (DoS) attack is received.
  • DoS Denial of Service
  • Different types of attacks have different methods of determination.
  • the DoS attack can determine whether the resource usage rate on the network side exceeds a preset threshold. If it exceeds, it can be considered that the DoS attack is currently being attacked.
  • the DoS attack causes a problem of repeatedly initiating an attach procedure.
  • a hash challenge indication is sent in this embodiment. If the UE can complete the hash challenge, it can be considered that there is no problem in performing real information interaction with the current UE, so the process proceeds to step S130 to negotiate the encryption key.
  • the hash challenge indication may include a hash value that is an n-bit number x and an attach request is subjected to a predetermined hash process.
  • the UE After receiving the hash value, the UE will use the predetermined hash process to obtain another number y, and send the y to the network side through the hash challenge response, and the network side compares x and y, if y is equal to x.
  • the hash challenges success otherwise it fails.
  • the x and the attach request are used, and the messages carried in the attach request sent by different UEs may be different, so that the security may be improved with respect to the statically set predetermined message.
  • the method further includes:
  • the difficulty level of the hash challenge is determined based on the severity information of the attack of the predetermined type.
  • the value of n can be determined in this embodiment, and if n is larger, the difficulty of the hash challenge is larger.
  • the n can be determined according to the current resource usage rate of the server.
  • the resource usage rate of the server may be proportional to the value of the value of the n.
  • the resource usage of the server herein may be processor usage, bandwidth usage, and/or storage resource usage. Therefore, in this embodiment, the difficulty level of the hash challenge is determined in combination with the severity information of the predetermined type of attack, thus implementing the hash challenge and the attack. The degree of verification matches, and the attack defense is better realized.
  • this embodiment provides an information processing method, including:
  • Step S210 Send an attach request to the network side
  • Step S220 Perform key agreement with the network side, where the key negotiation is sent when the network side determines that the first identity information of the user equipment UE is not carried in the attach request, and the secret is The key negotiation is used to obtain an encryption key for encrypting the second identity information of the user equipment UE;
  • Step S230 The second identity information of the UE is encrypted by using the encryption key, and sent to the network side.
  • the information processing method described in this embodiment may be an information processing method applied to the UE.
  • the UE sends the attach request to the base station on the network side when it needs to attach to the network. And when the UE sends the attach request, if it finds that it has been assigned the first identity information or not only the first identity information is allocated, and the first identity information that is allocated is available, the first identity information is carried in the Attached in the request.
  • the network side After the network side receives the attach request, it is determined whether the UE has been assigned the first identity information and/or the first identity information allocated to the UE is available.
  • the network side needs to obtain the second identity information of the UE, but in order to improve the security of the second identity information, It is required to perform key negotiation with the UE first, and negotiate an encryption key that can encrypt the second identity information transmission of the UE. Therefore, in step S220, the UE performs key agreement with the network side, where the key negotiation may include data interaction, thereby respectively generating a key that can encrypt the second identity information.
  • the key negotiation may be symmetric key agreement and asymmetric key agreement.
  • step S230 the second identity information of the UE to be encrypted by using the encryption key is sent to the network side, which obviously enhances the security of the second identity information in the transmission process.
  • the step S220 may include: sharing a key with the network side Negotiation; wherein the shared key is used for generation of a session key.
  • the key generation in the step S220 in this embodiment may be the negotiation of the foregoing DH key.
  • the negotiation and calculation of the DH key are not performed in the security mode command phase, and the UE and the network can be reduced.
  • the amount of data interaction on the side and the amount of information calculation reduce the hardware resources and power consumption that the UE consumes.
  • the generation of the DH key here is implemented by DH key negotiation, where the DH key negotiation can be various forms of DH keys.
  • the method further includes:
  • the encryption key is generated based on the shared key and the first random number.
  • the UE may generate a first random number by using a random algorithm, and generate the encryption key by using the first random number and the shared key.
  • other constants can also be introduced to generate the encryption key.
  • the method further includes:
  • the method further includes:
  • the second identity information is integrity protected by using the integrity key.
  • the second random number may be generated by the UE by using a random algorithm.
  • the UE sends the first random number and the second random number to the network side respectively.
  • the convenient network side also generates an encryption key and an integrity key in combination with a random number and a shared key.
  • other generation factors may also be introduced, for example, another constant is introduced, and the integrity key is generated by using a key generation algorithm.
  • the method further includes:
  • the UE can implement the verification of the session key by interacting with the authentication request message and the result of the verification on the network side, and avoid the problem of session failure caused by the inconsistency of the session key generated by the network side and the UE.
  • the verification of the session key here, reference may be made to the foregoing embodiment.
  • the method further includes:
  • the step S220 may include:
  • key negotiation is performed with the network side.
  • the predetermined type of attack may be the foregoing DoS attack.
  • the UE performs the step S220 by receiving the hash challenge indication and the hash challenge processing to form a hash challenge response, and the DoS attack and the like may be defended.
  • the embodiment provides an information processing apparatus, including: a first receiving unit 110, a determining unit 120, a first negotiating unit 130, and a decrypting unit 140:
  • the first receiving unit 110 is configured to receive an attach request sent by the user equipment UE;
  • the determining unit 120 is configured to determine whether the first identity information is carried in the attach request.
  • the first negotiating unit 130 is configured to perform key negotiation with the UE when the first identity information is not carried in the attach request, where the key negotiation is used to obtain the first Two encryption keys for identity information encryption;
  • the first receiving unit 110 is configured to receive the sent second identity information that is encrypted by the UE by using the encryption key;
  • the decrypting unit 140 is configured to decrypt the second identity information by using the encryption key, where the second identity information is used to allocate first identity information to the UE.
  • This embodiment provides an information processing apparatus, which may be applied to an MME. Or an information processing structure in a CP-AU such as HSS. ,
  • the physical structure corresponding to the first receiving unit 110 and the first negotiating unit 130 may include a communication interface.
  • the communication interface can be used to receive data sent by the UE.
  • the hardware structure corresponding to the first negotiating unit 130 may further include a processor or a processing circuit.
  • the determining unit 120 and the decrypting unit 140 may also correspond to a processor or a processing circuit.
  • the processor may include a central processing unit CPU, a digital signal processor DSP, a microprocessor MCU, a digital signal processor DSP or an application processor AP or a programmable array PLC, and the like.
  • the processing circuit can include an application specific integrated circuit.
  • the processor or the processing circuit can implement the data processing of the determining unit 120, the first negotiating unit 130, and the decrypting unit 140 by performing the execution of the predetermined code, so as to avoid the second identity information of the UE by using the key negotiation.
  • the plaintext transmission enhances the protection of the second identity information of the UE.
  • the determining unit 120 is further configured to determine whether the UE completes negotiation of a shared key, where the shared key is used for generating a session key;
  • the first negotiating unit 130 is configured to perform negotiation of the shared key with the UE when the first identity information is not carried in the attach request, and the UE does not complete the negotiation of the shared key;
  • the encryption key is generated based on the negotiation of the shared key.
  • the determining unit 120 is configured to perform the negotiation of the shared key.
  • the negotiation of the shared key is used as the negotiation of the encryption key, so that the encryption can be completed by using the shared key negotiation.
  • the negotiation of the key does not need to repeat the negotiation of the shared key, which simplifies the information interaction with the UE and reduces the calculation amount of the key.
  • the negotiation may be any one of the foregoing DH key negotiation.
  • the first negotiating unit 130 is further configured to generate the shared key based on a negotiation with a shared key of the UE; wherein the shared key and the randomly generated first random The numbers are used together to generate the encryption key.
  • the shared key is used to generate an encryption key together with the first random number.
  • the shared key and the randomly generated second random number are used in common Generating an integrity key; the integrity key is used to perform integrity protection on the second identity information.
  • the encryption key and the integrity key are simultaneously generated by using the shared key, so that the second identity information can be encrypted and protected by using the encryption key, and the second identity information can be guaranteed by using the integrity key. protection.
  • the apparatus further includes: a first generating unit and a first verifying unit: the first generating unit, configured to generate the first session key according to the shared key;
  • a verification unit is configured to verify whether the first session key and the second session key generated by the UE according to the shared key are consistent by performing information interaction with the UE.
  • the verification of the key is performed on the network side and the UE side, respectively, based on the session key generated by the shared key, and the subsequent reduction of the session key generated by the network side and the UE side may be reduced by verification.
  • the phenomenon of session failure is performed on the network side and the UE side, respectively, based on the session key generated by the shared key, and the subsequent reduction of the session key generated by the network side and the UE side may be reduced by verification.
  • the apparatus further includes: a determining unit and a first sending unit:
  • the determining unit is configured to determine whether there is currently a predetermined type of attack; the first sending unit is configured to send a hash challenge indication to the UE when subjected to a predetermined type of attack; the first receiving unit 110.
