WO2020216338A1 - 一种参数发送方法及装置 - Google Patents
一种参数发送方法及装置 Download PDFInfo
- Publication number
- WO2020216338A1 WO2020216338A1 PCT/CN2020/086767 CN2020086767W WO2020216338A1 WO 2020216338 A1 WO2020216338 A1 WO 2020216338A1 CN 2020086767 W CN2020086767 W CN 2020086767W WO 2020216338 A1 WO2020216338 A1 WO 2020216338A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- authentication
- parameter
- message
- reference value
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
Definitions
- This application relates to the field of communication technology, and in particular to a method and device for sending parameters.
- the terminal device when a terminal device moves outside the home network and is within the scope of the service network, in order to ensure that the service network can provide services for the terminal device; the terminal device needs to perform mutual authentication with the home network. After the authentication is passed, The home network can send the subscription information of the terminal device to the service network.
- the home network sends a sequence number (SQN) to the terminal device through the service network, and the SQN is used to prevent replay attacks.
- SQN sequence number
- the terminal device determines whether the SQN is in the preset range. If it is in the preset range, it can be considered that the SQN is not sent by the attacker to achieve the purpose of anti-replay; otherwise, the terminal device will pass the locally saved SQN through the service
- the network is sent to the home network so that the home network can save the SQN, and then use the saved SQN to perform mutual authentication with the terminal device.
- the terminal device when the terminal device sends the SQN, it will first XOR the SQN and the authentication key (AK) to obtain a result value, which is connected with the message authentication code (MAC) to form an AUTS and send it to the home network.
- AK authentication key
- MAC message authentication code
- the authentication token carrying the SQN sent by the home network can be intercepted, and then the authentication token can be replayed to the terminal device multiple times; the terminal device will receive the authentication token multiple times, and it will feedback the synchronization failure multiple times.
- Authentication failure message authentication failure message with synchronization failure, AUTS
- the attacker only needs to receive two A simple calculation after different AUTS can determine whether the SQNs in the two AUTS are close, and then determine whether the two different AUTS are from the same terminal device based on this, which makes the terminal device easy to track, that is, the existing SQN
- the sending method is less secure.
- the present application provides a parameter sending method and device to solve the problem of poor security of the SQN sending mode in the prior art.
- the embodiments of the present application provide a parameter sending method, which can be executed by a terminal device or a chip in the terminal device.
- the method includes: the terminal device can receive a random number and a first number from the core network device during the authentication process. A sequence value.
- the core network device may be a unified data management network element, and the unified data management network element may send an authentication authentication response carrying a random number and a first sequence value to the security anchor function network element during the authentication process of the terminal device
- the security anchor function network element can carry the random number and the first sequence value in the user authentication request and send it to the terminal device, where the first sequence value can be carried in the authentication token; the terminal device can obtain the authentication token
- the first sequence value is out of the correct range (for example, the first sequence value is compared with the locally pre-stored second sequence value, and the first sequence value is determined with the locally pre-stored first sequence value.
- the message authentication code is connected after the exclusive OR value of the authentication key and the second sequence value, and the synchronization failure parameter is generated, where the authentication key is the terminal device according to the first parameter and The first reference value is generated based on the second parameter and the third parameter, where the first parameter, the second parameter and the third parameter are any one of the following: random number, local pre-stored The key K and the message authentication code; after the synchronization failure parameter is generated, a synchronization failure message carrying the synchronization failure parameter is sent to the core network device.
- the first parameter, the second parameter, and the third parameter can be different from each other, that is, there are One parameter is the message authentication code, and the same parameter may also exist in the first parameter, the second parameter, and the third parameter.
- the terminal device can carry the second sequence value in the synchronization failure parameter to notify the core network device ,
- the authentication key in the synchronization failure parameter introduces the message authentication code in the generation process, which can ensure that the generated authentication key is different, and there is a big difference, and the generated synchronization failure parameter also has a big difference; the attacker Even when the two synchronization failure parameters are obtained from the terminal device, the size of the second order value cannot be calculated through a simple exclusive OR operation, thereby ensuring the safety of the second order value.
- Method 1 Generate the first reference value according to the random number and the message authentication code.
- a reference value and a key K are used as two output values of the F5 function to generate an authentication key.
- Method 2 Generate the first reference value according to the key K and the message authentication code.
- the first reference value and the random number are used as two input values of the F5 function, and the authentication key is output.
- the authentication key is generated twice with a double-input single-output operation (that is, the number of input values is 2 and the number of output values is 1), and the message authentication code is introduced during the operation.
- the output value of an operation can ensure the safety of the second order value and is not easy to be identified.
- the authentication key can also be generated in the following manner: the first reference value is generated according to the random number and the key K.
- the random number and the key K can be used as the two inputs of the F5 function Value, the output value is used as the first reference value; after that, the authentication key is generated according to the first reference value and the message authentication code.
- the first reference value and the message authentication code can be used as the two input values of the F5 function, Use the output value as the authentication key.
- the double-input single-output operation method is adopted twice, and the authentication key is generated through the random number, the key K and the message authentication code, which makes the generation method of the authentication key more complicated, and the second order value is not easy to be identified. Ensure the safety of the second order value.
- the random number and the key K performs an exclusive OR to generate the first reference value.
- the calculation amount of the exclusive OR operation is small, which can effectively improve the generation efficiency of the first reference value, thereby enabling the authentication key to be generated faster, and at the same time, the security of the second sequence value can be ensured.
- the authentication key is generated according to the first reference value and the message authentication code.
- an exclusive OR operation can also be used, that is, the first reference value and the message authentication code XOR generates an authentication key.
- the calculation amount of the XOR operation is small, which can effectively improve the generation efficiency of the authentication key, thereby enabling the synchronization failure parameter to be generated faster, and at the same time ensuring the security of the second order value.
- the terminal device before the terminal device sends a synchronization failure message to the core network device, it can also inform the core network device of the method of generating the authentication key.
- the first indication message can be sent, and the first indication message is To indicate how the authentication key is generated.
- the indication mode of the first indication message may adopt an explicit indication mode or an implicit indication mode, which is not limited in the embodiment of the present application.
- the core network device can learn the generation mode of the authentication key through the first indication message, so that the second sequence value can be correctly obtained from the synchronization generation parameter.
- the synchronization failure message may carry a first indication message, and the first indication message is used to indicate the way of generating the authentication key.
- the core network device can learn the authentication key generation method by carrying the first indication message in the synchronization failure message, so that it can correctly obtain the second sequence value from the synchronization generation parameter, and does not need to send the first indication message separately , Can effectively save signaling.
- the embodiments of the present application provide a parameter sending method, which can be executed by a core network device or a chip of a core network device.
- the method includes: the core network device can send a random number and a first number to the terminal device during the authentication process. A sequence value.
- the core network device may be a unified data management network element, and the unified data management network element may send an authentication response carrying a random number and a first order value to the security anchor function network element, and then the security anchor function network
- the element can send the random number and the first sequence value to the terminal device through the user authentication request, where the first sequence value can be carried in the authentication token; after that, the core network device can receive the synchronization failure message from the terminal device, and synchronize
- the failure message carries the synchronization failure parameter; the core network device obtains the message authentication code from the synchronization failure parameter; after that, it obtains the second order value from the synchronization failure parameter according to the authentication key.
- the authentication key generation method can be used to generate authentication on the terminal device side.
- the method of the key is the same.
- the first reference value can be generated according to the second parameter and the third parameter, and then the authentication key is generated according to the first parameter and the first reference value.
- the first parameter, the second parameter and the third parameter respectively include the following Any item of: random number, terminal device key K, message authentication code; the first parameter, second parameter, and third parameter can be different from each other, that is to say, one of the parameters is the message authentication code, the first parameter, The same parameter may also exist in the second parameter and the third parameter.
- the core network device can obtain the second order value from the synchronization failure parameter according to the authentication key.
- the core network device introduces the message authentication code during the generation of the authentication key, and furthermore, it can correctly obtain the synchronization failure parameter.
- the second sequence value shows that even if the attacker obtains the synchronization failure parameter from the terminal device, he cannot calculate the size of the second sequence value through a simple XOR operation, so that the second sequence value can be safely transmitted to the core network device.
- Method 1 Generate the first reference value according to the random number and the message authentication code.
- use the random number and the message authentication code as the two input values of the F5 function, and the output value of the F5 function as the first reference value;
- the reference value and the key K generate the authentication key.
- a reference value and the key K are used as the two output values of the F5 function, and the output value of the F5 function is used as the authentication key.
- Method 2 Generate the first reference value according to the key K and the message authentication code.
- the key K and the message authentication code are used as the two input values of the F5 function, and the output value of the F5 function is used as the first reference value;
- the first reference value and the random number generate an authentication key.
- the first reference value and the random number are used as two input values of the F5 function, and the output value of the F5 function is used as the authentication key.
- the authentication key is generated by the two-input single-output operation method, and the message authentication code is introduced as the input value of one of the operations during the operation, which can make it difficult for the attacker to identify the second order value, thereby ensuring Security of the second order value.
- the authentication key can also be generated in the following manner: the first reference value is generated according to the random number and the key K.
- the random number and the key K can be used as the two inputs of the F5 function Value, the output value is used as the first reference value; after that, the authentication key is generated according to the first reference value and the message authentication code.
- the first reference value and the message authentication code can be used as the two input values of the F5 function, Use the output value as the authentication key.
- the double-input single-output operation method is adopted twice, and the authentication key is generated through the random number, the key K and the message authentication code, which makes the generation method of the authentication key more complicated, and the second order value is not easy to be identified. Ensure the safety of the second order value.
- the random number and the key K performs an exclusive OR to generate the first reference value.
- the amount of calculation of the exclusive OR operation is small, which can effectively improve the efficiency of generating the first reference value, thereby enabling faster generation of the authentication key.
- the authentication key is generated according to the first reference value and the message authentication code.
- an exclusive OR operation can also be used, that is, the first reference value and the message authentication code XOR generates an authentication key.
- the calculation amount of the XOR operation is small, which can effectively improve the generation efficiency of the authentication key, and thereby make it possible to obtain the second order value more quickly.
- the core network device may also receive a first indication message from the terminal device, where the first indication message is used to indicate the manner of generating the authentication key.
