[go: up one dir, main page]

WO2018126783A1 - Procédé, dispositif et support de stockage informatique de transmission de clé - Google Patents

Procédé, dispositif et support de stockage informatique de transmission de clé Download PDF

Info

Publication number
WO2018126783A1
WO2018126783A1 PCT/CN2017/109806 CN2017109806W WO2018126783A1 WO 2018126783 A1 WO2018126783 A1 WO 2018126783A1 CN 2017109806 W CN2017109806 W CN 2017109806W WO 2018126783 A1 WO2018126783 A1 WO 2018126783A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
base station
station system
pubk
network element
Prior art date
Application number
PCT/CN2017/109806
Other languages
English (en)
Chinese (zh)
Inventor
谢振华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018126783A1 publication Critical patent/WO2018126783A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • the present invention relates to the field of communications, and in particular, to a key transmission method and apparatus for a mobile network, and a computer storage medium.
  • the 3rd Generation Partnership Project (3GPP) proposes a mobile network location area update scheme.
  • the terminal UE previously passes the next generation base station system 2 (such as the next generation base station node gNB, or enhanced).
  • the evolved base station node evolved eNB, etc.) performs some service, so that the authentication vector is cached in the next generation base station system 2.
  • the process of the location area update scheme includes the following steps:
  • Step 101 The terminal UE sends a location area update to the next generation base station system 1 at the current location, for example, sending a Tracking Area Update message;
  • Step 102 The next generation base station system 1 sends a combined location area update and access network authentication data request, such as sending, to a core network element (such as a mobility management function MMF, or a security anchor function SEAF, or a mobility management entity MME, etc.).
  • a core network element such as a mobility management function MMF, or a security anchor function SEAF, or a mobility management entity MME, etc.
  • the combined Tracking Area Update and AS Authentication Data Request messages carry the public key PubK of the next generation base station system 1;
  • Step 103 The core network element sends an access network authentication data request to the next-generation base station system 2, for example, sending an AS Authentication Data Request message, carrying the received PubK;
  • Step 104 The next generation base station system 2 caches the user's authentication vector, and the authentication vector is composed of four parts: a random number RAND, a network authentication parameter AUTN, an expected response XRES, and a key Knp; the next generation base station system 2 generates an encryption key.
  • Ks Key Ks, and use it to encrypt Knp in the authentication vector to prevent Knp from being leaked out during transmission, and then use PubK to encrypt Ks to get E PubK (Ks) for the receiver to decrypt the key in the authentication vector and prevent Ks
  • the authentication vector is leaked out during the transmission;
  • the modified authentication vector is the authentication vector 1, and the next-generation base station system 2 sends an access network authentication data response to the core network element, such as sending an AS Authentication Data Response message carrying the authentication vectors 1 and E. PubK (Ks);
  • Step 105 The core network element sends a combined user authentication request and an access network authentication data response to the next generation base station system 1, for example, sending a combined User Authentication Request and an AS Authentication Data Response message, carrying the authentication vector 1, the authentication parameter 2, and E PubK (Ks), where the authentication parameter 2 comes from part of the information in the authentication vector used by the core network, such as RAND and AUTN;
  • Step 106 The next-generation base station system 1 decrypts E PubK (Ks) using its own private key corresponding to the public key PubK, obtains Ks, and decrypts the Ks-encrypted key in the received authentication vector 1 using Ks to obtain Knp. ;
  • Step 107 The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
  • Step 108 The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and
  • the first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
  • Step 109 The next generation base station system 1 uses RES1 and the authentication vector used by the access network.
  • the XRES is compared to verify the terminal, and the authentication is sent to the core network element to send a user authentication response, such as sending a User Authentication Response message, carrying the authentication information 2, that is, RES2;
  • Step 110 The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message.
  • the core network element can modify any field content in the signaling information, so that the information received by the receiver is not actually sent by the sender.
  • the information if it changes PubK to its own public key, the next-generation base station system 2 will use the modified public key to encrypt Ks.
  • the core network element After receiving the authentication data response, the core network element can decrypt the Ks using its own private key.
  • Ks can be used to decrypt the keys in the authentication vector, causing these keys to be compromised, thereby affecting security.
  • This type of attack is a man-in-the-middle attack.
  • all the steps in the corresponding process are serial, resulting in low signaling efficiency and affecting service response time.
  • an embodiment of the present invention provides a key transmission method and apparatus, and a computer storage medium.
  • the embodiment of the invention provides a key transmission method, and the method includes:
  • the core network element receives the public key PubK from the second base station system
  • the core network element receives the second content information IE2 from the first base station system, and forwards the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
  • the method further includes:
  • a first check code MAC from the first base station system
  • the second base station system forwards the MAC, and the MAC is generated by the first base station system by using the ciphertext key and the PubK.
  • the embodiment of the invention further provides a key transmission method, the method comprising:
  • the first base station system receives the ciphertext key, the first content information IE1, and the public key PubK sent by the core network element, and the IE1 is generated based on the encrypted key in the ciphertext key;
  • the first base station system sends the IE2 to the core network element, and the IE2 is generated based on the IE1.
  • the method for generating the IE2 includes:
  • the F1 is encrypted using the PubK to obtain the IE2.
  • the method further includes:
  • the first base station system sends a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  • the method for generating the MAC includes:
  • the signature of the PubK is calculated using the Ks to obtain the MAC.
  • the embodiment of the invention further provides a key transmission method, the method comprising:
  • the second base station system sends the public key PubK to the core network element
  • the second base station system receives the second content information IE2 sent by the core network element, and the IE2 is used to generate a key with the private key of the second base station system.
  • the method further includes:
  • the second base station system receives a first check code MAC sent by the core network element, and the MAC is used for verification.
  • the verification includes:
  • the verification includes:
  • the embodiment of the present invention further provides a key transmission apparatus, which is applied to a core network element, where the apparatus includes: a receiving unit and a sending unit;
  • the receiving unit is configured to receive a public key PubK from the second base station system
  • the sending unit is configured to send a ciphertext key, a first content information IE1, and the PubK to the first base station system, where the IE1 is generated based on the encrypted key in the ciphertext key;
  • the receiving unit is further configured to receive second content information IE2 from the first base station system;
  • the sending unit is further configured to forward the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
  • the receiving unit is further configured to receive a first check code MAC from the first base station system
  • the sending unit is further configured to forward the MAC to the second base station system, where the MAC is generated by the first base station system by using the ciphertext key and the PubK.
  • the embodiment of the present invention further provides a key transmission apparatus, which is applied to a first base station system, where the apparatus includes: a receiving unit and a sending unit;
  • the receiving unit is configured to receive a ciphertext key, a first content information IE1, and a public key PubK sent by the core network element, where the IE1 is generated based on the encrypted key in the ciphertext key;
  • the sending unit is configured to send the IE2 to the core network element, where the IE2 is based on The IE1 is generated.
  • the apparatus further includes: a processing unit configured to decrypt the IE1 by using a private key of the first base station system to obtain F1; and encrypt the F1 by using the PubK to obtain the IE2.
  • the sending unit is further configured to send a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  • the device further includes:
  • a processing unit configured to decrypt the ciphertext key using the private key of the first base station system to obtain Ks; use the Ks to encrypt the PubK to obtain the MAC; or use the Ks to calculate a signature of the PubK Get the MAC.
  • the embodiment of the present invention further provides a key transmission apparatus, which is applied to a second base station system, where the apparatus includes: a sending unit and a receiving unit;
  • the sending unit is configured to send a public key PubK to a core network element
  • the receiving unit is configured to receive the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with a private key of the second base station system.
  • the receiving unit is further configured to receive a first check code MAC sent by the core network element, where the MAC is used for verification.
  • the device further includes:
  • a verification unit configured to encrypt the PubK using the key, or calculate a signature of the PubK using the key to obtain a second check code XMAC; compare the MAC with the XMAC.
  • the device further includes:
  • a verification unit configured to decrypt the MAC using the key to obtain a desired public key; compare the PubK with the expected public key.
  • the embodiment of the invention further provides a computer storage medium, the computer storage medium is stored There is a computer program configured to perform the above key transfer method.
  • the core network element receives the public key PubK from the second base station system; the core network element sends the ciphertext key, the first content information IE1, and the PubK to the first base station system.
  • the IE1 is generated based on the encrypted key in the ciphertext key; the core network element receives the second content information IE2 from the first base station system, and forwards the location to the second base station system IE2, the IE2 is generated by the first base station system by using the IE1.
  • the first base station system receives the ciphertext key, the first content information IE1, and the public key PubK sent by the core network element, and the IE1 is generated based on the encrypted key in the ciphertext key; the first base station system Sending the IE2 to the core network element, and the IE2 is generated based on the IE1.
  • the second base station system sends a public key PubK to the core network element; the second base station system receives the second content information IE2 sent by the core network element, and the IE2 is used for the private key of the second base station system. Generate a key.
  • the signaling process is adjusted, and the signaling transmission efficiency is improved; and another aspect can identify whether a man-in-the-middle attack occurs, thereby making a corresponding decision, such as when a man-in-the-middle attack occurs.
  • the network notifies the terminal that a man-in-the-middle attack occurs, and the terminal decides whether to continue, or whether the network decides whether to continue according to the security level, thereby ensuring the security of the network.
  • FIG. 1 is a schematic flow chart of a key transmission method in the prior art
  • FIG. 2 is a schematic flowchart 1 of a key transmission method according to an embodiment of the present invention.
  • FIG. 3 is a second schematic flowchart of a key transmission method according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart 3 of a key transmission method according to an embodiment of the present invention.
  • FIG. 5 is a schematic flowchart 4 of a key transmission method according to an embodiment of the present invention.
  • FIG. 6 is a schematic flowchart 5 of a key transmission method according to an embodiment of the present invention.
  • FIG. 7 is a first schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • FIG. 8 is a second schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • FIG. 9 is a third schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • the technical solution of the embodiment of the present invention includes two aspects, one is to adjust the signaling flow, and improve the transmission efficiency of the signaling; the other is to identify whether a man-in-the-middle attack occurs, and accordingly, a corresponding decision is made, for example, a man-in-the-middle attack occurs.
  • the network notifies the terminal that a man-in-the-middle attack has occurred, and the terminal decides whether to continue, or the network decides whether to continue according to the security level.
  • FIG. 2 is a schematic flowchart 1 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 2, the process includes:
  • Step 201 The core network element receives the public key PubK from the second base station system.
  • Step 202 The core network element sends a ciphertext key, a first content information IE1, and the PubK to the first base station system, and the IE1 is generated based on the encrypted key in the ciphertext key.
  • Step 203 The core network element receives the second content information IE2 from the first base station system, and forwards the IE2 to the second base station system, where the IE2 uses the IE1 is generated.
  • the method further includes:
  • FIG. 3 is a schematic flowchart 2 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 3, the process includes:
  • Step 301 The first base station system receives the ciphertext key and the first content message sent by the core network element.
  • the IE1 and the public key PubK, the IE1 is generated based on the encrypted key in the ciphertext key.
  • Step 302 The first base station system sends the IE2 to the core network element, and the IE2 is generated based on the IE1.
  • the method for generating the IE2 includes:
  • the F1 is encrypted using the PubK to obtain the IE2.
  • the method further includes:
  • the first base station system sends a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  • the method for generating the MAC includes:
  • the signature of the PubK is calculated using the Ks to obtain the MAC.
  • FIG. 4 is a schematic flowchart 3 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 4, the process includes:
  • Step 401 The second base station system sends the public key PubK to the core network element.
  • Step 402 The second base station system receives the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with the private key of the second base station system.
  • the method further includes:
  • the second base station system receives a first check code MAC sent by the core network element, and the MAC is used for verification.
  • the verifying includes:
  • the verifying comprises:
  • FIG. 5 is a schematic flowchart diagram 4 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 5, the process includes:
  • Step 501 When the terminal UE performs the service through the next-generation base station system 2, the authentication vector-issued network element sends the authentication vector to the next-generation base station system 2 through the core network element, where Knp is encrypted and the encryption key is Ks. Calculate F1(Ks), and use the public key PubK of the next-generation base station system 2 to encrypt F1(Ks) to obtain E PubK (F1(Ks)), in order to avoid leakage of Ks during transmission, which ultimately leads to Knp. Leak, the authentication vector can also include E PubK (Ks), the core network element caches the authentication vector and E PubK (F1(Ks)) in this process, and can also cache E PubK (Ks);
  • the method for generating the F1 (Ks) in the above steps may be that the system sends the network element configuration sharing information to all the next-generation base station systems and the authentication vector in advance, and the authentication vector sends the network element to generate the key encryption Ks using the shared information to obtain F1 ( Ks), so that the next-generation base station system can decrypt F1 (Ks); or the authentication vector-issued network element can use its own private key to encrypt Ks, and only the next-generation base station system can obtain the public key of the authentication vector-issued network element, thereby The public key can be used to decrypt F1(Ks);
  • Step 502 the next-generation base station system 2 encrypts the Ks with the public key PubK of the next-generation base station system 2 to obtain E PubK (Ks) at a certain time during the service execution, and then sends the E PubK (Ks) to the core network element.
  • the network access key is updated, for example, the AS Key Update message is sent, the E PubK (Ks) is carried, and the core network element cache is E PubK (Ks).
  • the next generation base station system 2 No more information related to the user is cached;
  • Step 503 The terminal UE sends a location area update to the next generation base station system 1 at the current location. For example, sending a Tracking Area Update message, or sending a service request, such as sending a Service Request message;
  • Step 504 The next generation base station system 1 sends the merged location area update and the access network authentication data request to the core network element, for example, sending the combined Tracking Area Update and AS Authentication Data Request messages, or sending the merged service request and access.
  • the network authentication data request for example, sending the combined Service Request and AS Authentication Data Request messages, carrying the public key PubK-B of the next generation base station system 1;
  • Step 505 The core network element sends a combined user authentication request and an access network authentication data response to the next generation base station system 1, for example, sending a combined User Authentication Request and an AS Authentication Data Response message, carrying the authentication vector 1 and the authentication parameter 2,
  • the authentication parameter 2 is derived from part of the information in the authentication vector used by the core network, such as RAND and AUTN;
  • Step 506 The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
  • Step 507 The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and
  • the first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
  • steps 508-511 occur after step 504, and the execution is not related to steps 505-507 and steps 512-513:
  • Step 508 The core network element sends an access network key request to the next generation base station system 2, for example, sends an AS Key Request message, carries the cached E PubK (Ks), E PubK (F1 (Ks)), and the received PubK. -B;
  • Step 509 The next generation base station system 2 decrypts Ks and F1 (Ks) with the private key corresponding to PubK, Optionally, calculate the check code MAC by using Ks and PubK-B, for example, encrypting PubK-B with Ks, or calculating the signature of PubK-B with Ks; and also obtaining F2 (Ks) by using PubK-B to encrypt F1 (Ks), And then sending an access network key response to the core network element, for example, sending an AS Key Response message, carrying F2 (Ks), and carrying the MAC;
  • Step 510 The core network element sends an access network key update to the next-generation base station system 1, for example, sending an AS Key Update message, carrying the received F2 (Ks), and carrying the received MAC;
  • Step 511 The next-generation base station system 1 decrypts F2 (Ks) with the private key corresponding to PubK-B to obtain F1 (Ks), and then calculates Ks from F1 (Ks). If MAC is received, Ks and PubK are used.
  • -B calculates the expected check code XMAC, such as encrypting PubK-B with Ks, or calculating the signature of PubK-B with Ks, then comparing the XMAC with the received MAC, or decrypting the MAC with Ks to get the expected public key, and compare PubK -B and the expected public key; if the comparison is the same, it can be identified that no man-in-the-middle attacks have occurred, otherwise a man-in-the-middle attack can be identified;
  • Step 512 After receiving the message of step 407, the next-generation base station system 1 uses RES1 to compare with the XRES in the authentication vector used by the access network to verify the terminal, and sends a user authentication response to the core network element, for example, sending the user.
  • Authentication Response message carrying the authentication information 2, that is, RES2;
  • Step 513 The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message, or send service establishment, such as sending an Initial UE Context message;
  • Step 514 The next generation base station system 1 forwards the location area update accept to the terminal UE, or sends a bearer setup, such as sending an RRC Connection Reconfiguration message.
  • FIG. 6 is a schematic flowchart 5 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 6, the process includes:
  • Step 601 When the terminal UE performs the service through the next-generation base station system 2, the authentication vector-issued network element sends the authentication vector to the next-generation base station system 2 through the core network element, where Knp is replaced by E PubK (F1(Knp) ), that is, using the public key PubK encryption F1 (Knp) of the next-generation base station system 2, in order to avoid leakage of Knp during transmission, thereby eventually causing Knp leakage, and the authentication vector may also include E PubK (Knp)
  • the core network element caches the authentication vector and E PubK (F1(Knp)) in this process, and can also cache E PubK (Knp);
  • the F1 (Knp) generation method in the above steps may be that the system sends the network element configuration sharing information to all the next-generation base station systems and the authentication vector in advance, and the authentication vector is sent by the network element to generate the key encryption Knp using the shared information to obtain F1 ( Knp), so that the next-generation base station system can decrypt F1 (Knp); or the authentication vector-issued network element can use its own private key to encrypt Knp, and only the next-generation base station system can obtain the public key of the authentication vector-issued network element, thereby The public key can be used to decrypt F1(Knp);
  • Step 602 the next-generation base station system 2 encrypts the Knp with the public key PubK of the next-generation base station system 2 to obtain E PubK (Knp) at a certain time during the execution of the service, and then sends the connection to the core network element.
  • Incoming network key update such as sending an AS Key Update message, carrying E PubK (Knp), core network element cache E PubK (Knp), when the terminal UE is no longer connected to the next generation base station system 2, the next generation base station system 2 No more information related to the user is cached;
  • Step 603 The terminal UE sends a location area update to the next-generation base station system 1 at the current location, for example, sending a Tracking Area Update message, or sending a service request, such as sending a Service Request message;
  • Step 604 The next generation base station system 1 sends the merged location area update and the access network authentication data request to the core network element, for example, sending the combined Tracking Area Update and AS Authentication Data Request messages, or sending the merged service request and access.
  • the network authentication data request for example, sending the combined Service Request and AS Authentication Data Request messages, carrying the public key PubK-B of the next generation base station system 1;
  • Step 605 The core network element sends a combined user authentication request to the next generation base station system 1 and
  • the access network authentication data response such as sending the combined User Authentication Request and AS Authentication Data Response messages, carries the authentication vector 1 and the authentication parameter 2, wherein the authentication parameter 2 comes from part of the information in the authentication vector used by the core network, such as RAND and AUTN. ;
  • Step 606 The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
  • Step 607 The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and
  • the first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
  • steps 608-611 occur after step 604, and the execution is not related to steps 605-607 and steps 612-613:
  • Step 608 The core network element sends an access network key request to the next generation base station system 2, for example, sends an AS Key Request message, carries the cached E PubK (Knp), E PubK (F1 (Knp)), and the received PubK. -B;
  • Step 609 The next-generation base station system 2 decrypts Knp and F1 (Knp) by using the private key corresponding to PubK.
  • the check code MAC is calculated by using Knp and PubK-B, for example, encrypting PubK-B with Knp, or using Knp calculates the signature of PubK-B; also uses Fub (Knp) to obtain F2 (Knp) with PubK-B, and then sends an access network key response to the core network element, such as sending an AS Key Response message carrying F2 (Knp) , can also carry MAC;
  • Step 610 The core network element sends an access network key update to the next-generation base station system 1, for example, sending an AS Key Update message, carrying the received F2 (Knp), and carrying the received MAC;
  • Step 611 The next-generation base station system 1 decrypts F2 (Knp) with the private key corresponding to PubK-B to obtain F1 (Knp), and then calculates Knp from F1 (Knp). If MAC is received, Knp and Knp are used.
  • PubK-B calculates the expected check code XMAC, such as encrypting PubK-B with Knp, or calculating the signature of PubK-B with Knp, then comparing the XMAC with the received MAC, or decrypting the MAC with Knp to get the expected public key, and compare PubK-B and the expected public key; if they are the same, it can be identified that no man-in-the-middle attacks have occurred, otherwise a man-in-the-middle attack can be identified;
  • Step 612 After receiving the message of step 607, the next-generation base station system 1 uses RES1 to compare with the XRES in the authentication vector used by the access network to verify the terminal, and sends a user authentication response to the core network element, for example, sending the user.
  • Authentication Response message carrying the authentication information 2, that is, RES2;
  • Step 613 The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message, or send service establishment, such as sending an Initial UE Context message;
  • Step 614 The next generation base station system 1 forwards the location area update accept to the terminal UE, or sends a bearer setup, such as sending an RRC Connection Reconfiguration message.
  • FIG. 7 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • the key transmission apparatus in this example is applied to a core network element.
  • the apparatus includes: a receiving unit 71, and a sending unit. 72; among them,
  • the receiving unit 71 is configured to receive a public key PubK from the second base station system
  • the sending unit 72 is configured to send, to the first base station system, a ciphertext key, a first content information IE1, and the PubK, where the IE1 is generated based on the encrypted key in the ciphertext key;
  • the receiving unit 71 is further configured to receive second content information IE2 from the first base station system;
  • the sending unit 72 is further configured to forward the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
  • the receiving unit 71 is further configured to receive the first base station.
  • the sending unit 72 is further configured to forward the MAC to the second base station system, where the MAC is generated by the first base station system by using the ciphertext key and the PubK.
  • the implementation functions of the units in the key transmission apparatus shown in FIG. 7 can be understood by referring to the related description of the foregoing key transmission method.
  • the functions of the units in the key transmission apparatus shown in FIG. 7 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
  • each unit in the key transmission device may be implemented by a central processing unit (CPU) located in the key transmission device, or a microprocessor (MPU, Micro Processor Unit). ), or a digital signal processor (DSP, Digital Signal Processor), or Field Programmable Gate Array (FPGA).
  • CPU central processing unit
  • MPU Micro Processor Unit
  • DSP Digital Signal Processor
  • FPGA Field Programmable Gate Array
  • FIG. 8 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • the key transmission apparatus in this example is applied to a first base station system.
  • the apparatus includes: a receiving unit 81, and a sending unit. 82; among them,
  • the receiving unit 81 is configured to receive a ciphertext key, a first content information IE1, and a public key PubK sent by the core network element, where the IE1 is generated based on the encrypted key in the ciphertext key;
  • the sending unit 82 is configured to send the IE2 to the core network element, and the IE2 is generated based on the IE1.
  • the device further includes: a processing unit 83, configured to decrypt the IE1 by using a private key of the first base station system to obtain F1; and use the PubK to encrypt the F1 to obtain the IE2.
  • a processing unit 83 configured to decrypt the IE1 by using a private key of the first base station system to obtain F1; and use the PubK to encrypt the F1 to obtain the IE2.
  • the sending unit 82 is further configured to send a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  • the device further includes:
  • the processing unit 83 is configured to decrypt the ciphertext key using the private key of the first base station system to obtain Ks; use the Ks to encrypt the PubK to obtain the MAC; or use the Ks to calculate the PubK The signature gets the MAC.
  • the implementation functions of the units in the key transmission apparatus shown in FIG. 8 can be understood by referring to the related description of the foregoing key transmission method.
  • the functions of the units in the key transmission device shown in FIG. 8 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
  • the functions implemented by the various units in the key transmission device can be implemented by a CPU, an MPU, or a DSP, or an FPGA or the like located in the key transmission device.
  • FIG. 9 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • the key transmission apparatus in this example is applied to a second base station system.
  • the apparatus includes: a sending unit 91 and a receiving unit. 92; among them,
  • the sending unit 91 is configured to send a public key PubK to a core network element
  • the receiving unit 92 is configured to receive the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with a private key of the second base station system.
  • the receiving unit 92 is further configured to receive a first check code MAC sent by the core network element, where the MAC is used for verification.
  • the device further includes:
  • the verification unit 93 is configured to encrypt the PubK by using the key, or calculate the signature of the PubK using the key to obtain a second check code XMAC; compare the MAC with the XMAC.
  • the device further includes:
  • the verification unit 93 is configured to decrypt the MAC using the key to obtain a desired public key; compare the PubK with the expected public key.
  • each unit in the key transmission device shown in FIG. 9 The function can be understood by referring to the related description of the aforementioned key transmission method.
  • the functions of the units in the key transmission device shown in FIG. 9 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
  • the functions implemented by the various units in the key transmission device can be implemented by a CPU, an MPU, or a DSP, or an FPGA or the like located in the key transmission device.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. Instructions are provided for implementation The steps of a function specified in a block or blocks of a flow or a flow and/or a block diagram of a flow chart.
  • an embodiment of the present invention further provides a computer storage medium, wherein a computer program is configured, and the computer program is configured to execute a key transmission method according to an embodiment of the present invention.
  • the signaling process is adjusted to improve the transmission efficiency of signaling; and another aspect can identify whether a man-in-the-middle attack occurs, thereby making a corresponding decision, such as when a man-in-the-middle attack occurs.
  • the network notifies the terminal that a man-in-the-middle attack occurs, and the terminal decides whether to continue, or whether the network decides whether to continue according to the security level, thereby ensuring the security of the network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention porte sur un procédé, un dispositif et un support de stockage informatique de transmission de clé. Le procédé comprend les étapes suivantes : un élément de réseau central reçoit une clé publique (PubK) à partir d'un second système de station de base ; l'élément de réseau central transmet une clé de chiffrement, des premières informations de contenu (IE1) et la PubK à un premier système de station de base, les IE1 étant générées sur la base d'une clé chiffrée dans la clé de chiffrement ; et l'élément de réseau central reçoit des secondes informations de contenu (IE2) à partir du premier système de station de base et transmet les IE2 au second système de station de base, les IE2 étant générées par le premier système de station de base à l'aide des IE1. Le procédé comprend en outre les étapes suivantes : le premier système de station de base reçoit la clé de chiffrement, les IE1 et la PubK transmis par l'élément de réseau central, les IE2 étant générées sur la base de la clé chiffrée dans la clé de chiffrement ; et le premier système de station de base transmet les IE2 à l'élément de réseau central, les IE2 étant générées sur la base des IE1. Le procédé comprend en outre les étapes suivantes : le second système de station de base transmet la PubK à l'élément de réseau central ; et le second système de station de base reçoit les IE2 transmises par l'élément de réseau central, les IE2 étant configurées pour générer une clé avec une clé privée du second système de station de base.
PCT/CN2017/109806 2017-01-03 2017-11-07 Procédé, dispositif et support de stockage informatique de transmission de clé WO2018126783A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710003062.1 2017-01-03
CN201710003062.1A CN108270560B (zh) 2017-01-03 2017-01-03 一种密钥传输方法及装置

Publications (1)

Publication Number Publication Date
WO2018126783A1 true WO2018126783A1 (fr) 2018-07-12

Family

ID=62770741

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/109806 WO2018126783A1 (fr) 2017-01-03 2017-11-07 Procédé, dispositif et support de stockage informatique de transmission de clé

Country Status (2)

Country Link
CN (1) CN108270560B (fr)
WO (1) WO2018126783A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104727B (zh) * 2018-08-08 2021-05-04 兴唐通信科技有限公司 一种基于eap-aka’的核心网网元间鉴权流程安全性增强方法
CN113132924B (zh) * 2021-04-19 2022-01-21 北京达源环保科技有限公司 用于高部署密度的污泥厌氧消化监测终端的信息传输方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101232731A (zh) * 2008-02-04 2008-07-30 中兴通讯股份有限公司 用于ue从utran切换到eutran的密钥生成方法和系统
CN101257723A (zh) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 密钥生成方法、装置及系统
US20160261565A1 (en) * 2015-03-06 2016-09-08 Qualcomm Incorporated Apparatus and method for providing a public key for authenticating an integrated circuit

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101309503A (zh) * 2007-05-17 2008-11-19 华为技术有限公司 无线切换方法、基站及终端
US20090209259A1 (en) * 2008-02-15 2009-08-20 Alec Brusilovsky System and method for performing handovers, or key management while performing handovers in a wireless communication system
CN101640887B (zh) * 2008-07-29 2012-10-03 上海华为技术有限公司 鉴权方法、通信装置和通信系统
CN102395120B (zh) * 2008-09-27 2014-07-09 华为技术有限公司 移动性管理方法、相关设备及通信系统
WO2010133036A1 (fr) * 2009-05-22 2010-11-25 华为技术有限公司 Procédé de communication, dispositif et système de communication entre des stations de base
CN102244862A (zh) * 2010-05-10 2011-11-16 北京三星通信技术研究有限公司 一种获取安全密钥的方法
CN104955039B (zh) * 2014-03-27 2019-10-25 西安西电捷通无线网络通信股份有限公司 一种网络鉴权认证的方法及设备
KR20170021876A (ko) * 2014-06-26 2017-02-28 노키아 솔루션스 앤드 네트웍스 오와이 코어 네트워크와 무선 노드 인증의 오프로딩

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101232731A (zh) * 2008-02-04 2008-07-30 中兴通讯股份有限公司 用于ue从utran切换到eutran的密钥生成方法和系统
CN101257723A (zh) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 密钥生成方法、装置及系统
US20160261565A1 (en) * 2015-03-06 2016-09-08 Qualcomm Incorporated Apparatus and method for providing a public key for authenticating an integrated circuit

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZTE: "Solution for independent RAN keys", 3GPP TSG SA WG3 (SECURITY) MEETING #85 S3-161608, 11 November 2016 (2016-11-11), XP051185703 *

Also Published As

Publication number Publication date
CN108270560A (zh) 2018-07-10
CN108270560B (zh) 2023-06-09

Similar Documents

Publication Publication Date Title
JP5678138B2 (ja) ダイレクトリンク通信のための拡張されたセキュリティ
JP5597676B2 (ja) 鍵マテリアルの交換
EP3051744B1 (fr) Procédé et appareil de configuration de clé
KR102112542B1 (ko) 디피 헬먼(Diffie-Hellman) 절차를 이용한 세션 키 생성 방법 및 시스템
CN107809411A (zh) 移动网络的认证方法、终端设备、服务器和网络认证实体
JP2011139457A (ja) 無線通信装置とサーバとの間でデータを安全にトランザクション処理する方法及びシステム
CN108112012A (zh) 一种群组终端的网络认证方法及装置
CN110087240B (zh) 基于wpa2-psk模式的无线网络安全数据传输方法及系统
US11863977B2 (en) Key generation method, device, and system
WO2015144041A1 (fr) Procédé et dispositif d'authentification réseau
CN116782211B (zh) 切换密钥的确定方法、切换方法及装置
WO2021103772A1 (fr) Procédé et appareil de transmission de données
CN112118568A (zh) 一种设备身份鉴权的方法及设备
CN116321158B (zh) 基于证书的本地ue认证
CN104010310B (zh) 基于物理层安全的异构网络统一认证方法
WO2018126791A1 (fr) Procédé et dispositif d'authentification, et support de stockage informatique
WO2018126783A1 (fr) Procédé, dispositif et support de stockage informatique de transmission de clé
Singh et al. Elliptic curve cryptography based mechanism for secure Wi-Fi connectivity
CN107529159B (zh) 宽带集群下行共享信道的接入层加密、解密、完整性保护方法和装置、安全实现方法
US12207084B2 (en) Wireless device and network node for verification of a device as well as corresponding methods in a wireless communication system
Farhat et al. Private identification, authentication and key agreement protocol with security mode setup
CN1964259B (zh) 一种切换过程中的密钥管理方法
WO2020173451A1 (fr) Procédé, dispositif et support de stockage pour mise en œuvre de sécurité par anticipation
Southern et al. Wireless security: securing mobile UMTS communications from interoperation of GSM
Yan et al. An efficient anonymous group handover authentication protocol for MTC devices for 5G networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17889598

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17889598

Country of ref document: EP

Kind code of ref document: A1