CN101945386B - A kind of method and system realizing safe key synchronous binding - Google Patents
A kind of method and system realizing safe key synchronous binding Download PDFInfo
- Publication number
- CN101945386B CN101945386B CN201010282470.3A CN201010282470A CN101945386B CN 101945386 B CN101945386 B CN 101945386B CN 201010282470 A CN201010282470 A CN 201010282470A CN 101945386 B CN101945386 B CN 101945386B
- Authority
- CN
- China
- Prior art keywords
- key
- safe key
- binding
- mme
- safe
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of method and system realizing safe key synchronous binding, be included in RN by after user authentication, MME notifies that RN carries out safe key binding; And after RN has notice, carry out the safe key binding process identical with network side, obtain the safe key with apparatus bound, and respond MME.By the inventive method, obtained by safe key binding process with the safe key of apparatus bound, or other key utilizing the safe key of this and apparatus bound to derive from, protects the communication data safety between RN and network side.And by the safe key of this and apparatus bound, achieve the binding of RN user authentication and equipment, and ensure that to be now the legal RN having legal usim card certainly with the RN of network-side communication, like this, rogue attacks person cannot crack communication data.
Description
Technical field
The present invention relates to the secure authentication technology in LTE network, espespecially a kind of method and system realizing safe key synchronous binding.
Background technology
Fig. 1 is Long Term Evolution (LTE, LongTermEvolution) the composition structural representation of network, as shown in Figure 1, LTE network is by evolution Universal Terrestrial Radio Access Network (E-UTRAN, and evolution packet switching center (EPC EvolvedUniversalTerrestrialRadioAccessNetwork), EvolvedPacketCore) form, network presents flattening.EUTRAN is connected with EPC by S1 interface.
Wherein, EUTRAN is made up of multiple interconnective evolution base station (eNB, EvolvedNodeB), is connected between each eNB by X2 interface; EPC is made up of Mobility Management Entity (MME, MobilityManagementEntity) and service gateway entity (S-GW, ServingGateway).In addition, a Home Environment (HE is also had in LTE network framework, HomeEnvironment), i.e. home subscriber server (HSS, or attaching position register (HLR HomeSubscriberServer), HomeLocationRegister), as customer data base.Comprise user profile in HE, perform authentication and the mandate of user, and the information etc. of associated subscriber physical location can be provided.
In order to meet the demand of growing large bandwidth high-speed mobile access, third generation partnership project (3GPP, ThirdGenerationPartnershipProjects) senior Long Term Evolution (LTE-Advanced, Long-TermEvolutionadvance) standard is released.LTE-Advanced remains the core of LTE for the evolution of LTE system, adopts a series of technology to expand frequency domain, spatial domain on this basis, improves the availability of frequency spectrum, increases the objects such as power system capacity to reach.Namely wireless relay (Relay) technology is one of technology in LTE-Advanced, be intended to the coverage of Extended Cell, reduce the area, dead angle in communication, balanced load, the business of transfer hot zones, save subscriber equipment (UE, UserEquipment) the i.e. transmitting power of terminal.Fig. 2 is the network composition schematic diagram after increasing via node (RN, Relay-Node) in existing network framework, as shown in Figure 2, uses wireless connections between this newly-increased RN and alms giver's evolution base station (Donor-eNB).Wherein, the interface between Donor-eNB and RN is called Un mouth, and wireless link is between the two called back haul link (backhaullink); Interface between RN and UE is called Uu mouth, and wireless link is therebetween called access link (accesslink).Downlink data first arrives Donor-eNB, then passes to RN, and RN transfers to UE again, and upstream data first arrives UE, then passes to RN, and RN transfers to Donor-eNB again.
In practical communication process, RN namely can as a common terminal equipment, also can as a base station.When RN is as a terminal equipment, RN can as common UE access of radio network.
Common UE is when access network, network side can carry out authentication and the cryptographic key agreement (AKA of user to it, AuthenticationandKeyAgreement), in LTE system, this process is also referred to as evolved packet system cryptographic key agreement (EPSAKA, EvolvedPacketSystemAKA).It should be noted that, in foregoing description, UE refers to mobile device (MobileEquipment) and Global Subscriber identification module (USIM, UniversalSubscriberIdentityModule) general name, above-mentioned EPSAKA process is actual to be completed by USIM, therefore this process completes network and (or claims signing certification to the USIM certification of terminal, subscriptionAuthentication) and cryptographic key agreement, USIM certification is also claimed to be user authentication in subsequent descriptions.It should be noted that, usim card here represents the Universal Integrated Circuit Card (UICC, UniversalIntegratedCircuitCard) of broad sense.
By user authentication, UE and network side can send to ME according to root key K generation Integrity Key (IK, IntegrityKey) and encryption key (CK, CipherKey), and ME generates intermediate key K according to IK and CK
aSME, then utilize this intermediate key K
aSMEderive from the key that other is new, respectively the communication data realizing Access Layer (AS, Acesssstratum) and Non-Access Stratum (NAS, Non-accessstratum) is protected.Wherein, Access Layer safeguard protection key (such as wireless heterogeneous networks encryption key K
rRCenc, wireless heterogeneous networks tegrity protection key K
rRCintwith customer side encryption key K
uPenc) respectively by base station key K
eNBderive from according to algorithms of different, and K
eNBby intermediate key K
aSMEderivation comes.