- the core network device can learn the generation mode of the authentication key through the first indication message, so that the second sequence value can be correctly obtained from the synchronization generation parameter.
- the synchronization failure message includes a first indication message, and the first indication message is used to indicate the way of generating the authentication key.
- the core network device can learn the authentication key generation method by carrying the first indication message in the synchronization failure message, so that it can correctly obtain the second sequence value from the synchronization generation parameter, and does not need to send the first indication message separately , Can effectively save signaling.
- the embodiments of the present application provide a method for sending parameters.
- the method can be executed by a terminal device or a chip in the terminal device.
- the method includes: the terminal device can receive a random number from the core network device during the authentication process. A sequence value.
- the core network device may be a unified data management network element, and the unified data management network element may send a random number and a first sequence value to the security anchor function network element during the authentication process of the terminal device
- the security anchor function network element can carry the random number and the first sequence value in the user authentication request and send it to the terminal device, where the first sequence value can be carried in the authentication token; after that, the terminal
- the device can obtain the first sequence value in the authentication token, and compare the first sequence value with the locally pre-stored second sequence value, after determining that the difference between the first sequence value and the locally pre-stored second sequence value is greater than the threshold , Use the authentication key to symmetrically encrypt the second sequence value to generate the synchronization failure parameter.
- the authentication key is generated based on the random number and the locally pre-stored key K; then, the synchronization failure message is sent to the core network device. Carry the synchronization failure parameter.
- the terminal device can carry the second sequence value in the synchronization failure parameter and send it to the core network device.
- the authentication key to symmetrically encrypt the second order value is not a simple XOR; the attacker cannot obtain the key used for symmetric encryption (that is, the authentication key), nor can it obtain the second order value , Thereby enhancing the security of SQN.
- the terminal device can notify the generation method of the synchronization failure parameter before sending the synchronization failure message to the core network device. For example, it can send the first indication message, which is used to indicate synchronization. How the failed parameter was generated.
- the indication mode of the first indication message may adopt an explicit indication mode or an implicit indication mode, which is not limited in the embodiment of the present application.
- the core network device can learn the generation mode of the synchronization failure parameter through the first indication message, so that the second sequence value can be correctly obtained from the synchronization generation parameter.
- the synchronization failure message includes a first indication message, and the first indication message is used to indicate a manner of generating the synchronization failure parameter.
- the core network device can learn the generation mode of the synchronization failure parameter by carrying the first indication message in the synchronization failure message, so that the second order value can be correctly obtained from the synchronization generation parameter, and there is no need to send the first indication message separately. , Can effectively save signaling.
- the embodiments of the present application provide a parameter sending method, which can be executed by a core network device or a core network device's chip.
- the method includes: the core network device can send a random number and a first
- the sequence value for example, the core network device may be a unified data management network element, and the unified data management network element may send an authentication authentication response to the security anchor function network element.
- the authentication authentication response includes a random number and an authentication carrying the first order value Token
- the security anchor function network element can carry the random number and the first sequence value in the user authentication request and send it to the terminal device; after that, the core network device can receive the synchronization failure message from the terminal device, and the synchronization failure message carries Synchronization failure parameter:
- the core network device can symmetrically decrypt the synchronization failure parameter according to the authentication key to obtain the second order value.
- the authentication key is generated based on the random number and the key K of the terminal device.
- the core network device can symmetrically decrypt the synchronization failure parameter according to the authentication key to obtain the second order value. It can be seen that even if the attacker obtains the synchronization failure parameter, the size of the second order value cannot be calculated by simple calculations. , So that the second sequence value can be safely transmitted to the core network device.
- the core network device may also receive a first indication message from the terminal device, where the first indication message is used to indicate the manner of generating the authentication key.
- the core network device can learn the generation mode of the synchronization failure parameter through the first indication message, so that the second sequence value can be correctly obtained from the synchronization generation parameter.
- the synchronization failure message includes a first indication message, and the first indication message is used to indicate the way of generating the authentication key.
- the core network device can learn the generation mode of the synchronization failure parameter by carrying the first indication message in the synchronization failure message, so that the second order value can be correctly obtained from the synchronization generation parameter, and there is no need to send the first indication message separately. , Can effectively save signaling.
- the embodiments of the present application also provide a communication device, the communication device is applied to terminal equipment, and the beneficial effects can be referred to the description of the first aspect or the third aspect and will not be repeated here.
- the device has the function of realizing the behavior in the method example of the first aspect or the third aspect.
- the function can be realized by hardware, or by hardware executing corresponding software.
- the hardware or software includes one or more modules corresponding to the above-mentioned functions.
- the structure of the device includes a receiving unit, a processing unit, and a sending unit. These units can perform the corresponding functions in the method examples of the first aspect. For details, please refer to the detailed description in the method examples. Do repeat.
- the embodiments of the present application also provide a communication device, the communication device is applied to a core network device, and the beneficial effects can be referred to the description of the second aspect or the fourth aspect, which will not be repeated here.
- the device has the function of realizing the behavior in the method example of the second aspect or the fourth aspect.
- the function can be realized by hardware, or by hardware executing corresponding software.
- the hardware or software includes one or more modules corresponding to the above-mentioned functions.
- the structure of the device includes a sending unit, a receiving unit, and a processing unit. These units can perform the corresponding functions in the method examples of the second aspect or the fourth aspect. For details, refer to the detailed description in the method examples , Do not repeat it here.
- an embodiment of the present application also provides a communication device, which is applied to a terminal device, and the beneficial effects can be referred to the description of the first aspect or the third aspect and will not be repeated here.
- the structure of the communication device includes a processor and a memory, and the processor is configured to support the base station to perform the corresponding function in the method of the first aspect or the third aspect.
- the memory is coupled with the processor, and it stores program instructions and data necessary for the communication device.
- the structure of the communication device also includes a communication interface for communicating with other devices.
- an embodiment of the present application also provides a communication device, which is applied to a core network device.
- the structure of the communication device includes a processor and a memory, and the processor is configured to support the base station to perform the corresponding function in the method of the second or fourth aspect.
- the memory is coupled with the processor, and it stores program instructions and data necessary for the communication device.
- the structure of the communication device also includes a transceiver for communicating with other devices.
- the present application also provides a computer-readable storage medium having instructions stored in the computer-readable storage medium, which when run on a computer, cause the computer to execute the methods described in the foregoing aspects.
- this application also provides a computer program product containing instructions, which when run on a computer, causes the computer to execute the methods described in the above aspects.
- the present application also provides a computer chip connected to a memory, and the chip is used to read and execute a software program stored in the memory, and execute the methods described in the above aspects.
- Figure 1A is a schematic diagram of a network system architecture provided by this application.
- FIG. 1B is a schematic structural diagram of a terminal device provided by this application.
- Figure 2 is a schematic diagram of a method for mutual authentication between a UE and a home network in the prior art
- Figure 3 is a schematic diagram of a parameter sending method provided by this application.
- FIG. 4 is a schematic diagram of a parameter sending method provided by this application.
- FIG. 5 is a schematic diagram of a parameter sending method provided by this application.
- 6A to 6E are schematic diagrams of an AUTS generation method provided by this application.
- FIGS. 7-12 are schematic diagrams of the structure of a communication device provided by this application.
- the network architecture is a 5G network architecture.
- the network elements in the 5G architecture include user equipment.
- the terminal equipment is the UE as an example.
- the network architecture also includes radio access network (RAN), access and mobility control functions (access and mobility function, AMF), unified data management (unified data management, UDM), authentication server function (authentication server function) , AUSF), security anchor function (SEAF), etc.
- RAN radio access network
- AMF access and mobility control functions
- UDM unified data management
- authentication server function authentication server function
- AUSF security anchor function
- SEAF security anchor function
- RAN The main function of RAN is to control users to access the mobile communication network through wireless.
- RAN is a part of mobile communication system. It implements a wireless access technology. Conceptually, it resides between a certain device (such as a mobile phone, a computer, or any remote control machine) and provides a connection to its core network.
- the AMF network element is responsible for terminal access management and mobility management, such as registration management, connection management, mobility management, reachability management, etc.; in practical applications, it includes the mobility management entity in the LTE network framework. , MME) in the mobility management function, and joined the access management function.
- MME mobility management entity
- the SEAF network element is used to complete the authentication of the UE.
- the function of the SEAF can be merged into the AMF.
- the AUSF network element has an authentication service function, which is used to terminate the authentication function requested by the SEAF network element. During the authentication process, it receives the authentication vector sent by the UDM and processes the authentication vector, and sends the processed authentication vector to the SEAF.
- the UDM network element can store the user's subscription information, generate authentication parameters, and so on.
- ARPF network elements have authentication credential storage and processing functions, which are used to store long-term authentication credentials of users, such as permanent keys K.
- the functions of ARPF network elements can be incorporated into UDM network elements.
- the terminal equipment in this application also referred to as user equipment (UE), is a device with wireless transceiver function, which can be deployed on land, including indoor or outdoor, handheld or vehicle-mounted; it can also be deployed on water It can also be deployed in the air (such as airplanes, balloons and satellites, etc.).
- UE user equipment
- the terminal device can be a mobile phone (mobile phone), a tablet computer (pad), a computer with wireless transceiver function, a virtual reality (VR) terminal, an augmented reality (AR) terminal, and an industrial control (industrial control)
- FIG. 1B a schematic structural diagram of a UE provided by an embodiment of this application, where the UE includes two types of modules, namely, a universal subscriber identity module (USIM) and a mobile equipment (mobile equipment, ME). ) Module.
- USIM universal subscriber identity module
- ME mobile equipment
- the USIM can be the SIM card in the UE, which can store some important UE subscription information, such as the key K agreed by the UE and the home network in the embodiment of this application.
- the USIM can also perform some parameter calculations. In the embodiment, message authentication code and synchronization failure parameter generation can be realized.
- the ME module can collectively refer to the hardware components and software programs of the UE except the USIM.
- the ME module usually does not store the subscription information of UEs with high security requirements.
- the ME module can provide some auxiliary functions, including: realizing information forwarding between UISM and the network side.
- the SEAF network element and the AUSF network element can be located in the same network or in different networks.
- the SEAF network element is located in the serving network.
- the SEAF network The element is located in the visited public land mobile network (VPLMN), and the AUSF network element is located in the home network. If the UE is outside the coverage of the home network, it cannot directly access the home network to obtain services.
- VPN public land mobile network
- the UE If the UE is outside the coverage of the home network and within the coverage of the serving network, in order for the UE to obtain the network services provided by the serving network, it needs to access the serving network; since the serving network has not signed a contract with the UE, the UE must be able to To obtain network services of the serving network, the serving network needs to verify the UE, and the home network and the UE need to perform mutual authentication. If the UE is within the coverage of the home network, the UE needs to access the home network; the home network and the UE also need to perform mutual authentication.
- Fig. 2 is a schematic diagram of the existing fifth-generation mobile communication technology authentication and key agreement (5th-Generation Authentication and Key Agreement, 5G-AKA) method based on the system framework shown in Fig. 1A.
- 5G-AKA fifth-generation mobile communication technology authentication and key agreement
- Step 201 The UE carries the encrypted user identity in the registration request and sends it to the SEAF network element.
- the UE may encrypt the subscription permanent identifier (SUPI) to generate a subscription concealed identifier (SUCI), and the UE carries the SUCI in the registration request and sends it to the SEAF network element.
- SUPI subscription permanent identifier
- SUCI subscription concealed identifier
- the UE encrypts the user identity using the configured public key to obtain the encrypted user identity.
- the UE when there are multiple public and private key pairs in the network, when the UE encrypts the user identity, it can indicate which public key the network uses to encrypt the user identity, so that the network can select the corresponding private key according to the UE's instructions Decrypt.
- the UE also carries the key identifier used to decrypt the encrypted user ID and the encrypted user ID together in the registration request and sends it to the SEAF network element.
- Step 202 In order to obtain the authentication vector and user identity of the UE from the home network, the SEAF network element carries the encrypted user identity in the authentication and authentication request and sends it to the AUSF network element in the home network.
- the authentication request also carries a key identifier.
- Step 203 The AUSF network element carries the encrypted user identity in the UE authentication acquisition request and sends it to the UDM network element.
- the UE authentication acquisition request also carries a key identifier.
- Step 204 The UDM network element decrypts the encrypted user ID to obtain the user ID, and the UDM network element queries the subscription information of the UE corresponding to the user ID according to the user ID.
- the UDM network element acquires the decryption key according to the key identifier, and uses the decryption key to decrypt the encrypted user identifier to obtain the decrypted user identifier.
- Step 205 The UDM network element generates an authentication vector according to the subscription information of the UE, where the authentication vector includes multiple parameters, including message authentication code (MAC), RAND, expected challenge response (eXpected RESponse, XRES*), K AUSF ; and the UDM network element will also obtain the locally pre-stored first SQN, and carry the first SQN and MAC in an authentication token (authentication token, AUTN).
- MAC message authentication code
- RAND expected challenge response
- eXpected RESponse XRES*
- K AUSF K AUSF
- the authentication vector may include RAND, AUTN, XRES*, and K AUSF carrying the first SQN and MAC.
- the RAND in the authentication vector is randomly generated by the UDM network element; for other parameters in the authentication vector, the UDM network element can generate MAC, XRES* and K AUSF through different operations according to the UE's key K and RAND in the UE subscription information.
- UDM network elements when UDM network elements generate MAC, XRES*, and K AUSF, they all need UE-based keys K and RAND, but the calculation methods are different; exemplary, when UDM network elements generate MAC, except for keys K and RAND , Other parameters can also be introduced, for example, the first SQN and the authentication management field (authentication management field, AMF) can be used; the AMF can indicate the security authentication algorithm used and the UE can learn it.
- AMF authentication management field
- MAC is used for integrity verification
- XRES* is used for authentication of the UE by the home network
- K AUSF is a derived key synchronized between the UE and the AUSF network element and used to derive the anchor key K SEAF .
- the UDM network element and the UE maintain an SQN locally.
- the SQN maintained by the UDM network element is the first SQN
- the SQN maintained by the UE side is the second SQN as an example
- the UDM network element calls the locally pre-stored SQN
- the first SQN is used to generate the AUTN in the authentication vector; after the AUTN is generated, the first SQN is updated, for example, the first SQN is increased by 1, and saved locally as the next two-way communication with the terminal number During authentication, the first SQN used by AUTN in the authentication vector is generated.
- the UDM network element generates an authentication key (AK) based on the first operation (such as f 5 *, which can also be called the F5 function or F5 operation) according to the key K of RAND and UE. After that, the UDM network element performs the locally pre-stored first operation. A SQN and AK are XORed, and the resulting value is then connected to the MAC, that is, It can be seen that the following fixed bits in AUTN are MAC.
- AK authentication key
- AMF can also be carried in AUTN,
- Step 206 The UDM network element sends an authentication acquisition response to the AUSF network element, and the authentication acquisition response includes the authentication vector and the user identifier.
- Step 207 The AUSF network element further processes the authentication vector, for example, performs a hash operation on XRES* to generate HXRES*, deduces K AUSF to generate K SEAF , and the processed authentication vector includes RAND, AUTN, and HXRES*.
- Step 208 The AUSF network element sends an authentication authentication response to the SEAF network element, and the authentication authentication response carries the processed authentication vector.
- Step 209 The SEAF network element sends a user authentication request to the UE, where the user authentication request carries part of the parameters in the processed authentication vector, and the part of the parameters includes RAND and AUTN.
- Step 210 Based on the first operation, the UE generates an authentication key (AK) according to the RAND and the locally stored key K. After removing the MAC in the AUTN, it XORs the remaining part of the AUTN with the AK to obtain the AK carried in the AUTN The first SQN.
- AK authentication key
- f5* is used to output the first 48 bits of the parameter OUT5
- OUT5 is calculated as follows:
- RAND and K are the input values of f5*, where OP, c5, and r5 are constants, E is a block encryption operation, E[X] K is used to denote block encryption of X using K; rot is a shift operation, Is an exclusive OR, in the embodiments of this application, the exclusive OR can be represented by xor, or Said.
- the UE generates the MAC in the same way as the UDM network element, and generates the XMAC according to the key K stored in the USIM in the UE and the received RAND.
- exemplary, other parameters such as AMF and the second SQN can be introduced.
- AMF The UE obtains it from the AUTN, and realizes the authentication of the UE to the home network by comparing the XMAC and the MAC carried in the AUTN, and completes the integrity check.
- the UE may determine whether the first SQN is within a preset range based on the locally pre-stored second SQN.
- the UE determines whether the difference between the first SQN and the locally pre-stored second SQN is less than or equal to a threshold. If it is, it is considered that the home network is not an attacker.
- the subsequent operations can be continued.
- the UE generates RES* according to RAND and K in the same way as the UDM network element generates XRES*, and the UE carries the RES* in the authentication response and sends it to the SEAF network element.
- the UE may update the locally pre-stored second SQN; for example, for example, add one to the locally pre-stored second SQN, and compare it with the first SQN carried in the AUTN when the user authentication request is received next time.
- Step 211 If the difference between the first SQN and the locally pre-stored second SQN is greater than the threshold, the UE sends a synchronization failure message to the SEAF network element, and carries AUTS, and optionally, RAND.
- the difference between the first SQN and the locally pre-stored second SQN is greater than the threshold, indicating that the user authentication request may be sent by an attacker, or the first SQN pre-stored locally on the UDM network element side is inconsistent with the second SQN pre-stored locally in the UE ;
- an AUTS carrying the second SQN can be sent.
- AUTS is generated as follows:
- the UE Based on the first operation, the UE generates an authentication key (AK) according to RAND and the locally stored key K. After that, the UE performs an exclusive OR on the second SQN and AK stored locally, and then connects the XMAC to the generated result value, which means , It can be seen that the following fixed bits in AUTS are XMAC.
- Step 212 After receiving the synchronization failure message, the SEAF network element sends the synchronization failure message to the AUSF network element.
- Step 213 The AUSF network element sends a synchronization failure message to the UDM network element.
- Step 214 After receiving the synchronization failure message, the UDM network element generates an authentication key (AK) according to the key K in the RAND and UE subscription information, removes the XMAC in the AUTS, and performs the difference between the AK and the remaining part of the AUTS. Or, obtain the second SQN carried in AUTS.
- AK authentication key
- the UDM network element synchronizes the second SQN stored locally.
- the UE determines that the first SQN sent in the home network is greater than the threshold, it needs to feed back AUTS to the home network.
- the AUTS generation method that the position of XMAC in AUTS is fixed, and the The AK carried in the AUTS after XMAC is usually unchanged; by processing the two AUTS, it is easy to determine whether the SQN carried in the AUTS is close.
- the bits occupied by XMAC in the two AUTS are removed, and the remaining part of the AUTS is XORed. If the two AUTS are from the same UE, the AK is the same, and the XOR result is two The XOR value of the SQN. If the two AUTS transmission times are relatively close, the two SQNs are relatively close, and the result after the XOR is a smaller value close to zero.
- the 5G-AKA authentication method in the roaming scenario is taken as an example.
- the two-way authentication between the UE and the home network can also adopt other authentication methods, such as the use of Extensible Authentication Protocol (EAP) authentication methods.
- EAP Extensible Authentication Protocol
- the AUTS generation method is the same as that shown in Figure 2, which can be referred to the foregoing content; in addition, it should be noted that in the non-roaming scenario, the UE is in the home network. Two-way authentication is also required.
- the authentication method is similar to that in the roaming scenario, except that the SEAF network element, AUSF network element, and UDM network element are all network elements in the home network.
- the parameter sending method provided in the embodiment of the present application is applicable to the 5G-AKA authentication process in the roaming/non-roaming scenario, and also applicable to the EAP authentication process in the roaming/non-roaming scenario.
- Method 1 Use the authentication key to symmetrically encrypt the SQN.
- symmetric encryption of the SQN is not a simple XOR; the attacker cannot obtain the key (that is, the authentication key) used in the symmetric encryption, nor can the SQN be obtained, making the SQN difficult to identify, and then Improve the security of SQN.
- Method 2 In addition to the random number and the key K, the message authentication code is also introduced in the process of generating the authentication key.
- the introduction of the message authentication code can make the generated authentication key different each time, and there is a big difference, and the AUTS generated by the authentication key also has a big difference; the attacker can obtain two AUTS without simple calculation. Calculate whether the SQN is close to ensure the safety of the SQN.
- the core network equipment is taken as an example of a unified data management network element.
- the embodiment of this application does not limit the core network equipment to other network elements.
- the first order value can be pre-stored and it needs to communicate with the terminal. All network elements whose devices synchronize the second order value can be used as core network devices.
- Method 1 Use the authentication key to symmetrically encrypt the SQN.
- the first method of a parameter sending method provided by an embodiment of the present application is introduced, and the method includes:
- Step 301 During the authentication process of the unified data management network element and the terminal device, the unified data management network element may send the random number and the first sequence value to the terminal device.
- the home network needs to ensure that the terminal device has a legal identity and has signed a contract with the home network, and the terminal device needs to confirm the legality of the home network, not malicious The internet.
- the authentication process is based on the key K stored separately by the unified data management network element and the terminal device.
- the authentication process can be seen in the embodiment shown in Figure 2, which includes the unified data management network element sending an authentication vector carrying AUTN to the terminal device. If the terminal device verifies that the SQN carried in the AUTN is within the correct range (that is, the difference between the locally pre-stored SQN is less than or equal to the threshold) and the MAC is correct, the terminal device authenticates the home network successfully. After the authentication is successful, the terminal device sends XRES* to the home network.
- the home network authenticates the terminal device successfully; but if the terminal device fails to authenticate the home network, such as the SQN carried in AUTN is not correct Within the range (that is, the difference with the locally pre-stored SQN is greater than the threshold), the terminal device needs to synchronize the locally pre-stored SQN with the home network.
- the parameter sending manner provided in the embodiments of the present application can be used to realize the SQN synchronization of the terminal device and the home network.
- Step 302 The terminal device determines that the difference between the first sequence value and the locally pre-stored second sequence value is greater than the threshold.
- Step 303 The terminal device uses the authentication key to symmetrically encrypt the locally prestored second order value to generate a synchronization failure parameter.
- the authentication key is generated based on the random number and the locally prestored key K.
- Step 304 The terminal device sends a synchronization failure message to the unified data management network element, and the synchronization failure message carries a synchronization failure parameter.
- Step 305 After receiving the synchronization failure message, the unified data management network element symmetrically decrypts the synchronization failure parameters according to the authentication key to obtain the second order value, where the authentication key is generated based on the random number and the key K of the terminal device .
- the terminal device When the terminal device needs to access the service network or the home network, the terminal device can perform mutual authentication with the home network.
- the unified data management network element in the home network can generate an authentication vector, which includes a random number and an authentication token carrying the first order value, where the authentication token carries the first order value.
- the application embodiment is not limited.
- the method in step 205 may be used; the authentication vector may also include other parameters, such as XRES*, K AUSF , which is not limited in the embodiment of the application.
- the unified data management network element After the unified data management network element generates the authentication vector, it can send the authentication vector to the authentication service function network element; the authentication service function network element can perform some processing on the authentication vector, as described in step 207, carry the processed authentication vector in The authentication response is sent to the security anchor function network element; it is also possible to directly carry the authentication vector in the authentication authentication response and send it to the security anchor function network element without processing.
- the security anchor function network element After the security anchor function network element receives the authentication authentication response, it can send part of the parameters in the authentication vector to the terminal device, so that the terminal device can perform two-way authentication with the home network according to the received part of the parameters.
- This part of the parameters includes Random number and authentication token.
- the terminal device After the terminal device obtains the authentication token in the user authentication request, it will first obtain the first order value from the authentication token; the process for the terminal device to obtain the first order value from the authentication token is to generate an authentication order from the unified data management network element The reverse process of cards.
- step 210 For the manner in which the terminal device obtains the first sequence value from the authentication token, refer to the related description in step 210, which will not be repeated here.
- the terminal device and the unified data management network element can respectively prestore an SQN locally, the sequence value of the unified data management network element prestored is the first sequence value, and the sequence value of the terminal device prestored The second order value.
- the terminal device compares the first order value with the second order value in order to prevent replay attacks and prevent the currently received user authentication request from being initiated by the attacker; in some scenarios, the terminal device and the unified data management network element are local A pre-stored SQN should be consistent; but there may be some deviations.
- the UE and UDM network elements did not uniformly update the locally pre-stored SQN; UDM network elements may The first SQN has been incremented by one, but the UE side did not increment the second SQN due to authentication failure; therefore, the first order value and the second order value are allowed to be inconsistent, but the difference between the two order values must be less than or equal to Threshold, the embodiment of the present application does not limit the specific value of the threshold, and the corresponding threshold can be configured according to the application scenario.
- the difference between these two sequence values is greater than the threshold, there may be two reasons, one is that the terminal device is under a replay attack, and the other is the difference between the first sequence value and the second sequence value pre-stored in the unified data management network element. The deviation is too large.
- the terminal device can synchronize the sequence value with the unified data management network element, and send the locally pre-stored second sequence value to the unified data management network element, so that the unified data management network element can replace the locally pre-stored first sequence value Give the second order value.
- the symmetric encryption in step 303 refers to an encryption method in which the encryption key and the decryption key are the same.
- the embodiment of this application does not limit the specific encryption algorithm. Any encryption algorithm with the same encryption key and decryption key is applicable to this Application examples.
- the authentication key can be used as the encryption key; for the symmetric encryption algorithm, the length of the required input value and the length of the encryption key are fixed, and the length of the final encrypted value is also fixed.
- the length of the encryption key and the input value needs to meet the requirements of the symmetric encryption algorithm; take the advanced encryption standard (AES) encryption algorithm as an example, AES encryption
- AES advanced encryption standard
- AES encryption The algorithm requires that the length of the input value and the encryption key is 128 bits (bit). If the length of the second sequence value is less than 128 bits, the unified data management network element can increase the second sequence value.
- a preset sequence (such as The sequence of all 1s or the sequence of all 0s can also be a sequence that can be known to both the UE and the unified data management network element), so that the length of the second sequence value connected to the preset sequence is 128 bits; for example, it can be in the second sequence After the value, connect one or more identical second order values, and take 128 bits from the first as the input value; if the length of the second order value is greater than 128 bits, the unified data management network element can subtract the second order value, for example, When deleting the preset sequence in the second order value (such as removing the part starting from the first digit of the second order value, it is necessary to ensure that the UE and the unified data management network element can know the deleted preset sequence, so that the unified data management network element can follow The complete second sequence value can be recovered), so that the adjusted second sequence value has a length of 128 bits.
- the second order value is taken as an example. If the length of the authentication key does not meet the length requirement of the symmetric encryption algorithm for the encryption key, the authentication key can also be adjusted by adding or subtracting bits. .
- the embodiment of the application does not limit the way of adjusting the authentication key and the second order value. Any way that can make the adjusted authentication key and the second order value meet the requirements of the symmetric encryption algorithm for the encryption key and input value is applicable In the examples of this application.
- the encrypted value can be used as the synchronization failure parameter, and the symmetrically encrypted value is further processed to generate the synchronization failure parameter.
- the terminal device can generate a message authentication code according to the random number and the locally pre-stored key K, and connect the message authentication code to the encrypted value to generate synchronization failure parameters; among them, the generation of the message authentication code can also introduce other
- the parameter for example, can generate a message authentication code based on a random number, a locally pre-stored key K, AMF, and a second order value.
- the terminal device in order to be able to generate the synchronization failure in the manner provided by the embodiment of this application Parameter; the terminal device needs to be upgraded.
- the universal subscriber identity module (USIM) of the terminal device can be upgraded.
- the terminal device After the terminal device generates the synchronization failure parameter, it can carry the synchronization failure parameter in the synchronization failure message; optionally, the synchronization failure message also includes a random number.
- the terminal device can send the synchronization failure message to the security anchor function network element; the security anchor function network element forwards the synchronization failure message to the authentication service function network element; the authentication service function network element sends the synchronization failure message to the unified data management network element .
- the unified data management network element receives the synchronization failure parameter, it cannot know which method the terminal device uses to generate the synchronization failure parameter. If the unified data management network element believes that the terminal device is generating the synchronization failure parameter, Using the method of the embodiment shown in FIG.
- the terminal device and the unified data management network element may pre-appoint the generation of synchronization failure parameters Mode; the terminal device may also send a first indication message to the unified data management network element before sending the synchronization failure message to the unified data management network element to indicate the generation mode of the synchronization failure parameter; this embodiment of the application does not limit the indication mode, A displayed indication method may be used.
- the first indication message may indicate that the synchronization failure parameter is generated using symmetric encryption.
- the unified data management network element receives the first indication message, it may determine the subsequent synchronization failure parameter. It is generated using symmetric encryption; it can also be used implicitly.
- the first indication message can indicate that the synchronization failure parameter is generated using the generation method after the terminal device (such as a USIM card) is upgraded, or it can indicate the terminal The device (such as the USIM card) has been upgraded, and it can also indicate the version of the USIM card in the terminal device, such as R15, R16.
- the unified data management network element receives the first indication message, it can be determined that the USIM card of the terminal device has been upgraded. And the synchronization failure parameters received subsequently are generated using symmetric encryption.
- the terminal device may further encrypt the first indication message before sending the first indication message, and this embodiment of the application does not limit the encryption manner.
- the SUPI encryption method may be used to encrypt the first indication message, and the encryption method may refer to the relevant description of step 201, which will not be repeated here.
- the terminal device simultaneously sends a first indication message when sending a synchronization failure message to the unified data management network element, and the first indication message is carried in the synchronization failure message.
- the above-mentioned indication mode and sending mode of the first indication message are only examples, and the embodiment of the present application is not limited. Any generation mode that enables the unified data management network element to learn the synchronization failure parameter is applicable to the embodiment of the present application.
- the unified data management network element obtains the second order value by reversely generating the synchronization failure parameter from the terminal device; that is, the unified data management network element needs to perform symmetric decryption.
- the key used for symmetric decryption is still the authentication key; the unified data management network element can use the same method as the terminal device to generate the authentication key based on the random number and the key K of the terminal device; the random number can be synchronous The failure message is carried.
- the unified data management network element can save the random number that was randomly generated when the authentication vector was previously generated. After receiving the synchronization failure message, it is based on the saved random number and the terminal device's The key K generates an authentication key.
- a terminal device signs a contract with the home network, it will agree on a key K, which is stored in the terminal device’s subscription information, and the terminal device’s subscription information can be stored in the unified data management network element, or Stored in other network elements (such as the unified data repository (UDR) network element), the unified data management network element can obtain the contract information of the terminal device from other network elements, and the key K will also be stored in the terminal local.
- a terminal device signs a contract with the home network, it will agree on a key K, which is stored in the terminal device’s subscription information, and the terminal device’s subscription information can be stored in the unified data management network element, or Stored in other network elements (such as the unified data repository (UDR) network element), the unified data management network element can obtain the contract information of the terminal device from other network elements, and the key K will also be stored in the terminal local.
- UTR unified data repository
- the synchronization failure parameter is generated, other parameters are also introduced. For example, after the terminal device symmetrically encrypts the second order value, the message authentication code is connected after the encrypted value; the unified data management network element can be Remove the message authentication code in the synchronization failure parameter, and then use the authentication key to symmetrically decrypt the remaining part of the synchronization failure parameter to obtain the second order value.
- the unified data management network element After the unified data management network element obtains the second order value, it can directly replace the first order value stored locally; it can also first compare the second order value with the first order value; after determining the second order value and the first order value After the values are inconsistent, replace the first order value saved locally, otherwise, do not replace.
- Method 2 In addition to the random number and the key K, the message authentication code is also introduced in the process of generating the authentication key.
- the second method of a parameter sending method provided in an embodiment of the present application is introduced, and the method includes:
- Step 401 the same as step 301, for details, please refer to the related description of step 301, which will not be repeated here.
- Step 402 The same as step 302. For details, please refer to the related description of step 302, which will not be repeated here.
- Step 403 The terminal device connects the message authentication code after the exclusive OR value of the authentication key and the sequence value, where the authentication key is generated based on the first parameter and the first reference value, and the first reference value is based on the second parameter and
- the third parameter is generated, where the first parameter, the second parameter, and the third parameter are any of the following: a random number, a locally pre-stored key K, a message authentication code, the first parameter, the second parameter, and the first parameter.
- the three parameters are different parameters.
- Step 404 the same as step 304.
- Step 404 please refer to the related description of step 304, which will not be repeated here.
- Step 405 The unified data management network element first obtains the message authentication code from the synchronization failure parameter, and then obtains the second sequence value from the synchronization failure parameter according to the authentication key, and the unified data management network element generates the authentication key in the same manner as the terminal device generation The authentication key is the same.
- the authentication key is generated twice with a double-input single-output operation (that is, the number of input values is 2 and the number of output values is 1), and during the operation
- the message authentication code is introduced; and according to the different parameters used in each dual-input single-output operation, the authentication key generation methods can be divided into the following three:
- the first type is to generate a first reference value based on a random number and a message authentication code, and generate an authentication key based on the first reference value and the key K.
- the terminal device may first generate the message authentication code according to the random number and the key K; for example, when generating the message authentication code, other parameters such as the second SQN and AMF may also be introduced. After the message authentication code is generated, the first reference value can be generated with a random number.
- the embodiment of this application does not limit the operation method of generating the first reference value based on the random number and the message authentication code. Any operation method that can generate one parameter from two parameters is applicable to the embodiment of this application.
- the exclusive OR operation can be used.
- XOR operation the first operation in the embodiment shown in FIG. 2 can also be used, that is, the F5 operation is used to generate the first reference value.
- the F5 operation please refer to the relevant description in the embodiment shown in FIG. 2.
- the random number and the message authentication code can replace any one of RAND and K in the OUT5 generating formula, respectively.
- the terminal device can generate an authentication key according to the first reference value and the key K.
- the embodiment of the present application does not limit the calculation method of generating the authentication key based on the first reference value and the key K.
- the same calculation method as that of the first reference value can be used to generate the authentication key, or different
- the operation method to generate the authentication key is not limited in the embodiment of this application. Any operation method that can generate one parameter from two parameters is applicable to the embodiment of this application. For example, exclusive OR operation, multiplication operation, and graphs can also be used.
- the first operation in the embodiment shown in 2 that is, the F5 operation is used to generate the first reference value.
- the key K and the first reference value can be Respectively replace any one of RAND and K in the OUT5 generating formula.
- the second type is to generate a first reference value according to the key K and a message authentication code, and generate an authentication key according to the first reference value and a random number.
- the first parameter value is generated according to the key K and the message authentication code, and then the authentication key is generated according to the first reference value and the random number; that is, the key K and The order of introducing the random number is opposite to the order of introducing the key K and the random number in the first method; for the operation method adopted, please refer to the relevant description in the first method, which will not be repeated here.
- the third type is to generate the first reference value according to the random number and the key K, and generate the authentication key according to the first reference value and the message authentication code.
- the first reference value is generated based on the random number and the key K.
- the embodiment of the present application does not limit the calculation method for generating the first reference value; any calculation method that can generate one parameter by two parameters Both are applicable to the embodiments of the present application.
- an XOR operation with a small amount of calculation may be used to generate the first reference value by XORing the random number and the key K, or other operation methods such as XOR operation may also be used;
- the first operation in the embodiment shown in FIG. 2 is used, that is, the F5 operation is used to generate the first reference value.
- the key K and the random number can be Respectively replace any one of RAND and K in the OUT5 generating formula.
- the terminal device may generate an authentication key according to the first reference value and the message authentication code.
- the embodiment of the present application does not limit the calculation method of generating the authentication key based on the first reference value and the key K.
- the same calculation method as that of the first reference value can be used to generate the authentication key; different methods can also be used.
- the operation method to generate the authentication key is not limited in the embodiment of this application. Any operation method that can generate one parameter through two parameters is applicable to the embodiment of this application.
- the first reference value and the message authentication code can be XORed.
- Generate an authentication key; the first operation in the embodiment shown in FIG. 2 can also be used, that is, the F5 operation is used to generate the first reference value.
- the F5 operation please refer to the relevant description in the embodiment shown in FIG. 2.
- the message authentication code and the first reference value can respectively replace any one of RAND and K in the OUT5 generating formula.
- the terminal device since the method of generating the authentication key by the terminal device in the embodiment of this application is different from the method of generating AK in the embodiment shown in FIG. 2, in order to be able to use the method provided by the embodiment of this application to generate synchronization failure Parameter; the terminal device needs to be upgraded.
- the universal subscriber identity module (USIM) of the terminal device can be upgraded.
- the above three ways of generating authentication keys are all examples.
- the embodiment of this application does not limit the way of generating authentication keys; in the above three ways, it can be seen that whether it is the first reference value or the final authentication key
- the generation uses a dual-input single-output calculation method; compared with the generation method shown in Figure 2, it is only one more calculation. If the upgrade method is used, the terminal device can use the above three methods
- a method for generating an authentication key has minor changes to the terminal device, and only needs to be configured to support multiple operations, which can reduce the changes to the terminal device while ensuring the security of the second order value.
- the authentication key and the second order value are XORed, and the message authentication code is connected after the exclusive OR value of the authentication key and the second order value (the XOR value and the message authentication code are Splicing) to generate synchronization authentication parameters.
- the unified data management network element when the unified data management network element receives the synchronization failure parameter, it cannot know which method the terminal device uses to generate the authentication key. If the unified data management network element believes that the terminal device is generating the synchronization failure parameter, Using the method of the embodiment shown in FIG. 2 will cause the unified data management network element to fail to correctly obtain the second order value; in order to avoid the above situation, the terminal device and the unified data management network element may pre-appoint the generation of the authentication key Mode; the terminal device may also send a first indication message to the unified data management network element before sending the synchronization failure message to the unified data management network element to indicate the method of generating the authentication key; the embodiment of the present application does not limit the indication mode, Displayed instructions may be used.
- the first instruction message may indicate that the authentication key is generated using method one (using method one as an example, of course, any of the other methods may also be used).
- the unified data management network element is in After receiving the first indication message, it can be determined that the authentication key in the synchronization failure parameter received subsequently was generated by way of one; an implicit indication way may also be used.
- the first indication message may indicate the authentication key.
- the key is generated by the generation method after the terminal device (such as the USIM card) is upgraded. It can also indicate that the terminal device (such as the USIM card) has been upgraded. It can also indicate the version information in the terminal device (such as the USIM card), such as indicating the version of the USIM card ( release) is R15 or R16.
- the unified data management network element When the unified data management network element receives the first indication message, it can determine whether the USIM card of the terminal device is upgraded, and whether the subsequently received authentication key adopts the above three methods A kind of generated.
- the specific method used may be pre-configured by the unified data management network element.
- the unified data management network element may be pre-configured. If the terminal device has been upgraded, the authentication key is generated by using method one.
- the terminal device simultaneously sends a first indication message when sending a synchronization failure message to the unified data management network element, and the first indication message is carried in the synchronization failure message.
- the above-mentioned indication mode and sending mode of the first indication message are only examples, and the embodiment of the present application is not limited. Any generation mode that enables the unified data management network element to learn the synchronization failure parameter is applicable to the embodiment of the present application.
- the unified data management network element obtains the second order value in a reverse manner of generating the synchronization failure parameter by the terminal device.
- the unified data management network element In order to ensure that the authentication key used by the unified data management network element is the same as the authentication key used on the terminal device side, the unified data management network element needs to obtain the message authentication code generated by the terminal device side; since the terminal device is verifying the authentication key with the second After the sequence value is XORed, the message authentication code is connected after the XOR value, that is to say, the fixed multiple bits after the synchronization failure parameter are the message authentication code; the unified data management network element can directly The message authentication code is obtained from the synchronization failure parameter; the unified data management network element generates the authentication key in the same manner as the terminal device, and then performs an exclusive OR on the authentication key and the synchronization failure parameter with the remaining part of the message authentication code removed to obtain the second Order value.
- the unified data management network element generates the authentication key in the same manner as the terminal device, and the unified data management network element can obtain the terminal device's key K from the contract information of the terminal device.
- the manner in which the unified data management network element generates the authentication key will not be repeated here, and may refer to the manner in which the terminal device generates the authentication key.
- the unified data management network element After the unified data management network element obtains the second order value, it can directly replace the first order value stored locally; it can also first compare the second order value with the first order value; after determining the second order value and the first order value After the values are inconsistent, replace the first order value saved locally, otherwise, do not replace.
- the unified data management network element can perform integrity verification on the message authentication code obtained in the synchronization failure parameter; specifically, the unified data management network element can use the terminal The way the device generates the message verification code generates the verification value.
- the terminal device generates the message verification code based on the key K, random number, second order value, and AMF; the unified data management network element may also use the key K, The random number, the second order value, and the AMF generate a check value.
- the check value is consistent with the message authentication code, the check passes, otherwise the check fails, indicating that the information received by the unified data management network element may be tampered with; unified The second order value acquired by the data management network element may be wrong, and the unified data management network element may request the second order value from the terminal device again, or may not replace the locally stored first order value with the second order value.
- a parameter sending method provided by an embodiment of this application includes:
- Step 501 The same as steps 201 to 210.
- steps 201 to 210 For details, please refer to the related descriptions of steps 201 to 210 shown in FIG. 2, which will not be repeated here.
- Step 502 If the difference between the first SQN and the second SQN is greater than the threshold, the UE will send a synchronization failure message to the SEAF network element and carry AUTS and RAND.
- f 5 * represents the first operation
- the length of the input value is required to be 128 bits
- xor represents the exclusive OR
- TEMP is the first
- the length of the reference value is 48 bits
- the operation method used to generate XMAC is f 1 *
- the length is 64 bits as an example. The following are respectively introduced:
- AK is calculated by exclusive OR (xor) or the first operation, and the second SQN is symmetrically encrypted with AK as the encryption key.
- f6* is the symmetric encryption algorithm, and AK is used for the second SQN.
- XMAC is spliced after the generated result value.
- the encryption key, input and output of symmetric encryption are as follows, taking the AK length of 128 bits as an example (bit):
- Encryption key AK, the length is 128bit.
- Input value second SQN
- Method two use two first operations to calculate AK.
- XMAC is used as an input value of the first operation
- RAND is used as another input value of the first operation
- the output is the first reference value.
- the first reference value and the key K are used as the two input values of the second first operation, and the output is AK.
- the XMAC is spliced after the generated result value to generate AUTS,
- the third way as shown in 6C, use two first operations to calculate AK.
- XMAC is used as an input value of the first operation
- the key K is used as another input value of the first operation
- the output is the first reference value.
- the first reference value and RAND are used as the two input values of the second first operation, and the output is AK; after AK and the second SQN are XORed, the XMAC is spliced after the generated result value to generate AUTS,
- Method 4 use two first operations to calculate AK; or use one first operation and one exclusive OR operation to calculate AK; the keys K and RAND are used as the two input values of the first first operation, and output The first reference value; afterwards, based on the first calculation, output AK according to XMAC and the first reference value; or XMAC and the first reference value are XORed to output AK; after AK and the second SQN are XORed, the result is generated After the value, splice XMAC to generate AUTS,
- XMAC is used as an input of the first calculation
- first reference value takes the first 128 bits as the first reference value Another input of an operation.
- Manner 5 As shown in 6E, the key K and RAND are XORed to obtain the first reference value.
- XMAC and TEMP are used as the two inputs of the first operation and output AK; after the exclusive OR of AK and the second SQN, XMAC is spliced after the generated result value to generate AUTS
- the first operation is the F5 operation as an example.
- the F5 operation process please refer to the related description of step 210 in the embodiment shown in FIG. 2.
- the embodiment of this application does not Which one of the two input parameters of the F5 operation to replace RAND and which replace K can be set according to specific scenarios.
- Step 503 The same as steps 212 to 213, for details, please refer to the related descriptions of steps 212 to 213 shown in FIG. 2, which will not be repeated here.
- Step 504 After receiving the AUTS, the UDM network element obtains the second SQN from the AUTS, and saves the second SQN.
- the UDM network element side can adopt the corresponding five methods to obtain the second SQN from the AUTS, which are introduced separately as follows:
- UDM network element removes XMAC from AUTS to obtain f 6 * AK (second SQN); calculates AK by exclusive OR XOR or the first operation, and uses AK as the decryption key pair f 6 * AK (Second SQN) decrypts to obtain the second SQN.
- the UDM network element obtains the XMAC from the AUTS, and the remaining part of the AUTS with the XMAC removed is the exclusive OR of the second SQN and AK (second ), UDM network elements can generate AK in the manner shown in Figs. 6B-6E, and perform XOR with the remaining part of AUTS without XMAC to obtain the second SQN.
- an embodiment of the present application also provides a communication device for executing the method executed by the terminal device or UE in the method embodiment shown in FIGS. 4 and 5.
- the device includes a receiving unit 701, a processing unit 702, and a sending unit 703:
- the receiving unit 701 is configured to receive the random number and the first sequence value from the unified data management network element.
- the processing unit 702 is configured to, after determining that the difference between the first order value and the locally pre-stored second order value is greater than the threshold, connect the message authentication code after the exclusive OR value of the authentication key and the order value, generate synchronization failure parameters, and authenticate
- the key is generated based on the first parameter and the first reference value.
- the first reference value is generated based on the second parameter and the third parameter.
- the first parameter, the second parameter and the third parameter respectively include any of the following Items: random number, locally pre-stored key K, message authentication code.
- the sending unit 703 is configured to send a synchronization failure message to the unified data management network element, and the synchronization failure message carries a synchronization failure parameter.
- the processing unit 702 to generate the authentication key according to the first parameter and the first reference value, two of which are listed below:
- the operation generates an authentication key based on the first reference value and the key K.
- the operation generates an authentication key based on the first reference value and the random number.
- the processing unit 702 when the processing unit 702 generates the authentication key according to the first parameter and the first reference value, the following method may also be adopted: first generate the first reference value according to the random number and the key K, and then according to the first reference value The value and message authentication code generate an authentication key.
- the processing unit 702 when the processing unit 702 generates the first reference value according to the random number and the key K, in addition to using the F5 operation, other operations, such as an exclusive OR operation, can be used, for example, for the random number and the key K.
- the key K is XORed to generate the first reference value.
- the processing unit 702 when the processing unit 702 generates the authentication key according to the first reference value and the message authentication code, in addition to using the F5 operation, other operations, such as an exclusive OR operation, may be used, for example, for the first The reference value and the message authentication code are XORed to generate an authentication key.
- the sending unit 703 may also inform the unified data management network element of the method of generating the authentication key. For example, it may send to the unified data management network element The first indication message, the first indication message is used to indicate the way of generating the authentication key.
- the synchronization failure message includes a first indication message, and the first indication message is used to indicate a manner of generating the authentication key.
- an embodiment of the present application also provides a communication device for executing the method performed by the unified data management network element or UDM network element in the method embodiment shown in FIGS. 4 and 5,
- the device includes a sending unit 801, a receiving unit 802, and a processing unit 803:
- the sending unit 801 is configured to send the random number and the first sequence value to the terminal device.
- the receiving unit 802 is configured to receive a synchronization failure message from a terminal device, and the synchronization failure message carries a synchronization failure parameter.
- the processing unit 803 is configured to obtain the message authentication code from the synchronization failure parameter; obtain the second order value from the synchronization failure parameter according to the authentication key, the authentication key is generated according to the first parameter and the first reference value, and the first reference value It is generated according to the second parameter and the third parameter, where the first parameter, the second parameter and the third parameter respectively include any of the following: a random number, a key K of the terminal device, and a message authentication code.
- the operation generates an authentication key based on the first reference value and the key K.
- the operation generates an authentication key based on the first reference value and the random number.
- the processing unit 803 when the processing unit 803 generates the authentication key according to the first parameter and the first reference value, the following method may also be adopted: first generate the first reference value according to the random number and the key K, and then according to the first reference value The value and message authentication code generate an authentication key.
- the processing unit 803 when the processing unit 803 generates the first reference value according to the random number and the key K, in addition to using the F5 operation, other operations, such as an exclusive OR operation, can be used.
- the key K is XORed to generate the first reference value.
- the processing unit 803 when the processing unit 803 generates the authentication key according to the first reference value and the message authentication code, in addition to using the F5 operation, other operations, such as an exclusive OR operation, can be used, for example, for the first The reference value and the message authentication code are XORed to generate an authentication key.
- the receiving unit 802 may also receive a first indication message from the terminal device, where the first indication message is used to indicate the manner of generating the authentication key.
- the synchronization failure message includes a first indication message, and the first indication message is used to indicate a manner of generating the authentication key.
- an embodiment of the application also provides a communication device for executing the method executed by the terminal device or UE in the method embodiment shown in FIGS. 3 and 5.
- the apparatus includes a receiving unit 901, a processing unit 902, and a sending unit 903:
- the receiving unit 901 is configured to receive the random number and the first sequence value from the unified data management network element.
- the processing unit 902 is configured to: after determining that the difference between the first order value and the locally pre-stored second order value is greater than the threshold, use the authentication key to symmetrically encrypt the second order value to generate a synchronization failure parameter.
- the authentication key is based on Random number and locally pre-stored key K generated.
- the sending unit 903 is configured to send a synchronization failure message to the unified data management network element, and the synchronization failure message carries a synchronization failure parameter.
- the sending unit 903 may further send a first indication message, where the first indication message is used to indicate the generation manner of the synchronization failure parameter.
- the synchronization failure message includes a first indication message, and the first indication message is used to indicate a manner of generating the synchronization failure parameter.
- the embodiment of the application also provides a communication device for executing the method performed by the unified data management network element or UDM network element in the method embodiment shown in FIGS. 3 and 5,
- the device includes a sending unit 1001, a receiving unit 1002, and a processing unit 1103:
- the sending unit 1001 is configured to send the random number and the first sequence value to the terminal device.
- the receiving unit 1002 is configured to receive a synchronization failure message from a terminal device, and the synchronization failure message carries a synchronization failure parameter.
- the processing unit 1003 is configured to symmetrically decrypt the synchronization failure parameter according to the authentication key to obtain the second order value.
- the authentication key is generated according to the random number and the key K of the terminal device.
- the receiving unit 1002 may also receive a first indication message from the terminal device, where the first indication message is used to indicate the manner of generating the authentication key.
- the synchronization failure message includes a first indication message, and the first indication message is used to indicate a manner of generating the authentication key.
- the division of units in the embodiments of this application is illustrative, and is only a logical function division. In actual implementation, there may be other division methods.
- the functional units in the various embodiments of this application can be integrated into one process. In the device, it can also exist alone physically, or two or more units can be integrated into a module.
- the above-mentioned integrated unit can be realized in the form of hardware or software function module.
- the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
- the technical solution of this application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including a number of instructions to enable a terminal device (which may be a personal computer, a mobile phone, or a network device, etc.) or a processor to execute all or part of the steps of the method in each embodiment of the present application.
- the aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disk or optical disk and other media that can store program code .
- both the unified data management network element and the terminal device may be presented in the form of dividing each functional module in an integrated manner.
- the "module” here can refer to a specific ASIC, circuit, processor and memory that executes one or more software or firmware programs, integrated logic circuit, and/or other devices that can provide the above-mentioned functions.
- the unified data management network element may adopt the form shown in FIG. 11.
- the communication device 1100 shown in FIG. 11 includes at least one processor 1101, a memory 1102, and optionally, a communication interface 1103.
- the memory 1102 may be a volatile memory, such as random access memory; the memory may also be a non-volatile memory, such as read-only memory, flash memory, hard disk drive (HDD) or solid-state drive (solid-state drive, SSD) or the memory 1102 is any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.
- the memory 1102 may be a combination of the foregoing memories.
- connection medium between the foregoing processor 1101 and the memory 1102 is not limited in the embodiment of the present application.
- the processor 1101 may have a data transceiver function and can communicate with other devices.
- an independent data transceiver module such as a communication interface 1103, may be used to send and receive data; the processor 1101 is communicating with other devices. During communication, data transmission can be performed through the communication interface 1103.
- the processor 1101 in FIG. 11 can invoke the computer execution instructions stored in the memory 1402, so that the base station can execute the method executed by the base station in any of the foregoing method embodiments. .
- the functions/implementation processes of the sending unit, the receiving unit, and the processing unit of FIG. 9 or 10 may all be implemented by the processor 1101 in FIG. 11 calling a computer execution instruction stored in the memory 1102.
- the function/implementation process of the processing unit in FIG. 9 or 10 can be implemented by the processor 1101 in FIG. 11 calling a computer execution instruction stored in the memory 1102, and the function/implementation of the sending unit and the receiving unit in FIG. 9 or 10
- the process can be implemented through the communication interface 1103 in FIG. 11.
- the terminal device may adopt the form shown in FIG. 12.
- the communication device 1200 shown in FIG. 12 includes at least one processor 1201, a memory 1202, and optionally, a transceiver 1203.
- the memory 1202 may be a volatile memory, such as a random access memory; the memory may also be a non-volatile memory, such as read only memory, flash memory, hard disk drive (HDD) or solid-state drive (solid-state drive, SSD) or the memory 1202 is any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.
- the memory 1202 may be a combination of the above-mentioned memories.
- connection medium between the foregoing processor 1201 and the memory 1202 is not limited in the embodiment of the present application.
- the processor 1201 may have a data transceiving function and can communicate with other devices.
- an independent data transceiving module such as a transceiver 1203, can be set to transmit and receive data; the processor 1201 is communicating with other devices.
- the transceiver 1203 can be used for data transmission.
- the processor 1201 in FIG. 12 can invoke the computer execution instructions stored in the memory 1202, so that the terminal device can execute the method executed by the terminal device in any of the foregoing method embodiments.
- the functions/implementation processes of the receiving unit, the processing unit, and the sending unit in FIG. 7 or 8 can all be implemented by the processor 1201 in FIG. 12 calling a computer execution instruction stored in the memory 1202.
- the function/implementation process of the processing unit in FIG. 7 or 8 can be realized by the processor 1201 in FIG. 12 calling a computer execution instruction stored in the memory 1202, and the functions/implementation of the receiving unit and the sending unit in FIG. 7 or 8
- the implementation process can be implemented by the transceiver 1203 in FIG. 12.
- the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
- a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
- These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
- the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
- These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
- the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims (34)
- 一种参数发送方法,其特征在于,所述方法包括:在认证过程中,接收来自核心网设备的随机数和第一顺序值;在确定所述第一顺序值与本地预存的第二顺序值的差值大于阈值后,在认证密钥和所述第二顺序值的异或值后连接消息认证码,生成同步失败参数,所述认证密钥是根据第一参数和第一参考值生成的,所述第一参考值是根据第二参数和第三参数生成的,其中,所述第一参数、所述第二参数和所述第三参数分别包括下面的任一项:所述随机数、本地预存的密钥K、所述消息认证码;向所述核心网设备发送同步失败消息,所述同步失败消息中携带所述同步失败参数。
- 如权利要求1所述的方法,其特征在于,所述认证密钥是根据第一参数和第一参考值生成的,包括:根据所述随机数和所述消息认证码生成第一参考值,根据所述第一参考值和所述密钥K生成所述认证密钥;或根据所述密钥K和所述消息认证码生成第一参考值,根据所述第一参考值和所述随机数生成所述认证密钥。
- 如权利要求1所述的方法,其特征在于,所述认证密钥是根据第一参数和第一参考值生成的,包括:根据所述随机数和所述密钥K生成第一参考值,根据所述第一参考值和所述消息认证码生成所述认证密钥。
- 如权利要求3所述的方法,其特征在于,所述根据所述随机数和所述密钥K生成第一参考值,包括:对所述随机数和所述密钥K进行异或生成所述第一参考值。
- 如权利要求3所述的方法,其特征在于,所述根据所述第一参考值和所述消息认证码生成所述认证密钥,包括:对所述第一参考值和所述消息认证码进行异或生成所述认证密钥。
- 如权利要求1~5任一所述的方法,其特征在于,向所述核心网设备发送同步失败消息之前,还包括:向所述核心网设备发送第一指示消息,所述第一指示消息用于指示所述认证密钥的生成方式。
- 如权利要求1~5任一所述的方法,其特征在于,所述同步失败消息包括第一指示消息,所述第一指示消息用于指示所述认证密钥的生成方式。
- 一种参数发送方法,其特征在于,所述方法包括:在认证过程中,向终端设备发送随机数和第一顺序值;接收来自所述终端设备的同步失败消息,所述同步失败消息中携带同步失败参数;从所述同步失败参数获取消息认证码;根据认证密钥从所述同步失败参数中获取第二顺序值,所述认证密钥是根据第一参数和第一参考值生成的,所述第一参考值是根据第二参数和第三参数生成的,其中,所述第一参数、所述第二参数和所述第三参数分别包括下面的任一项:所述随机数、所述终端设备的密钥K、所述消息认证码。
- 如权利要求8所述的方法,其特征在于,所述认证密钥是根据第一参数和第一参考值生成的,包括:根据所述随机数和所述消息认证码生成第一参考值,根据所述第一参考值和所述密钥K生成所述认证密钥;或根据所述密钥K和所述消息认证码生成第一参考值,根据所述第一参考值和所述随机数生成所述认证密钥。
- 如权利要求8所述的方法,其特征在于,所述认证密钥是根据第一参数和第一参考值生成的,包括:根据所述随机数和所述密钥K生成第一参考值,根据所述第一参考值和所述消息认证码生成所述认证密钥。
- 如权利要求10所述的方法,其特征在于,所述根据所述随机数和所述密钥K生成第一参考值,包括:对所述随机数和所述密钥K进行异或生成所述第一参考值。
- 如权利要求10所述的方法,其特征在于,所述根据所述第一参考值和所述消息认证码生成所述认证密钥,包括:对所述第一参考值和所述消息认证码进行异或生成所述认证密钥。
- 如权利要求8~12任一所述的方法,其特征在于,所述接收来自所述终端设备的同步失败消息之前,还包括:接收来自所述终端设备的第一指示消息,所述第一指示消息用于指示所述认证密钥的生成方式。
- 如权利要求8~12任一所述的方法,其特征在于,所述同步失败消息包括第一指示消息,所述第一指示消息用于指示所述认证密钥的生成方式。
- 一种参数发送方法,其特征在于,所述方法包括:在认证过程中,接收来自核心网设备的随机数和第一顺序值;在确定所述第一顺序值与本地预存的第二顺序值的差值大于阈值后,利用认证密钥对所述第二顺序值进行对称加密,生成同步失败参数,所述认证密钥是根据所述随机数和本地预存的密钥K生成的;向所述核心网设备发送同步失败消息,所述同步失败消息中携带所述同步失败参数。
- 如权利要求15所述的方法,其特征在于,向所述核心网设备发送同步失败消息之前,还包括:发送第一指示消息,所述第一指示消息用于指示所述同步失败参数的生成方式。
- 如权利要求15所述的方法,其特征在于,所述同步失败消息包括第一指示消息,所述第一指示消息用于指示所述认证密钥的生成方式。
- 一种参数发送方法,其特征在于,所述方法包括:在认证过程中,向终端设备发送随机数和第一顺序值;接收来自所述终端设备的同步失败消息,所述同步失败消息中携带同步失败参数;根据认证密钥对所述同步失败参数进行对称解密,获取第二顺序值,所述认证密钥是根据所述随机数、所述终端设备的密钥K生成的。
- 如权利要求18所述的方法,其特征在于,所述接收来自所述终端设备的同步失败消息之前,还包括:接收来自所述终端设备的第一指示消息,所述第一指示消息用于指示所述认证密钥的生成方式。
- 如权利要求18所述的方法,其特征在于,所述同步失败消息包括第一指示消息,所述第一指示消息用于指示所述认证密钥的生成方式。
- 一种通信装置,其特征在于,用于实现如权利要求1至7任一项所述的方法。
- 一种通信装置,其特征在于,用于实现如权利要求8至14任一项所述的方法。
- 一种通信装置,其特征在于,用于实现如权利要求15至17任一项所述的方法。
- 一种通信装置,其特征在于,用于实现如权利要求18至20任一项所述的方法。
- 一种通信装置,其特征在于,包括处理器和存储器,所述存储器中存储有指令,所述处理器执行所述指令时,使得所述装置执行权利要求1至7任一项所述的方法。
- 一种通信装置,其特征在于,包括处理器和存储器,所述存储器中存储有指令,所述处理器执行所述指令时,使得所述装置执行权利要求8至14任一项所述的方法。
- 一种通信装置,其特征在于,包括处理器和存储器,所述存储器中存储有指令,所述处理器执行所述指令时,使得所述装置执行权利要求15至17任一项所述的方法。
- 一种通信装置,其特征在于,包括处理器和存储器,所述存储器中存储有指令,所述处理器执行所述指令时,使得所述装置执行权利要求18至20任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行如权利要求1至7中任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行如权利要求8至14中任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行如权利要求15至17中任一项所述的方法。
- 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得计算机执行如权利要求18至20中任一项所述的方法。
- 一种计算机芯片,其特征在于,所述芯片与存储器相连,所述芯片用于读取并执行所述存储器中存储的软件程序,执行如权利要求1到20任一项所述的方法。
- 一种包含指令的计算机程序产品,其特征在于,当其在计算机上运行时,使得计算机执行如权利要求1到20任一项所述的方法。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP20794645.0A EP3952241A4 (en) | 2019-04-24 | 2020-04-24 | METHOD AND APPARATUS FOR SENDING PARAMETERS |
JP2021563063A JP7237200B2 (ja) | 2019-04-24 | 2020-04-24 | パラメータ送信方法及び装置 |
CA3137389A CA3137389A1 (en) | 2019-04-24 | 2020-04-24 | Parameter sending method and apparatus |
US17/506,882 US20220046003A1 (en) | 2019-04-24 | 2021-10-21 | Parameter sending method and apparatus |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910335677.3 | 2019-04-24 | ||
CN201910335677.3A CN111865870B (zh) | 2019-04-24 | 2019-04-24 | 一种参数发送方法及装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/506,882 Continuation US20220046003A1 (en) | 2019-04-24 | 2021-10-21 | Parameter sending method and apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020216338A1 true WO2020216338A1 (zh) | 2020-10-29 |
Family
ID=72940871
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/086767 WO2020216338A1 (zh) | 2019-04-24 | 2020-04-24 | 一种参数发送方法及装置 |
Country Status (6)
Country | Link |
---|---|
US (1) | US20220046003A1 (zh) |
EP (1) | EP3952241A4 (zh) |
JP (1) | JP7237200B2 (zh) |
CN (2) | CN114513330A (zh) |
CA (1) | CA3137389A1 (zh) |
WO (1) | WO2020216338A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114205168A (zh) * | 2021-12-20 | 2022-03-18 | 全球能源互联网研究院有限公司 | 一种用于身份认证的终端设备密钥分配方法及系统 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112561422B (zh) * | 2020-12-04 | 2023-07-25 | 中国联合网络通信集团有限公司 | 基于网联无人机的商品运输方法、用户端、密钥管理平台 |
CN112788596A (zh) * | 2021-02-03 | 2021-05-11 | 北京智芯微电子科技有限公司 | 安全加密信息生成方法和系统及5g终端认证方法和系统 |
CN114024674B (zh) * | 2021-11-23 | 2024-05-31 | 支付宝(杭州)信息技术有限公司 | 两方安全比较的方法及系统 |
CN115002750A (zh) * | 2022-05-25 | 2022-09-02 | 中国电信股份有限公司 | 一种通信认证方法及相关设备 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1859729A (zh) * | 2005-06-04 | 2006-11-08 | 华为技术有限公司 | 一种鉴权方法及相应的信息传递方法 |
CN101123778A (zh) * | 2007-09-29 | 2008-02-13 | 大唐微电子技术有限公司 | 网络接入鉴权方法及其usim卡 |
CN101399603A (zh) * | 2007-09-30 | 2009-04-01 | 华为技术有限公司 | 重同步方法、认证方法及设备 |
CN101511084A (zh) * | 2008-02-15 | 2009-08-19 | 中国移动通信集团公司 | 一种移动通信系统的鉴权和密钥协商方法 |
CN101741555A (zh) * | 2008-11-12 | 2010-06-16 | 中兴通讯股份有限公司 | 身份认证和密钥协商方法及系统 |
WO2011003227A1 (en) * | 2009-07-06 | 2011-01-13 | Nokia Corporation | Managing respective sequence numbers for different networks independently |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100389634C (zh) * | 2005-08-02 | 2008-05-21 | 华为技术有限公司 | 一种同步攻击防护方法及相应的鉴权方法 |
CN101098221A (zh) * | 2006-06-26 | 2008-01-02 | 华为技术有限公司 | 一种无线蜂窝网络中网络层安全认证方法 |
CN1968096B (zh) * | 2006-10-25 | 2010-05-19 | 中国移动通信集团公司 | 一种同步流程优化方法和系统 |
CN101784048B (zh) * | 2009-01-21 | 2014-01-01 | 中兴通讯股份有限公司 | 动态更新密钥的身份认证和密钥协商方法及系统 |
JP5754328B2 (ja) * | 2011-09-28 | 2015-07-29 | 富士通株式会社 | スイッチ装置およびスイッチ方法 |
US10694378B2 (en) | 2013-03-29 | 2020-06-23 | Sony Corporation | Integrated circuit, communication method, computer program, and communication apparatus |
KR101517909B1 (ko) * | 2013-12-13 | 2015-05-06 | 경북대학교 산학협력단 | 유헬스케어 무선 센서 네트워크를 위한 상호 인증 방법 |
MA45323A (fr) * | 2016-03-18 | 2019-01-23 | Forticode Ltd | Procédé et système d'authentification d'utilisateur à sécurité améliorée |
JP2017191965A (ja) * | 2016-04-11 | 2017-10-19 | 富士通株式会社 | 通信装置及びパケット送受信プログラム |
CN107508672B (zh) * | 2017-09-07 | 2020-06-16 | 浙江神州量子网络科技有限公司 | 一种基于对称密钥池的密钥同步方法和密钥同步装置、密钥同步系统 |
US10805161B2 (en) * | 2017-09-13 | 2020-10-13 | Verizon Digital Media Services Inc. | Rapid configuration propagation in a distributed multi-tenant platform |
-
2019
- 2019-04-24 CN CN202210009579.2A patent/CN114513330A/zh active Pending
- 2019-04-24 CN CN201910335677.3A patent/CN111865870B/zh active Active
-
2020
- 2020-04-24 CA CA3137389A patent/CA3137389A1/en active Pending
- 2020-04-24 EP EP20794645.0A patent/EP3952241A4/en active Pending
- 2020-04-24 WO PCT/CN2020/086767 patent/WO2020216338A1/zh unknown
- 2020-04-24 JP JP2021563063A patent/JP7237200B2/ja active Active
-
2021
- 2021-10-21 US US17/506,882 patent/US20220046003A1/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1859729A (zh) * | 2005-06-04 | 2006-11-08 | 华为技术有限公司 | 一种鉴权方法及相应的信息传递方法 |
CN101123778A (zh) * | 2007-09-29 | 2008-02-13 | 大唐微电子技术有限公司 | 网络接入鉴权方法及其usim卡 |
CN101399603A (zh) * | 2007-09-30 | 2009-04-01 | 华为技术有限公司 | 重同步方法、认证方法及设备 |
CN101511084A (zh) * | 2008-02-15 | 2009-08-19 | 中国移动通信集团公司 | 一种移动通信系统的鉴权和密钥协商方法 |
CN101741555A (zh) * | 2008-11-12 | 2010-06-16 | 中兴通讯股份有限公司 | 身份认证和密钥协商方法及系统 |
WO2011003227A1 (en) * | 2009-07-06 | 2011-01-13 | Nokia Corporation | Managing respective sequence numbers for different networks independently |
Non-Patent Citations (1)
Title |
---|
See also references of EP3952241A4 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114205168A (zh) * | 2021-12-20 | 2022-03-18 | 全球能源互联网研究院有限公司 | 一种用于身份认证的终端设备密钥分配方法及系统 |
CN114205168B (zh) * | 2021-12-20 | 2023-07-18 | 全球能源互联网研究院有限公司 | 一种用于身份认证的终端设备密钥分配方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
US20220046003A1 (en) | 2022-02-10 |
CN111865870A (zh) | 2020-10-30 |
JP2022529837A (ja) | 2022-06-24 |
CA3137389A1 (en) | 2020-10-29 |
CN114513330A (zh) | 2022-05-17 |
JP7237200B2 (ja) | 2023-03-10 |
EP3952241A1 (en) | 2022-02-09 |
EP3952241A4 (en) | 2022-06-01 |
CN111865870B (zh) | 2022-01-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020177768A1 (zh) | 一种网络验证方法、装置及系统 | |
WO2020216338A1 (zh) | 一种参数发送方法及装置 | |
US11825303B2 (en) | Method for performing verification by using shared key, method for performing verification by using public key and private key, and apparatus | |
US10638321B2 (en) | Wireless network connection method and apparatus, and storage medium | |
US11496320B2 (en) | Registration method and apparatus based on service-based architecture | |
KR101490214B1 (ko) | 공유된 일시적 키 데이터의 세트를 갖는 교환들을 인코딩하기 위한 시스템들 및 방법들 | |
US10555170B2 (en) | Method and apparatus for authentication of wireless devices | |
KR102112542B1 (ko) | 디피 헬먼(Diffie-Hellman) 절차를 이용한 세션 키 생성 방법 및 시스템 | |
WO2020221252A1 (zh) | 发送终端序列号的方法和装置以及认证方法和装置 | |
CN111147231B (zh) | 一种密钥协商的方法、相关装置及系统 | |
WO2019095990A1 (zh) | 一种通信方法及装置 | |
WO2015144041A1 (zh) | 一种网络鉴权认证的方法及设备 | |
CN110831002B (zh) | 一种密钥推演的方法、装置及计算存储介质 | |
WO2015144042A1 (zh) | 一种网络鉴权认证的方法及设备 | |
US20230308875A1 (en) | Wi-fi security authentication method and communication apparatus | |
CN111836260B (zh) | 一种认证信息处理方法、终端和网络设备 | |
CN111835691B (zh) | 一种认证信息处理方法、终端和网络设备 | |
CN112400335B (zh) | 用于执行数据完整性保护的方法和计算设备 | |
US20230108626A1 (en) | Ue challenge to a network before authentication procedure | |
US20240323188A1 (en) | Method and device for identity authentication | |
CN118802307A (zh) | 通信鉴权方法及相关装置、存储介质、计算机程序产品 | |
CN116347432A (zh) | 网络认证方法、装置、终端及网络侧设备 | |
WO2020037957A1 (zh) | 客户端注册方法、装置及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20794645 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 3137389 Country of ref document: CA |
|
ENP | Entry into the national phase |
Ref document number: 2021563063 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2020794645 Country of ref document: EP Effective date: 20211027 |