WO2020140929A1 - Key generation method, ue, and network device - Google Patents

Key generation method, ue, and network device Download PDF

Info

Publication number
WO2020140929A1
WO2020140929A1 PCT/CN2020/070046 CN2020070046W WO2020140929A1 WO 2020140929 A1 WO2020140929 A1 WO 2020140929A1 CN 2020070046 W CN2020070046 W CN 2020070046W WO 2020140929 A1 WO2020140929 A1 WO 2020140929A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
auxiliary
session
session key
udm
Prior art date
Application number
PCT/CN2020/070046
Other languages
French (fr)
Chinese (zh)
Inventor
刘福文
Original Assignee
中国移动通信有限公司研究院
中国移动通信集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国移动通信有限公司研究院, 中国移动通信集团有限公司 filed Critical 中国移动通信有限公司研究院
Publication of WO2020140929A1 publication Critical patent/WO2020140929A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Definitions

  • This application relates to the field of information processing technology, and in particular to a key generation method, UE (User Equipment), network equipment, system, and computer storage medium.
  • UE User Equipment
  • the security architecture is the guarantee for the normal operation of the 5G network.
  • the authentication protocol is the cornerstone of building a 5G security architecture.
  • the UE and the network each need to generate DH key exchange related parameters.
  • the generation of these parameters requires the use of asymmetric algorithms, which consumes a lot of computing resources, which is particularly unacceptable for IoT terminals, and this kind of processing can only prevent passive attacks (eavesdropping), not active attacks (man-in-the-middle attacks), In other words, the security of the session key currently used in communication needs to be improved.
  • the embodiments of the present application provide a key generation method, a UE, a network device, a system, and a computer storage medium.
  • a key generation method is provided, which is applied to a UE.
  • the method includes:
  • auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
  • generating the session key at least based on the auxiliary key includes:
  • the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
  • a key generation method which is applied to a first network device, and the method includes:
  • auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
  • generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication. .
  • a key generation method which is applied to a second network device, and the method includes:
  • auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
  • generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • a UE including:
  • the first processor is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key;
  • a first communication interface used to communicate with the network side based on the session key
  • the first processor is used to generate the session key based on the session key generated by the long-term key and the auxiliary key;
  • the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
  • a first network device including:
  • the second communication interface is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the session key Key to communicate with the UE;
  • a second processor configured to generate the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE;
  • the second processor is used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • a second network device including:
  • the third processor is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least based on the auxiliary key corresponding to the UE The key generates the session key corresponding to the UE;
  • a third communication interface configured to send the session key corresponding to the UE to the first network device
  • the third processor is used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • a computer storage medium on which a computer program is stored, wherein the computer program is executed by a processor to implement the steps of the foregoing method
  • a key generation system including: at least one UE and an authentication service function AUSF entity; wherein,
  • the UE is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key, based on The session key is communicated with the network side;
  • the AUSF entity is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the session key
  • the key communicates with the UE; at least based on the auxiliary key corresponding to the UE to generate the session key corresponding to the UE;
  • the UE is specifically used to generate the session key based on the session key generated by the long-term key and the auxiliary key;
  • the session key used for the side communication to generate this session key;
  • the AUSF is specifically used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • a key generation system including: at least one UE, an authentication service function AUSF entity, and a UDM entity; wherein,
  • the UE is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key, based on The session key is communicated with the network side;
  • the UDM entity is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least based on the auxiliary key corresponding to the UE
  • the key generates the session key corresponding to the UE; sends the session key corresponding to the UE to the AUSF entity;
  • the AUSF entity is used to communicate with the UE based on the session key corresponding to the UE;
  • the UE is specifically used to generate the session key based on the session key generated by the long-term key and the auxiliary key; or, the session key generated by the long-term key, the auxiliary key and the last time with the network
  • the session key used for the side communication to generate this session key
  • the UDM entity is specifically used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • the technical solution of the embodiment of the present application can, when generating the final session key, in addition to the long-term key, also combine the auxiliary key, or combine the auxiliary key and the session key used in the previous communication, The generation of the session key is performed jointly; thus, the security of the session key can be enhanced without major changes to the original authentication protocol.
  • FIG. 1 is a schematic diagram 1 of a key generation method provided by an embodiment of the present application.
  • FIG. 2 is a schematic diagram 2 of a key generation method provided by an embodiment of the present application.
  • FIG. 3 is a schematic flowchart 3 of a key generation method according to an embodiment of this application.
  • FIG. 4 is a schematic flowchart 4 of a key generation method according to an embodiment of the present application.
  • FIG. 5 is a schematic diagram of a composition structure of a UE provided by an embodiment of the present application.
  • FIG. 6 is a schematic structural diagram of a composition of a first network device provided by an embodiment of this application.
  • FIG. 7 is a schematic structural diagram of a composition of a second network device provided by an embodiment of this application.
  • FIG. 8 is a schematic diagram of a system composition structure provided by an embodiment of the present application.
  • an embodiment of the present application provides a key generation method, which is applied to a UE.
  • the method includes:
  • Step 101 Obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
  • Step 102 Generate the session key based on at least the auxiliary key, and communicate with the network side based on the session key;
  • generating the session key at least based on the auxiliary key includes:
  • the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
  • This embodiment provides a variety of specific processing scenarios, which are described below respectively:
  • Scenario 1 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • the specific instructions are as follows:
  • the obtaining the auxiliary key includes:
  • auxiliary keys After processing at least one of the shared key, encryption key, and integrity key with UDM, obtain one of the auxiliary keys; or, the shared key, encryption key, and One of the integrity keys serves as the auxiliary key.
  • any one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM can be used directly as the auxiliary key; for example, the shared key can be used directly as the auxiliary key, or the encryption key The key is directly used as the auxiliary key, or the integrity key is used as the auxiliary key.
  • the method when generating the auxiliary key, the method further includes:
  • the mobile identification number (MISN, Mobile Identification) number of the permanent identification SUPI of the UE is encrypted based on the elliptic curve comprehensive encryption system ECIES to generate an encrypted SUPI; SUPI is sent to the network side.
  • MISN Mobile Identification
  • the encrypted SUPI may be SUCI; where the encrypted SUPI is sent to the network side, it may be: a security anchor function (SEAF, SEcurity Anchor Function) that sends SUCI to the network side; and SEAF sends SUCI to the authentication service function (AUSF, Authentication Server Function), and AUSF sends SUCI to UDM;
  • SEAF SEcurity Anchor Function
  • AUSF Authentication Server Function
  • UDM decrypts the SUCI to obtain SUPI.
  • UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment.
  • the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal device uses for processing; thereafter UDM will send the auxiliary key to AUSF;
  • UDM Unified Data Management
  • the UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, a session key is generated.
  • the way to generate the session key includes:
  • the session key is generated based on the long-term key; the session key is generated based on the session key and the auxiliary key.
  • KSEAF KSEAF *
  • KSEAF* KDF (KSEAF, KASIS, AP)
  • KDF is a key derivation function, such as HMAC-SHA-256
  • AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not appear in the formula.
  • UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
  • Scenario 2 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • the obtaining the auxiliary key includes:
  • a random number is generated as an auxiliary key.
  • the method for generating the auxiliary key may be a random number generated locally by the UE. It can be understood that when the UE generates the auxiliary key, the network side has not yet obtained the auxiliary key. Therefore, further, after generating the auxiliary key, the method further includes:
  • the auxiliary key will also be sent to the network side as the encrypted content of the SUCI.
  • the UE may send the SUCI to the UDM on the network side.
  • the UE When the UE connects to the network for the first time, it generates the auxiliary key KASIS, uses the ECIES scheme to encrypt the user's permanent identification SUPI and KASIS, and generates SUCI, and passes the SUCI to SEAF.
  • the contents of SUCI are as follows:
  • SUCI type of SUPI + home network identifier + route identifier + protection scheme identifier + BPUB + APUB + KE ⁇ MSIN, KASIS ⁇ + Tag.
  • SEAF passes SUCI to AUSF, and AUSF passes SUCI to UDM;
  • UDM decrypts SUCI to obtain SUPI, finds the UE's Profile according to SUPI, and then determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA' ), the processing method here is the same as that in scenario 1 and will not be repeated here.
  • UDM passes KASIS to AUSF in the Nudm_Authentication_Get Response message
  • the UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key is generated.
  • the method of generating the session key in this scenario is also the same as in scenario 1, so it will not be described in detail.
  • the same UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
  • Scenario 3 Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
  • This session key is generated based on the session key, the auxiliary key, and the session key used in the previous communication.
  • the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here.
  • scenario 1 and scenario 2 the difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added.
  • the UE and AUSF generate the final session key KSEAF*, in addition to KSEAF and KASIS, the last final session key KSEAF*_pre stored in the UE and AUSF, respectively, is also used.
  • the final session key KSEAF* is calculated as follows:
  • KSEAF* KDF (KSEAF, KASIS, KSEAF*_pre, AP)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not be visible in the formula.
  • scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
  • Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively.
  • the final session key KSEAF*_pre In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
  • an embodiment of the present application provides a key generation method, which is applied to a first network device, and the method includes:
  • Step 301 Obtain the auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
  • Step 302 Generate a session key corresponding to the UE based at least on the auxiliary key corresponding to the UE, and communicate with the UE based on the session key;
  • generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • the first network device involved in this embodiment may be regarded as a device with AUSF function on the network side.
  • This embodiment provides a variety of specific processing scenarios, which are described below respectively:
  • Scenario 1 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • the specific instructions are as follows:
  • the obtaining the auxiliary key includes:
  • the auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of the shared key, the encryption key, and the integrity key between the UE and UDM; or, One of the shared key, encryption key, and integrity key between the UE and the UDM serves as the auxiliary key.
  • At least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys.
  • any one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM can be used directly as the auxiliary key; for example, the shared key can be used directly as the auxiliary key, or the encryption key The key is directly used as the auxiliary key, or the integrity key is used as the auxiliary key.
  • KASIS KDF (KECDH, sharedinfo)
  • KDF is a key derivation function, such as HMAC-SHA-256
  • shared information sharedinfo
  • UDM it can also be empty.
  • the permanent identity SUPI of the UE is encrypted based on the elliptic curve comprehensive encryption system ECIES to generate the encrypted SUPI; the encrypted SUPI is generated; Send to the network side.
  • the encrypted SUPI may be SUCI; where the encrypted SUPI is sent to the network side, it may be: a security anchor function (SEAF, SEcurity Anchor Function) that sends SUCI to the network side; and SEAF sends SUCI to the authentication service function (AUSF, Authentication Server Function), which is the first network device, and AUSF sends SUCI to UDM;
  • SEAF SEcurity Anchor Function
  • AUSF Authentication Server Function
  • UDM decrypts the SUCI to obtain SUPI.
  • UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment.
  • the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal device uses for processing; thereafter UDM will send the auxiliary key to AUSF;
  • UDM Unified Data Management
  • the UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, a session key is generated.
  • the way to generate the session key includes:
  • the current session key used for communication between the network side and the UE is generated.
  • the UE and AUSF that is, the first network device respectively use KSEAF and KASIS to generate the final session key KSEAF*, which is calculated as follows:
  • KSEAF* KDF (KSEAF, KASIS, AP)
  • KDF is a key derivation function, such as HMAC-SHA-256
  • AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not appear in the formula.
  • UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
  • Scenario 2 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • This scenario is different from scenario 1 in that the auxiliary key generation method is different, but for the first network device, the auxiliary key is obtained from UDM in the same way as scenario 1, in addition, other processing procedures are different from Scene 1 is the same, so it will not be repeated here.
  • Scenario 3 Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
  • the current session key used for communication between the network side and the UE is generated.
  • the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here.
  • scenario 1 and scenario 2 the difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added.
  • the UE and AUSF generate the final session key KSEAF*, in addition to KSEAF and KASIS, the last final session key KSEAF*_pre stored in the UE and AUSF, respectively, is also used.
  • the final session key KSEAF* is calculated as follows:
  • KSEAF* KDF (KSEAF, KASIS, KSEAF*_pre, AP)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not be visible in the formula.
  • scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
  • Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively.
  • the final session key KSEAF*_pre In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
  • this embodiment also provides a key generation method, which is applied to the second network device.
  • the method includes:
  • Step 401 Obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
  • Step 402 Generate a session key corresponding to the UE at least based on the auxiliary key corresponding to the UE;
  • Step 403 Send the session key corresponding to the UE to the first network device
  • generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • the second network device may be a network device equipped with at least UDM; it should be noted that the first network device and the second network device may be physically the same device or different devices. In this embodiment No limitation.
  • This embodiment provides a variety of specific processing scenarios, which are described below respectively:
  • Scenario 1 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • the specific instructions are as follows:
  • the auxiliary key corresponding to the UE includes: at least one of a shared key, an encryption key, and an integrity key between the second network device and the UE; or, between the second network device and the UE One of the shared key, encryption key, and integrity key is used as the auxiliary key.
  • At least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys.
  • KASIS KDF (KECDH, sharedinfo)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • sharedinfo is the value known by UE and UDM, it can also be empty.
  • the encrypted SUPI can be SUCI; where the encrypted SUPI is sent to the network side, it can be: the security anchor point function (SEAF, SEcurityAnchorFunction) that sends SUCI to the network side; then the SECI sends SUCI Send to the authentication service function (AUSF, Authentication, Server, Function), AUSF then sends SUCI to UDM;
  • SEAF security anchor point function
  • AUSF Authentication, Server, Function
  • UDM decrypts the SUCI to obtain SUPI.
  • UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment.
  • the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal equipment uses for processing;
  • UDM Unified Data Management
  • the UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key is obtained.
  • UDM may not pass KASIS to AUSF, but UDM means that the second network device itself generates the session key used for communication with the UE, and then sends the generated session key To AUSF. Specifically: generate a session key based on the long-term key corresponding to the UE; generate a session key used for communication between the network side and the UE based on the session key and the auxiliary key corresponding to the UE .
  • KSEAF KSEAF *
  • KSEAF* KDF (KSEAF, KASIS, AP)
  • KDF is a key derivation function, such as HMAC-SHA-256
  • AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not appear in the formula.
  • Scenario 2 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • an auxiliary key is generated.
  • the method of generating the auxiliary key may be a random number generated locally by the UE. It can be understood that when the UE generates the auxiliary key, the network side has not yet obtained the auxiliary key. Therefore, further, the execution of the second network device includes:
  • the auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of a shared key, an encryption key, and an integrity key between the UE and UDM.
  • the auxiliary key will also be sent to the network side as the encrypted content of the SUCI.
  • the UE may send the SUCI to the UDM on the network side.
  • a processing flow in this scenario is:
  • the UE When the UE connects to the network for the first time, it generates the auxiliary key KASIS, uses the ECIES scheme to encrypt the MSIN and KASIS in the user's permanent identity SUPI, and generates SUCI, and passes the SUCI to SEAF.
  • the contents of SUCI are as follows:
  • SUCI type of SUPI + home network identifier + route identifier + protection scheme identifier + BPUB + APUB + KE ⁇ MSIN, KASIS ⁇ + Tag.
  • SEAF passes SUCI to AUSF, and AUSF passes SUCI to UDM;
  • UDM decrypts SUCI to obtain SUPI, finds the UE's Profile according to SUPI, and then determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA' ), the processing method here is the same as that in scenario 1 and will not be repeated here.
  • UDM does not need to pass KASIS to AUSF, but directly uses KSEAF and KASIS to generate the final session key KSEAF*, and then passes it to AUSF.
  • the specific method for generating the session key of the second network device, that is, UDM may be the same as that in scenario 1, and will not be described in detail.
  • Scenario 3 Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
  • the current session key used for communication between the network side and the UE is generated.
  • the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here.
  • scenario 1 and scenario 2 The difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added.
  • the calculation of the session key KSEAF* is as follows:
  • KSEAF* KDF (KSEAF, KASIS, KSEAF*_pre, AP)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not be visible in the formula.
  • scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
  • Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively.
  • the final session key KSEAF*_pre In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
  • an embodiment of the present application provides a UE, including:
  • the first processor 51 is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key ;
  • the first communication interface 52 communicates with the network side based on the session key
  • the first processor 51 is used to generate the session key based on the session key generated by the long-term key and the auxiliary key;
  • the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
  • This embodiment provides a variety of specific processing scenarios, which are described below respectively:
  • Scenario 1 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • the specific instructions are as follows:
  • the first processor 51 is configured to process at least one of the shared key, the encryption key, and the integrity key with the UDM to obtain one auxiliary key;
  • One of the shared key, encryption key, and integrity key with UDM is used as the auxiliary key.
  • At least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys.
  • KASIS KDF (KECDH, sharedinfo)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • sharedinfo is the value known by UE and UDM, it can also be empty.
  • the first processor 51 is used to encrypt the permanent identity SUPI of the UE based on the elliptic curve comprehensive encryption system ECIES when the UE establishes a connection with the network side for the first time to generate an encrypted SUPI; the encrypted SUPI is generated; Send to the network side.
  • the encrypted SUPI may be SUCI; where the encrypted SUPI is sent to the network side, it may be: a security anchor function (SEAF, SEcurity Anchor Function) that sends SUCI to the network side; and SEAF sends SUCI to the authentication service function (AUSF, Authentication Server Function), and AUSF sends SUCI to UDM;
  • SEAF SEcurity Anchor Function
  • AUSF Authentication Server Function
  • UDM decrypts the SUCI to obtain SUPI.
  • UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment.
  • the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal device uses for processing; thereafter UDM will send the auxiliary key to AUSF;
  • UDM Unified Data Management
  • the UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key KSEAF is generated.
  • the first processor 51 is configured to generate a session key based on the long-term key; and generate the session key based on the session key and the auxiliary key.
  • KSEAF KSEAF *
  • KSEAF* KDF (KSEAF, KASIS, AP)
  • KDF is a key derivation function, such as HMAC-SHA-256
  • AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not appear in the formula.
  • UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
  • Scenario 2 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • the first processor 51 is configured to generate an auxiliary key when connecting with the network for the first time.
  • the method for generating the auxiliary key may be a random number generated locally by the UE. It can be understood that when the UE generates the auxiliary key, the network side has not yet obtained the auxiliary key. Therefore, further, after the auxiliary key is generated, the first processor 51 is configured to encrypt and generate the SUCI based on the auxiliary key and the permanent identifier SUPI of the UE;
  • the first communication interface 52 is used to send the SUCI to the network side.
  • the auxiliary key will also be sent to the network side as the encrypted content of the SUCI.
  • the UE may send the SUCI to the UDM on the network side.
  • the UE When the UE connects to the network for the first time, it generates the auxiliary key KASIS, uses the ECIES scheme to encrypt the MSIN and KASIS in the user's permanent identification SUPI, and generates SUCI, and passes the SUCI to SEAF.
  • the contents of SUCI are as follows:
  • SUCI type of SUPI + home network identifier + route identifier + protection scheme identifier + BPUB + APUB + KE ⁇ MSIN, KASIS ⁇ + Tag.
  • SEAF passes SUCI to AUSF, and AUSF passes SUCI to UDM;
  • UDM decrypts SUCI to obtain SUPI, finds the UE's Profile according to SUPI, and then determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA' ), the processing method here is the same as that in scenario 1 and will not be repeated here.
  • UDM passes KASIS to AUSF in the Nudm_Authentication_Get Response message
  • the UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key KSEAF is generated.
  • the method of generating the session key in this scenario is also the same as in scenario 1, so it will not be described in detail.
  • Scenario 3 Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
  • the first processor 51 is configured to generate a session key based on the long-term key; and generate the session key based on the session key, the auxiliary key, and the session key used in the previous communication.
  • the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here.
  • scenario 1 and scenario 2 the difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added.
  • the UE and AUSF generate the final session key KSEAF*, in addition to KSEAF and KASIS, the last final session key KSEAF*_pre stored in the UE and AUSF, respectively, is also used.
  • the final session key KSEAF* is calculated as follows:
  • KSEAF* KDF (KSEAF, KASIS, KSEAF*_pre, AP)
  • KDF is a key derivation function, such as HMAC-SHA-256
  • AP is an auxiliary parameter for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not be visible in the formula.
  • scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
  • Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively.
  • the final session key KSEAF*_pre In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
  • an embodiment of the present application provides a first network device, including:
  • the second communication interface 61 is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the current session The key communicates with the UE;
  • the second processor 62 is configured to generate the session key corresponding to the UE based on at least the auxiliary key corresponding to the UE;
  • the second processor is used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • the first network device involved in this embodiment may be regarded as a device with AUSF function on the network side.
  • This embodiment provides a variety of specific processing scenarios, which are described below respectively:
  • Scenario 1 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • the specific instructions are as follows:
  • the second communication interface 61 is used to obtain the auxiliary key corresponding to the UE from the UDM;
  • the auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of the shared key, the encryption key, and the integrity key between the UE and UDM; or, One of the shared key, encryption key, and integrity key between the UE and the UDM serves as the auxiliary key.
  • At least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys.
  • any one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM can be used directly as the auxiliary key; for example, the shared key can be used directly as the auxiliary key, or the encryption key The key is directly used as the auxiliary key, or the integrity key is used as the auxiliary key.
  • KASIS KDF (KECDH, sharedinfo)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • sharedinfo is the value known by UE and UDM, it can also be empty.
  • the permanent identity SUPI of the UE is encrypted based on the elliptic curve comprehensive encryption system ECIES to generate the encrypted SUPI; the encrypted SUPI is generated; Send to the network side.
  • the encrypted SUPI may be SUCI; where the encrypted SUPI is sent to the network side, it may be: a security anchor function (SEAF, SEcurity Anchor Function) that sends SUCI to the network side; and SEAF sends SUCI to the authentication service function (AUSF, Authentication Server Function), which is the first network device, and AUSF sends SUCI to UDM;
  • SEAF SEcurity Anchor Function
  • AUSF Authentication Server Function
  • UDM decrypts the SUCI to obtain SUPI.
  • UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment.
  • the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal device uses for processing; thereafter UDM will send the auxiliary key to AUSF;
  • UDM Unified Data Management
  • the UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key KSEAF is generated.
  • the second processor 62 is used to generate a session key based on the long-term key corresponding to the UE;
  • the current session key used for communication between the network side and the UE is generated.
  • the UE and AUSF that is, the first network device respectively use KSEAF and KASIS to generate the final session key KSEAF*, which is calculated as follows:
  • KSEAF* KDF (KSEAF, KASIS, AP)
  • KDF is a key derivation function, such as HMAC-SHA-256
  • AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not appear in the formula.
  • UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
  • Scenario 2 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • This scenario is different from scenario 1 in that the auxiliary key generation method is different, but for the first network device, the auxiliary key is obtained from UDM in the same way as scenario 1, in addition, other processing procedures are different from Scene 1 is the same, so it will not be repeated here.
  • Scenario 3 Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
  • the second processor 62 is configured to generate a session key based on the long-term key corresponding to the UE;
  • the current session key used for communication between the network side and the UE is generated.
  • the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here.
  • scenario 1 and scenario 2 the difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added.
  • the UE and AUSF generate the final session key KSEAF*, in addition to KSEAF and KASIS, the last final session key KSEAF*_pre stored in the UE and AUSF, respectively, is also used.
  • the final session key KSEAF* is calculated as follows:
  • KSEAF* KDF (KSEAF, KASIS, KSEAF*_pre, AP)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not be visible in the formula.
  • scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
  • Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively.
  • the final session key KSEAF*_pre In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
  • this embodiment also provides a second network device, including:
  • the third processor 71 is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by the UE and the unified data management UDM on the network side; at least based on the auxiliary corresponding to the UE The key generates the session key corresponding to the UE;
  • the third communication interface 72 is used to send the session key corresponding to the UE to the first network device;
  • the third processor is used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • the second network device may be a network device equipped with at least UDM; it should be noted that the first network device and the second network device may be physically the same device or different devices. In this embodiment No limitation.
  • This embodiment provides a variety of specific processing scenarios, which are described below respectively:
  • Scenario 1 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • the specific instructions are as follows:
  • the auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of a shared key, an encryption key, and an integrity key between the second network device and the UE; Alternatively, one of the shared key, encryption key, and integrity key between the second network device and the UE is used as the auxiliary key. That is, at least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys.
  • any one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM can be used directly as the auxiliary key; for example, the shared key can be used directly as the auxiliary key, or the encryption key The key is directly used as the auxiliary key, or the integrity key is used as the auxiliary key.
  • KASIS KDF (KECDH, sharedinfo)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • sharedinfo is the value known by UE and UDM, it can also be empty.
  • the encrypted SUPI can be SUCI; where the encrypted SUPI is sent to the network side, it can be: the security anchor function (SEAF, SEcurityAnchorFunction) that sends SUCI to the network side; then the SECI will send SUCI Send to the authentication service function (AUSF, Authentication, Server, Function), AUSF then sends SUCI to UDM;
  • SEAF security anchor function
  • SEcurityAnchorFunction SEcurityAnchorFunction
  • UDM decrypts the SUCI to obtain SUPI.
  • UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment.
  • the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal equipment uses for processing;
  • UDM Unified Data Management
  • the UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key is obtained.
  • UDM may not pass KASIS to AUSF, but UDM means that the second network device itself generates the session key used for communication with the UE, and then sends the generated session key To AUSF.
  • the third processor 71 is configured to generate a session key based on the long-term key corresponding to the UE; generate a network side to communicate with the UE based on the session key and the auxiliary key corresponding to the UE The session key used.
  • KSEAF KSEAF *
  • KSEAF* KDF (KSEAF, KASIS, AP)
  • KDF is a key derivation function, such as HMAC-SHA-256
  • AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not appear in the formula.
  • Scenario 2 In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
  • an auxiliary key is generated.
  • the method of generating the auxiliary key may be a random number generated locally by the UE. It can be understood that when the UE generates the auxiliary key, the network side has not yet obtained the auxiliary key. Therefore, further, the third communication interface 72 is used to obtain the SUCI sent by the UE, and the third processor 71 is used to decrypt the SUCI and obtain the auxiliary key and SUPI corresponding to the UE;
  • the auxiliary key corresponding to the UE includes at least one of a shared key, an encryption key, and an integrity key with the UE.
  • the auxiliary key will also be sent to the network side as the encrypted content of the SUCI.
  • the UE may send the SUCI to the UDM on the network side.
  • a processing flow in this scenario is:
  • the UE When the UE connects to the network for the first time, it generates the auxiliary key KASIS, uses the ECIES scheme to encrypt the MSIN and KASIS in the user's permanent identity SUPI, and generates SUCI, and passes the SUCI to SEAF.
  • the contents of SUCI are as follows:
  • SUCI type of SUPI + home network identifier + route identifier + protection scheme identifier + BPUB + APUB + KE ⁇ MSIN, KASIS ⁇ + Tag.
  • SEAF passes SUCI to AUSF, and AUSF passes SUCI to UDM;
  • UDM decrypts SUCI to obtain SUPI, finds the UE's Profile according to SUPI, and then determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA' ), the processing method here is the same as that in scenario 1 and will not be repeated here.
  • UDM does not need to pass KASIS to AUSF, but directly uses KSEAF and KASIS to generate the final session key KSEAF*, and then passes it to AUSF.
  • the specific method for generating the session key of the second network device, that is, UDM may be the same as that in scenario 1, and will not be described in detail.
  • Scenario 3 Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
  • the third processor 71 is configured to generate a session key based on the long-term key corresponding to the UE;
  • the current session key used for communication between the network side and the UE is generated.
  • the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here.
  • scenario 1 and scenario 2 The difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added.
  • the calculation of the session key KSEAF* is as follows:
  • KSEAF* KDF (KSEAF, KASIS, KSEAF*_pre, AP)
  • KDF is the key derivation function, such as HMAC-SHA-256
  • AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks
  • AP is an optional parameter, and may not be visible in the formula.
  • scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
  • Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively.
  • the final session key KSEAF*_pre In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
  • Embodiments of the present application also provide a computer-readable storage medium for storing computer programs.
  • the computer-readable storage medium can be applied to any network device in the embodiments of the present application, and the computer program enables the computer to execute the corresponding process implemented by the network device in each method of the embodiments of the present application, for simplicity And will not be repeated here.
  • this embodiment also provides a key generation system, including: at least one UE 81 and an authentication service function AUSF entity 82; wherein,
  • the UE 81 is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key, based on The session key is communicated with the network side;
  • the AUSF entity 82 is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the current session
  • the key communicates with the UE; the session key corresponding to the UE is generated based at least on the auxiliary key corresponding to the UE;
  • the UE is specifically used to generate the session key based on the session key generated by the long-term key and the auxiliary key; or, the session key generated by the long-term key, the auxiliary key and the last time with the network
  • the session key used for the side communication to generate this session key
  • the AUSF is specifically used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • the UE is configured to obtain at least one of the auxiliary key after processing at least one of the shared key, encryption key, and integrity key with the UDM; or, the shared secret with the UDM
  • One of the key, encryption key, and integrity key is used as the auxiliary key;
  • the AUSF entity is used to obtain the auxiliary key corresponding to the UE from UDM; wherein, the auxiliary key corresponding to the UE is: based on the shared key, encryption key, and integrity between the UE and UDM One key obtained by processing at least one of the keys; or, one of the shared key, the encryption key, and the integrity key between the UE and the UDM is used as the auxiliary key.
  • the system further includes: a UDM entity 83, configured to send the auxiliary key corresponding to the UE to the AUSF entity.
  • this application may also provide a key generation system, including: at least one UE, an authentication service function AUSF entity, and a UDM entity; wherein,
  • the UE is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key, based on The session key is communicated with the network side;
  • the UDM entity is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least based on the auxiliary key corresponding to the UE
  • the key generates the session key corresponding to the UE; sends the session key corresponding to the UE to the AUSF entity;
  • the AUSF entity is used to communicate with the UE based on the session key corresponding to the UE;
  • the UE is specifically used to generate the session key based on the session key generated by the long-term key and the auxiliary key; or, the session key generated by the long-term key, the auxiliary key and the last time with the network
  • the session key used for the side communication to generate this session key
  • the UDM entity is specifically used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
  • the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  • the disclosed system, device, and method may be implemented in other ways.
  • the device embodiments described above are only schematic.
  • the division of the unit is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical, or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium.
  • the technical solution of the present application essentially or part of the contribution to the existing technology or part of the technical solution can be embodied in the form of a software product
  • the computer software product is stored in a storage medium, including Several instructions are used to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program code .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Embodiments of the present application provide a key generation method, a UE, a network device, a system, and a computer storage medium. The method comprises: obtaining an assistant key; generating this session key at least on the basis of the assistant key, and communicating with a network side on the basis of this session key, wherein the generating this session key at least on the basis of the assistant key comprises: generating this session key on the basis of a session key generated according to a long-term key and the assistant key; or generating this session key on the basis of the session key generated according to the long-term key, the assistant key, and a session key used in a previous communication with a network side.

