CN101511084B - Authentication and cipher key negotiation method of mobile communication system - Google Patents

Authentication and cipher key negotiation method of mobile communication system Download PDF

Info

Publication number
CN101511084B
CN101511084B CN2008100577615A CN200810057761A CN101511084B CN 101511084 B CN101511084 B CN 101511084B CN 2008100577615 A CN2008100577615 A CN 2008100577615A CN 200810057761 A CN200810057761 A CN 200810057761A CN 101511084 B CN101511084 B CN 101511084B
Authority
CN
China
Prior art keywords
authentication
sqn
key
rand
vlr
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2008100577615A
Other languages
Chinese (zh)
Other versions
CN101511084A (en
Inventor
彭华熹
刘利军
张志红
王建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Datang Microelectronics Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Datang Microelectronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Datang Microelectronics Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN2008100577615A priority Critical patent/CN101511084B/en
Publication of CN101511084A publication Critical patent/CN101511084A/en
Application granted granted Critical
Publication of CN101511084B publication Critical patent/CN101511084B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides an authentication and key arranging method in a mobile communication system. A network side and a mobile terminal side use a boot authentication key K kept by both sides respectively, and same random number RAND and a sequence number SQN with 128 bits length for generating a temporary key K*=fxk(RAND,SQN), and use K* for generating MAC and RES respectively to process dual-way authentication of the network side and the mobile terminal side; wherein, fx is a group arithmetic with 128 bits key length; K is the key used by fx arithmetic function. The AKA enhancement authentication method one time one encryption can increase difficulty for decoding the authentication key greatly, accordingly, reduce safe risk of decoding the authentication boot key.

Description

A kind of authentication of mobile communication system and cryptographic key negotiation method
Technical field
The present invention relates to moving communicating field, relate in particular to a kind of authentication and cryptographic key negotiation method of mobile communication system.
Background technology
At 3-G (Generation Three mobile communication system) UMTS (Universal Mobile TelecommunicationsSystem, Universal Mobile Telecommunications System) adopts authentication and key agreement (Authentication and Key Agreement in the access authentication process, be called for short AKA) mechanism, authentication is by portable terminal USIM (Universal Subscriber Identity Module, USIM) card, VLR/SGSN of network side (Visitor Location Register/Service GPRS Supporting Node, Visited Location Registor/GPRS serving GPRS support node) and HLR/AuC finish jointly.The usim card of end side and the HLR/AuC of network side (Home Location Register/Authentication Center, home location register/authentication center) shares KI K, by KI K, end side usim card and network side can authenticate mutually.
As shown in Figure 1, user's access authentication flow process of the prior art comprises following steps:
101: during requests such as portable terminal (Mobile Equipment is called for short ME) initiation network insertion, service access or position renewal, the VLR/SGSN of meeting trigger network side carries out authentication operations;
Comprise the IMSI (International MobileSubscriber Identifier, international mobile subscriber identity) that is used for the identifying user identity in the above-mentioned request message.
102:VLR/SGSN sends the authentication vector request message to HLR/AuC, and request five-tuple authentication vector AV sends IMSI to HLR/AuC simultaneously;
Comprise among the five-tuple authentication vector AV: random number RA ND, Expected Response value XRES, encryption key CK, Integrity Key IK and authentication-tokens AUTN.
103:HLR/AuC generates random number RA ND, searches corresponding KI K according to IMSI, and generates among the five-tuple authentication vector AV according to KI K: Expected Response value XRES, encryption key CK, Integrity Key IK and authentication-tokens AUTN;
Wherein, authentication-tokens AUTN is by SQN (sequence number), and AMF (AuthenticationManagement Field, authentication management territory) and MAC (Message Authentication Code, message authentication code) form.
Fig. 2 is the method schematic diagram of HLR/AuC compute authentication vector in the prior art.Specifically describe as follows:
103A: adopt following formula to calculate AUTN:
AK=f5 K(RAND);
MAC=f1 K(SQN? HE||RAND||AMF);
AUTN = SQ N HE ⊕ AK | | AMF | | MAC ;
Above-mentioned
Figure DEST_PATH_GSB00000217272100012
Be xor operator.
103B: adopt following formula to generate AV:
AV=RAND||XRES||CK||IK||AUTN;
XRES=f2 K(RAND);
CK=f3 K(RAND);
IK=f4 K(RAND)。
Above-mentioned SQN HESequence number for network side; F1, f2, f3, f4, f5 are the algorithmic function of former agreement (3GPP TS33.102V7.1.0 (2006-12) agreement) regulation.
104:HLR/AuC is included in the authentication vector AV that generates in the authentication vector response message and sends to VLR/SGSN;
105:VLR/SGSN preserves Expected Response value XRES, encryption key CK and the Integrity Key IK among the five-tuple authentication vector AV;
106:VLR/SGSN is included in the random number RA ND among the five-tuple authentication vector AV and authentication-tokens AUTN in the subscription authentication request and sends to portable terminal;
107: portable terminal is transmitted to usim card with random number RA ND and the authentication-tokens AUTN that receives; Usim card uses legitimacy and the validity of the inner KI K checking AUTN that preserves;
If it (is that usim card thinks that network is a legitimate network, and SQN that usim card has passed through the authentication of AUTN HEIn correct scope), then USIM uses KI K and random number RA ND to generate Authentication Response value RES, encryption key CK and Integrity Key IK;
Fig. 3 is that USIM calculates the also method schematic diagram of authentication vector in the prior art.Specifically describe as follows:
107A: calculate AK, checking network side sequence number (SQN HE) validity;
AK=f5(K,RAND);
SQN HE=AK
Figure 2008100577615_6
(SQN HE
Figure 2008100577615_7
AK);
107B: calculate XMAC, and whether checking XMAC equals MAC;
XMAC=f1 K(SQN HE||RAND||AMF);
107C: calculate RES, CK, IK;
RES=f2 K(RAND);
CK=f3 K(RAND);
IK=f4 K(RAND)。
108: portable terminal sends the subscription authentication response message to VLR/SGSN, comprises Authentication Response value RES in this message;
Whether the Authentication Response value RES that 109:VLR/SGSN relatively receives equates with the Expected Response value XRES of preservation, if equate, then network side thinks that usim card is a validated user, thereby finish the mutual authentication process (this is a normal authorizing procedure of AKA, and abnormal conditions are omitted) of mobile terminal side usim card and network side here.
As from the foregoing, usim card and HLP/AuC share single permanent authentication root key K, and calculate by identical authentication root key K during each authentication and generate authentication vector AV.
In the LTE (Long Term Evolution, Long Term Evolution) of 3GPP (3rd Generation Partnership Project, third generation partner program) network, user's access authentication has been inherited original UMTS AKA authentication mechanism.Its key management system adopts hierarchy; be that authentication root key K is the permanent root key; CK and IK are the pair of secret keys that AuC and usim card are consulted in the AKA verification process; and all intermediate key that UE and LTE Access Network and core net are encrypted with integrity protection (comprise Kasme; Knas; Kenb, Krrc, Kup etc.) all obtain by CK and IK deduction.Therefore can reach a conclusion: authentication root key K is the root key that LTE/SAE (System ArchitectureEvolution, System Architecture Evolution) mobile communications network inserts face and chain of command, and it concerns the safety of whole mobile communication system.
No matter UMTS or LTE, this authentication root key remains constant key management mode and has safety defect.The cryptography theory once proved: all cryptographic algorithms, except one-time pad, as long as abundant ciphertext is arranged, in theory all can crack.
Based on the characteristics of present mobile communications network and the insecurity of eating dishes without rice or wine, implement active attack or intercept the RAND and the AUTN that can obtain among the subscription authentication vector AV that core net issues in the air by base station eNB (Node B of evolution).Because root key K remains unchanged, the assailant can eat dishes without rice or wine to obtain a large amount of authentication parameter samples relevant with K, calculates that by algorithm is implemented to attack the security threat of root key K exists all the time when sample space is enough big.
Summary of the invention
Technical problem to be solved by this invention is, overcomes the deficiencies in the prior art, proposes a kind of authentication and cryptographic key negotiation method that improves the mobile communication system of fail safe.
In order to address the above problem, the invention provides a kind of authentication and cryptographic key negotiation method of mobile communication system, when carrying out bi-directional authentification, the root KI K that network side and mobile terminal side use both sides to preserve respectively, and the sequence number SQN that the identical random number RA ND of both sides and length are 128 generates temporary key K *=fx K(RAND SQN), and uses K *Generate MAC and RES respectively, carry out the bi-directional authentification of network side and mobile terminal side;
Wherein, fx is the grouping algorithm of 128 bit cipher key lengths; K is the employed key of fx algorithmic function.
In addition, K *=fx K(RAND
Figure 2008100577615_8
SQN).
In addition, the described bi-directional authentification operation of network side and mobile terminal side comprises following steps:
A: after receiving the authentication vector request message that the VLR/SGSN of network side sends, the HLR/AuC of network side generates described RAND and K *
B:HLR/AuC uses K *Expected Response value XRES and the authentication-tokens AUTN that comprises described MAC among the compute authentication vector AV; And AV sent to VLR/SGSN;
C:VLR/SGSN preserves the XRES among the AV, and the RAND among the AV and AUTN is sent to the USIM of corresponding mobile terminal;
D: the USIM of portable terminal generates K *, and use K *MAC among the checking AUTN is proved to be successful the back and uses K *Generate RES, and RES is sent to VLR/SGSN;
E: after receiving RES, VLR/SGSN compares the XRES of RES and preservation, finishes the authentication to USIM.
In addition, described SQN is SQN HE|| SQN HE|| SQN HEIn 128.
In addition, when carrying out bi-directional authentification, described network side and mobile terminal side all use RAND and the SQN different with bi-directional authentification last time to generate described K at every turn *
In addition, also comprise among the described AV: encryption key CK and Integrity Key IK;
Among the step B, HLR/AuC also uses K *Calculate CK and IK;
Among the step C, VLR/SGSN also preserves CK and the IK among the AV;
Among the step D, the USIM of portable terminal also uses K *Calculate CK and IK.
In addition, among the step D, the USIM of portable terminal is also according to the SQN among the AUTN HE The sequence number of AK computing network side, and the sequence number of network side verified, if the sequence number of network side is in correct scope, execution in step E '~G ' then:
E ': the USIM of portable terminal adopts following formula to recomputate K *, and by K *Calculate AUTS, send AUTS to VLR/SGSN then:
K *=fx K(RAND
Figure 2008100577615_10
SQN); SQN is SQN MS|| SQN MS|| SQN MSGet 128;
AUTS=SQN MS
Figure 2008100577615_11
AK||MAC-S;
AK=f5 * K(RAND);
MAC-S=f1 * K*(SQN MS||RAND||AMF);
F ': after receiving heavy synchronization request, VLR/SGSN obtains corresponding RAND, and the heavy synchronization request that will comprise AUTS||RAND sends to HLR/AuC;
G ': after receiving heavy synchronization request, HLR/AuC is by the sequence number SQN of K, end side MSWith the RAND calculating K *, checking AUTS carries out heavily simultaneous operation after being proved to be successful.
In addition, described grouping algorithm is 3DES or aes algorithm.
As from the foregoing, with respect to existing AKA authentication mechanism, the AKA of one-time pad of the present invention strengthens method for authenticating can improve the difficulty that KI is decrypted to a great extent, thereby reduces the security risk that the authentication root key is decrypted.
Description of drawings
Fig. 1 is user's access authentication flow process of the prior art;
Fig. 2 is the method schematic diagram of HLR/AuC compute authentication vector in the prior art;
Fig. 3 is that USIM calculates the also method schematic diagram of authentication vector in the prior art;
Fig. 4 is that the AKA of embodiment of the invention one-time pad strengthens the method for authenticating flow chart;
Fig. 5 is that embodiment of the invention HLR/AuC is according to K *The method schematic diagram of compute authentication vector AV;
Fig. 6 is that embodiment of the invention usim card calculates the also method schematic diagram of authentication vector;
Fig. 7 is the computational methods schematic diagram of the heavy synchronous AUTS of the embodiment of the invention.
Embodiment
Based on above analysis, the AKA that the present invention proposes one-time pad strengthens method for authenticating: when promptly carrying out authentication request, the HLR/AuC of network side will use authentication root key K, random number RA ND and SQN to derive a relatively independent temporary key K at every turn *, then by K *Calculate and generate authentication vector AV.
By the cryptography principle as can be known, though K *Not a fully independently random number, but the existing AKA authentication mechanism of comparing, the AKA of one-time pad of the present invention strengthens method for authenticating can improve the difficulty that KI is decrypted to a great extent, thereby reduces the security risk that the authentication root key is decrypted.
Describe the present invention below in conjunction with drawings and Examples.
Fig. 4 is that the AKA of embodiment of the invention one-time pad strengthens the method for authenticating flow chart, and as shown in Figure 4, this method comprises following steps:
201: when requests such as portable terminal initiation network insertion, service access or position renewal, the authentication operations of MME (Mobile Management Entity, the mobile management entity)/VLR/SGSN of meeting trigger network side;
The IMSI that comprises this mobile phone users in the above-mentioned request message.
202:MME/VLR/SGSN sends the authentication vector request message to HLR/AuC, request five-tuple authentication vector AV;
The IMSI that comprises this mobile phone users in the above-mentioned authentication vector request message.
203:HLR/AuC judges whether that according to the usim card ability of network registry needs execution AKA strengthens authentication calculations:
If usim card is common usim card (promptly not supporting the AKA of one-time pad of the present invention to strengthen the usim card of method for authenticating), operative norm AKA authentication calculations then, this method finishes.
If usim card is for strengthening usim card (promptly supporting the AKA of one-time pad of the present invention to strengthen the usim card of method for authenticating), then at first according to K, random number RA ND and SQN HE, calculating K *=fx K(RAND
Figure 2008100577615_12
SQN), and by K *Calculate the AUTN among the authentication vector AV, CK, IK and XRES;
SQN is to SQN HEA kind of conversion, the present invention recommends to adopt SQN=SQN HE|| SQN HE|| SQN HE, get after the SQN conversion wherein 128 (for example preceding 128, SQN HELength is 48).The present invention does not limit other method of SQN conversion, comprises carrying out various filling modes.
HLR/AuC is according to K *The concrete grammar of compute authentication vector AV as shown in Figure 5.Specifically describe as follows:
203A: adopt following formula to generate K *:
K *=fx K(RAND
Figure 2008100577615_13
SQN);
Wherein, SQN is to SQN HEA kind of conversion, in the present embodiment, to SQN HECarry out as down conversion: SQN HE|| SQN HE|| SQN HE, get wherein 128 after the conversion, for example preceding 128 or back 128 as SQN.
In other embodiments, also can pass through SQN HEOr SQN HE|| SQN HEIt is that 128 mode generates SQN that the filling of carrying out fixed bit makes its length.
In addition, in the present embodiment, use RAND
Figure 2008100577615_14
SQN generates K as the parameter (expressly) of fx *In other embodiments, can use any 128 the parameters (expressly) among the H (RAND||SQN) to generate K as fx *Wherein, H represents HASH (Hash) hashing algorithm.
The HASH hashing algorithm can be SHA-1 (Secure Hash Algorithm-1, Secure Hash Algorithm-1) or MD5 (Message Digest 5, informative abstract 5) algorithm.The output of above-mentioned two kinds of hashing algorithms is respectively 160 and 128.
Notice, the HASH hashing algorithm is all exported the value of regular length for the input of random length, therefore, except with the input parameter of RAND||SQN as the HASH hashing algorithm, also can be with RAND and SQN through the value that generates after other conversion input parameter as the HASH hashing algorithm.
The fx algorithm is for supporting the grouping algorithm of 128 bit cipher key lengths, K *Length be 128.
In addition, the fx grouping algorithm should be suitable for realizing at the usim card end, carry out a secondary key computing required time requirement less than 200ms.
Fx can adopt 3DES (Triple Data Encryption Standard, triple DES), AES international standard algorithms such as (Advanced Encryption Standard, Advanced Encryption Standards).Operator also can adopt autonomous cryptographic algorithm according to security strategy separately.
203B: adopt following formula to generate AUTN:
AUTN=SQN HE
Figure 2008100577615_15
AK||AMF||MAC;
AK=f5 K(RAND);
MAC=f1 K*(SQN HE||RAND||AMF);
203C: adopt following formula to generate AV:
AV=RAND||XRES||CK||IK||AUTN;
XRES=f2 K*(RAND);
CK=f3 K*(RAND);
IK=f4 K*(RAND)。
204:HLR/AuC is included in the authentication vector AV that generates in the authentication vector response message and sends to VLR/SGSN;
205:VLR/SGSN preserves the XRES among the authentication vector AV, CK and IK;
206:VLR/SGSN is included in the RAND among the authentication vector AV and AUTN in the subscription authentication request and sends to portable terminal;
207: after portable terminal receives the subscription authentication request, random number RA ND and the authentication-tokens AUTN that receives is transmitted to usim card; The usim card calculating K *=fx K(RAND
Figure 2008100577615_16
SQN); MAC among the AUTN and SQN are verified;
If the mac authentication failure, then usim card returns the response message of network authentication failure to portable terminal;
If mac authentication is passed through, the SQN checking is invalid, and then usim card recomputates K *, use K then *Calculate AUTS, and return the heavy synchronous response message that comprises AUTS to portable terminal;
Pass through if MAC and SQN all verify, then usim card uses K *Calculate RES, CK and IK; And return the response message that comprises RES to portable terminal
Fig. 6 is that usim card of the present invention calculates the also method schematic diagram of authentication vector.Specifically describe as follows:
207A: adopt following formula to generate K *:
AK=f5 K(RAND);
SQN HE=AK
Figure 2008100577615_17
(SQN HE AK);
K *=fx K(RAND
Figure 2008100577615_19
SQN);
Wherein, SQN is to SQN HEA kind of conversion, in the present embodiment, to SQN HECarry out as down conversion: SQN HE|| SQN HE|| SQN HE, get wherein 128 after the conversion, for example preceding 128 as SQN.
207B: calculate XMAC, and whether checking XMAC equals MAC;
XMAC=f1 K*(SQN HE||RAND||AMF)。
207C: calculate RES, CK, IK;
RES=f2 K*(K *,RAND);
CK=f3 K*(RAND)。
IK=f4 K*(RAND)。
Fig. 7 is the computational methods schematic diagram of the heavy synchronous AUTS of the embodiment of the invention.Specifically comprise following steps:
207D: according to following formula calculating K *And AUTS;
K *=fx K(RAND
Figure 2008100577615_20
SQN);
Wherein, SQN is to SQN MSA kind of conversion, in the present embodiment, to SQN MSCarry out as down conversion: SQN MS|| SQN MS|| SQN MS, get wherein 128 after the conversion, for example preceding 128 as SQN.
AUTS=SQN MS AK||MAC-S;
AK=f5 * K(RAND);
MAC-S=f1 * K*(SQN MS||RAND||AMF);
Above-mentioned SQN MSBe the sequence number of preserving in the end side usim card.
208: portable terminal sends RES or AUTS or failed authentication message according to the response message that usim card returns to VLR/SGSN:
If the mac authentication failure is then directly returned the network authentication failed message to VLR/SGSN;
If mac authentication is passed through, SQN HEIt is invalid to verify, then sends the heavy synchronization request that comprises AUTS to VLR/SGSN;
If MAC and SQN HEAll checking is passed through, and then sends the successful Authentication Response that comprises RES to VLR/SGSN.
209: if receive AUTS, then VLR/SGSN searches corresponding RAND;
210:VLR/SGSN sends the heavy synchronization request that comprises AUTS and RAND to HLR/AuC;
After 211:HLR/AuC receives heavy synchronization request, by K, SQN MSWith receive the RAND calculating K *, checking AUTS is then according to normal heavy synchronous flow mechanism executable operations.

Claims (7)

1. the authentication of a mobile communication system and cryptographic key negotiation method, it is characterized in that, when carrying out bi-directional authentification, the root KI K that network side and mobile terminal side use both sides to preserve respectively, and the sequence number SQN that the identical random number RA ND of both sides and length are 128 generates temporary key K *=fx K(RAND SQN), and uses K *Generate message authentication code MAC and Authentication Response value RES respectively, carry out the bi-directional authentification of network side and mobile terminal side;
Wherein, fx is the grouping algorithm of 128 bit cipher key lengths; K is the employed key of fx algorithmic function.
2. the method for claim 1 is characterized in that,
3. method as claimed in claim 1 or 2 is characterized in that, the described bi-directional authentification operation of network side and mobile terminal side comprises following steps:
A: after receiving the authentication vector request message that the VLR/SGSN of network side sends, the HLR/AuC of network side generates described RAND and K *
B:HLR/AuC uses K *Expected Response value XRES and the authentication-tokens AUTN that comprises described MAC among the compute authentication vector AV; And AV sent to VLR/SGSN;
C:VLR/SGSN preserves the XRES among the AV, and the RAND among the AV and AUTN is sent to the USIM of corresponding mobile terminal;
D: the USIM of portable terminal generates K *, and use K *MAC among the checking AUTN is proved to be successful the back and uses K *Generate RES, and RES is sent to VLR/SGSN;
E: after receiving RES, VLR/SGSN compares the XRES of RES and preservation, finishes the authentication to USIM.
4. method as claimed in claim 1 or 2 is characterized in that, described SQN is SQN HE‖ SQN HE‖ SQN HEIn 128; Wherein, described SQN HESequence number for network side.
5. method as claimed in claim 1 or 2 is characterized in that, when carrying out bi-directional authentification, described network side and mobile terminal side all use RAND and the SQN different with bi-directional authentification last time to generate described K at every turn *
6. method as claimed in claim 3 is characterized in that,
Also comprise among the described AV: encryption key CK and Integrity Key IK;
Among the step B, HLR/AuC also uses K* to calculate CK and IK;
Among the step C, VLR/SGSN also preserves CK and the IK among the AV;
Among the step D, the USIM of portable terminal also uses K* to calculate CK and IK.
7. the method for claim 1 is characterized in that, described grouping algorithm is 3DES or aes algorithm.
CN2008100577615A 2008-02-15 2008-02-15 Authentication and cipher key negotiation method of mobile communication system Active CN101511084B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2008100577615A CN101511084B (en) 2008-02-15 2008-02-15 Authentication and cipher key negotiation method of mobile communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2008100577615A CN101511084B (en) 2008-02-15 2008-02-15 Authentication and cipher key negotiation method of mobile communication system

Publications (2)

Publication Number Publication Date
CN101511084A CN101511084A (en) 2009-08-19
CN101511084B true CN101511084B (en) 2011-05-04

Family

ID=41003310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2008100577615A Active CN101511084B (en) 2008-02-15 2008-02-15 Authentication and cipher key negotiation method of mobile communication system

Country Status (1)

Country Link
CN (1) CN101511084B (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102056077B (en) * 2009-10-29 2013-11-06 ***通信集团公司 Method and device for applying smart card by key
CN101835154B (en) * 2010-04-20 2016-03-30 中兴通讯股份有限公司 A kind of method and system setting up the air interface key of enhancing
CN101860863A (en) * 2010-05-21 2010-10-13 中国科学院软件研究所 Enhanced encryption and integrity protection method
CN102625308A (en) * 2011-01-31 2012-08-01 电信科学技术研究院 Method, apparatus and system for realization of mutual authentication based on LTE-LAN
CN103297958B (en) * 2012-02-22 2017-04-12 华为技术有限公司 Security context establishing method, device and system
CN103179558B (en) * 2012-09-20 2016-06-22 中兴通讯股份有限公司 Group system group exhales encryption implementation method and system
CN105472764A (en) 2014-08-20 2016-04-06 深圳市中兴微电子技术有限公司 Method of being accessed to LTE (Long Term Evolution) network and electronic device
SE538304C2 (en) * 2014-10-09 2016-05-03 Kelisec Ab Improved installation of a terminal in a secure system
CN107027117A (en) * 2016-02-02 2017-08-08 普天信息技术有限公司 A kind of method of dynamic generation root key
CN108235316B (en) 2016-12-21 2019-09-17 电信科学技术研究院有限公司 A kind of method and apparatus that access node group is added
CN108282780A (en) * 2017-01-05 2018-07-13 中兴通讯股份有限公司 A kind of key transmission method and device
CN108418679B (en) * 2017-02-10 2021-06-29 阿里巴巴集团控股有限公司 Method and device for processing secret key under multiple data centers and electronic equipment
CN107466038B (en) * 2017-06-22 2020-08-04 宇龙计算机通信科技(深圳)有限公司 Authentication method and device
WO2019000171A1 (en) * 2017-06-26 2019-01-03 Zte Corporation Methods and computing device for authenticating a user equipment via a home network
CN108055658B (en) * 2017-12-09 2019-09-03 恒宝股份有限公司 A kind of implementation method and its system of one-card multi-number
EP3949262A4 (en) * 2019-03-29 2022-03-09 Telefonaktiebolaget LM Ericsson (publ) Methods and apparatus relating to authentication of a wireless device
CN110012467B (en) * 2019-04-18 2022-04-15 苏州博联科技有限公司 Grouping authentication method of narrow-band Internet of things
CN114513330A (en) * 2019-04-24 2022-05-17 华为技术有限公司 Parameter sending method and device
CN113038458A (en) * 2019-12-25 2021-06-25 中移智行网络科技有限公司 Data transmission method and system
CN111107598B (en) * 2019-12-28 2022-04-29 深圳市新国都通信技术有限公司 Method for automatically switching communication module network operators
CN112564894A (en) * 2020-11-11 2021-03-26 杭州浙程科技有限公司 Method for unlocking passive lock by intelligent key dynamic secret key

Also Published As

Publication number Publication date
CN101511084A (en) 2009-08-19

Similar Documents

Publication Publication Date Title
CN101511084B (en) Authentication and cipher key negotiation method of mobile communication system
JP6492115B2 (en) Encryption key generation
JP6732095B2 (en) Unified authentication for heterogeneous networks
KR102112542B1 (en) Method and system for generating session key using Diffie-Hellman procedure
CN101931955B (en) Authentication method, device and system
Farhat et al. Private identification, authentication and key agreement protocol with security mode setup
CN102026184B (en) Authentication method, authentication system and relevant device
CN101867925A (en) Air interface key processing method and system thereof
Farhat et al. An extended authentication and key agreement protocol of UMTS
CN111212424B (en) Method and system for authenticating UE during interoperation from EPS to 5GS
Schoinas Secure military communications on 3G, 4G and WiMAX
WO2018126750A1 (en) Key delivery method and device
Kucharzewski et al. Mobile identity management system in heterogeneous wireless networks
Wang et al. Research on an improved proposal of 3G security

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant