WO2018076740A1 - Procédé de transmission de données et dispositif associé - Google Patents

Procédé de transmission de données et dispositif associé Download PDF

Info

Publication number
WO2018076740A1
WO2018076740A1 PCT/CN2017/090256 CN2017090256W WO2018076740A1 WO 2018076740 A1 WO2018076740 A1 WO 2018076740A1 CN 2017090256 W CN2017090256 W CN 2017090256W WO 2018076740 A1 WO2018076740 A1 WO 2018076740A1
Authority
WO
WIPO (PCT)
Prior art keywords
control device
user equipment
network control
home network
key
Prior art date
Application number
PCT/CN2017/090256
Other languages
English (en)
Chinese (zh)
Inventor
金兹伯格⋅菲利普
尼米瓦特里
张博
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2018076740A1 publication Critical patent/WO2018076740A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the embodiments of the present invention relate to the field of communications technologies, and in particular, to a data transmission method and related devices.
  • the third generation mobile communication system (English: 3rd Generation, 3G for short) and its Long Term Evolution (LTE) system
  • user equipment English: User Equipment, Abbreviation: UE
  • AKA Authentication and Key Agreement
  • the AKA process is performed when the UE performs the initial access.
  • the access request carries the permanent identifier of the UE: International Mobile Subscriber Identity (English: International Mobile Subscriber Identity, referred to as :IMSI).
  • the network side finds the root key K of the UE based on the IMSI of the UE, and further implements a mutual authentication process between the UE and the network side based on the root key K.
  • any third-party attacker can eavesdrop on the access request through the air interface to obtain the IMSI of the UE, thereby The UE performs tracking, and therefore, there is a large security risk.
  • the UE may be identified by using a random identifier instead of the permanent identifier of the UE.
  • the random identifier may be used instead of the permanent identifier IMSI of the UE. Therefore, the attacker only obtains the random identifier from the air interface, and cannot determine which UE is identified by the random identifier. Therefore, the security of the UE is improved.
  • FIG. 1 is a schematic flowchart of a prior art AKA process.
  • the network elements participating in the AKA process in the LTE system mainly include: a UE, an evolved base station (English: evolved Node B, eNB for short), a mobility management entity (English: Mobility Management Entity, MME for short), and a home subscription subscriber server ( English: Home Subscriber Server, referred to as: HSS).
  • the root key K and the random identifier are pre-shared between the UE and the HSS. It is assumed that the initial random identifier of the UE is P, and the random identifier P is used to identify the UE between the UE and the network side. And, the random identifier P can be updated.
  • the AKA process includes the following steps.
  • the UE sends an access request message to the MME by using the eNB, where the access request message carries the random identifier P and the home network identifier (ID) corresponding to the UE, where the home network identifier is used to indicate which operator the UE belongs to.
  • the access request message carries the random identifier P and the home network identifier (ID) corresponding to the UE, where the home network identifier is used to indicate which operator the UE belongs to.
  • ID home network identifier
  • the MME finds the corresponding HSS according to the home network identifier carried in the access request message, and sends an authentication data request message to the HSS, where the authentication data request message carries the random identifier P of the UE.
  • the HSS After receiving the authentication data request message, the HSS searches for the root key K corresponding to the random identifier P, and generates an authentication vector (English: Authentication Vector, AV for short) corresponding to the UE according to the root key K.
  • an authentication vector English: Authentication Vector, AV for short
  • the HSS randomly generates a random number RAND, and then generates a corresponding UE according to the RAND, the currently stored authentication sequence number SQN, the root key K, and other information.
  • AV includes: RAND, Authentication Token (AUTN), Expected Response (English: Expected Response, XRES), and K ASME .
  • AUTN Authentication Token
  • XRES Expected Response
  • K ASME K ASME
  • AUTN is a value obtained by XORing an SQN with an anonymous key (English: Anonymity Key, AK for short), an authentication management domain (English: Authentication Management Field, AMF for short), and a message authentication code (English: Message) Authentication Code, referred to as MAC).
  • AK is calculated based on RAND and K.
  • the MAC is calculated based on RAND, K, AMF, and SQN, and is used to authenticate the UE to the network side.
  • the HSS redefines the RAND, and the RAND is composed of three parts: Enc (P'), MAC (SQN), and a random string, and the three parts respectively occupy different fields.
  • the length of RAND is 128 bits, where the first to 40th bits represent Enc(P'), the 41st to 56th bits represent MAC (SQN), and the 57th to 76th bits represent random strings.
  • P' represents an updated random identifier
  • Enc(P') is a ciphertext obtained by encrypting P'
  • MAC (SQN) is a parameter obtained by performing integrity protection on the SQN.
  • a random string is a random number generated by the HSS.
  • Enc(P') is obtained by performing encryption operation using the root key K of the UE, and the MAC (SQN) is obtained by performing integrity protection operation using the root key K of the UE.
  • the AV corresponding to the UE is generated according to the RAND, the SQN, the root key K, and other information.
  • the content of the AV refer to the related description above, and details are not described herein again.
  • the HSS sends an authentication data response message to the MME, where the authentication data response message carries the AV of the UE, and the MME saves the received AV of the UE.
  • the MME sends a user authentication request message to the UE, where the user authentication request message carries RAND and AUTN in the UE authentication vector.
  • the verification process includes: the UE calculates the AK according to the RAND and the root key K, and then calculates the SQN according to the value obtained by performing an exclusive OR operation between the SQN and the AK in the AK and the AUTN, and then according to the AMF and the root in the RAND, SQN, and AUTN.
  • the key K jointly calculates an XMAC and compares the XMAC with the MAC in the authentication response message. If they are the same, it then checks whether the received SQN is equal to the locally saved SQN to prevent replay attacks. If so, the UE successfully authenticates the network.
  • the UE then calculates RES and K ASME based on the RAND and K, where RES is the parameter used by the network to authenticate the UE.
  • the UE performs integrity verification on the corresponding MAC (SQN) field in the RAND according to the root key K and the SQN in the AUTN. If the verification succeeds, the RAND includes a new random identifier, and according to the root key K, The field corresponding to Enc (P') in RAND is decrypted to obtain an updated random identifier P'. If the UE fails to verify the field of the corresponding MAC (SQN) in the RAND, it indicates that the RAND does not contain a new random identifier.
  • S107 The UE sends a user authentication response message to the MME, where the user authentication response message carries the RES.
  • the MME After receiving the user authentication response message, the MME compares the RES carried in the user authentication response message with the XRES in the authentication vector corresponding to the UE. If the MME is the same, the MME authenticates the UE.
  • the UE and the network side have completed the AKA process. After that, when the UE re-accesses the network, the updated random identifier P' can be used to ensure the security of the UE.
  • the HSS uses the MAC (SQN) in the RAND to notify the UE of the RAND sent. Whether the new random identifier is included in the UE, the UE needs to perform additional calculation on the RAND to determine whether the received RAND contains a new random identifier, which increases the calculation amount of the UE, which is not conducive to saving UE overhead.
  • SQL MAC
  • the embodiment of the invention provides a data transmission method and related device, which can save the user equipment to determine the calculation amount of the updated random identifier included in the received random number, thereby saving the overhead of the user equipment.
  • an embodiment of the present invention provides a data transmission method, where the method includes: a home network control device receives a first authentication data request message sent by a service network control device, where the first authentication data request message includes a user equipment corresponding to a first identifier; the home network control device generates a first random identifier corresponding to the user equipment; the home network control device sends the first random number and the first indication information to the user equipment by using the service network control device, where the first random number includes the first The first encrypted data obtained by encrypting the first data group by the shared key, the first data group includes a first random identifier, where the first indication information is used to indicate that the user equipment determines, according to the first indication information, that the first random number includes the first Random identification.
  • the home network control device may explicitly notify the user equipment that the first random number includes the updated random identifier by using the first indication information, instead of generating the message authentication code, so that the user equipment determines, according to the message authentication code, that the first random number includes the updated random identifier.
  • the processing complexity of the home network control device is saved.
  • the user equipment can directly confirm that the received first random number includes the updated random identifier by parsing the first indication information, and does not need to perform an additional calculation process, which saves the overhead of the user equipment and reduces the complexity of the processing of the user equipment. degree.
  • the first random number further includes first integrity protection data obtained by performing integrity protection on the first encrypted data by using the second shared key.
  • the security of the first random identification transmission can be improved by performing integrity protection on the first encrypted data by the home network control device.
  • the second shared key is a pre-shared root key between the user equipment and the home network control device; or the second shared key is a pre-shared random pre-shared between the user equipment and the home network control device.
  • the integrity key is identified, and the random identity integrity key is used to integrity protect the random identifier of the user equipment.
  • the second shared key may be pre-shared between the home network control device and the user equipment, so that the home network control device may perform integrity protection on the first encrypted data to obtain the first integrity during the data transmission process. Protecting the data improves the security of the first random identification transmission.
  • the first shared key is a pre-shared root key between the user equipment and the home network control device; or the first shared key is a pre-shared random pre-shared between the user equipment and the home network control device.
  • the encryption key is identified, and the random identification encryption key is used to encrypt the random identifier of the user equipment.
  • the first shared key may be pre-shared between the home network control device and the user equipment, so that the home network control device may encrypt the first random identifier of the user equipment by using the first shared key during the data transmission process, thereby improving the number The security of a random identification transmission.
  • the method before the home network control device receives the first authentication data request message sent by the serving network control device, the method further includes: the home network control device receiving the second authentication data request message sent by the serving network control device, and second The authentication data request message includes a second identifier corresponding to the user equipment; the home network control device generates a first shared key by using the first key derivation parameter; the home network control device sends the second indication information to the user equipment by using the serving network control device, The second indication information is used to indicate that the user equipment generates the first shared key by using the first key derivation parameter.
  • the home network control device may pass the second finger before sending the encrypted first random identifier to the user equipment.
  • the information is sent to the user equipment to generate the first shared key, so that the home network control device encrypts the first random identifier by using the first shared key when the first random identifier is sent to the user equipment, and improves the first random identifier transmission. safety.
  • the method before the home network control device receives the first authentication data request message sent by the serving network control device, the method further includes: the home network control device receiving the second authentication data request message sent by the serving network control device, and second The authentication data request message includes a second identifier corresponding to the user equipment; the home network control device generates a second shared key by using the second key derivation parameter; the home network control device sends the second indication information to the user equipment by using the serving network control device, The second indication information is used to indicate that the user equipment generates the second shared key by using the second key derivation parameter.
  • the home network control device may notify the user equipment to generate the second shared key, so that the home network control device sends the first random identifier to the user equipment.
  • the first encrypted data is integrity-protected by using the second shared key to improve the security of the first random identifier transmission.
  • the home network control device after the home network control device receives the first authentication data request message sent by the serving network control device, the home network control device sends the first random number and the first indication information to the user equipment by using the serving network control device.
  • the method further includes: the home network control device generates the first shared key by using the first key derivation parameter; the first indication information is further used to indicate that the user equipment generates the first shared key by using the first key derivation parameter.
  • the home network control device sends the encrypted first random identifier to the user equipment, the first indication information may be directly notified to the user equipment to generate the first shared key, so that the user equipment may decrypt the first encrypted data based on the first shared key. Get the first random identifier.
  • the first key derivation parameter is pre-shared between the home network control device and the user equipment.
  • the home network control device after the home network control device receives the first authentication data request message sent by the serving network control device, the home network control device sends the first random number and the first indication information to the user equipment by using the serving network control device.
  • the method further includes: the home network control device generates the second shared key by using the second key derivation parameter; the first indication information is further used to indicate that the user equipment generates the second shared key by using the second key derivation parameter, and the second shared secret
  • the key is used by the home network control device to perform integrity protection on the first encrypted data.
  • the home network control device When the home network control device sends the encrypted first random identifier to the user equipment, the first indication information may be directly notified to the user equipment to generate the second shared key, so that the user equipment may protect the first integrity based on the second shared key.
  • the data is integrity verified.
  • the second key derivation parameter is pre-shared between the home network control device and the user equipment.
  • the method further includes: the home network control device generates the third shared key by using the third key derivation parameter, and the third The shared key is used to encrypt the second random identifier when the home network control device sends the updated second random identifier to the user equipment.
  • the first indication information is further used to indicate that the user equipment uses the third key derivation parameter to generate the third share. Key.
  • the third key derivation parameter is pre-shared between the home network control device and the user equipment.
  • the home network control device receives the first authentication data sent by the serving network control device.
  • the method further includes: the home network control device generates a fourth shared key by using the fourth key derivation parameter, where the fourth shared key is used by the home network control device to send the second random identifier to the user equipment, and then to the second random The identifier performs integrity protection; the first indication information is further used to indicate that the user equipment generates the fourth shared key by using the fourth key derivation parameter.
  • the fourth key derivation parameter is pre-shared between the home network control device and the user equipment.
  • the method further includes: the home network control device receiving the authentication success message sent by the serving network control device, where the authentication success message is used to indicate the The service network control device has successfully authenticated the user equipment.
  • the home network control device saves the mapping relationship between the user equipment and the first random identifier according to the authentication success message, and saves the mapping relationship between the user equipment and the first identifier. The following situation can be avoided: if the home network control device generates a new random identifier, the old random identifier is released. If the third party attacker falsifies the access request message, the home network control device is triggered to release the old legal user. Random identification, which prevents legitimate users from accessing the network.
  • the authentication success message includes a first identifier corresponding to the user equipment or a first random identifier corresponding to the user equipment.
  • the first key derivation parameter and/or the third key derivation parameter includes a root key of the user equipment, a shared key derived based on the root key of the user equipment, and the At least one of a random number, an authentication sequence number, an encryption algorithm identifier, a home network identifier, and a service network identifier.
  • the second key derivation parameter and/or the fourth key derivation parameter includes a root key of the user equipment, a shared key derived based on the root key of the user equipment, and the At least one of a random number, an authentication sequence number, an integrity protection algorithm identifier, a home network identifier, and a service network identifier.
  • the first data group further includes a sequence code, which is used to represent the total number of random identifier updates corresponding to the user equipment.
  • the embodiment of the present invention provides a data transmission method, where the method includes: the user equipment sends a first access request message to the serving network control device, where the first access request message includes the corresponding An identifier that is received by the home network control device by the home network control device and the first indication information, where the first random number includes the first shared key to encrypt the first data group.
  • a first encrypted data the first data set includes a first random identifier corresponding to the user equipment, and the user equipment determines, according to the first indication information, that the first random identifier includes the first random identifier, and the user equipment uses the first shared key to encrypt the first
  • the data is decrypted to obtain a first random identifier.
  • the user equipment can directly confirm that the received first random number includes the updated random identifier by parsing the first indication information, and does not need to perform an additional calculation process, which saves the overhead of the user equipment and reduces the processing complexity of the user equipment. .
  • the first random number further includes first integrity protection data obtained by using the second shared key to perform integrity protection on the first encrypted data; and the user equipment receives the home network control device to control through the service network.
  • the method further includes: performing, by the user equipment, integrity verification on the first integrity protection data by using the second shared key.
  • the second shared key is a pre-shared root between the user equipment and the home network control device.
  • the second shared key is a pre-shared random identity integrity key between the user equipment and the home network control device, and the random identifier integrity key is used to perform integrity protection on the random identifier of the user equipment.
  • the second shared key may be pre-shared between the home network control device and the user equipment, so that the home network control device may perform integrity protection on the first encrypted data to obtain the first integrity during the data transmission process. Protecting the data improves the security of the first random identification transmission.
  • the first shared key is a pre-shared root key between the user equipment and the home network control device; or the first shared key is a pre-shared random pre-shared between the user equipment and the home network control device.
  • the encryption key is identified, and the random identification encryption key is used to encrypt the random identifier of the user equipment.
  • the first shared key may be pre-shared between the home network control device and the user equipment, so that the home network control device may encrypt the first random identifier of the user equipment by using the first shared key during the data transmission process, thereby improving the number The security of a random identification transmission.
  • the method before the user equipment sends the first access request message to the serving network control device, the method further includes: the user equipment sends a second access request message to the serving network control device, where the second access request message is sent The second identifier corresponding to the user equipment is received by the user equipment, and the user equipment receives the second indication information sent by the home network control device by using the service network control device, where the user equipment generates the first key derivation parameter according to the second indication information.
  • the first shared key Before receiving the encrypted first random identifier sent by the home network control device, the user equipment may generate the first shared key according to the second indication information sent by the home network control device, so that the subsequent user equipment receives the information sent by the home network control device. Encrypting the first random identifier, encrypting the first random identifier by using the first shared key, and improving security of the first random identifier transmission.
  • the method before the user equipment sends the first access request message to the serving network control device, the method further includes: the user equipment sends a second access request message to the serving network control device, where the second access request message is sent The second identifier corresponding to the user equipment is included; the user equipment receives the second indication information that is sent by the home network control device by the service network control device; and the user equipment generates the second shared key by using the second key derivation parameter according to the second indication information. .
  • the user equipment Before receiving the encrypted first random identifier sent by the home network control device, the user equipment may generate a second shared key according to the second indication information sent by the home network control device, so that the subsequent user equipment receives the information sent by the home network control device.
  • the first integrity protection data is used to perform integrity verification on the first integrity protection data, thereby improving the security of the first random identifier transmission.
  • the first indication information is further used to indicate that the user equipment generates the first shared key by using the first key derivation parameter; the user equipment receives the first sent by the home network control device by using the serving network control device After the random number and the first indication information, the user equipment decrypts the first encrypted data by using the first shared key to obtain the first random identifier, and further includes: the user equipment adopts the first key derivation parameter according to the first indication information. Generate a first shared secret. The user equipment may determine to generate the first shared key according to the first indication information, so that the user equipment may decrypt the first encrypted data based on the first shared key to obtain the first random identifier.
  • the first indication information is further used to indicate that the user equipment generates the second shared key by using the second key derivation parameter; the user equipment receives the first sent by the home network control device by using the serving network control device After the random number and the first indication information, the user equipment decrypts the first encrypted data by using the first shared key to obtain the first random identifier, and further includes: the user equipment adopts the second key derivation parameter according to the first indication information. Generate a second shared key. The user equipment may determine to generate the second shared key according to the first indication information, so that the user equipment may perform integrity verification on the first integrity protection data based on the second shared key.
  • the first indication information is further used to indicate that the user equipment generates the third shared key by using the third key derivation parameter, and the third shared key is used by the home network control device to subsequently send the updated to the user equipment.
  • the second random identifier is used to encrypt the second random identifier. After the user equipment receives the first random number and the first indication information sent by the home network control device, the user equipment adopts the third key derivation parameter. Generate a third shared secret.
  • the first indication information is further used to indicate that the user equipment uses the fourth key derivation parameter to generate a fourth shared key
  • the fourth shared key is used by the home network control device to send the second to the user equipment. Performing integrity protection on the second random identifier when the random identifier is received; after receiving the first random number and the first indication information sent by the home network control device by the serving network control device, the user equipment further includes: the user equipment adopts the fourth key derivation parameter Generate a fourth shared key.
  • the user equipment after the user equipment receives the first random number and the first indication information sent by the home network control device, the user equipment saves the mapping relationship between the user equipment and the first random identifier. And the mapping relationship between the user equipment and the first identifier is saved. The user equipment saves the new first random identifier and the old first identifier, so that if the network cannot successfully access the network through the new first random identifier during the access process, the old first identifier can also be used. The network improves the probability of user equipment successfully accessing the network.
  • the first key derivation parameter and/or the third key derivation parameter includes a root key of the user equipment, a shared key derived based on the root key of the user equipment, and the At least one of a random number, an authentication sequence number, an encryption algorithm identifier, a home network identifier, and a service network identifier.
  • the second key derivation parameter and/or the fourth key derivation parameter includes a root key of the user equipment, a shared key derived based on the root key of the user equipment, and the At least one of a random number, an authentication sequence number, an integrity protection algorithm identifier, a home network identifier, and a service network identifier.
  • the first data group further includes a sequence code, which is used to represent the total number of random identifier updates corresponding to the user equipment.
  • an embodiment of the present invention provides a data transmission method, where the method includes: the serving network control device sends an authentication success message to the home network control device, where the authentication success message is used to indicate that the home network control device controls the service network. The device has successfully authenticated the user device.
  • the authentication success message includes a first identifier corresponding to the user equipment or a first random identifier corresponding to the user equipment.
  • an embodiment of the present invention provides a data transmission method, where the method includes: a home network control device receives a first authentication data request message sent by a service network control device, where the first authentication data request message includes a user equipment corresponding The first identifier is generated by the home network control device, and the first random identifier corresponding to the user equipment is generated by using the first random number and the identifier of the identifier; the home network control device determines whether the first random identifier is The user equipment control device sends the first random number and the first indication information to the user equipment by using the service network control device, where the first indication information is used to indicate that the user equipment adopts the first A random number and the identifier derived parameter generate the first random identifier.
  • the home network control device generates the first random number by using the generated first random identifier. If the first random number is not used by the other user equipment, the home network control device allocates the first random identifier to the user equipment to the user. The device sends the first indication information, indicating that the user equipment generates the first random identifier by using the first random number, and therefore, the first The machine identifier is derived from the home network control device and the user equipment based on the same parameters, and does not need to perform random identifier transmission, thereby improving the security of the random identifier of the user equipment.
  • the method further includes: if not, the home network control device regenerating the second random number, and adopting the first The second random number and the identifier derivation parameter generate a second random identifier; the home network control device determines whether the second random identifier is not used by other user equipments.
  • the identity derivation parameter is pre-shared between the home network control device and the user equipment.
  • the home network control device and the user equipment may generate the first random identity based on the pre-shared parameters.
  • an embodiment of the present invention provides a data transmission method, where the method includes: receiving, by a user equipment, a first random number and first indication information sent by a home network control device by using a service network control device; The first indication information is generated by using the first random number and the identifier derivation parameter.
  • the user equipment generates the first random identifier by using the first random number sent by the home network control device. Therefore, the first random identifier is derived from the home network control device and the user equipment based on the same parameter, and does not need to perform random identifier transmission. The security of the random identifier of the user equipment is improved.
  • the identity derivation parameter is pre-shared between the home network control device and the user equipment.
  • the home network control device and the user equipment may generate the first random identity based on the pre-shared parameters.
  • an embodiment of the present invention provides a home network control device, where the home network control device has the function of implementing the behavior of the home network control device in the first aspect or the fourth aspect.
  • the functions can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the home network control device includes a processor and a memory for storing a program supporting the home network control device to execute the above method, and the processor is configured to execute the program stored in the memory.
  • the home network control device can also include a communication interface for the home network control device to communicate with other devices or communication networks.
  • an embodiment of the present invention provides a user equipment, where the user equipment has a function of implementing the behavior of the user equipment in the second aspect or the fifth aspect.
  • the functions can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the user equipment includes a processor and a memory for storing a program supporting the user equipment to perform the above method, and the processor is configured to execute a program stored in the memory.
  • the user equipment can also include a communication interface for the user equipment to communicate with other devices or communication networks.
  • an embodiment of the present invention provides a service network control device, where the service network control device has a function of implementing the behavior of the service network control device in the foregoing third aspect.
  • the functions can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the structure of the service network control device includes a processor and a memory for storing a program supporting the service network control device to execute the above method, and the processor is configured to execute the program stored in the memory.
  • the serving network control device can also include a communication interface for the service network control device to communicate with other devices or communication networks.
  • the embodiment of the present invention provides a home network control device, where the home network control device includes a module or unit for performing the data transmission method described in the first aspect or the fourth aspect.
  • an embodiment of the present invention provides a user equipment, where the user equipment includes a module or a unit for performing the data transmission method described in the second aspect or the fifth aspect.
  • an embodiment of the present invention provides a service network control device, where the service network control device includes a module or unit for performing the data transmission method described in the foregoing third aspect.
  • the embodiment of the present invention provides a communication system, including a home network control device, a user equipment, and a service network control device, where the home network control device is the home network control described in the sixth aspect or the ninth aspect.
  • the user equipment is the user equipment described in the seventh aspect or the tenth aspect
  • the service network control device is the service network control device described in the eighth aspect or the eleventh aspect.
  • the embodiment of the present invention provides a computer storage medium, configured to store computer software instructions used by the home network control device, where the method includes the first aspect or the fourth aspect, which is a home network control device.
  • an embodiment of the present invention provides a computer storage medium, configured to store computer software instructions used by the user equipment, including a program designed to perform the second aspect or the fifth aspect of the user equipment. .
  • an embodiment of the present invention provides a computer storage medium, configured to store computer software instructions used by the service network control device, including a program designed to execute the foregoing third aspect for a service network control device. .
  • FIG. 1 is a schematic diagram of a signaling flow of an AKA process in the prior art
  • FIG. 2 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of a computer device according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart of a data transmission method according to an embodiment of the present invention.
  • FIG. 5 is a schematic flowchart diagram of another data transmission method according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic flowchart diagram of another data transmission method according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic flowchart diagram of another data transmission method according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic structural diagram of a home network control device according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic structural diagram of a user equipment according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic structural diagram of a service network control device according to an embodiment of the present invention.
  • FIG. 2 is a schematic structural diagram of a communication system according to an embodiment of the present invention.
  • the communication system 20 includes a user equipment 201, an access network device 202, a serving network control device 203, and a home network control device 204.
  • the user equipment 201 may also be referred to as a mobile station, an access terminal, a subscriber unit, a subscriber station, a mobile station, a remote station, a remote terminal, a mobile device, a user terminal, a terminal, a wireless communication device, a user agent, or a user device.
  • the user equipment 201 can be a mobile phone, a tablet computer, a notebook computer, a palmtop computer, a mobile Internet device (English: Mobile Internet Device, MID for short), a wearable device (such as a smart watch (such as iWatch), etc.), and has a universal user identifier.
  • Module English: Universal Subscriber Identity Module, USIM
  • / User Identification Module English
  • Text Subscriber Identity Module
  • the user equipment 201 is composed of two parts: a USIM/SIM module and a mobile device (English: Mobile Equipment, ME: abbreviation).
  • the USIM/SIM module is a smart card issued by the operator and shares a permanent symmetric root key K with the home network control device 204. This K is written once during the manufacture of the USIM/SIM module and is subject to the USIM. /SIM's security mechanism is protected and cannot be read.
  • the USIM/SIM module has AKA certification and computing capabilities.
  • the ME is a hardware device other than the USIM module in the user equipment 201, and can perform a security operation.
  • the user equipment 201 is a stand-alone device having the functions of the USIM/SIM module and the ME described above.
  • the access network device 202 may be a device that communicates with the user equipment 201 by using a wireless device, for example, a base station (English: NodeB, NB for short), an eNB, and wireless fidelity (English: Wireless Fidelity, referred to as WiFi).
  • a wireless device for example, a base station (English: NodeB, NB for short), an eNB, and wireless fidelity (English: Wireless Fidelity, referred to as WiFi).
  • Wired transmission methods include, but are not limited to, IP, content-based networks, identity-based networks, and the like. For convenience of description, the following embodiments will be described using a radio access network device.
  • the service network control device 203 belongs to an authentication processing node.
  • the service network control device 203 includes, but is not limited to, a mobility management entity (English: Mobility Management Entity, MME for short), an authentication server function entity (English: Authentication Server Function abbreviation: AUSF), and a security anchor function network element (English: Security) Anchor Function (SEAF), Security Context Management Function (SCMF), Bootstrapping Server Function Network Element (BSF), Call Session Control Function Entity (English: Call Session Control Function (CSCF) or a new configuration device related to network authentication (referred to as a network authentication server for convenience of description).
