CN108513296A - A kind of switching authentication method and system of MTC frameworks - Google Patents
A kind of switching authentication method and system of MTC frameworks Download PDFInfo
- Publication number
- CN108513296A CN108513296A CN201810155160.1A CN201810155160A CN108513296A CN 108513296 A CN108513296 A CN 108513296A CN 201810155160 A CN201810155160 A CN 201810155160A CN 108513296 A CN108513296 A CN 108513296A
- Authority
- CN
- China
- Prior art keywords
- message
- equipment
- tenb
- certification
- sent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W28/00—Network traffic management; Network resource management
- H04W28/02—Traffic management, e.g. flow control or congestion control
- H04W28/0289—Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of switching authentication method, including:Obtain the certification message and Message Authentication Code that each equipment is sent in equipment group;Based on certification message and Message Authentication Code, message is verified in the corresponding polymerization of computing device group, and polymerization verification message is sent to TeNB, so that TeNB verifies the first syndication message identifying code in the polymerization verification message and sends certification message;After the certification message for receiving TeNB transmissions, calculate the second syndication message identifying code, and the second syndication message identifying code is sent to each equipment in equipment group, so that each equipment is completed and the switching certification of TeNB according to the second syndication message identifying code in equipment group.Method provided by the invention is authenticated by using the mode of syndication message identifying code, it realizes and is directly communicated with base station by the group leader of equipment group, reduce communication overhead, being mutually authenticated for equipment and base station is realized by the way of shaking hands twice in verification process, ensure that the safe and reliable of verification process.
Description
Technical field
The invention belongs to Internet of Things fields of communication technology, a kind of switching authentication method more particularly, to MTC frameworks and
System.
Background technology
With popularizing for Internet of Things, one of the way of realization as Internet of Things, machine type communication (MTC) obtains hair at full speed
Exhibition, is used widely in the fields such as smart home, intelligent grid, electron medical treatment and remote monitoring and tracking.By feat of low
Cost, low energy consumption are easy to dispose and be not necessarily to artificial the advantages that participating in, and machine type communication has huge development prospect, still
Existing bearer network is to communicate clever device towards Human To Human, lacks the optimization for machine type communication, the machine type of magnanimity
Communication equipment can form enormous impact when being carried out at the same time data transmit-receive to existing network, cause the signaling congestion and key of core net
The overload of node;In the application to the higher machine type communication of requirement of real-time, the service request of magnanimity high concurrent makes clothes
Business device is not at all the time in heavy information processing work, and the performance and service quality of application server are proposed sternly
High challenge.
In cellular networks, when magnanimity internet-of-things terminal equipment accesses network simultaneously, it may appear that signaling congestion problem is led
It causes grid delay to be increased sharply, or even system crash occurs, and there are certain safety to ask for existing switching authentication protocol
Topic is easy to be attacked by malicious attacker.
Invention content
The present invention provides a kind of a kind of cutting for MTC frameworks for overcoming the above problem or solving the above problems at least partly
Authentication method is changed, including:
S1, each equipment is sent in equipment group certification message and Message Authentication Code are obtained;
S2, it is based on the certification message and Message Authentication Code, calculates the corresponding polymerization verification message of the equipment group, and
Polymerization verification message is sent to target BS TeNB, so that the TeNB verifies first in the polymerization verification message
Syndication message identifying code simultaneously sends certification message;
S3, after receiving the certification message that the TeNB is sent, the second syndication message identifying code is calculated, and by described second
Syndication message identifying code is sent to each equipment in equipment group, in the equipment group each equipment according to
Second syndication message identifying code completes the switching certification with the TeNB.
According to the second aspect of the invention, a kind of switching Verification System of MTC frameworks is provided, including:
Acquisition module, for obtaining the certification message and Message Authentication Code that each equipment is sent in equipment group;
Aggregation module calculates the corresponding polymerization of the equipment group for being based on the certification message and Message Authentication Code
Message is verified, and polymerization verification message is sent to target BS TeNB, so that the TeNB verifies the polymerization verification
The first syndication message identifying code in message simultaneously sends certification message;
Switch authentication module, after receiving the certification message that the TeNB is sent, calculates the verification of the second syndication message
Code, and the second syndication message identifying code is sent to each equipment in equipment group, for every in the equipment group
One equipment completes the switching certification with the TeNB according to the second syndication message identifying code.
According to the third aspect of the invention we, a kind of switching authenticating device of MTC frameworks is provided, including:
Processor, memory, communication interface and bus;Wherein,
The processor, memory, communication interface complete mutual communication by the bus;
The communication interface is for the information transmission between the test equipment and the communication equipment of display device;
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to
Enable the switching authentication method for being able to carry out a kind of MTC frameworks described above.
According to the fourth aspect of the invention, a kind of computer program product, including program code, said program code are provided
Switching authentication method for executing a kind of MTC frameworks described above.
According to the fifth aspect of the invention, a kind of non-transient computer readable storage medium is provided, for storing such as preceding institute
The computer program stated.
The switching authentication method and system of a kind of MTC frameworks provided in an embodiment of the present invention, are tested by using syndication message
The mode of card code is authenticated, and is realized and is directly communicated with base station by the group leader of equipment group, reduces communication overhead, and
And being mutually authenticated for equipment and base station is realized by the way of shaking hands twice in verification process, it ensure that the peace of verification process
It is complete reliable.
Description of the drawings
Fig. 1 is a kind of switching authentication method flow chart of MTC frameworks provided in an embodiment of the present invention;
Fig. 2 is the communication overhead contrast schematic diagram of 4 kinds of schemes provided in an embodiment of the present invention;
Fig. 3 is the computing cost contrast schematic diagram of 4 kinds of schemes provided in an embodiment of the present invention;
Fig. 4 is a kind of switching Verification System structure chart of MTC frameworks provided in an embodiment of the present invention.
Specific implementation mode
With reference to the accompanying drawings and examples, the specific implementation mode of the present invention is described in further detail.Implement below
Example is not limited to the scope of the present invention for illustrating the present invention.
In the prior art, MTC frameworks are the key technology of Internet of Things development, and are woven in quilt in LTE-A network by 3GPP groups
Relevant criterion is proposed and formulated, but still there are some technological difficulties not to be solved in the standard of formulation.
Such as:When a large amount of MTC devices are switched to new eNB from eNB simultaneously, there can be signaling congestion using 3GPP mechanism
Problem, and the interactive process between MTC device and eNB is easy, by people's steal information, to lack safety assurance.
In order to express easily face, in all embodiments of the invention, the meaning of following character is as follows:
P, q are two k prime numbers, E/FpFor the elliptic curve in finite field, G is group, and GID is group identification, and GAI is
Group's area identification, fkeyFor the calculating function of MAC, t is timestamp, TTL times for survival.
For the above-mentioned prior art the problem of, Fig. 1 are a kind of switchings of MTC frameworks provided in an embodiment of the present invention
Authentication method flow chart, as shown in Figure 1, the method includes:
S1, each equipment is sent in equipment group certification message and Message Authentication Code are obtained;
S2, it is based on the certification message and Message Authentication Code, calculates the corresponding polymerization verification message of the equipment group, and
Polymerization verification message is sent to target BS TeNB, so that the TeNB verifies first in the polymerization verification message
Syndication message identifying code simultaneously sends certification message;
S3, after receiving the certification message that the TeNB is sent, the second syndication message identifying code is calculated, and by described second
Syndication message identifying code is sent to each equipment in equipment group, in the equipment group each equipment according to
Second syndication message identifying code completes the switching certification with the TeNB.
The executive agent of the embodiment of the present invention is the group leader of equipment group, it is to be understood that the embodiment of the present invention is being
The initial phase of system will constitute an equipment group in the MTC device of same area, same subscriber and same characteristic features,
Each equipment group is made of multiple MTCD and ID number GID.
Wherein, the selection standard of the group leader of equipment group is the computing capability according to group membership, storage size, battery capacity
Etc. combined factors analysis, select a best group membership as group leader MTCDleader。
It is understood that when arbitrary MTCD detects target BS TeNB and is switched over to it, where MTCD
Group leader MTCDleaderAll members in its group can be represented and send access request message to TeNB, when TeNB receives access request
Afterwards, TeNB can MTCDleaderSend authentication request message.
Further, work as MTCDleaderAfter the certification request information for receiving TeNB transmissions, start to switch verification process.Specifically
, in S1, the embodiment of the present invention can be by group leader MTCDleaderObtain the certification message that each MTCD is calculated in equipment groupAnd Message Authentication CodeThe certification message is for verifying facility information, and calculating process is:
Select random numberAnd it calculatesAccording toGenerate the certification message of itself
The Message Authentication Code is a kind of authentication mechanism of communicating pair verification, and generally MAC codes, calculation can be used
Traditional cipher mode is generally basede on MD5 algorithms, is formulated as:
Further, in step S2, as group leader MTCDleaderThe certification message and message for getting each equipment calculating are tested
After demonstrate,proving code, according to certification message and Message Authentication Code information, message is verified in the corresponding polymerization of computing device group.
It is understood that the polymerization verification information is calculated using polymerization identifying code algorithm, syndication message is tested
Card code algorithm can need to hold shared key by MAC label aggregations caused by multiple senders at a shorter label
User could verify data validity, and remain able to verify the integrality of each sender's label.
The construction process of syndication message identifying code provided in an embodiment of the present invention is as follows:
Give length of the security parameter as key, it is assumed that security parameter n.Syndication message authentication code is one three
The probabilistic polynomial time algorithm (Mac, Agg, Vrfy) of tuple, detailed to establish process description as follows:
(1) identifying algorithm Mac:Input a key k ∈ { 0,1 }nWith message m ∈ { 0,1 }*, output algorithm Mack(m)。
(2) aggregating algorithm Agg:Input one group of message and key pair M1, M2With two authenticating tag tag1, tag2, algorithm
Agg utilizes XOR operation to authenticating tag, and aggregate label is calculated
(3) verification algorithm Vrfy:Input t group keys k1, k2…kt∈ { 0,1 }nWith θ message/key pair M={ (m1,
i1) ... (mθ, iθ), wherein i ∈ { 1 ..., t } calculate polymerization authenticating tagAnd if only if
When tag '=tag, it is 1 to export, and indicates to be verified;Otherwise, it is 0 to export, and indicates authentication failed.
So according to above-mentioned polymerization identifying code algorithm, the embodiment of the present invention can be by group leader MTCDleaderComputing device group
Message is verified in corresponding polymerization, wherein containing the first syndication message identifying code in polymerization verification message, and the polymerization is tested
Card message is sent to target BS TeNB, and the first syndication message identifying code is intended merely to be shown to be the syndication message for being directed to group
Identifying code uses MAC in embodiments of the present inventionG1It indicates.
It is understood that the first polymerization identifying code generated is for being verified for TeNB, TeNB receives group leader
MTCDleaderThe polymerization verification message AUTH of transmissionG1Afterwards, first, it is calculated by known GAI and MTCDiBetween it is shared close
KeyAnd whether verification time stamp t and life span TTL is effective, if in vain, showing that current authentication process is completed.If
Effectively, then following steps are continued to execute:
(1) first, syndication message identifying code is calculated separately outWith polymerization verification message AUTHG1.Then, institute is checked
Calculated syndication message identifying codeWith the syndication message identifying code MAC sended overG1It is whether equal, if unequal,
Then TeNB sends the group leader MTCD where request failure message to G1leader, and terminate current authentication process, if equal, continue
It executes.
(2) random number is selectedAnd it calculatesAnd by calculating syndication message identifying codeProduce verification message AUTHTeNB=(IDTeNB||rTeNB·P||t||TTL||
MACTeNB), then, by certification message AUTHTeNBIt is sent to MTCDleader。
(3) MTCD is calculatediSession key between TeNB
Further, in step S3, when TeNB is according to the first syndication message identifying code MACG1After being proved to be successful, it can send and recognize
Demonstrate,prove message AUTHTeNBTo MTCDleader, MTCDleaderAfter receiving the certification message, the second syndication message identifying code can be calculated
MACTeNB, and the second syndication message identifying code is sent to each equipment in equipment group so that each equipment is performed both by as follows
Step:
(1) each MTCD in organizingiMember calculates new syndication message identifying code
And it verifiesWhether and MACTeNBIt is equal, if unequal, show MTCD certifications TeNB failures.
(2) each MTCD in organizingiMember calculates their session keys between TeNB
So far, as each group membership MTCDiThe session key of oneself is all negotiatedAfterwards, switching certification is completed.
The switching authentication method of a kind of MTC frameworks provided in an embodiment of the present invention, by using syndication message identifying code
Mode is authenticated, and is realized and is directly communicated with base station by the group leader of equipment group, reduces communication overhead, and recognizing
Being mutually authenticated for equipment and base station is realized during card by the way of shaking hands twice, ensure that the safety of verification process can
It leans on.
On the basis of the above embodiments, step S1 foregoing description method further includes:
ID and pre-sharing safety key is distributed for each equipment in the equipment group.
It is understood that in carrying out core net access procedure, there can be multiple equipment group slightly while access, then logical
The GID for crossing group can be identified for that this ID number is embedded into often by each equipment group, the embodiment of the present invention by 3GPP standards
In a MTC device, then when MTC device is linked into LTE-A core nets for the first time, HSS can pass through EPS-AKA key agreement mistakes
Journey produces MME and MTCDiBetween shared key KASMEi, then, MME is by shared key { KASME1,…,KASMEnSend to
Current eNB is as the shared key between eNB and MTCDs.
On the basis of the above embodiments, step S1 is specifically included:
After receiving the certification request information that the TeNB is sent, recognize described in each device broadcasts into equipment group
Solicited message is demonstrate,proved, so that each equipment calculates respective certification message and Message Authentication Code in the equipment group.
It is understood that after starting to switch certification, group leader that equipment group selects will replace whole equipment group with
Base station is communicated, but practical foundation switching is that each equipment is needed to switch over, then group leader MTCDleaderInto group
All group membership's broadcast authentication request messages, then each facility group member execute the following steps successively:
(1) MTCD is calculatediShared key between TeNB;
(2) random number is selectedAnd it calculatesAccording toGenerate the certification message of itself
(3) Message Authentication Code of itself is calculated
Final group leader MTCDleaderThe respective certification message of each equipment can be obtainedAnd Message Authentication Code
On the basis of the above embodiments, step S2 is specifically included:
Based on the Message Authentication Code that each equipment in the equipment group is sent, computing device group corresponding first gathers
Close Message Authentication Code;
The certification message sent based on each equipment in the equipment group and the equipment group corresponding first
Syndication message identifying code generates the corresponding polymerization verification message of the equipment group, and polymerization verification message is sent to
Target BS TeNB.
Specifically, working as MTCDleaderReceive the certification message of all members in groupAnd Message Authentication CodeAfterwards,
MTCDleaderFollowing steps will be executed:
(1) the shared secret key between TeNB is calculated
(2) syndication message identifying code is calculatedWhereinIt represents different
Or operation.
(3) polymerization verification message is producedConcurrently
Give TeNB.
On the basis of the above embodiments, step S3 further includes:
Whether timestamp and the life span for verifying the second syndication message identifying code calculated are effective;
If the timestamp and life span of the second syndication message identifying code are effective, second syndication message is tested
Card code is sent to each equipment in equipment group, so that each equipment disappears according to second polymerization in the equipment group
Cease the switching certification of identifying code completion and the TeNB.
It is understood that similar to the syndication message verification process of TeNB, group leader MTCDleaderIt is sent receiving TeNB
Certification message AUTHTeNBAfterwards, syndication message identifying code MAC is calculated firstTeNB, and verification time stamp t and life span TTL
Whether effectively, if in vain, terminating current authentication process, if effectively, MTCDleaderBy parameter rTeNBP is sent to each in G1 groups
Member.
During message transmission, the embodiment of the present invention adds suitable timestamp t and existence in certification message
Time TTL makes attacker that the packet received can not be used as attack source, to prevent Replay Attack.
On the basis of the above embodiments, the method further includes:
Based on elliptic curve Diffie-Hellman algorithms, in computing device group between each equipment and the TeNB
Session key.
It is understood that during above-described embodiment, the embodiment of the present invention is required to Signalling exchange each time
Carry out key authentication.
The overall process of key agreement, used in the embodiment of the present invention calculated based on elliptic curve Diffie-Hellman
Method, using Diffie-Hellman algorithms, attacker can not be according to MTCDiOpen message between eNB derives that session is close
Key, moreover, because this programme uses the cipher mode of Message Authentication Code, even if attacker can not getting certification message yet
Certification message is distorted to achieve the purpose that attack.
It is understood that after switching certification, MTCDiAuthentication key SKMTCD can be negotiated between TeNBi。
Authentication key SKMTCDiIt is by security parameterrTeNBIt is generated with P, it is (ellipse due to there is no efficient algorithm that can solve ECDLP
Circular curve discrete logarithm problem) problem, so even if attacker can not calculate security parameter r if getting P and rP.By
In that can not solve the problems, such as ECDH (elliptic curve DH) in limited multinomial, even if attacker getsAnd rTeNB·
P can not also produce SKMTCDi。
Also, this programme also has before master key using Diffie-Hellman algorithms to/backward confidentiality, first
Master key KASME is negotiated after the completion of beginning certification, between MTCDi and eNBi.In switching verification process, even if master key
KASMEiIt is compromised, attacker can not also steal authentication key SKMTCDi, because in embodiments of the present invention, master key
KASMEiAuthentication key SKMTCD is not participated in directlyiGeneration, and be intended for CMAC keys to ensure the complete of certification message
Property.
It should be noted that in the early-stage preparations stage of the embodiment of the present invention, in order to apply said program, home signature user
Server (HSS) needs to execute following operation:
(1) a Big prime p is selected, and generates a multi-component system { Fp,E/Fp,G,P}.Wherein E/FpRepresentative has been defined on
Confinement FpOn Elliptic Curve y2=x3+ax+b,(a,b∈Fp), discriminate Δ=4a3+27b2≠0。E(Fp) indicate by E/Fp
On point and " infinite point " Ο composition group;
(2) in E/FpMiddle q ranks subgroup G, G one module of formation for selecting one to generate member as P;
(3) an one-way Hash function H, such as SHA-1 are selected;
(4) HSS discloses systematic parameter { p, q, E/Fp, G, P, H }, MTCD and eNB are loaded and are preserved respectively.
The embodiment of the present invention in order to verify it is provided in an embodiment of the present invention go whether switching authentication method can reduce expense,
Simulation comparison has been carried out, Fig. 2 is the communication overhead contrast schematic diagram of 4 kinds of schemes provided in an embodiment of the present invention, as shown in Fig. 2,
Switching certificate scheme (ours) provided in an embodiment of the present invention and other three kinds of prior arts (LTE-A, GAHAP and
UGHA it) compares, communication overhead is obviously reduced.
It is understood that scheme provided in an embodiment of the present invention is in terms of communication overhead, due to MTCDleaderIt is responsible for handle
Similar MTCDs information forms a group, it is assumed that n MTCDs user is divided into m user group (n>m).Remember MME servers with
Communicating the primary time between eNB is expressed as TMM-e, communicating the primary time between MTCD and eNB is expressed as TMT-e, eNB and eNB
Between communicate the primary time and be expressed as Te-e.For 3GPP standard schemes, in switching verification process, each MTCD user
It needs to communicate between 1 MME server and eNB, be communicated between MTCD and eNB for 3 times, communicated between eNB and eNB for 2 times.For the side GAHAP
Case needs 2 current communication between SeNB and purpose TeNB, hereafter often when MTCD group members switch over certification for the first time
Secondary switching all only needs 3 communication between MTCD and eNB.It is similar with GAHAP schemes for UGHA schemes, in the MTCD groups at
When member switches over certification for the first time, the current communication between SeNB and purpose TeNB of additional 4 times is needed, hereafter switching all needs every time
Want 2 communication between MTCD and eNB.And this programme, communication overhead size and only consider to use not against the size of user's number n
The size of family group m, to only need smaller communication overhead.
It should be noted that Fig. 2 is the communication overhead when m is equal to 2.
Fig. 3 is the computing cost contrast schematic diagram of 4 kinds of schemes provided in an embodiment of the present invention, in terms of computing cost, this
Inventive embodiments simulate MTCD and eNB on Intel Core 2.8GHz processors and Kirin 1.7GHz processors respectively
Experimental situation, with C the libraries C++OpenSSL measure the basic cryptographic calculation time, and remember that each symbolic indication is as follows:THIt indicates primary to breathe out
The time of uncommon operation, TMIndicate a point multiplication operation time, TEIndicate a Montgomery Algorithm time.We are set forth in table 4.3
The computing cost of case and other three schemes.
In terms of computing cost, this programme has apparent advantage compared with UGHA schemes, since UGHA schemes use multi-signature
Mode achieve the purpose that be mutually authenticated, generated in key and when authentication repeatedly use Montgomery Algorithm, needed more
Calculate the time.LTE-A standard schemes use the key management mechanism of chain type with GAHAP schemes simultaneously, only in key agreement
The smaller Hash operation of calculation amount has been used, has been better than this programme in terms of computing cost, but this key management mechanism is not
It can guarantee forward direction/backward confidentiality of master key.
In summary simulation result can be seen that switching certificate scheme provided in an embodiment of the present invention and can ensure to maintain secrecy
Communication overhead is substantially reduced under the precondition of property.
Fig. 4 is a kind of switching Verification System structure chart of MTC frameworks provided in an embodiment of the present invention, as shown in figure 4, a kind of
The switching Verification System of MTC frameworks, including:Acquisition module 1, aggregation module 2 and switching authentication module 3, wherein:
Acquisition module 1 is used to obtain the certification message and Message Authentication Code that each equipment is sent in equipment group;
Aggregation module 2 is used to be based on the certification message and Message Authentication Code, calculates the corresponding polymerization of the equipment group
Message is verified, and polymerization verification message is sent to target BS TeNB, so that the TeNB verifies the polymerization verification
The first syndication message identifying code in message simultaneously sends certification message;
After switching authentication module 3 is used to receive the certification message that the TeNB is sent, the verification of the second syndication message is calculated
Code, and the second syndication message identifying code is sent to each equipment in equipment group, for every in the equipment group
One equipment completes the switching certification with the TeNB according to the second syndication message identifying code.
It is specific how to be recognized using the switching of acquisition module 1, aggregation module 2 and the switching realization MTC frameworks of authentication module 3
Card can be found in above-described embodiment, and the embodiment of the present invention repeats no more this.
The embodiment of the present invention provides a kind of switching authenticating device of MTC frameworks, including:At least one processor;And with
At least one processor of the processor communication connection, wherein:
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to
It enables to execute the method that above-mentioned each method embodiment is provided, such as including:S1, each equipment transmission in equipment group is obtained
Certification message and Message Authentication Code;S2, it is based on the certification message and Message Authentication Code, it is corresponding calculates the equipment group
Polymerization verification message, and polymerization verification message is sent to target BS TeNB, so that the TeNB verifies the polymerization
It verifies the first syndication message identifying code in message and sends certification message;S3, the certification message that the TeNB is sent is received
Afterwards, the second syndication message identifying code is calculated, and the second syndication message identifying code is sent in equipment group each and is set
It is standby, so that each equipment is completed and the switching of the TeNB according to the second syndication message identifying code in the equipment group
Certification.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated
When machine executes, computer is able to carry out the method that above-mentioned each method embodiment is provided, such as including:S1, equipment group is obtained
The certification message and Message Authentication Code that each interior equipment is sent;S2, it is based on the certification message and Message Authentication Code, calculates institute
The corresponding polymerization verification message of equipment group is stated, and polymerization verification message is sent to target BS TeNB, for described
TeNB verifies the first syndication message identifying code in the polymerization verification message and sends certification message;S3, receive it is described
After the certification message that TeNB is sent, the second syndication message identifying code is calculated, and the second syndication message identifying code is sent to
Each equipment in equipment group, so that each equipment is complete according to the second syndication message identifying code in the equipment group
At the switching certification with the TeNB.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
Computer instruction is stored, the computer instruction makes the computer execute the method that above-mentioned each method embodiment is provided, example
Such as include:S1, each equipment is sent in equipment group certification message and Message Authentication Code are obtained;S2, it is based on the certification
Message and Message Authentication Code calculate the corresponding polymerization verification message of the equipment group, and polymerization verification message are sent
Target BS TeNB is given, is recognized so that the TeNB verifies the first syndication message identifying code in the polymerization verification message and sends
Demonstrate,prove message;S3, after receiving the certification message that the TeNB is sent, the second syndication message identifying code is calculated, and by described second
Syndication message identifying code is sent to each equipment in equipment group, in the equipment group each equipment according to
Second syndication message identifying code completes the switching certification with the TeNB.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer read/write memory medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or light
The various media that can store program code such as disk.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It is realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be expressed in the form of software products in other words, should
Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, the present processes are only preferable embodiment, are not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent replacement, improvement and so on should be included in the protection of the present invention
Within the scope of.
Claims (10)
1. a kind of switching authentication method of MTC frameworks, which is characterized in that including:
S1, each equipment is sent in equipment group certification message and Message Authentication Code are obtained;
S2, it is based on the certification message and Message Authentication Code, calculates the corresponding polymerization of the equipment group and verifies message, and by institute
It states polymerization verification message and is sent to target BS TeNB, so that the TeNB verifies the first polymerization in the polymerization verification message
Message Authentication Code simultaneously sends certification message;
S3, after receiving the certification message that the TeNB is sent, the second syndication message identifying code is calculated, and described second is polymerize
Message Authentication Code is sent to each equipment in equipment group, in the equipment group each equipment according to described second
Syndication message identifying code completes the switching certification with the TeNB.
2. according to the method described in claim 1, it is characterized in that, step S1 foregoing description methods further include:
ID and pre-sharing safety key is distributed for each equipment in the equipment group.
3. according to the method described in claim 1, it is characterized in that, step S1 is specifically included:
After receiving the certification request information that the TeNB is sent, into equipment group certification described in each device broadcasts ask
Information is sought, so that each equipment calculates respective certification message and Message Authentication Code in the equipment group.
4. according to the method described in claim 1, it is characterized in that, step S2 is specifically included:
Based on the Message Authentication Code that each equipment in the equipment group is sent, corresponding first polymerization of computing device group disappears
Cease identifying code;
Corresponding first polymerization of certification message and the equipment group sent based on each equipment in the equipment group
Message Authentication Code generates the corresponding polymerization verification message of the equipment group, and polymerization verification message is sent to target
Base station TeNB.
5. according to the method described in claim 1, it is characterized in that, step S3 further includes:
Whether timestamp and the life span for verifying the second syndication message identifying code calculated are effective;
If the timestamp and life span of the second syndication message identifying code are effective, by the second syndication message identifying code
It is sent to each equipment in equipment group, so that each equipment is tested according to second syndication message in the equipment group
Demonstrate,prove the switching certification of code completion and the TeNB.
6. according to any methods of claim 1-5, which is characterized in that the method further includes:
Based on elliptic curve Diffie-Hellman algorithms, the meeting in computing device group between each equipment and the TeNB
Talk about key.
7. a kind of switching Verification System of MTC frameworks, which is characterized in that including:
Acquisition module, for obtaining the certification message and Message Authentication Code that each equipment is sent in equipment group;
Aggregation module calculates the corresponding polymerization verification of the equipment group for being based on the certification message and Message Authentication Code
Message, and polymerization verification message is sent to target BS TeNB, verify message so that the TeNB verifies the polymerization
In the first syndication message identifying code and send certification message;
Switch authentication module, after receiving the certification message that the TeNB is sent, calculates the second syndication message identifying code, and
The second syndication message identifying code is sent to each equipment in equipment group, so that each sets in the equipment group
The standby switching certification completed according to the second syndication message identifying code with the TeNB.
8. a kind of computer equipment, which is characterized in that including memory and processor, the processor and the memory pass through
Bus completes mutual communication;The memory is stored with the program instruction that can be executed by the processor, the processor
Described program instruction is called to be able to carry out the method as described in claim 1 to 6 is any.
9. a kind of computer program product, which is characterized in that the computer program product includes being stored in non-transient computer
Computer program on readable storage medium storing program for executing, the computer program include program instruction, when described program is instructed by computer
When execution, the computer is made to execute the method as described in claim 1 to 6 is any.
10. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited
Computer instruction is stored up, the computer instruction makes the computer execute the method as described in claim 1 to 6 is any.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810155160.1A CN108513296A (en) | 2018-02-23 | 2018-02-23 | A kind of switching authentication method and system of MTC frameworks |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810155160.1A CN108513296A (en) | 2018-02-23 | 2018-02-23 | A kind of switching authentication method and system of MTC frameworks |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108513296A true CN108513296A (en) | 2018-09-07 |
Family
ID=63375173
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810155160.1A Pending CN108513296A (en) | 2018-02-23 | 2018-02-23 | A kind of switching authentication method and system of MTC frameworks |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108513296A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020125717A1 (en) * | 2018-12-19 | 2020-06-25 | 中兴通讯股份有限公司 | Method, system, and device for synchronous terminal mobility management, and storage medium |
CN114286334A (en) * | 2021-12-29 | 2022-04-05 | 西安邮电大学 | Multi-user authentication method and system for mobile communication scene and information processing terminal |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101958898A (en) * | 2010-09-28 | 2011-01-26 | 中国科学院研究生院 | Quick EAP authentication switching method in mobile WiMax network |
CN102088668A (en) * | 2011-03-10 | 2011-06-08 | 西安电子科技大学 | Group-based authentication method of machine type communication (MTC) devices |
US20110134841A1 (en) * | 2009-11-25 | 2011-06-09 | Interdigital Patent Holdings, Inc. | Machine type communication preregistration |
CN102137397A (en) * | 2011-03-10 | 2011-07-27 | 西安电子科技大学 | Authentication method based on shared group key in machine type communication (MTC) |
CN104703178A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Machine type communication authenticating and key negotiating method based on group anonymous proxy |
CN105144766A (en) * | 2013-01-10 | 2015-12-09 | 日本电气株式会社 | Group authentication in broadcasting for mtc group of ues |
-
2018
- 2018-02-23 CN CN201810155160.1A patent/CN108513296A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110134841A1 (en) * | 2009-11-25 | 2011-06-09 | Interdigital Patent Holdings, Inc. | Machine type communication preregistration |
CN101958898A (en) * | 2010-09-28 | 2011-01-26 | 中国科学院研究生院 | Quick EAP authentication switching method in mobile WiMax network |
CN102088668A (en) * | 2011-03-10 | 2011-06-08 | 西安电子科技大学 | Group-based authentication method of machine type communication (MTC) devices |
CN102137397A (en) * | 2011-03-10 | 2011-07-27 | 西安电子科技大学 | Authentication method based on shared group key in machine type communication (MTC) |
CN105144766A (en) * | 2013-01-10 | 2015-12-09 | 日本电气株式会社 | Group authentication in broadcasting for mtc group of ues |
CN104703178A (en) * | 2015-03-15 | 2015-06-10 | 西安电子科技大学 | Machine type communication authenticating and key negotiating method based on group anonymous proxy |
Non-Patent Citations (1)
Title |
---|
CHENGZHE LAI: "LGTH: A lightweight group authentication protocol for machine-type communication in LTE networks", 《 2013 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM)》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020125717A1 (en) * | 2018-12-19 | 2020-06-25 | 中兴通讯股份有限公司 | Method, system, and device for synchronous terminal mobility management, and storage medium |
CN111343675A (en) * | 2018-12-19 | 2020-06-26 | 中兴通讯股份有限公司 | Method, system, equipment and storage medium for terminal synchronous mobility management |
CN114286334A (en) * | 2021-12-29 | 2022-04-05 | 西安邮电大学 | Multi-user authentication method and system for mobile communication scene and information processing terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zeng et al. | E-AUA: An efficient anonymous user authentication protocol for mobile IoT | |
Wang et al. | Privacy-preserving authentication and key agreement protocols for D2D group communications | |
Cao et al. | LSAA: A lightweight and secure access authentication scheme for both UE and mMTC devices in 5G networks | |
Sadhukhan et al. | A secure and privacy preserving lightweight authentication scheme for smart-grid communication using elliptic curve cryptography | |
Zhou et al. | Provable secure authentication protocol with anonymity for roaming service in global mobility networks | |
Zhong et al. | An efficient and secure recoverable data aggregation scheme for heterogeneous wireless sensor networks | |
Xu et al. | An anonymous handover authentication scheme based on LTE-A for vehicular networks | |
CN110768954B (en) | Lightweight security access authentication method suitable for 5G network equipment and application | |
Roychoudhury et al. | Provably secure group authentication and key agreement for machine type communication using Chebyshev’s polynomial | |
CN109756877A (en) | A kind of anti-quantum rapid authentication and data transmission method of magnanimity NB-IoT equipment | |
Xiong et al. | A survey of group key agreement protocols with constant rounds | |
CN107733632A (en) | A kind of wireless network secure switching method of anti-quantum attack | |
Li et al. | Smart contract-based cross-domain authentication and key agreement system for heterogeneous wireless networks | |
CN109361519A (en) | A kind of improved generation method and system comprising secret number | |
Wang et al. | Efficient privacy preserving matchmaking for mobile social networking against malicious users | |
Yu et al. | A certificateless signature for multi-source network coding | |
Yin et al. | Two-round password-based authenticated key exchange from lattices | |
CN108513296A (en) | A kind of switching authentication method and system of MTC frameworks | |
Ouaissa et al. | A New Scheme of Group-based AKA for Machine Type Communication over LTE Networks. | |
Zahednejad et al. | A lightweight, secure big data-based authentication and key-agreement scheme for iot with revocability | |
Xie et al. | A new lattice-based blind ring signature for completely anonymous blockchain transaction systems | |
Teng et al. | A strongly secure identity-based authenticated group key exchange protocol | |
吴涛 et al. | Two-party certificateless authenticated key agreement protocol with enhanced security | |
Permpoontanalarp | On-the-fly trace generation and textual trace analysis and their applications to the analysis of cryptographic protocols | |
Krzywiecki et al. | Privacy-oriented dependency via deniable SIGMA protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180907 |