WO2022052751A1 - 互相认证的方法和装置 - Google Patents

互相认证的方法和装置 Download PDF

Info

Publication number
WO2022052751A1
WO2022052751A1 PCT/CN2021/112904 CN2021112904W WO2022052751A1 WO 2022052751 A1 WO2022052751 A1 WO 2022052751A1 CN 2021112904 W CN2021112904 W CN 2021112904W WO 2022052751 A1 WO2022052751 A1 WO 2022052751A1
Authority
WO
WIPO (PCT)
Prior art keywords
public key
terminal device
random number
message
network
Prior art date
Application number
PCT/CN2021/112904
Other languages
English (en)
French (fr)
Inventor
赵明宇
严学强
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2022052751A1 publication Critical patent/WO2022052751A1/zh
Priority to US18/181,871 priority Critical patent/US20230208656A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/108Source integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present application relates to the field of communications, and more particularly, to a method and apparatus for mutual authentication.
  • the existing communication networks are all network-centric, and users adapt to the network, that is, users can only choose the functions provided by the network, especially the functions provided by the centralized core network are of large granularity and cannot meet the personalized needs of users.
  • the existing centralized core network element entities can generally handle a large number of users, and they are deployed centrally. They have a relatively high status in the network, and there is a risk of single-point failure, such as mobility management, session management, user data management, Policy management and other network elements.
  • a user-centric network (UCN) network architecture is proposed.
  • Digital reflection (DR) is deployed on the edge cloud.
  • Each UE has its own DR.
  • Users are dynamically migrated to the Multi-access Edge Computing (MEC) where the users are located to realize a user-centric network architecture design.
  • MEC Multi-access Edge Computing
  • the UCN network architecture is a subversive design for the existing network architecture. Therefore, many existing network functions, communication schemes, and workflows need to be changed accordingly. Among them, the two-way authentication between the user and the network is to establish communication. The more important key processes in the initial stage of the connection. Therefore, the two-way authentication between the UE and the DR is an urgent technical problem to be solved when the user turns on for the first time for registration, or when the user turns off for a long time and turns on again.
  • the present application provides a method and device for mutual authentication, which can avoid leakage of user information.
  • a method for mutual authentication including: a digital mapping DR sends a first message to a terminal device, where the first message includes a first DR public key, and the first DR public key is obtained by using a home network The public key of the DR signed by the private key of the DR; the DR encrypts the first random number with the public key of the second terminal device, the first random number is generated by the DR, and the public key of the second terminal device is encrypted by using the public key of the second terminal device.
  • the DR sends a second message to the terminal device, where the second message includes the first message encrypted with the public key of the second terminal device random number; the DR receives a second response message sent by the terminal device, where the second response message includes a first random number encrypted by using the second DR public key, and the second DR public key is obtained by using the The public key of the DR obtained after verifying the public key of the home network with the public key of the first DR; the DR decrypts the encrypted first random number by using the private key of the DR, and obtains the first random number. a random number.
  • the DR encrypts the first random number with the public key of the terminal device, and sends the encrypted first random number to the terminal device. If the terminal device obtains the first random number by decrypting its own private key, the terminal device Through the authentication of the DR, the terminal device is a terminal device associated with the DR. This solution can realize the authentication between the terminal device and the network in the UCN network architecture, and avoid the leakage of user information.
  • the second response message further includes a second random number encrypted with the second DR public key, where the second random number is generated by the terminal device.
  • the method further includes: the DR decrypts the second random number encrypted with the second DR public key by using the private key of the DR to obtain the second random number; The DR encrypts the second random number by using the public key of the second terminal device; the DR sends a third message to the terminal device, where the third message includes using the public key of the second terminal device Encrypted second random number. If the DR obtains the second random number by decrypting its own private key, it sends the second random number encrypted by the public key of the terminal device to the terminal device. After the terminal device receives it, it confirms that the DR has received the second response message sent by itself. Completed the DR's certification of yourself.
  • the method further includes: the DR sends a fourth message to the distributed database DDB, where the fourth message is used to request an acquisition the public key of the terminal device and the public key of the DR, wherein the fourth message includes the identifier of the terminal device and the identifier of the DR; the DR receives the fourth response message sent by the DDB , the fourth response message includes the first terminal device public key and the first DR public key, where the first terminal device public key is the public key of the terminal device signed with the private key of the home network.
  • the DR receiving the fourth response message sent by the DDB includes: the DR verifies the public key of the first terminal device by using the public key of the home network, and obtains the public key of the first terminal device.
  • the public key of the second terminal device includes: the DR verifies the public key of the first terminal device by using the public key of the home network, and obtains the public key of the first terminal device. The public key of the second terminal device.
  • the method before the DR sends the fourth message to the distributed database DDB, the method further includes: the DR receives a fifth message sent by the user identity decryption function SIDF, where the fifth message includes The identity of the terminal device.
  • the method before the DR sends the fourth message to the distributed database DDB, the method further includes: receiving, by the DR, a sixth message sent by a network device, where the sixth message includes the sixth message A terminal device identifier, wherein the first terminal device identifier is an identifier of the terminal device encrypted by using the public key of the home network.
  • the DR receiving the sixth message sent by the network device includes: the DR decrypts the identifier of the first terminal device by using the private key of the home network to obtain the information of the terminal device. logo.
  • the sixth message further includes the identity of the home network signed by using the private key of the network device; the DR uses the public key of the network device to identify the network device using the The identity of the home network signed by the private key of the device is decrypted to verify that the network device is legitimate.
  • the method further includes: sending the DR to the network device.
  • the DDB sends a seventh message, where the seventh message is used to request to obtain the public key of the network device, and the seventh message includes the identifier of the network device; the DR receives the seventh message sent by the DDB. response message, the seventh response message includes the public key of the network device signed with the private key of the home network; the DR uses the public key of the home network to The public key of the network device signed by the private key is verified to obtain the public key of the network device.
  • a method for mutual authentication including: a terminal device receives a first message sent by a digital mapping DR, where the first message includes a first DR public key, and the first DR public key is obtained by using a home The public key of the DR signed by the private key of the local network; the terminal device receives the second message sent by the DR, and the second message includes the first random number encrypted with the public key of the second terminal device, so The first random number is generated by the DR, and the second terminal device public key is the public key of the terminal device verified by using the public key of the home network; the terminal device uses the private key of the terminal device.
  • the terminal device decrypts the first random number encrypted with the public key of the second terminal device to obtain the first random number; the terminal device encrypts the first random number according to the first DR public key to obtain the encrypted the first random number after encryption; the terminal device sends a second response message to the DR, where the second response message includes the encrypted first random number.
  • the terminal device uses its own private key to decrypt the first random number encrypted by the public key of the terminal device. If the first random number is obtained by decryption, the first random number is encrypted by the public key of the DR. , and send a second response message to the DR, the second response message includes the first random number encrypted with the public key of the DR, and the DR obtains the first random number after decryption, and the DR considers that the terminal device is associated with it. terminal equipment.
  • This solution can realize the authentication between the terminal device and the network in the UCN network architecture, and avoid the leakage of user information.
  • encrypting the first random number by the terminal device according to the first DR public key includes: the terminal device using the public key of the home network to verify the first DR public key to obtain a second DR public key, the second DR public key is the DR's public key verified with the public key of the home network; the terminal device uses the second DR public key to pair The first random number is encrypted.
  • the method further includes: the terminal device sends an eighth message to the network device, where the eighth message includes the first message A terminal device identification, wherein the first terminal device identification is an identification of the terminal device encrypted by using the public key of the home network.
  • the eighth message further includes the identifier of the DR.
  • the terminal device sending the second response message to the DR includes: the terminal device encrypts a second random number by using the second DR public key, where the second random number is the generated by the terminal device; the terminal device sends a second response message to the DR, where the second response message includes a first random number encrypted with the second DR public key and a first random number encrypted with the second DR public key. The second random number encrypted by the key.
  • the method further includes: receiving, by the terminal device, a third message sent by the DR, where the third message includes a second random number encrypted with the public key of the second terminal device;
  • the terminal device decrypts the second random number encrypted by using the public key of the second terminal device by using the private key of the terminal device to obtain the second random number.
  • a method for mutual authentication including: a user identity decryption function SIDF sends a tenth message to a distributed mapping system DMS, where the tenth message is used to query the identity of the digital map DR corresponding to the terminal device , the tenth message includes the identifier of the terminal device; the SIDF receives the tenth response message sent by the DMS, and the tenth response message includes the identifier of the DR; A fifth message is sent, where the fifth message includes the identifier of the terminal device.
  • the method further includes: receiving, by the SIDF, an authentication request message sent by a network device, the authentication request message It includes the first terminal device identification, the identification of the service network where the network device is located, and the identification of the home network signed with the private key of the service network; the SIDF sends the ninth message to the distributed database DDB, the The ninth message is used to obtain the public key of the service network, and the ninth message includes the identifier of the service network; the SIDF receives the ninth response message sent by the DDB, and the ninth response message includes the public key of the service network; the SIDF uses the public key of the service network to verify the identity of the home network signed with the private key of the service network, and obtains the identity of the home network, to verify that the service network is legitimate.
  • the method further includes: the SIDF decrypts the identifier of the first terminal device by using the private key of the home network to obtain the identifier of the terminal device.
  • a communication device comprising: a processor and a transceiver, the transceiver is configured to receive computer code or instructions and transmit them to the processor, and the processor executes the computer code or instructions, A method as in the first aspect or any possible implementation manner of the first aspect.
  • a communication device comprising: a processor and a transceiver, the transceiver is configured to receive computer codes or instructions and transmit them to the processor, and the processor executes the computer codes or instructions, A method as in the second aspect or any possible implementation of the second aspect.
  • a communication system comprising: a digital mapping DR and a terminal device in the method of the first aspect and the second aspect.
  • a computer-readable storage medium where a computer program is stored in the computer-readable medium; when the computer program runs on a computer, the computer causes the computer to execute the first aspect or any possible implementation manner of the first aspect method in .
  • a computer-readable storage medium stores a computer program; when the computer program runs on a computer, the computer can execute the second aspect or any possible implementation manner of the second aspect. method in .
  • Figure 1 is a schematic diagram of the UCN architecture.
  • FIG. 2 is a schematic diagram of a widely deployed network architecture of an edge cloud according to an embodiment of the present application.
  • FIG. 3 is a flowchart interaction diagram of a method for mutual authentication according to an embodiment of the present application.
  • FIG. 4 is a schematic flow diagram of mutual authentication between a terminal device and a DR in an initial stage according to an embodiment of the present application.
  • FIG. 5 is a schematic flow diagram of another mutual authentication between a terminal device and a DR in an initial stage according to an embodiment of the present application.
  • FIG. 6 is a schematic block diagram of a communication apparatus according to an embodiment of the present application.
  • FIG. 7 is a schematic block diagram of another communication apparatus according to an embodiment of the present application.
  • FIG. 8 is a schematic block diagram of another communication apparatus according to an embodiment of the present application.
  • the embodiments of the present application may be applied to various communication systems, such as a wireless local area network (WLAN), a narrowband Internet of things (NB-IoT), a global system for mobile communications (global system for mobile communications, GSM), enhanced data rate for gsm evolution (EDGE), wideband code division multiple access (WCDMA), code division multiple access 2000 system (code division multiple access) access, CDMA2000), time division-synchronization code division multiple access system (time division-synchronization code division multiple access, TD-SCDMA), long term evolution system (long term evolution, LTE), satellite communication, fifth generation (5th generation, 5G) system or a new communication system that will appear in the future.
  • WLAN wireless local area network
  • NB-IoT narrowband Internet of things
  • GSM global system for mobile communications
  • EDGE enhanced data rate for gsm evolution
  • WCDMA wideband code division multiple access
  • CDMA2000 code division multiple access 2000 system
  • time division-synchronization code division multiple access system time division-synchronization code division multiple access
  • the terminal devices involved in the embodiments of the present application may include various handheld devices with wireless communication functions, vehicle-mounted devices, wearable devices, computing devices, or other processing devices connected to a wireless modem.
  • the terminal can be a mobile station (mobile station, MS), a subscriber unit (subscriber unit), user equipment (user equipment, UE), a cellular phone (cellular phone), a smart phone (smart phone), a wireless data card, a personal digital assistant ( personal digital assistant, PDA) computer, tablet computer, wireless modem (modem), handheld device (handset), laptop computer (laptop computer), machine type communication (machine type communication, MTC) terminal, etc.
  • the existing communication networks are all network-centric, and users adapt to the network, that is, users can only choose the functions provided by the network, especially the functions provided by the centralized core network are of large granularity and cannot meet the personalized needs of users.
  • the existing centralized core network element entities can generally handle a large number of users, and they are deployed centrally. They have a relatively high status in the network, and there is a risk of single-point failure, such as mobility management, session management, user data management, Policy management and other network elements.
  • a user-centric network (UCN) network architecture is proposed.
  • digital reflection (DR) is deployed on the edge cloud, and each UE has a Its own DR can be dynamically migrated to the multi-access edge computing (MEC) where the user is located according to the user's needs, so as to realize the user-centric network architecture design.
  • MEC multi-access edge computing
  • Distributed data provisioning system can manage the user's personal digital property, including identity identification, application name identification, and user status information.
  • Distributed mapping system (DMS), based on technologies such as distributed hashing, establishes a distributed mapping system between user identities, application names and addresses, and is distributed in edge clouds to meet near real-time requirements update and query requirements.
  • Life cycle management system (life cycle management, LCM), based on distributed architecture, realizes the life cycle management and operation of DR.
  • the UCN network architecture is a subversive design for the existing network architecture. Therefore, many existing network functions, communication schemes, and workflows need to be changed accordingly. Among them, the two-way authentication between the user and the network is to establish communication. For a more important key process in the initial stage of the connection, the embodiments of the present application are mainly aimed at the authentication mechanism and process based on the user and the DR under the UCN architecture.
  • the two-way authentication between the UE and the network is jointly completed by the UE, the mobility management entity (MME) and the home subscriber server (HSS).
  • MME mobility management entity
  • HSS home subscriber server
  • the UE sends an attach request containing a globally unique user temporary identity (GUTI)/international mobile subscriber identity (IMSI), the MME adds the ID of the visited network, and then forwards it to the HSS, if IMSI If the ID and ID pass the verification, an authentication vector group is generated and sent to the MME.
  • GUI globally unique user temporary identity
  • IMSI international mobile subscriber identity
  • the MME selects a vector, assigns a secret key, and sends an authentication request to the UE; the UE extracts information from it, and if the verification passes, the authenticity of the HSS is verified; then calculate the authentication request response
  • the value (response, RES) is sent to the MME, and the MME compares the RES. If they are consistent, the UE is authenticated. In this way, the two-way authentication is completed, and the encryption key and the protection key are calculated according to the agreed algorithm, so as to realize the subsequent confidential communication.
  • the IMSI when the user initially attaches, the IMSI is transmitted in the air interface in plaintext, which may cause the risk of IMSI sniffing and tracking attacks; and the centralized authentication network element may suffer from distributed denial of service (DDOS). ) attack and single point of failure risk; in addition, in roaming scenarios, the service network is involved in authentication, which brings risks to users when there is service network fraud.
  • DDOS distributed denial of service
  • the two-way authentication between the UE and the network is performed by the UE, the access and mobility management function (AMF), and the authentication server function (AUSF) of the home network. Similar to the LTE authentication process, the difference is that the user identity is encrypted and transmitted over the air interface during the initial registration phase to avoid interception of the user identity; during 5G authentication, the mutual authentication between the user terminal and its home network enables users to visit and belong to. Unified authentication mechanism in different scenarios; 5G unifies 3GPP and non-3GPP authentication methods, supports extensible authentication protocol-authentication and key agreement' (EAP-AKA') and 5G There are two methods of authentication and key agreement (5G authentication and key agreement, 5G AKA).
  • the centralized core network authentication network element has the risk of DDOS attack and single point of failure; when the UE checks the authenticity and freshness of the identity of the authentication signal, there is no explicit requirement to use a function to protect the counter (sequence number, SQN), there is an attacker learning the user's SQN by tracking the nearby SQN for a period of time, thereby realizing a location attack or an activity monitoring attack.
  • edge cloudification of the network will become an inevitable trend.
  • the edge cloud and the core cloud will form synergy and complement each other.
  • the edge cloud will be closer to users and better support applications that have high requirements on latency and data privacy. It is suitable for distributed deployment of network functions.
  • the embodiments of the present application are based on the assumption that the edge cloud has been widely deployed in an application scenario.
  • FIG. 2 a schematic diagram of a widely deployed network architecture of an edge cloud according to an embodiment of the present application is shown.
  • This embodiment of the present application proposes a mutual authentication method, which is used in a scenario where a user needs to perform two-way authentication with the network in the network architecture of UCN. When the time is turned off and then turned on again, two-way authentication needs to be performed again.
  • FIG. 3 a schematic flow diagram of a mutual authentication method according to an embodiment of the present application is shown.
  • the digitally mapped DR sends a first message to the terminal device, where the first message includes a first DR public key, where the first DR public key is the DR's public key signed with the private key of the home network.
  • the DR may request the obtained public key of the DR and the public key of the terminal device from a distributed database (distributed database, DDB).
  • DDB distributed database
  • the DR may send a fourth message to the DDB for requesting to obtain the public key of the terminal device and the public key of the DR, wherein the fourth message includes the identification of the terminal device and the identification of the DR; the DDB receives the information sent by the DR.
  • a fourth response message is sent to the DR, the fourth response message includes the public key of the first terminal device and the public key of the first DR, the first
  • the terminal device public key is the public key of the terminal device signed with the private key of the home network; the DR receives the fourth response message sent by the DDB, and obtains the first terminal device public key and the first terminal device public key from the fourth response message.
  • a DR public key It should be understood that the public key obtained by the DR request from the DDB is signed by the operator using the private key of the home network.
  • the terminal device receives the first message sent by the digital mapping DR, and uses the public key of the home network to verify the first DR public key included in the first message to obtain a second DR public key, where the second DR public key is The public key of the DR obtained after verification with the public key of the home network.
  • the first DR public key and the second DR public key are public keys in different states after the DR's public key is signed or verified.
  • the public key of the home network is known to the terminal device.
  • the DR may verify the public key of the first terminal device by using the public key of the home network to obtain the public key of the second terminal device.
  • the DR encrypts the first random number by using the public key of the second terminal device, the first random number is generated by the DR, and the public key of the second terminal device is the public key of the terminal device verified by using the public key of the home network. key.
  • the public key of the first terminal device and the public key of the second terminal device are public keys in different states after the public key of the terminal device is signed or verified.
  • the public key of the home network is also known to the DR.
  • the DR sends a second message to the terminal device, where the second message includes the first random number encrypted with the public key of the second terminal device.
  • the terminal device receives the second message sent by the DR.
  • the terminal device decrypts the first random number encrypted by using the public key of the second terminal device by using the private key of the terminal device to obtain the first random number.
  • the private key of the terminal device is unique to the terminal device, and only the terminal device can decrypt the first random number encrypted with the public key of the second terminal device.
  • the terminal device encrypts the first random number according to the first DR public key to obtain the encrypted first random number. Specifically, the terminal device encrypts the first random number with the second DR public key, and obtains the first random number encrypted with the second DR public key.
  • the terminal device encrypts the second random number by using the second DR public key to generate a second random number encrypted by using the second DR public key, where the second random number is generated by the terminal device.
  • the terminal device sends a second response message to the DR, where the second response message includes the first random number encrypted with the second DR public key.
  • the second response message further includes a second random number encrypted with the second DR public key.
  • the DR receives the second response message sent by the terminal device.
  • the second response message includes the first random number encrypted with the second DR public key, or the second response message includes the first random number encrypted with the second DR public key and the second DR public key.
  • the encrypted second random number is the first random number encrypted with the second DR public key and the second DR public key.
  • the DR decrypts the first random number encrypted with the public key of the second DR using its own private key to obtain the first random number, then the DR confirms that the terminal device is the target terminal device, and the target terminal device can be understood as the same as the DR. associated end device.
  • the private key of the DR is unique to the DR, and only the DR can decrypt the first random number encrypted with the public key of the second DR.
  • the DR decrypts the second random number encrypted with the second DR public key with its own private key to obtain the first random number encrypted with the second DR public key.
  • Two random numbers The DR encrypts the second random number by using the public key of the second terminal device, and sends a third message to the terminal device, where the third message includes the second random number encrypted by using the public key of the second terminal device.
  • the terminal device receives the third message sent by the DR, and uses its own private key to decrypt the second random number encrypted with the public key of the second terminal device to obtain a second random number, then the terminal device confirms that the DR is Its target DR, the target DR can be understood as the DR associated with the terminal device.
  • the DR encrypts the first random number by using the public key of the terminal device, and sends the encrypted first random number to the terminal device. If the terminal device obtains the first random number by decrypting its own private key number, the terminal device passes the authentication of the DR, and the terminal device is a terminal device associated with the DR.
  • This solution can realize the authentication between the terminal device and the network in the UCN network architecture, avoiding the risk of user information leakage.
  • the authentication between the terminal device and the DR further includes an initial protocol stage, which is used to determine that it is the authentication between the terminal device and the DR.
  • FIG. 4 a schematic flow diagram of mutual authentication between a terminal device and a DR in an initial stage is shown.
  • the terminal device sends an eighth message to a network device in a serving network (servicing network, SN), such as a base station, where the eighth message includes the first terminal device identifier and the home network identity sent in plaintext (home network identity, HNid), the first terminal device identifier is the identifier of the terminal device encrypted with the public key of the home network.
  • a serving network serving network
  • HNid home network identity
  • the first terminal device identifier is the identifier of the terminal device encrypted with the public key of the home network.
  • the identity of the home network is used to address the home network.
  • plaintext transmission refers to a transmission method that is not encrypted with a public key or signed with a private key.
  • the base station receives the eighth message sent by the terminal device, and sends an authentication request message to the user identity decryption function (subscription identifier de-concealing function, SIDF) of the home network according to the identifier of the home network in the eighth message, and the authentication
  • the request message includes the identity of the first terminal device, the identity (servicing network identity, SNid) of the serving network where the base station is located, and the HNid signed with the private key of the SN.
  • the SIDF is a functional module deployed on the edge cloud, and is used to decrypt the identifier of the first terminal and find the corresponding DR of the terminal device.
  • the SIDF receives the authentication request message sent by the base station. First, it is necessary to verify the legitimacy of the SN to prevent the terminal equipment accessing the fake base station from interacting with it.
  • the SIDF sends a ninth message to the DDB, where the ninth message is used to request the DDB to obtain the public key of the SN, and the ninth message may include the SNid.
  • the DDB receives the ninth message sent by the SIDF, and sends a ninth response message to the SIDF according to the ninth message, where the ninth response message includes the public key of the SN.
  • the SIDF receives the ninth response message sent by the DDB, obtains the public key of the SN, and verifies the HNid signed with the private key of the SN through the public key of the SN. legitimate. It should be understood that only the public key of the SN can verify the private key of the SN, and the legal public key of the SN is registered in the DDB by the operator.
  • the authentication request message sent by the base station received by the SIDF includes the first terminal device identifier, and the SIDF decrypts the first terminal device identifier by using the private key of the home network to obtain the terminal device identifier, so as to know which terminal device it is. Network authentication is required.
  • the SIDF also needs to know which DR the terminal device is authenticated with.
  • the DMS includes the mapping information between the terminal device and the DR. Therefore, the SIDF sends the tenth message to the DMS to query the DMS for the DR corresponding to the terminal device. Include the identification of the terminal device.
  • the DMS receives the tenth message sent by the SIDF, queries the DR corresponding to the terminal device according to the identifier of the terminal device in the tenth message, and sends a tenth response message to the SIDF, where the tenth response message includes the corresponding DR of the terminal device. DR's logo.
  • the SIDF receives the tenth response message sent by the DMS, obtains the identifier of the DR corresponding to the terminal device from the tenth response message, and sends a fifth message to the DR according to the identifier of the DR, where the fifth message includes the terminal.
  • the identification of the device enables the DR to perform subsequent authentication with the terminal device.
  • FIG. 5 another schematic flow diagram of the mutual authentication between the terminal device and the DR in the initial stage is shown.
  • the terminal device sends an eighth message to a network device in a serving network (servicing network, SN), such as a base station, where the eighth message includes the first terminal device identifier and the home network identity sent in plaintext (home network identity, HNid) and the identifier of the DR, the first terminal device identifier is the identifier of the terminal device encrypted with the public key of the home network.
  • SN serving network
  • the identity of the home network is used to address the home network.
  • the operator allocates a DR and an initial DR identifier to the terminal device in the home network, and writes the DR identifier and the identifier of the home network into the terminal together.
  • the operator In the universal subscriber identity module (USIM) card of the device, the operator also needs to map the identity of the terminal device and the identity of the DR in the DMS.
  • USIM universal subscriber identity module
  • the base station receives the eighth message sent by the terminal device, and sends a sixth message to the DR according to the identifier of the DR in the eighth message, where the sixth message includes the identifier of the first terminal device.
  • the DR receives the sixth message sent by the base station.
  • the sixth message also includes the identity of the home network signed with the private key of the SN, then the DR decrypts the identity of the home network signed with the private key of the SN by obtaining the public key of the SN to verify the identity of the home network.
  • the DR sends a seventh message to the DDB, where the seventh message is used to request to obtain the public key of the SN, and the seventh message may include the SNid.
  • the DDB receives the seventh message sent by the DR, and sends a seventh response message to the DR according to the SNid included in the seventh message, where the seventh response message includes the public key of the SN signed with the private key of the home network.
  • the DR receives the seventh response message sent by the DDB, and uses the public key of the home network to verify the public key of the SN signed with the private key of the home network to obtain the public key of the SN.
  • the DR uses the public key of the SN to verify the identity of the home network signed with the private key of the SN. If the identity HNid of the home network can be obtained by correct verification, the SN is considered legal or the base station is legal. It should be understood that only the public key of the SN can verify the private key of the SN, and the legal public key of the SN is registered in the DDB by the operator.
  • the sixth message received by the DR and sent by the base station includes the identifier of the first terminal device, and the DR decrypts the identifier of the first terminal device by using the private key of the home network to obtain the identifier of the terminal device, so as to know which terminal it is.
  • the device needs to be authenticated with it.
  • FIG. 6 a schematic block diagram of a communication apparatus 600 according to an embodiment of the present application is shown.
  • the communication apparatus may be applied to the DR in the method embodiments of FIGS. 3 to 5 , or may be a component, such as a chip, for implementing the methods of the embodiments of FIGS. 3 to 5 .
  • the communication device 600 includes a transceiver unit 610 and a processing unit 620 .
  • a transceiver unit 610 configured to send a first message to the terminal device, where the first message includes a first DR public key, and the first DR public key is the DR's public key signed with the private key of the home network;
  • the processing unit 620 is configured to encrypt a first random number by using the public key of the second terminal device, the first random number is generated by the DR, and the public key of the second terminal device is verified by using the public key of the home network the public key of the terminal device;
  • the transceiver unit 610 is further configured to send a second message to the terminal device, where the second message includes a first random number encrypted with the public key of the second terminal device;
  • the transceiver unit 610 is further configured to receive a second response message sent by the terminal device, where the second response message includes a first random number encrypted with a second DR public key, and the second DR public key is: The public key of the DR obtained after verifying the public key of the first DR with the public key of the home network;
  • the processing unit 620 is further configured to decrypt the encrypted first random number by using the private key of the DR to obtain the first random number.
  • the second response message further includes a second random number encrypted with the second DR public key, where the second random number is generated by the terminal device.
  • the processing unit 620 is further configured to decrypt the second random number encrypted with the second DR public key by using the private key of the DR to obtain the second random number;
  • the second terminal device public key encrypts the second random number;
  • the transceiver unit 610 is further configured to send a third message to the terminal device, where the third message includes a second random number encrypted with the public key of the second terminal device.
  • the transceiver unit 610 is further configured to send a fourth message to the distributed database DDB, where the fourth message is used to request to obtain the public key and the terminal device's public key.
  • the public key of the DR wherein the fourth message includes the identifier of the terminal device and the identifier of the DR; and receives a fourth response message sent by the DDB, where the fourth response message includes the first The public key of the terminal device and the first DR public key, where the first public key of the terminal device is the public key of the terminal device signed with the private key of the home network.
  • the processing unit 620 is further configured to verify the public key of the first terminal device by using the public key of the home network to obtain the public key of the second terminal device.
  • the transceiver unit 610 is further configured to receive a fifth message sent by the user identification decryption function SIDF, where the fifth message includes the identification of the terminal device. .
  • the transceiver unit 610 is further configured to receive a sixth message sent by the network device, where the sixth message includes the identifier of the first terminal device, wherein , the first terminal device identifier is the identifier of the terminal device encrypted by using the public key of the home network.
  • the processing unit 620 is further configured to decrypt the identifier of the first terminal device by using the private key of the home network to obtain the identifier of the terminal device.
  • the sixth message further includes the identity of the home network signed with the private key of the network device;
  • the processing unit 620 is further configured to decrypt the identity of the home network signed with the private key of the network device by using the public key of the network device, so as to verify that the network device is legal.
  • the transceiver unit 610 is further configured to send the first number to the DDB. Seven messages, the seventh message is used to request to obtain the public key of the network device, and the seventh message includes the identifier of the network device; receive the seventh response message sent by the DDB, the seventh response The message includes the public key of the network device signed with the private key of the home network;
  • the processing unit 620 is further configured to use the public key of the home network to verify the public key of the network device signed with the private key of the home network to obtain the public key of the network device.
  • FIG. 7 a schematic block diagram of a communication apparatus 900 according to an embodiment of the present application is shown.
  • the communication apparatus may be applied to the terminal equipment in the method embodiments of FIG. 3 to FIG. 5 , or may be a component, such as a chip, that implements the methods of the embodiments of FIG. 3 to FIG. 5 .
  • the communication device 700 includes a transceiver unit 710 and a processing unit 720 .
  • a transceiver unit 710 configured to receive a first message sent by the digital mapping DR, where the first message includes a first DR public key, and the first DR public key is the DR's signature signed with the private key of the home network public key;
  • the transceiver unit 710 is further configured to receive a second message sent by the DR, where the second message includes a first random number encrypted with the public key of the second terminal device, and the first random number is the DR generated, the second terminal device public key is the public key of the terminal device verified by using the public key of the home network;
  • a processing unit 720 configured to decrypt the first random number encrypted with the public key of the second terminal device by using the private key of the terminal device to obtain the first random number
  • the processing unit 720 is further configured to encrypt the first random number according to the first DR public key to obtain an encrypted first random number;
  • the transceiver unit 710 is further configured to send a second response message to the DR, where the second response message includes the encrypted first random number.
  • the processing unit 720 is specifically configured to: verify the first DR public key by using the public key of the home network to obtain a second DR public key, where the second DR public key is obtained by using the public key of the home network.
  • the transceiver unit 710 is further configured to send an eighth message to the network device, where the eighth message includes the identifier of the first terminal device, wherein the The first terminal device identification is the identification of the terminal device encrypted with the public key of the home network.
  • the eighth message further includes the identifier of the DR.
  • the processing unit 720 is further configured to use the second DR public key to encrypt a second random number, where the second random number is generated by the terminal device;
  • the transceiver unit 710 is specifically configured to send a second response message to the DR, where the second response message includes a first random number encrypted with the second DR public key and a first random number encrypted with the second DR public key. Encrypted second random number.
  • the transceiver unit 710 is further configured to receive a third message sent by the DR, where the third message includes a second random number encrypted with the public key of the second terminal device;
  • the processing unit 720 is further configured to decrypt the second random number encrypted with the public key of the second terminal device by using the private key of the terminal device to obtain the second random number.
  • FIG. 8 a schematic block diagram of a communication apparatus 800 according to an embodiment of the present application is shown.
  • the communication device includes a processor 810 and a transceiver 820, and the transceiver 820 is configured to receive computer codes or instructions and transmit them to the processor 810, and the processor 810 executes the computer codes or instructions to implement the present invention.
  • An embodiment of the present application provides a communication device, including a memory and a processor, where the memory is used for storing a computer program, and the processor is used for executing the computer program stored in the memory, so that the communication device executes the method in the embodiment of the present application.
  • the communication device may be a terminal device or a digital mapping DR in this embodiment of the present application.
  • the above-mentioned processor may be an integrated circuit chip with signal processing capability.
  • each step of the above method embodiments may be completed by a hardware integrated logic circuit in a processor or an instruction in the form of software.
  • the above-mentioned processor may be a general-purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), an off-the-shelf programmable gate array (field programmable gate array, FPGA), or other possible solutions.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • Programming logic devices, discrete gate or transistor logic devices, discrete hardware components discrete hardware components.
  • a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • the steps of the method disclosed in conjunction with the embodiments of the present application may be directly embodied as executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor.
  • the software modules may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art.
  • the storage medium is located in the memory, and the processor reads the information in the memory, and completes the steps of the above method in combination with its hardware.
  • the memory described above may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory.
  • the non-volatile memory may be read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically programmable Erase programmable read-only memory (electrically EPROM, EEPROM) or flash memory.
  • Volatile memory may be random access memory (RAM), which acts as an external cache.
  • RAM random access memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • SDRAM synchronous DRAM
  • SDRAM double data rate synchronous dynamic random access memory
  • double data rate SDRAM double data rate SDRAM
  • DDR SDRAM enhanced synchronous dynamic random access memory
  • ESDRAM enhanced synchronous dynamic random access memory
  • SCRAM synchronous link dynamic random access memory
  • direct rambus RAM direct rambus RAM
  • the above-mentioned memory may be integrated in the processor, or the above-mentioned processor and the memory may also be integrated on the same chip, or may be respectively located on different chips and connected by means of interface coupling.
  • This embodiment of the present application does not limit this.
  • the embodiments of the present application provide a communication chip, including a processor and a communication interface, where the processor is configured to read instructions to execute the methods in the embodiments of the present application.
  • the embodiments of the present application further provide a computer-readable storage medium, on which a computer program for implementing the methods in the foregoing method embodiments is stored.
  • a computer program for implementing the methods in the foregoing method embodiments is stored.
  • the computer program runs on a computer, the computer can implement the methods in the above method embodiments.
  • the disclosed system, apparatus and method may be implemented in other manners.
  • the apparatus embodiments described above are only illustrative.
  • the division of the units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium.
  • the technical solution of the present application can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution, and the computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk and other media that can store program codes .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本申请提供了一种互相认证的方法和装置,能够避免用户信息泄露。该方法包括:DR向终端设备发送第一消息,该第一消息中包括第一DR公钥,该第一DR公钥是利用归属地网络的私钥签名的DR的公钥;DR利用第二终端设备公钥对第一随机数加密,该第一随机数是所述DR生成的,第二终端设备公钥是利用归属地网络的公钥验证后的终端设备的公钥;DR向终端设备发送第二消息,该第二消息中包括利用第二终端设备公钥加密的第一随机数;DR接收终端设备发送的第二响应消息,该第二响应消息中包括利用第二DR公钥加密的第一随机数,第二DR公钥是利用归属地网络的公钥对第一DR公钥验证后获得的该DR的公钥;DR利用自己的私钥对加密的第一随机数解密,获得第一随机数。

Description

互相认证的方法和装置
本申请要求于2020年09月14日提交中国专利局、申请号为202010960237.X、申请名称为“互相认证的方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及通信领域,并且更具体地,涉及一种互相认证的方法和装置。
背景技术
现有的通信网络都是以网络为中心,用户适应网络,即用户只能选择网络提供的功能,尤其是集中式的核心网提供的功能都是大颗粒度的,无法满足用户个性化需求。现有的集中式的核心网网元实体一般能处理大量的用户,且集中部署,在网络中的地位比较高,存在单点失效的风险,例如,移动性管理、会话管理、用户数据管理、策略管理等网元。
目前,提出了以用户为中心的网络(user centric network,UCN)的网络架构,数字映射(digital reflection,DR)部署在边缘云上,每个UE都有一个自己的DR,DR根据需要可以随用户动态迁移至用户所在的多接入边缘计算(Mulit-access Edge Computing,MEC),实现以用户为中心的网络架构设计。
UCN网络架构对现有网络架构来说,是一个颠覆性的设计,因此,现有的众多网络功能、通信方案、工作流程等需要进行相应的改变,其中,用户与网络的双向认证是建立通信连接的初始阶段中比较重要的关键流程。因此,用户首次开机进行注册时,或者,由于用户长时间的关机,再开机时,UE与DR之间的双向认证,是亟待解决的技术问题。
发明内容
本申请提供了一种互相认证的方法和装置,能够避免用户信息泄露。
第一方面,提供一种互相认证的方法,包括:数字映射DR向终端设备发送第一消息,所述第一消息中包括第一DR公钥,所述第一DR公钥是利用归属地网络的私钥签名的DR的公钥;所述DR利用第二终端设备公钥对第一随机数加密,所述第一随机数是所述DR生成的,所述第二终端设备公钥是利用归属地网络的公钥验证后的所述终端设备的公钥;所述DR向所述终端设备发送第二消息,所述第二消息中包括利用所述第二终端设备公钥加密的第一随机数;所述DR接收所述终端设备发送的第二响应消息,所述第二响应消息中包括利用第二DR公钥加密的第一随机数,所述第二DR公钥是利用所述归属地网络的公钥对所述第一DR公钥验证后获得的所述DR的公钥;所述DR利用所述DR的私钥对所述加密的第一随机数解密,获得所述第一随机数。
基于上述技术方案,DR通过终端设备的公钥对第一随机数加密,向终端设备发送加 密的第一随机数,若终端设备通过自己的私钥解密获得该第一随机数,则该终端设备通过DR的认证,该终端设备为与该DR关联的终端设备。该方案可以实现UCN网络架构中,终端设备与网络之间的认证,避免用户信息的泄露。
在一种实现方式中,所述第二响应消息中还包括利用所述第二DR公钥加密的第二随机数,所述第二随机数是所述终端设备生成的。
在一种实现方式中,所述方法还包括:所述DR利用所述DR的私钥对所述利用所述第二DR公钥加密的第二随机数解密,获得所述第二随机数;所述DR利用所述第二终端设备公钥对所述第二随机数加密;所述DR向所述终端设备发送第三消息,所述第三消息中包括利用所述第二终端设备公钥加密的第二随机数。若DR通过自己的私钥解密获得第二随机数,则向终端设备发送通过终端设备的公钥加密的第二随机数,终端设备收到后则确认DR收到了自己发送的第二响应消息,完成了DR对自己的认证。
在一种实现方式中,在所述数字映射DR向终端设备发送第一消息之前,所述方法还包括:所述DR向分布式数据库DDB发送第四消息,所述第四消息用于请求获取所述终端设备的公钥和所述DR的公钥,其中,所述第四消息中包括所述终端设备的标识和所述DR的标识;所述DR接收所述DDB发送的第四响应消息,所述第四响应消息中包括第一终端设备公钥和所述第一DR公钥,所述第一终端设备公钥是利用所述归属地网络的私钥签名的终端设备的公钥。
在一种实现方式中,所述DR接收所述DDB发送的第四响应消息,包括:所述DR利用所述归属地网络的公钥对所述第一终端设备公钥进行验证,获得所述第二终端设备公钥。
在一种实现方式中,在所述DR向分布式数据库DDB发送第四消息之前,所述方法还包括:所述DR接收用户标识解密功能SIDF发送的第五消息,所述第五消息中包括所述终端设备的标识。
在一种实现方式中,在所述DR向分布式数据库DDB发送第四消息之前,所述方法还包括:所述DR接收网络设备发送的第六消息,所述第六消息中包括所述第一终端设备标识,其中,所述第一终端设备标识为利用所述归属地网络的公钥加密的终端设备的标识。
在一种实现方式中,所述DR接收网络设备发送的第六消息,包括:所述DR利用所述归属地网络的私钥,对所述第一终端设备标识解密,获得所述终端设备的标识。
在一种实现方式中,所述第六消息中还包括利用所述网络设备的私钥签名的归属地网络的标识;所述DR利用所述网络设备的公钥,对所述利用所述网络设备的私钥签名的归属地网络的标识解密,以验证所述网络设备合法。
在一种实现方式中,所述DR利用所述网络设备的公钥,对所述利用所述网络设备的私钥签名的归属地网络的标识解密之前,所述方法还包括:所述DR向所述DDB发送第七消息,所述第七消息用于请求获取所述网络设备的公钥,所述第七消息中包括所述网络设备的标识;所述DR接收所述DDB发送的第七响应消息,所述第七响应消息中包括利用所述归属地网络的私钥签名的网络设备的公钥;所述DR利用所述归属地网络的公钥,对所述利用所述归属地网络的私钥签名的网络设备的公钥进行验证,获得所述网络设备的公钥。
第二方面,提供了一种互相认证的方法,包括:终端设备接收数字映射DR发送的第 一消息,所述第一消息中包括第一DR公钥,所述第一DR公钥是利用归属地网络的私钥签名的所述DR的公钥;所述终端设备接收所述DR发送的第二消息,所述第二消息中包括利用第二终端设备公钥加密的第一随机数,所述第一随机数是所述DR生成的,所述第二终端设备公钥是利用归属地网络的公钥验证后的所述终端设备的公钥;所述终端设备利用所述终端设备的私钥对所述利用第二终端设备公钥加密的第一随机数解密,获得所述第一随机数;所述终端设备根据所述第一DR公钥对所述第一随机数加密,获得加密后的第一随机数;所述终端设备向所述DR发送第二响应消息,所述第二响应消息中包括所述加密后的第一随机数。
基于上述技术方案,终端设备利用自己的私钥,对通过终端设备的公钥加密的第一随机数解密,若解密获得该第一随机数,则通过DR的公钥对该第一随机数加密,并向DR发送第二响应消息,该第二响应消息中包括利用DR的公钥加密后的第一随机数,DR通过解密后获得该第一随机数,则DR认为该终端设备是与其关联的终端设备。该方案可以实现UCN网络架构中,终端设备与网络之间的认证,避免用户信息的泄露。
在一种实现方式中,所述终端设备根据所述第一DR公钥对所述第一随机数加密,包括:所述终端设备利用所述归属地网络的公钥验证所述第一DR公钥,以获得第二DR公钥,所述第二DR公钥是利用所述归属地网络的公钥验证后的所述DR的公钥;所述终端设备利用所述第二DR公钥对所述第一随机数加密。
在一种实现方式中,在所述终端设备接收数字映射DR发送的第一消息之前,所述方法还包括:所述终端设备向网络设备发送第八消息,所述第八消息中包括第一终端设备标识,其中,所述第一终端设备标识是利用所述归属地网络的公钥加密的终端设备的标识。
在一种实现方式中,所述第八消息中还包括所述DR的标识。
在一种实现方式中,所述终端设备向所述DR发送第二响应消息,包括:所述终端设备利用所述第二DR公钥对第二随机数加密,所述第二随机数是所述终端设备生成的;所述终端设备向所述DR发送第二响应消息,所述第二响应消息中包括利用所述第二DR公钥加密的第一随机数和利用所述第二DR公钥加密的第二随机数。
在一种实现方式中,所述方法还包括:所述终端设备接收所述DR发送的第三消息,所述第三消息中包括利用所述第二终端设备公钥加密的第二随机数;所述终端设备利用所述终端设备的私钥,对所述利用所述第二终端设备公钥加密的第二随机数解密,获得所述第二随机数。
第三方面,提供了一种互相认证的方法,包括:用户标识解密功能SIDF向分布式映射系统DMS发送第十消息,所述第十消息用于查询所述终端设备对应的数字映射DR的标识,所述第十消息中包括所述终端设备的标识;所述SIDF接收所述DMS发送的第十响应消息,所述第十响应消息中包括所述DR的标识;所述SIDF向所述DR发送第五消息,所述第五消息中包括终端设备的标识。
在一种实现方式中,在所述用户标识解密功能SIDF向分布式映射系统DMS发送第十消息之前,所述方法还包括:所述SIDF接收网络设备发送的认证请求消息,所述认证请求消息中包括第一终端设备标识、所述网络设备所在的服务网络的标识以及利用所述服务网络的私钥签名的归属地网络的标识;所述SIDF向分布式数据库DDB发送第九消息,所述第九消息用于获取所述服务网络的公钥,所述第九消息中包括所述服务网络的标识; 所述SIDF接收所述DDB发送的第九响应消息,所述第九响应消息中包括所述服务网络的公钥;所述SIDF利用所述服务网络的公钥,对所述利用所述服务网络的私钥签名的归属地网络的标识进行验证,获得所述归属地网络的标识,以验证所述服务网络合法。
在一种实现方式中,所述方法还包括:所述SIDF利用归属地网络的私钥对所述第一终端设备标识解密,获得所述终端设备的标识。
第四方面,提供了一种通信装置,包括:处理器和收发器,所述收发器用于接收计算机代码或指令,并传输至所述处理器,所述处理器运行所述计算机代码或指令,如第一方面或第一方面任意可能的实现方式中的方法。
第五方面,提供了一种通信装置,包括:处理器和收发器,所述收发器用于接收计算机代码或指令,并传输至所述处理器,所述处理器运行所述计算机代码或指令,如第二方面或第二方面任意可能的实现方式中的方法。
第六方面,提供了一种通信系统,包括:包括第一方面和第二方面所述方法中的数字映射DR和终端设备。
第七方面,提供了一种计算机可读存储介质,所述计算机可读介质存储有计算机程序;所述计算机程序在计算机上运行时,使得计算机执行第一方面或第一方面任意可能的实现方式中的方法。
第八方面,提供了一种计算机可读存储介质,所述计算机可读介质存储有计算机程序;所述计算机程序在计算机上运行时,使得计算机执行第二方面或第二方面任意可能的实现方式中的方法。
附图说明
图1为UCN架构示意图。
图2为本申请实施例的一种边缘云广泛部署的网络架构示意图。
图3为本申请实施例的一种互相认证的方法的流程交互图。
图4为本申请实施例的一种终端设备与DR的互相认证在初始阶段的示意性流程交互图。
图5为本申请实施例的另一种终端设备与DR的互相认证在初始阶段的示意性流程交互图。
图6为本申请实施例的一种通信装置的示意性框图。
图7为本申请实施例的另一种通信装置的示意性框图。
图8为本申请实施例的另一种通信装置的示意性框图。
具体实施方式
下面将结合附图,对本申请中的技术方案进行描述。
本申请实施例可以应用于各种通信系统,例如无线局域网系统(wireless local area network,WLAN)、窄带物联网系统(narrow band-internet of things,NB-IoT)、全球移动通信系统(global system for mobile communications,GSM)、增强型数据速率GSM演进系统(enhanced data rate for gsm evolution,EDGE)、宽带码分多址系统(wideband code division multiple access,WCDMA)、码分多址2000系统(code division multiple access, CDMA2000)、时分同步码分多址系统(time division-synchronization code division multiple access,TD-SCDMA),长期演进系统(long term evolution,LTE)、卫星通信、第五代(5th generation,5G)系统或者将来出现的新的通信系统等。
本申请实施例中所涉及到的终端设备可以包括各种具有无线通信功能的手持设备、车载设备、可穿戴设备、计算设备或连接到无线调制解调器的其它处理设备。终端可以是移动台(mobile station,MS)、用户单元(subscriber unit)、用户设备(user equipment,UE)、蜂窝电话(cellular phone)、智能电话(smart phone)、无线数据卡、个人数字助理(personal digital assistant,PDA)电脑、平板型电脑、无线调制解调器(modem)、手持设备(handset)、膝上型电脑(laptop computer)、机器类型通信(machine type communication,MTC)终端等。
现有的通信网络都是以网络为中心,用户适应网络,即用户只能选择网络提供的功能,尤其是集中式的核心网提供的功能都是大颗粒度的,无法满足用户个性化需求。现有的集中式的核心网网元实体一般能处理大量的用户,且集中部署,在网络中的地位比较高,存在单点失效的风险,例如,移动性管理、会话管理、用户数据管理、策略管理等网元。
为解决上述问题,提出了以用户为中心的网络(user centric network,UCN)的网络架构,如图1所示,数字映射(digital reflection,DR)部署在边缘云上,每个UE都有一个自己的DR,DR根据需要可以随用户动态迁移至用户所在的多接入边缘计算(Mulit-access Edge Computing,MEC),实现以用户为中心的网络架构设计。
分布式数据管理系统(distributed data provisioning system,DDPS),可以对用户的个人数字财产,包括身份标识、应用名标识、用户的状态信息进行管理。分布式映射系统(distributed mapping system,DMS),基于诸如分布式哈希等技术,建立用户的身份标识,应用名称以及地址之间的分布式映射系统,分布式部署在边缘云中,满足近乎实时的更新和查询需求。生命周期管理系统(life cycle management,LCM),基于分布式架构,实现对DR的生命周期管理和操作。
UCN网络架构对现有网络架构来说,是一个颠覆性的设计,因此,现有的众多网络功能、通信方案、工作流程等需要进行相应的改变,其中,用户与网络的双向认证是建立通信连接的初始阶段中比较重要的关键流程,本申请实施例主要针对UCN架构下,基于用户与DR的认证机制和流程。
为了便于对本申请实施例的理解,对现有技术方案中用户与网络之间的双向认证进行简单描述。
在LTE中,UE与网络的双向认证是由UE、移动性管理实体(mobility management entity,MME)和归属签约用户服务器(home subscriber server,HSS)共同完成的。UE发送包含全球唯一的用户临时标识(globally unique temporary identity,GUTI)/国际移动用户识别码(international mobile subscriber identity,IMSI)的附着请求,MME加上拜访网络的ID,再转给HSS,若IMSI和ID通过验证,则产生认证向量组发给MME,MME选择一个向量,分配秘钥,并向UE发送认证请求;UE从中提取信息,检验通过则验证了HSS的真实性;再计算认证请求响应值(response,RES)发给MME,MME对RES进行对比,若一致,则通过对UE的认证。从而完成双向认证,并根据约定的算法推算加密秘钥和保护秘钥,实现后续的保密通信。
在该方案中,用户初始附着时,在空口明文中传送IMSI,存在引发IMSI嗅探攻击及追踪攻击的风险;且集中式的认证网元,存在遭受分布式拒绝服务(distributed denial of service,DDOS)攻击和单点失效的风险;除此之外,在漫游场景,服务网络参与了认证,当存在服务网络欺诈时,为用户带来风险。
在5G中,UE与网络的双向认证是由UE与接入和移动性管理功能(access and mobility management function,AMF)、归属地网络的认证服务器功能(authentication server function,AUSF)共同完成的。与LTE的认证流程相似,不同点在于:初始注册阶段就在空口加密传输用户标识,避免用户身份被截获;5G认证时用户终端与其归属网络的相互认证,实现了用户在拜访地和归属地等不同场景下的统一的认证机制;5G归一了3GPP和非3GPP的认证方法,支持扩展认证协议-认证和秘钥协商’(extensible authentication protocol-authentication and key agreement’,EAP-AKA’)和5G认证和秘钥协商(5G authentication and key agreement,5G AKA)两种方法。
但是,集中式的核心网认证网元,存在遭受DDOS攻击和单点失效的风险;在UE检查认证信号的标识的真实性和新鲜度时,没有明确要求使用函数进行保护作为输入的计数器(sequence number,SQN),存在攻击者通过一段时间跟踪附近的SQN来学习用户的SQN,从而实现位置攻击或活动监视攻击。
未来网络边缘云化成为必然趋势,边缘云和核心云形成协同互补,边缘云更靠近用户,能够更好地支持对时延、数据隐私等有高要求的应用,适合网络功能的分布式部署。本申请实施例基于假设边缘云已广泛部署的应用场景。如图2所示,出示了本申请实施例的一种边缘云广泛部署的网络架构示意图。
本申请实施例提出了一种互相认证的方法,用于UCN的网络架构中,用户需要与网络进行双向认证的场景,例如,用户首次开机进行注册时所需的双向认证,或者,由于用户长时间的关机,再开机时,需要重新进行双向认证的场景。如图3所示,出示了本申请实施例的一种互相认证的方法的示意性流程交互图。
301,数字映射DR向终端设备发送第一消息,该第一消息中包括第一DR公钥,该第一DR公钥是利用归属地网络的私钥签名的DR的公钥。
可选的,在数字映射DR向终端设备发送第一消息之前,DR可以向分布式数据库(distributed database,DDB)请求获取的该DR的公钥和终端设备的公钥。
具体而言,DR可以向DDB发送第四消息,用于请求获取终端设备的公钥和DR的公钥,其中,该第四消息中包括终端设备的标识和DR的标识;DDB接收DR发送的第四消息,并根据该第四消息中终端设备的标识和DR的标识,向DR发送第四响应消息,该第四响应消息中包括第一终端设备公钥和第一DR公钥,第一终端设备公钥是利用所述归属地网络的私钥签名的终端设备的公钥;DR接收DDB发送的该第四响应消息,并从该第四响应消息中获得第一终端设备公钥和第一DR公钥。应理解,DR向DDB请求获取的公钥都是被运营商利用归属地网络的私钥签名过的。
302,终端设备接收数字映射DR发送的第一消息,并利用归属地网络的公钥验证第一消息中包括的第一DR公钥,以获得第二DR公钥,该第二DR公钥是利用归属地网络的公钥验证后获得的所述DR的公钥。应理解,第一DR公钥和第二DR公钥是DR的公钥被签名或被验证后的呈现不同状态的公钥。归属地网络的公钥对于终端设备来说是已知 的。
303,DR可以利用归属地网络的公钥对第一终端设备公钥进行验证,获得第二终端设备公钥。DR利用第二终端设备公钥对第一随机数进行加密,该第一随机数是该DR生成的,第二终端设备公钥是利用归属地网络的公钥验证后的所述终端设备的公钥。应理解,第一终端设备公钥和第二终端设备公钥是终端设备的公钥被签名或被验证后的呈现不同状态的公钥。归属地网络的公钥对于DR来说也是已知的。
304,DR向终端设备发送第二消息,该第二消息中包括利用第二终端设备公钥加密的第一随机数。
305,终端设备接收DR发送的第二消息。
306,终端设备利用终端设备的私钥对利用第二终端设备公钥加密的第一随机数解密,获得第一随机数。终端设备的私钥是该终端设备独有的,唯有该终端设备可以对利用第二终端设备公钥加密的第一随机数解密。
307,终端设备根据第一DR公钥对该第一随机数加密,获得加密后的第一随机数。具体而言,终端设备利用第二DR公钥对所述第一随机数加密,获得利用该第二DR公钥加密后的第一随机数。
可选的,终端设备利用第二DR公钥对第二随机数进行加密,生成利用第二DR公钥加密的第二随机数,该第二随机数是终端设备生成的。
308,终端设备向DR发送第二响应消息,该第二响应消息中包括利用第二DR公钥加密后的第一随机数。
可选的,第二响应消息中还包括利用第二DR公钥加密后的第二随机数。
309,DR接收终端设备发送的第二响应消息。该第二响应消息中包括利用第二DR公钥加密后的第一随机数,或者,该第二响应消息中包括利用第二DR公钥加密后的第一随机数和利用第二DR公钥加密后的第二随机数。
310,DR利用自己的私钥对利用第二DR公钥加密的第一随机数解密,获得第一随机数,则DR确认该终端设备为其目标终端设备,目标终端设备可以理解为与该DR关联的终端设备。DR的私钥是该DR独有的,唯有该DR可以对利用第二DR公钥加密的第一随机数解密。
可选的,若第二响应消息中还包括利用第二DR公钥加密后的第二随机数,则DR利用自己的私钥对利用第二DR公钥加密的第二随机数解密,获得第二随机数。DR利用第二终端设备公钥对第二随机数加密,并向终端设备发送第三消息,该第三消息中包括利用第二终端设备公钥加密的第二随机数。
可选的,终端设备接收DR发送的第三消息,并利用自己的私钥,对利用第二终端设备公钥加密的第二随机数解密,获得第二随机数,则终端设备确认该DR为其目标DR,目标DR可以理解为与该终端设备关联的DR。
在本申请实施例提供的技术方案中,DR通过终端设备的公钥对第一随机数加密,向终端设备发送加密的第一随机数,若终端设备通过自己的私钥解密获得该第一随机数,则该终端设备通过DR的认证,该终端设备为与该DR关联的终端设备。该方案可以实现UCN网络架构中,终端设备与网络之间的认证,避免用户信息泄露的风险。
可选的,在DR向DDB发送第四消息之前,终端设备和DR之间的认证还包括初始 协议阶段,该阶段用于确定是所述终端设备与所述DR之间的认证。
如图4所示,出示了一种终端设备与DR的互相认证在初始阶段的示意性流程交互图。
401,终端设备向服务网络(servicing network,SN)中网络设备,例如基站,发送第八消息,该第八消息中包括第一终端设备标识和明文发送的归属地网络的标识(home network identity,HNid),该第一终端设备标识为利用归属地网络的公钥加密的终端设备的标识。其中,归属地网络的标识用于寻址归属网络。应理解,明文发送是指不用公钥加密或者不用私钥签名的发送方式。
402,基站接收终端设备发送的第八消息,并根据第八消息中的归属地网络的标识向归属地网络的用户标识解密功能(subscription identifier de-concealing function,SIDF)发送认证请求消息,该认证请求消息中包括第一终端设备标识、该基站所在的服务网络的标识(servicing network identity,SNid)以及利用SN的私钥签名的HNid。
应理解,SIDF是部署在边缘云上的功能模块,用来对第一终端标识解密,并找到该终端设备的对应的DR。
403,SIDF接收基站发送的认证请求消息。首先,需要验证SN的合法性,防止接入虚假基站的终端设备与其进行交互。SIDF向DDB发送第九消息,该第九消息用于向DDB请求获取SN的公钥,该第九消息中可以包括SNid。
404,DDB接收SIDF发送的第九消息,并根据该第九消息向SIDF发送第九响应消息,该第九响应消息中包括SN的公钥。SIDF接收DDB发送的第九响应消息,从中获取SN的公钥,并通过SN的公钥对利用SN的私钥签名的HNid进行验证,若能正确验证获得HNid,则认为SN合法或认为该基站合法。应理解,只有SN的公钥才能验证SN的私钥,且合法的SN的公钥是经运营商在DDB注册过的。
405,SIDF接收到的基站发送的认证请求消息中包括第一终端设备标识,SIDF利用归属地网络的私钥对第一终端设备标识解密,获得终端设备的标识,以此来获知是哪个终端设备需要进行网络认证。
406,SIDF还需获知该终端设备与哪个DR进行认证,DMS中包括终端设备与DR的映射信息,因此,SIDF向DMS发送第十消息,向DMS查询该终端设备对应的DR,第十消息中包括该终端设备的标识。
407,DMS接收SIDF发送的第十消息,根据第十消息中的终端设备的标识查询该终端设备对应的DR,并向SIDF发送第十响应消息,该第十响应消息中包括该终端设备对应的DR的标识。
408,SIDF接收DMS发送的第十响应消息,从该第十响应消息中获取该终端设备对应的DR的标识,并根据该DR的标识向该DR发送第五消息,第五消息中包括该终端设备的标识,使DR与该终端设备进行后续的认证。
可选的,如图5所示,出示了另一种终端设备与DR的互相认证在初始阶段的示意性流程交互图。
501,终端设备向服务网络(servicing network,SN)中网络设备,例如基站,发送第八消息,该第八消息中包括第一终端设备标识、明文发送的归属地网络的标识(home network identity,HNid)以及DR的标识,该第一终端设备标识为利用归属地网络的公钥加密的终端设备的标识。其中,归属地网络的标识用于寻址归属网络。
应理解,终端设备(用户)与运营商签约后,运营商在归属地网络为终端设备分配DR,以及一个初始的DR的标识,并把该DR的标识和归属地网络的标识一起写入终端设备的用户全球识别(universal subscriber identity module,USIM)卡里,运营商还要将终端设备的标识与DR的标识在DMS中进行映射。
502,基站接收终端设备发送的第八消息,根据第八消息中的DR的标识向该DR发送第六消息,第六消息中包括所述第一终端设备标识。DR接收基站发送的第六消息。
可选的,第六消息中还包括利用SN的私钥签名的归属地网络的标识,则DR通过获取SN的公钥,对利用该SN的私钥签名的归属地网络的标识解密,以验证终端设备接入的基站(服务网络)的合法性。
503,DR向DDB发送第七消息,第七消息用于请求获取SN的公钥,第七消息中可以包括SNid。
504,DDB接收DR发送的第七消息,并根据第七消息中包括的SNid,向DR发送第七响应消息,该第七响应消息中包括利用归属地网络的私钥签名的SN的公钥。
DR接收DDB发送的第七响应消息,并利用归属地网络的公钥,对利用归属地网络的私钥签名的SN的公钥进行验证,获得该SN的公钥。
DR利用SN的公钥,对利用该SN的私钥签名的归属地网络的标识进行验证,若能正确验证获得归属地网络的标识HNid,则认为SN合法或认为该基站合法。应理解,只有SN的公钥才能验证SN的私钥,且合法的SN的公钥是经运营商在DDB注册过的。
505,DR接收到的基站发送的第六消息中包括第一终端设备标识,DR利用归属地网络的私钥,对第一终端设备标识解密,获得终端设备的标识,以此来获知是哪个终端设备需要与其进行认证。
如图6所示,出示了本申请实施例的一种通信装置600的示意性框图。该通信装置可以应用于图3至图5方法实施例中的DR中,也可以是实现图3至图5实施例中方法的部件,例如一种芯片。该通信装置600包括收发单元610和处理单元620。
收发单元610,用于向终端设备发送第一消息,所述第一消息中包括第一DR公钥,所述第一DR公钥是利用归属地网络的私钥签名的DR的公钥;
处理单元620,用于利用第二终端设备公钥对第一随机数加密,所述第一随机数是所述DR生成的,所述第二终端设备公钥是利用归属地网络的公钥验证后的所述终端设备的公钥;
所述收发单元610还用于,向所述终端设备发送第二消息,所述第二消息中包括利用所述第二终端设备公钥加密的第一随机数;
所述收发单元610还用于,接收所述终端设备发送的第二响应消息,所述第二响应消息中包括利用第二DR公钥加密的第一随机数,所述第二DR公钥是利用所述归属地网络的公钥对所述第一DR公钥验证后获得的所述DR的公钥;
所述处理单元620还用于,利用所述DR的私钥对所述加密的第一随机数解密,获得所述第一随机数。
可选的,所述第二响应消息中还包括利用所述第二DR公钥加密的第二随机数,所述第二随机数是所述终端设备生成的。
可选的,所述处理单元620还用于,利用所述DR的私钥对所述利用所述第二DR公 钥加密的第二随机数解密,获得所述第二随机数;利用所述第二终端设备公钥对所述第二随机数加密;
所述收发单元610还用于,向所述终端设备发送第三消息,所述第三消息中包括利用所述第二终端设备公钥加密的第二随机数。
可选的,在向终端设备发送第一消息之前,所述收发单元610还用于,向分布式数据库DDB发送第四消息,所述第四消息用于请求获取所述终端设备的公钥和所述DR的公钥,其中,所述第四消息中包括所述终端设备的标识和所述DR的标识;接收所述DDB发送的第四响应消息,所述第四响应消息中包括第一终端设备公钥和所述第一DR公钥,所述第一终端设备公钥是利用所述归属地网络的私钥签名的终端设备的公钥。
具体而言,可选的,所述处理单元620还用于,利用所述归属地网络的公钥对所述第一终端设备公钥进行验证,获得所述第二终端设备公钥。
可选的,在向分布式数据库DDB发送第四消息之前,所述收发单元610还用于,接收用户标识解密功能SIDF发送的第五消息,所述第五消息中包括所述终端设备的标识。
可选的,在向分布式数据库DDB发送第四消息之前,所述收发单元610还用于,接收网络设备发送的第六消息,所述第六消息中包括所述第一终端设备标识,其中,所述第一终端设备标识为利用所述归属地网络的公钥加密的终端设备的标识。
可选的,所述处理单元620还用于,利用所述归属地网络的私钥,对所述第一终端设备标识解密,获得所述终端设备的标识。
可选的,所述第六消息中还包括利用所述网络设备的私钥签名的归属地网络的标识;
所述处理单元620还用于,利用所述网络设备的公钥,对所述利用所述网络设备的私钥签名的归属地网络的标识解密,以验证所述网络设备合法。
可选的,在利用所述网络设备的公钥,对所述利用所述网络设备的私钥签名的归属地网络的标识解密之前,所述收发单元610还用于,向所述DDB发送第七消息,所述第七消息用于请求获取所述网络设备的公钥,所述第七消息中包括所述网络设备的标识;接收所述DDB发送的第七响应消息,所述第七响应消息中包括利用所述归属地网络的私钥签名的网络设备的公钥;
所述处理单元620还用于,利用所述归属地网络的公钥,对所述利用所述归属地网络的私钥签名的网络设备的公钥进行验证,获得所述网络设备的公钥。
如图7所示,出示了本申请实施例的一种通信装置900的示意性框图。该通信装置可可以应用于图3至图5方法实施例中的终端设备中,也可以是实现图3至图5实施例中方法的部件,例如一种芯片。该通信装置700包括收发单元710和处理单元720。
收发单元710,用于接收数字映射DR发送的第一消息,所述第一消息中包括第一DR公钥,所述第一DR公钥是利用归属地网络的私钥签名的所述DR的公钥;
所述收发单元710还用于,接收所述DR发送的第二消息,所述第二消息中包括利用第二终端设备公钥加密的第一随机数,所述第一随机数是所述DR生成的,所述第二终端设备公钥是利用归属地网络的公钥验证后的所述终端设备的公钥;
处理单元720,用于利用所述终端设备的私钥对所述利用第二终端设备公钥加密的第一随机数解密,获得所述第一随机数;
所述处理单元720还用于,根据所述第一DR公钥对所述第一随机数加密,获得加密 后的第一随机数;
所述收发单元710还用于,向所述DR发送第二响应消息,所述第二响应消息中包括所述加密后的第一随机数。
可选的,所述处理单元720具体用于:利用所述归属地网络的公钥验证所述第一DR公钥,以获得第二DR公钥,所述第二DR公钥是利用所述归属地网络的公钥验证后的所述DR的公钥;利用所述第二DR公钥对所述第一随机数加密。
可选的,在接收数字映射DR发送的第一消息之前,所述收发单元710还用于,向网络设备发送第八消息,所述第八消息中包括第一终端设备标识,其中,所述第一终端设备标识是利用所述归属地网络的公钥加密的终端设备的标识。
可选的,所述第八消息中还包括所述DR的标识。
可选的,所述处理单元720还用于,利用所述第二DR公钥对第二随机数加密,所述第二随机数是所述终端设备生成的;
所述收发单元710具体用于,向所述DR发送第二响应消息,所述第二响应消息中包括利用所述第二DR公钥加密的第一随机数和利用所述第二DR公钥加密的第二随机数。
可选的,所述收发单元710还用于,接收所述DR发送的第三消息,所述第三消息中包括利用所述第二终端设备公钥加密的第二随机数;
所述处理单元720还用于,利用所述终端设备的私钥,对所述利用所述第二终端设备公钥加密的第二随机数解密,获得所述第二随机数。
如图8所示,出示了本申请实施例的一种通信装置800的示意性框图。该通信装置包括处理器810和收发器820,所述收发器820用于接收计算机代码或指令,并传输至所述处理器810,所述处理器810运行所述计算机代码或指令,以实现本申请实施例中的方法。
本申请实施例提供了一种通信设备,包括存储器和处理器,存储器用于存储计算机程序,处理器用于执行存储器中存储的计算机程序,以使得所述通信设备执行本申请实施例中的方法。可选的,该通信设备可以是本申请实施例中的终端设备或数字映射DR。
上述的处理器可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法实施例的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器可以是通用处理器、数字信号处理器(digital signal processor,DSP)、专用集成电路(application specific integrated circuit,ASIC)、现成可编程门阵列(field programmable gate array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成上述方法的步骤。
上述的存储器可以是易失性存储器或非易失性存储器,或可包括易失性和非易失性存储器两者。其中,非易失性存储器可以是只读存储器(read-only memory,ROM)、可编程只读存储器(programmable ROM,PROM)、可擦除可编程只读存储器(erasable PROM,EPROM)、电可擦除可编程只读存储器(electrically EPROM,EEPROM)或闪存。易失 性存储器可以是随机存取存储器(random access memory,RAM),其用作外部高速缓存。通过示例性但不是限制性说明,许多形式的RAM可用,例如静态随机存取存储器(static RAM,SRAM)、动态随机存取存储器(dynamic RAM,DRAM)、同步动态随机存取存储器(synchronous DRAM,SDRAM)、双倍数据速率同步动态随机存取存储器(double data rate SDRAM,DDR SDRAM)、增强型同步动态随机存取存储器(enhanced SDRAM,ESDRAM)、同步连接动态随机存取存储器(synchlink DRAM,SLDRAM)和直接内存总线随机存取存储器(direct rambus RAM,DR RAM)。
应理解,上述存储器可以集成于处理器中,或者,上述处理器和存储器也可以集成在同一芯片上,也可以分别处于不同的芯片上并通过接口耦合的方式连接。本申请实施例对此不做限定。本申请实施例提供了一种通信芯片,包括处理器和通信接口,所述处理器用于读取指令以执行本申请实施例中的方法。
本申请实施例还提供了一种计算机可读存储介质,其上存储有用于实现上述方法实施例中的方法的计算机程序。当该计算机程序在计算机上运行时,使得该计算机可以实现上述方法实施例中的方法。
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。本领域技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。
本领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在本申请所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。
所述功能如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的 介质。
以上所述,仅为本申请的具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应以所述权利要求的保护范围为准。

Claims (21)

  1. 一种互相认证的方法,其特征在于,包括:
    数字映射DR向终端设备发送第一消息,所述第一消息中包括第一DR公钥,所述第一DR公钥是利用归属地网络的私钥签名的DR的公钥;
    所述DR利用第二终端设备公钥对第一随机数加密,所述第一随机数是所述DR生成的,所述第二终端设备公钥是利用归属地网络的公钥验证后的所述终端设备的公钥;
    所述DR向所述终端设备发送第二消息,所述第二消息中包括利用所述第二终端设备公钥加密的第一随机数;
    所述DR接收所述终端设备发送的第二响应消息,所述第二响应消息中包括利用第二DR公钥加密的第一随机数,所述第二DR公钥是利用所述归属地网络的公钥对所述第一DR公钥验证后获得的所述DR的公钥;
    所述DR利用所述DR的私钥对所述加密的第一随机数解密,获得所述第一随机数。
  2. 根据权利要求1所述的方法,其特征在于,所述第二响应消息中还包括利用所述第二DR公钥加密的第二随机数,所述第二随机数是所述终端设备生成的。
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:
    所述DR利用所述DR的私钥对所述利用所述第二DR公钥加密的第二随机数解密,获得所述第二随机数;
    所述DR利用所述第二终端设备公钥对所述第二随机数加密;
    所述DR向所述终端设备发送第三消息,所述第三消息中包括利用所述第二终端设备公钥加密的第二随机数。
  4. 根据权利要求1至3中任一项所述的方法,其特征在于,在所述数字映射DR向终端设备发送第一消息之前,所述方法还包括:
    所述DR向分布式数据库DDB发送第四消息,所述第四消息用于请求获取所述终端设备的公钥和所述DR的公钥,其中,所述第四消息中包括所述终端设备的标识和所述DR的标识;
    所述DR接收所述DDB发送的第四响应消息,所述第四响应消息中包括第一终端设备公钥和所述第一DR公钥,所述第一终端设备公钥是利用所述归属地网络的私钥签名的终端设备的公钥。
  5. 根据权利要求4所述的方法,其特征在于,所述DR接收所述DDB发送的第四响应消息,包括:
    所述DR利用所述归属地网络的公钥对所述第一终端设备公钥进行验证,获得所述第二终端设备公钥。
  6. 根据权利要求4或5所述的方法,其特征在于,在所述DR向分布式数据库DDB发送第四消息之前,所述方法还包括:
    所述DR接收用户标识解密功能SIDF发送的第五消息,所述第五消息中包括所述终端设备的标识。
  7. 根据权利要求4或5所述的方法,其特征在于,在所述DR向分布式数据库DDB 发送第四消息之前,所述方法还包括:
    所述DR接收网络设备发送的第六消息,所述第六消息中包括所述第一终端设备标识,其中,所述第一终端设备标识为利用所述归属地网络的公钥加密的终端设备的标识。
  8. 根据权利要求7所述的方法,其特征在于,所述DR接收网络设备发送的第六消息,包括:
    所述DR利用所述归属地网络的私钥,对所述第一终端设备标识解密,获得所述终端设备的标识。
  9. 根据权利要求7或8所述的方法,其特征在于,所述第六消息中还包括利用所述网络设备的私钥签名的归属地网络的标识;
    所述DR利用所述网络设备的公钥,对所述利用所述网络设备的私钥签名的归属地网络的标识解密,以验证所述网络设备合法。
  10. 根据权利要求9所述的方法,其特征在于,所述DR利用所述网络设备的公钥,对所述利用所述网络设备的私钥签名的归属地网络的标识解密之前,所述方法还包括:
    所述DR向所述DDB发送第七消息,所述第七消息用于请求获取所述网络设备的公钥,所述第七消息中包括所述网络设备的标识;
    所述DR接收所述DDB发送的第七响应消息,所述第七响应消息中包括利用所述归属地网络的私钥签名的网络设备的公钥;
    所述DR利用所述归属地网络的公钥,对所述利用所述归属地网络的私钥签名的网络设备的公钥进行验证,获得所述网络设备的公钥。
  11. 一种互相认证的方法,其特征在于,包括:
    终端设备接收数字映射DR发送的第一消息,所述第一消息中包括第一DR公钥,所述第一DR公钥是利用归属地网络的私钥签名的所述DR的公钥;
    所述终端设备接收所述DR发送的第二消息,所述第二消息中包括利用第二终端设备公钥加密的第一随机数,所述第一随机数是所述DR生成的,所述第二终端设备公钥是利用归属地网络的公钥验证后的所述终端设备的公钥;
    所述终端设备利用所述终端设备的私钥对所述利用第二终端设备公钥加密的第一随机数解密,获得所述第一随机数;
    所述终端设备根据所述第一DR公钥对所述第一随机数加密,获得加密后的第一随机数;
    所述终端设备向所述DR发送第二响应消息,所述第二响应消息中包括所述加密后的第一随机数。
  12. 根据权利要求11所述的方法,其特征在于,所述终端设备根据所述第一DR公钥对所述第一随机数加密,包括:
    所述终端设备利用所述归属地网络的公钥验证所述第一DR公钥,以获得第二DR公钥,所述第二DR公钥是利用所述归属地网络的公钥验证后的所述DR的公钥;
    所述终端设备利用所述第二DR公钥对所述第一随机数加密。
  13. 根据权利要求11或12所述的方法,其特征在于,在所述终端设备接收数字映射DR发送的第一消息之前,所述方法还包括:
    所述终端设备向网络设备发送第八消息,所述第八消息中包括第一终端设备标识,其 中,所述第一终端设备标识是利用所述归属地网络的公钥加密的终端设备的标识。
  14. 根据权利要求13所述的方法,其特征在于,所述第八消息中还包括所述DR的标识。
  15. 根据权利要求12至14中任一项所述的方法,其特征在于,所述终端设备向所述DR发送第二响应消息,包括:
    所述终端设备利用所述第二DR公钥对第二随机数加密,所述第二随机数是所述终端设备生成的;
    所述终端设备向所述DR发送第二响应消息,所述第二响应消息中包括利用所述第二DR公钥加密的第一随机数和利用所述第二DR公钥加密的第二随机数。
  16. 根据权利要求15所述的方法,其特征在于,所述方法还包括:
    所述终端设备接收所述DR发送的第三消息,所述第三消息中包括利用所述第二终端设备公钥加密的第二随机数;
    所述终端设备利用所述终端设备的私钥,对所述利用所述第二终端设备公钥加密的第二随机数解密,获得所述第二随机数。
  17. 一种通信装置,其特征在于,包括:处理器和存储器,所述存储器用于存储计算机代码或指令,所述处理器用于在运行所述计算机代码或指令时,使得如权利要求1至10中任一项所述的方法被执行。
  18. 一种通信装置,其特征在于,包括:处理器和存储器,所述存储器用于接收计算机代码或指令,所述处理器用于在运行所述计算机代码或指令时,使得如权利要求11至16中任一项所述的方法被执行。
  19. 根据权利要求15所述的方法,其特征在于,所述通信装置是芯片。
  20. 一种计算机可读存储介质,其特征在于,包括:
    所述计算机可读介质存储有计算机程序;
    所述计算机程序在计算机上运行时,使得计算机执行权利要求1至10中任一项所述的方法。
  21. 一种计算机可读存储介质,其特征在于,包括:
    所述计算机可读介质存储有计算机程序;
    所述计算机程序在计算机上运行时,使得计算机执行权利要求11至16中任一项所述的方法。
PCT/CN2021/112904 2020-09-14 2021-08-17 互相认证的方法和装置 WO2022052751A1 (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US18/181,871 US20230208656A1 (en) 2020-09-14 2023-03-10 Mutual authentication method and apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010960237.X 2020-09-14
CN202010960237.XA CN114189343A (zh) 2020-09-14 2020-09-14 互相认证的方法和装置

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/181,871 Continuation US20230208656A1 (en) 2020-09-14 2023-03-10 Mutual authentication method and apparatus

Publications (1)

Publication Number Publication Date
WO2022052751A1 true WO2022052751A1 (zh) 2022-03-17

Family

ID=80539639

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/112904 WO2022052751A1 (zh) 2020-09-14 2021-08-17 互相认证的方法和装置

Country Status (3)

Country Link
US (1) US20230208656A1 (zh)
CN (1) CN114189343A (zh)
WO (1) WO2022052751A1 (zh)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11588621B2 (en) * 2019-12-06 2023-02-21 International Business Machines Corporation Efficient private vertical federated learning
CN114710359B (zh) * 2022-04-15 2024-02-06 沈阳邦粹科技有限公司 工业网络动态密钥管理方法及工业网络加密通信方法
WO2024036644A1 (zh) * 2022-08-19 2024-02-22 华为技术有限公司 获取签名信息的方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101523800A (zh) * 2006-10-10 2009-09-02 高通股份有限公司 用于双向认证的方法和装置
CN101867923A (zh) * 2010-06-11 2010-10-20 西安电子科技大学 基于身份自证实的异构无线网络安全接入认证方法
CN106603485A (zh) * 2016-10-31 2017-04-26 美的智慧家居科技有限公司 密钥协商方法及装置
US20200068397A1 (en) * 2017-05-09 2020-02-27 Huawei International Pte. Ltd. Network authentication method, network device, terminal device, and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101523800A (zh) * 2006-10-10 2009-09-02 高通股份有限公司 用于双向认证的方法和装置
CN101867923A (zh) * 2010-06-11 2010-10-20 西安电子科技大学 基于身份自证实的异构无线网络安全接入认证方法
CN106603485A (zh) * 2016-10-31 2017-04-26 美的智慧家居科技有限公司 密钥协商方法及装置
US20200068397A1 (en) * 2017-05-09 2020-02-27 Huawei International Pte. Ltd. Network authentication method, network device, terminal device, and storage medium

Also Published As

Publication number Publication date
CN114189343A (zh) 2022-03-15
US20230208656A1 (en) 2023-06-29

Similar Documents

Publication Publication Date Title
WO2022052751A1 (zh) 互相认证的方法和装置
US10931644B2 (en) Methods, network nodes, mobile entity, computer programs and computer program products for protecting privacy of a mobile entity
US9768961B2 (en) Encrypted indentifiers in a wireless communication system
CN108293223B (zh) 一种数据传输方法、用户设备和网络侧设备
US9253178B2 (en) Method and apparatus for authenticating a communication device
EP2630816B1 (en) Authentication of access terminal identities in roaming networks
KR101438243B1 (ko) Sim 기반 인증방법
US8726019B2 (en) Context limited shared secret
WO2022057736A1 (zh) 授权方法及装置
EP3771244B1 (en) Authentication method, related equipment, and system
US20060089123A1 (en) Use of information on smartcards for authentication and encryption
US20060288204A1 (en) Methods and apparatus for providing integrity protection for management and control traffic of wireless communication networks
US20080317247A1 (en) Apparatus and Method for Processing Eap-Aka Authentication in the Non-Usim Terminal
CN112514436B (zh) 发起器和响应器之间的安全的、被认证的通信
EP2198582A2 (en) Virtual subscriber identity module
JPWO2004034645A1 (ja) Wlan相互接続における識別情報の保護方法
KR20050027015A (ko) 셀룰러 시스템과 연관된 보안값(들)에 기초하여 무선근거리 네트워크에 대한 액세스를 인증하는 방법
WO2018010150A1 (zh) 一种认证方法和认证系统
US20220182825A1 (en) Identity Authentication Method and Apparatus
WO2019214351A1 (zh) 消息处理方法及装置
KR102491403B1 (ko) 물리적 복제 불가능 기능 기반 가입자 식별 모듈 보안 강화 방법 및 그를 위한 장치 및 시스템
WO2009155807A1 (zh) 预认证的方法、认证系统和装置
US20120254615A1 (en) Using a dynamically-generated symmetric key to establish internet protocol security for communications between a mobile subscriber and a supporting wireless communications network
WO2020216047A1 (zh) 一种认证信息处理方法、终端和网络设备
US10834063B2 (en) Facilitating provisioning of an out-of-band pseudonym over a secure communication channel

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21865807

Country of ref document: EP

Kind code of ref document: A1