  • MME Mobility Management Entity
  • MME Mobility Management Entity
  • AUSF Authentication Server Function abbreviation: AUSF
  • SEAF Security Context Management Function
  • BSF Bootstrapping Server Function Network Element
  • CSCF Call Session Control Function Entity
  • CSCF Call Session Control Function
  • a new configuration device related to network authentication referred to as a network
  • the operations performed by the service network control device 203 described later are all performed by the one device; when the service network control device 203 includes multiple devices, the subsequent description is The operations performed by the service network control device 203 are performed by the multiple devices in cooperation, that is, different devices of the multiple devices perform some operations, and data and parameters generated by the operations may be transmitted between the multiple devices as needed. .
  • the home network control device 204 is a device maintained by the operator, and stores subscription information of the user and the like.
  • the home network control device 204 shares the root key K with the user equipment 201.
  • the home network control device 204 shares the root key K with the USIM/SIM module in the user equipment 201.
  • the home network control device 204 may be a home subscriber server (English: Home Subscriber Server, HSS for short), or an authentication, authorization (or AAA) authentication center.
  • the home network control device 204 may perform encryption and/or integrity protection on the updated random identifier, and then send the encrypted and/or integrity-protected random identifier and the first indication information to the service network control device 203, and the service network control device The 203 then sends the encrypted and/or integrity-protected random identifier and the first indication information to the radio access network device 202, and the radio access network device 202 performs the encryption and/or integrity-protected random identifier and The first indication information is sent to the user equipment 201, and the user equipment 201 receives the encrypted and/or integrity-protected random identifier and the first indication information sent by the radio access network device 202. The user equipment 201 can determine according to the first indication information.
  • the message returned by the radio access network device 202 carries the updated random identifier, so the user equipment 201 decrypts the encrypted data to obtain the updated random identifier, or the user equipment 201 performs integrity verification on the encrypted data, and then encrypts the encrypted data.
  • the data is decrypted to obtain an updated random identifier.
  • the home network control device 204 and the user equipment 201 may pre-share a random identity encryption key and/or a random identity integrity key.
  • the home network control device 204 and the USIM/SIM module in the user equipment 201 pre-share a random identity encryption key and/or a random identity integrity key.
  • the random identifier encryption key is used for cryptographic protection of the random identifier of the user equipment
  • the random identifier integrity key is used for integrity protection of the random identifier of the user equipment, or used for integrity in the process of random identifier transmission. protection.
  • the CKP is used to represent the random identification encryption key
  • the IKP is used to represent the random identification integrity key.
  • the random identifier encryption key and/or the random identifier integrity key may also be sent by the home network control device 204 to the user equipment 201, that is, the user equipment 201 or the USIM/SIM in the user equipment 201.
  • the module does not initially store the random identifier encryption key and/or the random identifier integrity key.
  • the home network control device 204 determines to encrypt and/or integrity protect the updated random identifier
  • the random identifier is first encrypted.
  • the key and/or random identity integrity key is sent to the user equipment 201 such that the user equipment 201 can correctly decrypt the updated random identity.
  • the random identifier described in the embodiment of the present invention is a random string, and the content of the partial string may be randomly selected, or all the strings may be randomly selected. Including but not limited to the following two possibilities: Possibility 1: The random identifier is a random string. Possibility 2: The random identifier consists of three parts, including Mobile Country Code (English: Mobile Network Code, MNC for short), Mobile Network Code (English: Mobile Country Code, MCC for short) and random string.
  • the home network control device 204 or the user equipment 201 or the service network control device 203 in FIG. 2 can be implemented in the manner of the computer device (or system) in FIG.
  • FIG. 3 is a schematic diagram of a computer device according to an embodiment of the present invention.
  • Computer device 300 includes at least one processor 301, a communication bus 302, a memory 303, and at least one communication interface 304.
  • the processor 301 can be a general-purpose central processing unit (English: Central Processing Unit, CPU for short), a microprocessor, an application-specific integrated circuit (ASIC), or one or more uses. An integrated circuit for controlling the execution of the program of the embodiment of the present invention.
  • CPU Central Processing Unit
  • ASIC application-specific integrated circuit
  • Communication bus 302 can include a path for communicating information between the components described above.
  • the communication interface 304 uses a device such as any transceiver for communicating with other devices or communication networks, such as an Ethernet, a radio access network (English: Radio Access Technology, RAN), and a wireless local area network (English: Wireless Local Area Networks, referred to as WLAN).
  • a radio access network English: Radio Access Technology, RAN
  • WLAN Wireless Local Area Networks
  • the memory 303 may be a read-only memory (English: Read-Only Memory, ROM for short) or other types of static storage devices that can store static information and instructions, a random access memory (English: Random Access Memory, RAM for short). Other types of dynamic storage devices that can store information and instructions, or electrically erasable programmable read-only memory (English: Electrically Erasable Programmable Read-Only Memory, EEPROM), CD-ROM (English: Compact Disc Read- Only Memory (CD-ROM) or other disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used to carry or Storing desired program code in the form of instructions or data structures and capable of Any other medium accessed by a computer, but is not limited thereto.
  • the memory can exist independently and be connected to the processor via a bus. The memory can also be integrated with the processor.
  • the memory 303 is configured to store program code for executing the solution of the embodiment of the present invention, and is controlled by the processor 301 for execution.
  • the processor 301 is configured to execute program code stored in the memory 303.
  • processor 301 may include one or more CPUs, such as CPU0 and CPU1 in FIG.
  • computer device 300 can include multiple processors, such as processor 301 and processor 308 in FIG. Each of these processors can be a single-CPU processor or a multi-core processor.
  • processors herein may refer to one or more devices, circuits, and/or processing cores for processing data, such as computer program instructions.
  • computer device 300 may also include an output device 305 and an input device 306.
  • Output device 305 is in communication with processor 301 and can display information in a variety of ways.
  • the output device 305 can be a liquid crystal display (English: Liquid Crystal Display, abbreviated as: LCD), a light emitting diode (English: Light Emitting Diode, abbreviated as: LED) display device, a cathode ray tube (English: Cathode Ray Tube, referred to as : CRT) Display device, or projector (projector), etc.
  • Input device 306 is in communication with processor 301 and can accept user input in a variety of ways.
  • input device 406 can be a mouse, keyboard, touch screen device, or sensing device, and the like.
  • the computer device 300 described above can be a general purpose computer device or a special purpose computer device.
  • the computer device 300 can be a desktop computer, a portable computer, a network server, a handheld computer (English: Personal Digital Assistant, PDA for short), a mobile phone, a tablet computer, a wireless terminal device, a communication device, an embedded device, or There are devices of similar construction in Figure 3. Embodiments of the invention do not limit the type of computer device 300.
  • the home network control device 204 in FIG. 2 can also be the device shown in FIG. 3.
  • One or more software modules are stored in the memory of the home network control device 204.
  • the user equipment 201 in FIG. 2 may be the device shown in FIG. 3, and one or more software modules (such as an interaction module and a processing module) are stored in the memory of the user equipment 201.
  • the service network control device 203 in FIG. 2 may be the device shown in FIG. 3, and one or more software modules (such as an interaction module and a processing module) are stored in the memory of the service network control device 203.
  • the home network control device or the user equipment or the service network control device can implement the software module through the processor and the program code in the memory, and execute the process described in the following method embodiments of FIG. 4 to FIG.
  • FIG. 4 is a schematic flowchart of a data transmission method according to an embodiment of the present invention.
  • the data transmission method includes the following steps.
  • the user equipment sends a first access request message to the serving network control device, where the first access request message carries the random identifier P of the user equipment.
  • the first access request message carries the random identifier P corresponding to the user equipment as an example.
  • the first access request message may further carry other identifiers to identify the user equipment, where the identifier includes However, it is not limited to: International Mobile Subscriber Identity (English: International Mobile Subscriber Identity, IMSI), International Mobile Equipment Identity (IMEI), Internet Protocol (English: Internet Protoco, IP for short) Multimedia Multimedia Identity (English: IP Multimedia Private Identity, IMPI for short), IP Multimedia Public Identity (IMPU), temporary Mobile User Identity (English: Temporary Mobile Subscriber Identity, TMSI), Media Access Control (MAC) address, IP address, mobile phone number, and global unique temporary UE identity (English: Globally Unique Temporary UE) Identity, referred to as GUTI).
  • IMSI International Mobile Subscriber Identity
  • IMEI International Mobile Equipment Identity
  • IMEI International Mobile Equipment Identity
  • Internet Protocol English: Internet Protoco, IP for short
  • Multimedia Multimedia Identity English: IP Multimedia Private Identity, IMPI for short
  • the identifier when the user equipment performs the initial access process for the first time, the identifier may be the IMSI or the IMPI corresponding to the user equipment.
  • the identifier When the user equipment performs the second or Nth access procedure, the identifier may be the user equipment. Corresponding to any of the above identifiers.
  • an initial random identifier P may be shared in advance between the user equipment and the home network control device to which the user equipment belongs.
  • the random identifier P can uniquely identify the user equipment. Therefore, when the user equipment performs the initial access procedure (or the initial registration process), the first access request message (or the registration request message, the embodiment of the present invention uses the access request message as an example)
  • the P is identified, so that the IMSI of the user equipment can no longer be transmitted in the air interface, which improves the privacy and security of the user equipment.
  • the random identifier P may be stored in the memory of the user equipment, and the mapping relationship between the random identifier P corresponding to the user equipment and the IMSI corresponding to the user equipment is also stored in the home network control device.
  • the user equipment and the home network control device to which the user equipment belongs do not share an initial random identifier P in advance, and then the user equipment performs the initial access procedure in the first access request message.
  • the IMSI needs to be carried, and the IMSI can uniquely identify the user equipment.
  • the home network control device sends a random identifier P to the user equipment.
  • the user equipment can carry the random identifier P instead of carrying the IMSI.
  • the embodiment of the present invention is described by taking the first scenario as an example.
  • the identifier of the user equipment is uniformly represented by the random identifier P.
  • the identifier may be the IMSI of the user equipment, and the subsequent execution process may refer to the description of the steps for the first scenario, and details are not described herein.
  • the first access request message may further include a home network identifier, where the user equipment belongs to the network, so that the serving network control device receives the first access request message, according to the attribution
  • the network identifier determines which home network the user equipment belongs to, for example, China Mobile Network, China Unicom Network, China Telecom Network, and the like.
  • the serving network control device needs to know the home network control device to which the user equipment belongs based on the home network identifier.
  • the first access request message may not carry the home network identifier, and according to the MNC and the MCC, it may be determined which one the user equipment belongs to.
  • the internet may be used to determine which one the user equipment belongs to.
  • the user equipment sends the first access request message to the radio access network device, where the radio access network device receives the first access request message sent by the user equipment.
  • the radio access network device sends the first access request message to the serving network control device, and the serving network control device receives the first access request message sent by the radio access network device.
  • the user equipment may directly send the first access request message to the serving network control device.
  • the serving network control device receives the first access request message sent by the user equipment, and sends a first authentication data request message to the home network control device to which the user equipment belongs, where the first authentication data request message carries the randomness of the user equipment. Identification P.
  • the serving network control device receives the first access request message sent by the user equipment, finds the corresponding home network control device according to the home network identifier carried in the first access request message, and sends the corresponding home network control device to the home network control device.
  • the first authentication data request message carrying the random identifier P.
  • the first authentication data request message may further include a network identifier (English: Serving Network ID, SNID) of the service network, where the SNID is used to indicate a service network to which the service network control device accessed by the UE belongs.
  • SNID Serving Network ID
  • the service network control device accessed by the UE belongs For example: China Mobile Network, China Unicom Network, China Telecom Network, etc.
  • the serving network control device may find the corresponding home network control device according to the home network identifier, and send the first authentication data request message to the home network control device.
  • the serving network control device may determine, according to the MNC and the MCC, the home network control device, to send the first authentication data request message to the home network control device.
  • the home network control device receives the first authentication data request message that is sent by the service network control device and carries the random identifier P, and generates an authentication vector AV, where the AV includes a first random number and first indication information, where the first indication information is used by the first indication information. And indicating that the first random number includes an updated random identifier.
  • the home network control device searches for the root key K corresponding to the random identifier P in the local database according to the random identifier P carried in the first authentication data request message, and the root key K is also the root key of the user equipment.
  • the mapping table of the random identifier P and the root key K is stored in the home network control device.
  • a mapping relationship between the random identifier P and the root key K is recorded in the mapping table.
  • a permanent identifier of the user equipment such as an IMSI, may also be recorded in the mapping table.
  • the mapping table can be as shown in Table 1.
  • the root key K corresponding to the user equipment with the random identifier of 01 is 111111
  • the root key K corresponding to the user equipment with the random identifier of 02 is 000000.
  • the home network control device After the home network control device obtains the root key K corresponding to the user equipment, it first determines whether the random identifier of the user equipment needs to be updated. If it is determined that the random identifier P of the user equipment does not need to be updated, the home network control device randomly generates a first random number, and then according to the first random number, the authentication sequence number SQN, the root key K, and others currently saved by itself.
  • the information generates an AV corresponding to the user equipment, wherein the AV comprises: a first random number, an AUTN, an XRES, and a shared key K ASME . It should be noted that the description is made by taking the AV vector in LTE as an example.
  • the 3G AV vector includes the encryption key CK and the integrity key IK, and does not include K ASME .
  • the K ASME is pushed by CK and IK.
  • Derived where CK is used to encrypt user data, and IK is used to protect user data integrity.
  • AUTN is composed of three values: SQN and AK XOR, AMF and MAC.
  • the content included in the AV in the future 5G system is not limited herein.
  • the home network control device determines that the random identifier P of the user equipment needs to be updated, the home network control device first generates a new random identifier (for convenience of description, the embodiment of the present invention uses the random identifier P' as a new random identifier), and then re- The first random number is defined, and the new random identifier P' is carried in the first random number.
  • the first random number is defined as a string consisting of three parts: X, Y, and a random string.
  • the random string is a string randomly generated by the home network control device.
  • Enc (P') Enc (P')
  • Enc (P') is an encrypted data obtained by encrypting the random identifier P' by CKP.
  • Y MAC(X)
  • MAC is an integrity protection algorithm using IKP
  • MAC(X) indicates that IKP is used to integrity protect the encrypted data of the random identifier P'. Integrity protection data.
  • the MAC (X) is used to allow the user equipment to authenticate whether the received Enc (P') has not been tampered with by a third party.
  • X may also be Enc(P'
  • a counter the home network control device also maintains a counter for each user equipment, the value recorded by the counter is the total number of random identification updates of the user equipment.
  • C denotes a counter of the home network control device itself. The role of C is to count the number of random identification processing.
  • Y may also be MAC (X
  • Y may also be MAC (P'), which is integrity protection data calculated for P'.
  • Y may also be MAC (P'
  • the first random number may also be composed of only two parts of X and a random string. That is to say, the first random number may include only the encrypted data corresponding to the random identifier P' and a string of random strings, and does not include the integrity protection data.
  • the length and location of each parameter in the first random number may be pre-negotiated between the user equipment and the home network control device.
  • the length of the first random number is 128 bits, wherein the length of the random identifier P' is 40 bits, the length of the Enc (P') is 40 bits, and the length of the MAC (Enc (P')) is 16 bits, random.
  • the length of the string is 16 bits.
  • the first to 40th bits in the first random number represent Enc(P')
  • the 41st to 56th bits represent MAC(Enc(P'))
  • the 57th to 76th bits represent random strings. Therefore, after receiving the first random number, the user equipment may parse each parameter from the first random number.
  • the home network control device generates an AV corresponding to the user equipment according to the first random number, the authentication sequence number SQN that is currently saved by itself, the root key K, and other information.
  • the AV includes: a first random number, an AUTN, an XRES, and a shared key K ASME .
  • the home network control device also carries the first indication information in the AMF in the AUT to indicate that the first random number contains the updated random identifier P'.
  • the first indication information may be indicated by one bit in the AMF, or may be indicated by two or more bits.
  • AMF is a string of 16 bits, each of which has a different definition, eight of the 16 bits are used for normalization, and the other eight bits are used for specific operators.
  • the home network control device can make a new definition of the unused bits. Assume that the unused bits in the initial AMF are all 0. When a preset bit is set to 1, it indicates that the first random number contains the updated random identifier P'.
  • this bit When this bit is set to 0, it indicates The updated random identifier P' is not included in a random number. Or, assuming that the unused bits in the initial AMF are all 0, defining two preset bits as the flag bits of the first indication information, when the two bits are set to 11, indicating that the first random number contains the updated The random identifier P', when the two bits are set to 10, indicates that the updated random identifier P' is not included in the first random number.
  • the unused bits in the AMF are all 1, and when a preset bit is set to 0, it indicates that the first random number includes the updated random identifier P′, and when the bit is set to 1, , indicating that the updated random identifier P' is not included in the first random number.
  • the user equipment and the home network control device need to negotiate in advance which bit or bits of the AMF are used as the bits of the first indication information, so that after receiving the AMF, the user equipment It is possible to determine whether the updated random identifier P' is included in the first random number by parsing the one bit or the values of the bits.
  • the length and location of each parameter in the AUTN may be pre-negotiated between the user equipment and the home network control device.
  • the length of the AUTN is 128 bits
  • the length of the SQN is 48.
  • the length of the AMF is 16 bits
  • the length of the MAC is 16 bits.
  • bits 1 to 48 of the AUTN represent XOR values of SQN and AK
  • 49th to 64th represent AMF
  • 65th to 80th represent MAC. Therefore, after receiving the AUTN, the user equipment can parse each parameter from the AUTN.
  • the first indication information is indicated by the bit in the AMF in the AUTN.
  • the first indication information may also be indicated by other fields, for example, The embodiment of the present invention does not limit this by using one bit or two bits or multiple bits in the first random number.
  • the home network control device sends an authentication vector AV to the service network control device, where the authentication vector AV includes a first random number and first indication information.
  • the serving network control device receives the AV sent by the home network control device, and sends the first random number and the AUTN in the AV to the user equipment, where the AUTN includes the first indication information.
  • the serving network control device sends the first random number and the AUTN to the radio access network device, where the radio access network device receives the first random number and the AUTN sent by the serving network control device.
  • the radio access network device sends the first random number and the AUTN to the user equipment, and the user equipment receives the first random number and the AUTN sent by the radio access network device.
  • the user equipment receives the first random number and the AUTN sent by the serving network control device, checks the network side according to the first random number and the AUTN, and determines whether the first random number includes the update according to the first indication information in the AUTN. Random logo.
  • the user equipment After receiving the first random number and the AUTN, the user equipment verifies the correctness of the AUTN according to the stored root key K and the first random number, thereby performing verification on the network side.
  • the verification process may be specifically: the user equipment calculates the AK according to the first random number and the root key K, and then calculates the SQN according to the value obtained by performing an exclusive OR operation between the SQN and the AK in the AK and the AUTN, and then according to the first random number,
  • the AMF in the SQN and the AUTN and the root key K jointly calculate an XMAC, and compare the XMAC with the MAC in the access response message. If they are the same, then check whether the received SQN is equal to the locally saved SQN. Then, the user equipment successfully authenticates the network, and step S407 is performed.
  • the user equipment then calculates RES and K ASME based on the first random number and the root key K, wherein the RES is used by the network to authenticate the
  • the user equipment verifies whether the preset bit in the AMF is set to 1, if not, it indicates that the received first random number does not carry the updated random identifier P′; if yes, it indicates that the first random number is carried Updated random identifier P'. If it is determined that the updated random identifier P' is carried in the first random number, the user equipment needs to parse the updated random identifier P' from the first random number. Specifically, if the first random number includes three parts: X, Y, and a random string, the user equipment needs to split the first random number, and the first random number is removed according to the composition structure of the first random number that is pre-negotiated.
  • Enc (P') It is divided into three parts, corresponding to Enc (P'), MAC (Enc (P')) and random strings.
  • the user equipment performs integrity verification on the MAC (Enc(P')) according to the keys IKP and Enc(P'). Specifically, the user equipment generates a MAC according to the IKP and the Enc (P'), and verifies whether the MAC is related to the MAC ( Enc(P')) is the same, and if so, it indicates that Enc(P') has not been tampered with. Thereafter, the user equipment decrypts Enc(P') using CKP to obtain an updated random identifier P'. Optionally, the user equipment may also decrypt Enc(P') and perform integrity verification on the MAC (Enc(P')).
  • the user equipment needs to split the first random number, and splits the first random number into two parts according to the composition structure of the first random number that is pre-negotiated. Corresponds to Enc(P') and random strings respectively.
  • the user equipment decrypts Enc(P') using CKP to obtain an updated random identifier P'.
  • the user equipment uses CKP to perform Enc(P'
  • the counter records the total number of random identifier updates of the user equipment, and the initial value of C may be 0.
  • C is incremented by 1.
  • C adds 1 and then compares whether the C obtained by the decryption is the same.
  • Y MAC(X
  • C and X are used together to verify whether Y is correct.
  • Y MAC(P')
  • decrypt Pq to verify that Y is correct.
  • Y MAC(P'
  • the decryption results in P', and together with C, it is verified whether Y is correct.
  • the new random identifier P' is saved and the old random identifier P is released.
  • the user equipment may also save both the new random identifier P′ and the old random identifier P, so that if the network cannot successfully access the network through the new random identifier P′ during the access process, the old random number may also be used.
  • the identifier P accesses the network, which improves the probability of the user equipment successfully accessing the network.
  • S407 The user equipment sends the RES to the service network control device.
  • the user equipment sends the RES to the radio access network device, and the radio access network device receives the RES sent by the user equipment.
  • the radio access network device sends an RES to the serving network control device, and the serving network control device receives the RES sent by the radio access network device.
  • the serving network control device receives the RES sent by the user equipment, and compares the RES with the XRES in the AV corresponding to the user equipment. If the same, the service network control device successfully authenticates the user equipment.
  • the serving network control device sends a location update request to the home network control device to which the user equipment belongs, where the location update request carries the random identifier P of the user equipment, and the location update request is used to notify the home network control device of the service network.
  • the control device has successfully authenticated the user device.
  • the serving network control device sends a location update request to the home network control device to which the user equipment belongs, as an example to notify the home network control device that the service network control device has the user equipment.
  • the event that the authentication succeeds wherein the location update request is signaling in the existing access process, and is used to indicate that the location of the user equipment of the home network control device is updated.
  • the serving network control device may further send another signaling message to the home network control device to which the user equipment belongs to notify the home network control device that the serving network control device has successfully authenticated the user equipment. This event is not specifically limited in this embodiment of the present invention.
  • the service network control device notifies the home network control device that the service network control device has successfully authenticated the user device through the newly defined request message.
  • the serving network control device does not send the random identifier P, but sends another message (for example, the string “OK”) to the home network control device to notify the home network control device that the user device has successfully authenticated.
  • the home network control device can determine which user authentication is successful by the call identifiers of the S402 and S406 between the service network control device.
  • the home network control device receives the location update request sent by the service network control device, and according to the random identifier P carried in the location update request, the service network control device has successfully authenticated the user device.
  • the home network control device determines that the service network control device has successfully authenticated the user equipment, save the new random identifier P′ corresponding to the user equipment, and release the old random identifier P corresponding to the user equipment.
  • the new random identifier P' and the old random identifier P corresponding to the user equipment are simultaneously saved.
  • the benefits of doing so The following situation can be avoided: if the home network control device generates the new random identifier P', the old random identifier P is released, and if the third party attacker falsifies the access request message, the home network control device is triggered to be released. The old random identifier P of the legitimate user, so that the legitimate user cannot access the network.
  • the location update confirmation message may also be sent to the serving network control device.
  • the location update acknowledgement message in the embodiment of the present invention is the signaling in the existing access process, and is used to indicate that the location of the user equipment has been updated by the service network control device.
  • the home network control device may notify the service network control device that the location of the user equipment has been updated by using another signaling message, which is not specifically limited in this embodiment of the present invention. .
  • the home network control device notifies the service network control device that the location of the user equipment has been updated by a newly defined acknowledgement message.
  • the home network control device can explicitly notify the user equipment that the first random number includes the updated random identifier by using the first indication information, and the user equipment can directly confirm the received first by analyzing the first indication information.
  • the random number includes the updated random identifier, and no additional calculation process is needed, which saves the overhead of the user equipment and reduces the processing complexity of the user equipment.
  • the user equipment may be divided into two parts: a USIM/SIM module and an ME.
  • Steps S406 and S407 in FIG. 4 are described in detail for the two modules in conjunction with FIG. 5.
  • the process includes the following steps.
  • the ME receives the first random number and the AUTN sent by the serving network control device, where the AUTN includes the first indication information.
  • S502 The ME sends the first random number and the AUTN to the USIM/SIM module.
  • the USIM/SIM module receives the first random number and the AUTN sent by the ME, and performs verification on the network side according to the received first random number and the AUTN.
  • the USIM/SIM module stores a root key K, and verifies the correctness of the AUTN according to the root key K and the first random number. If the verification is successful, the USIM/SIM calculates RES and K ASME .
  • the USIM/SIM module may further share a random identifier P with the home network control device.
  • the USIM/SIM module sends the random identifier P to the ME, and the ME sends the random carrier to the serving network control device.
  • the IMSI is also stored in the USIM/SIM module, and the mapping relationship between the random identifier P and the IMSI is stored.
  • the USIM/SIM module can access the network by using the IMSI.
  • the ME may further share a random identifier P with the home network control device.
  • the ME sends a first access request message carrying the random identifier P to the serving network control device.
  • S504 The USIM/SIM module sends the RES to the ME.
  • the ME receives the RES sent by the USIM/SIM module, and determines, according to the first indication information, whether the updated random identifier P' is included in the first random number.
  • the ME verifies whether the preset bit in the AMF is set to 1, and if yes, it indicates that the first random number in the access response message carries the updated random identifier P', and the ME uses the random identifier encryption key CKP.
  • the method for obtaining the random identifier P' from the first random number can be referred to the description in step S406 in the embodiment shown in FIG. 4, and details are not described herein again.
  • the ME can pre-share the CKP and the IKP with the home network control device.
  • the USIM/SIM module can be upgraded without cost, or the USIM/SIM module and the home network control device pre-share the CKP and the IKP.
  • the USIM/SIM module needs to send the CKP and the IKP to the ME, so that the ME can acquire the updated random identifier P' from the first random number by using the CKP.
  • the ME obtains the new random identifier P'
  • the random identifier P' is saved and the old random identifier P is released, or the ME saves the new random identifier P' while also storing the old random identifier P.
  • the action of acquiring the updated random identifier P' from the first random number using the CKP may also be performed in the USIM/SIM module. At this time, the ME does not need to perform the action again.
  • S505 The ME sends the RES to the serving network control device.
  • the random identifier protection key described in the foregoing embodiment may be pre-shared between the user equipment and the home network control device, or may be derived by using the same key derivation parameter between the user equipment and the home network control device. It can be generated by the home network control device and delivered to the user equipment.
  • the random identification protection key includes the CKP and the IKP, and if the first random number sent by the home network control device to the user equipment includes only X and a random string, and does not include Y, then There is no need to pre-share the IKU between the user equipment and the home network control device, and there is no need to derive the IKU. Therefore, in this scenario, only the generation of the CKP is involved.
  • CKP and IKP may be pre-shared between the user equipment and the home network control device, for example, when the user equipment is manufactured, or when the USIM/SIM module is manufactured, the CKP and the INTP can be written once, and at the same time
  • the CKP and the IKP are also stored in the home network control device.
  • the home network control device sends the updated random identifier to the user equipment
  • the CKP and the IKP are used to encrypt and protect the updated random identifier.
  • the updated random identifier may be decrypted and integrity verified by the CKP and the IKP, so that the updated random identifier is obtained.
  • CKP and IKU are derived from the same key derivation parameter between the user equipment and the home network control device.
  • the home network control device utilizes AKA's process, derived CKP and IKP, user equipment will also derive CKP and IKP in this process, thus achieving the sharing of CKP and IKP between the user equipment and the home network control device. Therefore, in the subsequent process, if the home network control device sends the random identifier to the user equipment, the encryption and integrity protection of the random identifier may be performed by using the CKP and the IKP, thereby improving the security of the random identifier transmission.
  • FIG. 6 specifically includes the following steps.
  • the user equipment sends a second access request message to the serving network control device, where the second access request message carries the random identifier P of the user equipment.
  • the second access request message carries the random identifier P corresponding to the user equipment as an example.
  • the second access request message may further carry other identifiers to identify the user equipment, where the identifier includes But not limited to: IMSI, IMEI, IMPI, IMPU, TMSI, MAC address, IP address, mobile number and GUTI.
  • the serving network control device receives the second access request message sent by the user equipment, and sends a second authentication data request message to the home network control device to which the user equipment belongs, where the second authentication data request message carries the randomness of the user equipment.
  • Identification P The serving network control device receives the second access request message sent by the user equipment, and sends a second authentication data request message to the home network control device to which the user equipment belongs, where the second authentication data request message carries the randomness of the user equipment.
  • Steps S601 and S602 in the embodiment of the present invention may refer to steps S401 and S402 in the embodiment shown in FIG. 4, I will not repeat them here.
  • the home network control device receives the second authentication data request message that is sent by the serving network control device and carries the random identifier P, and generates an authentication vector AV, where the AV includes a second random number and second indication information, where the second indication information is used. Indicates that the user equipment needs to derive CKP and INTP.
  • the second random number in the embodiment of the present invention is not redefined, that is, the second random number is a set of character strings randomly generated by the home network control device.
  • Step S603 differs from step S403 in the embodiment shown in FIG. 4 in the AMF.
  • the home network control device carries the second indication information in the AMF in the AUT to indicate whether the user equipment needs to generate CKP and IKP.
  • the second indication information may be indicated by one bit in the AMF, or may be indicated by two or more bits.
  • AMF is a string of 16 bits, each of which has a different definition, eight of the 16 bits are used for normalization, and the other eight bits are used for specific operators.
  • the home network control device can make a new definition of the unused bits.
  • the unused bits in the initial AMF are all 0.
  • one of the preset bits is set to 1, it indicates that the user equipment needs the user equipment to generate CKP and IKP.
  • the second indication information in the embodiment of the present invention and the first indication information in the embodiment shown in FIG. 4 can respectively occupy different bits in the AMF to distinguish.
  • the second indication information is indicated by the bit in the AMF in the AUTN.
  • the second indication information may also be indicated by other fields, for example, The embodiment of the present invention does not limit this by using one bit or two bits or a plurality of bits in the second random number.
  • the home network control device also generates CKP and IKP using a key derivation parameter and a key derivation algorithm, which is pre-negotiated between the user equipment and the home network control device.
  • IKP KDF ((at least one of K, CK, IK, and K ASME ), (second random number, SQN, At least one of an integrity protection algorithm identifier, a home network control device ID, and an SNID).
  • the home network control device sends an authentication vector AV to the service network control device, where the authentication vector AV includes a second random number and second indication information.
  • the serving network control device receives the AV sent by the home network control device, saves the AV, and sends a second random number and an AUT in the AV to the user equipment, where the AUTN includes second indication information.
  • the user equipment receives the second random number and the AUTN sent by the serving network control device, performs verification on the network side according to the received second random number and the AUTN, and determines, according to the second indication information, that the CKP and the IKP need to be derived.
  • step S406 For the verification process, refer to step S406 in the embodiment shown in FIG. 4, and details are not described herein again.
  • the user equipment verifies whether the preset bit in the AMF is set to 1, if not, it indicates that there is no need to derive CKP and IKP; if so, it indicates that CKP and IKP need to be derived. If it is determined that CKP and IKP need to be determined, the user equipment derives CKP and IKP using a key derivation parameter and a key derivation algorithm that are pre-negotiated with the home network control device.
  • the formula for generating CKP and IKP can be referred to step S604.
  • K ASME is included in the key derivation parameters of CKP and IKP
  • the user equipment needs to generate K ASME using CK and IK first.
  • the CKP and IKU generation process may be performed by the ME in the user equipment. Therefore, in an optional implementation manner, the ME and the home network control
  • the device pre-negotiates the key derivation parameters and the key derivation algorithm.
  • the generation process of CKP and IHP can be performed by the USIM/SIM module. In this way, the USIM/SIM module sends the generated CKP and IKP to the ME.
  • S607 The user equipment sends the RES to the service network control device.
  • the service network control device receives the RES sent by the user equipment, and compares the RES with the XRES in the AV corresponding to the user equipment. If the same, the service network control device successfully authenticates the user equipment.
  • the serving network control device sends a location update request to the home network control device to which the user equipment belongs, where the location update request carries a random identifier P of the user equipment, where the location update request is used to notify the home network control device of the service network.
  • the control device has successfully authenticated the user device.
  • steps S607-S609 refer to steps S407-S409 in the embodiment shown in FIG. 4, and details are not described herein again.
  • the AKA process in the embodiment shown in FIG. 6 is performed before the AKA process in the embodiment shown in FIG. 4, that is, before the AKA process shown in FIG. 4 is performed, the user equipment and the home network control are performed.
  • the device has already performed the process of mutual authentication authentication. Therefore, after executing the embodiment shown in FIG. 6 and executing the embodiment shown in FIG. 4, the process of mutual authentication authentication may not be performed again.
  • the home network control device only needs to send the random identifier updated by the user equipment to the user equipment.
  • the home network control device may simultaneously send the updated random identifier P' and the indication information for instructing the user equipment to derive the CKP and the IKP to the user equipment in one AKA process.
  • the home network control device uses the CKP and the IKP to encrypt and protect the random identifier P'.
  • the embodiment of the present invention is described in conjunction with the process of FIG. 6. The difference between the embodiment of the present invention and the embodiment shown in FIG. 6 is mainly embodied in:
  • the home network control device receives the second authentication data request message carrying the random identifier P sent by the serving network control device, generates a random number, and generates a random number based on the random number and the root key K corresponding to the user equipment.
  • the home network control device generates CKP and IKP based on the random number and the key derivation parameter and the key derivation algorithm, and then encrypts the updated random identifier P′ by using CKP to obtain encrypted data, and completes the encrypted data by using IKP.
  • the Sex Protection provides the integrity protection data.
  • the key derivation parameters and the key derivation algorithm can be referred to in step S603, and details are not described herein again.
  • the second indication information may be indicated by one bit or multiple bits in the AMF. Assume that the unused bits in the initial AMF are all 0. When a preset bit is set to 1, it means that the returned message carries the updated random identifier and the user equipment needs to generate CKP and IKP. When set to 0, it means that the returned message does not carry the updated random identifier and the user equipment does not need to generate CKP and IKP.
  • the home network control device sends the authentication vector AV to the service network control device, the encrypted data obtained by encrypting the updated random identifier P' by using CKP, and the integrity protection obtained by using IKP to perform integrity protection on the encrypted data. data.
  • the service network control device receives the authentication vector AV sent by the home network control device, the encrypted data obtained by encrypting the updated random identifier P' by using CKP, and the integrity protection data obtained by using IKP to perform integrity protection on the encrypted data.
  • User equipment receiving service network control device The random number sent, the encrypted data obtained by encrypting the updated random identifier P' by CKP, and the integrity protection data obtained by using IKP to perform integrity protection on the encrypted data.
  • the user equipment Determining, according to the second indication information carried in the AV, that the returned message carries the updated random identifier and the user equipment needs to generate CKP and IKP, therefore, the user equipment generates CKP and IKP based on the key derivation parameter and the key derivation algorithm.
  • the generated CKP is used to encrypt the encrypted data
  • the generated IKP is used to verify the integrity protection data, thereby obtaining the updated random identifier P'.
  • the CKP and the IKP are generated by the home network control device and sent to the user equipment.
  • the home network control device may generate the self by the AKA process.
  • the CKP and the IKP are sent to the user equipment, and then the updated random identifier P' is sent to the user equipment through an AKA process.
  • the home network control device may send the updated random identifier P' and the CKP and IKP to be used when the new random identifier is sent in the same AKA process to the user equipment.
  • the home network control device sends the CKP and IKP generated by itself to the user equipment through the AKA process before the data transmission process shown in FIG. Specifically, the home network control device sends the CKP and the IKP generated by the home network control device to the user equipment.
  • the second indication information is used to indicate that the second random number includes CKP and IKP.
  • the home network control device generates a CKP and an IKP by using a key derivation parameter and a key derivation algorithm.
  • the key derivation parameter and the key derivation algorithm may be locally configured by the home network control device.
  • the formula for generating the CKP and the IKP may be referred to the description in step S603.
  • the second random number in the embodiment of the present invention needs to be redefined, and the CKP and the IKP generated by the home network control device are carried in the second random number.
  • the second random number is defined as a string consisting of five parts: A, B, C, D, and a random string.
  • the random string is a string randomly generated by the home network control device.
  • A indicates the encrypted data obtained by encrypting the CKP using the root key K of the user equipment
  • B indicates the integrity protection data obtained by integrity protection of the root using the root key K
  • C indicates that the IKP is encrypted by using the root key K.
  • the obtained encrypted data, D represents the integrity protection data obtained by integrity protection of the root using the root key K.
  • CKP and IKU are used for the encryption key and integrity key used by the home network control device to transmit the updated random identifier P' to the user equipment in the subsequent process.
  • the second random number may also include only three parts: A, B, and a random string.
  • A indicates the encrypted data obtained by encrypting the CKP and the IKP together with the root key K of the user equipment
  • B indicates the integrity protection data obtained by using the root key K to perform integrity protection on the A.
  • the home network control device carries the second indication information in the AMF in the AUT to indicate that the second random number includes CKP and IKP.
  • the second indication information may be indicated by one bit in the AMF, or may be indicated by two or more bits.
  • AMF is a string of 16 bits, each of which has a different definition, eight of the 16 bits are used for normalization, and the other eight bits are used for specific operators.
  • the home network control device can make a new definition of the unused bits. It is assumed that the unused bits in the initial AMF are all 0, and when one of the preset bits is set to 1, it means that CKP and IKP are included in the second random number.
  • the user equipment determines, according to the second indication information, that the second random number includes CKP and IKP.
  • the user equipment verifies whether the preset bit in the AMF is set to 1, and if not, indicates that the second random number is CKP and IKP are not included; if so, it indicates that CKP and IKP are included in the second random number. If it is determined that CKP and IKP are included in the second random number, the user equipment needs to parse out CKP and IKP from the second random number. Specifically, if the first random number includes five parts: A, B, C, D, and a random string, the user equipment needs to split the second random number according to the composition structure of the first random number negotiated in advance.
  • the two random numbers are divided into five parts, which respectively correspond to CKP encrypted data, CKP integrity protection data, IKP encrypted data, IKP integrity protection data, and random strings.
  • the user equipment performs integrity verification on the integrity protection data of the CKP according to the encrypted data of the root key K and the CKP. After the verification succeeds, the encrypted data of the CKP is decrypted by using the root key K to obtain the CKP.
  • the user equipment performs integrity verification on the integrity protection data of the IKP according to the encrypted data of the root key K and the IKP. After the verification is successful, the encrypted data of the IKP is decrypted by using the root key K to obtain an IKP.
  • the home network control device protects the new CKP and the IKP together, that is, the third random parameter includes three parts, A, B, and a random string; then the user equipment uses K and A to verify the correctness of B, After the verification is successful, the decryption action is performed for A to obtain CKP and IKP.
  • K is used to perform encryption and integrity protection in the above process. It is also possible to use the old CKP to perform confidentiality protection and the old IKP to perform integrity protection. Correspondingly, the user equipment can use the old CKP to decrypt and obtain the new CKP and IKP. In addition, the old IKP is used to verify whether the integrity is established.
  • the above process only performs confidentiality protection for the new CKP and IKP, and does not perform integrity protection.
  • step S403 if the home network control device determines that the random identifier of the user equipment needs to be updated and needs to derive new CKP' and IKP', the home network control device performs the following actions: generating a random identifier P'.
  • the old random identification protection key encryption and/or integrity protection random identification P' is used.
  • the key derivation parameters and key derivation algorithms used to generate new CKP's and IKU's, and to generate new CKP's and IKP's can be referred to step S603 in the embodiment shown in FIG. Generate a first random number.
  • the first indication information is used to indicate that the first random number includes an updated random identifier and that the user equipment is required to derive new CKP' and IKU'.
  • the new CKP' and IKU' are used by the home network control device to send the updated random identifier P" to the user equipment next time, and the encryption and integrity of the random identifier P" are included, that is, each transmission update is performed.
  • the random identifiers are encrypted and integrity protected with a new key, which further improves the security of the transmitted random identifier.
  • AMF is a string of 16 bits, each of which has a different definition, eight of the 16 bits are used for normalization, and the other eight bits are used for specific operators.
  • the home network control device can make a new definition of the unused bits. Assume that the unused bits in the initial AMF are all 0, and when the preset two bits are set to 1, it means that the first random number contains the updated random identifier P' and the user equipment needs to derive new CKP' and IKU'. When this bit is set to 0, it means that the updated random identifier P' is not included in the first random number and the user equipment does not need Derived new CKP’ and IKU’.
  • the user equipment receives the first random number and the AUTN sent by the serving network control device, and by identifying the first indication information carried by the AMF in the AUTN, it can be determined that the received first random number includes the updated random number. Identify and need to derive new CKP' and IKU'. Specifically, the user equipment verifies whether the preset two bits in the AMF are set to 1, if not, it indicates that the updated random identifier P′ is not carried in the first random number and does not need to derive new CKP′ and IKU′; If so, it indicates that the first random number carries the updated random identifier P' and needs to derive new CKP' and IKP'.
  • the user equipment uses the method in the embodiment shown in FIG. 4 to decrypt the Enc(P') in the first random number by using the old CKP to obtain the updated random identifier P', and adopts the old IKP and Enc ( P') Performs integrity verification on the MAC (Enc(P')) in the first random number. And the user equipment uses the key derivation parameters and the key derivation algorithm in the embodiment shown in FIG. 6 to derive new CKP' and IKU'.
  • Other processes in the embodiment of the present invention are similar to those in the embodiment shown in FIG. 4, and details are not described herein again.
  • the home network control device performs encryption and integrity protection on the new CKP' and IKP' generated by itself, and carries the CKP' and IKP' after the encryption and integrity protection in the first random number and sends the information to the user equipment.
  • the first indication information is used to indicate that the updated random identifier P′ and the new CKP′ and IKP′ are included in the first random number.
  • the home network control device redefines the first random number, and the first random number is composed of X, Y, E, F, G, H, and a random string.
  • X Enc (P')
  • Y MAC (X)
  • E Enc (CKP')
  • F MAC (E)
  • G Enc (IKP')
  • H MAC (G).
  • Enc is an encryption algorithm using the old key CKP
  • MAC Enc (IKP')
  • H MAC (G).
  • Enc is an encryption algorithm using the old key CKP
  • MAC Enc (IKP')
  • H MAC (G).
  • Enc is an encryption algorithm using the old key CKP
  • MAC Enc (IKP')
  • H MAC (G).
  • Enc is an encryption algorithm using the old key CKP
  • MAC is an integrity protection algorithm using the old key IKP.
  • Enc(CKP') indicates encrypted data obtained by encrypting the new key
  • Enc(IKP') represents encrypted data obtained by encrypting the new key IKP' using CKP.
  • MAC (G) represents the integrity protection data obtained by integrity protection of the new key IKP' using IKP. It should be noted that the key used for encrypting or completing the new key CKP', the key used to encrypt or integrity protect the new key IKP', and the random identifier P' are encrypted or The keys used for integrity protection may be the same or different, and the keys used require the user equipment to pre-negotiate with the home network control device.
  • the first random number format is X, Y, E, F, and a random string.
  • X and Y is the same as described above.
  • IKP') and F MAC(E).
  • the new CKP' and IKU' can be simultaneously transmitted to the user equipment through E.
  • the first random number format is X, Y, E, F, and a random string.
  • K is used in the process to perform encryption and integrity protection. It is also possible to use the old CKP to perform confidentiality protection and the old IKP to perform integrity protection. Correspondingly, the user equipment can use the old CKP to decrypt and obtain the new CKP and IKP. In addition, the old IKP is used to verify whether the integrity is established.
  • the first indication information may be indicated by one bit in the AMF, or may be indicated by two or more bits.
  • AMF is a string of 16 bits, each of which has a different definition, eight of the 16 bits are used for normalization, and the other eight bits are used for specific operators.
  • the home network control device can make a new definition of the unused bits. It is assumed that the unused bits in the initial AMF are all 0, and when one of the preset bits is set to 1, it indicates that the first random number includes the updated random identifier P' and the new CKP' and IKP'.
  • the user equipment may determine, according to the first indication information carried in the AUTN, that the first random number includes the updated random identifier P′ and the new CKP′ and IKP′, thereby From the first The updated random identifier P' and the new CKP' and IKP' are obtained in a random number.
  • the user equipment verifies whether the preset bit in the AMF is set to 1, if not, it indicates that the first random number in the first access response message does not carry the updated random identifier P′ and the new CKP′ and IKP'; if yes, it indicates that the first random number in the first access response message carries the updated random identifier P' and the new CKP' and IKP'. If it is determined that the updated random identifier P' and the new CKP' and IKU' are carried in the first random number, the user equipment uses the old keys CKP and X to perform integrity verification on Y. After the verification succeeds, the old secret is adopted. The key CKP decrypts X to obtain an updated random identifier P'.
  • the user equipment uses the old keys CKP and E to perform integrity verification on F. After the verification is successful, the old key CKP is used to decrypt E to obtain a new CKP'.
  • the user equipment uses the old keys CKP and G to perform integrity verification on H. After the verification is successful, the old key CKP is used to decrypt G to obtain a new IKP'.
  • the home network control device and the user equipment can share the keys CKP and IKP, thereby implementing encryption and integrity protection on the random identifier, and improving the security of the random identifier.
  • FIG. 7 is a schematic flowchart diagram of another data transmission method according to an embodiment of the present invention.
  • the data transmission method includes the following steps.
  • the user equipment sends a first access request message to the serving network control device, where the first access request message carries the random identifier P of the user equipment.
  • the serving network control device receives the first access request message sent by the user equipment, and sends a first authentication request message to the home network control device to which the user equipment belongs, where the first authentication request message carries the random identifier of the user equipment. .
  • steps S701 and S702 in the embodiment of the present invention reference may be made to steps S401 and S402 in the embodiment shown in FIG. 4, and details are not described herein again.
  • the home network control device receives the first authentication data request message that is sent by the service network control device and carries the random identifier P. If it is determined that the random identifier of the user equipment needs to be updated, the home network control device generates a random number, and according to the random number, Generate a new random identifier.
  • the home network control device generates a random number, and combines the random number, the identifier derivation parameter, and the identifier derivation algorithm to derive a new random identifier.
  • the identifier derivation parameters include but are not limited to CK, IK, SQN, and the identifier derivation algorithm includes but is not limited to: HMACsha256 function, or KDF function.
  • step S704 The home network control device determines whether the new random identifier is not used by another user equipment. If it is determined that the new random identifier has been used by another user equipment, the process returns to step S703; if it is determined that the new random identifier is not The user equipment is used, and step S705 is performed.
  • the home network control device saves the correspondence between the user equipment and the new random identifier, and sends an authentication vector AV to the service network control device, where the authentication vector AV includes the random number.
  • the home network control device may delete the old random identifier corresponding to the user equipment, or the home network control device may also include the correspondence between the user equipment and the old random identifier corresponding to the user equipment.
  • the serving network control device receives the AV sent by the home network control device, saves the AV, and sends the random number and the AUTN in the AV to the user equipment.
  • step S707 The user equipment receives the random number and the AUTN sent by the serving network control device, derives a new random identifier according to the random number, the identifier derivation parameter, and the identifier derivation algorithm, and according to the received random number and the AUTN, the network After the verification is performed on the side, after the verification is successful, step S708 is performed.
  • S708 The user equipment sends the RES to the serving network control device.
  • the serving network control device receives the RES sent by the user equipment, and compares the RES with the XRES in the AV corresponding to the user equipment. If the same, the service network control device successfully authenticates the user equipment.
  • the serving network control device sends a location update request to the home network control device to which the user equipment belongs, where the location update request carries a random identifier P of the user equipment, where the location update request is used to notify the home network control device of the service network.
  • the control device has successfully authenticated the user device.
  • the home network control device receives the location update request sent by the service network control device, and according to the random identifier P carried in the location update request, the service network control device has successfully authenticated the user device.
  • steps S705-S711 in the embodiment of the present invention reference may be made to steps S404-S410 in the embodiment shown in FIG. 4, and details are not described herein again.
  • the description is made by taking the default of each AKA based on the random number to obtain a new random identifier, so there is no need to define an AMF action.
  • the method of the first indication information in the embodiment shown in FIG. 4 may be used to notify the user equipment that a new random identifier needs to be derived based on the received random number. In this manner, how to define the AMF can be seen in FIG. 4 . Corresponding descriptions in the illustrated embodiments are not described herein again.
  • the home network control device may derive a new random identifier, and after determining that the new random identifier is not used by other user equipments, send the random number generated by the random identifier to the user equipment, and the user The device derives the new random identifier based on the random number. Therefore, the transmission of the new random identifier can be avoided, and the privacy and security of the user equipment are further improved.
  • the embodiment of the present invention further describes a structure of a home network control device that is the same as the method embodiment described above with reference to FIG. 4 to FIG.
  • the home network control device 800 is configured to perform the functions of the home network control device in the method embodiment shown in FIG. 4 to FIG. 7, and includes: a receiving unit 801, a processing unit 802, and a sending unit 803.
  • the receiving unit 801 is configured to receive a first authentication data request message that is sent by the serving network control device, where the first authentication data request message includes a first identifier corresponding to the user equipment, and the processing unit 802 is configured to generate the user. a first random identifier corresponding to the device; the sending unit 803 is configured to send, by using the serving network control device, the first random number and the first indication information to the user equipment, where the first random number includes adopting the first shared secret
  • the first encrypted data obtained by encrypting the first data group by the key, the first data group includes the first random identifier, and the first indication information is used to indicate that the user equipment determines according to the first indication information.
  • the first random identifier is included in the first random number.
  • the first random number further includes first integrity protection data obtained by performing integrity protection on the first encrypted data by using a second shared key.
  • the second shared key is a root key pre-shared between the user equipment and the home network control device; or the second shared key is the user equipment and the home network Controlling a random identifier integrity key pre-shared between the devices, the random identifier integrity key being used for integrity protection of the random identifier of the user equipment Protection.
  • the first shared key is a root key pre-shared between the user equipment and the home network control device; or the first shared key is the user equipment and the home network And a random identifier encryption key pre-shared between the control devices, where the random identifier encryption key is used to encrypt the random identifier of the user equipment.
  • the receiving unit 801 before the receiving unit 801 receives the first authentication data request message sent by the serving network control device, the receiving unit 801 is further configured to receive a second authentication data request message sent by the serving network control device, where The second authentication data request message includes a second identifier corresponding to the user equipment; the processing unit 802 is further configured to generate the first shared key by using a first key derivation parameter; the sending unit 803 And the second indication information is sent to the user equipment by the service network control device, where the second indication information is used to instruct the user equipment to generate the first share by using the first key derivation parameter. Key.
  • the receiving unit 801 before the receiving unit 801 receives the first authentication data request message sent by the serving network control device, the receiving unit 801 is further configured to receive a second authentication data request message sent by the serving network control device, where The second authentication data request message includes a second identifier corresponding to the user equipment; the processing unit 802 is further configured to generate the second shared key by using a second key derivation parameter; the sending unit 803 And the second indication information is sent to the user equipment by the service network control device, where the second indication information is used to instruct the user equipment to generate the second share by using the second key derivation parameter. Key.
  • the sending unit 803 sends, by using the serving network control device, the first random number and the first
  • the processing unit 802 is further configured to generate the first shared key by using a first key derivation parameter, where the first indication information is further used to indicate that the user equipment adopts the first secret
  • the key derivation parameter generates the first shared key.
  • the sending unit 803 sends, by using the serving network control device, the first random number and the first
  • the processing unit 802 is further configured to generate the second shared key by using a second key derivation parameter, where the first indication information is further used to indicate that the user equipment adopts the second secret
  • the key derivation parameter generates the second shared key.
  • the processing unit 802 is further configured to generate a third shared key by using the third key derivation parameter, where The third shared key is used to encrypt the second random identifier when the home network control device sends the updated second random identifier to the user equipment; the first indication information is further used to indicate the user The device generates the third shared key by using the third key derivation parameter.
  • the processing unit 802 is further configured to generate a fourth shared key by using the fourth key derivation parameter, where The fourth shared key is used to perform integrity protection on the second random identifier when the home network control device sends the second random identifier to the user equipment; the first indication information is further used to indicate the location The user equipment generates the fourth shared key by using the fourth key derivation parameter.
  • the home network control device 800 is presented in the form of a functional unit.
  • a "unit” herein may refer to an ASIC circuit, a processor and memory that executes one or more software or firmware programs, integrated logic circuits, and/or Or other devices that provide the above functions.
  • the home network control device 800 can take the form shown in FIG.
  • the receiving unit 801, the processing unit 802, and the transmitting unit 803 can be implemented by the processor and the memory of FIG.
  • the embodiment of the present invention further describes a structural diagram of a user equipment according to the same inventive concept as the foregoing method embodiments shown in FIG. 4 to FIG.
  • the user equipment 900 is configured to perform the functions of the user equipment in the method embodiment shown in FIG. 4 to FIG. 7, and includes: a sending unit 901, a receiving unit 902, and a processing unit 903.
  • the sending unit 901 is configured to send a first access request message to the serving network control device, where the first access request message includes a first identifier corresponding to the user equipment, and the receiving unit 902 is configured to receive a home network. Controlling, by the foregoing service network, the first random number and the first indication information, where the first random number includes the first encrypted data obtained by encrypting the first data group by using the first shared key, where The first data group includes a first random identifier corresponding to the user equipment, and the processing unit 903 is configured to determine, according to the first indication information, that the first random identifier is included in the first random number; the processing unit 903 And using the first shared key to decrypt the first encrypted data to obtain the first random identifier.
  • the first random number further includes first integrity protection data obtained by performing integrity protection on the first encrypted data by using a second shared key; and receiving, by the receiving unit 902, a home network control device. After the first random number and the first indication information sent by the service network control device,
  • the processing unit 903 is further configured to perform integrity verification on the first integrity protection data by using the second shared key.
  • the second shared key is a root key pre-shared between the user equipment and the home network control device; or the second shared key is the user equipment and the home network And a random identifier integrity key pre-shared between the devices, where the random identifier integrity key is used to perform integrity protection on the random identifier of the user equipment.
  • the first shared key is a root key pre-shared between the user equipment and the home network control device; or the first shared key is the user equipment and the home network And a random identifier encryption key pre-shared between the control devices, where the random identifier encryption key is used to encrypt the random identifier of the user equipment.
  • the sending unit 901 is further configured to send the second to the serving network control device.
  • An access request message where the second access request message includes a second identifier corresponding to the user equipment, and the receiving unit 902 is further configured to receive, by using the serving network control device, the home network control device Second indication information;
  • the processing unit 903 is further configured to generate the first shared key by using a first key derivation parameter according to the second indication information.
  • the sending unit 901 is further configured to send the second to the serving network control device.
  • An access request message where the second access request message includes a second identifier corresponding to the user equipment, and the receiving unit 902 is further configured to receive, by using the serving network control device, the home network control device Second indication information;
  • the processing unit 903 is further configured to generate, according to the second indication information, the second key derivation parameter to generate the Two shared keys.
  • the first indication information is further used to indicate that the user equipment generates the first shared key by using a first key derivation parameter; and the processing unit 903 adopts the first shared key pair
  • the processing unit 903 is further configured to generate the first shared secret by using the first key derivation parameter according to the first indication information, before the first encrypted data is decrypted to obtain the first random identifier. key.
  • the first indication information is further used to indicate that the user equipment generates the second shared key by using a second key derivation parameter; and the processing unit 903 adopts the first shared key pair
  • the processing unit 903 is further configured to generate the second shared secret by using the second key derivation parameter according to the first indication information, before the first encrypted data is decrypted to obtain the first random identifier. key.
  • the first indication information is further used to indicate that the user equipment generates a third shared key by using a third key derivation parameter, where the third shared key is used by the home network control device
  • the second random identifier is encrypted when the user equipment sends the updated second random identifier; after the receiving unit 902 receives the first random number and the first indication information sent by the home network control device by the serving network control device,
  • the processing unit 903 is further configured to generate the third shared key by using the third key derivation parameter.
  • the first indication information is further used to indicate that the user equipment generates a fourth shared key by using a fourth key derivation parameter, where the fourth shared key is used by the home network control device Performing integrity protection on the second random identifier when the user equipment sends the second random identifier; receiving, by the receiving unit 902, a first random number and first indication information sent by the home network control device by using the service network control device
  • the processing unit 903 is further configured to generate the fourth shared key by using the fourth key derivation parameter.
  • user device 900 is presented in the form of a functional unit.
  • a "unit” herein may refer to an ASIC circuit, a processor and memory that executes one or more software or firmware programs, integrated logic circuits, and/or other devices that provide the functionality described above.
  • user device 900 can take the form shown in FIG.
  • the transmitting unit 901, the receiving unit 902, and the processing unit 903 can be implemented by the processor and the memory of FIG.
  • the embodiment of the present invention further describes a structure of a service network control device that is the same as the method embodiment described above with reference to FIG. 4 to FIG.
  • the service network control device 1000 is configured to perform the functions of the service network control device in the method embodiment shown in FIG. 4 to FIG. 7, and includes: a receiving unit 1001, a sending unit 1002, and a processing unit 1003.
  • the receiving unit 1001 is configured to receive a first access request message sent by the user equipment, where the first access request message includes a first identifier corresponding to the user equipment, and the sending unit 1002 is configured to control the home network.
  • the device sends a first authentication data request message, the first authentication data request message includes the first identifier, and the processing unit 1003 is configured to perform authentication on the user equipment.
  • the sending unit 1002 is further configured to be in the processing unit 1001. After the user equipment is successfully authenticated, the authentication success message is sent to the home network control device, where the authentication success message is used to indicate that the home network control device has successfully authenticated the user equipment.
  • the authentication success message includes a first identifier corresponding to the user equipment or a first random identifier corresponding to the user equipment.
  • the service network control device 1000 is presented in the form of a functional unit.
  • a "unit” herein may refer to an ASIC circuit, a processor and memory that executes one or more software or firmware programs, integrated logic circuits, and/or Or other devices that provide the above functions.
  • the service network control device 1000 can take the form shown in FIG.
  • the receiving unit 1001, the transmitting unit 1002, and the processing unit 1003 can be implemented by the processor and the memory of FIG.
  • the embodiment of the present invention further provides a computer storage medium for storing computer software instructions used by the home network control device shown in FIG. 8 above, which includes a program designed to execute the foregoing method embodiments.
  • the embodiment of the present invention further provides another computer storage medium for storing computer software instructions used by the user equipment described in FIG. 9 above, which includes a program designed to execute the foregoing method embodiments.
  • the embodiment of the present invention further provides another computer storage medium for storing computer software instructions used by the user equipment described in FIG. 10 above, which includes a program designed to execute the foregoing method embodiments.
  • the foregoing storage medium includes various media that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

La présente invention concerne un procédé de transmission de données et un dispositif associé. Le procédé comprend les étapes suivantes : un dispositif de commande de réseau domestique reçoit un premier message de demande de données d'authentification transmis par un dispositif de commande de réseau de desserte, le premier message de demande de données d'authentification comprenant un premier identifiant correspondant à un équipement utilisateur; le dispositif de commande de réseau domestique transmet des premiers nombres aléatoires et des premières informations d'indication à l'équipement utilisateur correspondant au premier identifiant par l'intermédiaire du dispositif de commande de réseau de desserte, les premiers nombres aléatoires comprenant des premières données cryptées produites à l'aide d'une première clé partagée commune afin de crypter un premier groupe de données, le premier groupe de données comprenant un identifiant aléatoire correspondant à l'équipement utilisateur, les premières informations d'indication étant utilisées pour indiquer à l'équipement utilisateur de déterminer, sur la base des premières informations d'indication, que les premiers nombres aléatoires comprennent l'identifiant aléatoire. L'utilisation de modes de réalisation de la présente invention économise la charge de calcul pour l'équipement utilisateur lorsqu'il est déterminé que les nombres aléatoires reçus comprennent un identifiant aléatoire mis à jour, ce qui permet d'économiser un surdébit pour l'équipement utilisateur.
PCT/CN2017/090256 2016-10-31 2017-06-27 Procédé de transmission de données et dispositif associé WO2018076740A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610926805.8 2016-10-31
CN201610926805.8A CN108012266B (zh) 2016-10-31 2016-10-31 一种数据传输方法及相关设备

Publications (1)

Publication Number Publication Date
WO2018076740A1 true WO2018076740A1 (fr) 2018-05-03

Family

ID=62023084

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/090256 WO2018076740A1 (fr) 2016-10-31 2017-06-27 Procédé de transmission de données et dispositif associé

Country Status (2)

Country Link
CN (1) CN108012266B (fr)
WO (1) WO2018076740A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784317A (zh) * 2019-10-30 2020-02-11 京东方科技集团股份有限公司 一种数据加密的交互方法、装置及系统
US20200305001A1 (en) * 2018-08-23 2020-09-24 Huawei Technologies Co., Ltd. Routing method, apparatus, and system
CN111918291A (zh) * 2020-09-02 2020-11-10 中国联合网络通信集团有限公司 一种接入方法及装置
CN112636906A (zh) * 2020-12-11 2021-04-09 海光信息技术股份有限公司 密钥协商方法及装置
CN113163399A (zh) * 2020-01-07 2021-07-23 阿里巴巴集团控股有限公司 一种终端与服务器的通信方法和装置

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111432404B (zh) * 2019-01-09 2022-11-18 中兴通讯股份有限公司 信息处理方法及装置
CN112699132B (zh) * 2021-03-22 2022-04-22 阿里云计算有限公司 安全模块解密的方法以及装置
CN113783887B (zh) * 2021-09-22 2023-07-18 广东九联科技股份有限公司 基于网络通信的远程控制方法、系统及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101699890A (zh) * 2009-10-30 2010-04-28 天津工业大学 一种3g-wlan认证方法
CN101771992A (zh) * 2009-01-04 2010-07-07 中国移动通信集团公司 国际移动用户标识符imsi机密性保护的方法、设备及系统
CN101959183A (zh) * 2010-09-21 2011-01-26 中国科学院软件研究所 一种基于假名的移动用户标识码imsi保护方法
CN102158828A (zh) * 2010-02-11 2011-08-17 华为终端有限公司 短消息处理方法和设备
US20150223062A1 (en) * 2012-08-23 2015-08-06 Telefonaktiebolaget L M Ericsson (Publ) Access Control for a Wireless Local Area Network

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100571134C (zh) * 2005-04-30 2009-12-16 华为技术有限公司 在ip多媒体子系统中认证用户终端的方法
CN100428718C (zh) * 2005-10-19 2008-10-22 华为技术有限公司 一种非ims移动终端接入ims域的鉴权注册方法及装置
CN101931955B (zh) * 2010-09-03 2015-01-28 中兴通讯股份有限公司 认证方法、装置及系统
CN102395130B (zh) * 2011-11-01 2014-06-04 重庆邮电大学 一种lte中鉴权的方法
CN104754581B (zh) * 2015-03-24 2018-01-19 河海大学 一种基于公钥密码体制的lte无线网络的安全认证方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101771992A (zh) * 2009-01-04 2010-07-07 中国移动通信集团公司 国际移动用户标识符imsi机密性保护的方法、设备及系统
CN101699890A (zh) * 2009-10-30 2010-04-28 天津工业大学 一种3g-wlan认证方法
CN102158828A (zh) * 2010-02-11 2011-08-17 华为终端有限公司 短消息处理方法和设备
CN101959183A (zh) * 2010-09-21 2011-01-26 中国科学院软件研究所 一种基于假名的移动用户标识码imsi保护方法
US20150223062A1 (en) * 2012-08-23 2015-08-06 Telefonaktiebolaget L M Ericsson (Publ) Access Control for a Wireless Local Area Network

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200305001A1 (en) * 2018-08-23 2020-09-24 Huawei Technologies Co., Ltd. Routing method, apparatus, and system
US11974132B2 (en) * 2018-08-23 2024-04-30 Huawei Technologies Co., Ltd. Routing method, apparatus, and system
CN110784317A (zh) * 2019-10-30 2020-02-11 京东方科技集团股份有限公司 一种数据加密的交互方法、装置及系统
US11477018B2 (en) 2019-10-30 2022-10-18 Beijing Boe Technology Development Co., Ltd. Method, device and system for encrypting interactive data
CN113163399A (zh) * 2020-01-07 2021-07-23 阿里巴巴集团控股有限公司 一种终端与服务器的通信方法和装置
CN113163399B (zh) * 2020-01-07 2024-06-11 阿里巴巴集团控股有限公司 一种终端与服务器的通信方法和装置
CN111918291A (zh) * 2020-09-02 2020-11-10 中国联合网络通信集团有限公司 一种接入方法及装置
CN111918291B (zh) * 2020-09-02 2022-08-12 中国联合网络通信集团有限公司 一种接入方法及装置
CN112636906A (zh) * 2020-12-11 2021-04-09 海光信息技术股份有限公司 密钥协商方法及装置

Also Published As

Publication number Publication date
CN108012266B (zh) 2021-04-09
CN108012266A (zh) 2018-05-08

Similar Documents

Publication Publication Date Title
JP6877524B2 (ja) ワイヤレス通信のための装置および方法
JP6778843B2 (ja) 加入秘匿化識別子
JP6492115B2 (ja) 暗号鍵の生成
WO2018076740A1 (fr) Procédé de transmission de données et dispositif associé
US10187202B2 (en) Key agreement for wireless communication
US11075752B2 (en) Network authentication method, and related device and system
US11974132B2 (en) Routing method, apparatus, and system
US20180199205A1 (en) Wireless network connection method and apparatus, and storage medium
WO2018201946A1 (fr) Procédé de génération de clé d'ancrage, dispositif et système
CN112512045B (zh) 一种通信系统、方法及装置
US11909869B2 (en) Communication method and related product based on key agreement and authentication
US20230327857A1 (en) Communication Method and Apparatus
US20210165885A1 (en) Extended Authentication Method And Apparatus For Generic Bootstrapping Architecture, And Storage Medium
WO2020087286A1 (fr) Procédé, dispositif et système de production de clés
WO2020215958A1 (fr) Procédé de traitement d'informations d'authentification, et terminal et dispositif de réseau
CN111836260A (zh) 一种认证信息处理方法、终端和网络设备
WO2021082558A1 (fr) Procédé de contrôle d'accès pour tranche de réseau, appareil et support de stockage
WO2022067627A1 (fr) Procédé pour empêcher une fuite d'un numéro de séquence d'authentification d'un terminal mobile
WO2017118269A1 (fr) Procédé et appareil de protection d'identité d'interface radio
Chienhor One Step toward IoT Authentication in Mobile Systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17863725

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17863725

Country of ref document: EP

Kind code of ref document: A1