Description

一种密钥生成方法、UE及网络设备Key generation method, UE and network equipment
相关申请的交叉引用Cross-reference of related applications
本申请基于申请号为201910000551.0、申请日为2019年1月2日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。This application is based on a Chinese patent application with an application number of 201910000551.0 and an application date of January 2, 2019, and claims the priority of the Chinese patent application. The entire content of the Chinese patent application is hereby incorporated by reference.
技术领域Technical field
本申请涉及信息处理技术领域,尤其涉及一种密钥生成方法、UE(用户设备,User Equipment)、网络设备、系统以及计算机存储介质。This application relates to the field of information processing technology, and in particular to a key generation method, UE (User Equipment), network equipment, system, and computer storage medium.
背景技术Background technique
5G将渗透到未来社会的各个领域,在构建以用户为中心的全方位信息生态系统中将起到关键作用。安全架构是5G网络正常运行的保障。认证协议是构建5G安全架构的基石。UE和网络每次都要生成DH密钥交换相关的参数。生成这些参数需要使用非对称算法,这就要消耗大量的计算资源,这对于物联网终端尤其不可接受,并且,这种处理只能防御被动攻击(窃听),不能防止主动攻击(中间人攻击),也就是说,目前通信中使用的会话密钥安全性需要提高。5G will penetrate into all fields of the future society and will play a key role in building a comprehensive user-centric information ecosystem. The security architecture is the guarantee for the normal operation of the 5G network. The authentication protocol is the cornerstone of building a 5G security architecture. The UE and the network each need to generate DH key exchange related parameters. The generation of these parameters requires the use of asymmetric algorithms, which consumes a lot of computing resources, which is particularly unacceptable for IoT terminals, and this kind of processing can only prevent passive attacks (eavesdropping), not active attacks (man-in-the-middle attacks), In other words, the security of the session key currently used in communication needs to be improved.
发明内容Summary of the invention
为解决上述技术问题,本申请实施例提供了一种密钥生成方法、UE、网络设备、系统以及计算机存储介质。To solve the above technical problems, the embodiments of the present application provide a key generation method, a UE, a network device, a system, and a computer storage medium.
第一方面,提供了一种密钥生成方法,应用于UE,所述方法包括:In a first aspect, a key generation method is provided, which is applied to a UE. The method includes:
获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;Generate the session key at least based on the auxiliary key, and communicate with the network side based on the session key;
其中,所述至少基于辅助密钥生成本次会话密钥,包括:Wherein, generating the session key at least based on the auxiliary key includes:
基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;Generate the session key based on the session key generated by the long-term key and the auxiliary key;
或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥。Alternatively, the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
第二方面,提供了一种密钥生成方法,应用于第一网络设备,所述方法包括:In a second aspect, a key generation method is provided, which is applied to a first network device, and the method includes:
获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Obtain the auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,基于所述本次会话密钥与所述UE进行通信;Generating at least a session key corresponding to the UE based on the auxiliary key corresponding to the UE, and communicating with the UE based on the session key;
其中,所述至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,包括:Wherein, generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication. .
第三方面,提供了一种密钥生成方法,应用于第二网络设备,所述方法包括:In a third aspect, a key generation method is provided, which is applied to a second network device, and the method includes:
获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Obtain the auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;Generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE;
将所述UE所对应的本次会话密钥发送至第一网络设备;Send the session key corresponding to the UE to the first network device;
其中,所述至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,包括:Wherein, generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
第四方面,提供了一种UE,包括:According to a fourth aspect, a UE is provided, including:
第一处理器,用于获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥;The first processor is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key;
第一通信接口,用于基于所述本次会话密钥与网络侧进行通信;A first communication interface, used to communicate with the network side based on the session key;
其中,所述第一处理器,用于基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;Wherein, the first processor is used to generate the session key based on the session key generated by the long-term key and the auxiliary key;
或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥。Alternatively, the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
第五方面,提供了一种第一网络设备,包括:According to a fifth aspect, a first network device is provided, including:
第二通信接口,用于获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;以及基于所述本次会话密钥与所述UE进行通信;The second communication interface is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the session key Key to communicate with the UE;
第二处理器,用于至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;A second processor, configured to generate the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE;
其中,所述第二处理器,用于基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Wherein, the second processor is used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
第六方面,提供了一种第二网络设备,包括:In a sixth aspect, a second network device is provided, including:
第三处理器,用于获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于UE 所对应的辅助密钥生成所述UE所对应的本次会话密钥;The third processor is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least based on the auxiliary key corresponding to the UE The key generates the session key corresponding to the UE;
第三通信接口,用于将所述UE所对应的本次会话密钥发送至第一网络设备;A third communication interface, configured to send the session key corresponding to the UE to the first network device;
其中,所述第三处理器,用于基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Wherein, the third processor is used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
第七方面,提供了一种计算机存储介质,其上存储有计算机程序,其中,该计算机程序被处理器执行时实现前述方法的步骤In a seventh aspect, a computer storage medium is provided on which a computer program is stored, wherein the computer program is executed by a processor to implement the steps of the foregoing method
第七方面,提供了一种密钥生成系统,包括:至少一个UE、鉴权服务功能AUSF实体;其中,In a seventh aspect, a key generation system is provided, including: at least one UE and an authentication service function AUSF entity; wherein,
所述UE,用于获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;The UE is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key, based on The session key is communicated with the network side;
所述AUSF实体,用于获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;以及基于所述本次会话密钥与所述UE进行通信;至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;The AUSF entity is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the session key The key communicates with the UE; at least based on the auxiliary key corresponding to the UE to generate the session key corresponding to the UE;
其中,所述UE,具体用于基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥;Among them, the UE is specifically used to generate the session key based on the session key generated by the long-term key and the auxiliary key; The session key used for the side communication to generate this session key;
所述AUSF,具体用于基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;The AUSF is specifically used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
第七方面,提供了一种密钥生成系统,包括:至少一个UE、鉴权服务 功能AUSF实体、UDM实体;其中,In a seventh aspect, a key generation system is provided, including: at least one UE, an authentication service function AUSF entity, and a UDM entity; wherein,
所述UE,用于获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;The UE is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key, based on The session key is communicated with the network side;
所述UDM实体,用于获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;将所述UE所对应的本次会话密钥发送至AUSF实体;The UDM entity is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least based on the auxiliary key corresponding to the UE The key generates the session key corresponding to the UE; sends the session key corresponding to the UE to the AUSF entity;
所述AUSF实体,用于基于所述UE对应的本会话密钥与所述UE进行通信;The AUSF entity is used to communicate with the UE based on the session key corresponding to the UE;
其中,所述UE,具体用于基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥;Among them, the UE is specifically used to generate the session key based on the session key generated by the long-term key and the auxiliary key; or, the session key generated by the long-term key, the auxiliary key and the last time with the network The session key used for the side communication to generate this session key;
所述UDM实体,具体用于基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;The UDM entity is specifically used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
本申请实施例的技术方案,就能够在生成最终的会话密钥的时候,除了根据长期密钥之外,还可以结合辅助密钥,或者结合辅助密钥以及上一次通信使用的会话密钥,共同进行本次会话密钥的生成;如此,不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。The technical solution of the embodiment of the present application can, when generating the final session key, in addition to the long-term key, also combine the auxiliary key, or combine the auxiliary key and the session key used in the previous communication, The generation of the session key is performed jointly; thus, the security of the session key can be enhanced without major changes to the original authentication protocol.
附图说明BRIEF DESCRIPTION
图1是本申请实施例提供的一种密钥生成方法示意性图一;FIG. 1 is a schematic diagram 1 of a key generation method provided by an embodiment of the present application;
图2是本申请实施例提供的一种密钥生成方法示意性图二;2 is a schematic diagram 2 of a key generation method provided by an embodiment of the present application;
图3为本申请实施例提供的一种密钥生成方法流程示意图三;FIG. 3 is a schematic flowchart 3 of a key generation method according to an embodiment of this application;
图4为本申请实施例提供的一种密钥生成方法流程示意图四;4 is a schematic flowchart 4 of a key generation method according to an embodiment of the present application;
图5为本申请实施例提供的一种UE组成结构示意图;FIG. 5 is a schematic diagram of a composition structure of a UE provided by an embodiment of the present application;
图6为本申请实施例提供的一种第一网络设备组成结构示意图;6 is a schematic structural diagram of a composition of a first network device provided by an embodiment of this application;
图7为本申请实施例提供的一种第二网络设备组成结构示意图;7 is a schematic structural diagram of a composition of a second network device provided by an embodiment of this application;
图8为本申请实施例提供的一种系统组成结构示意图。FIG. 8 is a schematic diagram of a system composition structure provided by an embodiment of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments are part of the embodiments of the present application, but not all the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.
如图1所示,本申请实施例提供了一种密钥生成方法,应用于UE,所述方法包括:As shown in FIG. 1, an embodiment of the present application provides a key generation method, which is applied to a UE. The method includes:
步骤101:获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Step 101: Obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
步骤102:至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;Step 102: Generate the session key based on at least the auxiliary key, and communicate with the network side based on the session key;
其中,所述至少基于辅助密钥生成本次会话密钥,包括:Wherein, generating the session key at least based on the auxiliary key includes:
基于长期密钥生成的会话密钥、辅助密钥生成本次会话密钥;Generate the session key based on the session key and auxiliary key generated by the long-term key;
或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥。Alternatively, the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
本实施例提供了多种具体处理场景,下面分别进行说明:This embodiment provides a variety of specific processing scenarios, which are described below respectively:
场景1、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。具体说明如下:Scenario 1. In addition to using a long-term key, the generation of a session key also includes an auxiliary key. The specific instructions are as follows:
所述获取辅助密钥,包括:The obtaining the auxiliary key includes:
将与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理后,得到一个所述辅助密钥;或者,将与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。After processing at least one of the shared key, encryption key, and integrity key with UDM, obtain one of the auxiliary keys; or, the shared key, encryption key, and One of the integrity keys serves as the auxiliary key.
也就是说,将UE和UDM间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的至少一个做某种混合处理,得到的输出结果作为一个所述辅助密钥。或者,可以为UE和UDM之间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的任意一个直接作为辅助密钥;比如,将共享密钥直接作为辅助密钥、或者加密密钥直接作为辅助密钥、或者完整性密钥作为辅助密钥。That is, at least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of mixed processing, and the obtained output result is used as one of the auxiliary keys. Alternatively, any one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM can be used directly as the auxiliary key; for example, the shared key can be used directly as the auxiliary key, or the encryption key The key is directly used as the auxiliary key, or the integrity key is used as the auxiliary key.
另外,在生成辅助密钥的时候,所述方法还包括:In addition, when generating the auxiliary key, the method further includes:
所述UE与网络侧初次建立连接时,基于椭圆曲线综合加密系统ECIES对所述UE的永久标识SUPI的移动识别号(MISN,Mobile identification number)进行加密,生成加密后的SUPI;将加密后的SUPI发送至网络侧。When the UE establishes a connection with the network side for the first time, the mobile identification number (MISN, Mobile Identification) number of the permanent identification SUPI of the UE is encrypted based on the elliptic curve comprehensive encryption system ECIES to generate an encrypted SUPI; SUPI is sent to the network side.
具体来说,参见图2,加密后的SUPI可以为SUCI;其中将加密后的SUPI发送至网络侧,可以为:将SUCI发送至网络侧的安全锚点功能(SEAF,SEcurity Anchor Function);再由SEAF将SUCI发送至鉴权服务功能(AUSF,Authentication Server Function),AUSF再将SUCI发送至UDM;Specifically, referring to FIG. 2, the encrypted SUPI may be SUCI; where the encrypted SUPI is sent to the network side, it may be: a security anchor function (SEAF, SEcurity Anchor Function) that sends SUCI to the network side; and SEAF sends SUCI to the authentication service function (AUSF, Authentication Server Function), and AUSF sends SUCI to UDM;
UDM将SUCI进行解密,得到SUPI,UDM根据SUPI查找到UE的相关信息,基于UE的相关信息,确定采用哪种认证协议对所述UE进行认证;其中,所述认证协议可以为5G AKA或EAP-AKA’,当然,认证协议还可以有其他的协议,只是本实施例中并不做穷举。另外,关于用户的终端设备的相关信息profile,可以在终端设备与网络侧进行签约的时候,写入统一数据管理(UDM,Unified Data Management)中,然后当终端设备需要进行认证的时候,由UDM来确定终端设备采用哪种认证协议进行处理;此后UDM将与辅助密钥发送给AUSF;UDM decrypts the SUCI to obtain SUPI. UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment. In addition, the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal device uses for processing; thereafter UDM will send the auxiliary key to AUSF;
UE和网络使用选定的认证协议进行相互认证;认证结束后,生成会话密钥。The UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, a session key is generated.
其中,生成本次会话密钥的方式包括:Among them, the way to generate the session key includes:
基于长期密钥生成会话密钥;基于所述会话密钥、以及所述辅助密钥,生成本次会话密钥。The session key is generated based on the long-term key; the session key is generated based on the session key and the auxiliary key.
具体来说,UE和AUSF分别使用KSEAF和KASIS生成最终会话密钥KSEAF*,其计算如下:Specifically, UE and AUSF use KSEAF and KASIS to generate the final session key KSEAF*, which is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,AP)KSEAF* = KDF (KSEAF, KASIS, AP)
其中,KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里。Among them, KDF is a key derivation function, such as HMAC-SHA-256, AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not appear in the formula.
需要指出的是,UDM也可以不把KASIS传给AUSF,而是直接使用KSEAF和KASIS生成最终会话密钥KSEAF*,再把它传给AUSF。It should be pointed out that UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
场景2、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。Scenario 2. In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
本场景,与场景1的不同之处在于,获取辅助密钥的方式不同。具体说明如下:This scenario is different from scenario 1 in that the auxiliary key is obtained in different ways. The specific instructions are as follows:
所述获取辅助密钥,包括:The obtaining the auxiliary key includes:
当所述UE与网络侧初次进行连接时,生成随机数作为辅助密钥。When the UE first connects with the network side, a random number is generated as an auxiliary key.