  • the first negotiation unit 130 is configured to receive a hash challenge response returned by the UE according to the hash challenge indication, where the first negotiation unit 130 is configured to: when the hash challenge response indicates that the hash challenge is successful, Perform key negotiation.
  • a hash challenge process can be performed to defend against the predetermined type of attack.
  • the determining unit is further configured to determine a difficulty level of the hash challenge according to the severity information of the attack of the predetermined type. In this way, it is possible to perform a hash challenge of different difficulty for a predetermined type of attack of different severity to balance the calculation of computation and security.
  • the embodiment further provides an information processing apparatus, including:
  • the second sending unit 210 is configured to send an attach request to the network side
  • the second negotiating unit 220 is configured to perform key negotiation with the network side, where the key association The quotient is sent when the network side determines that the first identity information of the user equipment UE is not carried in the attach request, and the key negotiation is used to obtain encryption for encrypting the second identity information of the user equipment UE. Key
  • the second sending unit 220 is further configured to: encrypt the second identity information of the UE by using the encryption key, and send the second identity information to the network side.
  • the information processing apparatus in this embodiment may be an information processing apparatus that is used in the UE, and may reduce the UE to send the second identity information to the network side in the form of a plaintext, and reduce the second identity by using the key negotiation triggered by the attach request.
  • the risk of information exposure increases the security of the second identity information.
  • the second sending unit 220 may correspond to a communication interface such as a transmitting antenna in the UE.
  • the second negotiating unit 220 can include a processor or processing circuitry.
  • the processor or processing circuit herein can be referred to the foregoing embodiment and will not be repeated here. Also the processor or processing circuitry may complete the key negotiation by execution of a predetermined code.
  • the second negotiating unit 220 is configured to perform a negotiation of a shared key with the network side; wherein the shared key is used for generation of a session key.
  • the shared key is obtained by DH key negotiation.
  • the apparatus further comprises: a second generating unit configured to generate a first random number; and generating the encryption key based on the shared key and the first random number.
  • the first random number here may be any one of randomly generated values, and the shared key and the first random number generate an encryption key.
  • the second generating unit is further configured to generate a second random number; generate an integrity key based on the shared key and the second random number; the apparatus further includes: integrity And a protection unit configured to perform integrity protection on the second identity information by using the integrity key.
  • the first random number and the second random number are randomly generated, and may be the same or different. When implemented, the first random number and the second random number are different.
  • the second generating unit generates a random number and finds that two random numbers are the same, and may regenerate at least the first One of a random number and a second random number, so that it is convenient to generate different encryption keys and integrity keys.
  • the algorithm for generating the encryption key and the integrity key may be the same or different, and is preferably different in this embodiment to improve the security and privacy of the second identity information. .
  • the second generating unit is configured to generate a second session key according to the shared key; the device further includes a second verification unit configured to perform information interaction with the network side, Verifying whether the second session key and the first session key generated by the network side according to the shared key are consistent.
  • the second generation unit here is also configured to generate a second session key.
  • the physical structure corresponding to the second verification unit may also be a processor or a processing circuit, and the processor or the processing circuit may implement the verification of the session key by executing the predetermined code, and avoid the session key generated by the network side and the UE side.
  • the second receiving unit is configured to receive a hash challenge indication sent by the network side when it is determined that the attack is subjected to a predetermined type; the apparatus further includes: a response unit, configured to respond to the a hash challenge indication, returning a hash challenge response to the network side; the second negotiation unit 220, configured to perform key negotiation with the network side when the hash challenge response determines that the hash challenge is successful .
  • the device in this embodiment also introduces a response unit whose physical structure can likewise correspond to a processor or processing circuit.
  • the processor or processing circuitry can be executed by code to implement the processing of the hash challenge.
  • the second negotiating unit will perform key negotiation only when the hash challenge is successful; this can avoid the UE that is negotiated and the key that is negotiated is leaked when the key negotiation is received. The problem of the leakage of the second identity information.
  • the present example provides an information processing method that can be divided into multiple stages; as shown in FIG. 5, the stage can include an identity management phase, an AKA phase, and a security mode command phase.
  • the identity management phase in FIG. 5 may include steps 1-5; the AKA phase may include steps 6-8;
  • the segment may include steps 9, 10.
  • the information processing method provided in this example may specifically include:
  • the UE sends an attach request to the CP-AU to initiate an attach procedure.
  • the CP-AU sends an identity request and carries a hash challenge indication, which may include: the CP-AU determines that the attachment request does not carry temporary identity information such as GUTI, and detects whether the CP-AU and the UE have been established. DH key K DH . If the attach request does not carry temporary identity information such as GUTI and does not establish a DH key with the UE, the identity request is sent. CP-AU will proceed to step 6. Otherwise, the CP-AU sends an identity request back to the UE, which optionally includes a hash challenge indication to defeat the DoS attack. If the attach request message does not contain a temporary identity, the CP-AU also sends an identity request message to the UE.
  • a hash challenge indication may include: the CP-AU determines that the attachment request does not carry temporary identity information such as GUTI, and detects whether the CP-AU and the UE have been established. DH key K DH . If the attach request does not carry temporary identity information such as GU
  • the construction method of the hash challenge is as follows: CP-AU randomly generates a positive integer x with a binary length of n, and calculates the hash value of x and the attach request, ie hash (x, attach request), where n is by CP-AU The degree of use of the resource is determined, and the higher the degree of use of the resource, the larger the value of n. Hash (x, attach request) and n form a hash challenge.
  • the UE solves the hash challenge, generates the DH private key KU pri , and calculates the DH public key KU pub .
  • the step 2a may specifically include: the UE receives the identity request message, if the hash challenge indication exists, the UE will first try to find the correct integer x ⁇ , by comparing the hash (x, attach request) with the hash (x, attach request) ) is equal.
  • the integer x ⁇ is used as a hash response.
  • the UE generates a DH private key KU pri and calculates a corresponding DH public key KU pub .
  • the UE sends the DH public key KU pub and the hash challenge response to the CP-AU.
  • Step 3a Verify the hash challenge response, generate the DH private key KC pri and calculate the DH public key KC pub to derive the shared key K DH between the UE and the CP-AU.
  • Step 3a may specifically include: after receiving the response from the UE, if the hash response is included in the message, the CP-AU compares it with x. CP-AU will abort the attach process if the hash response is not equal to x. Otherwise, the CP-AU generates the DH private key KC pri and computes the associated DH public key KC pub . Furthermore, the CP-AU derives the shared key K DH with the UE by using its private key KC pri and the public key KU pub of the UE.
  • the CP-AU sends the DH public key KC pub to the UE, which may include performing DH key negotiation normally.
  • Step 4a The UE pushes the shared key K DH between the outgoing and the CP-AU to generate a random number nonce, and uses the nonce and K DH to calculate the encryption key K E .
  • Step 4a may specifically include: after receiving the KC pub , the UE derives the shared key K DH from the CP-AU by using its private key KU pri and the public key KC pub of the CP-AU. In order to encrypt the official identity information of the UE, the UE generates a random number nonce and derives the encryption key K E and the integrity key K M .
  • K E and K M are calculated as follows:
  • K E KDF (nonce, K DH , C1)
  • K M KDF(nonce, K DH , C2)
  • KDF is the key derivation function. If the authentication encryption method is used to encrypt the identity of the UE, only the encryption key K E is generated.
  • the C1 and C2 are two constants.
  • the random numbers nonce, K DH , C1 are known quantities for generating an encryption key.
  • the nonce, K DH and C2 are known quantities that generate an integrity key.
  • the K M here is used for integrity verification. In this example, both the integrity key and the encryption key may be generated using the same random number nonce.
  • the UE sends the official identity information and MAC0 encrypted by the nonce and K E to the CP-AU.
  • the step 5 may include the UE deriving an encryption key K E and an integrity key K M .
  • the UE first encrypts the official identity information by using K E , and uses K M to calculate the verification code MAC0 of the message and transmits it to the CP-AU.
  • the official identity information here corresponds to the aforementioned second identity information.
  • the CP-AU sends an authentication data request to an Authentication Authorization Accounting (AAA) server.
  • the authentication data request carries official identity information of the UE.
  • the step 6 may specifically include: in the same manner as the UE, the CP-AU derives the encryption key K E and the integrity key K M .
  • CP-AU It first verifies MAC0. If the verification is successful, the CP-AU decrypts the encrypted part of the message with K E to obtain the official identity information of the UE. Otherwise, the CP-AU terminates the attach procedure.
  • the AAA server sends the authentication vector to the CP-AU. Specifically, the AAA server searches for the root key Ki of the UE according to the official identity information of the UE, and calculates an authentication vector according to the root key Ki. The AAA server then sends the authentication vector to the CP-AU.
  • the mutual authentication of the CP-AU and the UE may include: calculating an intermediate key K mid based on the authentication vector sent by the AAA server, including: UE and CP-AU are respectively pushed to K mid and calculated by using K mid and K DH respectively .
  • the CP-AU sends the security mode command message and the MAC1 to the UE, and the method may include: the CP-AU sends a security mode command message to the UE, where the authentication code MAC1 of the security mode command message is calculated by using the session key Ks.
  • the UE sends the security mode complete message and the MAC2 to the CP-AU to the CP-AU, which may specifically include: the UE verifies the received MAC1 by using the session key Ks. If the verification fails, the UE terminates the attach procedure. Otherwise, the UE completes the message response CP-AU in a secure mode whose message authentication code MAC2 is calculated by using the session key Ks.
  • the CP-AU checks the correctness of the MAC2. If the check fails, the CP-AU aborts the attach process. Otherwise, the UE and the CP-AU complete the attach procedure.
  • MAC2 and MAC1 may correspond to the information verification code in the aforementioned session key verification process.
  • the UE and the CP-AU can guarantee that they have the same session key Ks after successfully verifying MAC1 and MAC2 respectively. This further means that they already have the same shared key K DH .
  • the last key K DH is stored in the UE and CP-AU, respectively, for generating a new session key in the next attach procedure.
  • An embodiment of the present invention further provides an electronic device, where the electronic device includes: a transceiver, a memory, and a processor; at least a portion of the memory stores computer executable instructions;
  • the processor is respectively connected to the transceiver and the memory, configured to execute the computer executable instructions, by executing one or more of the information processing methods applicable to the network side executable by the computer, or Implementing a letter applied to the UE by computer executable instructions
  • the information processing method may, for example, perform one or more of the methods shown in FIGS. 1, 2, and 5.
  • the computing executable instructions can include: a computer program and/or software.
  • the transceiver in this embodiment may correspond to a network interface, and the network interface may be a cable interface, and may be used for data interaction of other network elements.
  • the memory can include: various types of storage media that can be used for data storage.
  • the memory includes a storage medium that is at least partially a non-volatile storage medium and can be used to store computer-executable instructions such as the computer program.
  • the processor may comprise: a central processing unit, a microprocessor, a digital signal processor, an application processor, an application specific integrated circuit or a programmable array, etc., which may be used to implement second identity information by execution of computer executable instructions.
  • a central processing unit a microprocessor, a digital signal processor, an application processor, an application specific integrated circuit or a programmable array, etc., which may be used to implement second identity information by execution of computer executable instructions.
  • the processor can be connected to the transceiver and the memory through an in-device bus such as an integrated circuit bus.
  • the electronic device provided in this embodiment may include: the foregoing information processing device applied to the network element or the UE, for example, may include the information processing device shown in FIG. 3 or FIG. 4.
  • the embodiment of the present invention further provides a computer storage medium, where the computer storage medium stores computer executable instructions, and the computer executable instructions are used to execute the information processing method applied to the network side by executing the computer.
  • One or more, or for implementing an information processing method applied to the UE by computer executable instructions for example, one or more of the methods shown in FIGS. 1, 2, and 5 may be performed.
  • the computer storage medium provided by the embodiment of the invention includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk or an optical disk, and the like, which can store program codes. Medium.
  • the computer storage medium can be a non-transitory storage medium.
  • the non-transitory storage medium herein may also be referred to as a non-volatile storage medium.
  • the disclosed device and party The law can be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner such as: multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored or not executed.
  • the coupling, or direct coupling, or communication connection of the components shown or discussed may be indirect coupling or communication connection through some interfaces, devices or units, and may be electrical, mechanical or other forms. of.
  • the units described above as separate components may or may not be physically separated, and the components displayed as the unit may or may not be physical units, that is, may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may be separately used as one unit, or two or more units may be integrated into one unit; the above integration
  • the unit can be implemented in the form of hardware or in the form of hardware plus software functional units.
  • the foregoing program may be stored in a computer readable storage medium, and the program is executed when executed.
  • the foregoing storage device includes the following steps: the foregoing storage medium includes: a mobile storage device, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk.
  • ROM read-only memory
  • RAM random access memory
  • magnetic disk or an optical disk.
  • optical disk A medium that can store program code.
  • the network element determines whether the connection request sent by the UE carries the predetermined identity information (that is, the first identity information), and if it is not carried, it can be considered that the UE is not currently assigned the predetermined identity information, and then After the key negotiation process is completed, the second identity information is automatically allocated, and the second identity information is sent to the UE.
  • the self-use allocation of the predetermined identity information is realized, and on the other hand, the encrypted transmission is performed by the negotiated key, the probability of the second identity information being secreted is reduced, and the security of the second identity is improved. Therefore, it has a positive industrial effect.
  • the technical solution provided by the embodiment of the present invention can be implemented by modifying the information interaction process between the network element and the UE, and has the advantages of simple implementation and wide promotion in the field of communication and network technologies.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Databases & Information Systems (AREA)

Abstract

Selon un mode de réalisation, la présente invention concerne un procédé et un dispositif de traitement d'informations. Le procédé peut consister : à recevoir une demande de rattachement envoyée par un équipement utilisateur UE ; à déterminer si la demande de rattachement comprend des premières informations d'identité ; lorsque la demande de rattachement ne comprend pas les premières informations d'identité, à effectuer un accord de clé avec l'UE, l'accord de clé étant utilisé pour obtenir une clé de chiffrement afin de chiffrer les secondes informations d'identité de l'UE ; à recevoir les secondes informations d'identité envoyées et chiffrées par l'UE à l'aide de la clé de chiffrement ; à déchiffrer les secondes informations d'identité à l'aide de la clé de chiffrement. Les modes de réalisation de l'invention concernent également un équipement et un support de stockage informatique.
PCT/CN2017/101445 2016-09-12 2017-09-12 Procédé et dispositif de traitement d'informations, équipement électronique et support de stockage informatique WO2018046017A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610818481.6 2016-09-12
CN201610818481.6A CN106888092B (zh) 2016-09-12 2016-09-12 信息处理方法及装置

Publications (1)

Publication Number Publication Date
WO2018046017A1 true WO2018046017A1 (fr) 2018-03-15

Family

ID=59176741

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/101445 WO2018046017A1 (fr) 2016-09-12 2017-09-12 Procédé et dispositif de traitement d'informations, équipement électronique et support de stockage informatique

Country Status (2)

Country Link
CN (1) CN106888092B (fr)
WO (1) WO2018046017A1 (fr)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107820239B (zh) * 2016-09-12 2021-11-19 中国移动通信有限公司研究院 信息处理方法及装置
CN106888092B (zh) * 2016-09-12 2019-06-25 中国移动通信有限公司研究院 信息处理方法及装置
CN109756451B (zh) 2017-11-03 2022-04-22 华为技术有限公司 一种信息交互方法及装置
CN109274534B (zh) * 2018-09-30 2021-07-30 中国联合网络通信集团有限公司 一种网络切片的监管方法及设备、通信系统
CN111404669B (zh) * 2019-01-02 2023-05-09 中国移动通信有限公司研究院 一种密钥生成方法、终端设备及网络设备
CN111404670A (zh) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 一种密钥生成方法、ue及网络设备
CN111404666A (zh) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 一种密钥生成方法、终端设备及网络设备
CN114499969B (zh) * 2021-12-27 2023-06-23 天翼云科技有限公司 一种通信报文的处理方法、装置、电子设备及存储介质

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102006298A (zh) * 2010-11-26 2011-04-06 华为技术有限公司 接入网关实现负荷分担的方法和装置
CN102026178A (zh) * 2010-12-31 2011-04-20 成都三零瑞通移动通信有限公司 一种基于公钥机制的用户身份保护方法
CN102131188A (zh) * 2010-09-01 2011-07-20 华为技术有限公司 用户身份信息传输的方法、用户设备、网络侧设备及系统
CN102905266A (zh) * 2012-10-11 2013-01-30 大唐移动通信设备有限公司 一种实现移动设备附着的方法及装置
CN103051611A (zh) * 2012-12-11 2013-04-17 北京交通大学 一种身份与位置分离体系下的安全移动性管理方法
CN103096318A (zh) * 2013-02-01 2013-05-08 无锡南理工科技发展有限公司 一种基于身份隐替机制的无线异构网络统一接入认证方法
CN106888092A (zh) * 2016-09-12 2017-06-23 中国移动通信有限公司研究院 信息处理方法及装置

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101102190A (zh) * 2006-07-04 2008-01-09 华为技术有限公司 生成本地接口密钥的方法
CN101951590B (zh) * 2010-09-03 2015-07-22 中兴通讯股份有限公司 认证方法、装置及系统
CN102905265B (zh) * 2012-10-11 2016-02-10 大唐移动通信设备有限公司 一种实现移动设备附着的方法及装置
CN104754581B (zh) * 2015-03-24 2018-01-19 河海大学 一种基于公钥密码体制的lte无线网络的安全认证方法

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102131188A (zh) * 2010-09-01 2011-07-20 华为技术有限公司 用户身份信息传输的方法、用户设备、网络侧设备及系统
CN102006298A (zh) * 2010-11-26 2011-04-06 华为技术有限公司 接入网关实现负荷分担的方法和装置
CN102026178A (zh) * 2010-12-31 2011-04-20 成都三零瑞通移动通信有限公司 一种基于公钥机制的用户身份保护方法
CN102905266A (zh) * 2012-10-11 2013-01-30 大唐移动通信设备有限公司 一种实现移动设备附着的方法及装置
CN103051611A (zh) * 2012-12-11 2013-04-17 北京交通大学 一种身份与位置分离体系下的安全移动性管理方法
CN103096318A (zh) * 2013-02-01 2013-05-08 无锡南理工科技发展有限公司 一种基于身份隐替机制的无线异构网络统一接入认证方法
CN106888092A (zh) * 2016-09-12 2017-06-23 中国移动通信有限公司研究院 信息处理方法及装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHINA MOBILE: "pCR Security enhancement to the attach procedure relying on PKI", 3GPP TSG SA WG3 (SECURITY) ADHOC MEETING ON FS_NSA S 3-161380, 29 September 2016 (2016-09-29), XP051170337 *

Also Published As

Publication number Publication date
CN106888092A (zh) 2017-06-23
CN106888092B (zh) 2019-06-25

Similar Documents

Publication Publication Date Title
WO2018046017A1 (fr) Procédé et dispositif de traitement d'informations, équipement électronique et support de stockage informatique
WO2018046014A1 (fr) Procédé et appareil de traitement d'informations, dispositif électronique et support d'enregistrement informatique
WO2018050081A1 (fr) Procédé et appareil d'authentification d'identité de dispositif, et support de stockage
RU2480925C2 (ru) Генерация криптографического ключа
WO2018127081A1 (fr) Procédé et système d'obtention d'une clé de chiffrement
US10439801B2 (en) Entity authentication method and device based on pre-shared key
JP2018509117A (ja) アイデンティティ認証のための方法、装置、及びシステム
CN109981562B (zh) 一种软件开发工具包授权方法及装置
JP7192122B2 (ja) ユーザデバイスと車両との接続を認証するためのシステムおよび方法
CN110545252B (zh) 一种认证和信息保护的方法、终端、控制功能实体及应用服务器
CN108809903B (zh) 一种认证方法、装置及系统
CN106576237B (zh) 移动管理实体、归属服务器、终端、身份认证系统和方法
CN110505055B (zh) 基于非对称密钥池对和密钥卡的外网接入身份认证方法和系统
CN112351037B (zh) 用于安全通信的信息处理方法及装置
CN110635901B (zh) 用于物联网设备的本地蓝牙动态认证方法和系统
CN111031061A (zh) 一种验证方法及网关设备
CN101192927B (zh) 基于身份保密的授权与多重认证方法
CN110519222B (zh) 基于一次性非对称密钥对和密钥卡的外网接入身份认证方法和系统
CN112118568B (zh) 一种设备身份鉴权的方法及设备
CN109309648B (zh) 一种信息传输的方法和设备
WO2006026925A1 (fr) Procede d'etablissement de la cle d'authentification
CN112769789A (zh) 一种加密通信方法及系统
KR102415628B1 (ko) Dim을 이용한 드론 인증 방법 및 장치
Saxena et al. NS-AKA: An improved and efficient AKA protocol for 3G (UMTS) networks
CN105828330B (zh) 一种接入方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17848190

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 15.07.2019)

122 Ep: pct application non-entry in european phase

Ref document number: 17848190

Country of ref document: EP

Kind code of ref document: A1