Similar with UE, when RN is as a common terminal equipment, be the general name of relay node equipment (or being called RNplatform) and usim card (or claiming UICC card), RN can complete the USIM certification of RN according to above-mentioned EPSAKA process.
But, when RN is as base station, if this base station is an illegality equipment, then may threatens the subscriber equipment of its service, therefore, before this base station service UE, first need the legitimacy guaranteeing this base station.At present, the specific implementation realizing the legitimacy certification of RN is not determined.
But, even for the RN of a respectively legitimacy certification for completing user certification and equipment, also there is following security threat, Fig. 3 is that the RN that possible exist is by the process schematic of rogue attacks, as shown in Figure 3, if there is rogue attacks person (Attacker) to insert in illegal RN by legal usim card, illegal usim card is inserted in legal RN simultaneously, like this, when certification, assailant uses legal USIM and legal RN to complete corresponding user authentication and device authentication respectively.In practical communication process; illegal RN can get the Access Layer safeguard protection key that legal usim card certification produces; and the protection of Access Layer safeguard protection key of illegal section communication data acquisition between RN and network side, assailant just can distort or eavesdrop Content of Communication between RN and DeNB by illegal RN.Therefore, the existing legitimacy certification to RN can not ensure that legal usim card is inserted on legal RN equipment, namely can not realize the user authentication of RN and the binding of equipment, thus can not ensure the communication data safety between RN and network side.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method and system realizing safe key synchronous binding, can realize the binding of RN user authentication and equipment, ensures the communication data safety between RN and network side.
For achieving the above object, technical scheme of the present invention is achieved in that
Realize a method for safe key synchronous binding, comprising:
Mobility Management Entity MME notifies that RN carries out safe key binding;
After RN has notice, carry out the safe key binding process identical with network side, obtain the safe key with apparatus bound, and respond MME.
Described MME notifies that RN carries out safe key binding and comprises: described MME sends non access stratum NAS message to RN, notifies that described RN carries out safe key binding.
Carry in described NAS message and be used to indicate the key bindings indication information that RN carries out the binding of safe key.
The algorithm identification information of the algorithm used when also carrying for identifying and carrying out key bindings in described NAS message.
The identification information of the safe key needing binding is also carried in described NAS message.
The identification information of the equipment associated safety parameter also carried in described NAS message and need to bind.
The multiplexing existing NAS message of described NAS message; Described existing NAS message comprises: NAS Security Mode Command message, or user authentication request message;
Or described NAS message is newly-increased message, described newly-increased message is key bindings request message.
The safe key binding process identical with network side that described RN carries out, performs in the MME or home subscriber server HSS or Home Environment HE of network side.
The safe key binding process that described network side performs is before described MME sends NAS message notice RN; Or, after described MME receives the response from RN.
Also comprise before the method: described network side obtains the user security key of RN by user authentication flow process, and obtains the equipment associated safety parameter of RN;
Described safe key binding process comprises: utilize equipment associated safety parameter and described user security key, derive from the safe key with apparatus bound according to engagement arithmetic.
Described derivation according to engagement arithmetic comprises further with the safe key of apparatus bound:
Utilize equipment associated safety parameter, described user security key, and other parameter, derive from the safe key with apparatus bound according to engagement arithmetic.
Other parameter described comprises the parameter that described RN and network side are shared; Or the random number that described network side or RN generate, now, the method also comprises: this random number generated is informed to RN or network side by message by described network side or RN.
Described user security key can be intermediate key K
aSME, or encryption key CK, Integrity Key IK.
Described equipment associated safety parameter is the special parameter that described RN and network side are shared;
Described special parameter is: the parameter in the CAMEL-Subscription-Information of described RN; Or, the parameter preset in device certificate.
Described equipment associated safety parameter is: carry out the equipment associated safety parameter of reaching an agreement in device authentication process at described network side; The equipment associated safety parameter of reaching an agreement in described device authentication process is the root key in equipment CAMEL-Subscription-Information, or other new key derived from by this root key.
Described RN sends response to MME and comprises:
Described RN by existing NAS message, or utilizes newly-increased message, feeds back binding result to described MME.
Carry in the response message that described RN feeds back and be used to indicate the key bindings success indication information that RN is successfully completed safe key binding; Or, be used to indicate the unsuccessful key bindings failure indication information completing safe key binding of RN.
When carrying key bindings failure indication information in the response message that described RN feeds back, in the response message of described RN feedback, also carry failure cause.
Realize a system for safe key synchronous binding, at least comprise RN and MME, wherein,
MME, for sending safe key binding notice to RN;
RN, for receiving the safe key binding notice from MME, carrying out the safe key binding process identical with network side, obtaining the safe key with apparatus bound, and respond MME.
Described MME, specifically for after RN passes through user authentication, sends safe key binding notice to RN; Before the binding of transmission safe key informs RN, or after receiving the response from RN, carry out the safe key binding process identical with RN, obtain the safe key with apparatus bound.
This system also comprises HSS or HE, for carrying out the safe key binding process identical with RN, and sends to MME by what obtain after safe key binding process with the safe key of apparatus bound.
Described network side, also for being obtained the user security key of RN by user authentication flow process, and obtains the equipment associated safety parameter of RN.
