CN108513296A - A kind of switching authentication method and system of MTC frameworks - Google Patents

A kind of switching authentication method and system of MTC frameworks Download PDF

Info

Publication number
CN108513296A
CN108513296A CN201810155160.1A CN201810155160A CN108513296A CN 108513296 A CN108513296 A CN 108513296A CN 201810155160 A CN201810155160 A CN 201810155160A CN 108513296 A CN108513296 A CN 108513296A
Authority
CN
China
Prior art keywords
message
equipment
tenb
certification
sent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810155160.1A
Other languages
Chinese (zh)
Inventor
陈昕
李卓
陈莹
杜冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Information Science and Technology University
Original Assignee
Beijing Information Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Information Science and Technology University filed Critical Beijing Information Science and Technology University
Priority to CN201810155160.1A priority Critical patent/CN108513296A/en
Publication of CN108513296A publication Critical patent/CN108513296A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/0289Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a kind of switching authentication method, including:Obtain the certification message and Message Authentication Code that each equipment is sent in equipment group;Based on certification message and Message Authentication Code, message is verified in the corresponding polymerization of computing device group, and polymerization verification message is sent to TeNB, so that TeNB verifies the first syndication message identifying code in the polymerization verification message and sends certification message;After the certification message for receiving TeNB transmissions, calculate the second syndication message identifying code, and the second syndication message identifying code is sent to each equipment in equipment group, so that each equipment is completed and the switching certification of TeNB according to the second syndication message identifying code in equipment group.Method provided by the invention is authenticated by using the mode of syndication message identifying code, it realizes and is directly communicated with base station by the group leader of equipment group, reduce communication overhead, being mutually authenticated for equipment and base station is realized by the way of shaking hands twice in verification process, ensure that the safe and reliable of verification process.

Description

A kind of switching authentication method and system of MTC frameworks
Technical field
The invention belongs to Internet of Things fields of communication technology, a kind of switching authentication method more particularly, to MTC frameworks and System.
Background technology
With popularizing for Internet of Things, one of the way of realization as Internet of Things, machine type communication (MTC) obtains hair at full speed Exhibition, is used widely in the fields such as smart home, intelligent grid, electron medical treatment and remote monitoring and tracking.By feat of low Cost, low energy consumption are easy to dispose and be not necessarily to artificial the advantages that participating in, and machine type communication has huge development prospect, still Existing bearer network is to communicate clever device towards Human To Human, lacks the optimization for machine type communication, the machine type of magnanimity Communication equipment can form enormous impact when being carried out at the same time data transmit-receive to existing network, cause the signaling congestion and key of core net The overload of node;In the application to the higher machine type communication of requirement of real-time, the service request of magnanimity high concurrent makes clothes Business device is not at all the time in heavy information processing work, and the performance and service quality of application server are proposed sternly High challenge.
In cellular networks, when magnanimity internet-of-things terminal equipment accesses network simultaneously, it may appear that signaling congestion problem is led It causes grid delay to be increased sharply, or even system crash occurs, and there are certain safety to ask for existing switching authentication protocol Topic is easy to be attacked by malicious attacker.
Invention content
The present invention provides a kind of a kind of cutting for MTC frameworks for overcoming the above problem or solving the above problems at least partly Authentication method is changed, including:
S1, each equipment is sent in equipment group certification message and Message Authentication Code are obtained;
S2, it is based on the certification message and Message Authentication Code, calculates the corresponding polymerization verification message of the equipment group, and Polymerization verification message is sent to target BS TeNB, so that the TeNB verifies first in the polymerization verification message Syndication message identifying code simultaneously sends certification message;
S3, after receiving the certification message that the TeNB is sent, the second syndication message identifying code is calculated, and by described second Syndication message identifying code is sent to each equipment in equipment group, in the equipment group each equipment according to Second syndication message identifying code completes the switching certification with the TeNB.
According to the second aspect of the invention, a kind of switching Verification System of MTC frameworks is provided, including:
Acquisition module, for obtaining the certification message and Message Authentication Code that each equipment is sent in equipment group;
Aggregation module calculates the corresponding polymerization of the equipment group for being based on the certification message and Message Authentication Code Message is verified, and polymerization verification message is sent to target BS TeNB, so that the TeNB verifies the polymerization verification The first syndication message identifying code in message simultaneously sends certification message;
Switch authentication module, after receiving the certification message that the TeNB is sent, calculates the verification of the second syndication message Code, and the second syndication message identifying code is sent to each equipment in equipment group, for every in the equipment group One equipment completes the switching certification with the TeNB according to the second syndication message identifying code.
According to the third aspect of the invention we, a kind of switching authenticating device of MTC frameworks is provided, including:
Processor, memory, communication interface and bus;Wherein,
The processor, memory, communication interface complete mutual communication by the bus;
The communication interface is for the information transmission between the test equipment and the communication equipment of display device;
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to Enable the switching authentication method for being able to carry out a kind of MTC frameworks described above.
According to the fourth aspect of the invention, a kind of computer program product, including program code, said program code are provided Switching authentication method for executing a kind of MTC frameworks described above.
According to the fifth aspect of the invention, a kind of non-transient computer readable storage medium is provided, for storing such as preceding institute The computer program stated.
The switching authentication method and system of a kind of MTC frameworks provided in an embodiment of the present invention, are tested by using syndication message The mode of card code is authenticated, and is realized and is directly communicated with base station by the group leader of equipment group, reduces communication overhead, and And being mutually authenticated for equipment and base station is realized by the way of shaking hands twice in verification process, it ensure that the peace of verification process It is complete reliable.
Description of the drawings
Fig. 1 is a kind of switching authentication method flow chart of MTC frameworks provided in an embodiment of the present invention;
Fig. 2 is the communication overhead contrast schematic diagram of 4 kinds of schemes provided in an embodiment of the present invention;
Fig. 3 is the computing cost contrast schematic diagram of 4 kinds of schemes provided in an embodiment of the present invention;
Fig. 4 is a kind of switching Verification System structure chart of MTC frameworks provided in an embodiment of the present invention.
Specific implementation mode
With reference to the accompanying drawings and examples, the specific implementation mode of the present invention is described in further detail.Implement below Example is not limited to the scope of the present invention for illustrating the present invention.
In the prior art, MTC frameworks are the key technology of Internet of Things development, and are woven in quilt in LTE-A network by 3GPP groups Relevant criterion is proposed and formulated, but still there are some technological difficulties not to be solved in the standard of formulation.
Such as:When a large amount of MTC devices are switched to new eNB from eNB simultaneously, there can be signaling congestion using 3GPP mechanism Problem, and the interactive process between MTC device and eNB is easy, by people's steal information, to lack safety assurance.
In order to express easily face, in all embodiments of the invention, the meaning of following character is as follows:
P, q are two k prime numbers, E/FpFor the elliptic curve in finite field, G is group, and GID is group identification, and GAI is Group's area identification, fkeyFor the calculating function of MAC, t is timestamp, TTL times for survival.
For the above-mentioned prior art the problem of, Fig. 1 are a kind of switchings of MTC frameworks provided in an embodiment of the present invention Authentication method flow chart, as shown in Figure 1, the method includes:
S1, each equipment is sent in equipment group certification message and Message Authentication Code are obtained;
S2, it is based on the certification message and Message Authentication Code, calculates the corresponding polymerization verification message of the equipment group, and Polymerization verification message is sent to target BS TeNB, so that the TeNB verifies first in the polymerization verification message Syndication message identifying code simultaneously sends certification message;