本场景中,生成辅助密钥的方式可以为UE本地基于随机数生成的。可以理解的是,UE生成辅助密钥的时候,网络侧是还未获取到该辅助密钥的。因此,进一步地,所述生成辅助密钥之后,所述还包括:In this scenario, the method for generating the auxiliary key may be a random number generated locally by the UE. It can be understood that when the UE generates the auxiliary key, the network side has not yet obtained the auxiliary key. Therefore, further, after generating the auxiliary key, the method further includes:
基于所述辅助密钥以及UE的永久标识SUPI中的MSIN,进行加密生成SUCI;将所述SUCI发送至网络侧。Based on the auxiliary key and the MSIN in the permanent identification SUPI of the UE, encrypt to generate SUCI; send the SUCI to the network side.
也就是说,UE生成辅助密钥之后,还会将辅助密钥作为SUCI的加密的内容发送至网络侧,具体来说,可以为UE将SUCI发送至网络侧的UDM。That is to say, after the UE generates the auxiliary key, the auxiliary key will also be sent to the network side as the encrypted content of the SUCI. Specifically, the UE may send the SUCI to the UDM on the network side.
同样可以参见图2对本场景进行具体说明,包括:See also Figure 2 for a specific description of this scenario, including:
UE在第一次连接网络时,生成辅助密钥KASIS,使用ECIES方案对用户的永久标识SUPI和KASIS进行加密生成SUCI,并把SUCI传递给SEAF。其中,SUCI的内容如下:When the UE connects to the network for the first time, it generates the auxiliary key KASIS, uses the ECIES scheme to encrypt the user's permanent identification SUPI and KASIS, and generates SUCI, and passes the SUCI to SEAF. Among them, the contents of SUCI are as follows:
SUCI=SUPI的类型+归属网络标识+路由标识+保护方案标识+BPUB+APUB+KE{MSIN,KASIS}+Tag。SUCI = type of SUPI + home network identifier + route identifier + protection scheme identifier + BPUB + APUB + KE {MSIN, KASIS} + Tag.
然后,SEAF把SUCI传递给AUSF,AUSF再把SUCI传递给UDM;UDM对SUCI解密得到SUPI,根据SUPI找到UE的Profile,从而确定使用何种认证协议对UE进行认证(5G AKA或EAP-AKA’),这里的处理方式与场景1相同,不再赘述。Then, SEAF passes SUCI to AUSF, and AUSF passes SUCI to UDM; UDM decrypts SUCI to obtain SUPI, finds the UE's Profile according to SUPI, and then determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA' ), the processing method here is the same as that in scenario 1 and will not be repeated here.
UDM在Nudm_Authentication_Get Response消息里,把KASIS传给AUSF;UDM passes KASIS to AUSF in the Nudm_Authentication_Get Response message;
UE和网络使用选定的认证协议进行相互认证;认证结束后,生成本次会话密钥。The UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key is generated.
本场景中生成本次会话密钥的方式与场景1也是相同的,因此也不再赘述。The method of generating the session key in this scenario is also the same as in scenario 1, so it will not be described in detail.
还需要指出的是,本场景中,同样的UDM也可以不把KASIS传给AUSF,而是直接使用KSEAF和KASIS生成最终会话密钥KSEAF*,在把它传给AUSF。It should also be pointed out that, in this scenario, the same UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
场景3、基于所述会话密钥、所述辅助密钥、以及上一次通信使用的会话密钥,生成本次会话密钥;具体说明如下:Scenario 3: Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
基于长期密钥生成会话密钥;Generate session keys based on long-term keys;
基于所述会话密钥、所述辅助密钥、以及上一次通信使用的会话密钥,生成本次会话密钥。This session key is generated based on the session key, the auxiliary key, and the session key used in the previous communication.
需要指出的是,本场景中,生成辅助密钥的方式可以为场景1的方式或者,可以为场景2的方式,这里也不再赘述。与场景1、场景2的不同之处在于,本场景中在最终生成本次会话密钥的时候,还添加了上一次通信 使用的会话密钥。比如,UE和AUSF生成最终会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。最终会话密钥KSEAF*的计算如下:It should be noted that in this scenario, the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here. The difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added. For example, when the UE and AUSF generate the final session key KSEAF*, in addition to KSEAF and KASIS, the last final session key KSEAF*_pre stored in the UE and AUSF, respectively, is also used. The final session key KSEAF* is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,KSEAF*_pre,AP)KSEAF*=KDF (KSEAF, KASIS, KSEAF*_pre, AP)
这里KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里可见。Here KDF is the key derivation function, such as HMAC-SHA-256, AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not be visible in the formula.
最后需要说明的是,场景1、场景2能保证最终会话密钥KSEAF*的安全性,原因是生成本次会话密钥的时候,除了依赖于基于长期密钥K而生成的待使用密钥KSEAF,还依赖于辅助密钥KASIS,而KASIS的安全性由ECIES保证。鉴于ECIES既能防止被动攻击又能防止主动攻击。因此,无论是主动攻击者或是被动攻击者都无法获得最终会话密钥KSEAF*,即使长期密钥K已泄露。Finally, it should be noted that scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
场景3的安全性比场景1、场景2更高,因为在此方案中,UE和AUSF生成本次会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。这样即使KASIS被攻击者破解,攻击者也不能得到最终会话密钥KSEAF*,除非它能得到上次最终会话密钥KSEAF*_pre。Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively. The final session key KSEAF*_pre. In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
本申请中涉及的三个场景只有UE首次连接网络时,为了使UE和UDM得到辅助密钥KASIS,需要使用非对称密钥算法(由于使用ECIES)。后续的最终会话密钥KSEAF*生成不需要使用非对称密钥,比如可以使用对称密钥。因此,此提案适合在物联网场景下使用。并且,本提案高度与现有的5G标准兼容,因不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。In the three scenarios involved in this application, only when the UE is connected to the network for the first time, in order for the UE and UDM to obtain the auxiliary key KASIS, an asymmetric key algorithm (due to the use of ECIES) is required. Subsequent final session key KSEAF* generation does not require the use of an asymmetric key, for example, a symmetric key can be used. Therefore, this proposal is suitable for use in IoT scenarios. In addition, this proposal is highly compatible with the existing 5G standard, because it does not require major changes to the original authentication protocol to achieve enhanced session key security.
通过采用上述方案,就能够在生成最终的会话密钥的时候,除了根据长期密钥之外,还可以结合辅助密钥,或者结合辅助密钥以及上一次通信 使用的会话密钥,共同进行本次会话密钥的生成;如此,不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。By using the above scheme, when generating the final session key, in addition to the long-term key, you can also combine the auxiliary key, or the auxiliary key and the session key used in the previous communication Generation of secondary session keys; thus, the security of session keys can be enhanced without major changes to the original authentication protocol.
如图3所示,本申请实施例提供了一种密钥生成方法,应用于第一网络设备,所述方法包括:As shown in FIG. 3, an embodiment of the present application provides a key generation method, which is applied to a first network device, and the method includes:
步骤301:获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Step 301: Obtain the auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
步骤302:至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,基于所述本次会话密钥与所述UE进行通信;Step 302: Generate a session key corresponding to the UE based at least on the auxiliary key corresponding to the UE, and communicate with the UE based on the session key;
其中,所述至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,包括:Wherein, generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
本实施例中所涉及的第一网络设备,可以认为是网络侧具备AUSF功能的设备。The first network device involved in this embodiment may be regarded as a device with AUSF function on the network side.
本实施例提供了多种具体处理场景,下面分别进行说明:This embodiment provides a variety of specific processing scenarios, which are described below respectively:
场景1、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。具体说明如下:Scenario 1. In addition to using a long-term key, the generation of a session key also includes an auxiliary key. The specific instructions are as follows:
所述获取辅助密钥,包括:The obtaining the auxiliary key includes:
从UDM获取UE所对应的辅助密钥;Obtain the auxiliary key corresponding to the UE from UDM;
其中,所述UE所对应的辅助密钥为:基于所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。Wherein, the auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of the shared key, the encryption key, and the integrity key between the UE and UDM; or, One of the shared key, encryption key, and integrity key between the UE and the UDM serves as the auxiliary key.
也就是说,将UE和UDM间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的至少一个做某种混合操作,其输出作为一个所述辅助密钥。或者,可以为UE和UDM之间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的任意一个直接作为辅助密钥;比如,将共享密钥直接作为辅助密钥、或者加密密钥直接作为辅助密钥、或者完整性密钥作为辅助密钥。That is, at least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys. Alternatively, any one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM can be used directly as the auxiliary key; for example, the shared key can be used directly as the auxiliary key, or the encryption key The key is directly used as the auxiliary key, or the integrity key is used as the auxiliary key.
例如以下的混合:For example, the following mix:
KASIS=KDF(KECDH,sharedinfo)KASIS = KDF (KECDH, sharedinfo)
KASIS=KDF(KE||KM)KASIS=KDF(KE||KM)
这里KDF是密钥推演函数,如HMAC-SHA-256,共享信息(sharedinfo)是UE和UDM知道的值,它也可以是空的。Here KDF is a key derivation function, such as HMAC-SHA-256, shared information (sharedinfo) is a value known by UE and UDM, it can also be empty.
另外,在生成辅助密钥的时候,所述UE与网络侧初次建立连接时,基于椭圆曲线综合加密系统ECIES对所述UE的永久标识SUPI进行加密,生成加密后的SUPI;将加密后的SUPI发送至网络侧。In addition, when the auxiliary key is generated, when the UE establishes a connection with the network for the first time, the permanent identity SUPI of the UE is encrypted based on the elliptic curve comprehensive encryption system ECIES to generate the encrypted SUPI; the encrypted SUPI is generated; Send to the network side.
具体来说,参见图2,加密后的SUPI可以为SUCI;其中将加密后的SUPI发送至网络侧,可以为:将SUCI发送至网络侧的安全锚点功能(SEAF,SEcurity Anchor Function);再由SEAF将SUCI发送至鉴权服务功能(AUSF,Authentication Server Function)即第一网络设备,AUSF再将SUCI发送至UDM;Specifically, referring to FIG. 2, the encrypted SUPI may be SUCI; where the encrypted SUPI is sent to the network side, it may be: a security anchor function (SEAF, SEcurity Anchor Function) that sends SUCI to the network side; and SEAF sends SUCI to the authentication service function (AUSF, Authentication Server Function), which is the first network device, and AUSF sends SUCI to UDM;
UDM将SUCI进行解密,得到SUPI,UDM根据SUPI查找到UE的相关信息,基于UE的相关信息,确定采用哪种认证协议对所述UE进行认证;其中,所述认证协议可以为5G AKA或EAP-AKA’,当然,认证协议还可以有其他的协议,只是本实施例中并不做穷举。另外,关于用户的终端设备的相关信息profile,可以在终端设备与网络侧进行签约的时候,写入统一数据管理(UDM,Unified Data Management)中,然后当终端设备需要进行认证的时候,由UDM来确定终端设备采用哪种认证协议进行处理;此 后UDM将与辅助密钥发送给AUSF;UDM decrypts the SUCI to obtain SUPI. UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment. In addition, the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal device uses for processing; thereafter UDM will send the auxiliary key to AUSF;
UE和网络使用选定的认证协议进行相互认证;认证结束后,生成会话密钥。The UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, a session key is generated.
其中,生成本次会话密钥的方式包括:Among them, the way to generate the session key includes:
基于UE所对应的长期密钥生成会话密钥;Generate a session key based on the long-term key corresponding to the UE;
基于所述会话密钥、以及所述UE所对应的辅助密钥,生成网络侧与所述UE通信所使用的本次会话密钥。Based on the session key and the auxiliary key corresponding to the UE, the current session key used for communication between the network side and the UE is generated.
具体来说,UE和AUSF即第一网络设备分别使用KSEAF和KASIS生成最终会话密钥KSEAF*,其计算如下:Specifically, the UE and AUSF, that is, the first network device respectively use KSEAF and KASIS to generate the final session key KSEAF*, which is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,AP)KSEAF* = KDF (KSEAF, KASIS, AP)
其中,KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里。Among them, KDF is a key derivation function, such as HMAC-SHA-256, AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not appear in the formula.
需要指出的是,UDM也可以不把KASIS传给AUSF,而是直接使用KSEAF和KASIS生成最终会话密钥KSEAF*,再把它传给AUSF。It should be pointed out that UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
场景2、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。Scenario 2. In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
本场景,与场景1的不同之处在于,生成辅助密钥的方式不同,但是针对第一网络设备来说,与场景1采用相同的方式从UDM获取辅助密钥,另外,其他的处理流程与场景1均相同,因此这里不再赘述。This scenario is different from scenario 1 in that the auxiliary key generation method is different, but for the first network device, the auxiliary key is obtained from UDM in the same way as scenario 1, in addition, other processing procedures are different from Scene 1 is the same, so it will not be repeated here.
场景3、基于所述会话密钥、所述辅助密钥、以及上一次通信使用的会话密钥,生成本次会话密钥;具体说明如下:Scenario 3: Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
基于UE所对应的长期密钥生成会话密钥;Generate a session key based on the long-term key corresponding to the UE;
基于所述会话密钥、所述UE所对应的辅助密钥、以及所述UE上一次通信使用的会话密钥,生成网络侧与所述UE通信所使用的本次会话密钥。Based on the session key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication, the current session key used for communication between the network side and the UE is generated.
需要指出的是,本场景中,生成辅助密钥的方式可以为场景1的方式或者,可以为场景2的方式,这里也不再赘述。与场景1、场景2的不同之 处在于,本场景中在最终生成本次会话密钥的时候,还添加了上一次通信使用的会话密钥。比如,UE和AUSF生成最终会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。最终会话密钥KSEAF*的计算如下:It should be noted that in this scenario, the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here. The difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added. For example, when the UE and AUSF generate the final session key KSEAF*, in addition to KSEAF and KASIS, the last final session key KSEAF*_pre stored in the UE and AUSF, respectively, is also used. The final session key KSEAF* is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,KSEAF*_pre,AP)KSEAF*=KDF (KSEAF, KASIS, KSEAF*_pre, AP)
这里KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里可见。Here KDF is the key derivation function, such as HMAC-SHA-256, AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not be visible in the formula.
最后需要说明的是,场景1、场景2能保证最终会话密钥KSEAF*的安全性,原因是生成本次会话密钥的时候,除了依赖于基于长期密钥K而生成的待使用密钥KSEAF,还依赖于辅助密钥KASIS,而KASIS的安全性由ECIES保证。鉴于ECIES既能防止被动攻击又能防止主动攻击。因此,无论是主动攻击者或是被动攻击者都无法获得最终会话密钥KSEAF*,即使长期密钥K已泄露。Finally, it should be noted that scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
场景3的安全性比场景1、场景2更高,因为在此方案中,UE和AUSF生成本次会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。这样即使KASIS被攻击者破解,攻击者也不能得到最终会话密钥KSEAF*,除非它能得到上次最终会话密钥KSEAF*_pre。Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively. The final session key KSEAF*_pre. In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
本申请中涉及的三个场景只有UE首次连接网络时,为了使UE和UDM得到辅助密钥KASIS,需要使用非对称密钥算法(由于使用ECIES)。后续的最终会话密钥KSEAF*生成不需要使用非对称密钥,比如可以使用对称密钥。因此,此提案适合在物联网场景下使用。并且,本提案高度与现有的5G标准兼容,因不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。In the three scenarios involved in this application, only when the UE is connected to the network for the first time, in order for the UE and UDM to obtain the auxiliary key KASIS, an asymmetric key algorithm (due to the use of ECIES) is required. Subsequent final session key KSEAF* generation does not require the use of an asymmetric key, for example, a symmetric key can be used. Therefore, this proposal is suitable for use in IoT scenarios. In addition, this proposal is highly compatible with the existing 5G standard, because it does not require major changes to the original authentication protocol to achieve enhanced session key security.
通过采用上述方案,就能够在生成最终的会话密钥的时候,除了根据 长期密钥之外,还可以结合辅助密钥,或者结合辅助密钥以及上一次通信使用的会话密钥,共同进行本次会话密钥的生成;如此,不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。By using the above scheme, when generating the final session key, in addition to the long-term key, you can also combine the auxiliary key, or the auxiliary key and the session key used in the previous communication Generation of secondary session keys; thus, the security of session keys can be enhanced without major changes to the original authentication protocol.
如图4所示,本实施例还提供一种密钥生成方法,应用于第二网络设备,所述方法包括:As shown in FIG. 4, this embodiment also provides a key generation method, which is applied to the second network device. The method includes:
步骤401:获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Step 401: Obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
步骤402:至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;Step 402: Generate a session key corresponding to the UE at least based on the auxiliary key corresponding to the UE;
步骤403:将所述UE所对应的本次会话密钥发送至第一网络设备;Step 403: Send the session key corresponding to the UE to the first network device;
其中,所述至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,包括:Wherein, generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
本实施例中第二网络设备可以为至少具备UDM的网络设备;需要指出的是,第一网络设备与第二网络设备在物理上可以为相同的设备,也可以为不同的设备,本实施例不做限定。In this embodiment, the second network device may be a network device equipped with at least UDM; it should be noted that the first network device and the second network device may be physically the same device or different devices. In this embodiment No limitation.
本实施例提供了多种具体处理场景,下面分别进行说明:This embodiment provides a variety of specific processing scenarios, which are described below respectively:
场景1、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。具体说明如下:Scenario 1. In addition to using a long-term key, the generation of a session key also includes an auxiliary key. The specific instructions are as follows:
所述UE所对应的辅助密钥包括:第二网络设备与UE之间的共享密钥、加密密钥、完整性密钥中的至少一个;或者,将第二网络设备与所述UE之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。The auxiliary key corresponding to the UE includes: at least one of a shared key, an encryption key, and an integrity key between the second network device and the UE; or, between the second network device and the UE One of the shared key, encryption key, and integrity key is used as the auxiliary key.
也就是说,将UE和UDM间的共享密钥KECDH、加密密钥KE、完 整性密钥KM中的至少一个做某种混合操作,其输出作为一个所述辅助密钥。例如以下的混合:That is, at least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys. For example, the following mix:
KASIS=KDF(KECDH,sharedinfo)KASIS = KDF (KECDH, sharedinfo)
KASIS=KDF(KE||KM)KASIS=KDF(KE||KM)
这里KDF是密钥推演函数,如HMAC-SHA-256,sharedinfo是UE和UDM知道的值,它也可以是空的。Here KDF is the key derivation function, such as HMAC-SHA-256, sharedinfo is the value known by UE and UDM, it can also be empty.
具体来说,加密后的SUPI可以为SUCI;其中将加密后的SUPI发送至网络侧,可以为:将SUCI发送至网络侧的安全锚点功能(SEAF,SEcurity Anchor Function);再由SEAF将SUCI发送至鉴权服务功能(AUSF,Authentication Server Function),AUSF再将SUCI发送至UDM;Specifically, the encrypted SUPI can be SUCI; where the encrypted SUPI is sent to the network side, it can be: the security anchor point function (SEAF, SEcurityAnchorFunction) that sends SUCI to the network side; then the SECI sends SUCI Send to the authentication service function (AUSF, Authentication, Server, Function), AUSF then sends SUCI to UDM;
UDM将SUCI进行解密,得到SUPI,UDM根据SUPI查找到UE的相关信息,基于UE的相关信息,确定采用哪种认证协议对所述UE进行认证;其中,所述认证协议可以为5G AKA或EAP-AKA’,当然,认证协议还可以有其他的协议,只是本实施例中并不做穷举。另外,关于用户的终端设备的相关信息profile,可以在终端设备与网络侧进行签约的时候,写入统一数据管理(UDM,Unified Data Management)中,然后当终端设备需要进行认证的时候,由UDM来确定终端设备采用哪种认证协议进行处理;UDM decrypts the SUCI to obtain SUPI. UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment. In addition, the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal equipment uses for processing;
UE和网络使用选定的认证协议进行相互认证;认证结束后,获取本次会话密钥。The UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key is obtained.
需要指出的是,本场景中UDM也可以不把KASIS传给AUSF,而是UDM即第二网络设备自身生成与UE通信所使用的本次会话密钥,然后将生成的本次会话密钥发送给AUSF。具体的:基于UE所对应的长期密钥生成会话密钥;基于所述会话密钥、以及所述UE所对应的辅助密钥,生成网络侧与所述UE通信所使用的本次会话密钥。It should be noted that in this scenario, UDM may not pass KASIS to AUSF, but UDM means that the second network device itself generates the session key used for communication with the UE, and then sends the generated session key To AUSF. Specifically: generate a session key based on the long-term key corresponding to the UE; generate a session key used for communication between the network side and the UE based on the session key and the auxiliary key corresponding to the UE .
具体来说,UE和UDM分别使用KSEAF和KASIS生成最终会话密钥KSEAF*,其计算如下:Specifically, UE and UDM use KSEAF and KASIS to generate the final session key KSEAF*, which is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,AP)KSEAF* = KDF (KSEAF, KASIS, AP)
其中,KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里。Among them, KDF is a key derivation function, such as HMAC-SHA-256, AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not appear in the formula.
场景2、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。Scenario 2. In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
本场景,与场景1的不同之处在于,获取辅助密钥的方式不同。具体说明如下:This scenario is different from scenario 1 in that the auxiliary key is obtained in different ways. The specific instructions are as follows:
当所述UE与网络侧初次进行连接时,生成辅助密钥。生成辅助密钥的方式可以为UE本地基于随机数生成的。可以理解的是,UE生成辅助密钥的时候,网络侧是还未获取到该辅助密钥的。因此,进一步地,第二网络设备执行包括:When the UE first connects with the network side, an auxiliary key is generated. The method of generating the auxiliary key may be a random number generated locally by the UE. It can be understood that when the UE generates the auxiliary key, the network side has not yet obtained the auxiliary key. Therefore, further, the execution of the second network device includes:
获取UE发来的SUCI,对所述SUCI解密后得到所述UE所对应的辅助密钥以及SUPI;Obtain the SUCI sent by the UE, and decrypt the SUCI to obtain the auxiliary key and SUPI corresponding to the UE;
其中,所述UE所对应的辅助密钥为:基于所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥。The auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of a shared key, an encryption key, and an integrity key between the UE and UDM.
也就是说,UE生成辅助密钥之后,还会将辅助密钥作为SUCI的加密的内容发送至网络侧,具体来说,可以为UE将SUCI发送至网络侧的UDM。That is to say, after the UE generates the auxiliary key, the auxiliary key will also be sent to the network side as the encrypted content of the SUCI. Specifically, the UE may send the SUCI to the UDM on the network side.
本场景的一种处理流程为:A processing flow in this scenario is:
UE在第一次连接网络时,生成辅助密钥KASIS,使用ECIES方案对用户的永久标识SUPI中的MSIN和KASIS进行加密生成SUCI,并把SUCI传递给SEAF。其中,SUCI的内容如下:When the UE connects to the network for the first time, it generates the auxiliary key KASIS, uses the ECIES scheme to encrypt the MSIN and KASIS in the user's permanent identity SUPI, and generates SUCI, and passes the SUCI to SEAF. Among them, the contents of SUCI are as follows:
SUCI=SUPI的类型+归属网络标识+路由标识+保护方案标识+BPUB+APUB+KE{MSIN,KASIS}+Tag。SUCI = type of SUPI + home network identifier + route identifier + protection scheme identifier + BPUB + APUB + KE {MSIN, KASIS} + Tag.
然后,SEAF把SUCI传递给AUSF,AUSF再把SUCI传递给UDM;UDM对SUCI解密得到SUPI,根据SUPI找到UE的Profile,从而确定使用何种认证协议对UE进行认证(5G AKA或EAP-AKA’),这里的处理方 式与场景1相同,不再赘述。Then, SEAF passes SUCI to AUSF, and AUSF passes SUCI to UDM; UDM decrypts SUCI to obtain SUPI, finds the UE's Profile according to SUPI, and then determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA' ), the processing method here is the same as that in scenario 1 and will not be repeated here.
UDM在可以不把KASIS传给AUSF,而是直接使用KSEAF和KASIS生成最终会话密钥KSEAF*,在把它传给AUSF。具体的关于第二网络设备即UDM生成本次会话密钥的方式,可以与场景1相同,不再赘述。UDM does not need to pass KASIS to AUSF, but directly uses KSEAF and KASIS to generate the final session key KSEAF*, and then passes it to AUSF. The specific method for generating the session key of the second network device, that is, UDM, may be the same as that in scenario 1, and will not be described in detail.
场景3、基于所述会话密钥、所述辅助密钥、以及上一次通信使用的会话密钥,生成本次会话密钥;具体说明如下:Scenario 3: Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
基于UE所对应的长期密钥生成会话密钥;Generate a session key based on the long-term key corresponding to the UE;
基于所述会话密钥、以及所述UE所对应的辅助密钥,生成网络侧与所述UE通信所使用的本次会话密钥。Based on the session key and the auxiliary key corresponding to the UE, the current session key used for communication between the network side and the UE is generated.
需要指出的是,本场景中,生成辅助密钥的方式可以为场景1的方式或者,可以为场景2的方式,这里也不再赘述。与场景1、场景2的不同之处在于,本场景中在最终生成本次会话密钥的时候,还添加了上一次通信使用的会话密钥。最终,本次会话密钥KSEAF*的计算如下:It should be noted that in this scenario, the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here. The difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added. Finally, the calculation of the session key KSEAF* is as follows:
KSEAF*=KDF(KSEAF,KASIS,KSEAF*_pre,AP)KSEAF*=KDF (KSEAF, KASIS, KSEAF*_pre, AP)
这里KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里可见。Here KDF is the key derivation function, such as HMAC-SHA-256, AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not be visible in the formula.
最后需要说明的是,场景1、场景2能保证最终会话密钥KSEAF*的安全性,原因是生成本次会话密钥的时候,除了依赖于基于长期密钥K而生成的待使用密钥KSEAF,还依赖于辅助密钥KASIS,而KASIS的安全性由ECIES保证。鉴于ECIES既能防止被动攻击又能防止主动攻击。因此,无论是主动攻击者或是被动攻击者都无法获得最终会话密钥KSEAF*,即使长期密钥K已泄露。Finally, it should be noted that scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
场景3的安全性比场景1、场景2更高,因为在此方案中,UE和AUSF生成本次会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。这样即使KASIS 被攻击者破解,攻击者也不能得到最终会话密钥KSEAF*,除非它能得到上次最终会话密钥KSEAF*_pre。Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively. The final session key KSEAF*_pre. In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
本申请中涉及的三个场景只有UE首次连接网络时,为了使UE和UDM得到辅助密钥KASIS,需要使用非对称密钥算法(由于使用ECIES)。后续的最终会话密钥KSEAF*生成不需要使用非对称密钥,比如可以使用对称密钥。因此,此提案适合在物联网场景下使用。并且,本提案高度与现有的5G标准兼容,因不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。In the three scenarios involved in this application, only when the UE is connected to the network for the first time, in order for the UE and UDM to obtain the auxiliary key KASIS, an asymmetric key algorithm (due to the use of ECIES) is required. Subsequent final session key KSEAF* generation does not require the use of an asymmetric key, for example, a symmetric key can be used. Therefore, this proposal is suitable for use in IoT scenarios. In addition, this proposal is highly compatible with the existing 5G standard, because it does not require major changes to the original authentication protocol to achieve enhanced session key security.
通过采用上述方案,就能够在生成最终的会话密钥的时候,除了根据长期密钥之外,还可以结合辅助密钥,或者结合辅助密钥以及上一次通信使用的会话密钥,共同进行本次会话密钥的生成;如此,不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。By using the above scheme, when generating the final session key, in addition to the long-term key, you can also combine the auxiliary key, or the auxiliary key and the session key used in the previous communication Generation of secondary session keys; thus, the security of session keys can be enhanced without major changes to the original authentication protocol.
如图5所示,本申请实施例提供了一种UE,包括:As shown in FIG. 5, an embodiment of the present application provides a UE, including:
第一处理器51,用于获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥;The first processor 51 is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key ;
第一通信接口52,基于所述本次会话密钥与网络侧进行通信;The first communication interface 52 communicates with the network side based on the session key;
其中,所述第一处理器51,用于基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;Wherein, the first processor 51 is used to generate the session key based on the session key generated by the long-term key and the auxiliary key;
或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥。Alternatively, the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
本实施例提供了多种具体处理场景,下面分别进行说明:This embodiment provides a variety of specific processing scenarios, which are described below respectively:
场景1、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。具体说明如下:Scenario 1. In addition to using a long-term key, the generation of a session key also includes an auxiliary key. The specific instructions are as follows:
所述第一处理器51,用于将与UDM之间的共享密钥、加密密钥、完 整性密钥中的至少一个进行处理后,得到一个所述辅助密钥;The first processor 51 is configured to process at least one of the shared key, the encryption key, and the integrity key with the UDM to obtain one auxiliary key;
或者,or,
将与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。One of the shared key, encryption key, and integrity key with UDM is used as the auxiliary key.
也就是说,将UE和UDM间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的至少一个做某种混合操作,其输出作为一个所述辅助密钥。例如以下的混合:That is, at least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys. For example, the following mix:
KASIS=KDF(KECDH,sharedinfo)KASIS = KDF (KECDH, sharedinfo)
KASIS=KDF(KE||KM)KASIS=KDF(KE||KM)
这里KDF是密钥推演函数,如HMAC-SHA-256,sharedinfo是UE和UDM知道的值,它也可以是空的。Here KDF is the key derivation function, such as HMAC-SHA-256, sharedinfo is the value known by UE and UDM, it can also be empty.
另外,第一处理器51,用于所述UE与网络侧初次建立连接时,基于椭圆曲线综合加密系统ECIES对所述UE的永久标识SUPI进行加密,生成加密后的SUPI;将加密后的SUPI发送至网络侧。In addition, the first processor 51 is used to encrypt the permanent identity SUPI of the UE based on the elliptic curve comprehensive encryption system ECIES when the UE establishes a connection with the network side for the first time to generate an encrypted SUPI; the encrypted SUPI is generated; Send to the network side.
具体来说,参见图2,加密后的SUPI可以为SUCI;其中将加密后的SUPI发送至网络侧,可以为:将SUCI发送至网络侧的安全锚点功能(SEAF,SEcurity Anchor Function);再由SEAF将SUCI发送至鉴权服务功能(AUSF,Authentication Server Function),AUSF再将SUCI发送至UDM;Specifically, referring to FIG. 2, the encrypted SUPI may be SUCI; where the encrypted SUPI is sent to the network side, it may be: a security anchor function (SEAF, SEcurity Anchor Function) that sends SUCI to the network side; and SEAF sends SUCI to the authentication service function (AUSF, Authentication Server Function), and AUSF sends SUCI to UDM;
UDM将SUCI进行解密,得到SUPI,UDM根据SUPI查找到UE的相关信息,基于UE的相关信息,确定采用哪种认证协议对所述UE进行认证;其中,所述认证协议可以为5G AKA或EAP-AKA’,当然,认证协议还可以有其他的协议,只是本实施例中并不做穷举。另外,关于用户的终端设备的相关信息profile,可以在终端设备与网络侧进行签约的时候,写入统一数据管理(UDM,Unified Data Management)中,然后当终端设备需要进行认证的时候,由UDM来确定终端设备采用哪种认证协议进行处理;此后UDM将与辅助密钥发送给AUSF;UDM decrypts the SUCI to obtain SUPI. UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment. In addition, the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal device uses for processing; thereafter UDM will send the auxiliary key to AUSF;
UE和网络使用选定的认证协议进行相互认证;认证结束后,生成会话密钥KSEAF。The UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key KSEAF is generated.
其中,第一处理器51,用于基于长期密钥生成会话密钥;基于所述会话密钥、以及所述辅助密钥,生成本次会话密钥。The first processor 51 is configured to generate a session key based on the long-term key; and generate the session key based on the session key and the auxiliary key.
具体来说,UE和AUSF分别使用KSEAF和KASIS生成最终会话密钥KSEAF*,其计算如下:Specifically, UE and AUSF use KSEAF and KASIS to generate the final session key KSEAF*, which is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,AP)KSEAF* = KDF (KSEAF, KASIS, AP)
其中,KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里。Among them, KDF is a key derivation function, such as HMAC-SHA-256, AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not appear in the formula.
需要指出的是,UDM也可以不把KASIS传给AUSF,而是直接使用KSEAF和KASIS生成最终会话密钥KSEAF*,再把它传给AUSF。It should be pointed out that UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
场景2、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。Scenario 2. In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
本场景,与场景1的不同之处在于,获取辅助密钥的方式不同。具体说明如下:This scenario is different from scenario 1 in that the auxiliary key is obtained in different ways. The specific instructions are as follows:
所述第一处理器51,用于当与网络侧初次进行连接时,生成辅助密钥。The first processor 51 is configured to generate an auxiliary key when connecting with the network for the first time.
本场景中,生成辅助密钥的方式可以为UE本地基于随机数生成的。可以理解的是,UE生成辅助密钥的时候,网络侧是还未获取到该辅助密钥的。因此,进一步地,所述生成辅助密钥之后,所述第一处理器51,用于基于所述辅助密钥以及UE的永久标识SUPI,进行加密生成SUCI;In this scenario, the method for generating the auxiliary key may be a random number generated locally by the UE. It can be understood that when the UE generates the auxiliary key, the network side has not yet obtained the auxiliary key. Therefore, further, after the auxiliary key is generated, the first processor 51 is configured to encrypt and generate the SUCI based on the auxiliary key and the permanent identifier SUPI of the UE;
所述第一通信接口52,用于将所述SUCI发送至网络侧。The first communication interface 52 is used to send the SUCI to the network side.
也就是说,UE生成辅助密钥之后,还会将辅助密钥作为SUCI的加密的内容发送至网络侧,具体来说,可以为UE将SUCI发送至网络侧的UDM。That is to say, after the UE generates the auxiliary key, the auxiliary key will also be sent to the network side as the encrypted content of the SUCI. Specifically, the UE may send the SUCI to the UDM on the network side.
同样可以参见图2对本场景进行具体说明,包括:See also Figure 2 for a specific description of this scenario, including:
UE在第一次连接网络时,生成辅助密钥KASIS,使用ECIES方案对用户的永久标识SUPI中的MSIN和KASIS进行加密生成SUCI,并把SUCI 传递给SEAF。其中,SUCI的内容如下:When the UE connects to the network for the first time, it generates the auxiliary key KASIS, uses the ECIES scheme to encrypt the MSIN and KASIS in the user's permanent identification SUPI, and generates SUCI, and passes the SUCI to SEAF. Among them, the contents of SUCI are as follows:
SUCI=SUPI的类型+归属网络标识+路由标识+保护方案标识+BPUB+APUB+KE{MSIN,KASIS}+Tag。SUCI = type of SUPI + home network identifier + route identifier + protection scheme identifier + BPUB + APUB + KE {MSIN, KASIS} + Tag.
然后,SEAF把SUCI传递给AUSF,AUSF再把SUCI传递给UDM;UDM对SUCI解密得到SUPI,根据SUPI找到UE的Profile,从而确定使用何种认证协议对UE进行认证(5G AKA或EAP-AKA’),这里的处理方式与场景1相同,不再赘述。Then, SEAF passes SUCI to AUSF, and AUSF passes SUCI to UDM; UDM decrypts SUCI to obtain SUPI, finds the UE's Profile according to SUPI, and then determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA' ), the processing method here is the same as that in scenario 1 and will not be repeated here.
UDM在Nudm_Authentication_Get Response消息里,把KASIS传给AUSF;UDM passes KASIS to AUSF in the Nudm_Authentication_Get Response message;
UE和网络使用选定的认证协议进行相互认证;认证结束后,生成会话密钥KSEAF。The UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key KSEAF is generated.
本场景中生成本次会话密钥的方式与场景1也是相同的,因此也不再赘述。The method of generating the session key in this scenario is also the same as in scenario 1, so it will not be described in detail.
场景3、基于所述会话密钥、所述辅助密钥、以及上一次通信使用的会话密钥,生成本次会话密钥;具体说明如下:Scenario 3: Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
第一处理器51,用于基于长期密钥生成会话密钥;基于所述会话密钥、所述辅助密钥、以及上一次通信使用的会话密钥,生成本次会话密钥。The first processor 51 is configured to generate a session key based on the long-term key; and generate the session key based on the session key, the auxiliary key, and the session key used in the previous communication.
需要指出的是,本场景中,生成辅助密钥的方式可以为场景1的方式或者,可以为场景2的方式,这里也不再赘述。与场景1、场景2的不同之处在于,本场景中在最终生成本次会话密钥的时候,还添加了上一次通信使用的会话密钥。比如,UE和AUSF生成最终会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。最终会话密钥KSEAF*的计算如下:It should be noted that in this scenario, the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here. The difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added. For example, when the UE and AUSF generate the final session key KSEAF*, in addition to KSEAF and KASIS, the last final session key KSEAF*_pre stored in the UE and AUSF, respectively, is also used. The final session key KSEAF* is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,KSEAF*_pre,AP)KSEAF*=KDF (KSEAF, KASIS, KSEAF*_pre, AP)
这里KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在 公式里可见。Here, KDF is a key derivation function, such as HMAC-SHA-256, AP is an auxiliary parameter for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not be visible in the formula.
最后需要说明的是,场景1、场景2能保证最终会话密钥KSEAF*的安全性,原因是生成本次会话密钥的时候,除了依赖于基于长期密钥K而生成的待使用密钥KSEAF,还依赖于辅助密钥KASIS,而KASIS的安全性由ECIES保证。鉴于ECIES既能防止被动攻击又能防止主动攻击。因此,无论是主动攻击者或是被动攻击者都无法获得最终会话密钥KSEAF*,即使长期密钥K已泄露。Finally, it should be noted that scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
场景3的安全性比场景1、场景2更高,因为在此方案中,UE和AUSF生成本次会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。这样即使KASIS被攻击者破解,攻击者也不能得到最终会话密钥KSEAF*,除非它能得到上次最终会话密钥KSEAF*_pre。Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively. The final session key KSEAF*_pre. In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
本申请中涉及的三个场景只有UE首次连接网络时,为了使UE和UDM得到辅助密钥KASIS,需要使用非对称密钥算法(由于使用ECIES)。后续的最终会话密钥KSEAF*生成不需要使用非对称密钥,比如可以使用对称密钥。因此,此提案适合在物联网场景下使用。并且,本提案高度与现有的5G标准兼容,因不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。In the three scenarios involved in this application, only when the UE is connected to the network for the first time, in order for the UE and UDM to obtain the auxiliary key KASIS, an asymmetric key algorithm (due to the use of ECIES) is required. Subsequent final session key KSEAF* generation does not require the use of an asymmetric key, for example, a symmetric key can be used. Therefore, this proposal is suitable for use in IoT scenarios. In addition, this proposal is highly compatible with the existing 5G standard, because it does not require major changes to the original authentication protocol to achieve enhanced session key security.
通过采用上述方案,就能够在生成最终的会话密钥的时候,除了根据长期密钥之外,还可以结合辅助密钥,或者结合辅助密钥以及上一次通信使用的会话密钥,共同进行本次会话密钥的生成;如此,不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。By using the above scheme, when generating the final session key, in addition to the long-term key, you can also combine the auxiliary key, or the auxiliary key and the session key used in the previous communication Generation of secondary session keys; thus, the security of session keys can be enhanced without major changes to the original authentication protocol.
如图6所示,本申请实施例提供了一种第一网络设备,包括:As shown in FIG. 6, an embodiment of the present application provides a first network device, including:
第二通信接口61,用于获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;以及 基于所述本次会话密钥与所述UE进行通信;The second communication interface 61 is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the current session The key communicates with the UE;
第二处理器62,用于至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;The second processor 62 is configured to generate the session key corresponding to the UE based on at least the auxiliary key corresponding to the UE;
其中,所述第二处理器,用于基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Wherein, the second processor is used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
本实施例中所涉及的第一网络设备,可以认为是网络侧具备AUSF功能的设备。The first network device involved in this embodiment may be regarded as a device with AUSF function on the network side.
本实施例提供了多种具体处理场景,下面分别进行说明:This embodiment provides a variety of specific processing scenarios, which are described below respectively:
场景1、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。具体说明如下:Scenario 1. In addition to using a long-term key, the generation of a session key also includes an auxiliary key. The specific instructions are as follows:
所述第二通信接口61,用于从UDM获取UE所对应的辅助密钥;The second communication interface 61 is used to obtain the auxiliary key corresponding to the UE from the UDM;
其中,所述UE所对应的辅助密钥为:基于所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。Wherein, the auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of the shared key, the encryption key, and the integrity key between the UE and UDM; or, One of the shared key, encryption key, and integrity key between the UE and the UDM serves as the auxiliary key.
也就是说,将UE和UDM间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的至少一个做某种混合操作,其输出作为一个所述辅助密钥。或者,可以为UE和UDM之间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的任意一个直接作为辅助密钥;比如,将共享密钥直接作为辅助密钥、或者加密密钥直接作为辅助密钥、或者完整性密钥作为辅助密钥。That is, at least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys. Alternatively, any one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM can be used directly as the auxiliary key; for example, the shared key can be used directly as the auxiliary key, or the encryption key The key is directly used as the auxiliary key, or the integrity key is used as the auxiliary key.
例如以下的混合:For example, the following mix:
KASIS=KDF(KECDH,sharedinfo)KASIS = KDF (KECDH, sharedinfo)
KASIS=KDF(KE||KM)KASIS=KDF(KE||KM)
这里KDF是密钥推演函数,如HMAC-SHA-256,sharedinfo是UE和UDM知道的值,它也可以是空的。Here KDF is the key derivation function, such as HMAC-SHA-256, sharedinfo is the value known by UE and UDM, it can also be empty.
另外,在生成辅助密钥的时候,所述UE与网络侧初次建立连接时,基于椭圆曲线综合加密系统ECIES对所述UE的永久标识SUPI进行加密,生成加密后的SUPI;将加密后的SUPI发送至网络侧。In addition, when the auxiliary key is generated, when the UE establishes a connection with the network for the first time, the permanent identity SUPI of the UE is encrypted based on the elliptic curve comprehensive encryption system ECIES to generate the encrypted SUPI; the encrypted SUPI is generated; Send to the network side.
具体来说,参见图2,加密后的SUPI可以为SUCI;其中将加密后的SUPI发送至网络侧,可以为:将SUCI发送至网络侧的安全锚点功能(SEAF,SEcurity Anchor Function);再由SEAF将SUCI发送至鉴权服务功能(AUSF,Authentication Server Function)即第一网络设备,AUSF再将SUCI发送至UDM;Specifically, referring to FIG. 2, the encrypted SUPI may be SUCI; where the encrypted SUPI is sent to the network side, it may be: a security anchor function (SEAF, SEcurity Anchor Function) that sends SUCI to the network side; and SEAF sends SUCI to the authentication service function (AUSF, Authentication Server Function), which is the first network device, and AUSF sends SUCI to UDM;
UDM将SUCI进行解密,得到SUPI,UDM根据SUPI查找到UE的相关信息,基于UE的相关信息,确定采用哪种认证协议对所述UE进行认证;其中,所述认证协议可以为5G AKA或EAP-AKA’,当然,认证协议还可以有其他的协议,只是本实施例中并不做穷举。另外,关于用户的终端设备的相关信息profile,可以在终端设备与网络侧进行签约的时候,写入统一数据管理(UDM,Unified Data Management)中,然后当终端设备需要进行认证的时候,由UDM来确定终端设备采用哪种认证协议进行处理;此后UDM将与辅助密钥发送给AUSF;UDM decrypts the SUCI to obtain SUPI. UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment. In addition, the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal device uses for processing; thereafter UDM will send the auxiliary key to AUSF;
UE和网络使用选定的认证协议进行相互认证;认证结束后,生成会话密钥KSEAF。The UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key KSEAF is generated.
其中,第二处理器62,用于基于UE所对应的长期密钥生成会话密钥;The second processor 62 is used to generate a session key based on the long-term key corresponding to the UE;
基于所述会话密钥、以及所述UE所对应的辅助密钥,生成网络侧与所述UE通信所使用的本次会话密钥。Based on the session key and the auxiliary key corresponding to the UE, the current session key used for communication between the network side and the UE is generated.
具体来说,UE和AUSF即第一网络设备分别使用KSEAF和KASIS生成最终会话密钥KSEAF*,其计算如下:Specifically, the UE and AUSF, that is, the first network device respectively use KSEAF and KASIS to generate the final session key KSEAF*, which is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,AP)KSEAF* = KDF (KSEAF, KASIS, AP)
其中,KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里。Among them, KDF is a key derivation function, such as HMAC-SHA-256, AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not appear in the formula.
需要指出的是,UDM也可以不把KASIS传给AUSF,而是直接使用KSEAF和KASIS生成最终会话密钥KSEAF*,再把它传给AUSF。It should be pointed out that UDM can also use KSEAF and KASIS to generate the final session key KSEAF* instead of passing KASIS to AUSF, and then pass it to AUSF.
场景2、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。Scenario 2. In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
本场景,与场景1的不同之处在于,生成辅助密钥的方式不同,但是针对第一网络设备来说,与场景1采用相同的方式从UDM获取辅助密钥,另外,其他的处理流程与场景1均相同,因此这里不再赘述。This scenario is different from scenario 1 in that the auxiliary key generation method is different, but for the first network device, the auxiliary key is obtained from UDM in the same way as scenario 1, in addition, other processing procedures are different from Scene 1 is the same, so it will not be repeated here.
场景3、基于所述会话密钥、所述辅助密钥、以及上一次通信使用的会话密钥,生成本次会话密钥;具体说明如下:Scenario 3: Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
第二处理器62,用于基于UE所对应的长期密钥生成会话密钥;The second processor 62 is configured to generate a session key based on the long-term key corresponding to the UE;
基于所述会话密钥、所述UE所对应的辅助密钥、以及所述UE上一次通信使用的会话密钥,生成网络侧与所述UE通信所使用的本次会话密钥。Based on the session key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication, the current session key used for communication between the network side and the UE is generated.
需要指出的是,本场景中,生成辅助密钥的方式可以为场景1的方式或者,可以为场景2的方式,这里也不再赘述。与场景1、场景2的不同之处在于,本场景中在最终生成本次会话密钥的时候,还添加了上一次通信使用的会话密钥。比如,UE和AUSF生成最终会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。最终会话密钥KSEAF*的计算如下:It should be noted that in this scenario, the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here. The difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added. For example, when the UE and AUSF generate the final session key KSEAF*, in addition to KSEAF and KASIS, the last final session key KSEAF*_pre stored in the UE and AUSF, respectively, is also used. The final session key KSEAF* is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,KSEAF*_pre,AP)KSEAF*=KDF (KSEAF, KASIS, KSEAF*_pre, AP)
这里KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里可见。Here KDF is the key derivation function, such as HMAC-SHA-256, AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not be visible in the formula.
最后需要说明的是,场景1、场景2能保证最终会话密钥KSEAF*的安全性,原因是生成本次会话密钥的时候,除了依赖于基于长期密钥K而生 成的待使用密钥KSEAF,还依赖于辅助密钥KASIS,而KASIS的安全性由ECIES保证。鉴于ECIES既能防止被动攻击又能防止主动攻击。因此,无论是主动攻击者或是被动攻击者都无法获得最终会话密钥KSEAF*,即使长期密钥K已泄露。Finally, it should be noted that scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
场景3的安全性比场景1、场景2更高,因为在此方案中,UE和AUSF生成本次会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。这样即使KASIS被攻击者破解,攻击者也不能得到最终会话密钥KSEAF*,除非它能得到上次最终会话密钥KSEAF*_pre。Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively. The final session key KSEAF*_pre. In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
本申请中涉及的三个场景只有UE首次连接网络时,为了使UE和UDM得到辅助密钥KASIS,需要使用非对称密钥算法(由于使用ECIES)。后续的最终会话密钥KSEAF*生成不需要使用非对称密钥,比如可以使用对称密钥。因此,此提案适合在物联网场景下使用。并且,本提案高度与现有的5G标准兼容,因不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。In the three scenarios involved in this application, only when the UE is connected to the network for the first time, in order for the UE and UDM to obtain the auxiliary key KASIS, an asymmetric key algorithm (due to the use of ECIES) is required. Subsequent final session key KSEAF* generation does not require the use of an asymmetric key, for example, a symmetric key can be used. Therefore, this proposal is suitable for use in IoT scenarios. In addition, this proposal is highly compatible with the existing 5G standard, because it does not require major changes to the original authentication protocol to achieve enhanced session key security.
通过采用上述方案,就能够在生成最终的会话密钥的时候,除了根据长期密钥之外,还可以结合辅助密钥,或者结合辅助密钥以及上一次通信使用的会话密钥,共同进行本次会话密钥的生成;如此,不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。By using the above scheme, when generating the final session key, in addition to the long-term key, you can also combine the auxiliary key, or the auxiliary key and the session key used in the previous communication Generation of secondary session keys; thus, the security of session keys can be enhanced without major changes to the original authentication protocol.
如图7所示,本实施例还提供一种第二网络设备,包括:As shown in FIG. 7, this embodiment also provides a second network device, including:
第三处理器71,用于获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;The third processor 71 is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by the UE and the unified data management UDM on the network side; at least based on the auxiliary corresponding to the UE The key generates the session key corresponding to the UE;
第三通信接口72,用于将所述UE所对应的本次会话密钥发送至第一网络设备;The third communication interface 72 is used to send the session key corresponding to the UE to the first network device;
其中,所述第三处理器,用于基于长期密钥生成的会话密钥、UE所对 应的辅助密钥,生成所述UE所对应的本次会话密钥;Wherein, the third processor is used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
本实施例中第二网络设备可以为至少具备UDM的网络设备;需要指出的是,第一网络设备与第二网络设备在物理上可以为相同的设备,也可以为不同的设备,本实施例不做限定。In this embodiment, the second network device may be a network device equipped with at least UDM; it should be noted that the first network device and the second network device may be physically the same device or different devices. In this embodiment No limitation.
本实施例提供了多种具体处理场景,下面分别进行说明:This embodiment provides a variety of specific processing scenarios, which are described below respectively:
场景1、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。具体说明如下:Scenario 1. In addition to using a long-term key, the generation of a session key also includes an auxiliary key. The specific instructions are as follows:
所述UE所对应的辅助密钥为:基于第二网络设备与所述UE之间之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将第二网络设备与所述UE之间之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。也就是说,将UE和UDM间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的至少一个做某种混合操作,其输出作为一个所述辅助密钥。或者,可以为UE和UDM之间的共享密钥KECDH、加密密钥KE、完整性密钥KM中的任意一个直接作为辅助密钥;比如,将共享密钥直接作为辅助密钥、或者加密密钥直接作为辅助密钥、或者完整性密钥作为辅助密钥。The auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of a shared key, an encryption key, and an integrity key between the second network device and the UE; Alternatively, one of the shared key, encryption key, and integrity key between the second network device and the UE is used as the auxiliary key. That is, at least one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM is subjected to some kind of hybrid operation, and its output is used as one of the auxiliary keys. Alternatively, any one of the shared key KECDH, the encryption key KE, and the integrity key KM between the UE and the UDM can be used directly as the auxiliary key; for example, the shared key can be used directly as the auxiliary key, or the encryption key The key is directly used as the auxiliary key, or the integrity key is used as the auxiliary key.
例如以下的混合:For example, the following mix:
KASIS=KDF(KECDH,sharedinfo)KASIS = KDF (KECDH, sharedinfo)
KASIS=KDF(KE||KM)KASIS=KDF(KE||KM)
这里KDF是密钥推演函数,如HMAC-SHA-256,sharedinfo是UE和UDM知道的值,它也可以是空的。Here KDF is the key derivation function, such as HMAC-SHA-256, sharedinfo is the value known by UE and UDM, it can also be empty.
具体来说,加密后的SUPI可以为SUCI;其中将加密后的SUPI发送至网络侧,可以为:将SUCI发送至网络侧的安全锚点功能(SEAF,SEcurity Anchor Function);再由SEAF将SUCI发送至鉴权服务功能(AUSF, Authentication Server Function),AUSF再将SUCI发送至UDM;Specifically, the encrypted SUPI can be SUCI; where the encrypted SUPI is sent to the network side, it can be: the security anchor function (SEAF, SEcurityAnchorFunction) that sends SUCI to the network side; then the SECI will send SUCI Send to the authentication service function (AUSF, Authentication, Server, Function), AUSF then sends SUCI to UDM;
UDM将SUCI进行解密,得到SUPI,UDM根据SUPI查找到UE的相关信息,基于UE的相关信息,确定采用哪种认证协议对所述UE进行认证;其中,所述认证协议可以为5G AKA或EAP-AKA’,当然,认证协议还可以有其他的协议,只是本实施例中并不做穷举。另外,关于用户的终端设备的相关信息profile,可以在终端设备与网络侧进行签约的时候,写入统一数据管理(UDM,Unified Data Management)中,然后当终端设备需要进行认证的时候,由UDM来确定终端设备采用哪种认证协议进行处理;UDM decrypts the SUCI to obtain SUPI. UDM finds the relevant information of the UE according to the SUPI, and determines which authentication protocol is used to authenticate the UE based on the relevant information of the UE; wherein, the authentication protocol may be 5G, AKA or EAP -AKA', of course, the authentication protocol can also have other protocols, but it is not exhaustive in this embodiment. In addition, the relevant information profile of the user's terminal device can be written into Unified Data Management (UDM, Unified Data Management) when the terminal device signs a contract with the network side, and then when the terminal device needs to be authenticated, UDM To determine which authentication protocol the terminal equipment uses for processing;
UE和网络使用选定的认证协议进行相互认证;认证结束后,获取本次会话密钥。The UE and the network use the selected authentication protocol for mutual authentication; after the authentication is completed, the session key is obtained.
需要指出的是,本场景中UDM也可以不把KASIS传给AUSF,而是UDM即第二网络设备自身生成与UE通信所使用的本次会话密钥,然后将生成的本次会话密钥发送给AUSF。具体的:第三处理器71,用于基于UE所对应的长期密钥生成会话密钥;基于所述会话密钥、以及所述UE所对应的辅助密钥,生成网络侧与所述UE通信所使用的本次会话密钥。It should be noted that in this scenario, UDM may not pass KASIS to AUSF, but UDM means that the second network device itself generates the session key used for communication with the UE, and then sends the generated session key To AUSF. Specifically: the third processor 71 is configured to generate a session key based on the long-term key corresponding to the UE; generate a network side to communicate with the UE based on the session key and the auxiliary key corresponding to the UE The session key used.
具体来说,UE和UDM分别使用KSEAF和KASIS生成最终会话密钥KSEAF*,其计算如下:Specifically, UE and UDM use KSEAF and KASIS to generate the final session key KSEAF*, which is calculated as follows:
KSEAF*=KDF(KSEAF,KASIS,AP)KSEAF* = KDF (KSEAF, KASIS, AP)
其中,KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里。Among them, KDF is a key derivation function, such as HMAC-SHA-256, AP is an auxiliary parameter used for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not appear in the formula.
场景2、生成会话密钥的生成除了使用长期密钥外,还要加上辅助密钥。Scenario 2. In addition to using a long-term key, the generation of a session key also includes an auxiliary key.
本场景,与场景1的不同之处在于,获取辅助密钥的方式不同。具体说明如下:This scenario is different from scenario 1 in that the auxiliary key is obtained in different ways. The specific instructions are as follows:
当所述UE与网络侧初次进行连接时,生成辅助密钥。生成辅助密钥的方式可以为UE本地基于随机数生成的。可以理解的是,UE生成辅助密钥 的时候,网络侧是还未获取到该辅助密钥的。因此,进一步地,第三通信接口72,用于获取UE发来的SUCI,第三处理器71,用于对所述SUCI解密后得到所述UE所对应的辅助密钥以及SUPI;When the UE first connects with the network side, an auxiliary key is generated. The method of generating the auxiliary key may be a random number generated locally by the UE. It can be understood that when the UE generates the auxiliary key, the network side has not yet obtained the auxiliary key. Therefore, further, the third communication interface 72 is used to obtain the SUCI sent by the UE, and the third processor 71 is used to decrypt the SUCI and obtain the auxiliary key and SUPI corresponding to the UE;
其中,所述UE所对应的辅助密钥包括:与UE之间的共享密钥、加密密钥、完整性密钥中的至少一个。The auxiliary key corresponding to the UE includes at least one of a shared key, an encryption key, and an integrity key with the UE.
也就是说,UE生成辅助密钥之后,还会将辅助密钥作为SUCI的加密的内容发送至网络侧,具体来说,可以为UE将SUCI发送至网络侧的UDM。That is to say, after the UE generates the auxiliary key, the auxiliary key will also be sent to the network side as the encrypted content of the SUCI. Specifically, the UE may send the SUCI to the UDM on the network side.
本场景的一种处理流程为:A processing flow in this scenario is:
UE在第一次连接网络时,生成辅助密钥KASIS,使用ECIES方案对用户的永久标识SUPI中的MSIN和KASIS进行加密生成SUCI,并把SUCI传递给SEAF。其中,SUCI的内容如下:When the UE connects to the network for the first time, it generates the auxiliary key KASIS, uses the ECIES scheme to encrypt the MSIN and KASIS in the user's permanent identity SUPI, and generates SUCI, and passes the SUCI to SEAF. Among them, the contents of SUCI are as follows:
SUCI=SUPI的类型+归属网络标识+路由标识+保护方案标识+BPUB+APUB+KE{MSIN,KASIS}+Tag。SUCI = type of SUPI + home network identifier + route identifier + protection scheme identifier + BPUB + APUB + KE {MSIN, KASIS} + Tag.
然后,SEAF把SUCI传递给AUSF,AUSF再把SUCI传递给UDM;UDM对SUCI解密得到SUPI,根据SUPI找到UE的Profile,从而确定使用何种认证协议对UE进行认证(5G AKA或EAP-AKA’),这里的处理方式与场景1相同,不再赘述。Then, SEAF passes SUCI to AUSF, and AUSF passes SUCI to UDM; UDM decrypts SUCI to obtain SUPI, finds the UE's Profile according to SUPI, and then determines which authentication protocol to use to authenticate the UE (5G AKA or EAP-AKA' ), the processing method here is the same as that in scenario 1 and will not be repeated here.
UDM在可以不把KASIS传给AUSF,而是直接使用KSEAF和KASIS生成最终会话密钥KSEAF*,在把它传给AUSF。具体的关于第二网络设备即UDM生成本次会话密钥的方式,可以与场景1相同,不再赘述。UDM does not need to pass KASIS to AUSF, but directly uses KSEAF and KASIS to generate the final session key KSEAF*, and then passes it to AUSF. The specific method for generating the session key of the second network device, that is, UDM, may be the same as that in scenario 1, and will not be described in detail.
场景3、基于所述会话密钥、所述辅助密钥、以及上一次通信使用的会话密钥,生成本次会话密钥;具体说明如下:Scenario 3: Based on the session key, the auxiliary key, and the session key used in the previous communication, the session key is generated; the specific instructions are as follows:
第三处理器71,用于基于UE所对应的长期密钥生成会话密钥;The third processor 71 is configured to generate a session key based on the long-term key corresponding to the UE;
基于所述会话密钥、以及所述UE所对应的辅助密钥,生成网络侧与所述UE通信所使用的本次会话密钥。Based on the session key and the auxiliary key corresponding to the UE, the current session key used for communication between the network side and the UE is generated.
需要指出的是,本场景中,生成辅助密钥的方式可以为场景1的方式 或者,可以为场景2的方式,这里也不再赘述。与场景1、场景2的不同之处在于,本场景中在最终生成本次会话密钥的时候,还添加了上一次通信使用的会话密钥。最终,本次会话密钥KSEAF*的计算如下:It should be pointed out that in this scenario, the method for generating the auxiliary key may be the scenario 1 scenario, or may be the scenario 2 scenario, which will not be repeated here. The difference from scenario 1 and scenario 2 is that in this scenario, when the session key is finally generated, the session key used in the previous communication is also added. Finally, the calculation of the session key KSEAF* is as follows:
KSEAF*=KDF(KSEAF,KASIS,KSEAF*_pre,AP)KSEAF*=KDF (KSEAF, KASIS, KSEAF*_pre, AP)
这里KDF是密钥推演函数,如HMAC-SHA-256,AP是辅助参数用于辅助功能,如防止bidding down攻击,AP是可选参数,也可能不出现在公式里可见。Here KDF is the key derivation function, such as HMAC-SHA-256, AP is the auxiliary parameter for auxiliary functions, such as preventing bidding down attacks, AP is an optional parameter, and may not be visible in the formula.
最后需要说明的是,场景1、场景2能保证最终会话密钥KSEAF*的安全性,原因是生成本次会话密钥的时候,除了依赖于基于长期密钥K而生成的待使用密钥KSEAF,还依赖于辅助密钥KASIS,而KASIS的安全性由ECIES保证。鉴于ECIES既能防止被动攻击又能防止主动攻击。因此,无论是主动攻击者或是被动攻击者都无法获得最终会话密钥KSEAF*,即使长期密钥K已泄露。Finally, it should be noted that scenario 1 and scenario 2 can guarantee the security of the final session key KSEAF*, because when generating this session key, in addition to relying on the key KSEAF generated based on the long-term key K , Also depends on the auxiliary key KASIS, and the security of KASIS is guaranteed by ECIES. Whereas ECIES can prevent both passive and active attacks. Therefore, neither the active attacker nor the passive attacker can obtain the final session key KSEAF*, even if the long-term key K has been leaked.
场景3的安全性比场景1、场景2更高,因为在此方案中,UE和AUSF生成本次会话密钥KSEAF*时,除了使用KSEAF和KASIS外,还使用分别存储在UE和AUSF的上次最终会话密钥KSEAF*_pre。这样即使KASIS被攻击者破解,攻击者也不能得到最终会话密钥KSEAF*,除非它能得到上次最终会话密钥KSEAF*_pre。Scenario 3 is more secure than Scenario 1 and Scenario 2, because in this scenario, when UE and AUSF generate the session key KSEAF*, in addition to KSEAF and KASIS, they are also stored on the UE and AUSF respectively. The final session key KSEAF*_pre. In this way, even if KASIS is cracked by the attacker, the attacker cannot obtain the final session key KSEAF* unless it can obtain the last final session key KSEAF*_pre.
本申请中涉及的三个场景只有UE首次连接网络时,为了使UE和UDM得到辅助密钥KASIS,需要使用非对称密钥算法(由于使用ECIES)。后续的最终会话密钥KSEAF*生成不需要使用非对称密钥,比如可以使用对称密钥。因此,此提案适合在物联网场景下使用。并且,本提案高度与现有的5G标准兼容,因不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。In the three scenarios involved in this application, only when the UE is connected to the network for the first time, in order for the UE and UDM to obtain the auxiliary key KASIS, an asymmetric key algorithm (due to the use of ECIES) is required. Subsequent final session key KSEAF* generation does not require the use of an asymmetric key, for example, a symmetric key can be used. Therefore, this proposal is suitable for use in IoT scenarios. In addition, this proposal is highly compatible with the existing 5G standard, because it does not require major changes to the original authentication protocol to achieve enhanced session key security.
通过采用上述方案,就能够在生成最终的会话密钥的时候,除了根据长期密钥之外,还可以结合辅助密钥,或者结合辅助密钥以及上一次通信 使用的会话密钥,共同进行本次会话密钥的生成;如此,不需要对原有的认证协议做大的改动就可实现会话密钥的安全性增强。By using the above scheme, when generating the final session key, in addition to the long-term key, you can also combine the auxiliary key, or the auxiliary key and the session key used in the previous communication Generation of secondary session keys; thus, the security of session keys can be enhanced without major changes to the original authentication protocol.
本申请实施例还提供了一种计算机可读存储介质,用于存储计算机程序。Embodiments of the present application also provide a computer-readable storage medium for storing computer programs.
可选的,该计算机可读存储介质可应用于本申请实施例中的任意一种网络设备,并且该计算机程序使得计算机执行本申请实施例的各个方法中由网络设备实现的相应流程,为了简洁,在此不再赘述。Optionally, the computer-readable storage medium can be applied to any network device in the embodiments of the present application, and the computer program enables the computer to execute the corresponding process implemented by the network device in each method of the embodiments of the present application, for simplicity And will not be repeated here.
如图8所示,本实施例还提供一种密钥生成系统,包括:至少一个UE81、鉴权服务功能AUSF实体82;其中,As shown in FIG. 8, this embodiment also provides a key generation system, including: at least one UE 81 and an authentication service function AUSF entity 82; wherein,
所述UE81,用于获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;The UE 81 is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key, based on The session key is communicated with the network side;
所述AUSF实体82,用于获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;以及基于所述本次会话密钥与所述UE进行通信;至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;The AUSF entity 82 is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the current session The key communicates with the UE; the session key corresponding to the UE is generated based at least on the auxiliary key corresponding to the UE;
其中,所述UE,具体用于基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥;Among them, the UE is specifically used to generate the session key based on the session key generated by the long-term key and the auxiliary key; or, the session key generated by the long-term key, the auxiliary key and the last time with the network The session key used for the side communication to generate this session key;
所述AUSF,具体用于基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;The AUSF is specifically used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
所述UE,用于将与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理后,得到一个所述辅助密钥;或者,将与UDM之间的 共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥;The UE is configured to obtain at least one of the auxiliary key after processing at least one of the shared key, encryption key, and integrity key with the UDM; or, the shared secret with the UDM One of the key, encryption key, and integrity key is used as the auxiliary key;
所述AUSF实体,用于从UDM获取UE所对应的辅助密钥;其中,所述UE所对应的辅助密钥为:基于所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。The AUSF entity is used to obtain the auxiliary key corresponding to the UE from UDM; wherein, the auxiliary key corresponding to the UE is: based on the shared key, encryption key, and integrity between the UE and UDM One key obtained by processing at least one of the keys; or, one of the shared key, the encryption key, and the integrity key between the UE and the UDM is used as the auxiliary key.
所述系统还包括:UDM实体83,用于将UE所对应的辅助密钥发送至AUSF实体。The system further includes: a UDM entity 83, configured to send the auxiliary key corresponding to the UE to the AUSF entity.
基于上述架构,本申请还可以提供一种密钥生成系统,包括:至少一个UE、鉴权服务功能AUSF实体、UDM实体;其中,Based on the above architecture, this application may also provide a key generation system, including: at least one UE, an authentication service function AUSF entity, and a UDM entity; wherein,
所述UE,用于获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;The UE is used to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key, based on The session key is communicated with the network side;
所述UDM实体,用于获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;将所述UE所对应的本次会话密钥发送至AUSF实体;The UDM entity is used to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least based on the auxiliary key corresponding to the UE The key generates the session key corresponding to the UE; sends the session key corresponding to the UE to the AUSF entity;
所述AUSF实体,用于基于所述UE对应的本会话密钥与所述UE进行通信;The AUSF entity is used to communicate with the UE based on the session key corresponding to the UE;
其中,所述UE,具体用于基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥;Among them, the UE is specifically used to generate the session key based on the session key generated by the long-term key and the auxiliary key; or, the session key generated by the long-term key, the auxiliary key and the last time with the network The session key used for the side communication to generate this session key;
所述UDM实体,具体用于基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;The UDM entity is specifically used to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。Those of ordinary skill in the art may realize that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are executed in hardware or software depends on the specific application of the technical solution and design constraints. Professional technicians can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and conciseness of the description, the specific working processes of the above-described systems, devices, and units can refer to the corresponding processes in the foregoing method embodiments, and details are not described herein again.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, device, and method may be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the unit is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical, or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的 部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,)ROM、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the function is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application essentially or part of the contribution to the existing technology or part of the technical solution can be embodied in the form of a software product, the computer software product is stored in a storage medium, including Several instructions are used to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the methods described in the embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other media that can store program code .
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应所述以权利要求的保护范围为准。The above is only the specific implementation of this application, but the scope of protection of this application is not limited to this, any person skilled in the art can easily think of changes or replacements within the technical scope disclosed in this application. It should be covered by the scope of protection of this application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (25)

  1. 一种密钥生成方法,应用于用户设备UE,所述方法包括:A key generation method is applied to user equipment UE. The method includes:
    获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
    至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;Generate the session key at least based on the auxiliary key, and communicate with the network side based on the session key;
    其中,所述至少基于辅助密钥生成本次会话密钥,包括:Wherein, generating the session key at least based on the auxiliary key includes:
    基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;Generate the session key based on the session key generated by the long-term key and the auxiliary key;
    或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥。Alternatively, the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
  2. 根据权利要求1所述的方法,其中,所述获取辅助密钥,包括:The method according to claim 1, wherein the obtaining the auxiliary key comprises:
    将与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理后,得到一个所述辅助密钥;After processing at least one of the shared key, the encryption key, and the integrity key with the UDM, obtain one of the auxiliary keys;
    或者,or,
    将与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。One of the shared key, encryption key, and integrity key with UDM is used as the auxiliary key.
  3. 根据权利要求2所述的方法,其中,所述获取辅助密钥时,所述方法还包括:The method according to claim 2, wherein, when acquiring the auxiliary key, the method further comprises:
    所述UE与网络侧初次建立连接时,基于椭圆曲线综合加密系统ECIES对所述UE的永久标识SUPI进行加密,生成加密后的SUPI;When the UE establishes a connection with the network side for the first time, the permanent identity SUPI of the UE is encrypted based on an elliptic curve comprehensive encryption system ECIES to generate an encrypted SUPI;
    将加密后的SUPI发送至网络侧。Send the encrypted SUPI to the network side.
  4. 根据权利要求1所述的方法,其中,所述获取辅助密钥,包括:The method according to claim 1, wherein the obtaining the auxiliary key comprises:
    当所述UE与网络侧初次进行连接时,生成随机数作为辅助密钥。When the UE first connects with the network side, a random number is generated as an auxiliary key.
  5. 根据权利要求4所述的方法,其中,所述生成辅助密钥之后,所述还包括:The method according to claim 4, wherein after generating the auxiliary key, the further comprising:
    基于所述辅助密钥以及UE的永久标识SUPI中的移动识别号MISN,进行加密生成SUCI;Based on the auxiliary key and the mobile identification number MISN in the permanent identification SUPI of the UE, encrypt to generate SUCI;
    将所述SUCI发送至网络侧。Send the SUCI to the network side.
  6. 一种密钥生成方法,应用于第一网络设备,所述方法包括:A key generation method is applied to the first network device. The method includes:
    获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Obtain the auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
    至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,基于所述本次会话密钥与所述UE进行通信;Generating at least a session key corresponding to the UE based on the auxiliary key corresponding to the UE, and communicating with the UE based on the session key;
    其中,所述至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,包括:Wherein, generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
    基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
    或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  7. 根据权利要求6所述的方法,其中,所述获取UE所对应的辅助密钥,包括:The method according to claim 6, wherein the acquiring the auxiliary key corresponding to the UE comprises:
    从UDM获取UE所对应的辅助密钥;Obtain the auxiliary key corresponding to the UE from UDM;
    其中,所述UE所对应的辅助密钥为:基于所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。Wherein, the auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of the shared key, the encryption key, and the integrity key between the UE and UDM; or, One of the shared key, encryption key, and integrity key between the UE and the UDM serves as the auxiliary key.
  8. 一种密钥生成方法,应用于第二网络设备,所述方法包括:A key generation method is applied to a second network device. The method includes:
    获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;Obtain the auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side;
    至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;Generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE;
    将所述UE所对应的本次会话密钥发送至第一网络设备;Send the session key corresponding to the UE to the first network device;
    其中,所述至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥,包括:Wherein, generating the session key corresponding to the UE at least based on the auxiliary key corresponding to the UE includes:
    基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
    或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  9. 根据权利要求8所述的方法,其中,所述获取UE所对应的辅助密钥,包括:The method according to claim 8, wherein the acquiring the auxiliary key corresponding to the UE comprises:
    获取UE发来的SUCI,对所述SUCI解密后得到所述UE所对应的辅助密钥以及SUPI;Obtain the SUCI sent by the UE, and decrypt the SUCI to obtain the auxiliary key and SUPI corresponding to the UE;
    其中,所述UE所对应的辅助密钥为:基于第二网络设备与所述UE之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将第二网络设备与所述UE之间之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。The auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of a shared key, an encryption key, and an integrity key between the second network device and the UE; Alternatively, one of the shared key, encryption key, and integrity key between the second network device and the UE is used as the auxiliary key.
  10. 一种UE,包括:A UE, including:
    第一处理器,配置为获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥;The first processor is configured to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least the session key is generated based on the auxiliary key;
    第一通信接口,配置为基于所述本次会话密钥与网络侧进行通信;A first communication interface configured to communicate with the network side based on the current session key;
    其中,所述第一处理器,配置为基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;Wherein, the first processor is configured to generate the session key based on the session key generated by the long-term key and the auxiliary key;
    或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥。Alternatively, the session key is generated based on the session key generated by the long-term key, the auxiliary key, and the session key used in the last communication with the network side.
  11. 根据权利要求10所述的UE,其中,所述第一处理器,配置为将与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理后,得到一个所述辅助密钥;或者,将与UDM之间的共享密钥、加密密钥、完 整性密钥中之一作为所述辅助密钥。The UE according to claim 10, wherein the first processor is configured to process at least one of a shared key, an encryption key, and an integrity key with UDM to obtain one of the Auxiliary key; or, one of the shared key, encryption key, and integrity key with the UDM is used as the auxiliary key.
  12. 根据权利要求11所述的UE,其中,所述第一处理器,配置为与网络侧初次建立连接时,基于椭圆曲线综合加密系统ECIES对所述UE的永久标识SUPI进行加密,生成加密后的SUPI;The UE according to claim 11, wherein the first processor is configured to encrypt the permanent identity SUPI of the UE based on an elliptic curve comprehensive encryption system ECIES when the connection is first established with the network side to generate an encrypted SUPI;
    所述第一通信接口,配置为将加密后的SUPI发送至网络侧。The first communication interface is configured to send the encrypted SUPI to the network side.
  13. 根据权利要求10所述的UE,其中,所述第一处理器,配置为当所述UE与网络侧初次进行连接时,生成随机数作为辅助密钥。The UE according to claim 10, wherein the first processor is configured to generate a random number as an auxiliary key when the UE and the network side are connected for the first time.
  14. 根据权利要求13所述的UE,其中,所述第一处理器,配置为基于所述辅助密钥以及UE的永久标识SUPI中的MSIN,进行加密生成SUCI;The UE according to claim 13, wherein the first processor is configured to encrypt and generate a SUCI based on the auxiliary key and the MSIN in the permanent identity SUPI of the UE;
    所述第一通信接口,配置为将所述SUCI发送至网络侧。The first communication interface is configured to send the SUCI to the network side.
  15. 一种第一网络设备,包括:A first network device, including:
    第二通信接口,配置为获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;以及基于所述本次会话密钥与所述UE进行通信;The second communication interface is configured to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the session key Key to communicate with the UE;
    第二处理器,配置为至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;A second processor configured to generate the session key corresponding to the UE based on at least the auxiliary key corresponding to the UE;
    其中,所述第二处理器,配置为基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Wherein, the second processor is configured to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
    或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  16. 根据权利要求15所述的第一网络设备,其中,所述第二通信接口,配置为从UDM获取UE所对应的辅助密钥;The first network device according to claim 15, wherein the second communication interface is configured to obtain the auxiliary key corresponding to the UE from UDM;
    其中,所述UE所对应的辅助密钥为:基于所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。Wherein, the auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of the shared key, the encryption key, and the integrity key between the UE and UDM; or, One of the shared key, encryption key, and integrity key between the UE and the UDM serves as the auxiliary key.
  17. 一种第二网络设备,包括:A second network device, including:
    第三处理器,配置为获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;The third processor is configured to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least based on the auxiliary key corresponding to the UE The key generates the session key corresponding to the UE;
    第三通信接口,配置为将所述UE所对应的本次会话密钥发送至第一网络设备;A third communication interface configured to send the session key corresponding to the UE to the first network device;
    其中,所述第三处理器,配置为基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;Wherein, the third processor is configured to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
    或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  18. 根据权利要求17所述的第二网络设备,其中,所述第三通信接口,配置为获取UE发来的SUCI;The second network device according to claim 17, wherein the third communication interface is configured to acquire the SUCI sent by the UE;
    第三处理器,配置为对所述SUCI解密后得到所述UE所对应的辅助密钥以及SUPI;A third processor configured to obtain the auxiliary key and SUPI corresponding to the UE after decrypting the SUCI;
    其中,所述UE所对应的辅助密钥为:基于第二网络设备与所述UE之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将第二网络设备与所述UE之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。The auxiliary key corresponding to the UE is: a key obtained by processing based on at least one of a shared key, an encryption key, and an integrity key between the second network device and the UE; Alternatively, one of the shared key, encryption key, and integrity key between the second network device and the UE is used as the auxiliary key.
  19. 一种计算机存储介质,其上存储有计算机程序,其中,该计算机程序被处理器执行时实现权利要求1-5任一项所述方法的步骤。A computer storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the method according to any one of claims 1-5 are implemented.
  20. 一种计算机存储介质,其上存储有计算机程序,其中,该计算机程序被处理器执行时实现权利要求6或7所述方法的步骤。A computer storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the method of claim 6 or 7 are implemented.
  21. 一种计算机存储介质,其上存储有计算机程序,其中,该计算机程序被处理器执行时实现权利要求8或9所述方法的步骤。A computer storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the method according to claim 8 or 9 are realized.
  22. 一种密钥生成系统,包括:至少一个UE、鉴权服务功能AUSF实体;其中,A key generation system includes: at least one UE and an authentication service function AUSF entity; wherein,
    所述UE,配置为获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;The UE is configured to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; the session key is generated based at least on the auxiliary key, based on The session key is communicated with the network side;
    所述AUSF实体,配置为获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;以及基于所述本次会话密钥与所述UE进行通信;至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;The AUSF entity is configured to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; and based on the session secret The key communicates with the UE; at least based on the auxiliary key corresponding to the UE to generate the session key corresponding to the UE;
    其中,所述UE,配置为基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥;Wherein, the UE is configured to generate the session key based on the session key generated by the long-term key and the auxiliary key; or, the session key generated by the long-term key, the auxiliary key and the last time with the network side The session key used for communication to generate this session key;
    所述AUSF,配置为基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;The AUSF is configured to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
    或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
  23. 根据权利要求22所述的系统,其中,所述UE,配置为将与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理后,得到一个所述辅助密钥;或者,将与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥;The system according to claim 22, wherein the UE is configured to obtain at least one of the auxiliary key after processing at least one of a shared key, an encryption key, and an integrity key with UDM Or, one of the shared key, encryption key, and integrity key with UDM is used as the auxiliary key;
    所述AUSF实体,配置为从UDM获取UE所对应的辅助密钥;其中,所述UE所对应的辅助密钥为:基于所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中的至少一个进行处理所得到的一个密钥;或者,将所述UE与UDM之间的共享密钥、加密密钥、完整性密钥中之一作为所述辅助密钥。The AUSF entity is configured to obtain the auxiliary key corresponding to the UE from UDM; wherein, the auxiliary key corresponding to the UE is: based on the shared key, encryption key, and integrity between the UE and UDM One key obtained by processing at least one of the keys; or, one of the shared key, the encryption key, and the integrity key between the UE and the UDM is used as the auxiliary key.
  24. 根据权利要求23所述的系统,其中,所述系统还包括:The system of claim 23, wherein the system further comprises:
    UDM实体,配置为将UE所对应的辅助密钥发送至AUSF实体。The UDM entity is configured to send the auxiliary key corresponding to the UE to the AUSF entity.
  25. 一种密钥生成系统,包括:至少一个UE、鉴权服务功能AUSF实 体、UDM实体;其中,A key generation system includes: at least one UE, an authentication service function AUSF entity, and a UDM entity; wherein,
    所述UE,配置为获取辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于辅助密钥生成本次会话密钥,基于所述本次会话密钥与网络侧进行通信;The UE is configured to obtain an auxiliary key; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; the session key is generated based at least on the auxiliary key, based on The session key is communicated with the network side;
    所述UDM实体,配置为获取UE所对应的辅助密钥;其中,所述辅助密钥为UE与网络侧的统一数据管理UDM均能得到的至少一个密钥;至少基于UE所对应的辅助密钥生成所述UE所对应的本次会话密钥;将所述UE所对应的本次会话密钥发送至AUSF实体;The UDM entity is configured to obtain an auxiliary key corresponding to the UE; wherein the auxiliary key is at least one key that can be obtained by both the UE and the unified data management UDM on the network side; at least based on the auxiliary key corresponding to the UE The key generates the session key corresponding to the UE; sends the session key corresponding to the UE to the AUSF entity;
    所述AUSF实体,配置为基于所述UE对应的本会话密钥与所述UE进行通信;The AUSF entity is configured to communicate with the UE based on the session key corresponding to the UE;
    其中,所述UE,配置为基于长期密钥生成的会话密钥、以及辅助密钥生成本次会话密钥;或者,基于长期密钥生成的会话密钥、辅助密钥以及上一次与网络侧通信使用的会话密钥,生成本次会话密钥;Wherein, the UE is configured to generate the session key based on the session key generated by the long-term key and the auxiliary key; or, the session key generated by the long-term key, the auxiliary key and the last time with the network side The session key used for communication to generate this session key;
    所述UDM实体,配置为基于长期密钥生成的会话密钥、UE所对应的辅助密钥,生成所述UE所对应的本次会话密钥;The UDM entity is configured to generate the session key corresponding to the UE based on the session key generated by the long-term key and the auxiliary key corresponding to the UE;
    或者,基于长期密钥生成的会话密钥、UE所对应的辅助密钥、以及UE上一次通信使用的会话密钥,生成所述UE所对应的本次会话密钥。Alternatively, the current session key corresponding to the UE is generated based on the session key generated by the long-term key, the auxiliary key corresponding to the UE, and the session key used by the UE in the previous communication.
PCT/CN2020/070046 2019-01-02 2020-01-02 Key generation method, ue, and network device WO2020140929A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910000551.0 2019-01-02
CN201910000551.0A CN111404670A (en) 2019-01-02 2019-01-02 Key generation method, UE and network equipment

Publications (1)

Publication Number Publication Date
WO2020140929A1 true WO2020140929A1 (en) 2020-07-09

Family

ID=71407274

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/070046 WO2020140929A1 (en) 2019-01-02 2020-01-02 Key generation method, ue, and network device

Country Status (2)

Country Link
CN (1) CN111404670A (en)
WO (1) WO2020140929A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114040386A (en) * 2020-07-21 2022-02-11 中国移动通信有限公司研究院 Method, device and equipment for determining replay message

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272240A (en) * 2007-03-21 2008-09-24 华为技术有限公司 Conversation cryptographic key generation method, system and communication equipment
CN102938696A (en) * 2011-08-15 2013-02-20 国民技术股份有限公司 Generating method of session key and module
US20130310006A1 (en) * 2011-01-28 2013-11-21 Huawei Technologies Co., Ltd. Method and device for key generation
CN106470104A (en) * 2015-08-20 2017-03-01 阿里巴巴集团控股有限公司 For generating method, device, terminal unit and the system of shared key
CN108141355A (en) * 2015-11-12 2018-06-08 华为国际有限公司 Use the method and system of Diffie-Hellman processes generation session key
CN108809903A (en) * 2017-05-02 2018-11-13 中国移动通信有限公司研究院 A kind of authentication method, apparatus and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1941695B (en) * 2005-09-29 2011-12-21 华为技术有限公司 Method and system for generating and distributing key during initial access network process
CN103457722B (en) * 2013-08-11 2017-02-08 吉林大学 Bidirectional identity authentication and data safety transmission providing body area network safety method based on Shamir threshold
CN106888092B (en) * 2016-09-12 2019-06-25 中国移动通信有限公司研究院 Information processing method and device
CN107820239B (en) * 2016-09-12 2021-11-19 中国移动通信有限公司研究院 Information processing method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101272240A (en) * 2007-03-21 2008-09-24 华为技术有限公司 Conversation cryptographic key generation method, system and communication equipment
US20130310006A1 (en) * 2011-01-28 2013-11-21 Huawei Technologies Co., Ltd. Method and device for key generation
CN102938696A (en) * 2011-08-15 2013-02-20 国民技术股份有限公司 Generating method of session key and module
CN106470104A (en) * 2015-08-20 2017-03-01 阿里巴巴集团控股有限公司 For generating method, device, terminal unit and the system of shared key
CN108141355A (en) * 2015-11-12 2018-06-08 华为国际有限公司 Use the method and system of Diffie-Hellman processes generation session key
CN108809903A (en) * 2017-05-02 2018-11-13 中国移动通信有限公司研究院 A kind of authentication method, apparatus and system

Also Published As

Publication number Publication date
CN111404670A (en) 2020-07-10

Similar Documents

Publication Publication Date Title
US20200195445A1 (en) Registration method and apparatus based on service-based architecture
Chen et al. Lightweight and provably secure user authentication with anonymity for the global mobility network
US7370350B1 (en) Method and apparatus for re-authenticating computing devices
EP3627794A1 (en) Discovery method and apparatus based on service-oriented architecture
US10516654B2 (en) System, apparatus and method for key provisioning delegation
US11736304B2 (en) Secure authentication of remote equipment
US11909869B2 (en) Communication method and related product based on key agreement and authentication
US20200195446A1 (en) System and method for ensuring forward & backward secrecy using physically unclonable functions
CN112769568B (en) Security authentication communication system and method in fog computing environment and Internet of things equipment
WO2023020164A1 (en) Method and apparatus for managing communication channel
Niu et al. A novel user authentication scheme with anonymity for wireless communications
US20200366474A1 (en) Private key generation method and device
WO2020216047A1 (en) Authentication information processing method, terminal, and network device
WO2020215958A1 (en) Authentication information processing method, and terminal and network device
WO2020140929A1 (en) Key generation method, ue, and network device
US20230208625A1 (en) Communication method and related apparatus
KR101695050B1 (en) Method and system for service flow encrypton processing
WO2020140926A1 (en) Key generation method, terminal device and network device
CN213938340U (en) 5G application access authentication network architecture
CN112468983B (en) Low-power-consumption access authentication method for intelligent equipment of power internet of things and auxiliary device thereof
WO2021088593A1 (en) Verification method, device and equipment and computer readable storage medium
CN113422753A (en) Data processing method and device, electronic equipment and computer storage medium
CN114374519B (en) Data transmission method, system and equipment
CN111404666B (en) Key generation method, terminal equipment and network equipment
CN113141327B (en) Information processing method, device and equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20736190

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 15.10.2021)

122 Ep: pct application non-entry in european phase

Ref document number: 20736190

Country of ref document: EP

Kind code of ref document: A1