[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2022237561A1 - 一种通信方法及装置 - Google Patents

一种通信方法及装置 Download PDF

Info

Publication number
WO2022237561A1
WO2022237561A1 PCT/CN2022/089936 CN2022089936W WO2022237561A1 WO 2022237561 A1 WO2022237561 A1 WO 2022237561A1 CN 2022089936 W CN2022089936 W CN 2022089936W WO 2022237561 A1 WO2022237561 A1 WO 2022237561A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
user equipment
request
home network
identifier
Prior art date
Application number
PCT/CN2022/089936
Other languages
English (en)
French (fr)
Inventor
李飞
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to EP22806530.6A priority Critical patent/EP4322579A4/en
Publication of WO2022237561A1 publication Critical patent/WO2022237561A1/zh
Priority to US18/505,391 priority patent/US20240089728A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/106Packet or message integrity
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Definitions

  • the present application relates to the technical field of communication, and in particular to a communication method and device.
  • 4G technology defines a power-saving security scheme, which is called battery efficient security for very low throughput machine-type communication equipment.
  • type communication devices BEST
  • HPLMN home public land mobile network
  • HSE HPLMN security endpoint
  • UE user equipment
  • the cipher key (CK) and the integrity key (integrity key, IK) derive a security key for protecting UE data, which is used to protect UE data security.
  • the HSE cannot obtain the CK and IK of the UE, and cannot derive the security key based on the CK and IK. Therefore, the BEST authentication method of 4G technology cannot be fully applied to the 5G architecture, resulting in data security risks for the UE. Increase.
  • the purpose of the embodiments of the present application is to provide a communication method and device for providing a security key acquisition method suitable for 5G and other network architectures, so as to reduce data security risks of user equipment under 5G and other network architectures.
  • the embodiment of the present application provides a communication method.
  • the method may be executed by a home network security node, including: the home network security node may receive a first request from a user equipment, where the first request includes a first identifier of the user equipment.
  • the home network security node may also send a second request to the first network function, where the second request includes a second identifier of the user equipment, and the second identifier is determined according to the first identifier, or the second identifier is the same as the first identifier.
  • the home network security node receives the first key from the first network function, and the first key is generated according to the encryption key, the integrity key and the first information.
  • the home network security node may generate a second key according to the first key, and the second key includes a confidentiality protection key and/or an integrity protection key between the user equipment and the home network security node.
  • the first information includes: at least one of the service network name of the user equipment, the identifier of the home network security node, the SUPI of the user equipment, and the BEST service identifier.
  • the home network security node can obtain the first key, wherein the first key is generated according to the encryption key, the integrity key and the first information, therefore, the home network security node does not need to obtain the UE's encrypted
  • the secret key and the integrity key can obtain the first key, and then a security key for protecting user equipment data can be generated according to the first key. Therefore, this solution can provide a security key acquisition method suitable for 5G and other network architectures, and can reduce the data security risk of user equipment.
  • the first identifier of the user equipment includes the SUCI of the user equipment
  • the second identifier of the user equipment includes the SUPI of the user equipment
  • it may further include:
  • the home network security node obtains the SUPI of the user equipment according to the SUCI.
  • the home network security node decrypts SUCI according to the home network security node's private key to obtain SUPI, wherein SUCI is obtained by encrypting SUPI with the home network security node's public key.
  • the first identifier of the user equipment includes an identifier assigned to the user equipment by the home network security node
  • the second identifier of the user equipment includes the SUPI of the user equipment
  • the home network security node sends a second request to the first network function
  • the method may further include: the home network security node acquires the SUPI of the user equipment according to the identifier assigned by the home network security node to the user equipment.
  • the home network security node obtains the SUPI of the user equipment according to the SUCI, which may include: the home network security node sends the SUCI of the user equipment to the first network function; the home network security node receives the SUPI from the first network function .
  • the first identifier includes SUCI and/or SUPI of the user equipment.
  • the user equipment and the home network security node communicate based on the user equipment's SUCI, SUPI or the identity assigned to the UE by the home network security node, but do not use the IMSI to communicate, so as to be applicable to network architectures such as 5G way of communication.
  • authentication and key derivation via SUCI can further improve security.
  • the second request is a user equipment authentication acquisition request
  • the user equipment authentication acquisition request may also include indication information
  • the indication information is used to indicate that the first encryption key is generated according to the encryption key, the integrity key, and the first information. key.
  • the first request further includes the service network name of the user equipment
  • the second request further includes the service network name
  • the first network function includes an authentication service function or a unified data management function.
  • the home network security node may send the random number and/or the authentication token to the user equipment.
  • the home network security node generates the second key according to the first key, including: the home network security node generates the second key according to the first key and second information, and the second information includes the following At least one: the identity of the home network security node, the algorithm type identifier of the BEST service of the user equipment, the serial number used in the calculation of the authentication token in the user equipment, the hidden key, the SUPI of the user equipment, the random number, or the authentication token .
  • the second information may come from the first network function.
  • the first request further includes an encryption instruction, and may further include: enabling the encryption service by the home network security node. If the encryption service is enabled, the second key includes a confidentiality protection key.
  • the home network security node before the home network security node generates the second key according to the first key, it may further include: the home network security node receiving the encryption instruction from the first network function; the home network security node according to the encryption instruction Determine whether to enable the user plane encryption service of the user equipment.
  • a communication method may be executed by a unified data management function, including: the unified data management function receives a second request from the home network security node, where the second request includes a second identifier of the user equipment.
  • the unified data management function may generate an encryption key and an integrity key of the user equipment according to the second identification, and generate a first key according to the encryption key, the integrity key and the first information.
  • the unified data management function may send the first key to the home network security node.
  • the first information includes: at least one of the service network name of the user equipment, the identifier of the home network security node, the SUPI of the user equipment, and the BEST service identifier.
  • the method may further include: the unified data management function receives the SUCI of the user equipment from the home network security node; the unified data management function determines the SUPI of the user equipment according to the SUCI; The node sends the SUPI of the user equipment.
  • the second identifier may include SUCI or SUPI of the user equipment.
  • the method may further include: the unified data management function sends an encryption instruction to the home network security node.
  • the second request is a user equipment authentication acquisition request
  • the user equipment authentication acquisition request also includes indication information
  • the unified data management function generates the first key according to the encryption key, the integrity key and the first information, It may include: after receiving the indication information, the unified data management function generates the first key according to the encryption key, the integrity key and the first information.
  • the second request may further include a service network name of the user equipment.
  • the method may further include: the unified data management function determines the registered or authenticated or service network name of the user equipment according to the second identifier.
  • the unified data management function may send the second information to the home network security node, and the second information includes at least one of the following: the identity of the home network security node, the algorithm type identifier of the BEST service of the user equipment, The serial number, secret key, SUPI of the user device, nonce, or authentication token used in computing the authentication token in the user device.
  • a communication method may be performed by a user equipment, and includes: the user equipment sends a first request to a home network security node, where the first request includes an identifier of the user equipment.
  • the user equipment may also receive the random number sent by the home network security node.
  • the user equipment can generate the encryption key and the integrity key according to the random number and the root key of the user equipment, and the user equipment can generate the first key according to the encryption key, the integrity key and the first information, and according to the first key Generate a second key.
  • the second key comprises a confidentiality protection key and/or an integrity protection key between the user equipment and the home network security node.
  • the first information includes: at least one of the service network name of the user equipment, the identifier of the home network security node, the SUPI of the user equipment, and the BEST service identifier.
  • the user equipment generating the second key according to the first key may include: generating the second key according to the first key and third information; the third information includes at least one of the following: the home network The identity of the security node, the algorithm type identifier of the BEST service of the user equipment, the serial number used to calculate the authentication token in the user equipment, the hidden key, the SUPI of the user equipment, the random number, or the authentication token.
  • the first request further includes a service network name of the user equipment; and/or the first request further includes an encryption indication, and the encryption indication is used to instruct the user equipment to request a user plane encryption service.
  • the identifier of the user equipment includes SUCI, SUPI of the user equipment or an identifier assigned to the user equipment by the home network security node.
  • an embodiment of the present application provides a communication device, the communication device includes a processor, and the processor is coupled to a memory, wherein: the memory is used to store instructions; the processor is used to execute the instructions stored in the memory according to the instructions stored in the memory.
  • the communication device may further include the memory.
  • the communication device may further include a transceiver, configured to support the communication device in sending and/or receiving information in the above method.
  • the communication device may be a terminal device, or a device in a terminal device, such as a chip or a chip system, wherein the chip system includes at least one chip, and the chip system may also include other circuit structures and/or discrete devices.
  • the embodiment of the present application provides a communication device, which is used to implement the method in any possible design of the first aspect to the third aspect or the above aspects, including corresponding functional modules, for example, including a processing unit, The communication unit and the like are respectively used to realize the steps in the above methods.
  • an embodiment of the present application provides a computer-readable storage medium, where computer-readable instructions are stored in the computer-readable medium, and when the computer reads and executes the computer-readable instructions, the communication device executes the first Aspect to the third aspect or a method in any possible design of the above aspects.
  • the embodiment of the present application provides a computer program product.
  • the communication device executes any possible design of the first aspect to the third aspect or the above aspects. Methods.
  • the embodiment of the present application provides a chip, the chip is connected to the memory, and is used to read and execute the software program stored in the memory, so as to execute any one of the first to third aspects or the above aspects a possible design approach.
  • the embodiment of the present application provides a communication device, including a processor, the processor is configured to be coupled with the transceiver, read and execute the instructions in the memory, so as to implement the first aspect to the third aspect or above A method in any one of the possible designs of the aspect.
  • the embodiment of the present application provides a communication system, including a device for performing the method in the first aspect or any possible design of the first aspect, and for performing the second aspect or any of the second aspects A method of one possible design, and an apparatus for performing the method of the third aspect or any of the possible designs of the third aspect.
  • FIG. 1 is a schematic structural diagram of a communication system provided by an embodiment of the present application.
  • Figure 2 is a schematic diagram of the network architecture of the 4G BEST solution
  • Figure 3 is a schematic diagram of the key architecture of the 4G BEST scheme
  • FIG. 4 is a schematic structural diagram of a communication system provided by an embodiment of the present application.
  • FIG. 5 is a schematic flowchart of a communication method provided by an embodiment of the present application.
  • FIG. 6 is a schematic flowchart of another communication method provided by the embodiment of the present application.
  • FIG. 7 is a schematic flowchart of another communication method provided by the embodiment of the present application.
  • FIG. 8 is a schematic flowchart of another communication method provided by the embodiment of the present application.
  • FIG. 9 is a schematic flowchart of another communication method provided by the embodiment of the present application.
  • FIG. 10 is a schematic flowchart of another communication method provided by the embodiment of the present application.
  • FIG. 11 is a schematic structural diagram of a communication device provided by an embodiment of the present application.
  • FIG. 12 is a schematic structural diagram of another communication device provided by an embodiment of the present application.
  • At least one means one, or more than one, including one, two, three and more.
  • a plurality refers to two, or more than two, including two, three or more.
  • Carrying may mean that a certain message is used to carry certain information or data, or it may mean that a certain message is composed of certain information.
  • Coupling refers to an indirect coupling or communication connection between devices, units or modules, which may be in electrical, mechanical or other forms, and is used for information exchange between devices, units or modules.
  • At least one item (unit) of a, b or c can represent: a, b, c, a and b, a and c, b and c, or a, b and c, wherein a, b, c Can be single or multiple.
  • a wireless communication system 100 may include a terminal device 101 and a network device 102 .
  • the wireless communication system 100 provided in the embodiment of the present application can be applied to both low frequency scenarios (sub 6G) and high frequency scenarios (above 6G).
  • the application scenarios of the wireless communication system 100 provided by the embodiment of the present application include but are not limited to wideband code division multiple access (WCDMA) system, general packet radio service (general packet radio service, GPRS), long term evolution (long term term evolution (LTE) system, LTE frequency division duplex (frequency division duplex, FDD) system, LTE time division duplex (time division duplex, TDD), universal mobile telecommunications system (universal mobile telecommunications system, UMTS), global interconnected microwave access Access (worldwide interoperability for microwave access, WiMAX) communication system, fifth generation system or new radio (new radio, NR) communication system, etc.
  • WCDMA wideband code division multiple access
  • GPRS general packet radio service
  • LTE long term evolution
  • LTE frequency division duplex frequency division duplex
  • FDD frequency division duplex
  • TDD time division duplex
  • the terminal device 101 shown above may be a user equipment, a terminal (terminal), a mobile station (mobile station, MS), a mobile terminal (mobile terminal) and the like, and the terminal device 101 can communicate with one or more communication systems of one or more communicate with each network device and accept network services provided by the network device, the network device here includes but not limited to the network device 102 shown in the figure.
  • the terminal device 101 in the embodiment of the present application can be a mobile phone (or called a "cellular" phone), a computer with a mobile terminal, etc., and the terminal device 101 can also be a portable, pocket-sized, hand-held, computer built-in or vehicle-mounted mobile devices.
  • the terminal device 101 may also be a communication chip with a communication module.
  • the network device 102 shown above may include the access network device (or referred to as an access network site) described in this application. Specifically, the network device 102 may include an access network device.
  • an access network device refers to a device that provides a network access function, such as a radio access network (radio access network, RAN) base station and the like.
  • RAN radio access network
  • the network device 102 may include a base station (base station, BS), or include a base station and a radio resource management device for controlling the base station, etc., and the network device 102 may be a relay station (relay device), an access point, a vehicle-mounted device, or a
  • the embodiments of the present application are not limited to wearable devices, base stations in networks such as 5G in the future, base stations in public land mobile network (PLMN) networks that will evolve in the future, or NR base stations.
  • the network device 102 may also be a communication chip with a communication module.
  • the network device 102 can serve as a RAN base station to provide a wireless network connection to the terminal device 101, for example, the network device 102 can serve as a 4G access network—evolved universal mobile telecommunications system (universal mobile telecommunications system, UMTS) terrestrial radio access network (evolved UMTS terrestrial radio access network, E-UTRAN) access network base station, or, the network device 102 can be used as a 5G access network——Access network base station in 5G RAN, Alternatively, the network device 102 may serve as an access network base station in a future wireless communication system.
  • 4G access network evolved universal mobile telecommunications system (universal mobile telecommunications system, UMTS) terrestrial radio access network (evolved UMTS terrestrial radio access network, E-UTRAN) access network base station
  • the network device 102 can be used as a 5G access network——Access network base station in 5G RAN
  • the network device 102 may serve as an access network base station in a
  • FIG. 1 Currently, 4G defines a power-saving security scheme called BEST for low-throughput machine-type communication devices.
  • Figure 2 describes the network architecture of this scheme. The main purpose is to complete the authentication and key generation with the UE through the HSE, so as to derive the security key used to protect the UE data. The overall structure of the key is shown in Figure 3.
  • HSE home subscriber server
  • HSS home subscriber server
  • One is the direct interaction between the HSE and the HSS through the interface, and the other is the end-to-intermediate encryption.
  • the key server end to middle key server, EMKS
  • EMKS end to middle key server
  • UE and EAS perform end-to-end (end to end, E2E) protection.
  • HSE needs to generate an intermediate key and EAS-specific pre-shared key for EAS, that is, K Intermediate and K Intermediate in Figure 3 EAS_PSK .
  • the EAS and the UE regenerate the E2E security key according to K EAS_PSK , that is, K E2Eenc and K E2Eint in Fig. 3, which are the confidentiality protection key and the integrity protection key respectively.
  • UE, HSE and EAS perform hop-by-hop (hop-by-hop) protection.
  • HSE only needs to generate the security key between itself and UE, that is, K E2Menc and K E2Mint in Figure 3 .
  • the UE may carry the IMSI to request the HSE to establish a session, and the HSE judges whether the UE needs to generate a key, that is, judges whether there is a valid key with a valid counter value for the UE , the judgment method is as follows:
  • the HSE may reject the command.
  • HSE judging whether there is a valid key with a valid counter value for the UE
  • HSE will obtain authentication vector from HSS
  • authentication vector includes random number (RAND), authentication token (AUTN), CK and IK
  • HSE calculates HSE key according to authentication vector.
  • the HSE will send RAND and AUTN to the UE for UE authentication.
  • the UE verifies the AUTN successfully, it may return the verification data (RES) to the HSE for the HSE verification, or it may not return.
  • RES verification data
  • UE and HSE will generate other keys based on CK and IK derivation, including but not limited to K E2Eenc , K E2Eint , K E2Menc and K E2Mint .
  • the 5G network architecture may include three parts, namely UE, data network (data network, DN) and operator network.
  • the operator network may include network slice selection function (network slice selection function, NSSF), network exposure function (network exposure function, NEF), network storage function (network function repository function, NRF), policy control function (policy control function, PCF), unified data management (unified data management, UDM), application function (application function, AF), network slice specific authentication and authorization function (network slice specific authentication and authorization function, NSSAAF), authentication server function (authentication server function, AUSF), access and mobility management function (access and mobility management function, AMF), session management function (session management function, SMF), (wireless) access network ((radio) access network, (R)AN ), HSE, EAS and user plane function (user plane function, UPF) and other network functions (network function, NF).
  • the part other than the (wireless) access network part may be referred to as the core network (CN) part.
  • the (R)AN is referred to as RAN as an example in the following description.
  • the user equipment may include the UE shown in FIG. 4 .
  • UE can be a device with wireless transceiver function, which can be deployed on land, including indoor or outdoor, hand-held or vehicle-mounted; it can also be deployed on water (such as ships, etc.); it can also be deployed in the air (such as aircraft, balloons, etc. and satellites, etc.).
  • the UE may be a mobile phone, a tablet computer (pad), a computer with a wireless transceiver function, a virtual reality (virtual reality, VR) terminal, an augmented reality (augmented reality, AR) terminal, an industrial control (industrial control) Wireless terminals in self driving, wireless terminals in remote medical, wireless terminals in smart grid, wireless terminals in transportation safety, Wireless terminals in smart cities, wireless terminals in smart homes, etc.
  • the UE may also be the terminal device 101 shown in FIG. 1 .
  • the aforementioned UE can establish a connection with the operator network through an interface provided by the operator network (for example, N1, etc.), and use services such as data and/or voice provided by the operator network.
  • the UE can also access the DN through the operator network, and use operator services deployed on the DN, and/or services provided by a third party.
  • the above-mentioned third party may be a service party other than the operator's network and the UE, and may provide other services such as data and/or voice for the UE.
  • the specific form of expression of the above-mentioned third party can be determined according to the actual application scenario, and is not limited here.
  • the home network security node in this application may include the HSE shown in Figure 4.
  • the home network security node may still be an HSE or have other names, which are not limited in this application.
  • the authentication service function may include the AUSF shown in Figure 4. In future communications such as 6G, the authentication service function may still be AUSF, or have other names, which are not limited in this application.
  • the unified data management function may include UDM shown in Figure 4. In future communications such as 6G, the unified data management function may still be UDM or have other names, which are not limited in this application.
  • Nnssf, Nnef, Nausf, Nnrf, Npcf, Nudm, Naf, Namf, Nssaaf, Nsmf, Nhse, N1, N2, N3, N4, N6, BEST-C, BEST-U, EAS-C, and EAS- U are the serial numbers of the interfaces respectively.
  • the meaning and usage of these interface serial numbers can refer to the meaning defined in the 3GPP standard agreement, and there is no limitation here.
  • the UE data can still be authenticated and protected through the HSE.
  • the HSE cannot obtain CK and IK, so the key generation method under the 4G network architecture cannot be used.
  • HSE generates keys based on CK and IK, causing incompatibility when referencing the BEST service under the 4G network architecture to the 5G network architecture.
  • an embodiment of the present application provides a communication method.
  • the method can be implemented by the user equipment, the home network security node and the first network function.
  • the first network function may be an authentication service function and/or a unified data management function.
  • the user equipment is UE
  • the home network security node is HSE
  • the authentication service function is AUSF
  • the unified data management function is UDM as an example.
  • the method may include the following steps:
  • the UE sends a first request to the HSE, where the first request includes a first identifier of the UE.
  • the HSE receives the first request from the UE, where the first request includes the first identifier of the UE.
  • the method provided in this embodiment of the present application may be implemented in conjunction with a session establishment process to provide data security protection for the session of the UE.
  • the HSE sends a second request to the first network function, where the second request includes the second identifier of the UE.
  • the first network function may be AUSF and/or UDM.
  • the second request is, for example, an authentication vector acquisition request.
  • An authentication vector may be a set that includes a key or parameters used to derive the key.
  • the second identifier may be determined according to the first identifier.
  • the first identifier may be a UE's subscription concealed identifier (SUCI)
  • the second identifier may be a UE's permanent subscriber identifier (subscription concealed identifier, SUCI) determined according to the SUCI. permanent identifier, SUPI).
  • the first identity may be an identity allocated to the UE by the HSE
  • the second identity may be the SUPI of the UE.
  • the second identity may also be the same as the first identity, for example, both the first identity and the second identity are SUCI of the UE, or both are SUPI of the UE.
  • the first network function receives the second request from the HSE, and the second request includes the second identifier of the UE.
  • the second request may be sent by the HSE to the UDM.
  • the first network function is AUSF
  • the second request may be sent by the HSE to the AUSF, and then the AUSF may send a new request to the UDM, and the content of the new request may be the same as the second request.
  • the first network function generates a first key according to the second identifier of the UE.
  • the UDM can generate the CK and IK of the UE according to the second identity of the UE, and generate the first key according to the CK, IK and the first information.
  • the UDM can obtain the long-term key of the UE according to the second identity of the UE, and then generate the CK and IK of the UE according to the long-term key, and then the UDM can generate the first key according to the CK, IK and the first information.
  • the first information includes at least one of the service network (serving network, SN) name of the UE of the user equipment, the identifier of the home network security node, the SUPI of the user equipment, and the BEST service identifier.
  • the above-mentioned first information may include the UE's serving network (serving network, SN) name, or, the first information may be an HSE identification (HSE ID), UE's SUPI and BEST service identification, or, the first information may be UE's service network name, HSE ID, UE's SUPI and BEST service ID.
  • the first information may also be other parameters shared by the UE and the HSE. These parameters need to be sent by the HSE and/or the UE to the first network function. For example, the HSE carries these parameters in the second request.
  • the first information may also be parameters determined by the HSE, and the HSE may send these parameters to the UE and the first network function.
  • the first network function is UDM
  • the UDM can use CK and IK as keys, and use the service network name SQN or AK of the UE as an input parameter to derive Kausf, and Kausf is the first key at this time.
  • the UDM uses CK and IK or Kausf as keys, and uses the HSE ID or the UE's SUPI or BEST service ID as input parameters to derive Kbest, where Kbest is the first key.
  • the AUSF sends a fourth request to the UDM, where the fourth request may carry the second identifier of the UE.
  • the UDM can obtain the long-term key of the UE according to the second identity of the UE, and then generate the CK and IK of the UE according to the long-term key.
  • the UDM then generates a fourth key according to the CK, IK and first information.
  • the first information includes at least the service network name of the UE, and/or at least one of the HSE identifier, the UE SUPI or the BEST service identifier.
  • the UDM returns the fourth key to the AUSF.
  • the AUSF generates the first key according to the fourth key and the first information. This item may also include at least one of the identifier of the HSE, the SUPI of the UE or the BEST service identifier, or other parameters shared by the UE and the HSE, or parameters determined by the HSE.
  • the first network function is AUSF
  • UDM can use CK and IK or Kausf as keys to serve network name, and/or, SQN XOR AK, and/or, HSE ID, UE SUPI or BEST service ID At least one of them is the input parameter to derive a fourth key, and then the fourth key is sent to AUSF, and AUSF generates Kbest' according to the fourth key, and Kbest' at this time is the first key.
  • the second request may include indication information, and the first network function will execute S104 after receiving the indication information, that is, generate the first key.
  • the indication information may be used to indicate the security parameters of requesting BEST, such as requesting BEST authentication vector or requesting BEST key, or used to request 5G authentication and key agreement (5G authentication and key agreement, AKA) authentication vector or 5G AKA authentication key, or indicate that the requested authentication method is 5G AKA or BEST.
  • the UDM may also generate 5G AKA security parameters or BEST security parameters according to the indication information and return the security parameters in the response, where the security parameters include the first key.
  • the security parameters also include parameters such as authentication response, which are not limited. This explanation is applicable to all scenarios of this application, and will not be repeated hereafter.
  • the fourth request may include indication information, and after receiving the indication information, the UDM will execute S103, that is, generate the first key according to the encryption key, the integrity key, and the first information.
  • the indication information may be used to indicate the security parameters of requesting BEST, such as requesting BEST authentication vector or requesting BEST key, or for requesting 5G AKA authentication vector or 5G AKA authentication key, or indicating the requested authentication method is 5G AKA or BEST.
  • the HSE can use the existing services of UDM, such as UE authentication service.
  • the second request is UE authentication acquisition request (Nudm_UEAuthentication_Get), and the second request needs to carry instruction information, and UDM uses the instruction information Generate and return the first key.
  • This application also includes defining a new service in the UDM.
  • the second request is different from other requests in the UE authentication acquisition request, and is a service request dedicated to BEST authentication.
  • the UDM can generate and The first key is returned without carrying indication information in the second request.
  • the fourth request is a UE authentication acquisition request, and the fourth request needs to carry instruction information, and UDM generates and sends information according to the instruction information. Return said Kausf to AUSF.
  • This application also includes defining a new service in the UDM.
  • the fourth request is different from the other requests in the UE authentication acquisition request, and is a service request dedicated to BEST authentication.
  • the UDM can be generated according to the dedicated service and The Kausf is returned without carrying indication information in the fourth request.
  • the indication information may be carried by the AUSF, or obtained by the AUSF from the second request of the HSE, and then carried in the fourth request.
  • S104 The first network function sends the first key to the HSE.
  • the HSE receives the first key from the first network function.
  • the first network function may send the authentication vector to the HSE, and the HSE receives the authentication vector accordingly.
  • the authentication vector includes the first key.
  • the authentication vector may also include a random number, an authentication token, and RES or RES*.
  • RES* is generated using CK
  • S105 The HSE generates a second key according to the first key.
  • the second key includes a confidentiality protection key and/or an integrity protection key between the UE and the HSE.
  • the second key includes a confidentiality protection key, for example, the second key includes a confidentiality protection key and an integrity protection key.
  • the second key when the HSE receives an encryption instruction from the first network function, the second key includes a confidentiality protection key.
  • the second key may be an integrity protection key, or may include a confidentiality protection key and an integrity protection key. Key, just do not enable the confidentiality protection service, and do not use the confidentiality protection key.
  • the HSE may generate the second key according to the authentication vector.
  • the HSE judges whether the UE already has a legal key. If so, skip S102-S104 and execute S105; otherwise, if the HSE determines that the UE does not have a legal key, execute S102-S105.
  • legal keys include the first key or the second key.
  • the legal key of the UE may be obtained by the HSE during the session establishment process of the UE.
  • the HSE can store the correspondence between the SUPI of the UE and the legal key.
  • the HSE can query whether the UE has a legal key according to the SUPI, or, when receiving the SUPI carried in the first request, the HSE can query whether the UE has a valid key.
  • the HSE can obtain the SUPI of the UE according to the SUCI of the UE or the identity assigned to the UE by the HSE, and query whether the UE has a valid key according to the SUPI.
  • S106 The UE receives the random number.
  • the random number may be sent by the HSE, for example, after S104, the HSE sends the random number to the UE.
  • the random number is carried in the session start message.
  • An authentication token may also be sent in the session start message.
  • the UE generates an encryption key and an integrity key according to the random number and the root key of the UE.
  • CK is related to RAND, or in other words, CK is determined according to RAND.
  • IK is related to RAND, or in other words, IK is determined according to RAND.
  • S108 The UE generates a first key according to the encryption key, the integrity key, and the first information.
  • S109 The UE generates a second key according to the first key, where the second key includes a confidentiality protection key and/or an integrity protection key between the UE and the HSE.
  • the UE and/or the HSE may generate the second key according to the first key and the second information.
  • the second information may include the identifier of the HSE, the algorithm type identifier of the UE's BEST service, the serial number of the UE used to calculate the authentication token, the hidden key (anonymity key, AK), the UE's SUPI, a random number, or At least one of the authentication tokens.
  • the home network security node can obtain the first key, wherein the first key is generated according to the encryption key, the integrity key and the first information, therefore, the home network security node does not need to obtain the UE's encrypted
  • the secret key and the integrity key can obtain the first key, and then a security key for protecting user equipment data can be generated according to the first key. Therefore, this solution can provide a secure key acquisition method suitable for 5G network architecture and reduce the data security risk of user equipment.
  • the first key can be Kausf, Kbest or Kbest'.
  • Kausf can be determined according to at least one of CK and IK, and the service network name, the sequence number (sequence number, SQN) or AK used to determine the authentication token of the UE.
  • Kausf can be determined through a key derivation function (KDF) according to CK and IK, the service network name, the length of the service network name, the SQN XOR AK, and the length of the SQN XOR AK.
  • KDF key derivation function
  • the key derivation function is, for example, a secure hash algorithm 256 (secure hash algorithm 256, SHA-256) function, and the secure hash algorithm 256 is one of the hash-based message authentication code (hash-based message authentication code, HMAC) algorithms kind.
  • a secure hash algorithm 256 secure hash algorithm 256, SHA-256
  • the secure hash algorithm 256 is one of the hash-based message authentication code (hash-based message authentication code, HMAC) algorithms kind.
  • the serving network name of the UE may be carried in the first request and sent to the HSE, and the HSE sends it to the UDM through the second request or the AUSF through the fourth request.
  • the UDM uses the stored name of the serving network where the UE is authenticated or registered. If the HSE carries the service network name of the UE in the second request or the AUSF carries the service network name in the fourth request, the UDM can also judge whether the service network name carried in the HSE is correct according to the service network name where the UE is authenticated or registered.
  • AK may be related to RAND, for example, CK is determined according to RAND.
  • Kbest is a key deduced by Kausf.
  • the derivation method can be a new key generated by using the HMAC algorithm with Kausf as the key and additional parameters as the input transmission. For example, refer to the formula 1 Determine the new key.
  • the additional parameter may be HSE ID, SUPI, BEST service ID, etc., which are not limited.
  • the HSE can directly obtain the Kbest or the authentication vector including the Kbest from the UDM, or obtain the Kbest from the UDM through the AUSF, or obtain the authentication vector including the Kbest.
  • the authentication vector sent by UDM to AUSF may include at least one of Kausf, RAND, AUTN, RES or RES*, and AUSF further deduces Kbest according to Kausf.
  • the UDM can also derive the Kbest, and the AUSF forwards the Kbest or forwards the authentication vector including the Kbest to the HSE.
  • the AUTN can be derived according to the SQN, AK, AMF value and MAC value
  • the AMF value is a 16-bit field, which can be set.
  • the MAC value can be derived from the SQN, RAND and AMF values.
  • Kbest' can be determined according to at least one of CK and IK, and the service network name of the UE, the identity of the HSE, the SUPI, the BEST service identity, and the like.
  • CK can also be replaced by CK', and IK can be replaced by IK'.
  • 5G can use the extended authentication protocol 'authentication and key negotiation ( extensible authentication protocol-authentication and key agreement, EAP-AKA').
  • EAP-AKA' extensible authentication protocol-authentication and key agreement
  • CK' and IK' can be derived from CK and IK.
  • the following describes the method for the HSE to determine the second identity of the UE involved in S102 according to the first identity of the UE.
  • the first identifier may be SUCI
  • the second identifier may be SUPI
  • the HSE may determine the second identifier through UDM.
  • the UDM can decrypt the SUCI to obtain the SUPI. Therefore, when the HSE obtains the SUCI carried in the first request, it can send the UE's SUCI to the UDM, request the UE's SUPI, and then receive the SUPI returned by the UDM.
  • the HSE may send a third request to the UDM, which carries the UE's SUCI, and the third request may be a UE identity acquisition request.
  • the UDM may send a UE identity acquisition response message to the HSE, which carries the UE's SUPI.
  • the first identifier may be SUCI
  • the second identifier may be SUPI
  • the HSE may obtain the second identifier after processing the first identifier locally.
  • the HSE can be made to store a key that can be used to decrypt SUCI to obtain SUPI. For example, UE encrypts SUPI according to HSE's public key to obtain SUCI, and carries SUCI in the first request. After receiving the first request, HSE can decrypt SUCI in the first request according to HSE's private key to obtain UE's SUPI.
  • the first identifier may be an identifier assigned by the HSE to the UE, the second identifier is SUPI, and the HSE may obtain the second identifier after processing the first identifier locally.
  • the HSE may store the corresponding relationship between the identifier assigned by the HSE to the UE and the SUPI of the UE, for determining the SUPI of the UE corresponding to the identifier in the first request.
  • the HSE assigns an ID to the UE according to the SUPI of the UE
  • the HSE can store the correspondence between the ID of the UE and the SUPI of the UE, and send Before the second request, the SUPI of the UE corresponding to the UE identifier carried in the first request is determined according to the corresponding relationship.
  • S102-S104 may be skipped, and S105 may be executed.
  • an exemplary communication method provided by the embodiment of the present application may include the following steps:
  • S201 The UE sends a session request to the HSE, which carries a first identifier of the UE.
  • the session request may also include the service network name and/or encryption indication of the UE.
  • the encryption indication may be used to request encryption services.
  • S202 The HSE judges whether the UE has a legal key, if not, execute S203, and if yes, execute S206.
  • the first identifier is the SUPI of the UE.
  • the first identity is SUCI or an identity allocated by the HSE, and the HSE determines the SUPI of the UE according to the first identity.
  • the HSE sends an authentication vector acquisition request to the first network function, where the second identifier of the UE is carried.
  • the authentication vector acquisition request may include the UE's serving network name.
  • the first network function may be UDM or AUSF, and for the specific implementation manner of UDM or AUSF, refer to the description in S103.
  • the first network function generates a first key according to the second identifier of the UE, where the first information is required as an input parameter in a process of generating the first key.
  • the first information includes at least the service network name of the UE.
  • the first information may also include at least one of the HSE identifier, the UE's SUPI or the BEST service identifier. That is to say, the first key is at least generated according to the identity of the serving network name of the UE.
  • the first network function may obtain the serving network name of the UE according to the second identifier of the UE.
  • the first network function is UDM, and the UDM can acquire the service network name of the UE according to the second identifier of the UE.
  • the AUSF may query the UDM for the service network name of the UE according to the second identifier of the UE.
  • the first network function sends an authentication vector acquisition response message to the HSE, where the authentication vector is carried, and the authentication vector includes at least the first key.
  • the authentication vector may also include at least one of RAND, AUTN, RES or RES*.
  • the authentication vector acquisition response message may also include an encryption indication.
  • the HSE judges according to the encryption indication Whether to enable the confidentiality protection service with the UE.
  • S207 The HSE sends a session start message to the UE.
  • the session start message may include the RAND, or the HSE sends the RAND to the UE through other messages.
  • the way of acquiring RAND can refer to existing standards, which is not specifically limited in this application.
  • the session start message carries an identifier assigned by the HSE to the UE.
  • the UE may send a session start confirmation message to the HSE.
  • S208 The UE generates CK and IK according to the random number and the root key of the UE.
  • S209 The UE generates a first key according to the CK, the IK and the first information.
  • the first information here is the same as the first information used to generate the first key in S204.
  • S210 The UE generates a second key according to the first key.
  • timing of S207-S210 and S206 is not strictly limited, for example, S207-S210 may be executed before or after S206.
  • the UE and the HSE can obtain the second key respectively, wherein at least the service network name of the UE is introduced in the second key generation process, so the HSE does not need to know the CK and IK, and can be applied to the 5G network architecture.
  • the method shown in FIG. 6 is initiated according to the first identity of the UE, and is performed between the HSE and the first network function according to the second identity of the UE. It does not need to introduce the IMSI of the UE, and is better applicable to the 5G network architecture to support 5G BEST. If the first identifier is SUCI, it further satisfies the requirement that the UE communicates using SUCI to protect the security of SUPI transmission.
  • the UE can carry an encryption indication in the session request, and the HSE can generate a confidentiality protection key according to the encryption indication.
  • a communication method provided by an embodiment of the present application includes the following steps:
  • S301 The UE sends a session request to the HSE, which carries a first identifier of the UE.
  • the session request may also include the service network name of the UE.
  • the service network name of the UE can be used to indicate to obtain the encryption service.
  • S302 The HSE judges whether the UE has a legal key, if not, executes S303, and if yes, executes S306.
  • the first identifier is the SUPI of the UE.
  • the first identity is SUCI or an identity allocated by the HSE, and the HSE determines the SUPI of the UE according to the first identity.
  • the HSE sends an authentication vector acquisition request to the first network function, where the second identifier of the UE is carried.
  • the first network function may be UDM or AUSF, and for the specific implementation manner of UDM or AUSF, refer to the description in S103.
  • the first network function generates a first key according to the second identifier of the UE, where the first information is required as an input parameter in a process of generating the first key.
  • the first information may include at least one of the identifier of the HSE, the SUPI or the BEST service identifier of the UE. That is to say, the first key is generated according to at least one of the identifier of the HSE, the SUPI or the BEST service identifier of the UE.
  • the first network function sends an authentication vector acquisition response message to the HSE, where the authentication vector is carried, and the authentication vector includes at least the first key.
  • the authentication vector may also include at least one of RAND, AUTN, RES or RES*.
  • the authentication vector acquisition response message may also include an encryption indication.
  • the HSE will Serving network name or encryption indication, judging whether to enable the confidentiality protection service with the UE.
  • S307 The HSE sends a session start message to the UE.
  • the session start message may include the RAND, or the HSE sends the RAND to the UE through other messages.
  • the way of acquiring RAND can refer to existing standards, which is not specifically limited in this application.
  • the UE may send a session start confirmation message to the HSE.
  • S308 The UE generates CK and IK according to the random number and the root key of the UE.
  • S309 The UE generates a first key according to the CK, the IK and the first information.
  • the first information here is the same as the first information used to generate the first key in S204.
  • S310 The UE generates a second key according to the first key.
  • timing of S307-S310 and S306 is not strictly limited, for example, S307-S310 may be executed before or after S306.
  • the UE and the HSE can obtain the second key respectively, wherein at least one of RAND, AUTN, RES or RES* is introduced into the second key generation process, so the HSE does not need to know CK and IK , can be applied to 5G network architecture.
  • the method shown in Figure 7 is initiated according to the first identity of the UE, and is performed between the HSE and the first network function according to the second identity of the UE. It does not need to introduce the IMSI of the UE, and is better applicable to the 5G network architecture to support 5G BEST. If the first identifier is SUCI, it further satisfies the requirement that the UE communicates using SUCI to protect the security of SUPI transmission.
  • the UE can carry the service network name in the session request, and the HSE can generate a confidentiality protection key according to the service network name.
  • the Kausf generated in the main authentication of UE and PLMN can be used for implicit authentication instead of the explicit authentication method in 4G BEST.
  • implicit authentication means that there is no need for AUTN and RES authentication between UE and HSE
  • explicit authentication means that AUTN and RES authentication need to be performed between UE and HSE before key generation .
  • the premise of this implementation is that the UE and the network have completed the primary authentication, and both the UE and the AUSF have obtained the Kausf in the primary authentication. If the UE subscribes to the BEST service, the UDM will also return the BEST indication when returning the authentication vector to the AUSF in the main authentication.
  • the authentication vector may include Kausf and at least one of RAND, AUTN or RES.
  • AUSF pushes the generated Kbest and key ID (key ID) to HSE according to the instruction.
  • Subsequent UE can generate Kbest and key ID according to Kausf, and carry the key ID to initiate a session request to HSE, and HSE will find the corresponding Kbest according to the Key ID, that is, obtain the Kbest of UE.
  • the UE and the HSE can also share the same Kbest.
  • Kbest as the root key to derive the subsequent E2M or E2E key.
  • the generation of KBEST can consider introducing parameters such as BEST service code, SUPI, HSE ID; the calculation of Key ID can introduce parameters such as SUPI and key ID code. All derived keys can use Kausf.
  • Kausf may be used as a key, and parameters such as BEST service code, SUPI or HSE identification may be used as additional parameters.
  • Kausf can be used as the key, and parameters such as SUPI or key ID code can be used as additional parameters.
  • the key ID code is, for example, related to BEST temporary UE identifier (B-TID) or application authentication and key management (authentication and key management for applications, AKMA) temporary UE identifier (AKMA temporary UE identifier, A- TID) and so on, for example, strings such as B-TID or A-TID.
  • the communication method provided by the embodiment of the present application may include the following steps:
  • the UDM determines that the UE subscribes to the BEST service.
  • the UDM can query the subscription data of the UDM to determine whether the UE has subscribed to the BEST service.
  • the AUSF sends a UE authentication acquisition request to the UDM.
  • the UDM returns a UE authentication acquisition response message to the AUSF, which carries the UE's SUPI and indication information.
  • the indication information may be BEST indication, which means that the UE needs to use the BEST service.
  • AUSF stores the correspondence between Kbest and key ID.
  • the AUSF sends a key registration request to the HSE, which carries the SUPI, Kbest and key ID of the UE.
  • S407 UE generates Kbest and key ID according to Kausf.
  • S407 may be performed before or after the UE sends the session request, or after the Kausf is generated, which is not specifically limited. For example, when UE wants to establish a session, it generates Kbest and key ID.
  • S408 The UE sends a session request to the HSE, which carries a key ID.
  • the HSE acquires the Kbest corresponding to the key ID from the UE.
  • S410 The HSE generates a security key of the UE according to Kbest.
  • the security key of the UE includes a confidentiality protection key and/or an integrity protection key.
  • S411 The HSE sends a session start message to the UE.
  • S412 The UE generates a security key according to Kbest.
  • the security key of the UE includes a confidentiality protection key and/or an integrity protection key.
  • the HSE can query Kbest according to the key ID of the UE, so as to obtain the confidentiality protection key and/or integrity protection key of the UE according to Kbest.
  • This process reuses the result of UE main authentication and the key to complete the key sharing between UE and HSE, which saves the separate authentication process of UE and HSE, thus better matching the requirements of BEST for energy saving.
  • the key generation method under the 4G network architecture can be used, the UDM provides the CK and IK to the HSE, and the UE and the HSE generate the BEST key according to the CK and IK.
  • the HSE may send a UE authentication acquisition request to the UDM, and after receiving the UE authentication acquisition request, the UDM may generate a third key, or generate a third key through a new service other than the UE authentication service.
  • the third key may include CK and IK.
  • the UDM may generate the third key according to the indication information; otherwise, the UDM may generate the third key through services other than the UE authentication service.
  • the indication information here can be used to indicate the security parameters of requesting BEST, such as requesting BEST authentication vector or requesting BEST key, or used to request 5G authentication and key negotiation authentication vector or 5G AKA authentication key, or indicating the requested The authentication method is 5G AKA or BEST.
  • the UDM may send an authentication vector to the HSE, including the third key, and may also include at least one of RAND, AUTN, or RES, and the HSE generates the security key of the UE after receiving the authentication vector.
  • the UE generates a security key according to the same parameters.
  • the security key of the UE includes a confidentiality protection key and/or an integrity protection key.
  • the process of generating authentication keys by UE and HSE according to CK and IK may include the following steps:
  • S501 The UE sends a session request to the HSE, which carries the SUPI of the UE.
  • S502 The HSE judges whether the UE has a legal key according to the SUPI of the UE.
  • an authentication key for the UE may be generated according to the legal key, and then S506 is performed; otherwise, if there is no legal key, S503 is performed.
  • the HSE sends a BEST authentication vector acquisition request to the UDM, which carries the SUPI of the UE.
  • the UDM sends a BEST authentication vector acquisition response message to the HSE, which carries an authentication vector, the authentication vector includes the third key, and may also include at least one of RAND, AUTN, or RES.
  • the HSE can generate a security key for the UE according to the third key.
  • the security key of the UE includes a confidentiality protection key and/or an integrity protection key.
  • the same UE security key ie a confidentiality protection key and/or an integrity protection key, can be generated at the UE side.
  • S506 The HSE sends a session start message to the UE.
  • the UE returns a session start response message to the HSE.
  • the authentication vector consistent with the 4G BEST authentication vector can be obtained from the UDM, so that the UE and the HSE can complete the authentication and key generation while being better compatible with the existing security design, because the modification on the UE side is relatively difficult. Small.
  • the HSE when the UE accesses through the 4G network, the HSE can obtain the authentication vector through the HSS, that is, the HSS requests the UDM to obtain the authentication vector, and then the HSS sends it to the HSE.
  • the carried UE identifier is IMSI.
  • the HSS may send a UE authentication acquisition request to the UDM.
  • the UDM may generate the fourth key, or generate the fourth key through a new service other than the UE authentication service.
  • the UDM may generate the fourth key according to the indication information; otherwise, the UDM may generate the fourth key through services other than the UE authentication service.
  • the indication information here can be used to indicate the security parameters of requesting BEST, such as requesting BEST authentication vector or requesting BEST key, or used to request 5G authentication and key negotiation authentication vector or 5G AKA authentication key, or indicating the requested The authentication method is 5G AKA or BEST.
  • the fourth key may include CK and IK.
  • the UDM may send the authentication vector to the HSS, which includes the fourth key and may also include at least one of RAND, AUTN or RES.
  • the HSS forwards the authentication vector to the HSE, and the HSE generates the security key of the UE after receiving the authentication vector.
  • the UE generates a security key according to the same parameters.
  • the security key of the UE includes a confidentiality protection key and/or an integrity protection key.
  • generating the authentication key by UE and HSE according to CK and IK may include the following steps:
  • S601 The UE sends a session request to the HSE, which carries the IMSI of the UE.
  • S602 The HSE judges whether the UE has a legal key according to the IMSI of the UE.
  • an authentication key for the UE may be generated according to the legal key, and then S608 is executed; otherwise, if there is no legal key, S603 is executed.
  • the HSE sends an authentication information request to the HSS, carrying the IMSI of the UE.
  • the HSS sends a BEST authentication vector acquisition request to the UDM, which carries the IMSI of the UE.
  • the UDM sends a BEST authentication vector acquisition response to the HSS, which carries an authentication vector, the authentication vector includes the fourth key, and may also include at least one of RAND, AUTN, or RES.
  • the HSS sends an authentication information response message to the HSE, where the response message carries an authentication vector, where the authentication vector includes the fourth key, and may also include at least one of RAND, AUTN, or RES.
  • the HSE can generate a security key for the UE according to the fourth key.
  • the security key of the UE includes a confidentiality protection key and/or an integrity protection key.
  • the same confidentiality protection key and/or integrity protection key may be generated at the UE side.
  • the HSE sends a session start message to the UE.
  • the UE after receiving the session start message, the UE returns a session start response message to the HSE.
  • the authentication vector when the UE accesses through the 4G network, can be obtained from the UDM through the HSS, so that the UE can also use the 5G credentials to access the BEST service when accessing from the 4G network.
  • the HSE may also directly send an authentication service acquisition request to the UDM, the difference being that the authentication service acquisition request here carries the IMSI of the UE.
  • the embodiment of the present application further provides an apparatus 1100 for implementing the above method.
  • the device may be a software module or a system on a chip.
  • the system-on-a-chip may be composed of chips, or may include chips and other discrete devices.
  • the apparatus 1100 may include: a processing unit 1101 and a communication unit 1102 .
  • the device may include the HSE, UDM or UE shown in the above method embodiments, or a device having the functions of the HSE, UDM or UE shown in the above method embodiments.
  • the communication unit may also be referred to as a transceiver unit, and may include a sending unit and/or a receiving unit, respectively configured to perform the steps of sending and receiving by HSE, UDM or UE in the above method embodiments.
  • the communication unit 1102 may also be called a transceiver, a transceiver, a transceiver device, and the like.
  • the processing unit 1101 may also be called a processor, a processing board, a processing module, a processing device, and the like.
  • the device in the communication unit 1102 for realizing the receiving function may be regarded as a receiving unit
  • the device in the communication unit 1102 for realizing the sending function may be regarded as a sending unit, that is, the communication unit 1102 includes a receiving unit and a sending unit.
  • the communication unit 1102 may sometimes be called a transceiver, a transceiver, or a transceiver circuit and the like.
  • the receiving unit may sometimes be called a receiver, a receiver, or a receiving circuit, etc.
  • the sending unit may sometimes be called a transmitter, a transmitter, or a transmitting circuit, etc.
  • the communication unit 1102 may be configured to receive a first request from a UE, where the first request includes a first identifier of the UE.
  • the communication unit 1102 is further configured to send a second request to the first network function, where the second request includes a second identifier of the UE, and the second identifier is determined according to the first identifier, or the second identifier is the same as the first identifier.
  • the communication unit 1102 is further configured to receive a first key from the first network function, where the first key is generated according to the encryption key, the integrity key, and the first information.
  • the processing unit 1101 may be configured to generate a second key according to the first key, where the second key includes a confidentiality protection key and/or an integrity protection key between the UE and the HSE.
  • the first information includes at least one of the service network name of the UE, the HSE identifier, the SUPI of the UE, and the BEST service identifier.
  • the communication unit and the processing unit may also perform other operations, for example, the communication unit 1102 is used to perform the sending and receiving operations of the HSE in the method embodiments shown in FIGS.
  • the communication unit 1102 is used to perform the sending and receiving operations of the HSE in the method embodiments shown in FIGS.
  • other operations of the HSE except for the transceiving operation may refer to the foregoing description for details, and details are not repeated here.
  • the communication unit 1102 may be configured to receive a second request from the HSE, where the second request includes the second identifier of the UE.
  • the processing unit 1101 may be configured to generate an encryption key and an integrity key of the UE according to the second identity, and generate a first key according to the encryption key, the integrity key and the first information.
  • the communication unit 1102 is also configured to send the first key to the HSE.
  • the first information includes at least one of the service network name of the UE, the HSE identifier, the SUPI of the UE, and the BEST service identifier.
  • the communication unit and the processing unit may also perform other operations, for example, the communication unit 1102 is used to perform the UDM sending and receiving operations in the method embodiments shown in FIGS.
  • the communication unit 1102 is used to perform the UDM sending and receiving operations in the method embodiments shown in FIGS.
  • the communication unit 1102 is used to perform the UDM sending and receiving operations in the method embodiments shown in FIGS.
  • the communication unit 1102 may be configured to send a first request to the HSE, where the first request includes an identifier of the UE, and receive a random number sent by the HSE.
  • the processing unit 1101 may be configured to generate an encryption key and an integrity key according to the random number and the root key of the UE, generate a first key according to the encryption key, the integrity key, and the first information, and generate second key.
  • the second key includes a confidentiality protection key and/or an integrity protection key between the UE and the HSE.
  • the first information includes at least one of the service network name of the UE, the HSE identifier, the SUPI of the UE, and the BEST service identifier.
  • the communication unit and the processing unit may also perform other operations, for example, the communication unit 1102 is used to perform the UDM sending and receiving operations in the method embodiments shown in FIGS.
  • the communication unit 1102 is used to perform the UDM sending and receiving operations in the method embodiments shown in FIGS.
  • the communication unit 1102 is used to perform the UDM sending and receiving operations in the method embodiments shown in FIGS.
  • FIG. 12 is another communication device provided by the embodiment of the present application.
  • the device shown in FIG. 12 may be a hardware circuit implementation of the device shown in FIG. 11 .
  • the communication device may be applicable to the flow chart shown above, and execute the functions of the HSE, UDM or UE in the above method embodiments.
  • FIG. 12 only shows the main components of the communication device.
  • Apparatus 1200 may also include at least one memory 1230 for storing program instructions and/or data.
  • the memory 1230 is coupled to the processor 1220 .
  • the coupling in the embodiments of the present application is an indirect coupling or a communication connection between devices, units or modules, which may be in electrical, mechanical or other forms, and is used for information exchange between devices, units or modules.
  • Processor 1220 may cooperate with memory 1230 .
  • Processor 1220 may execute program instructions stored in memory 1230 . At least one of the at least one memory may be included in the processor.
  • the apparatus 1200 shown in FIG. 12 includes at least one processor 1220 and a communication interface 1210 , and the processor 1220 is configured to execute instructions or programs stored in a memory 1230 .
  • the processor 1220 is used to perform operations performed by the processing unit 1101 in the above embodiments
  • the communication interface 1210 is used to perform operations performed by the communication unit 1102 in the above embodiments.
  • the communication interface may be a transceiver, a circuit, a bus, a module, or other types of communication interfaces.
  • the transceiver when the communication interface is a transceiver, the transceiver may include an independent receiver and an independent transmitter; it may also be a transceiver integrated with a transceiver function, or be a communication interface.
  • Apparatus 1200 may also include a communication link 1240 .
  • the communication interface 1210, the processor 1220 and the memory 1230 can be connected to each other through the communication line 1240;
  • the communication line 1240 can be a peripheral component interconnect standard (peripheral component interconnect, referred to as PCI) bus or an extended industry standard architecture (extended industry standard architecture , referred to as EISA) bus and so on.
  • PCI peripheral component interconnect
  • EISA extended industry standard architecture
  • the communication line 1240 can be divided into address bus, data bus, control bus and so on. For ease of representation, only one thick line is used in FIG. 12 , but it does not mean that there is only one bus or one type of bus.
  • the present application also provides a communication system, configured to execute the method provided in any of the above processes, for example, execute any of the processes in FIG. 5 to FIG. 10 .
  • the communication system may include the architecture shown in FIG. 5 .
  • the present application also provides a computer-readable storage medium for storing a computer program, and the computer program includes instructions for executing the method provided in any of the processes above.
  • the present application also provides a computer program product, the computer program product comprising: computer program code, when the computer program code is run on a computer, the computer is made to execute the method provided in any one of the processes above.
  • the present application also provides a chip, including a processor, the processor is coupled with the memory, and is used to execute the computer program or instruction stored in the memory, when the processor executes the computer program or instruction, so that The methods provided in either flow above are implemented.
  • the embodiments of the present application may be provided as methods, systems, or computer program products. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, optical storage, etc.) having computer-usable program code embodied therein.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the instructions
  • the device realizes the function specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

一种通信方法及装置,其中方法包括:归属网络安全节点可接收来自用户设备的第一请求,第一请求包括用户设备的第一标识。归属网络安全节点还可向第一网络功能发送第二请求,第二请求包括用户设备的第二标识,并接收来自于第一网络功能的第一密钥,第一密钥根据加密密钥、完整性密钥和第一信息生成。归属网络安全节点可根据第一密钥生成第二密钥,第二密钥包括机密性保护密钥和/或完整性保护密钥。其中,第一信息包括用户设备的服务网络名称、归属网络安全节点的标识、用户设备的SUPI,以及BEST服务标识中的至少一个。该过程提供了适用于5G网络架构的安全密钥获取方式,能够降低用户设备的数据安全风险。

Description

一种通信方法及装置
相关申请的交叉引用
本申请要求在2021年5月10日提交中华人民共和国知识产权局、申请号为202110504785.6、发明名称为“一种通信方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请涉及通信技术领域,尤其涉及一种通信方法及装置。
背景技术
在无线通信领域,为了低吞吐量的机器类型通信设备,4G技术中定义了省电的安全方案,称为为低吞吐量机器类型通信设备设计的省电安全(battery efficient security for very low throughput machine type communication devices,BEST)。其主要目的是通过4G网络架构中的归属公共陆地移动网(home public land mobile network,HPLMN)安全节点(HPLMN security endpoint,HSE)与用户设备(user equipment,UE)分别根据UE的加密密钥(cipher key,CK)和完整性密钥(integrity key,IK)推导出用于保护UE数据的安全密钥,用于保护UE的数据安全。
然而,在5G架构下,HSE是不能获取到UE的CK和IK的,无法根据CK和IK推导安全密钥,因此,4G技术的BEST认证方式不能完全适用在5G架构,导致UE的数据安全风险增加。
发明内容
本申请实施方式的目的在于提供一种通信方法及装置,用以提供适用于5G等网络架构的安全密钥获取方式,以降低5G等网络架构下用户设备的数据安全风险。
第一方面,本申请实施例提供一种通信方法。该方法可由归属网络安全节点执行,包括:归属网络安全节点可接收来自用户设备的第一请求,第一请求包括用户设备的第一标识。归属网络安全节点还可向第一网络功能发送第二请求,第二请求包括用户设备的第二标识,第二标识根据第一标识确定,或者第二标识与第一标识相同。归属网络安全节点接收来自于第一网络功能的第一密钥,第一密钥根据加密密钥、完整性密钥和第一信息生成。归属网络安全节点可根据第一密钥生成第二密钥,第二密钥包括用户设备与归属网络安全节点之间的机密性保护密钥和/或完整性保护密钥。其中,第一信息包括:用户设备的服务网络名称、归属网络安全节点的标识、用户设备的SUPI,以及BEST服务标识中的至少一个。
通过上述方法,归属网络安全节点可获取第一密钥,其中,第一密钥是根据加密密钥、完整性密钥和第一信息生成的,因此,归属网络安全节点不需要获取UE的加密密钥和完整性密钥就能够获得第一密钥,后续可根据第一密钥生成用于保护用户设备数据的安全密钥。因此该方案能够提供适用于5G及其他网络架构的安全密钥获取方式,能够降低用户设备的数据安全风险。
一种可能的设计中,用户设备的第一标识包括用户设备的SUCI,用户设备的第二标识包括用户设备的SUPI,归属网络安全节点向第一网络功能发送第二请求之前,还可包括:归属网络安全节点根据SUCI获取用户设备的SUPI。或者,归属网络安全节点根据归属网 络安全节点的私钥解密SUCI获得SUPI,其中,SUCI是根据归属网络安全节点的公钥加密SUPI获得的。
一种可能的设计中,用户设备的第一标识包括归属网络安全节点为用户设备分配的标识,用户设备的第二标识包括用户设备的SUPI,归属网络安全节点向第一网络功能发送第二请求之前,还可包括:归属网络安全节点根据归属网络安全节点为用户设备分配的标识获取用户设备的SUPI。
一种可能的设计中,归属网络安全节点根据SUCI获取用户设备的SUPI,可包括:归属网络安全节点向第一网络功能发送用户设备的SUCI;归属网络安全节点接收来自于第一网络功能的SUPI。
一种可能的设计中,如果第二标识与第一标识相同,则第一标识包括用户设备的SUCI和/或SUPI。
通过上述方法,用户设备与归属网络安全节点之间基于用户设备的SUCI、SUPI或归属网络安全节点为UE分配的标识进行通信,而可以不使用IMSI进行通信,以适用于5G等网络架构下的通信方式。另外,通过SUCI进行认证和密钥推导能够进一步提高安全性。
一种可能的设计中,第二请求为用户设备认证获取请求,用户设备认证获取请求还可包括指示信息,指示信息用于指示根据加密密钥、完整性密钥和第一信息生成第一密钥。
一种可能的设计中,第一请求还包括用户设备的服务网络名称,第二请求还包括服务网络名称。
一种可能的设计中,第一网络功能包括认证服务功能或统一数据管理功能。
一种可能的设计中,归属网络安全节点可向用户设备发送随机数和/或认证令牌。
一种可能的设计中,归属网络安全节点根据第一密钥生成第二密钥,包括:归属网络安全节点根据第一密钥和第二信息生成第二密钥,第二信息包括以下中的至少一个:归属网络安全节点的标识、用户设备的BEST服务的算法类型标识符、用户设备中用于计算认证令牌的序列号、隐藏密钥、用户设备的SUPI、随机数,或者认证令牌。第二信息可来自于第一网络功能。
一种可能的设计中,第一请求还包括加密指示,还可包括:归属网络安全节点开启加密服务。若开启加密服务,则第二密钥包括机密性保护密钥。
一种可能的设计中,在归属网络安全节点根据第一密钥生成第二密钥之前,还可包括:归属网络安全节点接收来自于第一网络功能的加密指示;归属网络安全节点根据加密指示判断是否开启用户设备的用户面加密服务。
第二方面,提供一种通信方法。该通信方法可由统一数据管理功能执行,包括:统一数据管理功能接收来自于归属网络安全节点的第二请求,第二请求包括用户设备的第二标识。统一数据管理功能可根据第二标识生成用户设备的加密密钥和完整性密钥,并根据加密密钥、完整性密钥和第一信息生成第一密钥。统一数据管理功能可向归属网络安全节点发送第一密钥。其中,第一信息包括:用户设备的服务网络名称、归属网络安全节点的标识、用户设备的SUPI,以及BEST服务标识中的至少一个。
一种可能的设计中,该方法还可包括:统一数据管理功能接收来自于归属网络安全节点的用户设备的SUCI;统一数据管理功能根据SUCI确定用户设备的SUPI;统一数据管理功能向归属网络安全节点发送用户设备的SUPI。
一种可能的设计中,第二标识可包括用户设备的SUCI或SUPI。
一种可能的设计中,该方法还可包括:统一数据管理功能向归属网络安全节点发送加密指示。
一种可能的设计中,第二请求为用户设备认证获取请求,用户设备认证获取请求还包括指示信息,统一数据管理功能根据加密密钥和完整性密钥和第一信息生成第一密钥,可包括:统一数据管理功能在收到指示信息后,根据加密密钥和完整性密钥和第一信息生成第一密钥。
一种可能的设计中,第二请求还可包括用户设备的服务网络名称。
或者,方法还可包括:统一数据管理功能根据第二标识确定用户设备的注册的或认证的或所在的服务网络名称。
一种可能的设计中,统一数据管理功能可向归属网络安全节点发送第二信息,第二信息包括以下中的至少一个:归属网络安全节点的标识、用户设备的BEST服务的算法类型标识符、用户设备中用于计算认证令牌的序列号、隐藏密钥、用户设备的SUPI、随机数,或者认证令牌。
第三方面,提供一种通信方法。该通信方法可由用户设备执行,包括:用户设备向归属网络安全节点发送第一请求,第一请求包括用户设备的标识。用户设备还可接收归属网络安全节点发送的随机数。用户设备可根据随机数以及用户设备的根密钥生成加密密钥和完整性密钥,用户设备根据加密密钥、完整性密钥和第一信息生成第一密钥,并根据第一密钥生成第二密钥。第二密钥包括用户设备与归属网络安全节点之间的机密性保护密钥和/或完整性保护密钥。其中,第一信息包括:用户设备的服务网络名称、归属网络安全节点的标识、用户设备的SUPI,以及BEST服务标识中的至少一个。
一种可能的设计中,用户设备根据第一密钥生成第二密钥,可包括:根据第一密钥和第三信息生成第二密钥;第三信息包括以下中的至少一个:归属网络安全节点的标识、用户设备的BEST服务的算法类型标识符、用户设备中用于计算认证令牌的序列号、隐藏密钥、用户设备的SUPI、随机数,或者认证令牌。
一种可能的设计中,第一请求还包括用户设备的服务网络名称;和/或第一请求还包括加密指示,加密指示用于指示用户设备请求用户面加密服务。
一种可能的设计中,用户设备的标识包括用户设备的SUCI、SUPI或归属网络安全节点为用户设备分配的标识。
第四方面,本申请实施例提供一种通信装置,所述通信装置包括处理器,所述处理器与存储器耦合,其中:存储器用于存储指令;处理器用于根据执行存储器存储的指令,以执行上述第一方面至第三方面或以上方面中任一种可能的设计中的方法。可选的,所述通信装置还可以包括所述存储器。可选的,所述通信装置还可以包括收发器,用于支持所述通信装置进行上述方法中的信息发送和/或接收。可选的,该通信装置可以是终端设备,也可以是终端设备中的装置,如芯片或者芯片系统,其中所述芯片系统包含至少一个芯片,所述芯片系统还可以包括其他电路结构和/或分立器件。
第五方面,本申请实施例提供一种通信装置,用于实现上述第一方面至第三方面或以上方面中任一种可能的设计中的方法,包括相应的功能模块,例如包括处理单元、通信单 元等,分别用于实现以上方法中的步骤。
第六方面,本申请实施例提供一种计算机可读存储介质,所述计算机存储介质中存储有计算机可读指令,当计算机读取并执行所述计算机可读指令时,使得通信装置执行第一方面至第三方面或以上方面中任一种可能的设计中的方法。
第七方面,本申请实施例提供一种计算机程序产品,当计算机读取并执行所述计算机程序产品时,使得通信装置执行第一方面至第三方面或以上方面中任一种可能的设计中的方法。
第八方面,本申请实施例提供一种芯片,所述芯片与存储器相连,用于读取并执行所述存储器中存储的软件程序,以执行第一方面至第三方面或以上方面中任一种可能的设计中的方法。
第九方面,本申请实施例提供一种通信装置,包括处理器,所述处理器用于与收发器耦合,读取并执行所述存储器中的指令,以执行第一方面至第三方面或以上方面中任一种可能的设计中的方法。
第十方面,本申请实施例提供一种通信系统,包括用于执行第一方面或第一方面中任一种可能的设计中的方法的装置、用于执行第二方面或第二方面中任一种可能的设计中的方法的装置,和用于执行第三方面或第三方面中任一种可能的设计中的方法的装置。
以上第二方面至第十方面的有益效果可以参照第一方面中有益效果的描述。
附图说明
图1为本申请实施例提供的一种通信系统的架构示意图;
图2为4G BEST方案的网络架构示意图;
图3为4G BEST方案的密钥架构示意图;
图4为本申请实施例提供的一种通信系统的架构示意图;
图5为本申请实施例提供的一种通信方法的流程示意图;
图6为本申请实施例提供的另一种通信方法的流程示意图;
图7为本申请实施例提供的另一种通信方法的流程示意图;
图8为本申请实施例提供的另一种通信方法的流程示意图;
图9为本申请实施例提供的另一种通信方法的流程示意图;
图10为本申请实施例提供的另一种通信方法的流程示意图;
图11为本申请实施例提供的一种通信装置的结构示意图;
图12为本申请实施例提供的另一种通信装置的结构示意图。
具体实施方式
为了使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请作进一步地详细描述。方法实施例中的具体操作方法也可以应用于装置实施例或系统实施例中。
下面对本申请涉及术语进行解释:
至少一个,是指一个,或一个以上,即包括一个、两个、三个及以上。
多个,是指两个,或两个以上,即包括两个、三个及以上。
携带,可以是指某消息用于承载某信息或数据,也可以是指某消息由某信息构成。
耦合是指装置、单元或模块之间的间接耦合或通信连接,可以是电性,机械或其它的形式,用于装置、单元或模块之间的信息交互。
本申请实施例中,“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B的情况,其中A、B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一(项)个”或其类似表达,是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a、b或c中的至少一项(个),可以表示:a,b,c,a和b,a和c,b和c,或a、b和c,其中a、b、c可以是单个,也可以是多个。
下面,结合附图对本申请实施例进行详细说明。首先,介绍本申请实施例提供的无线通信系统,本申请提供的中的通信方法可应用于该系统,然后介绍本申请实施例提供的通信方法,最后介绍本申请实施例提供的通信装置。
如图1所示,本申请实施例提供的无线通信系统100可包括终端设备101以及网络设备102。
应理解,本申请实施例提供的无线通信系统100,即可适用于低频场景(sub 6G),也适用于高频场景(above6G)。本申请实施例提供的无线通信系统100的应用场景包括但不限于宽带码分多址(wideband code division multiple access,WCDMA)系统、通用分组无线业务(general packet radio service,GPRS)、长期演进(long term evolution,LTE)系统、LTE频分双工(frequency division duplex,FDD)系统、LTE时分双工(time division duplex,TDD)、通用移动通信系统(universal mobile telecommunication system,UMTS)、全球互联微波接入(worldwide interoperability for microwave access,WiMAX)通信系统、第五代系统或新无线(new radio,NR)通信系统等。
以上所示终端设备101可以是用户设备、终端(terminal)、移动台(mobile station,MS)、移动终端(mobile terminal)等设备,该终端设备101能够与一个或多个通信系统的一个或多个网络设备进行通信,并接受网络设备提供的网络服务,这里的网络设备包括但不限于图示网络设备102。举例来说,本申请实施例中的终端设备101可以是移动电话(或称为“蜂窝”电话)、具有移动终端的计算机等,终端设备101还可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动装置。终端设备101也可以是具有通信模块的通信芯片。
以上所示网络设备102可包括本申请所述的接入网设备(或称接入网站点)。具体的,网络设备102可包括接入网设备。在本申请中,接入网设备是指有提供网络接入功能的设备,如无线接入网(radio access network,RAN)基站等等。网络设备102具体可包括基站(base station,BS),或包括基站以及用于控制基站的无线资源管理设备等,该网络设备102可以为中继站(中继设备)、接入点、车载设备、可穿戴设备以及未来5G等网络中的基站、未来演进的公共陆地移动网络(public land mobile network,PLMN)网络中的基站或者NR基站等,本申请实施例并不限定。网络设备102也可以是具有通信模块的通信芯片。
在本申请所述方法的执行过程中,网络设备102可作为RAN基站向终端设备101提供无线网络连接,例如,网络设备102可作为4G接入网——演进的通用移动通信系统(universal mobile telecommunications system,UMTS)陆地无线接入网(evolved UMTS terrestrial radio access network,E-UTRAN)中的接入网基站,或者,网络设备102可作为5G接入网——5G RAN中的接入网基站,或者,网络设备102可作为未来无线通信系统中 的接入网基站。
目前,4G为低吞吐量的机器类型通信设备定义了省电的安全方案,称为BEST,图2描述了该方案的网络架构。主要目的是通过HSE完成与UE的认证以及密钥生成,从而推导出用于保护UE数据的安全密钥,密钥整体架构如图3所示。
其中,4G网络架构下,HSE与归属用户服务器(home subscriber server,HSS)之间的交互存在两种可能性,一种是HSE与HSS之间通过接口直接交互,一种是经过端到中间密钥服务器(end to middle key server,EMKS)与HSS交互。为了简化表达,本申请后续所述流程均以第一种方式为代表,但实际应用HSE可以通过EMKS与HSS进行交互。
基于图4架构,根据UE到企业应用服务器(enterprise application server,EAS)数据保护方式的不同,UE和HSE会生成不同的密钥:
一种保护方式中,UE和EAS进行端到端(end to end,E2E)保护,此时HSE需要为EAS生成中间密钥和EAS特定的预共享密钥,即图3中的K Intermediate和K EAS_PSK。然后EAS与UE根据K EAS_PSK再生成E2E安全密钥,即图3中农的K E2Eenc和K E2Eint,分别为机密性保护密钥和完整性保护密钥。
另一种保护方式中,UE、HSE和EAS进行逐跳(hop-by-hop)保护,此时HSE只需要生成其与UE之间的安全密钥,即图3中的K E2Menc和K E2Mint
其中,在上述方式中的密钥生成过程中,UE可会携带IMSI向HSE请求建立会话,HSE判断该UE是否需要生成密钥,也就是判断是否有该UE的具备有效计数器值的有效密钥,判断的方式具体如下:
情况1)如果HSE拥有指示的会话的有效密钥集,且UE ID对该会话有效,那么HSE可以开始BEST会话,而无需重新协商密钥。
情况2)如果UE ID对HSE来说有效,但HSE没有指示的会话的有效密钥集,或HSE希望更新密钥,那么HSE则需要与UE先重新协商密钥,再发起BEST会话。
情况3)如果UE ID对该会话ID无效,或者UE不支持HSE要求的服务级别,或者企业信息对HSE无效,则HSE可能会拒绝该命令。
为简化表达,本申请后续将上述判断是否有该UE的具备有效计数器值的有效密钥过程称为HSE判断该UE是否已有合法的密钥,且对上述情况2)称为HSE判断UE没有合法的密钥,如果没有则HSE会从HSS获取鉴权向量,鉴权向量包括随机数(RAND)、认证令牌(AUTN)、CK和IK,HSE根据鉴权向量计算HSE密钥。HSE会向UE发送RAND和AUTN供UE认证,UE校验AUTN成功后,可以向HSE返回验证数据(RES)供HSE校验,也可以不返回。认证成功后,UE和HSE会根据CK和IK推导生成其他密钥,包括但不限于K E2Eenc、K E2Eint、K E2Menc和K E2Mint
目前,在将BEST服务引用到5G网络架构时,存在不兼容的问题,下面结合5G网络架构进行说明。
如图4所示,5G网络架构可包括三部分,分别是UE、数据网络(data network,DN)和运营商网络。
其中,运营商网络可包括网络切片选择(network slice selection function,NSSF)、网络开放功能(network exposure function,NEF)、网络存储功能(network function repository function,NRF)、策略控制功能(policy control function,PCF)、统一数据管理(unified data management,UDM)、应用功能(application function,AF)、网络切片特定鉴权和授权功 能(network slice specific authentication and authorization function,NSSAAF)、鉴权服务器功能(authentication server function,AUSF)、接入与移动性管理功能(access and mobility management function,AMF)、会话管理功能(session management function,SMF)、(无线)接入网((radio)access network,(R)AN)、HSE、EAS以及用户面功能(user plane function,UPF)等网络功能(network function,NF)。上述运营商网络中,除(无线)接入网部分之外的部分可以称为核心网络(CN)部分。为方便说明,后续以(R)AN称为RAN为例进行说明。
本申请中,用户设备可以包括图4所示UE。UE可以是一种具有无线收发功能的设备,其可以部署在陆地上,包括室内或室外、手持或车载;也可以部署在水面上(如轮船等);还可以部署在空中(例如飞机、气球和卫星上等)。所述UE可以是手机(mobile phone)、平板电脑(pad)、带无线收发功能的电脑、虚拟现实(virtual reality,VR)终端、增强现实(augmented reality,AR)终端、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程医疗(remote medical)中的无线终端、智能电网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端等。UE还可以是图1所示终端设备101。
上述UE可通过运营商网络提供的接口(例如N1等)与运营商网络建立连接,使用运营商网络提供的数据和/或语音等服务。UE还可通过运营商网络访问DN,使用DN上部署的运营商业务,和/或第三方提供的业务。其中,上述第三方可为运营商网络和UE之外的服务方,可为UE提供他数据和/或语音等服务。其中,上述第三方的具体表现形式,具体可根据实际应用场景确定,在此不做限制。
此外,本申请中的归属网络安全节点,可包括图4所示HSE,在未来通信如6G中,归属网络安全节点仍可以是HSE,或有其它的名称,本申请不做限定。认证服务功能可包括图4所示AUSF,在未来通信如6G中,认证服务功能仍可以是AUSF,或有其它的名称,本申请不做限定。统一数据管理功能可包括图4所示UDM,在未来通信如6G中,统一数据管理功能仍可以是UDM,或有其它的名称,本申请不做限定。
图4中Nnssf、Nnef、Nausf、Nnrf、Npcf、Nudm、Naf、Namf、Nssaaf、Nsmf、Nhse、N1、N2、N3、N4、N6、BEST-C、BEST-U、EAS-C,以及EAS-U分别为接口序号。这些接口序号的含义和用途可参见3GPP标准协议中定义的含义,在此不做限制。
在图4所示5G网络架构中,仍可通过HSE对UE的数据进行认证和保护,但是,由于5G网络架构中,HSE无法获得CK和IK,因此无法沿用4G网络架构下密钥的生成方式由HSE根据CK和IK生成密钥,造成将4G网络架构下的BEST服务引用到5G网络架构时的不兼容问题。
为了解决该技术问题,使得BEST服务能够在5G中实施,本申请实施例提供一种通信方法。该方法可由用户设备、归属网络安全节点和第一网络功能实施。其中,第一网络功能可以是认证服务功能和/或统一数据管理功能。下面为了方便说明,以用户设备是UE,归属网络安全节点是HSE,认证服务功能是AUSF以及统一数据管理功能是UDM为例进行说明。
如图5所示,该方法可包括以下步骤:
S101:UE向HSE发送第一请求,第一请求包括UE的第一标识。
相应地,HSE接收来自UE的第一请求,第一请求包括UE的第一标识。
可选的,第一请求为会话建立请求或称会话请求,则本申请实施例提供的方法可结合会话建立过程实施,用于为UE的该会话提供数据安全保护。
S102:HSE向第一网络功能发送第二请求,第二请求包括UE的第二标识。第一网络功能可以是AUSF和/或UDM。第二请求例如是认证向量获取请求。认证向量可以是包括密钥或用于推导密钥的参数的集合。
其中,第二标识可根据第一标识确定,例如,第一标识可以是UE的用户隐藏标识(subscription concealed identifier,SUCI),则第二标识可以是根据该SUCI确定的UE的用户永久标识(subscription permanent identifier,SUPI)。又如,第一标识可以是HSE为UE分配的标识,第二标识可以是UE的SUPI。
另外,第二标识也可以与第一标识相同,例如,第一标识和第二标识均为UE的SUCI,或均为UE的SUPI。
相应地,第一网络功能接收来自于HSE的第二请求,第二请求包括UE的第二标识。
可选的,如果第一网络功能包括UDM,第二请求可由HSE发送至UDM。如果第一网络功能为AUSF,第二请求可由HSE发送至AUSF,之后由AUSF向UDM发送新的请求,该新的请求内容可以与第二请求相同。
S103:第一网络功能根据UE的第二标识生成第一密钥。
其中,如果第一网络功能为UDM,则UDM可根据UE的第二标识生成UE的CK和IK,并根据CK、IK和第一信息生成第一密钥。其中,UDM可根据UE的第二标识获取UE的长期密钥,然后根据长期密钥生成UE的CK和IK,之后UDM可根据CK、IK和第一信息生成第一密钥。
其中,第一信息包括用户设备的UE的服务网络(serving network,SN)名称、归属网络安全节点的标识、用户设备的SUPI,以及BEST服务标识中的至少一个。例如,上述第一信息可包括UE的服务网络(serving network,SN)名称,或者,第一信息可以是HSE的标识(HSE ID)、UE的SUPI以及BEST服务标识,或者,第一信息可以是UE的服务网络名称、HSE的标识、UE的SUPI以及BEST服务标识。此外,第一信息还可以是由UE和HSE共享的其他参数,这些参数需要由HSE和/或UE发送给第一网络功能,例如,HSE在第二请求中携带这些参数。第一信息还可以是HSE确定的参数,HSE可将这些参数发送至UE和第一网络功能。
例如,第一网络功能为UDM,UDM可使用CK和IK为密钥,以UE的服务网络名称SQN异或AK为输入参数推导出Kausf,此时Kausf即第一密钥。或者,UDM使用CK和IK或Kausf为密钥,以HSE的标识或UE的SUPI或BEST服务标识为输入参数推导出Kbest,此时Kbest即第一密钥。
如果第一网络功能为AUSF,则AUSF接收第二请求后,向UDM发送第四请求,第四请求可携带UE的第二标识。UDM可根据UE的第二标识获取UE的长期密钥,然后根据长期密钥生成UE的CK和IK。UDM再根据CK、IK和第一信息生成第四密钥,第一信息至少包括UE的服务网络名称,和/或,HSE的标识、UE的SUPI或者BEST服务标识中的至少一个。UDM向AUSF返回第四密钥。AUSF根据第四密钥和第一信息生成第一密钥。此一项新还可包括HSE的标识、UE的SUPI或者BEST服务标识中的至少一个,或包括由UE和HSE共享的其他参数,或包括HSE确定的参数。
例如,第一网络功能为AUSF,可由UDM使用CK和IK或Kausf为密钥,以服务网络名称,和/或,SQN异或AK,和/或,HSE的标识、UE的SUPI或者BEST服务标识中的至少一个为输入参数推导出第四密钥,之后将第四密钥发送至AUSF,由AUSF根据第四密钥生成Kbest’,此时的Kbest’为第一密钥。
如果第一网络功能是UDM,则第二请求可包括指示信息,第一网络功能会在接收到该指示信息后,执行S104,即根据加密密钥、完整性密钥和第一信息生成第一密钥。示例性的,指示信息可以是用于指示请求BEST的安全参数,如请求BEST认证向量或请求BEST密钥,或者是用于请求5G认证和秘钥协商(5G authentication and key agreement,AKA)认证向量或5G AKA认证密钥,或者指示请求的认证方法为5G AKA或BEST。
需要说明的是,本申请中UDM也可以根据指示信息生成5G AKA的安全参数或BEST的安全参数并在响应中返回所述安全参数,其中安全参数包括所述第一密钥。安全参数还包含认证响应等参数,不作限定。该解释适用本申请所有场景,后续不再赘述。
如果第一网络功能是AUSF,则第四请求可包括指示信息,UDM会在接收到该指示信息后,执行S103,即根据加密密钥、完整性密钥和第一信息生成第一密钥。示例性的,指示信息可以是用于指示请求BEST的安全参数,如请求BEST认证向量或请求BEST密钥,或者是用于请求5G AKA认证向量或5G AKA认证密钥,或者指示请求的认证方法为5G AKA或BEST。
若第一网络功能是UDM,HSE可以使用UDM已有的服务,如UE认证服务,此时第二请求为UE认证获取请求(Nudm_UEAuthentication_Get),则第二请求中需要携带指示信息,UDM根据指示信息生成并返回第一密钥。本申请还包含在所述UDM中定义新的服务,此时第二请求为不同于UE认证获取请求中的其他请求,为专用于BEST认证的服务请求,此时UDM可以根据专用的服务生成并返回第一密钥,而无需在第二请求中携带指示信息。
若第一网络功能为AUSF,则AUSF可以使用UDM已有的服务,如UE认证服务,此时第四请求为UE认证获取请求,则第四请求中需要携带指示信息,UDM根据指示信息生成并向AUSF返回所述Kausf。本申请还包含在所述UDM中定义新的服务,此时第四请求为不同于UE认证获取请求中的其他请求,为专用于BEST认证的服务请求,此时UDM可以根据专用的服务生成并返回所述Kausf,而无需在第四请求中携带指示信息。其中指示信息可以是AUSF携带,也可以是AUSF从HSE的第二请求中获取,然后携带在第四请求中。
S104:第一网络功能向HSE发送第一密钥。
相应地,HSE接收来自于第一网络功能的第一密钥。
可选的,第一网络功能可向HSE发送认证向量,相应地,HSE接收认证向量。认证向量包括第一密钥。其中,认证向量还可包括随机数、认证令牌和RES或RES*。RES*是使用CK||IK为密钥,UE的服务网络名称、RAND和RES为输入参数生成的。
S105:HSE根据第一密钥生成第二密钥。
第二密钥包括UE与HSE之间的机密性保护密钥和/或完整性保护密钥。
其中,如果第一请求中携带加密指示,则第二密钥包括机密性保护密钥,例如,第二密钥包括机密性保护密钥和完整性保护密钥。或者,HSE接收到来自于第一网络功能的加密指示,则第二密钥包括机密性保护密钥。如果第一请求中未包括加密指示,且HSE未接 收到来自于第一网络功能的加密指示,则第二密钥可以是完整性保护密钥,也可以包括机密性保护密钥和完整性保护密钥,只是不开启机密性保护服务,不使用机密性保护密钥即可。
可选的,如果HSE接收认证向量,HSE可根据认证向量生成第二密钥。
另外,可选的,HSE在S101之后,HSE判断该UE是否已有合法的密钥。如果有,则跳过S102-S104,执行S105即可;否则,如果HSE判断UE没有合法的密钥,则可以执行S102-S105。本申请后续,合法的密钥包括第一密钥或第二密钥。
可选的,UE的合法的密钥可以是UE此前建立会话的过程中HSE获取的。HSE可存储UE的SUPI与合法密钥之间的对应关系,当接收到第一请求中携带的SUPI后,HSE可根据SUPI查询UE是否有合法密钥,或者,当接收到第一请求中携带的UE的SUCI或HSE为UE分配的标识后,HSE可根据UE的SUCI或HSE为UE分配的标识获得UE的SUPI,并根据SUPI查询UE是否有合法密钥。
S106:UE接收随机数。
其中,随机数可由HSE发送,例如,S104之后,HSE向UE发送随机数。
可选的,随机数携带在会话开始消息中。会话开始消息中还可发送认证令牌。
S107:UE根据随机数以及UE的根密钥生成加密密钥和完整性密钥。
可选的,CK与RAND有关,或者说,CK根据RAND确定。
可选的,IK与RAND有关,或者说,IK根据RAND确定。
S108:UE根据加密密钥、完整性密钥和第一信息生成第一密钥。
第一信息和第一密钥可参见S103中的说明。
S109:UE根据第一密钥生成第二密钥,第二密钥包括UE与HSE之间的机密性保护密钥和/或完整性保护密钥。
可选的,在S105和S108中,UE和/或HSE可根据第一密钥和第二信息生成第二密钥。其中,第二信息可包括HSE的标识、UE的BEST服务的算法类型标识符、UE的用于计算认证令牌的序列号、隐藏密钥(anonymity key,AK)、UE的SUPI、随机数或者认证令牌中的至少一个。
采用以上方法,归属网络安全节点可获取第一密钥,其中,第一密钥是根据加密密钥、完整性密钥和第一信息生成的,因此,归属网络安全节点不需要获取UE的加密密钥和完整性密钥就能够获得第一密钥,后续可根据第一密钥生成用于保护用户设备数据的安全密钥。因此该方案能够提供适用于5G网络架构的安全密钥获取方式,降低用户设备的数据安全风险。
下面通过举例的方式,说明S104和/或S109中确定第一密钥的方式。其中,第一密钥可以是Kausf、Kbest或者Kbest’。
(1)如果第一密钥为Kausf,Kausf可根据CK和IK,以及服务网络名称、用于确定UE的认证令牌的序列号(sequence number,SQN)或AK中的至少一个确定。例如,Kausf可根据CK和IK、服务网络名称、服务网络名称的长度、SQN异或AK、SQN异或AK的长度,通过密钥派生函数(key derivation functon,KDF)确定。密钥派生函数例如是安全散列算法256(secure hash algorithm 256,SHA-256)函数,安全散列算法256为基于哈希的消息验证码(hash-based message authentication code,HMAC)算法中的一种。
本申请中,UE的服务网络名称可携带在第一请求中发送至HSE,并由HSE通过第二请求或AUSF通过第四请求发送至UDM。或者,UDM使用存储的UE认证所在的服务网络名称或注册所在的服务网络名称。如果HSE在第二请求中或AUSF在第四请求携带了UE的服务网络名称,UDM还可根据UE认证所在的服务网络名称或注册所在的服务网络名称判断HSE中携带的服务网络名称是否正确。
可选的,AK可以与RAND有关,例如,CK根据RAND确定。
(2)如果第一密钥为Kbest,Kbest是由Kausf推演的密钥,推演方式可以是以Kausf为密钥,额外参数为输入传输,使用HMAC算法生成的新的密钥,例如,参照公式1确定新的密钥。可选的,额外参数可以是HSE的标识、SUPI、BEST服务标识等,不作限定。
此时HSE可以直接从UDM获取Kbest或包括Kbest的认证向量,也可以经过AUSF从UDM获取Kbest,或获取包括Kbest的认证向量。如果是后者,UDM向AUSF发送的认证向量可以包括Kausf、RAND、AUTN、RES或RES*中的至少一个,AUSF根据Kausf进行进一步推导Kbest。或者也可由UDM推导Kbest,由AUSF向HSE转发Kbest或转发包括Kbest的认证向量。
其中,AUTN可根据SQN、AK、AMF值和MAC值推导,AMF值为16比特(bit)的字段,可以是设定的。MAC值可根据SQN、RAND和AMF值推导。
(3)如果第一密钥为Kbest’,可选的,Kbest’可根据CK和IK,以及UE的服务网络名称,HSE的标识、SUPI、BEST服务标识等中的至少一个确定。
应理解,以上图6所示流程中,CK也可替换为CK’,且IK可以替换为IK’,此时5G为了系统中的UE主认证方式可以是扩展认证协议’认证和秘钥协商(extensible authentication protocol-authentication and key agreement,EAP-AKA’)。其中,CK’和IK’可根据CK和IK推导。
下面说明HSE根据UE的第一标识确定S102涉及的UE的第二标识的方法。
方法1,第一标识可以是SUCI,第二标识为SUPI,HSE可通过UDM确定该第二标识。
UDM可以从SUCI中解密获取SUPI,因此,当HSE获取第一请求中携带的SUCI时,可向UDM发送UE的SUCI,并请求UE的SUPI,之后接收UDM返回的SUPI。HSE可向UDM发送第三请求,其中携带UE的SUCI,该第三请求可以是UE标识获取请求,UDM在解密出SUPI后可向HSE发送UE标识获取响应消息,其中携带UE的SUPI。
方法2,第一标识可以是SUCI,第二标识为SUPI,HSE可在本地对第一标识进行处理后获得第二标识。
由于SUCI可以是SUPI加密获得的,则可以令HSE存储可用于解密SUCI以获得SUPI的密钥。例如,UE根据HSE的公钥加密SUPI获得SUCI,并在第一请求中携带SUCI,在接收到第一请求后,HSE可根据HSE的私钥解密第一请求中的SUCI,获得UE的SUPI。
方法3,第一标识可以是HSE为UE分配的标识,第二标识为SUPI,HSE可在本地对第一标识进行处理后获得第二标识。
HSE可存储HSE为UE分配的标识与UE的SUPI之间的对应关系,用于确定第一请求中的标识所对应的UE的SUPI。
比如,在此前UE接入网络或此前的建立会话的过程中,HSE根据UE的SUPI为UE分配了标识,则HSE可存储其为UE的标识与UE的SUPI之间的对应关系,在发送第二 请求之前,根据该对应关系确定第一请求中携带的UE的标识对应的UE的SUPI。
可选的,在S102之前,如果HSE根据用户设备的第一标识或第二标识,判断该UE已有合法的密钥,则可跳过S102-S104,执行S105。
如图6所示,基于图5所示流程,如果第一信息包括UE的服务网络名称,则本申请实施例提供的一种示例性的通信方法可包括以下步骤:
S201:UE向HSE发送会话请求,其中携带UE的第一标识。
可选的,会话请求中还可包括UE的服务网络名称和/或加密指示。其中,加密指示可用于请求加密服务。
S202:HSE判断该UE是否已有合法的密钥,如果没有,则执行S203,如果有,则执行S206。
其中,第一标识为UE的SUPI。或者,第一标识为SUCI或HSE分配的标识,则HSE根据第一标识确定UE的SUPI。
S203:HSE向第一网络功能发送认证向量获取请求,其中,携带UE的第二标识。可选的,如果会话请求中包括UE的服务网络名称,则认证向量获取请求可包括UE的服务网络名称。
第一网络功能可以是UDM或AUSF,UDM或AUSF的具体实现方式可参见S103中的说明。
S204:第一网络功能根据UE的第二标识生成第一密钥,其中,第一密钥的生成过程需要第一信息作为输入参数。第一信息至少包括UE的服务网络名称。第一信息还可包括HSE的标识、UE的SUPI或BEST服务标识中的至少一个。也就是说,第一密钥至少根据UE的服务网络名称的标识生成。
可选的,如果第二请求中未携带UE的服务网络名称,则第一网络功能可根据UE的第二标识获取UE的服务网络名称。比如,第一网络功能为UDM,UDM可根据UE的第二标识获取UE的服务网络名称。如果第一网络功能为AUSF,则AUSF可根据UE的第二标识向UDM查询UE的服务网络名称。
S205:第一网络功能向HSE发送认证向量获取响应消息,其中携带认证向量,认证向量至少包括第一密钥。
可选的,认证向量还可包括RAND、AUTN、RES或RES*中的至少一个。
可选的,认证向量获取响应消息还可包括加密指示。
S206:HSE根据认证向量生成第二密钥。
其中,如果第一请求中包括加密指示,和/或,HSE接收到来自于第一网络功能的加密指示(如携带在认证向量获取响应消息或其他消息中),则HSE根据所述加密指示判断是否开启与UE的机密性保护服务。
S207:HSE向UE发送会话开始消息。
其中,会话开始消息中可包括RAND,或者,HSE通过其他消息向UE发送RAND。RAND的获取方式可参照已有标准,本申请不具体限定。
可选的,会话开始消息中携带HSE为UE分配的标识。
可选的,UE在接收到会话开始消息后,可以向HSE发送会话开始确认消息。
S208:UE根据随机数和UE的根密钥生成CK和IK。
S209:UE根据CK、IK和第一信息生成第一密钥。
这里的第一信息与S204中生成第一密钥使用的第一信息相同。
S210:UE根据第一密钥生成第二密钥。
应理解,S207-S210与S206的时序没有严格限制,比如,S207-S210可能在S206之前或之后执行。
基于图6所示流程,UE和HSE可分别获得第二密钥,其中,第二密钥的生成过程中至少引入UE的服务网络名称,因此HSE不需要获知CK和IK,能够适用于5G网络架构。另外,图6所示方法根据UE的第一标识发起,在HSE和第一网络功能之间根据UE的第二标识进行,不需要引入UE的IMSI,能够更好地适用于5G网络架构以支持5G BEST。如果第一标识是SUCI,则进一步满足了UE使用SUCI进行通信以保护SUPI传输安全性的要求。
基于图6所示流程,如果需要启用加密服务,UE可在会话请求中携带加密指示,则HSE可根据加密指示生成机密性保护密钥。
如图7所示,基于图5所示流程,如果第一信息不包括UE的服务网络名称,则本申请实施例提供的一种通信方法包括以下步骤:
S301:UE向HSE发送会话请求,其中携带UE的第一标识。
可选的,会话请求中还可包括UE的服务网络名称。其中,UE的服务网络名称可用于指示获取加密服务。
S302:HSE判断该UE是否已有合法的密钥,如果没有,则执行S303,如果有,则执行S306。
其中,第一标识为UE的SUPI。或者,第一标识为SUCI或HSE分配的标识,则HSE根据第一标识确定UE的SUPI。
S303:HSE向第一网络功能发送认证向量获取请求,其中,携带UE的第二标识。
第一网络功能可以是UDM或AUSF,UDM或AUSF的具体实现方式可参见S103中的说明。
S304:第一网络功能根据UE的第二标识生成第一密钥,其中,第一密钥的生成过程需要第一信息作为输入参数。第一信息可包括HSE的标识、UE的SUPI或BEST服务标识中的至少一个。也就是说,第一密钥至少根据HSE的标识、UE的SUPI或BEST服务标识中的一个生成。
S305:第一网络功能向HSE发送认证向量获取响应消息,其中携带认证向量,认证向量至少包括第一密钥。
可选的,认证向量还可包括RAND、AUTN、RES或RES*中的至少一个。
可选的,认证向量获取响应消息还可包括加密指示。
S306:HSE根据认证向量生成第二密钥。
其中,如果第一请求中包括UE的服务网络名称,和/或,HSE接收到来自于第一网络功能的加密指示(如携带在认证向量获取响应消息或其他消息中),则HSE根据所述服务网络名称或加密指示,判断是否开启与UE的机密性保护服务。
S307:HSE向UE发送会话开始消息。
其中,会话开始消息中可包括RAND,或者,HSE通过其他消息向UE发送RAND。RAND的获取方式可参照已有标准,本申请不具体限定。
可选的,UE在接收到会话开始消息后,可以向HSE发送会话开始确认消息。
S308:UE根据随机数和UE的根密钥生成CK和IK。
S309:UE根据CK、IK和第一信息生成第一密钥。
这里的第一信息与S204中生成第一密钥使用的第一信息相同。
S310:UE根据第一密钥生成第二密钥。
应理解,S307-S310与S306的时序没有严格限制,比如,S307-S310可能在S306之前或之后执行。
基于图7所示流程,UE和HSE可分别获得第二密钥,其中,第二密钥的生成过程中至少引入RAND、AUTN、RES或RES*中的一个,因此HSE不需要获知CK和IK,能够适用于5G网络架构。另外,图7所示方法根据UE的第一标识发起,在HSE和第一网络功能之间根据UE的第二标识进行,不需要引入UE的IMSI,能够更好地适用于5G网络架构以支持5G BEST。如果第一标识是SUCI,则进一步满足了UE使用SUCI进行通信以保护SUPI传输安全性的要求。
基于图7所示流程,如果需要启用加密服务,UE可在会话请求中携带服务网络名称,则HSE可根据服务网络名称生成机密性保护密钥。
在本申请实施例提供的另一种通信方法中,可使用UE和PLMN主认证中生成的Kausf进行隐式的认证,而不使用4G BEST中显式的认证方式。其中,隐式的认证是指不需要UE和HSE之间不需要进行AUTN和RES的认证,显式的认证是指UE和HSE之间需要先进行AUTN和RES的认证,再进行密钥的生成。
此种实施方式的前提是UE和网络已完成主认证,UE和AUSF均获取了主认证中的Kausf。若UE签约了BEST服务,则UDM在主认证中给AUSF返回认证向量时,也会返回BEST指示。其中,认证向量可包括Kausf和RAND、AUTN或RES中的至少一个。AUSF根据该指示将生成的Kbest以及密钥标识(key ID)推送给HSE。
后续UE可以根据Kausf生成Kbest以及key ID,并携带该key ID向HSE发起会话请求,HSE则根据Key ID找到对应的Kbest,即获得UE的Kbest。此时UE和HSE便也可以共享相同的Kbest。然后以Kbest为根密钥,推导产生后续E2M或E2E密钥。KBEST的生成可以考虑引入BEST服务代码,SUPI、HSE ID等参数;Key ID的计算可以引入SUPI、key ID代码等参数。推导的密钥均可以使用Kausf。
可选的,AUSF和/或UE生成Kbest的过程中,可将Kausf作为密钥,以及以BEST服务代码、SUPI或HSE的标识等参数作为额外参数。同理,key ID的生成过程中可将Kausf作为密钥,以及以SUPI或key ID代码等参数作为额外参数。
其中,key ID代码例如与BEST临时UE标识(BEST temporary UE identifier,B-TID)或应用的认证和密钥管理(authentication and key management for applications,AKMA)临时UE标识(AKMA temporary UE identifier,A-TID)等有关,例如是B-TID或者A-TID等字符串。
如图8所示,在使用UE和PLMN主认证中生成的Kausf进行隐式的认证时,本申请实施例提供的通信方法可包括以下步骤:
S401:UDM确定UE签约BEST服务。
其中,UDM可查询UDM的签约数据,确定UE是否签约BEST服务。
S402:AUSF向UDM发送UE认证获取请求。
其中,本申请对于S401和S402的执行时序不进行严格限定。
S403:UDM向AUSF返回UE认证获取响应消息,其中携带UE的SUPI和指示信息。
其中,指示信息可以是BEST indication,即表明UE需要使用BEST服务。
S404:在接收到指示信息后,AUSF根据Kausf生成Kbest和key ID。
可选的,AUSF存储Kbest和key ID之间的对应关系。
S405:AUSF向HSE发送密钥登记请求,其中,携带UE的SUPI、Kbest和key ID。
S406:HSE向AUSF返回密钥登记响应。
S407:UE根据Kausf生成Kbest和key ID。
其中,S407可以在UE发送会话请求之前或之后执行,也可以是在生成Kausf之后,不具体限定。比如,当UE希望建立会话,则生成Kbest和key ID。
S408:UE向HSE发送会话请求,其中携带key ID。
S409:HSE获取来自于UE的key ID所对应的Kbest。
S410:HSE根据Kbest生成UE的安全密钥。
其中,UE的安全密钥包括机密性保护密钥和/或完整性保护密钥。
S411:HSE向UE发送会话开始消息。
S412:UE根据Kbest生成安全密钥。
其中,UE的安全密钥包括机密性保护密钥和/或完整性保护密钥。
根据图8所示流程,HSE可根据UE的key ID查询Kbest,以根据Kbest获得UE的机密性保护密钥和/或完整性保护密钥。该过程复用UE主认证的结果和密钥来完成UE和HSE之间的密钥共享,节省了UE和HSE单独的认证流程,从而更匹配BEST节能省电的需求。
在本申请实施例提供的另一种通信方法中,可沿用4G网络架构下的密钥生成方式,由UDM向HSE提供CK和IK,由UE和HSE根据CK和IK生成BEST密钥。
可选的,HSE可向UDM发送UE认证获取请求,在收到该UE认证获取请求后,可由UDM生成第三密钥,或者通过UE认证服务以外的新的服务生成第三密钥。其中,第三密钥可包括CK和IK。
例如,如果UE认证获取请求中携带指示信息,则UDM可根据该指示信息生成该第三密钥,否则,UDM可通过UE认证服务以外的其他服务生成第三密钥。这里的指示信息可以是用于指示请求BEST的安全参数,如请求BEST认证向量或请求BEST密钥,或者是用于请求5G认证和秘钥协商认证向量或5G AKA认证密钥,或者指示请求的认证方法为5G AKA或BEST。
此后UDM可向HSE发送认证向量,其中包括第三密钥,还可包括RAND、AUTN或RES中的至少一个,由HSE接收认证向量后生成UE的安全密钥。相应地,UE根据相同的参数生成安全密钥。其中,UE的安全密钥包括机密性保护密钥和/或完整性保护密钥。
如图9所示,由UE和HSE根据CK和IK生成认证密钥的过程可包括以下步骤:
S501:UE向HSE发送会话请求,其中携带UE的SUPI。
S502:HSE根据UE的SUPI判断该UE是否已有合法的密钥。
如果有合法的密钥,则可根据合法的密钥生成UE的认证密钥,之后执行S506,否则, 如果没有合法的密钥,则执行S503。
S503:HSE向UDM发送BEST认证向量获取请求,其中携带UE的SUPI。
S504:UDM在接收到BEST认证向量获取请求后,生成第三密钥。
S505:UDM向HSE发送BEST认证向量获取响应消息,其中携带认证向量,认证向量包括第三密钥,还可包括RAND、AUTN或RES中的至少一个。
此后,HSE可根据第三密钥生成UE的安全密钥。
其中,UE的安全密钥包括机密性保护密钥和/或完整性保护密钥。相应地,在UE侧可生成相同的UE安全密钥,即机密性保护密钥和/或完整性保护密钥。
S506:HSE向UE发送会话开始消息。
S507:可选的,UE向HSE返回会话开始响应消息。
根据图9所述方法,可通过从UDM获取与4G BEST认证向量一致的认证向量,使得UE和HSE完成认证和密钥生成的同时,能够更好地兼容现有安全设计,因为UE侧改动较小。
在本申请实施例提供的另一种通信方法中,当UE通过4G网络接入时,可由HSE通过HSS获取认证向量,即由HSS向UDM请求获取认证向量,再由HSS发送至HSE。
其中,当UE通过4G网络接入时,携带的UE的标识为IMSI。
可选的,HSS可向UDM发送UE认证获取请求,在收到该UE认证获取请求后,可由UDM生成第四密钥,或者通过UE认证服务以外的新的服务生成第四密钥。例如,如果UE认证获取请求中携带指示信息,则UDM可根据该指示信息生成该第四密钥,否则,UDM可通过UE认证服务以外的其他服务生成第四密钥。这里的指示信息可以是用于指示请求BEST的安全参数,如请求BEST认证向量或请求BEST密钥,或者是用于请求5G认证和秘钥协商认证向量或5G AKA认证密钥,或者指示请求的认证方法为5G AKA或BEST。其中,第四密钥可包括CK和IK。
此后UDM可向HSS发送认证向量,其中包括第四密钥,还可包括RAND、AUTN或RES中的至少一个。HSS将认证向量转发至HSE,由HSE接收认证向量后生成UE的安全密钥。相应地,UE根据相同的参数生成安全密钥。其中,UE的安全密钥包括机密性保护密钥和/或完整性保护密钥。
如图10所示,由UE和HSE根据CK和IK生成认证密钥可包括以下步骤:
S601:UE向HSE发送会话请求,其中携带UE的IMSI。
S602:HSE根据UE的IMSI判断该UE是否已有合法的密钥。
如果有合法的密钥,则可根据合法的密钥生成UE的认证密钥,之后执行S608,否则,如果没有合法的密钥,则执行S603。
S603:HSE向HSS发送认证信息请求,携带UE的IMSI。
S604:HSS向UDM发送BEST认证向量获取请求,其中携带UE的IMSI。
S605:UDM在接收到BEST认证向量获取请求后,生成第四密钥。
S606:UDM向HSS发送BEST认证向量获取响应,其中携带认证向量,认证向量包括第四密钥,还可包括RAND、AUTN或RES中的至少一个。
S607:HSS向HSE发送认证信息响应消息,该响应消息携带认证向量,认证向量中包括第四密钥,还可包括RAND、AUTN或RES中的至少一个。
此后,HSE可根据第四密钥生成UE的安全密钥。
其中,UE的安全密钥包括机密性保护密钥和/或完整性保护密钥。相应地,在UE侧可生成相同的机密性保护密钥和/或完整性保护密钥。
S608:HSE向UE发送会话开始消息。
可选的,UE在收到会话开始消息后,向HSE返回会话开始响应消息。
根据图10所述方法,可在UE通过4G网络接入时,通过HSS从UDM获取鉴权向量,能够使得UE从4G接入时也能使用5G凭据访问BEST服务。
另外,类似图9所示流程,HSE也可以直接向UDM发送认证服务获取请求,区别在于这里的认证服务获取请求中携带的是UE的IMSI。
与上述构思相同,如图11所示,本申请实施例还提供一种装置1100用于实现上述方法。例如,该装置可以为软件模块或者芯片系统。本申请实施例中,芯片系统可以由芯片构成,也可以包含芯片和其他分立器件。该装置1100可以包括:处理单元1101和通信单元1102。
应理解,该装置可包括以上方法实施例中所示的HSE、UDM或UE,或者包括具备以上方法实施例中所示的HSE、UDM或UE的功能的装置。
本申请实施例中,通信单元也可以称为收发单元,可以包括发送单元和/或接收单元,分别用于执行上文方法实施例中HSE、UDM或UE发送和接收的步骤。
以下,结合图11至图10详细说明本申请实施例提供的通信装置。应理解,装置实施例的描述与方法实施例的描述相互对应,因此,未详细描述的内容可以参见上文方法实施例,为了简洁,这里不再赘述。
通信单元1102也可以称为收发器、收发机、收发装置等。处理单元1101也可以称为处理器,处理单板,处理模块、处理装置等。可选的,可以将通信单元1102中用于实现接收功能的器件视为接收单元,将通信单元1102中用于实现发送功能的器件视为发送单元,即通信单元1102包括接收单元和发送单元。通信单元1102有时也可以称为收发机、收发器、或收发电路等。接收单元有时也可以称为接收机、接收器、或接收电路等。发送单元有时也可以称为发射机、发射器或者发射电路等。
举例来说,如果该装置1100是HSE,则通信单元1102可用于接收来自UE的第一请求,第一请求包括UE的第一标识。通信单元1102还可用于向第一网络功能发送第二请求,第二请求包括UE的第二标识,第二标识根据第一标识确定,或者第二标识与第一标识相同。通信单元1102还可用于接收来自于第一网络功能的第一密钥,第一密钥根据加密密钥、完整性密钥和第一信息生成。处理单元1101可用于根据第一密钥生成第二密钥,第二密钥包括UE与HSE之间的机密性保护密钥和/或完整性保护密钥。其中,第一信息包括UE的服务网络名称、HSE的标识、UE的SUPI,以及BEST服务标识中的至少一个。
可选的,通信单元和处理单元还可以执行其他操作,例如通信单元1102用于执行上述图5至图10所示的方法实施例中HSE的发送操作和接收操作,处理单元1101用于执行上述图5至图10所示的方法实施例中HSE除了收发操作之外的其他操作,具体可以参考前面的描述,在此不再赘述。
又如,如果该装置1100是UDM,则通信单元1102可用于接收来自于HSE的第二请求,第二请求包括UE的第二标识。处理单元1101可用于根据第二标识生成UE的加密密钥和完整性密钥,并根据加密密钥、完整性密钥和第一信息生成第一密钥。通信单元1102还可用于向HSE发送第一密钥。其中,第一信息包括UE的服务网络名称、HSE的标识、 UE的SUPI,以及BEST服务标识中的至少一个。
可选的,通信单元和处理单元还可以执行其他操作,例如通信单元1102用于执行上述图5至图10所示的方法实施例中UDM的发送操作和接收操作,处理单元1101用于执行上述图5至图10所示的方法实施例中UDM除了收发操作之外的其他操作,具体可以参考前面的描述,在此不再赘述。
又如,如果该装置1100是UE,则通信单元1102可用于备向HSE发送第一请求,第一请求包括UE的标识,以及接收HSE发送的随机数。处理单元1101可用于根据随机数以及UE的根密钥生成加密密钥和完整性密钥,根据加密密钥、完整性密钥和第一信息生成第一密钥,并根据第一密钥生成第二密钥。第二密钥包括UE与HSE之间的机密性保护密钥和/或完整性保护密钥。其中,第一信息包括UE的服务网络名称、HSE的标识、UE的SUPI,以及BEST服务标识中的至少一个。
可选的,通信单元和处理单元还可以执行其他操作,例如通信单元1102用于执行上述图5至图10所示的方法实施例中UDM的发送操作和接收操作,处理单元1101用于执行上述图5至图10所示的方法实施例中UDM除了收发操作之外的其他操作,具体可以参考前面的描述,在此不再赘述。
如图12所示为本申请实施例提供的另一种通信装置,图12所示的装置可以为图11所示的装置的一种硬件电路的实现方式。该通信装置可适用于前面所示出的流程图中,执行上述方法实施例中HSE、UDM或UE的功能。为了便于说明,图12仅示出了该通信装置的主要部件。
装置1200还可以包括至少一个存储器1230,用于存储程序指令和/或数据。存储器1230和处理器1220耦合。本申请实施例中的耦合是装置、单元或模块之间的间接耦合或通信连接,可以是电性,机械或其它的形式,用于装置、单元或模块之间的信息交互。处理器1220可能和存储器1230协同操作。处理器1220可能执行存储器1230中存储的程序指令。所述至少一个存储器中的至少一个可以包括于处理器中。
图12所示的装置1200包括至少一个处理器1220以及通信接口1210,处理器1220用于执行存储器1230中存储的指令或程序。存储器1230中存储的指令或程序被执行时,该处理器1220用于执行上述实施例中处理单元1101执行的操作,通信接口1210用于执行上述实施例中通信单元1102执行的操作。
在本申请实施例中,通信接口可以是收发器、电路、总线、模块或其它类型的通信接口。在本申请实施例中,通信接口为收发器时,收发器可以包括独立的接收器、独立的发射器;也可以集成收发功能的收发器、或者是通信接口。
装置1200还可以包括通信线路1240。其中,通信接口1210、处理器1220以及存储器1230可以通过通信线路1240相互连接;通信线路1240可以是外设部件互连标准(peripheral component interconnect,简称PCI)总线或扩展工业标准结构(extended industry standard architecture,简称EISA)总线等。所述通信线路1240可以分为地址总线、数据总线、控制总线等。为便于表示,图12中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。
本申请提还提供了一种通信系统,用于执行上面任一流程中提供的方法,如执行图5至图10中任一流程。该通信系统可包括图5所示架构。
本申请提还提供了一种计算机可读存储介质,用于存储计算机程序,该计算机程序包 括用于执行上面任一流程中提供的方法的指令。
本申请提还提供了一种计算机程序产品,所述计算机程序产品包括:计算机程序代码,当所述计算机程序代码在计算机上运行时,使得计算机执行上面任一流程中提供的方法。
本申请提还提供一种芯片,包括处理器,所述处理器与存储器耦合,用于执行所述存储器中存储的计算机程序或指令,当所述处理器执行所述计算机程序或指令时,使得上面任一流程中提供的方法被实现。
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、光学存储器等)上实施的计算机程序产品的形式。
本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的保护范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。

Claims (29)

  1. 一种通信方法,其特征在于,包括:
    归属网络安全节点接收来自于用户设备的第一请求,所述第一请求包括所述用户设备的第一标识;
    所述归属网络安全节点向第一网络功能发送第二请求,所述第二请求包括所述用户设备的第二标识,所述第二标识根据所述第一标识确定,或者所述第二标识与第一标识相同;
    所述归属网络安全节点接收来自于所述第一网络功能的第一密钥,所述第一密钥根据加密密钥、完整性密钥和第一信息生成,所述第一信息包括:所述用户设备的服务网络名称、所述归属网络安全节点的标识、所述用户设备的用户永久标识SUPI,以及为低吞吐量机器类型通信设备设计的省电安全BEST服务标识中的至少一个;
    所述归属网络安全节点根据所述第一密钥和第三信息生成第二密钥,所述第三信息包括:归属网络安全节点的标识、用户设备的BEST服务的算法类型标识符、用户设备中用于计算认证令牌的序列号、隐藏密钥、用户设备的SUPI、随机数,或者认证令牌;
    所述第二密钥包括所述用户设备与所述归属网络安全节点之间的机密性保护密钥和/或完整性保护密钥。
  2. 如权利要求1所述的方法,其特征在于,所述用户设备的第一标识包括所述用户设备的用户隐藏标识SUCI,所述用户设备的第二标识包括所述用户设备的SUPI,所述归属网络安全节点向第一网络功能发送第二请求之前,还包括:
    所述归属网络安全节点根据所述SUCI获取所述用户设备的SUPI。
  3. 如权利要求2所述的方法,其特征在于,所述归属网络安全节点根据所述SUCI获取所述用户设备的SUPI,包括:
    所述归属网络安全节点根据所述归属网络安全节点的私钥解密所述SUCI获得所述SUPI,其中,所述SUCI是根据所述归属网络安全节点的公钥加密所述SUPI获得的;
    或者,包括:
    所述归属网络安全节点向所述第一网络功能发送所述用户设备的SUCI;
    所述归属网络安全节点接收来自于所述第一网络功能的所述SUPI。
  4. 如权利要求1-3中任一所述的方法,其特征在于,所述第二请求为用户设备认证获取请求,所述用户设备认证获取请求还包括指示信息,所述指示信息用于指示根据所述加密密钥、所述完整性密钥和所述第一信息生成所述第一密钥。
  5. 如权利要求1-4中任一所述的方法,其特征在于,所述第一请求还包括所述用户设备的服务网络名称,所述第二请求还包括所述服务网络名称。
  6. 如权利要求1-5中任一所述的方法,其特征在于,所述第一网络功能包括认证服务功能或统一数据管理功能。
  7. 如权利要求1-6中任一所述的方法,其特征在于,所述第一请求还包括加密指示,所述加密指示用于指示所述用户设备请求用户面加密服务。
  8. 一种通信方法,其特征在于,包括:
    统一数据管理功能接收来自于归属网络安全节点的第二请求,所述第二请求包括用户设备的第二标识;
    所述统一数据管理功能根据所述第二标识生成所述用户设备的加密密钥和完整性密钥;
    所述统一数据管理功能根据所述加密密钥、完整性密钥和第一信息生成第一密钥,所述第一信息包括:所述用户设备的服务网络名称、所述归属网络安全节点的标识、所述用户设备的用户永久标识SUPI,以及为低吞吐量机器类型通信设备设计的省电安全BEST服务标识中的至少一个;
    所述统一数据管理功能向所述归属网络安全节点发送所述第一密钥。
  9. 如权利要求8所述的方法,其特征在于,还包括:
    所述统一数据管理功能接收来自于所述归属网络安全节点的所述用户设备的用户隐藏标识SUCI;
    所述统一数据管理功能根据所述SUCI确定所述用户设备的SUPI;
    所述统一数据管理功能向所述归属网络安全节点发送所述用户设备的SUPI。
  10. 如权利要求8或9所述的方法,其特征在于,所述第二请求为用户设备认证获取请求,所述用户设备认证获取请求还包括指示信息,所述统一数据管理功能根据所述加密密钥和完整性密钥和第一信息生成第一密钥,包括:
    所述统一数据管理功能在收到所述指示信息后,根据所述加密密钥和完整性密钥和第一信息生成所述第一密钥。
  11. 如权利要求8-10中任一所述的方法,其特征在于,
    所述第二请求还包括所述用户设备的服务网络名称;
    或者,所述方法还包括:
    所述统一数据管理功能根据所述第二标识确定所述用户设备的注册的或认证的或所在的服务网络名称。
  12. 一种通信方法,其特征在于,包括:
    用户设备向归属网络安全节点发送第一请求,所述第一请求包括所述用户设备的标识;
    所述用户设备接收来自于所述归属网络安全节点的随机数;
    所述用户设备根据所述随机数以及所述用户设备的根密钥生成加密密钥和完整性密钥;
    所述用户设备根据所述加密密钥、完整性密钥和第一信息生成第一密钥,所述第一信息包括:所述用户设备的服务网络名称、所述归属网络安全节点的标识、所述用户设备的用户永久标识SUPI,以及为低吞吐量机器类型通信设备设计的省电安全BEST服务标识中 的至少一个;
    所述用户设备根据所述第一密钥和第三信息生成第二密钥,所述第三信息包括:归属网络安全节点的标识、用户设备的BEST服务的算法类型标识符、用户设备中用于计算认证令牌的序列号、隐藏密钥、用户设备的SUPI、随机数,或者认证令牌;
    所述第二密钥包括所述用户设备与所述归属网络安全节点之间的机密性保护密钥和/或完整性保护密钥。
  13. 如权利要求12所述的方法,其特征在于,所述第一请求还包括所述用户设备的服务网络名称;和/或所述第一请求还包括加密指示,所述加密指示用于指示所述用户设备请求用户面加密服务。
  14. 一种通信装置,其特征在于,包括通信单元和处理单元:
    所述通信单元用于,接收来自于用户设备的第一请求,所述第一请求包括所述用户设备的第一标识;
    所述通信单元还用于,向第一网络功能发送第二请求,所述第二请求包括所述用户设备的第二标识,所述第二标识根据所述第一标识确定,或者所述第二标识与第一标识相同;
    所述通信单元还用于,接收来自于所述第一网络功能的第一密钥,所述第一密钥根据加密密钥、完整性密钥和第一信息生成,所述第一信息包括:所述用户设备的服务网络名称、所述归属网络安全节点的标识、所述用户设备的用户永久标识SUPI,以及为低吞吐量机器类型通信设备设计的省电安全BEST服务标识中的至少一个;
    所述处理单元用于,根据所述第一密钥和第三信息生成第二密钥,所述第三信息包括:归属网络安全节点的标识、用户设备的BEST服务的算法类型标识符、用户设备中用于计算认证令牌的序列号、隐藏密钥、用户设备的SUPI、随机数,或者认证令牌;
    所述第二密钥包括所述用户设备与归属网络安全节点之间的机密性保护密钥和/或完整性保护密钥。
  15. 如权利要求14所述的通信装置,其特征在于,所述第一标识包括所述用户设备的用户隐藏标识SUCI,所述处理单元还用于:
    根据所述SUCI获取所述用户设备的SUPI。
  16. 如权利要求15所述的通信装置,其特征在于,所述处理单元具体用于:
    根据所述归属网络安全节点的私钥解密所述SUCI获得所述SUPI,其中,所述SUCI是根据所述归属网络安全节点的公钥加密所述SUPI获得的;
    或者,所述通信单元还用于:
    向所述第一网络功能发送所述用户设备的SUCI;
    接收来自于所述第一网络功能的所述SUPI。
  17. 如权利要求14-16中任一所述的通信装置,其特征在于,所述第二请求为用户设备认证获取请求,所述用户设备认证获取请求还包括指示信息,所述指示信息用于指示根据所述加密密钥、所述完整性密钥和所述第一信息生成所述第一密钥。
  18. 如权利要求14-17中任一所述的通信装置,其特征在于,所述第一请求还包括所述用户设备的服务网络名称,所述第二请求还包括所述服务网络名称。
  19. 如权利要求14-18中任一所述的通信装置,其特征在于,所述第一网络功能包括认证服务功能或统一数据管理功能。
  20. 如权利要求14-19中任一所述的通信装置,其特征在于,所述第一请求还包括加密指示,所述加密指示用于指示所述用户设备请求用户面加密服务。
  21. 一种通信装置,其特征在于,包括通信单元和处理单元:
    所述通信单元用于,接收来自于归属网络安全节点的第二请求,所述第二请求包括用户设备的第二标识;
    所述处理单元用于,根据所述第二标识生成所述用户设备的加密密钥和完整性密钥;
    所述处理单元还用于,根据所述加密密钥、完整性密钥和第一信息生成第一密钥,所述第一信息包括:所述用户设备的服务网络名称、所述归属网络安全节点的标识、所述用户设备的用户永久标识SUPI,以及为低吞吐量机器类型通信设备设计的省电安全BEST服务标识中的至少一个;
    所述通信单元还用于,向所述归属网络安全节点发送所述第一密钥。
  22. 如权利要求21所述的通信装置,其特征在于,所述通信单元还用于:
    接收来自于所述归属网络安全节点的所述用户设备的用户隐藏标识SUCI;
    所述处理单元还用于:
    所述统一数据管理功能根据所述SUCI确定所述用户设备的SUPI;
    所述通信单元还用于:
    向所述归属网络安全节点发送所述用户设备的SUPI。
  23. 如权利要求21或22所述的通信装置,其特征在于,所述第二请求为用户设备认证获取请求,所述用户设备认证获取请求还包括指示信息,所述处理单元具体用于:
    在收到所述指示信息后,根据所述加密密钥和完整性密钥和第一信息生成所述第一密钥。
  24. 如权利要求21-23中任一所述的通信装置,其特征在于,所述第二请求还包括所述用户设备的服务网络名称;
    或者,所述处理单元还用于:
    根据所述第二标识确定所述用户设备的注册的或认证的或所在的服务网络名称。
  25. 一种通信装置,其特征在于,包括通信单元和处理单元:
    所述通信单元用于,向归属网络安全节点发送第一请求,所述第一请求包括所述用户设备的标识;
    所述通信单元还用于,接收来自于所述归属网络安全节点的随机数;
    所述处理单元用于,根据所述随机数以及所述用户设备的根密钥生成加密密钥和完整性密钥;
    所述处理单元还用于,根据所述加密密钥、完整性密钥和第一信息生成第一密钥,所述第一信息包括:所述用户设备的服务网络名称、所述归属网络安全节点的标识、所述用户设备的用户永久标识SUPI,以及为低吞吐量机器类型通信设备设计的省电安全BEST服务标识中的至少一个;
    所述处理单元还用于,根据所述第一密钥和第三信息生成第二密钥,所述第三信息包括:归属网络安全节点的标识、用户设备的BEST服务的算法类型标识符、用户设备中用于计算认证令牌的序列号、隐藏密钥、用户设备的SUPI、随机数,或者认证令牌;
    所述第二密钥包括所述用户设备与所述归属网络安全节点之间的机密性保护密钥和/或完整性保护密钥。
  26. 如权利要求25所述的通信装置,其特征在于,所述第一请求还包括所述用户设备的服务网络名称;和/或所述第一请求还包括加密指示,所述加密指示用于指示所述用户设备请求用户面加密服务。
  27. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机程序或指令,当所述计算机程序或指令被计算设备执行时,以使得所述计算设备执行如权利要求1至7中任一项所述的方法,或使得所述计算设备执行如权利要求8至11中任一项所述的方法,或使得所述计算设备执行如权利要求12或13所述的方法。
  28. 一种通信系统,其特征在于,包括如权利要求14-20中任一所述的通信装置,和如权利要求21-24中任一所述的通信装置,和如权利要求25或26所述的通信装置。
  29. 一种计算机程序产品,其特征在于,所述计算机程序产品包括计算机指令,当所述计算机指令被信令保护装置执行时,使得所述信令保护装置执行如权利要求1至7中任一项所述的方法,或执行如权利要求8至11中任一项所述的方法,或执行如权利要求12或13所述的方法。
PCT/CN2022/089936 2021-05-10 2022-04-28 一种通信方法及装置 WO2022237561A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP22806530.6A EP4322579A4 (en) 2021-05-10 2022-04-28 COMMUNICATION METHOD AND DEVICE
US18/505,391 US20240089728A1 (en) 2021-05-10 2023-11-09 Communication method and apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110504785.6A CN115412909A (zh) 2021-05-10 2021-05-10 一种通信方法及装置
CN202110504785.6 2021-05-10

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/505,391 Continuation US20240089728A1 (en) 2021-05-10 2023-11-09 Communication method and apparatus

Publications (1)

Publication Number Publication Date
WO2022237561A1 true WO2022237561A1 (zh) 2022-11-17

Family

ID=84027998

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/089936 WO2022237561A1 (zh) 2021-05-10 2022-04-28 一种通信方法及装置

Country Status (4)

Country Link
US (1) US20240089728A1 (zh)
EP (1) EP4322579A4 (zh)
CN (1) CN115412909A (zh)
WO (1) WO2022237561A1 (zh)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941204B (zh) * 2022-12-06 2024-04-12 镁佳(北京)科技有限公司 一种基于hse的数据防重放方法及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852896A (zh) * 2015-02-03 2015-08-19 四川通信科研规划设计有限责任公司 一种Wi-Fi无线节点入网方法及系统
CN107925869A (zh) * 2015-08-17 2018-04-17 诺基亚通信公司 用于蜂窝物联网的安全性过程
CN109756872A (zh) * 2018-12-06 2019-05-14 国网山东省电力公司电力科学研究院 基于物理不可克隆函数的电网NB-IoT端到端数据处理方法
WO2020145064A1 (en) * 2019-01-11 2020-07-16 Nec Corporation A method and a device for enabling key re-usage in a communication network

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104852896A (zh) * 2015-02-03 2015-08-19 四川通信科研规划设计有限责任公司 一种Wi-Fi无线节点入网方法及系统
CN107925869A (zh) * 2015-08-17 2018-04-17 诺基亚通信公司 用于蜂窝物联网的安全性过程
US20180241757A1 (en) * 2015-08-17 2018-08-23 Nokia Solutions And Networks Oy Security procedures for the cellular internet of things
CN109756872A (zh) * 2018-12-06 2019-05-14 国网山东省电力公司电力科学研究院 基于物理不可克隆函数的电网NB-IoT端到端数据处理方法
WO2020145064A1 (en) * 2019-01-11 2020-07-16 Nec Corporation A method and a device for enabling key re-usage in a communication network

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Study on authentication and key management for applications based on 3GPP credential in 5G (Release 16)", 3GPP STANDARD; TECHNICAL REPORT; 3GPP TR 33.835, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), vol. SA WG3, no. V2.0.0, 4 December 2019 (2019-12-04), pages 1 - 83, XP051840699 *
See also references of EP4322579A4 *

Also Published As

Publication number Publication date
US20240089728A1 (en) 2024-03-14
EP4322579A4 (en) 2024-08-07
CN115412909A (zh) 2022-11-29
EP4322579A1 (en) 2024-02-14

Similar Documents

Publication Publication Date Title
CN111669276B (zh) 一种网络验证方法、装置及系统
CN110830991B (zh) 安全会话方法和装置
JP5597676B2 (ja) 鍵マテリアルの交換
CN113395693B (zh) 用于802.1x载体热点和Wi-Fi呼叫认证的基于经加密的IMSI的方案
US10798082B2 (en) Network authentication triggering method and related device
US11570617B2 (en) Communication method and communications apparatus
CN106134231B (zh) 密钥生成方法、设备及系统
WO2019041802A1 (zh) 基于服务化架构的发现方法及装置
EP1972125A2 (en) Apparatus and method for protection of management frames
JP2018532325A (ja) ユーザ機器ueのアクセス方法、アクセスデバイス、およびアクセスシステム
WO2019214351A1 (zh) 消息处理方法及装置
WO2013174267A1 (zh) 无线局域网络的安全建立方法及系统、设备
US20240080316A1 (en) Methods and apparatus for provisioning, authentication, authorization, and user equipment (ue) key generation and distribution in an on-demand network
US11553561B2 (en) Protection of the UE identity during 802.1x carrier hotspot and wi-fi calling authentication
WO2023083170A1 (zh) 密钥生成方法、装置、终端设备及服务器
WO2020063540A1 (zh) 一种安全通信方法、加密信息确定方法及装置
US20240089728A1 (en) Communication method and apparatus
US20190149326A1 (en) Key obtaining method and apparatus
WO2022134089A1 (zh) 一种安全上下文生成方法、装置及计算机可读存储介质
CN113395697A (zh) 传输寻呼信息的方法和通信装置
EP4391614A1 (en) Communication method, apparatus and system
WO2019144350A1 (zh) 通信方法和通信装置
JP2021524167A (ja) 複数の登録のための方法および装置
WO2024026735A1 (zh) 认证方法、装置、设备及存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22806530

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 202327074778

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2022806530

Country of ref document: EP

ENP Entry into the national phase

Ref document number: 2022806530

Country of ref document: EP

Effective date: 20231107

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 11202308390Y

Country of ref document: SG