S3, after receiving the certification message that the TeNB is sent, the second syndication message identifying code is calculated, and by described second Syndication message identifying code is sent to each equipment in equipment group, in the equipment group each equipment according to Second syndication message identifying code completes the switching certification with the TeNB.
The executive agent of the embodiment of the present invention is the group leader of equipment group, it is to be understood that the embodiment of the present invention is being The initial phase of system will constitute an equipment group in the MTC device of same area, same subscriber and same characteristic features, Each equipment group is made of multiple MTCD and ID number GID.
Wherein, the selection standard of the group leader of equipment group is the computing capability according to group membership, storage size, battery capacity Etc. combined factors analysis, select a best group membership as group leader MTCDleader
It is understood that when arbitrary MTCD detects target BS TeNB and is switched over to it, where MTCD Group leader MTCDleaderAll members in its group can be represented and send access request message to TeNB, when TeNB receives access request Afterwards, TeNB can MTCDleaderSend authentication request message.
Further, work as MTCDleaderAfter the certification request information for receiving TeNB transmissions, start to switch verification process.Specifically , in S1, the embodiment of the present invention can be by group leader MTCDleaderObtain the certification message that each MTCD is calculated in equipment groupAnd Message Authentication CodeThe certification message is for verifying facility information, and calculating process is:
Select random numberAnd it calculatesAccording toGenerate the certification message of itself
The Message Authentication Code is a kind of authentication mechanism of communicating pair verification, and generally MAC codes, calculation can be used Traditional cipher mode is generally basede on MD5 algorithms, is formulated as:
Further, in step S2, as group leader MTCDleaderThe certification message and message for getting each equipment calculating are tested After demonstrate,proving code, according to certification message and Message Authentication Code information, message is verified in the corresponding polymerization of computing device group.
It is understood that the polymerization verification information is calculated using polymerization identifying code algorithm, syndication message is tested Card code algorithm can need to hold shared key by MAC label aggregations caused by multiple senders at a shorter label User could verify data validity, and remain able to verify the integrality of each sender's label.
The construction process of syndication message identifying code provided in an embodiment of the present invention is as follows:
Give length of the security parameter as key, it is assumed that security parameter n.Syndication message authentication code is one three The probabilistic polynomial time algorithm (Mac, Agg, Vrfy) of tuple, detailed to establish process description as follows:
(1) identifying algorithm Mac:Input a key k ∈ { 0,1 }nWith message m ∈ { 0,1 }*, output algorithm Mack(m)。
(2) aggregating algorithm Agg:Input one group of message and key pair M1, M2With two authenticating tag tag1, tag2, algorithm Agg utilizes XOR operation to authenticating tag, and aggregate label is calculated
(3) verification algorithm Vrfy:Input t group keys k1, k2…kt∈ { 0,1 }nWith θ message/key pair M={ (m1, i1) ... (mθ, iθ), wherein i ∈ { 1 ..., t } calculate polymerization authenticating tagAnd if only if When tag '=tag, it is 1 to export, and indicates to be verified;Otherwise, it is 0 to export, and indicates authentication failed.
So according to above-mentioned polymerization identifying code algorithm, the embodiment of the present invention can be by group leader MTCDleaderComputing device group Message is verified in corresponding polymerization, wherein containing the first syndication message identifying code in polymerization verification message, and the polymerization is tested Card message is sent to target BS TeNB, and the first syndication message identifying code is intended merely to be shown to be the syndication message for being directed to group Identifying code uses MAC in embodiments of the present inventionG1It indicates.
It is understood that the first polymerization identifying code generated is for being verified for TeNB, TeNB receives group leader MTCDleaderThe polymerization verification message AUTH of transmissionG1Afterwards, first, it is calculated by known GAI and MTCDiBetween it is shared close KeyAnd whether verification time stamp t and life span TTL is effective, if in vain, showing that current authentication process is completed.If Effectively, then following steps are continued to execute:
(1) first, syndication message identifying code is calculated separately outWith polymerization verification message AUTHG1.Then, institute is checked Calculated syndication message identifying codeWith the syndication message identifying code MAC sended overG1It is whether equal, if unequal, Then TeNB sends the group leader MTCD where request failure message to G1leader, and terminate current authentication process, if equal, continue It executes.
(2) random number is selectedAnd it calculatesAnd by calculating syndication message identifying codeProduce verification message AUTHTeNB=(IDTeNB||rTeNB·P||t||TTL|| MACTeNB), then, by certification message AUTHTeNBIt is sent to MTCDleader
(3) MTCD is calculatediSession key between TeNB
Further, in step S3, when TeNB is according to the first syndication message identifying code MACG1After being proved to be successful, it can send and recognize Demonstrate,prove message AUTHTeNBTo MTCDleader, MTCDleaderAfter receiving the certification message, the second syndication message identifying code can be calculated MACTeNB, and the second syndication message identifying code is sent to each equipment in equipment group so that each equipment is performed both by as follows Step:
(1) each MTCD in organizingiMember calculates new syndication message identifying code And it verifiesWhether and MACTeNBIt is equal, if unequal, show MTCD certifications TeNB failures.
(2) each MTCD in organizingiMember calculates their session keys between TeNB
So far, as each group membership MTCDiThe session key of oneself is all negotiatedAfterwards, switching certification is completed.
The switching authentication method of a kind of MTC frameworks provided in an embodiment of the present invention, by using syndication message identifying code Mode is authenticated, and is realized and is directly communicated with base station by the group leader of equipment group, reduces communication overhead, and recognizing Being mutually authenticated for equipment and base station is realized during card by the way of shaking hands twice, ensure that the safety of verification process can It leans on.
On the basis of the above embodiments, step S1 foregoing description method further includes:
ID and pre-sharing safety key is distributed for each equipment in the equipment group.
It is understood that in carrying out core net access procedure, there can be multiple equipment group slightly while access, then logical The GID for crossing group can be identified for that this ID number is embedded into often by each equipment group, the embodiment of the present invention by 3GPP standards In a MTC device, then when MTC device is linked into LTE-A core nets for the first time, HSS can pass through EPS-AKA key agreement mistakes Journey produces MME and MTCDiBetween shared key KASMEi, then, MME is by shared key { KASME1,…,KASMEnSend to Current eNB is as the shared key between eNB and MTCDs.
On the basis of the above embodiments, step S1 is specifically included:
After receiving the certification request information that the TeNB is sent, recognize described in each device broadcasts into equipment group Solicited message is demonstrate,proved, so that each equipment calculates respective certification message and Message Authentication Code in the equipment group.
It is understood that after starting to switch certification, group leader that equipment group selects will replace whole equipment group with Base station is communicated, but practical foundation switching is that each equipment is needed to switch over, then group leader MTCDleaderInto group All group membership's broadcast authentication request messages, then each facility group member execute the following steps successively:
(1) MTCD is calculatediShared key between TeNB;
(2) random number is selectedAnd it calculatesAccording toGenerate the certification message of itself
(3) Message Authentication Code of itself is calculated
Final group leader MTCDleaderThe respective certification message of each equipment can be obtainedAnd Message Authentication Code
On the basis of the above embodiments, step S2 is specifically included:
Based on the Message Authentication Code that each equipment in the equipment group is sent, computing device group corresponding first gathers Close Message Authentication Code;
The certification message sent based on each equipment in the equipment group and the equipment group corresponding first Syndication message identifying code generates the corresponding polymerization verification message of the equipment group, and polymerization verification message is sent to Target BS TeNB.
Specifically, working as MTCDleaderReceive the certification message of all members in groupAnd Message Authentication CodeAfterwards, MTCDleaderFollowing steps will be executed:
(1) the shared secret key between TeNB is calculated
(2) syndication message identifying code is calculatedWhereinIt represents different Or operation.
(3) polymerization verification message is producedConcurrently Give TeNB.
On the basis of the above embodiments, step S3 further includes:
Whether timestamp and the life span for verifying the second syndication message identifying code calculated are effective;
If the timestamp and life span of the second syndication message identifying code are effective, second syndication message is tested Card code is sent to each equipment in equipment group, so that each equipment disappears according to second polymerization in the equipment group Cease the switching certification of identifying code completion and the TeNB.
It is understood that similar to the syndication message verification process of TeNB, group leader MTCDleaderIt is sent receiving TeNB Certification message AUTHTeNBAfterwards, syndication message identifying code MAC is calculated firstTeNB, and verification time stamp t and life span TTL Whether effectively, if in vain, terminating current authentication process, if effectively, MTCDleaderBy parameter rTeNBP is sent to each in G1 groups Member.
During message transmission, the embodiment of the present invention adds suitable timestamp t and existence in certification message Time TTL makes attacker that the packet received can not be used as attack source, to prevent Replay Attack.
On the basis of the above embodiments, the method further includes:
Based on elliptic curve Diffie-Hellman algorithms, in computing device group between each equipment and the TeNB Session key.
It is understood that during above-described embodiment, the embodiment of the present invention is required to Signalling exchange each time Carry out key authentication.
The overall process of key agreement, used in the embodiment of the present invention calculated based on elliptic curve Diffie-Hellman Method, using Diffie-Hellman algorithms, attacker can not be according to MTCDiOpen message between eNB derives that session is close Key, moreover, because this programme uses the cipher mode of Message Authentication Code, even if attacker can not getting certification message yet Certification message is distorted to achieve the purpose that attack.
It is understood that after switching certification, MTCDiAuthentication key SKMTCD can be negotiated between TeNBi。 Authentication key SKMTCDiIt is by security parameterrTeNBIt is generated with P, it is (ellipse due to there is no efficient algorithm that can solve ECDLP Circular curve discrete logarithm problem) problem, so even if attacker can not calculate security parameter r if getting P and rP.By In that can not solve the problems, such as ECDH (elliptic curve DH) in limited multinomial, even if attacker getsAnd rTeNB· P can not also produce SKMTCDi
Also, this programme also has before master key using Diffie-Hellman algorithms to/backward confidentiality, first Master key KASME is negotiated after the completion of beginning certification, between MTCDi and eNBi.In switching verification process, even if master key KASMEiIt is compromised, attacker can not also steal authentication key SKMTCDi, because in embodiments of the present invention, master key KASMEiAuthentication key SKMTCD is not participated in directlyiGeneration, and be intended for CMAC keys to ensure the complete of certification message Property.
It should be noted that in the early-stage preparations stage of the embodiment of the present invention, in order to apply said program, home signature user Server (HSS) needs to execute following operation:
(1) a Big prime p is selected, and generates a multi-component system { Fp,E/Fp,G,P}.Wherein E/FpRepresentative has been defined on Confinement FpOn Elliptic Curve y2=x3+ax+b,(a,b∈Fp), discriminate Δ=4a3+27b2≠0。E(Fp) indicate by E/Fp On point and " infinite point " Ο composition group;
(2) in E/FpMiddle q ranks subgroup G, G one module of formation for selecting one to generate member as P;
(3) an one-way Hash function H, such as SHA-1 are selected;
(4) HSS discloses systematic parameter { p, q, E/Fp, G, P, H }, MTCD and eNB are loaded and are preserved respectively.
The embodiment of the present invention in order to verify it is provided in an embodiment of the present invention go whether switching authentication method can reduce expense, Simulation comparison has been carried out, Fig. 2 is the communication overhead contrast schematic diagram of 4 kinds of schemes provided in an embodiment of the present invention, as shown in Fig. 2, Switching certificate scheme (ours) provided in an embodiment of the present invention and other three kinds of prior arts (LTE-A, GAHAP and UGHA it) compares, communication overhead is obviously reduced.
It is understood that scheme provided in an embodiment of the present invention is in terms of communication overhead, due to MTCDleaderIt is responsible for handle Similar MTCDs information forms a group, it is assumed that n MTCDs user is divided into m user group (n>m).Remember MME servers with Communicating the primary time between eNB is expressed as TMM-e, communicating the primary time between MTCD and eNB is expressed as TMT-e, eNB and eNB Between communicate the primary time and be expressed as Te-e.For 3GPP standard schemes, in switching verification process, each MTCD user It needs to communicate between 1 MME server and eNB, be communicated between MTCD and eNB for 3 times, communicated between eNB and eNB for 2 times.For the side GAHAP Case needs 2 current communication between SeNB and purpose TeNB, hereafter often when MTCD group members switch over certification for the first time Secondary switching all only needs 3 communication between MTCD and eNB.It is similar with GAHAP schemes for UGHA schemes, in the MTCD groups at When member switches over certification for the first time, the current communication between SeNB and purpose TeNB of additional 4 times is needed, hereafter switching all needs every time Want 2 communication between MTCD and eNB.And this programme, communication overhead size and only consider to use not against the size of user's number n The size of family group m, to only need smaller communication overhead.
It should be noted that Fig. 2 is the communication overhead when m is equal to 2.
Fig. 3 is the computing cost contrast schematic diagram of 4 kinds of schemes provided in an embodiment of the present invention, in terms of computing cost, this Inventive embodiments simulate MTCD and eNB on Intel Core 2.8GHz processors and Kirin 1.7GHz processors respectively Experimental situation, with C the libraries C++OpenSSL measure the basic cryptographic calculation time, and remember that each symbolic indication is as follows:THIt indicates primary to breathe out The time of uncommon operation, TMIndicate a point multiplication operation time, TEIndicate a Montgomery Algorithm time.We are set forth in table 4.3 The computing cost of case and other three schemes.
In terms of computing cost, this programme has apparent advantage compared with UGHA schemes, since UGHA schemes use multi-signature Mode achieve the purpose that be mutually authenticated, generated in key and when authentication repeatedly use Montgomery Algorithm, needed more Calculate the time.LTE-A standard schemes use the key management mechanism of chain type with GAHAP schemes simultaneously, only in key agreement The smaller Hash operation of calculation amount has been used, has been better than this programme in terms of computing cost, but this key management mechanism is not It can guarantee forward direction/backward confidentiality of master key.
In summary simulation result can be seen that switching certificate scheme provided in an embodiment of the present invention and can ensure to maintain secrecy Communication overhead is substantially reduced under the precondition of property.
Fig. 4 is a kind of switching Verification System structure chart of MTC frameworks provided in an embodiment of the present invention, as shown in figure 4, a kind of The switching Verification System of MTC frameworks, including:Acquisition module 1, aggregation module 2 and switching authentication module 3, wherein:
Acquisition module 1 is used to obtain the certification message and Message Authentication Code that each equipment is sent in equipment group;
Aggregation module 2 is used to be based on the certification message and Message Authentication Code, calculates the corresponding polymerization of the equipment group Message is verified, and polymerization verification message is sent to target BS TeNB, so that the TeNB verifies the polymerization verification The first syndication message identifying code in message simultaneously sends certification message;
After switching authentication module 3 is used to receive the certification message that the TeNB is sent, the verification of the second syndication message is calculated Code, and the second syndication message identifying code is sent to each equipment in equipment group, for every in the equipment group One equipment completes the switching certification with the TeNB according to the second syndication message identifying code.
It is specific how to be recognized using the switching of acquisition module 1, aggregation module 2 and the switching realization MTC frameworks of authentication module 3 Card can be found in above-described embodiment, and the embodiment of the present invention repeats no more this.
The embodiment of the present invention provides a kind of switching authenticating device of MTC frameworks, including:At least one processor;And with At least one processor of the processor communication connection, wherein:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to It enables to execute the method that above-mentioned each method embodiment is provided, such as including:S1, each equipment transmission in equipment group is obtained Certification message and Message Authentication Code;S2, it is based on the certification message and Message Authentication Code, it is corresponding calculates the equipment group Polymerization verification message, and polymerization verification message is sent to target BS TeNB, so that the TeNB verifies the polymerization It verifies the first syndication message identifying code in message and sends certification message;S3, the certification message that the TeNB is sent is received Afterwards, the second syndication message identifying code is calculated, and the second syndication message identifying code is sent in equipment group each and is set It is standby, so that each equipment is completed and the switching of the TeNB according to the second syndication message identifying code in the equipment group Certification.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated When machine executes, computer is able to carry out the method that above-mentioned each method embodiment is provided, such as including:S1, equipment group is obtained The certification message and Message Authentication Code that each interior equipment is sent;S2, it is based on the certification message and Message Authentication Code, calculates institute The corresponding polymerization verification message of equipment group is stated, and polymerization verification message is sent to target BS TeNB, for described TeNB verifies the first syndication message identifying code in the polymerization verification message and sends certification message;S3, receive it is described After the certification message that TeNB is sent, the second syndication message identifying code is calculated, and the second syndication message identifying code is sent to Each equipment in equipment group, so that each equipment is complete according to the second syndication message identifying code in the equipment group At the switching certification with the TeNB.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium Computer instruction is stored, the computer instruction makes the computer execute the method that above-mentioned each method embodiment is provided, example Such as include:S1, each equipment is sent in equipment group certification message and Message Authentication Code are obtained;S2, it is based on the certification Message and Message Authentication Code calculate the corresponding polymerization verification message of the equipment group, and polymerization verification message are sent Target BS TeNB is given, is recognized so that the TeNB verifies the first syndication message identifying code in the polymerization verification message and sends Demonstrate,prove message;S3, after receiving the certification message that the TeNB is sent, the second syndication message identifying code is calculated, and by described second Syndication message identifying code is sent to each equipment in equipment group, in the equipment group each equipment according to Second syndication message identifying code completes the switching certification with the TeNB.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can pass through The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer read/write memory medium, the program When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or light The various media that can store program code such as disk.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It is realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be expressed in the form of software products in other words, should Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation Method described in certain parts of example or embodiment.
Finally, the present processes are only preferable embodiment, are not intended to limit the scope of the present invention.It is all Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in the protection of the present invention Within the scope of.

Claims (10)

1. a kind of switching authentication method of MTC frameworks, which is characterized in that including:
S1, each equipment is sent in equipment group certification message and Message Authentication Code are obtained;
S2, it is based on the certification message and Message Authentication Code, calculates the corresponding polymerization of the equipment group and verifies message, and by institute It states polymerization verification message and is sent to target BS TeNB, so that the TeNB verifies the first polymerization in the polymerization verification message Message Authentication Code simultaneously sends certification message;
S3, after receiving the certification message that the TeNB is sent, the second syndication message identifying code is calculated, and described second is polymerize Message Authentication Code is sent to each equipment in equipment group, in the equipment group each equipment according to described second Syndication message identifying code completes the switching certification with the TeNB.
2. according to the method described in claim 1, it is characterized in that, step S1 foregoing description methods further include:
ID and pre-sharing safety key is distributed for each equipment in the equipment group.
3. according to the method described in claim 1, it is characterized in that, step S1 is specifically included:
After receiving the certification request information that the TeNB is sent, into equipment group certification described in each device broadcasts ask Information is sought, so that each equipment calculates respective certification message and Message Authentication Code in the equipment group.
4. according to the method described in claim 1, it is characterized in that, step S2 is specifically included:
Based on the Message Authentication Code that each equipment in the equipment group is sent, corresponding first polymerization of computing device group disappears Cease identifying code;
Corresponding first polymerization of certification message and the equipment group sent based on each equipment in the equipment group Message Authentication Code generates the corresponding polymerization verification message of the equipment group, and polymerization verification message is sent to target Base station TeNB.
5. according to the method described in claim 1, it is characterized in that, step S3 further includes:
Whether timestamp and the life span for verifying the second syndication message identifying code calculated are effective;
If the timestamp and life span of the second syndication message identifying code are effective, by the second syndication message identifying code It is sent to each equipment in equipment group, so that each equipment is tested according to second syndication message in the equipment group Demonstrate,prove the switching certification of code completion and the TeNB.
6. according to any methods of claim 1-5, which is characterized in that the method further includes:
Based on elliptic curve Diffie-Hellman algorithms, the meeting in computing device group between each equipment and the TeNB Talk about key.
7. a kind of switching Verification System of MTC frameworks, which is characterized in that including:
Acquisition module, for obtaining the certification message and Message Authentication Code that each equipment is sent in equipment group;
Aggregation module calculates the corresponding polymerization verification of the equipment group for being based on the certification message and Message Authentication Code Message, and polymerization verification message is sent to target BS TeNB, verify message so that the TeNB verifies the polymerization In the first syndication message identifying code and send certification message;
Switch authentication module, after receiving the certification message that the TeNB is sent, calculates the second syndication message identifying code, and The second syndication message identifying code is sent to each equipment in equipment group, so that each sets in the equipment group The standby switching certification completed according to the second syndication message identifying code with the TeNB.
8. a kind of computer equipment, which is characterized in that including memory and processor, the processor and the memory pass through Bus completes mutual communication;The memory is stored with the program instruction that can be executed by the processor, the processor Described program instruction is called to be able to carry out the method as described in claim 1 to 6 is any.
9. a kind of computer program product, which is characterized in that the computer program product includes being stored in non-transient computer Computer program on readable storage medium storing program for executing, the computer program include program instruction, when described program is instructed by computer When execution, the computer is made to execute the method as described in claim 1 to 6 is any.
10. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited Computer instruction is stored up, the computer instruction makes the computer execute the method as described in claim 1 to 6 is any.
CN201810155160.1A 2018-02-23 2018-02-23 A kind of switching authentication method and system of MTC frameworks Pending CN108513296A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810155160.1A CN108513296A (en) 2018-02-23 2018-02-23 A kind of switching authentication method and system of MTC frameworks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810155160.1A CN108513296A (en) 2018-02-23 2018-02-23 A kind of switching authentication method and system of MTC frameworks

Publications (1)

Publication Number Publication Date
CN108513296A true CN108513296A (en) 2018-09-07

Family

ID=63375173

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810155160.1A Pending CN108513296A (en) 2018-02-23 2018-02-23 A kind of switching authentication method and system of MTC frameworks

Country Status (1)

Country Link
CN (1) CN108513296A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020125717A1 (en) * 2018-12-19 2020-06-25 中兴通讯股份有限公司 Method, system, and device for synchronous terminal mobility management, and storage medium
CN114286334A (en) * 2021-12-29 2022-04-05 西安邮电大学 Multi-user authentication method and system for mobile communication scene and information processing terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101958898A (en) * 2010-09-28 2011-01-26 中国科学院研究生院 Quick EAP authentication switching method in mobile WiMax network
CN102088668A (en) * 2011-03-10 2011-06-08 西安电子科技大学 Group-based authentication method of machine type communication (MTC) devices
US20110134841A1 (en) * 2009-11-25 2011-06-09 Interdigital Patent Holdings, Inc. Machine type communication preregistration
CN102137397A (en) * 2011-03-10 2011-07-27 西安电子科技大学 Authentication method based on shared group key in machine type communication (MTC)
CN104703178A (en) * 2015-03-15 2015-06-10 西安电子科技大学 Machine type communication authenticating and key negotiating method based on group anonymous proxy
CN105144766A (en) * 2013-01-10 2015-12-09 日本电气株式会社 Group authentication in broadcasting for mtc group of ues

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110134841A1 (en) * 2009-11-25 2011-06-09 Interdigital Patent Holdings, Inc. Machine type communication preregistration
CN101958898A (en) * 2010-09-28 2011-01-26 中国科学院研究生院 Quick EAP authentication switching method in mobile WiMax network
CN102088668A (en) * 2011-03-10 2011-06-08 西安电子科技大学 Group-based authentication method of machine type communication (MTC) devices
CN102137397A (en) * 2011-03-10 2011-07-27 西安电子科技大学 Authentication method based on shared group key in machine type communication (MTC)
CN105144766A (en) * 2013-01-10 2015-12-09 日本电气株式会社 Group authentication in broadcasting for mtc group of ues
CN104703178A (en) * 2015-03-15 2015-06-10 西安电子科技大学 Machine type communication authenticating and key negotiating method based on group anonymous proxy

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHENGZHE LAI: "LGTH: A lightweight group authentication protocol for machine-type communication in LTE networks", 《 2013 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM)》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020125717A1 (en) * 2018-12-19 2020-06-25 中兴通讯股份有限公司 Method, system, and device for synchronous terminal mobility management, and storage medium
CN111343675A (en) * 2018-12-19 2020-06-26 中兴通讯股份有限公司 Method, system, equipment and storage medium for terminal synchronous mobility management
CN114286334A (en) * 2021-12-29 2022-04-05 西安邮电大学 Multi-user authentication method and system for mobile communication scene and information processing terminal

Similar Documents

Publication Publication Date Title
Zeng et al. E-AUA: An efficient anonymous user authentication protocol for mobile IoT
Wang et al. Privacy-preserving authentication and key agreement protocols for D2D group communications
Cao et al. LSAA: A lightweight and secure access authentication scheme for both UE and mMTC devices in 5G networks
Sadhukhan et al. A secure and privacy preserving lightweight authentication scheme for smart-grid communication using elliptic curve cryptography
Zhou et al. Provable secure authentication protocol with anonymity for roaming service in global mobility networks
Zhong et al. An efficient and secure recoverable data aggregation scheme for heterogeneous wireless sensor networks
Xu et al. An anonymous handover authentication scheme based on LTE-A for vehicular networks
CN110768954B (en) Lightweight security access authentication method suitable for 5G network equipment and application
Roychoudhury et al. Provably secure group authentication and key agreement for machine type communication using Chebyshev’s polynomial
CN109756877A (en) A kind of anti-quantum rapid authentication and data transmission method of magnanimity NB-IoT equipment
Xiong et al. A survey of group key agreement protocols with constant rounds
CN107733632A (en) A kind of wireless network secure switching method of anti-quantum attack
Li et al. Smart contract-based cross-domain authentication and key agreement system for heterogeneous wireless networks
CN109361519A (en) A kind of improved generation method and system comprising secret number
Wang et al. Efficient privacy preserving matchmaking for mobile social networking against malicious users
Yu et al. A certificateless signature for multi-source network coding
Yin et al. Two-round password-based authenticated key exchange from lattices
CN108513296A (en) A kind of switching authentication method and system of MTC frameworks
Ouaissa et al. A New Scheme of Group-based AKA for Machine Type Communication over LTE Networks.
Zahednejad et al. A lightweight, secure big data-based authentication and key-agreement scheme for iot with revocability
Xie et al. A new lattice-based blind ring signature for completely anonymous blockchain transaction systems
Teng et al. A strongly secure identity-based authenticated group key exchange protocol
吴涛 et al. Two-party certificateless authenticated key agreement protocol with enhanced security
Permpoontanalarp On-the-fly trace generation and textual trace analysis and their applications to the analysis of cryptographic protocols
Krzywiecki et al. Privacy-oriented dependency via deniable SIGMA protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180907