As can be seen from the technical scheme that the invention described above provides, be included in RN by after user authentication, MME notifies that RN carries out safe key binding; And after RN has notice, carry out the safe key binding process identical with network side, obtain the safe key with apparatus bound, and respond MME.By the inventive method, obtained by safe key binding process with the safe key of apparatus bound, or other key utilizing the safe key of this and apparatus bound to derive from, protects the communication data safety between RN and network side.And by the safe key of this and apparatus bound, achieve the binding of RN user authentication and equipment, and ensure that to be now the legal RN having legal usim card certainly with the RN of network-side communication, like this, rogue attacks person cannot crack communication data.
Accompanying drawing explanation
Fig. 1 is the composition structural representation of LTE network;
Fig. 2 is the network composition schematic diagram after increasing RN in existing network framework;
Fig. 3 is that the RN that possible exist is by the process schematic of rogue attacks;
Fig. 4 is the flow chart that the present invention realizes the method for safe key synchronous binding;
Fig. 5 is the composition structural representation that the present invention realizes the system of safe key synchronous binding;
Fig. 6 is the schematic flow sheet that the present invention realizes the first embodiment of safe key synchronous binding;
Fig. 7 is the schematic flow sheet that the present invention realizes the second embodiment of safe key synchronous binding;
Fig. 8 is the schematic flow sheet that the present invention realizes the 3rd embodiment of safe key synchronous binding;
Fig. 9 is the schematic flow sheet that the present invention realizes the 4th embodiment of safe key synchronous binding;
Figure 10 is the schematic flow sheet that the present invention realizes the 5th embodiment of safe key synchronous binding.
Embodiment
Fig. 4 is the flow chart that the present invention realizes the method for safe key synchronous binding, comprises the following steps:
Step 400:MME notifies that RN carries out safe key binding.
In this step, MME can send NAS message to RN, and notice RN carries out safe key binding.Wherein, NAS message can multiplexing existing NAS message, such as NAS safe mode command (NASSMC, NASSecurityModeCommand) message, or user authentication request (UserAuthenticationRequest) message etc.; NAS message also can be newly-increased message, such as key bindings request message.
If RN and network side both sides agreement, for after notifying that RN carries out the NAS message of safe key binding, necessarily carry out safe key binding process, so, NAS message in this step can not carry any information, be exactly a notice instruction, namely RN and network side adopt implicit mode after RN is by user authentication, carry out the operation of safe key binding.
If RN and network side both sides do not arrange, in the NAS message that MME sends to RN, the algorithm identification information used when can carry key bindings indication information and/or key bindings, such as algorithm mark (AlgorithmIdentity), is used to indicate the binding that RN carries out safe key;
Further, the identification information of the safe key needing binding can also be carried in NAS message, such as E-UTRAN key set mark (eKSI, KeySetIdentityinE-UTRAN);
Further, the identification information with the equipment associated safety parameter needing to bind can also be carried in NAS message.
In addition, also comprised before this step: network side obtains the user security key of RN by user authentication flow process, or, by the certification of equipment or the equipment associated safety parameter obtaining RN according to methods such as device identification indexes.
After step 401:RN has notice, carry out the safe key binding process identical with network side, obtain the safe key with apparatus bound, and respond MME.
In this step, safe key binding process comprises: utilize equipment associated safety parameter and user security key, derives from the safe key with apparatus bound according to engagement arithmetic.The safe key of this and apparatus bound, or other key utilizing the safe key of this and apparatus bound to derive from, protect the communication data safety between RN and network side.And by the safe key of this and apparatus bound, achieve the binding of RN user authentication and equipment, and ensure that to be now the legal RN having legal usim card certainly with the RN of network-side communication, like this, rogue attacks person cannot crack communication data.
Further, deriving from the safe key process with apparatus bound according to engagement arithmetic, other parameter can also be used, the parameter that such as RN and network side share; Or the random number that network side (or RN) generates, now needs, by message, this random number is informed to opposite end RN (or network side).
Wherein, equipment associated safety parameter is the special parameter that RN and network side are shared, such as: can be certain parameter (such as equipment root key) in the CAMEL-Subscription-Information of RN, also can be the parameter preset etc. in device certificate (DeviceCertificate).Further, this equipment associated safety parameter can also be: carry out the device-dependent security parameter of reaching an agreement in device authentication process at network side, the root key in such as equipment CAMEL-Subscription-Information, or other new key etc. derived from by this root key.
User security key refers at the safe key relevant to user signing contract information, the intermediate key K reached an agreement in such as user authentication process
aSME, or by the CK that user's root key derives from, IK etc.
Engagement arithmetic in this step, can be known key derivation algorithm (KDF, KeyDerivationFunction), or other one-way function scheduling algorithm, the specific implementation of algorithm belongs to those skilled in the art's conventional techniques means, repeats no more here.
In addition, in this step, the safe key binding process identical with network side that RN performs, also can perform at network side, such as perform at MME, safe key binding process can occur in before MME sends NAS message notice RN, after also can occurring in the response that MME receives from RN.Or the safe key binding process that network side performs also can have been come by Home Environment HE or HSS, afterwards, HE or HSS can send to MME by what obtain after safe key binding process with the safe key of apparatus bound.
In this step, RN is comprised by response message feedback binding result:
RN is by existing NAS message, and such as NAS safe mode completes (NASSecurityModeComplete) message, or user authentication response (UserAuthenticationResponse) message etc.; Or utilize newly-increased message as key bindings response message, feed back binding result to MME.
Can carry in the response message of RN feedback and be used to indicate the key bindings success indication information that RN is successfully completed safe key binding; Or, be used to indicate the unsuccessful key bindings failure indication information completing safe key binding of RN, now, alternatively, can also failure cause be carried.
By the inventive method, obtained by safe key binding process with the safe key of apparatus bound, or other key utilizing the safe key of this and apparatus bound to derive from, protects the communication data safety between RN and network side.And by the safe key of this and apparatus bound, achieve the binding of RN user authentication and equipment, and ensure that to be now the legal RN having legal usim card certainly with the RN of network-side communication, like this, rogue attacks person cannot crack communication data.Wherein, network side can be MME, or HSS, or HE.
Fig. 5 is the composition structural representation that the present invention realizes the system of safe key synchronous binding, as shown in Figure 5, at least comprises RN and MME, wherein,
MME, for sending safe key binding notice to RN;
RN, for receiving the safe key binding notice from MME, carrying out the safe key binding process identical with network side, obtaining the safe key with apparatus bound, and respond MME.
MME, specifically for sending safe key binding notice to RN; Before the binding of transmission safe key informs RN, or after receiving the response from RN, carry out the safe key binding process identical with RN, obtain the safe key with apparatus bound.
Present system also comprises HSS or HE, for the initiation and the safe key binding process that replace MME to carry out key bindings, and sends to MME by what obtain after safe key binding process with the safe key of apparatus bound.
Described network side, also for obtaining the user security key of RN by user authentication flow process, or, by the certification of equipment or the equipment associated safety parameter obtaining RN according to methods such as device identification indexes.
Below in conjunction with specific embodiment, the inventive method is described in detail.
Fig. 6 is the schematic flow sheet that the present invention realizes the first embodiment of safe key synchronous binding, in the first embodiment, supposes that MME utilizes NASSMC message informing RN to carry out safe key binding, in NASSMC message, carries indication information.MME and RN utilizes equipment associated safety parameter and user intermediate key K respectively
aSMEderive from the safe key with apparatus bound, after RN success, feed back MME by response message.As shown in Figure 6, specifically comprise the following steps:
Complete the user authentication to RN by user authentication flow process (UserAuthenticationProcedure) between step 600:MME and RN, and obtain intermediate key K
aSME.The realization of this step belongs to prior art, repeats no more here.
Step 601:MME is according to the equipment identification information of RN; International Mobile Station Equipment Identification (the IMEI of such as equipment; InternationalMobileEquipmentIdentity) index obtains equipment associated safety parameter as shared key K_D; shared key K_D is present in the pre-configured key in RN equipment CAMEL-Subscription-Information; also can be the information generated by specific flow process; specific implementation belongs to technology as well known to those skilled in the art, the protection range be not intended to limit the present invention.
Step 602:MME carries out key bindings process: MME utilizes intermediate key K
aSMEwith equipment associated safety parameter as shared key K_D, derive the safe key K with apparatus bound according to the key derivation algorithm of agreement
aSME_ D, such as K
aSME_ D=KDF (K
aSME, K_D), specific implementation belongs to those skilled in the art's conventional techniques means, repeats no more here, and the protection range that its concrete methods of realizing is not intended to limit the present invention.
Step 603:MME initiates NASSMC message to RN, carries key bindings indication information in NASSMC message.
Step 604:RN indicates according to key bindings, utilizes the computational methods identical with MME to derive from the safe key K with apparatus bound
aSME_ D.
It should be noted that, at the safe key K with apparatus bound
aSMEin the derivation history of _ D, can also introduce other parameter and carry out, can be such as the parameter that RN and MME shares; Or the random number that MME (or RN) generates, now needs, by message, this random number is informed to opposite end.
Step 605:RN sends NAS safe mode to MME and completes message, and MME successfully receives the synchronous binding completing safe key after NAS safe mode completes message.
The safe key K with apparatus bound can be utilized between follow-up RN and network side
aSMEthe key that _ D derives from, the communication data safety between protection RN and network side.Concrete, can K be utilized
aSME_ D replaces common intermediate key K
aSME, derive from other safe key respectively, concrete derived method is consistent with existing safe key derived method.
In first embodiment, MME derives from and also can carry out after step 605 with the opportunity of the safe key of apparatus bound.
Fig. 7 is the schematic flow sheet that the present invention realizes the second embodiment of safe key synchronous binding, in second embodiment, suppose that MME utilizes NASSMC message informing RN to carry out safe key binding, indication information is carried in NASSMC message, and the algorithm identification information needing the safe key identification information of secure binding and/or key bindings to use.MME and RN utilizes the safe key of the safe key mark correspondence of specifying in equipment associated safety parameter and NASSMC message to derive from the safe key with apparatus bound respectively.Wherein, in the present embodiment, device security parameter is the security parameter of being reached an agreement on by device authentication process, feeds back MME, carry binding success mark in the response message after RN success by response message.As shown in Figure 7, specifically comprise the following steps:
Complete the user authentication to RN by EPSAKA flow process between step 700:MME and RN, and obtain intermediate key K
aSME.The realization of this step belongs to prior art, repeats no more here.
Step 701:MME and RN carries out device authentication, the security parameter K_relay that mutual agreement one is shared in device authentication flow process.
Step 702:MME utilizes intermediate key K
aSME, device-dependent security parameter (such as K_relay) and other parameter (random parameter RAND _ M such as generated by MME), key derivation algorithm derives the safe key K with apparatus bound according to a preconcerted arrangement
aSME_ D, such as K
aSME_ D=KDF (K
aSME, K_relay, RAND_M), specific implementation belongs to those skilled in the art's conventional techniques means, repeats no more here, and the protection range that its concrete methods of realizing is not intended to limit the present invention.Wherein RAND_M is optional parameters.
Step 703:MME initiates NASSMC message to RN, carries the algorithm identification information that key bindings indication information and/or key bindings use, the random parameter RAND _ M needed for key derivation, and the intermediate key K needing binding in NASSMC message
aSMEkey ID information (eKSI).
Step 704:RN indexes corresponding intermediate key K according to eKSI
aSME, utilize the computational methods identical with MME to derive from the safe key K with apparatus bound
aSME_ D.
Step 705:RN sends NAS safe mode to MME and completes message, completes in message carrying safe key binding success mark in NAS safe mode.MME successfully receives the synchronous binding completing safe key after NAS safe mode completes message.
The safe key K with apparatus bound can be utilized between follow-up RN and network side
aSMEthe key that _ D derives from, the communication data safety between protection RN and network side.
In second embodiment, MME derives from and also can carry out after step 705 with the opportunity of the safe key of apparatus bound.
Fig. 8 is the schematic flow sheet that the present invention realizes the 3rd embodiment of safe key synchronous binding, in 3rd embodiment, suppose that the safe key being completed network side by HSS binds process, then user authentication request message is initiated by MME to RN, key bindings indication information is carried in user authentication request message, RN utilizes the equipment associated safety parameter (root key in such as equipment CAMEL-Subscription-Information, or the key information derived from by this root key, or the digital signature etc. of equipment) and ciphering key K, IK to be bound derive from the safe key K of binding
aSME_ D.Wherein, equipment associated safety parameter is the peculiar parameter that the operator certificate of equipment is relevant, and RN performs safe key binding and processes successfully, by user authentication response message feedback to MME.As shown in Figure 8, specifically comprise the following steps:
Step 800:HSS obtains the identification information of equipment as IMEI.This step realizes those skilled in the art's conventional techniques means, and has nothing to do with scope, no longer describes in detail here.
The peculiar parameter (such as Ksec) that step 801:HSS is relevant according to the operator certificate of equipment corresponding to IMEI, and ciphering key K, IK to be bound, derive from algorithm according to agreement and derive from new for safe key K that is apparatus bound
aSME_ D.Wherein K
aSME_ D=KDF (CK, IK, Ksec), specific implementation belongs to those skilled in the art's conventional techniques means, repeats no more here, and the protection range that its concrete methods of realizing is not intended to limit the present invention.Wherein, ciphering key K, IK are by the algorithm derivation according to a preconcerted arrangement of the root key K in this RN user contracting data, and this is Given information.Optionally, that can also introduce other in above-mentioned computational process enters ginseng, the service network identification (SNid) of such as network side, or sequence number (SequenceNumber, or Anonymity Key (AnonymityKey, AK) SQN), or the random value that network side generates, or the combination in any etc. of above-mentioned parameter.
Step 802:HSS by generate with the safe key K of apparatus bound
aSME_ D, is carried in verify data response message and sends to MME.Alternatively, cryptographic binding indication information can also be carried in verify data response message.
Step 803:MME initiates user authentication request (UserAuthenticationRequest) message to RN, carries key bindings indication information in user authentication request message.
After step 804:RN receives user authentication request message, derive from CK, IK according to root key K, and then carry out safe key binding processing procedure according to Indication message, obtain the safe key K with apparatus bound
aSME_ D, in computational methods and step 801, the computational methods of HSS are completely the same.
In this step, if RN is at derivation K
aSMEin the process of _ D, there are abnormal conditions, then then can send directly to MME the user authentication response message carrying Bind Failed mark, alternatively, corresponding failure cause can also be carried, such as do not support key bindings.
Step 805:RN sends user authentication response (UserAuthenticationResponse) message to MME.Alternatively, in user authentication response, binding success mark is carried.MME completes the synchronous binding of safe key after successfully receiving user authentication response message.
The safe key K with apparatus bound can be utilized between follow-up RN and network side
aSMEthe key that _ D derives from, the communication data safety between protection RN and network side.
Fig. 9 is the schematic flow sheet that the present invention realizes the 4th embodiment of safe key synchronous binding, in 4th embodiment, suppose that MME utilizes newly-increased message informing RN to carry out safe key binding, the safe key identification information needing secure binding is carried in newly-increased message, and with the identification information of device security parameter correlation needing to bind, MME and RN utilizes the equipment associated safety parameter and safe key of specifying in message respectively, derives from the safe key with apparatus bound.Wherein, in the present embodiment, equipment associated safety parameter feeds back to MME by response message after device security key K _ D, the RN success of being reached an agreement on by device authentication process.As shown in Figure 9, specifically comprise the following steps:
Complete the user authentication to RN by user authentication flow process (UserAuthenticationProcedure) between step 900:MME and RN, and obtain intermediate key K
aSME.The realization of this step belongs to prior art, repeats no more here.
Step 901:MME and RN carries out device authentication, the security parameter K_D that mutual agreement one is shared in device authentication flow process.
Step 902:MME utilizes intermediate key K
aSME, device-dependent security parameter (such as K_D) and other parameter (random parameter RAND _ M such as generated by MME), key derivation algorithm derives from the safe key K with apparatus bound according to a preconcerted arrangement
aSME_ D, such as K
aSME_ D=KDF (K
aSME, K_D, RAND_M), specific implementation belongs to those skilled in the art's conventional techniques means, repeats no more here, and the protection range that its concrete methods of realizing is not intended to limit the present invention.
Step 903:MME initiates safe key bind command message to RN, in safe key bind command message, carry random parameter RAND _ M, needs the intermediate key K of binding
aSMEkey ID information (eKSI), and need the identification parameter (eKSI_D) corresponding to device security parameter K_D of binding.Wherein, safe key and the security parameter of required binding uniquely can be determined respectively according to eKSI and eKSI_D.
Step 904:RN indexes corresponding intermediate key K according to eKSI
aSME, and the device security parameter K_D needing binding is indexed according to eKSI_D, and utilize the computational methods identical with MME to derive from the safe key K with apparatus bound
aSME_ D.
In this step, if because there is exception in RN, such as cannot index corresponding safe key or security parameter, cause completing safe key binding process, feel puzzled, RN can send safe key binding response message with safe key Bind Failed mark directly to MME, or arranges binding success and be masked as vacation (False) in safe key binding response message.Alternatively, can also further take safe key binding response message in be with corresponding failure cause, the mark in such as the present embodiment does not exist.
Step 905:RN sends safe key binding response message to MME, in safe key binding response message, carry safe key binding success mark.MME completes the synchronous binding of safe key after successfully receiving safe key binding response message.
The safe key K with apparatus bound can be utilized between follow-up RN and network side
aSMEthe key that _ D derives from, the communication data safety between protection RN and network side.
Figure 10 is the schematic flow sheet that the present invention realizes the 5th embodiment of safe key synchronous binding, in the 5th embodiment, supposes that MME and RN arranges: after finishing equipment certification, initiatively carry out safe key binding process separately.Alternatively, can be verified binding result by other message (such as NASSMC message) after binding terminates.As shown in Figure 10, specific implementation comprises the following steps:
Complete the user authentication to RN by user authentication flow process (UserAuthenticationProcedure) between step 1000:MME and RN, and obtain intermediate key K
aSME.The realization of this step belongs to prior art, repeats no more here.
Step 1001:MME and RN carries out device authentication, the security parameter K_D that mutual agreement one is shared in device authentication flow process.
Step 1002 ~ step 1003:MME and RN, respectively according to making an appointment, generates the safe key with apparatus bound: utilize intermediate key K respectively
aSME, and equipment associated safety parameter is as shared key K_D, key derivation algorithm derives the safe key K with apparatus bound according to a preconcerted arrangement
aSME_ D, such as K
aSME_ D=KDF (K
aSME, K_D), specific implementation belongs to those skilled in the art's conventional techniques means, repeats no more here, and the protection range that its concrete methods of realizing is not intended to limit the present invention.
Step 1004: alternatively, MME initiates NAS safe mode command (NASSMC) message to RN, and carries out integrity protection to this NAS Security Mode Command message.Wherein, tegrity protection key is by can by the safe key K with apparatus bound
aSME_ D derives from.
Step 1005:RN generate according to self with the safe key K of apparatus bound
aSME_ D derives from tegrity protection key; and the NAS Security Mode Command message from MME is verified; if the verification passes; then reply NAS safe mode to MME and complete (NASSMCComplete) message; and message completed to this NAS safe mode be encrypted, encryption key generated by RN with the safe key K of apparatus bound
aSME_ D derives from.
Step 1006:MME receives after NAS safe mode completes message, that generate according to MME self with safe key K that is apparatus bound
aSME_ D derives from decruption key, and completes message to the NAS safe mode received and be decrypted, if successful decryption, illustrates that RN and MME successfully receives the synchronous binding namely completing safe key.
The safe key K with apparatus bound can be utilized between follow-up RN and network side
aSMEthe key that _ D derives from, the communication data safety between protection RN and network side.
In the present embodiment, the execution of step 1002 and step 1003 is regardless of order.
In embodiment shown in Fig. 6 ~ Figure 10 of the present invention, in the engagement arithmetic carrying out safe key binding, can also use other parameter, this parameter can be certain shared parameter that RN and network side are all known; Also can be the random number that RN or network side generate, if random number, the side also needing to generate random number by this random number by message informing to opposite end.
The sequencing of the handling process in the embodiment shown in Fig. 6 ~ Figure 10 of the present invention, can change to some extent in specific implementation process, belongs to that those skilled in the art easily obtain according to method provided by the invention, and is not intended to limit the scope of the invention.
The above, be only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention, and all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.
Claims (21)
1. realize a method for safe key synchronous binding, it is characterized in that, comprising:
Mobility Management Entity MME notifies that RN carries out safe key binding;
After RN has notice, carry out the safe key binding process identical with network side, obtain the safe key with apparatus bound, and respond MME;
Wherein, described safe key binding process comprises: utilize the equipment associated safety parameter of described RN and the user security key of described RN, derive from the safe key with apparatus bound according to engagement arithmetic;
Described equipment associated safety parameter is the special parameter that described RN and network side are shared;
Described special parameter is: the parameter in the CAMEL-Subscription-Information of described RN; Or, the parameter preset in device certificate;
Described user security key is the key relevant to user signing contract information.
2. method according to claim 1, is characterized in that, described MME notifies that RN carries out safe key binding and comprises: described MME sends non access stratum NAS message to RN, notifies that described RN carries out safe key binding.
3. method according to claim 2, is characterized in that, carries and be used to indicate the key bindings indication information that RN carries out the binding of safe key in described NAS message.
4. method according to claim 3, is characterized in that, the algorithm identification information of the algorithm used when also carrying for identifying and carrying out key bindings in described NAS message.
5. method according to claim 3, is characterized in that, also carries the identification information of the safe key needing binding in described NAS message.
6. method according to claim 5, is characterized in that, also carries the identification information with the equipment associated safety parameter needing to bind in described NAS message.
7. the method according to any one of claim 2 ~ 6, is characterized in that, the multiplexing existing NAS message of described NAS message; Described existing NAS message comprises: NAS Security Mode Command message, or user authentication request message;
Or described NAS message is newly-increased message, described newly-increased message is key bindings request message.
8. method according to claim 1, is characterized in that, the safe key binding process identical with network side that described RN carries out, and performs in the MME or home subscriber server HSS or Home Environment HE of network side.
9. method according to claim 8, is characterized in that, the safe key binding process that described network side performs is before described MME sends NAS message notice RN; Or, after described MME receives the response from RN.
10. the method according to claim 1,8 or 9, is characterized in that, also comprise before the method: described network side obtains the user security key of RN by user authentication flow process, and obtains the equipment associated safety parameter of RN.
11. methods according to claim 10, is characterized in that, described derivation according to engagement arithmetic comprises further with the safe key of apparatus bound:
Utilize equipment associated safety parameter, described user security key, and other parameter, derive from the safe key with apparatus bound according to engagement arithmetic.
12. methods according to claim 11, is characterized in that, other parameter described comprises the parameter that described RN and network side are shared; Or the random number that described network side or RN generate, now, the method also comprises: this random number generated is informed to RN or network side by message by described network side or RN.
13. methods according to claim 10, is characterized in that, described user security key can be intermediate key K
aSME, or encryption key CK, Integrity Key IK.
14. methods according to claim 1,8 or 9, it is characterized in that, described equipment associated safety parameter is: carry out the equipment associated safety parameter of reaching an agreement in device authentication process at described network side; The equipment associated safety parameter of reaching an agreement in described device authentication process is the root key in equipment CAMEL-Subscription-Information, or other new key derived from by this root key.
15. methods according to claim 1,8 or 9, is characterized in that, described RN sends response to MME and comprises:
Described RN by existing NAS message, or utilizes newly-increased message, feeds back binding result to described MME.
16. methods according to claim 15, is characterized in that, carry and be used to indicate the key bindings success indication information that RN is successfully completed safe key binding in the response message that described RN feeds back; Or, be used to indicate the unsuccessful key bindings failure indication information completing safe key binding of RN.
17. methods according to claim 16, is characterized in that, when carrying key bindings failure indication information in the response message that described RN feeds back, also carry failure cause in the response message of described RN feedback.
18. 1 kinds of systems realizing safe key synchronous binding, is characterized in that, at least comprise RN and MME, wherein,
MME, for sending safe key binding notice to RN;
RN, for receiving the safe key binding notice from MME, carrying out the safe key binding process identical with network side, obtaining the safe key with apparatus bound, and respond MME;
RN, also for the user security key of the equipment associated safety parameter and described RN that utilize described RN, derives from the safe key with apparatus bound according to engagement arithmetic;
Wherein, described equipment associated safety parameter is the special parameter that described RN and network side are shared;
Described special parameter is: the parameter in the CAMEL-Subscription-Information of described RN; Or, the parameter preset in device certificate;
Described user security key is the key relevant to user signing contract information.
19. systems according to claim 18, is characterized in that, described MME, specifically for after RN passes through user authentication, send safe key binding notice to RN; Before the binding of transmission safe key informs RN, or after receiving the response from RN, carry out the safe key binding process identical with RN, obtain the safe key with apparatus bound.
20. systems according to claim 18, is characterized in that, this system also comprises HSS or HE, for carrying out the safe key binding process identical with RN, and send to MME by what obtain after safe key binding process with the safe key of apparatus bound.
21. systems according to any one of claim 18 ~ 20, is characterized in that, described network side, also for being obtained the user security key of RN by user authentication flow process, and obtain the equipment associated safety parameter of RN.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010282470.3A CN101945386B (en) | 2010-09-10 | 2010-09-10 | A kind of method and system realizing safe key synchronous binding |
| PCT/CN2011/077617 WO2012031510A1 (en) | 2010-09-10 | 2011-07-26 | Method and system for implementing synchronous binding of security key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010282470.3A CN101945386B (en) | 2010-09-10 | 2010-09-10 | A kind of method and system realizing safe key synchronous binding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101945386A CN101945386A (en) | 2011-01-12 |
| CN101945386B true CN101945386B (en) | 2015-12-16 |
Family
ID=43437080
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010282470.3A Active CN101945386B (en) | 2010-09-10 | 2010-09-10 | A kind of method and system realizing safe key synchronous binding |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101945386B (en) |
| WO (1) | WO2012031510A1 (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102196438A (en) | 2010-03-16 | 2011-09-21 | 高通股份有限公司 | Communication terminal identifier management methods and device |
| US9385862B2 (en) | 2010-06-16 | 2016-07-05 | Qualcomm Incorporated | Method and apparatus for binding subscriber authentication and device authentication in communication systems |
| US8839373B2 (en) | 2010-06-18 | 2014-09-16 | Qualcomm Incorporated | Method and apparatus for relay node management and authorization |
| CN101945386B (en) * | 2010-09-10 | 2015-12-16 | 中兴通讯股份有限公司 | A kind of method and system realizing safe key synchronous binding |
| CN101931953B (en) * | 2010-09-20 | 2015-09-16 | 中兴通讯股份有限公司 | Generate the method and system with the safe key of apparatus bound |
| US9112905B2 (en) | 2010-10-22 | 2015-08-18 | Qualcomm Incorporated | Authentication of access terminal identities in roaming networks |
| CN102595403A (en) * | 2011-01-14 | 2012-07-18 | 中兴通讯股份有限公司 | Authentication method and authentication device for relay node binding |
| CN102595395A (en) * | 2011-01-14 | 2012-07-18 | 中兴通讯股份有限公司 | Relay node authentication method and system |
| US9668128B2 (en) | 2011-03-09 | 2017-05-30 | Qualcomm Incorporated | Method for authentication of a remote station using a secure element |
| CN102685735B (en) * | 2011-03-11 | 2017-02-01 | 中兴通讯股份有限公司 | Method and system for reconstructing high-level security in RN switching process |
| US8887258B2 (en) | 2011-08-09 | 2014-11-11 | Qualcomm Incorporated | Apparatus and method of binding a removable module to an access terminal |
| EP3139649A1 (en) * | 2015-09-04 | 2017-03-08 | Gemalto Sa | Method to authenticate a subscriber in a local network |
| CN109698746B (en) * | 2019-01-21 | 2021-03-23 | 北京邮电大学 | Method and system for generating sub-keys of binding equipment based on master key negotiation |
| US11310661B2 (en) * | 2020-02-14 | 2022-04-19 | Mediatek Inc. | Security key synchronization method and associated communications apparatus |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101233734A (en) * | 2005-06-30 | 2008-07-30 | 朗迅科技公司 | Method for distributing security keys during hand-off in a wireless communication system |
| CN101500229A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
| CN101500230A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101945386B (en) * | 2010-09-10 | 2015-12-16 | 中兴通讯股份有限公司 | A kind of method and system realizing safe key synchronous binding |
| CN101931953B (en) * | 2010-09-20 | 2015-09-16 | 中兴通讯股份有限公司 | Generate the method and system with the safe key of apparatus bound |
-
2010
- 2010-09-10 CN CN201010282470.3A patent/CN101945386B/en active Active
-
2011
- 2011-07-26 WO PCT/CN2011/077617 patent/WO2012031510A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101233734A (en) * | 2005-06-30 | 2008-07-30 | 朗迅科技公司 | Method for distributing security keys during hand-off in a wireless communication system |
| CN101500229A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
| CN101500230A (en) * | 2008-01-30 | 2009-08-05 | 华为技术有限公司 | Method for establishing security association and communication network system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012031510A1 (en) | 2012-03-15 |
| CN101945386A (en) | 2011-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101945386B (en) | A kind of method and system realizing safe key synchronous binding | |
| CN101931955B (en) | Authentication method, device and system | |
| CN108781366B (en) | Authentication mechanism for 5G technology | |
| CN101945387B (en) | The binding method of a kind of access layer secret key and equipment and system | |
| CN101931953B (en) | Generate the method and system with the safe key of apparatus bound | |
| KR101554396B1 (en) | Method and apparatus for binding subscriber authentication and device authentication in communication systems | |
| CN102823282B (en) | Key authentication method for binary CDMA | |
| US8954739B2 (en) | Efficient terminal authentication in telecommunication networks | |
| CN101640887B (en) | Authentication method, communication device and communication system | |
| CN109891920A (en) | Support the covering in wireless network and the layer 2 relay of resource-constrained devices | |
| CN101951590B (en) | Authentication method, device and system | |
| CN102056159B (en) | Method and device for acquiring safe key of relay system | |
| WO2010124474A1 (en) | Method and device for establishing security mechanism of air interface link | |
| CN108293223A (en) | A kind of data transmission method, user equipment and network side equipment | |
| KR20130042006A (en) | Relay node device authentication mechanism | |
| US20150229620A1 (en) | Key management in machine type communication system | |
| CN101977378B (en) | Information transferring method, network side and via node | |
| CN101500229A (en) | Method for establishing security association and communication network system | |
| CN102238484A (en) | Method and system for group-based authentication in machine to machine communication systems | |
| CN101483870A (en) | Cross-platform mobile communication security system implementing method | |
| CN103096307A (en) | Secret key verification method and device | |
| CN104602229A (en) | Efficient initial access authentication method for WLAN and 5G integration networking application scenarios | |
| CN102833739A (en) | Method, device and system for transmitting initial non access stratum messages | |
| CN105764052A (en) | TD-LTE authentication and protective encryption method | |
| CN102595403A (en) | Authentication method and authentication device for relay node binding |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |