CN109151816A - A kind of network authentication method and system - Google Patents
A kind of network authentication method and system Download PDFInfo
- Publication number
- CN109151816A CN109151816A CN201710510229.3A CN201710510229A CN109151816A CN 109151816 A CN109151816 A CN 109151816A CN 201710510229 A CN201710510229 A CN 201710510229A CN 109151816 A CN109151816 A CN 109151816A
- Authority
- CN
- China
- Prior art keywords
- network
- lte
- mme
- random number
- encrypted result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
This application discloses a kind of network authentication method and system, belong to field of communication technology.This method comprises: adding the network identity of LTE-U network in the first attach request when the MME of LTE-U network receives the first attach request, to generate the second attach request, and being sent to the MME of LTE network;The MME of LTE network is based on the second attach request, and the authorization data request of the network identity of the network identity and LTE network that carry LTE-U network is sent to HSS;HSS is requested based on authorization data, generates authentication vector, and be sent to the MME of LTE network;The MME of LTE network is interacted based on authentication vector and the MME of UE and LTE-U network, to realize network authentication.It that is to say, by method provided by the present application, UE can be in access carrier network and LTE-U network, disposable completion and the authentication between carrier network and LTE-U network.
Description
Technical field
This application involves field of communication technology, in particular to a kind of network authentication method and system.
Background technique
Unlicensed (Long Term Evolution-Unlicensed, LTE-U) network based on long term evolution, which refers to, to be removed
Operator, user's deployment the network equipment except, the network that is made of the network equipment of third-party deployment.For example, certain hospital
In the hospital area, the base station LTE-U (Evolved Node B, eNB), LTE-U mobile management entity (Mobility are deployed
Management Entity, MME), the network equipments such as LTE-U gateway (Gateway, GW), these network equipments constitute
LTE-U network, the user equipment (User Equipment, UE) in the hospital area can be by accessing the LTE-U net
Network is communicated.In order to guarantee that UE can also use carrier network such as long term evolution (Long while accessing LTE-U network
Term Evolution, LTE) network provide network service, the network equipment of LTE-U network can be with the net of carrier network
Network equipment is attached, in this way, UE needs and the LTE-U when the currently UE access LTE-U network of non-access carrier network
Network and carrier network are authenticated.
In the related technology, when UE accesses LTE network for the first time, UE carries out two-way recognizing first between the MME of LTE network
Card, if UE determines that LTE network is true, and MME also determines that UE is true, then, two-way authentication success.Recognize when two-way
After demonstrate,proving successfully, MME can generate Non-Access Stratum (Non-Access Stratum, NAS) key, and according to the NAS key, with UE into
Row negotiating algorithm.When between MME and UE negotiating algorithm success after, LTE network base station (Evolved Node B,
ENodeB access layer (Access Stratum, AS) key) can be generated, and according to progress algorithm association between the AS key and UE
Quotient, if the negotiating algorithm success between eNodeB and UE, the authentication between UE and LTE network are completed, UE can successfully be connect
Enter the LTE network.
Seen from the above description, when providing only UE access carrier network in the related technology with the net in carrier network
The method that network equipment directly authenticates is not provided with when there are LTE-U network, UE access carrier network and LTE-U network
The method of Shi Jinhang network authentication.
Summary of the invention
In order to solve the method for not providing UE access LTE network and LTE-U network progress network authentication in the related technology
Problem, this application provides a kind of network authentication methods, and the technical solution is as follows:
In a first aspect, providing a kind of network authentication method, which comprises
When the mobile management entity MME of the unlicensed LTE-U network based on long term evolution is received from user equipment (UE)
The first attach request when, the network identity of the LTE-U network is added in first attach request, it is second attached to generate
Request, and second attach request is sent to the MME of long term evolution LTE network;
When the MME of the LTE network receives second attach request, it is based on second attach request, to returning
Belong to assigned user server HSS and send authorization data request, the network of the LTE-U network is carried in the authorization data request
The network identity of mark and the LTE network;
When the HSS receives authorization data request, network identity based on the LTE-U network and described
The network identity of LTE network generates authentication vector, and sends the authentication vector, the authentication to the MME of the LTE network
Vector includes the parameter for being authenticated to the UE, the LTE-U network and the LTE network;
When the MME of the LTE network receives the authentication vector, based on the authentication vector and the UE and institute
The MME for stating LTE-U network is interacted, to realize network authentication.
Optionally, the authentication vector includes first foundation key, expectation return information, the first random number and authentication signature
AUTN, the first foundation key are the corresponding key of the LTE-U network;
It is described to be interacted based on the authentication vector and the MME of the UE and the LTE-U network, to realize network
Authentication, comprising:
The MME of the LTE network stores the expectation return information, and by the MME of the LTE-U network to described
UE sends first random number, the AUTN, the network identity of the LTE-U network and the first encrypted result, and described first
Encrypted result is generated by the MME of the LTE-U network based on the first foundation key;
When the UE receives first random number, the AUTN, the network identity of the LTE-U network and described
When one encrypted result, the LTE network is verified based on first random number and the AUTN, and is based on described first
Random number, the AUTN, the network identity of the LTE-U network and first encrypted result carry out the LTE-U network
Verifying;
When the UE, which is determined, to be verified to the LTE network and the LTE-U network, return information is generated, and
Network identity based on first random number, the AUTN and the LTE-U network generates the second encrypted result;
Second encrypted result is sent to the MME of the LTE-U network by the UE, and the return information is sent
To the MME of LTE network;
When the MME of the LTE-U network receives second encrypted result, based on second encrypted result to institute
It states UE to be verified, when the MME of the LTE network receives the return information, is based on the expectation return information and institute
Return information is stated to verify the UE.
Optionally, the MME of the LTE network sends described first at random to the UE by the MME of the LTE-U network
Several, the described AUTN and the first encrypted result, comprising:
The MME of the LTE network stores the expectation return information, and by the first foundation key, described
First random number and the AUTN are sent to the MME of the LTE-U network;
When the MME of the LTE-U network receives the first foundation key, first random number and the AUTN
When, the first foundation key is stored, the first encrypted result is generated based on the first foundation key, and by described the
One random number, the AUTN, the network identity of the LTE-U network and first encrypted result are sent to the UE.
It is optionally, described that first encrypted result is generated based on the first foundation key, comprising:
The MME of the LTE-U network generates the second random number, and random by described in the first foundation key pair second
Number is encrypted, and first encrypted result is obtained;
Correspondingly, described by first random number, the AUTN, the network identity of the LTE-U network and described
One encrypted result is sent to the UE, comprising:
The MME of the LTE-U network by first random number, the AUTN, the LTE-U network network identity,
First encrypted result and second random number are sent to the UE.
Optionally, the AUTN includes message authentication code MAC;
The UE is based on first random number and the AUTN verifies the LTE network, comprising:
The UE generates expectation based on the other parameters in first random number and the AUTN in addition to the MAC and disappears
Cease authentication code XMAC;
If the XMAC is identical with the MAC, the UE determination is verified the LTE network.
Optionally, the UE is based on first random number, the AUTN, the network identity of the LTE-U network and institute
The first encrypted result is stated to verify the LTE-U network, comprising:
The UE generates the second base according to the network identity of the LTE-U network, first random number and the AUTN
Plinth key;
The UE encrypts second random number by second foundation key, obtains third encrypted result;
If first encrypted result is equal to the third encrypted result, the UE is determined to the LTE-U network
Be verified.
Optionally, the network identity based on first random number, the AUTN and the LTE-U network generates the
Two encrypted results, comprising:
The UE generates third random number, and by second foundation key to second random number and the third
Random number carries out whole encryption, obtains the second encrypted result;
Correspondingly, second encrypted result is sent to the MME of the LTE-U network by the UE, comprising:
Second encrypted result and the third random number are sent to the MME of the LTE-U network by the UE;
Correspondingly, the MME of the LTE-U network verifies the UE based on second encrypted result, comprising:
Second random number described in the first foundation key pair of the MME of the LTE-U network by storage and described the
Three random numbers carry out whole encryption, obtain the 4th encrypted result;
If second encrypted result and the 4th encrypted result are equal, determining pair of the MME of the LTE-U network
The UE's is verified.
Optionally, the MME of the LTE network sends described first at random to the UE by the MME of the LTE-U network
Several, the described AUTN, the network identity of the LTE-U network and the first encrypted result, comprising:
The MME of the LTE network stores the expectation return information, and by the first foundation key, described
It is expected that return information, first random number and the AUTN are sent to the MME of the LTE-U network;
When the MME of the LTE-U network receives the first foundation key, the expectation return information, described first
Random number and when the AUTN, the first foundation key and the expectation return information are stored, are based on described first
Foundation key generate the first encrypted result, and by first random number, the AUTN, the LTE-U network network identity
The UE is sent to first encrypted result.
Optionally, the AUTN includes MAC;
It is described that first encrypted result is generated based on the first foundation key, comprising:
The MME of the LTE-U network is encrypted by MAC described in the first foundation key pair, obtains described first
Encrypted result.
Optionally, the UE is based on first random number, the AUTN, the network identity of the LTE-U network and institute
The first encrypted result is stated to verify the LTE-U network, comprising:
The UE generates the second base according to the network identity of the LTE-U network, first random number and the AUTN
Plinth key;
The UE encrypts the MAC by second foundation key, obtains the 5th encrypted result;
If first encrypted result be equal to the 5th encryption as a result, if the UE determine to the LTE-U network
Be verified.
Optionally, the network identity based on first random number, the AUTN and the LTE-U network generates the
Two encrypted results, comprising:
The UE encrypts the return information by second foundation key, obtains the second encrypted result;
Correspondingly, the MME of the LTE-U network verifies the UE based on second encrypted result, comprising:
Return information encryption, obtains the described in the first foundation key pair of the MME of the LTE-U network by storage
Six encrypted results;
If the expectation return information that the MME of the LTE-U network is stored is identical as the return information and described
6th encrypted result is equal with second encrypted result, then the MME of the LTE-U network determines that the verifying to the UE is logical
It crosses.
Optionally, the security algorithm of the UE is carried in second attach request, the authentication vector includes third base
Plinth key, expectation return information, the first random number, authentication signature AUTN, the third foundation key are corresponding for the LTE network
Key;
It is described to be interacted based on the authentication vector and the MME of the UE and the LTE-U, to realize that network reflects
Power, comprising:
The MME of the LTE network is based on the third foundation key, the expectation return information, first random number
It is interacted with the AUTN and the UE, to realize the UE to the verifying of the LTE network and the LTE network
Verifying of the MME to the UE;
When being verified, the second random number is generated, and based on described to the UE when the MME of the LTE network is determining
The network identity of LTE-U network and the third foundation key generate first foundation key;
The MME of the LTE network generates Non-Access Stratum NAS key based on the security algorithm of the UE, and by described
Second random number described in NAS key pair is encrypted, and the 7th encrypted result is obtained;
The MME of the LTE network is by the first foundation key, the third foundation key, the NAS key, described
The network identity of LTE-U network, second random number and the 7th encrypted result are sent to the LTE-U network
MME;
The MME of the LTE-U network is encrypted by the second random number described in the first foundation key pair, obtains
Eight encrypted results, and by the third foundation key, the NAS key, the network identity of the LTE-U network, the described 7th
Encrypted result and the 8th encrypted result are sent to the UE;
The UE generates the second foundation key based on the network identity of the third foundation key and the LTE-U network,
And the 8th encrypted result is decrypted by second foundation key, the first decrypted result is obtained, the NAS is passed through
The 7th encrypted result of key pair is decrypted, and obtains the second decrypted result;
If first decrypted result is identical with second decrypted result, the UE is determined to the LTE-U net
Network is verified.
Second aspect provides a kind of network authentication system, and the network authentication system, which has, realizes above-mentioned first aspect
The function of middle network authentication method behavior.The network authentication system include the MME of UE, LTE-U network, LTE network MME,
HSS, the MME of UE, LTE-U network, LTE network MME, HSS for realizing network authentication provided by above-mentioned first aspect
Method.
The third aspect provides a kind of network equipment, includes processor and memory, institute in the structure of the network equipment
Memory is stated for storing the program for supporting the network equipment to execute network authentication method provided by above-mentioned first aspect, Yi Jicun
Storage is for realizing data involved in network authentication method provided by above-mentioned first aspect.The processor is configured to being used for
Execute the program stored in the memory.The operating device of the storage equipment can also include communication bus, and the communication is total
Line is for establishing connection between the processor and memory.
Fourth aspect provides a kind of computer readable storage medium, is stored in the computer readable storage medium
Instruction, when run on a computer, so that computer executes network authentication method described in above-mentioned first aspect.
5th aspect, provides a kind of computer program product comprising instruction, when run on a computer, so that
Computer executes network authentication method described in above-mentioned first aspect.
In above-mentioned second aspect, the third aspect, fourth aspect and the 5th aspect technical effect obtained and first aspect
The technical effect that corresponding technological means obtains is approximate, repeats no more herein.
Technical solution provided by the present application has the benefit that in embodiments of the present invention, for not accessing operation
First attach request can be sent to the MME of LTE-U network when UE access LTE-U network by the UE of quotient's network, when
When the MME of LTE-U network receives first attach request, the net of the LTE-U network can be added in the first attach request
Second attach request to generate the second attach request, and is sent to the MME, the MME of LTE network of LTE network by network mark
Authorization data request is generated based on second attach request, to request authentication vector to HSS, when HSS receives the authorization data
When request, authentication vector is generated based on authorization data request, and the authentication vector is sent to the MME of LTE network, later,
The MME of LTE network can be interacted according to the authentication vector received and the MME of UE and LTE-U network, to realize
Network authentication.That is to say, the network authentication method provided through the embodiment of the present invention, UE can in access carrier network and
When LTE-U network, disposable completion and the authentication between carrier network and LTE-U network, to keep UE smooth simultaneously
Access carrier network and LTE-U network, for user use bring conveniently.
Detailed description of the invention
Fig. 1 is a kind of system architecture diagram of network authentication method provided in an embodiment of the present invention;
Fig. 2 is a kind of structural schematic diagram of network equipment provided in an embodiment of the present invention;
Fig. 3 is a kind of flow chart of network authentication method provided in an embodiment of the present invention;
Fig. 4 be MME, LTE-U network of a kind of LTE network provided in an embodiment of the present invention MME and UE between interact into
The flow chart of row network authentication method;
Fig. 5 is interaction between the MME and UE of MME, LTE-U network of another LTE network provided in an embodiment of the present invention
Carry out the flow chart of network authentication method;
Fig. 6 is interaction between the MME and UE of MME, LTE-U network of another LTE network provided in an embodiment of the present invention
Carry out the flow chart of network authentication method.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with attached drawing to the application embodiment party
Formula is described in further detail.
Before carrying out detailed explanation to the embodiment of the present invention, first the application scenarios of the embodiment of the present invention are given
It introduces.Currently, the tissue such as enterprise, hospital, government unit exchanges for the ease of interior employee communicates, or in order to service
User push specific information and business, the one's own network equipment can be disposed in certain region, and using not
The frequency spectrum of authorization is communicated by the network equipment of deployment, and wherein the frequency spectrum of unauthorized can be and Wireless Fidelity
The identical frequency spectrum of (WIreless-Fidelity, WIFI) frequency spectrum.These are formed and are used by the network equipment of third-party deployment
The network that unlicensed spectrum is communicated is LTE-U network.The third party for disposing the LTE-U network can be by deployment
The control of the network equipment provides specific business to the user for accessing the LTE-U network.For example, certain hospital is where the hospital
In the range of, LTE-U eNB, LTE-U MME, the network equipments such as LTE-U GW are deployed, to constitute a LTE-U net
Network, hospital can provide a user medical services by the LTE-U network, and the user for accessing the LTE-U network can then pass through
The LTE-U network conveniently searches the information such as the information about doctor, queue number and department position of the hospital.
It should be noted that third party not only can provide a user specific business by the LTE-U network of deployment, and
And the network equipment in the network equipment and carrier network in the LTE-U network can also be attached, so that access should
The network service that the user of LTE-U network can be provided using carrier network simultaneously.Under the premise of herein, when not accessing fortune currently
When seeking the UE access LTE-U network of quotient's network, UE needs are authenticated with the LTE-U network and carrier network.And the application
The network authentication method and system of offer can be used for the UE of current non-access carrier network when accessing LTE-U network,
In the scene authenticated with carrier network and LTE-U network.
After the application scenarios to the embodiment of the present invention are introduced, next to the present embodiments relate to system
Framework is illustrated.
Fig. 1 is a kind of system architecture diagram of network authentication method provided in an embodiment of the present invention.As shown in Figure 1, the system
In include UE 101, the eNB 102 of LTE-U network, the MME 103 of LTE-U network, the MME 104 and HSS 105 of LTE network.
Wherein UE 101 is connect with the eNB 102 of LTE-U network, and the MME 103 of LTE-U network is connect with the MME 104 of LTE network,
MME 104 and HSS 105 connection of LTE network.
Wherein, UE 101 can be the user equipmenies such as smart phone, tablet computer.When carrying out network authentication, UE
101 initiate attach request, the attach request that the eNB 102 of LTE-U network sends UE 101 to the eNB 102 of LTE-U network
The MME 103 of LTE-U network, the MME 103 of LTE-U network and the MME 104 of LTE network is transmitted to be somebody's turn to do according to what UE was sent
Attach request is interacted with UE, to realize between the MME 103 of UE 101, LTE-U network and the MME 104 of LTE network
Authentication.In this process, the MME 104 of LTE network can be according to attach request that UE 101 is sent, LTE-U network
The network identity of network identity and LTE network requests authentication vector to HSS, and HSS 105 generates authentication according to the information received
Vector, and the authentication vector is back to the MME 104 of LTE network, so that the MME 103 of LTE-U network and LTE network
MME 104 is authenticated according to the authentication vector and UE 101.
Fig. 2 is a kind of network equipment infrastructure schematic diagram provided in an embodiment of the present invention.The network equipment can be in Fig. 1
UE, eNB, MME or HSS.Referring to fig. 2, which includes at least one processor 201, communication bus 202, memory
203 and at least one communication interface 204.
Processor 201 can be a general central processor (Central Processing Unit, CPU), micro process
Device, application-specific integrated circuit (application-specific integrated circuit, ASIC) or one or more
A integrated circuit executed for controlling application scheme program.
Communication bus 202 may include an access, and information is transmitted between said modules.
Memory 203 can be read-only memory (read-only memory, ROM) or can store static information and instruction
Other types of static storage device, random access memory (random access memory, RAM)) or can store
The other types of dynamic memory of information and instruction, is also possible to Electrically Erasable Programmable Read-Only Memory
(Electrically Erasable Programmable Read-Only Memory, EEPROM), CD-ROM (Compact
Disc Read-Only Memory, CD-ROM) or other optical disc storages, optical disc storage (including compression optical disc, laser disc, light
Dish, Digital Versatile Disc, Blu-ray Disc etc.), magnetic disk storage medium or other magnetic storage apparatus or can be used in carry or
Store have instruction or data structure form desired program code and can by any other medium of computer access, but
It is without being limited thereto.Memory 203, which can be, to be individually present, and is connected by communication bus 202 with processor 201.Memory 203
It can be integrated with processor 201.
Communication interface 204, using the device of any transceiver one kind, for other equipment or communication, such as
Ethernet, wireless access network (RAN), WLAN (Wireless Local Area Networks, WLAN) etc..
In the concrete realization, as one embodiment, processor 201 may include one or more CPU, such as in Fig. 2
Shown in CPU0 and CPU1.
In the concrete realization, as one embodiment, the network equipment may include multiple processors, such as shown in Fig. 2
Processor 201 and processor 205.Each of these processors can be monokaryon (single-CPU) processor,
It is also possible to multicore (multi-CPU) processor.Here processor can refer to one or more equipment, circuit, and/or
For handling the processing core of data (such as computer program instructions).
In the concrete realization, as one embodiment, the network equipment can also include output equipment 206 and input equipment
207.Output equipment 206 and processor 201 communicate, and can show information in many ways.For example, output equipment 206 can be with
It is liquid crystal display (liquid crystal display, LCD), light emitting diode (light emitting diode, LED)
Show equipment, cathode-ray tube (cathode ray tube, CRT) shows equipment or projector (projector) etc..Input
Equipment 207 and processor 201 communicate, and can receive the input of user in many ways.For example, input equipment 207 can be mouse
Mark, keyboard, touch panel device or sensing equipment etc..
The above-mentioned network equipment can be a general purpose computing device either dedicated computing machine equipment.Specific
In realization, which can be desktop computer, portable computer, network server, palm PC (Personal Digital
Assistant, PDA), cell phone, tablet computer, wireless terminal device, communication equipment or embedded device.The present invention
Embodiment does not limit the type of the network equipment.
Wherein, memory 203 is used to store the program code for executing application scheme, and is held by processor 201 to control
Row.Processor 201 is for executing the program code 208 stored in memory 203.May include in program code 208 one or
Multiple software modules.The network equipment shown in Fig. 1 can pass through the program code 208 in processor 201 and memory 203
In one or more software modules, to realize network authentication.
By foregoing description, to the present embodiments relate to application scenarios and after system architecture is explained,
Next the specific implementation process of the embodiment of the present invention is described in detail.
Fig. 3 is a kind of flow chart of network authentication method provided in an embodiment of the present invention, as shown in figure 3, this method includes
Following steps:
First attach request is sent to the MME of LTE-U network by step 301:UE.
Wherein, for the UE of non-access carrier network, when UE access LTE-U network, it is attached that UE can send first
Request (Attach Request) to the eNB of LTE-U network, when the eNB of LTE-U network receives first attach request
When, which is transmitted to the MME of LTE-U network by the eNB of LTE-U network.
It should be noted that first attach request is NAS message, the eNB of LTE-U network can not parse first attachment
Request.Also, international mobile subscriber identity (the International of the UE can be carried in first attach request
Mobile Subscriber Identification Number, IMSI) and the UE security algorithm.Wherein, the UE
IMSI can be used for the unique identification UE, also, can determine the current affiliated mobile network of the UE by the IMSI of the UE.Separately
Outside, the security algorithm of the UE refers to the Encryption Algorithm and protection algorithm integrallty that the UE is supported.
Step 302: when the MME of LTE-U network receives the first attach request from UE, in the first attach request
The network identity of LTE-U network is added, to generate the second attach request.
When the MME of LTE-U network receives the first attach request, the network identity of itself can be added to this first
In attach request, to generate the second attach request.After generating the second attach request, the MME of LTE-U network can basis
The IMSI of the UE carried in first attach request, determines the MME of the corresponding LTE network of the UE.
Second attach request is sent to the MME of LTE network by the MME of step 303:LTE-U network.
After determining the MME of the corresponding LTE network of the UE, the MME of LTE-U network can be asked the second attachment of generation
Seek the MME for being sent to determining LTE network.
Step 304: when the MME of LTE network receives the second attach request, being based on the second attach request, sent to HSS
Authorization data request.
When the MME of LTE network receives the second attach request, by foregoing description it is found that being taken in second attach request
The network identity of IMSI, security capabilities and LTE-U network with UE, at this point, the MME of LTE network second can adhere to this
The network identity of LTE network is added in request, to generate authorization data request, and authorization data request is sent to
HSS。
Step 305: when HSS receives authorization data request, network identity and LTE network based on LTE-U network
Network identity, generate authentication vector.
When receiving authorization data request, HSS can be according to the IMSI carried in authorization data request, from storage
Multiple long term keys in determine the corresponding long term keys of IMSI of the UE, which is referred to as mobile phone identification code
(Key identifier, Ki).Later, HSS can generate LTE according to the network identity of determining long term keys and LTE network
The corresponding third foundation key of network, and generate LTE-U network using the network identity of the long term keys and LTE-U network and correspond to
First foundation key.In addition to this, after Ki, HSS can also generate the first random number and sequence number, and according to this first
Random number and sequence number generate authentication signature (Authentication Token, AUTN) and expectation return information.Wherein, AUTN
Including sequence number, message authentication code (Message authentication code, MAC), authentication management field
(Authentication Management Field, AMF) etc..
It should be noted that the authentication vector may include first foundation key, third foundation key, the first random number,
It is expected that return information and AUTN, can not also include first foundation key, third foundation key, the first random number, phase are only included
Hope return information and AUTN.Alternatively, the authentication vector can not also include third foundation key, and including first foundation key,
First random number, expectation return information and AUTN.When the authentication vector does not include first foundation key or third foundation key
When, HSS may not necessarily generate the first foundation key or third foundation key in above process.
Step 306:HSS sends authentication vector to the MME of LTE network.
Step 307: when the MME of LTE network receives the authentication vector, based on the authentication vector and UE and LTE-U
The MME of network is interacted, to realize network authentication.
It, can be according to the authentication vector and UE and LTE-U network when the MME of LTE network receives the authentication vector
MME interact, thus complete LTE network to the verifying of UE, LTE-U network to the verifying of UE and UE to LTE network,
The verifying of LTE-U network.
It should be noted that in embodiments of the present invention, UE can simultaneously verify LTE-U network and LTE network,
It can also first be proved to be successful mutually with LTE network and then be mutually authenticated with LTE-U network.In addition, when UE is right simultaneously
When LTE-U network and LTE network are verified, UE can also be carried out LTE-U network using parameter different in authentication vector
Verifying.MME specifically based on the authentication vector and UE and LTE-U network interacts to carry out the realization of network authentication
Journey will be described in detail by subsequent embodiment.
It in embodiments of the present invention,, can be with when UE access LTE-U network for the UE of non-access carrier network
First attach request is sent to the MME of LTE-U network, it, can when the MME of LTE-U network receives first attach request
The network identity of the LTE-U network to be added in the first attach request, to generate the second attach request, and this is second attached
Request be sent to the MME of LTE network, the MME of LTE network is based on second attach request and generates authorization data request, with to
HSS requests authentication vector, when HSS receives authorization data request, generates authentication vector based on authorization data request, and
The authentication vector is sent to the MME of LTE network, later, the MME of LTE network can according to the authentication vector received with
The MME of UE and LTE-U network is interacted, to realize network authentication.It that is to say, the network provided through the embodiment of the present invention
Method for authenticating, UE can be disposable to complete and carrier network and LTE-U net in access carrier network and LTE-U network
Authentication between network is brought to allow UE while smoothly access carrier network and LTE-U network for the use of user
Convenience.
Based on foregoing description, UE can simultaneously be verified LTE-U network and LTE network, can also elder generation and LTE network
It is proved to be successful and then is mutually authenticated with LTE-U network mutually.In addition, when UE is simultaneously to LTE-U network and LTE network
When being verified, UE can also be verified LTE-U network using parameter different in authentication vector.Below in conjunction with attached
Figure, is interacted the MME of LTE network, based on the authentication vector and the MME of UE and LTE-U network to realize network authentication
Three kinds of implementations be explained respectively.
Fig. 4 is the flow chart of the first method based on authentication vector progress network authentication provided in an embodiment of the present invention,
As shown in Fig. 4, method includes the following steps:
The MME of step 401:LTE network stores the expectation return information in authentication vector.
Based on the description in previous embodiment, authentication vector may include first foundation key, the first random number, it is expected back
Expectation in the authentication vector can be replied and be believed when the MME of LTE network receives the authentication vector by complex information and AUTN
Breath is stored, and is verified after remaining to UE.And first foundation key, the first random number and AUTN in the authentication vector
The MME of LTE-U network can be then forwarded to.
First foundation key, the first random number and AUTN are sent to LTE-U network by the MME of step 402:LTE network
MME。
Step 403: when the MME of LTE-U network receives first foundation key, the first random number and AUTN, by first
Foundation key is stored, and generates the second random number, and based on first foundation key and the second generating random number first encryption knot
Fruit.
When receiving first foundation key, the first random number and the AUTN of LTE network transmission, the MME of LTE-U network
First foundation key can be stored, remain subsequent to verify UE.At the same time, the MME of LTE-U network may be used also
To generate the first encrypted result based on first foundation key, which verifies LTE-U network for UE.
Wherein, when receiving first foundation key, the first random number and AUTN, the MME of LTE-U network can use with
Machine number generator generates the second random number, and second random number is encrypted by first foundation key pair, to obtain the
One encrypted result.
The MME of step 404:LTE-U network encrypts the first random number, the network identity of AUTN, LTE-U network, first
As a result UE is sent to the second random number.
It, can be by the first random number, AUTN, LTE-U network after the MME of LTE-U network generates the first encrypted result
Network identity and the first encrypted result and the second random number for generating the first encrypted result be sent to LTE-U network
ENB, then by LTE-U network eNB by first random number, the network identity of AUTN, LTE-U network, the first encrypted result and
Second random number is transmitted to UE.
Step 405: when UE receive the first random number, the network identity of AUTN, LTE-U network, the first encrypted result and
When the second random number, based on the first random number, the network identity of AUTN, LTE-U network, the first encrypted result and the second random number
LTE network and LTE-U network are verified.
When UE receives the first random number, AUTN and the first encrypted result, UE can be according to the first random number and AUTN
LTE network is verified, LTE-U network is verified according to the first random number, AUTN and the first encrypted result.
When UE verifies LTE network, UE can be based on other ginsengs in the first random number and AUTN in addition to MAC
Number generates expectation message authentication code XMAC;If XMAC is identical with MAC, UE determination is verified LTE network.
Wherein, the phase is calculated in Ki, the first random number, the sequence number in AUTN and the AMF that UE can be stored according to itself
It hopes message authentication code (Expected Message Authentication Code, XMAC).Based on step in previous embodiment
305 description is it is found that include MAC in the AUTN, and the MAC is HSS according in determining Ki, the first random number, AUTN
Sequence number and AMF be calculated, after UE generates XMAC, if the XMAC and MAC is identical, illustrate what HSS was determined
The Ki stored in the Ki and UE is consistent.And the Ki that HSS is determined is determined according to the IMSI of UE, that is to say, what HSS was determined
Ki is actually the Ki that the UE is stored in LTE network side, and therefore, when XMAC and MAC is identical, UE is assured that current
LTE network is really, to that is to say, UE is verified LTE network.
When UE verifies LTE-U network, UE can according to the network identity of LTE-U network, the first random number and
AUTN generates the second foundation key;UE encrypts the second random number by the second foundation key, obtains third encrypted result;
If the first encrypted result is equal to third encrypted result, UE determination is verified LTE-U network.
Wherein, when UE verifies LTE-U network, UE can be according to the network of Ki, LTE-U network of itself storage
Mark, the first random number and AUTN generate the second foundation key.Later, second random number is carried out by the second foundation key
Encryption, to obtain third encrypted result.Since first foundation key is the corresponding key of LTE-U network, the first encrypted result
It is to be encrypted by the second random number of first foundation key pair, therefore, if the third encrypted result and first adds
Close result is identical, then illustrate second foundation key and first foundation key be it is identical, that is to say, UE can be determined pair
LTE-U network is verified., whereas if third encrypted result and the first encrypted result difference, then illustrate that the second basis is close
Key is different with first foundation key, at this point, UE will failure to the verifying of LTE-U network.
Step 406: when UE, which is determined, to be verified to LTE network and LTE-U network, generate return information and third with
Machine number, and the network identity based on LTE-U network, the second encrypted result of the first random number, AUTN and third generating random number.
When UE is determined to LTE network after being verified, can by the Ki of itself storage and receive first with
Machine number generates return information, which verifies UE for subsequent LTE network.
When after being verified, third random number can be generated to LTE-U network in UE determination, later, UE can basis
The second foundation key generated by the network identity of LTE-U network, the first random number and AUTN, it is random to second received
Number and the third random number generated carry out whole encryption, to obtain the second encrypted result.
Second encrypted result, third random number and return information are sent to the MME of LTE-U network by step 407:UE.
After UE generates return information and the second encrypted result, by the second encrypted result, third random number and it can return
Complex information is sent to the eNB of LTE-U network, and by second encrypted result, third random number and is returned by the eNB of LTE-U network
Complex information is forwarded to the MME of LTE-U network.
Step 408: when the MME of LTE-U network receives the second encrypted result and third random number, based on the second encryption
As a result UE is verified.
Based on the description in abovementioned steps 403 it is found that being stored with first foundation key in the MME of LTE-U network, also,
Second random number is to be generated by the MME of LTE-U network, and be stored in the MME of the LTE-U network, therefore, when LTE-U net
After the MME of network receives the second encrypted result and third random number, it can be stored by the first foundation key pair of storage
Second random number and the third random number received carry out whole encryption, to obtain the 4th encrypted result.If the 4th adds
Close result is identical with the second encrypted result, then illustrates to store in the MME for the second foundation key and LTE-U network that UE is generated
First foundation key be it is identical, that is to say, the MME of LTE-U network, which can be determined, is verified UE., whereas if the
Four encrypted results and the second encrypted result difference, then illustrate that first foundation key and the second foundation key are different, at this point,
Authentication failed of the LTE-U network to UE.
Step 409: when the MME of LTE-U network receives return information, return information being sent to LTE network
MME。
Based on the description in step 407, the second encrypted result, third random number and return information are sent to LTE-U by UE
The MME of network, wherein the MME of LTE-U network can use the second encrypted result and third random number, by step 408
Mode UE is verified, and the return information for receiving, due to the return information be for LTE network to UE into
Row verifying, therefore, which can be directly transmitted to the MME of LTE network by the MME of LTE-U network.
Step 410: when the MME of LTE network receives return information, UE being verified based on return information.
Based on the description in step 401 it is found that being stored with desired return information in the MME of LTE network, and the expectation is replied
Information is by HSS according to determining Ki and the first generating random number.Therefore, when the MME of LTE network receives the return information
When, if the return information is identical with desired return information, the MME of LTE network can then be determined it is expected back for generating
The Ki of complex information and Ki for generating return information be it is identical, that is to say, the Ki and the UE itself of the storage of LTE network side
The Ki of storage is consistent, at this point, the MME of the LTE network can determine that current UE is truly and effectively, to that is to say, it should
The MME of LTE network can be determined and is verified to UE.
In embodiments of the present invention, after the MME of LTE network receives authentication vector, the MME and LTE- of LTE network
The MME of U network can send the first random number, AUTN and the first encrypted result to UE, when UE receive first random number,
After AUTN and the first encrypted result, can simultaneously according to the first random number, AUTN and the first encrypted result to LTE-U network and
LTE network is verified, and later, the MME of LTE-U network and the MME of LTE network are further according to the return information and second from UE
Encrypted result verifies UE.It that is to say, the network authentication method provided through the embodiment of the present invention, UE can be transported in access
Seek quotient's network and when LTE-U network, the authentication being completed at the same time between carrier network and LTE-U network, to make UE can be with
Access carrier network and LTE-U network simultaneously are brought conveniently for the use of user.
The second random number that UE is generated according to LTE-U network is described through the foregoing embodiment and other parameters are right simultaneously
Next the method that LTE-U network and LTE network are verified will introduce another kind UE simultaneously to LTE-U network and LTE net
The method that network is verified.
Fig. 5 is the flow chart of the second provided in an embodiment of the present invention method that network authentication is carried out based on authentication vector,
As shown in Fig. 5, method includes the following steps:
The MME of step 501:LTE network stores the expectation return information in authentication vector.
Description based on step 305 in previous embodiment it is found that authentication vector include first foundation key, it is first random
Number, expectation return information and AUTN can deposit desired return information when the MME of LTE network receives authentication vector
Storage, verifies UE so as to subsequent.
The MME of step 502:LTE network sends first foundation key, expectation return information, the first random number and AUTN
To the MME of LTE-U network.
After the MME of LTE network is stored desired return information, in addition to the MME of LTE-U network send authentication to
In amount except remaining first foundation key, the first random number and AUTN, it is also necessary to which desired return information is also sent LTE-U
The MME of network.
Step 503: when the MME of LTE-U network receive first foundation key, expectation return information, the first random number and
When AUTN, first foundation key and desired return information are stored, the first encrypted result is generated based on first foundation key.
It, can when the MME of LTE-U network receives first foundation key, expectation return information, the first random number and AUTN
To store first foundation key and desired return information, UE is verified so as to subsequent.At the same time, LTE-U net
The MME of network can generate the first encrypted result based on first foundation key.
It should be noted that by the description of step 305 in previous embodiment it is found that in AUTN include MAC, work as LTE-U
When the MME of network receives first foundation key, expectation return information, the first random number and AUTN, first foundation can be passed through
MAC encryption in key pair AUTN, to obtain the first encrypted result.
The MME of step 504:LTE-U network encrypts the first random number, the network identity of AUTN, LTE-U network and first
As a result it is sent to UE.
After generating the first encrypted result, the MME of LTE-U network can be by the first random number, AUTN, LTE-U network
Network identity and first encrypted result be sent to the eNB of LTE-U network, and it is random by first by the eNB of the LTE-U network
Number, the network identity of AUTN, LTE-U network and the first encrypted result are transmitted to UE.
Step 505: when UE receives the first random number, the network identity of AUTN, LTE-U network and the first encrypted result
When, based on the first random number, the network identity of AUTN, LTE-U network and the first encrypted result to LTE network and LTE-U network
It is verified.
When UE receives the first random number, the network identity of AUTN, LTE-U network and the first encrypted result, UE can be with
LTE network is verified according to the first random number and AUTN, according to the first random number, the network identity of AUTN, LTE-U network
LTE-U network is verified with the first encrypted result.
Wherein, the specific implementation that UE verifies LTE network can be with reference to UE in step 405 to LTE network
Verification mode, the embodiment of the present invention repeat no more.
When UE verifies LTE-U network, UE can according to the network identity of LTE-U network, the first random number and
AUTN generates the second foundation key;MAC is encrypted by the second foundation key, obtains the 5th encrypted result;If first
Encrypted result is equal to the 5th encryption as a result, then UE determination is verified LTE-U network.
Wherein, when UE verifies LTE-U network, UE can be according to the network of Ki, LTE-U network of itself storage
Mark, the first random number and AUTN generate the second foundation key, later, by second foundation key to including in AUTN
MAC is encrypted, to obtain the 5th encrypted result.Since first foundation key is the corresponding key of LTE-U network, first adds
It is close the result is that encrypted by first foundation key pair MAC, and the 5th encryption is the result is that by the second foundation key to MAC
What encryption obtained.Therefore, if the first encrypted result is identical with the 5th encrypted result, illustrate first foundation key and the second base
Plinth key be it is identical, that is to say, UE, which can be determined, is verified LTE-U network., whereas if the 5th encrypted result and
First encrypted result is different, then illustrates that the second foundation key is different with first foundation key, at this point, UE tests LTE-U network
Card will failure.
Step 506: when UE, which is determined, to be verified to LTE network and LTE-U network, generating return information, and be based on
The network identity of LTE-U network, the first random number and AUTN generate the second encrypted result.
When UE is determined to LTE network when being verified, by the Ki of itself storage and can receive first random
Number generates return information.
LTE-U network is verified when UE is determining, and after generation return information, UE can be by step 505
According to the second foundation key that the network identity of LTE-U network, the first random number and AUTN are generated, which is added
It is close, to obtain the second encrypted result.
Second encrypted result and return information are sent to the MME of LTE-U network by step 507:UE.
After UE generates return information and the second encrypted result, the return information and the second encrypted result can be sent
To the eNB of LTE-U network, and the return information and the second encrypted result are transmitted to LTE-U network by the eNB of LTE-U network
MME.
Step 508: when the MME of LTE-U network receives return information and the second encrypted result, being based on the return information
UE is verified with the second encrypted result.
Based on the description in step 503 it is found that being stored with first foundation key and expectation reply in the MME of LTE-U network
Information, wherein the expectation return information is the Ki and the first generating random number by HSS according to storage.As the MME of LTE-U network
After receiving return information and the second decrypted result, the return information can be compared with desired return information first,
Later, the MME of LTE-U network can be encrypted by the first foundation key pair return information of itself storage, obtain the
Six encrypted results.Since the return information is by UE according to the Ki itself stored and the first generating random number, if should
Return information is identical with desired return information, and the 6th encrypted result and the second encrypted result are also identical, then illustrates that UE is generated
The second foundation key and LTE-U network MME storage first foundation key be consistent, at this point, the MME of LTE-U network
Can confirm current UE be it is authentic and valid, that is to say, the MME of LTE-U network, which can be determined, is verified UE.
, whereas if the 6th encrypted result and the second encrypted result difference, then illustrate first foundation key and the second foundation key be
Different, at this point, authentication failed of the LTE-U network to UE.
Return information is sent to the MME of LTE network by the MME of step 509:LTE-U network.
The return information can be sent to LTE network when receiving return information by the MME of LTE-U network
MME, it is of course also possible to which the return information to be sent to the MME. of LTE network after completing to the verifying of UE
Step 510: when the MME of LTE network receives return information, UE being verified based on return information.
When the MME of LTE network receives return information, UE is verified based on the return information specific implementation side
Formula can be repeated no more with reference to the implementation in step 410, the embodiment of the present invention.
In embodiments of the present invention, after the MME of LTE network receives authentication vector, the MME and LTE- of LTE network
The MME of U network can send the first random number, AUTN and the first encrypted result to UE, wherein first encrypted result is LTE-
What the MME of U network was obtained after encrypting to the MAC in AUTN, when UE receives first random number, the encryption of AUTN and first
As a result after, LTE-U network and LTE network can be tested according to the first random number, AUTN and the first encrypted result simultaneously
Card, later, the MME of the MME of LTE-U network and LTE network further according to from UE return information and the second encrypted result to UE
It is verified, wherein second encrypted result is that UE is encrypted to obtain to return information.It that is to say, implement in the present invention
In the network authentication method that example provides, LTE-U network and UE need not regenerate random number, only need to be to the parameter in authentication vector
Carrying out encryption can be completed mutual verifying, simplify operation.The network authentication method provided through the embodiment of the present invention, UE can be with
In access carrier network and LTE-U network, the authentication being completed at the same time between carrier network and LTE-U network, thus
Allow UE access carrier network and LTE-U network simultaneously, is brought conveniently for the use of user.
The aforementioned attached Figure 4 and 5 of combination describe UE while verifying to LTE-U network and LTE network, later, LTE-U
Two kinds of verification methods that the MME of network and the MME of LTE network verify UE, next, UE elder generation will be introduced in conjunction with attached drawing 6
It is verified mutually with LTE network, then to the network authentication method that LTE-U network is verified.
Fig. 6 is that provided in an embodiment of the present invention the third carries out the flow chart of the method for network authentication based on authentication vector,
In the method, the MME of LTE network is primarily based on third foundation key, expectation return information, and the first random number and AUTN pass through
Method in step 601- step 60 is interacted with UE, to complete the mutual verifying between UE, later, is carried out such as Fig. 6 institute
Show, method includes the following steps:
The MME of step 601:LTE network stores the third foundation key in authentication vector with desired return information.
Based on the description of step 305 in previous embodiment, authentication vector may include third foundation key, expectation reply letter
Breath, the first random number and AUTN.When in authentication vector include third foundation key, expectation return information, the first random number and
When AUTN, the MME of LTE network can when receiving the authentication vector, by the authentication vector third foundation key and the phase
It hopes that return information is stored, UE is verified so as to subsequent.
First random number and AUTN are sent to UE by the MME of step 602:LTE network.
After the MME of LTE network is stored third foundation key and desired return information, the MME of LTE network
Can by the authentication vector the first random number and AUTN be sent to the MME of LTE-U network, the MME of LTE-U network is connecing
After receiving first random number and AUTN, first random number and AUTN can be sent to the eNB, LTE- of LTE-U network
The eNB of U network is receiving the first random number and AUTN and then first random number and AUTN is transmitted to UE.
Step 603: when UE receives the first random number and AUTN, be based on the first random number and AUTN, to LTE network into
Row verifying.
The specific implementation of this step can be based on the first random number and AUTN to LTE network with reference to UE in step 405
The implementation verified, the embodiment of the present invention repeat no more.
Step 604: when being verified, return information being generated to LTE network when UE is determining.
The specific implementation of this step can refer in step 406 when UE determines life to LTE network when being verified
At the related description of return information, the embodiment of the present invention is repeated no more.
Return information is sent to the MME of LTE network by step 605:UE.
After UE generates return information, it can be sent to by the return information via the eNB and MME of LTE-U network
The MME of LTE network.
Step 606: when the MME of LTE network receives return information, UE being verified based on the return information.
The specific implementation of this step can be based on return information with reference to the MME of LTE network in step 410 and carry out to UE
The related description of verifying, the embodiment of the present invention repeat no more.
Step 607: when being verified, the second random number being generated, and be based on LTE-U to UE when the MME of LTE network is determining
The network identity and third foundation key of network generate first foundation key, and the security algorithm based on UE generates NAS key, and
It is encrypted by the second random number of NAS key pair, obtains the 7th encrypted result.
Based on the description in step 302 it is found that the MME of LTE-U network is added to LTE-U network in the first attach request
Network identity, to generate the second attach request, and second attach request has been sent to the MME of LTE network, because
This, when the MME of LTE network is determined to UE when being verified, can network identity based on LTE-U network and third basis it is close
Key generates first foundation key.At the same time, the MME of LTE network can use randomizer and generate the second random number.
It should be noted that due to further include in the second attach request the UE security algorithm, when LTE network
After MME generates the second random number and first foundation key, NAS key can be generated according to the security algorithm of the UE.Later,
The MME of LTE network can be encrypted by second random number of NAS key pair, obtain the 7th encrypted result.
The MME of step 608:LTE network by first foundation key, third foundation key, NAS key, LTE-U network net
Network mark, the second random number and the 7th encrypted result are sent to the MME of LTE-U network.
Step 609: when the MME of LTE-U network receives first foundation key, third foundation key, NAS key, LTE-U
When the network identity of network, the second random number and seven encrypted results, added by the second random number of first foundation key pair
It is close, obtain the 8th encrypted result.
The MME of step 610:LTE-U network is by third foundation key, NAS key, the network identity of LTE-U network, the 7th
Encrypted result and the 8th encrypted result are sent to UE.
The MME of LTE-U network is by third foundation key, NAS key, the network identity of LTE-U network, the 7th encrypted result
It is sent to the eNB of LTE-U network with the 8th encrypted result, then UE is transmitted to by the eNB of LTE-U network.
Step 611: when UE receives third foundation key, NAS key, the network identity of LTE-U network, the 7th encryption knot
When fruit and eight encrypted results, the second foundation key is generated based on the network identity of third foundation key and LTE-U network, and lead to
It crosses the second foundation key the 8th encrypted result is decrypted, obtains the first decrypted result, encrypted and tied by NAS key pair the 7th
Fruit is decrypted, and obtains the second decrypted result.
Since first foundation key is the MME of LTE network according to the life of the network identity of third foundation key and LTE-U network
At, therefore, in order to verify the authenticity of LTE-U network, when UE receives the network mark of third foundation key and LTE-U network
When knowledge, the second foundation key can be generated according to the network identity of the third foundation key and LTE-U network, thus verifying second
Whether foundation key and first foundation key identical, realizes the verifying to LTE-U network with this.
It should be noted that information is tampered during the MME of LTE-U network transmits information to UE in order to prevent,
The MME of LTE-U network utilizes the by the method in step 609 there is no first foundation key is sent directly to UE
One foundation key encrypts the second random number to obtain the 8th encrypted result, and the 8th encrypted result is sent to UE.When
After UE receives the 8th encrypted result, UE can be decrypted the 8th encrypted result by second foundation key, be obtained
First decrypted result, and decrypted by the 7th encrypted result of NAS key pair, obtain the second decrypted result.
Step 612:UE is based on the first decrypted result and the second decrypted result, verifies to LTE-U network.
Since the MME that the 8th encrypted result is LTE-U network is encrypted by the second random number of first foundation key pair
It obtains, and the MME that the 7th encrypted result is LTE network is encrypted by the second random number of NAS key pair, because
This, is when UE decrypts the 8th encrypted result by the second foundation key, after being decrypted by the 7th encrypted result of NAS key pair,
If the first encrypted result and the second encrypted result are equal, illustrate the second foundation key of UE generation and first foundation key is
It is identical, it that is to say, UE can determine that the LTE-U network is genuine and believable, at this point, UE can be determined to LTE-U network
Be verified.
In embodiments of the present invention, after the MME of LTE network receives authentication vector, the MME of LTE network can be first
It is interacted based on third foundation key, the first random number, expectation return information and the AUTN and UE in authentication vector, to complete
With the mutual authentication of UE, later, first foundation key is can be generated in the MME of LTE network, the second random number obtains NAS key, and
The first foundation key, the second random number and NAS key are sent to the MME of LTE-U network, later, the MME of LTE-U network
Network authentication can be carried out by the first foundation key, the second random number and NAS key with UE.It that is to say, through the invention
The network authentication method that embodiment provides, UE can be completed at the same time and run in access carrier network and LTE-U network
Authentication between quotient's network and LTE-U network is user to allow UE access carrier network and LTE-U network simultaneously
Use bring conveniently.
After network authentication method provided in an embodiment of the present invention is introduced, next the embodiment of the present invention is mentioned
The network authentication system of confession is introduced.
The embodiment of the invention provides a kind of network authentication system, which includes UE, LTE-U network
The MME and HSS of MME, LTE network.
The MME of the LTE-U network is used to execute the step 302 and 303 in above-described embodiment;
The MME of the LTE network is used to execute the step 304 in above-described embodiment;
The HSS is used to execute the step 305 and 306 in above-described embodiment;
The MME of the LTE network is used to execute the step 307 in above-described embodiment.
Optionally, the authentication vector includes first foundation key, expectation return information, the first random number and authentication signature
AUTN, the first foundation key are the corresponding key of the LTE-U network;
The MME of the LTE network is specifically used for storing the expectation return information, and passes through the MME of the LTE-U network
First random number, the AUTN, the network identity of the LTE-U network and the first encrypted result, institute are sent to the UE
The first encrypted result is stated to be generated by the MME of the LTE-U network based on the first foundation key;
The UE, which is used to work as, receives first random number, the AUTN, the network identity of the LTE-U network and institute
When stating the first encrypted result, the LTE network is verified based on first random number and the AUTN, and based on described
First random number, the AUTN, the network identity of the LTE-U network and first encrypted result are to the LTE-U network
It is verified;
The UE is also used to generate when determination is verified the LTE network and the LTE-U network and reply letter
Breath, and the second encrypted result is generated based on the network identity of first random number, the AUTN and the LTE-U network;
The UE is also used to for second encrypted result being sent to the MME of the LTE-U network, and the reply is believed
Breath is sent to the MME of LTE network;
The MME of the LTE-U network is used for when receiving second encrypted result, is based on second encrypted result
The UE is verified, when the MME of the LTE network receives the return information, is based on the expectation return information
The UE is verified with the return information.
Optionally, the MME of the LTE network is specifically used for:
The expectation return information is stored, and by the first foundation key, first random number and described
AUTN is sent to the MME of the LTE-U network;
The MME of the LTE-U network is also used to when receiving the first foundation key, first random number and described
When AUTN, the first foundation key is stored, the first encrypted result is generated based on the first foundation key, and by institute
It states the first random number, the AUTN, the network identity of the LTE-U network and first encrypted result and is sent to the UE.
Optionally, the MME of the LTE-U network is specifically used for:
The second random number is generated, and is encrypted by the second random number described in the first foundation key pair, institute is obtained
State the first encrypted result;
By first random number, the AUTN, the network identity of the LTE-U network, first encrypted result and
Second random number is sent to the UE.
Optionally, the AUTN includes message authentication code MAC;
The UE is specifically used for:
Expectation message authentication is generated based on the other parameters in first random number and the AUTN in addition to the MAC
Code XMAC;
If the XMAC is identical with the MAC, it is determined that be verified to the LTE network.
Optionally, the UE is specifically used for:
The second foundation key is generated according to the network identity of the LTE-U network, first random number and the AUTN;
Second random number is encrypted by second foundation key, obtains third encrypted result;
If first encrypted result is equal to the third encrypted result, it is determined that the verifying to the LTE-U network
Pass through.
Optionally, the UE is specifically used for:
Third random number is generated, and by second foundation key to second random number and the third random number
Whole encryption is carried out, the second encrypted result is obtained;
Second encrypted result and the third random number are sent to the MME of the LTE-U network;
Correspondingly, the MME of the LTE-U network is specifically used for:
Second random number described in the first foundation key pair by storage and the third random number carry out whole add
It is close, obtain the 4th encrypted result;
If second encrypted result and the 4th encrypted result are equal, it is determined that be verified to the UE.
Optionally, the MME of the LTE network is specifically used for:
The expectation return information is stored, and by the first foundation key, the expectation return information, described
First random number and the AUTN are sent to the MME of the LTE-U network;
The MME of the LTE-U network is used for when receiving the first foundation key, the expectation return information, described
First random number and when the AUTN, the first foundation key and the expectation return information is stored, based on described
First foundation key generate the first encrypted result, and by first random number, the AUTN, the LTE-U network network
Mark and first encrypted result are sent to the UE.
Optionally, the AUTN includes MAC;
The MME of the LTE-U network is specifically used for:
It is encrypted by MAC described in the first foundation key pair, obtains first encrypted result.
Optionally, the UE is specifically used for:
The second foundation key is generated according to the network identity of the LTE-U network, first random number and the AUTN;
The MAC is encrypted by second foundation key, obtains the 5th encrypted result;
If first encrypted result be equal to the 5th encryption as a result, if determine verifying to the LTE-U network
Pass through.
Optionally, the UE is specifically used for:
The return information is encrypted by second foundation key, obtains the second encrypted result;
Correspondingly, the MME of the LTE-U network is specifically used for:
The encryption of return information described in the first foundation key pair by storage, obtains the 6th encrypted result;
If the expectation return information that the MME of the LTE-U network is stored is identical as the return information and described
6th encrypted result is equal with second encrypted result, it is determined that is verified to the UE.
Optionally, the security algorithm of the UE is carried in second attach request, the authentication vector includes third base
Plinth key, expectation return information, the first random number, authentication signature AUTN, the third foundation key are corresponding for the LTE network
Key;
The MME of the LTE network is specifically used for, based on the third foundation key, the expectation return information, described the
One random number and the AUTN and UE are interacted, to realize the UE to the verifying of the LTE network and described
Verifying of the MME of LTE network to the UE;
The MME of the LTE network is also used to generate the second random number, and base when determining to the UE when being verified
In the network identity and the third foundation key of the LTE-U network, first foundation key is generated;
The MME of the LTE network is also used to the security algorithm based on the UE and generates Non-Access Stratum NAS key, and passes through
Second random number described in the NAS key pair is encrypted, and the 7th encrypted result is obtained;
The MME of the LTE network is also used to the first foundation key, the third foundation key, the NAS is close
Key, the network identity of the LTE-U network, second random number and the 7th encrypted result are sent to the LTE-U net
The MME of network;
The MME of the LTE-U network is specifically used for being added by the second random number described in the first foundation key pair
It is close, obtain the 8th encrypted result, and by the third foundation key, the NAS key, the LTE-U network network identity,
7th encrypted result and the 8th encrypted result are sent to the UE;
The UE is specifically used for generating the second base based on the network identity of the third foundation key and the LTE-U network
Plinth key, and the 8th encrypted result is decrypted by second foundation key, the first decrypted result is obtained, is passed through
The 7th encrypted result of NAS key pair is decrypted, and obtains the second decrypted result;
If it is identical with second decrypted result that the UE is also used to first decrypted result, it is determined that described
LTE-U network is verified.
In conclusion in embodiments of the present invention, for the UE of non-access carrier network, when UE access LTE-U net
When network, the first attach request can be sent to the MME of LTE-U network, when the MME of LTE-U network receives first attachment
When request, the network identity of the LTE-U network can be added in the first attach request, so that the second attach request is generated, and
Second attach request is sent to the MME of LTE network, the MME of LTE network is based on second attach request and generates authorization data
Request, when HSS receives authorization data request, generates mirror based on authorization data request to request authentication vector to HSS
Weight vector, and the authentication vector is sent to the MME of LTE network, later, the MME of LTE network can be according to receiving
Authentication vector and the MME of UE and LTE-U network are interacted, to realize network authentication.It that is to say, through the embodiment of the present invention
The network authentication method of offer, UE can be in access carrier networks and LTE-U network, disposable completion and carrier network
Authentication between LTE-U network is user to allow UE while smoothly access carrier network and LTE-U network
Use bring conveniently.
It should be understood that network authentication system provided by the above embodiment is when carrying out network authentication, only with above-mentioned each
The division progress of functional module can according to need and for example, in practical application by above-mentioned function distribution by different function
Energy module is completed, i.e., the internal structure of equipment is divided into different functional modules, to complete whole described above or portion
Divide function.In addition, network authentication system provided by the above embodiment and network authentication embodiment of the method belong to same design, have
Body realizes that process is detailed in embodiment of the method, and which is not described herein again.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or its any combination real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program
Product includes one or more computer instructions.It is all or part of when loading on computers and executing the computer instruction
Ground is generated according to process or function described in the embodiment of the present invention.The computer can be general purpose computer, special purpose computer,
Computer network or other programmable devices.The computer instruction may be stored in a computer readable storage medium, or
Person is transmitted from a computer readable storage medium to another computer readable storage medium, for example, the computer instruction
Can from a web-site, computer, server or data center by it is wired (such as: coaxial cable, optical fiber, data use
Family line (Digital Subscriber Line, DSL)) or wireless (such as: infrared, wireless, microwave etc.) mode to another net
Website, computer, server or data center are transmitted.The computer readable storage medium can be computer can
Any usable medium of access either includes the data storage such as one or more usable mediums integrated server, data center
Equipment.The usable medium can be magnetic medium (such as: floppy disk, hard disk, tape), optical medium (such as: digital versatile disc
(Digital Versatile Disc, DVD)) or semiconductor medium (such as: solid state hard disk (Solid State Disk,
SSD)) etc..
Those of ordinary skill in the art will appreciate that realizing that all or part of the steps of above-described embodiment can pass through hardware
It completes, relevant hardware can also be instructed to complete by program, the program can store in a kind of computer-readable
In storage medium, storage medium mentioned above can be read-only memory, disk or CD etc..
The above is embodiment provided by the present application, all in spirit herein and original not to limit the application
Within then, any modification, equivalent replacement, improvement and so on be should be included within the scope of protection of this application.
Claims (24)
1. a kind of network authentication method, which is characterized in that the described method includes:
When the mobile management entity MME of the unlicensed LTE-U network based on long term evolution receives from user equipment (UE)
When one attach request, the network identity of the LTE-U network is added in first attach request, is asked with generating the second attachment
It asks, and second attach request is sent to the MME of long term evolution LTE network;
When the MME of the LTE network receives second attach request, it is based on second attach request, is signed to ownership
About client server HSS sends authorization data request, and the network identity of the LTE-U network is carried in the authorization data request
With the network identity of the LTE network;
When the HSS receives authorization data request, network identity and the LTE net based on the LTE-U network
The network identity of network generates authentication vector, and sends the authentication vector, the authentication vector packet to the MME of the LTE network
Include the parameter for being authenticated to the UE, the LTE-U network and the LTE network;
When the MME of the LTE network receives the authentication vector, based on the authentication vector and the UE and described
The MME of LTE-U network is interacted, to realize network authentication.
2. the method as described in claim 1, which is characterized in that the authentication vector includes first foundation key, expectation reply
Information, the first random number and authentication signature AUTN, the first foundation key are the corresponding key of the LTE-U network;
It is described to be interacted based on the authentication vector and the MME of the UE and the LTE-U network, to realize that network reflects
Power, comprising:
The MME of the LTE network stores the expectation return information, and is sent by the MME of the LTE-U network to the UE
First random number, the AUTN, the network identity of the LTE-U network and the first encrypted result, the first encryption knot
Fruit is generated by the MME of the LTE-U network based on the first foundation key;
Add when the UE receives first random number, the AUTN, the network identity of the LTE-U network and described first
When close result, the LTE network is verified based on first random number and the AUTN, and random based on described first
Several, the described AUTN, the network identity of the LTE-U network and first encrypted result verify the LTE-U network;
When the UE, which is determined, to be verified to the LTE network and the LTE-U network, return information is generated, and be based on
The network identity of first random number, the AUTN and the LTE-U network generates the second encrypted result;
Second encrypted result is sent to the MME of the LTE-U network by the UE, and the return information is sent to
The MME of LTE network;
When the MME of the LTE-U network receives second encrypted result, based on second encrypted result to the UE
It is verified, when the MME of the LTE network receives the return information, is based on the expectation return information and described time
Complex information verifies the UE.
3. method according to claim 2, which is characterized in that the MME of the LTE network passes through the MME of the LTE-U network
First random number, the AUTN and the first encrypted result are sent to the UE, comprising:
The MME of the LTE network stores the expectation return information, and by the first foundation key, described first
Random number and the AUTN are sent to the MME of the LTE-U network;
It, will when the MME of the LTE-U network receives the first foundation key, first random number and the AUTN
The first foundation key is stored, based on the first foundation key generate the first encrypted result, and by described first with
Machine number, the AUTN, the network identity of the LTE-U network and first encrypted result are sent to the UE.
4. method as claimed in claim 3, which is characterized in that described to generate the first encryption knot based on the first foundation key
Fruit, comprising:
The MME of the LTE-U network generates the second random number, and by the second random number described in the first foundation key pair into
Row encryption, obtains first encrypted result;
Correspondingly, described to add first random number, the AUTN, the network identity of the LTE-U network and described first
Close result is sent to the UE, comprising:
The MME of the LTE-U network by first random number, the AUTN, the LTE-U network network identity, described
First encrypted result and second random number are sent to the UE.
5. the method as claimed in claim 3 or 4, which is characterized in that the AUTN includes message authentication code MAC;
The UE is based on first random number and the AUTN verifies the LTE network, comprising:
The UE generates expectation message mirror based on the other parameters in first random number and the AUTN in addition to the MAC
Weighted code XMAC;
If the XMAC is identical with the MAC, the UE determination is verified the LTE network.
6. method as claimed in claim 4, which is characterized in that the UE is based on the first random number, AUTN, described
The network identity of LTE-U network and first encrypted result verify the LTE-U network, comprising:
The UE is close according to the second basis of the network identity of the LTE-U network, first random number and the AUTN generation
Key;
The UE encrypts second random number by second foundation key, obtains third encrypted result;
If first encrypted result is equal to the third encrypted result, the LTE-U network is tested in the UE determination
Card passes through.
7. method as claimed in claim 6, which is characterized in that described based on first random number, the AUTN and described
The network identity of LTE-U network generates the second encrypted result, comprising:
The UE generates third random number, and random to second random number and the third by second foundation key
Number carries out whole encryption, obtains the second encrypted result;
Correspondingly, second encrypted result is sent to the MME of the LTE-U network by the UE, comprising:
Second encrypted result and the third random number are sent to the MME of the LTE-U network by the UE;
Correspondingly, the MME of the LTE-U network verifies the UE based on second encrypted result, comprising:
Second random number and the third described in the first foundation key pair of the MME of the LTE-U network by storage with
Machine number carries out whole encryption, obtains the 4th encrypted result;
If second encrypted result and the 4th encrypted result are equal, the MME of the LTE-U network is determined to described
UE's is verified.
8. method according to claim 2, which is characterized in that the MME of the LTE network passes through the MME of the LTE-U network
First random number, the AUTN, the network identity of the LTE-U network and the first encrypted result are sent to the UE, is wrapped
It includes:
The MME of the LTE network stores the expectation return information, and by the first foundation key, the expectation
Return information, first random number and the AUTN are sent to the MME of the LTE-U network;
When the MME of the LTE-U network receives the first foundation key, the expectation return information, described first at random
When the several and AUTN, the first foundation key and the expectation return information are stored, are based on the first foundation
Key generates the first encrypted result, and by first random number, the AUTN, the network identity of the LTE-U network and institute
It states the first encrypted result and is sent to the UE.
9. method according to claim 8, which is characterized in that the AUTN includes MAC;
It is described that first encrypted result is generated based on the first foundation key, comprising:
The MME of the LTE-U network is encrypted by MAC described in the first foundation key pair, obtains first encryption
As a result.
10. method as claimed in claim 9, which is characterized in that the UE is based on first random number, the AUTN, institute
The network identity and first encrypted result for stating LTE-U network verify the LTE-U network, comprising:
The UE is close according to the second basis of the network identity of the LTE-U network, first random number and the AUTN generation
Key;
The UE encrypts the MAC by second foundation key, obtains the 5th encrypted result;
If first encrypted result be equal to the 5th encryption as a result, if the UE determination LTE-U network is tested
Card passes through.
11. method as claimed in claim 10, which is characterized in that described to be based on first random number, the AUTN and institute
The network identity for stating LTE-U network generates the second encrypted result, comprising:
The UE encrypts the return information by second foundation key, obtains the second encrypted result;
Correspondingly, the MME of the LTE-U network verifies the UE based on second encrypted result, comprising:
Return information encryption described in the first foundation key pair of the MME of the LTE-U network by storage, obtains the 6th and adds
Close result;
If the expectation return information that the MME of the LTE-U network is stored is identical as the return information, and the described 6th
Encrypted result is equal with second encrypted result, then the MME determination of the LTE-U network is verified the UE.
12. the method as described in claim 1, which is characterized in that the safety for carrying the UE in second attach request is calculated
Method, the authentication vector include third foundation key, expectation return information, the first random number, authentication signature AUTN, the third
Foundation key is the corresponding key of the LTE network;
It is described to be interacted based on the authentication vector and the MME of the UE and the LTE-U network, to realize that network reflects
Power, comprising:
The MME of the LTE network is based on the third foundation key, the expectation return information, first random number and institute
It states the AUTN and UE to interact, to realize the UE to MME pairs of the verifying of the LTE network and the LTE network
The verifying of the UE;
When being verified, the second random number is generated, and be based on the LTE-U to the UE when the MME of the LTE network is determining
The network identity of network and the third foundation key generate first foundation key;
The MME of the LTE network generates Non-Access Stratum NAS key based on the security algorithm of the UE, and passes through the NAS key
Second random number is encrypted, the 7th encrypted result is obtained;
The MME of the LTE network is by the first foundation key, the third foundation key, the NAS key, the LTE-U
The network identity of network, second random number and the 7th encrypted result are sent to the MME of the LTE-U network;
The MME of the LTE-U network is encrypted by the second random number described in the first foundation key pair, is obtained the 8th and is added
It is close as a result, and by the third foundation key, the NAS key, the LTE-U network network identity, it is described 7th encryption
As a result the UE is sent to the 8th encrypted result;
The UE generates the second foundation key based on the network identity of the third foundation key and the LTE-U network, and leads to
It crosses second foundation key the 8th encrypted result is decrypted, obtains the first decrypted result, pass through the NAS key
7th encrypted result is decrypted, the second decrypted result is obtained;
If first decrypted result is identical with second decrypted result, the UE is determined to the LTE-U network
It is verified.
13. a kind of network authentication system, which is characterized in that the system comprises:
The mobile management entity MME of unlicensed LTE-U network based on long term evolution is received for working as from user equipment (UE)
The first attach request when, the network identity of the LTE-U network is added in first attach request, it is second attached to generate
Request, and second attach request is sent to the MME of long term evolution LTE network;
The MME of the LTE network, for when it is described receive second attach request when, be based on second attach request,
Authorization data request is sent to home signature user server HSS, carries the LTE-U network in the authorization data request
The network identity of network identity and the LTE network;
The HSS, for when receiving authorization data request, network identity based on the LTE-U network and described
The network identity of LTE network generates authentication vector, and sends the authentication vector, the authentication to the MME of the LTE network
Vector includes the parameter for being authenticated to the UE, the LTE-U network and the LTE network;
The MME of the LTE network, for when receiving the authentication vector, based on the authentication vector and the UE and
The MME of the LTE-U network is interacted, to realize network authentication.
14. system as claimed in claim 13, which is characterized in that the authentication vector includes first foundation key, it is expected back
Complex information, the first random number and authentication signature AUTN, the first foundation key are the corresponding key of the LTE-U network;
The MME of the LTE network is specifically used for storing the expectation return information, and by the MME of the LTE-U network to institute
It states UE and sends first random number, the AUTN, the network identity of the LTE-U network and the first encrypted result, described
One encrypted result is generated by the MME of the LTE-U network based on the first foundation key;
The UE is used for when receiving first random number, the AUTN, the network identity of the LTE-U network and described the
When one encrypted result, the LTE network is verified based on first random number and the AUTN, and is based on described first
Random number, the AUTN, the network identity of the LTE-U network and first encrypted result carry out the LTE-U network
Verifying;
The UE is also used to generate return information when determination is verified the LTE network and the LTE-U network,
And the second encrypted result is generated based on the network identity of first random number, the AUTN and the LTE-U network;
The UE is also used to for second encrypted result being sent to the MME of the LTE-U network, and the return information is sent out
It send to the MME of LTE network;
The MME of the LTE-U network is used for when receiving second encrypted result, based on second encrypted result to institute
It states UE to be verified, when the MME of the LTE network receives the return information, is based on the expectation return information and institute
Return information is stated to verify the UE.
15. system as claimed in claim 14, which is characterized in that the MME of the LTE network is specifically used for:
The expectation return information is stored, and by the first foundation key, first random number and the AUTN
It is sent to the MME of the LTE-U network;
The MME of the LTE-U network, which is also used to work as, receives the first foundation key, first random number and the AUTN
When, the first foundation key is stored, the first encrypted result is generated based on the first foundation key, and by described the
One random number, the AUTN, the network identity of the LTE-U network and first encrypted result are sent to the UE.
16. system as claimed in claim 15, which is characterized in that the MME of the LTE-U network is specifically used for:
The second random number is generated, and is encrypted by the second random number described in the first foundation key pair, obtains described
One encrypted result;
By first random number, the AUTN, the network identity of the LTE-U network, first encrypted result and described
Second random number is sent to the UE.
17. the system as described in claim 15 or 16, which is characterized in that the AUTN includes message authentication code MAC;
The UE is specifically used for:
Expectation message authentication code is generated based on the other parameters in first random number and the AUTN in addition to the MAC
XMAC;
It is described that the LTE network is verified if the XMAC is identical with the MAC.
18. system as claimed in claim 16, which is characterized in that the UE is specifically used for:
The second foundation key is generated according to the network identity of the LTE-U network, first random number and the AUTN;
Second random number is encrypted by second foundation key, obtains third encrypted result;
If first encrypted result is equal to the third encrypted result, it is determined that be verified to the LTE-U network.
19. system as claimed in claim 18, which is characterized in that the UE is specifically used for:
Third random number is generated, and second random number and the third random number are carried out by second foundation key
Whole encryption, obtains the second encrypted result;
Second encrypted result and the third random number are sent to the MME of the LTE-U network;
Correspondingly, the MME of the LTE-U network is specifically used for:
Second random number described in the first foundation key pair by storage and the third random number carry out whole encryption, obtain
To the 4th encrypted result;
If second encrypted result and the 4th encrypted result are equal, it is determined that be verified to the UE.
20. system as claimed in claim 14, which is characterized in that the MME of the LTE network is specifically used for:
The expectation return information is stored, and by the first foundation key, the expectation return information, described first
Random number and the AUTN are sent to the MME of the LTE-U network;
The MME of the LTE-U network, which is used to work as, receives the first foundation key, the expectation return information, described first
Random number and when the AUTN, the first foundation key and the expectation return information are stored, are based on described first
Foundation key generate the first encrypted result, and by first random number, the AUTN, the LTE-U network network identity
The UE is sent to first encrypted result.
21. system as claimed in claim 20, which is characterized in that the AUTN includes MAC;
The MME of the LTE-U network is specifically used for:
It is encrypted by MAC described in the first foundation key pair, obtains first encrypted result.
22. system as claimed in claim 21, which is characterized in that the UE is specifically used for:
The second foundation key is generated according to the network identity of the LTE-U network, first random number and the AUTN;
The MAC is encrypted by second foundation key, obtains the 5th encrypted result;
If first encrypted result be equal to it is described 5th encryption as a result, if determination the LTE-U network is verified.
23. the system as claimed in claim 22, which is characterized in that the UE is specifically used for:
The return information is encrypted by second foundation key, obtains the second encrypted result;
Correspondingly, the MME of the LTE-U network is specifically used for:
The encryption of return information described in the first foundation key pair by storage, obtains the 6th encrypted result;
If the expectation return information that the MME of the LTE-U network is stored is identical as the return information, and the described 6th
Encrypted result is equal with second encrypted result, it is determined that is verified to the UE.
24. system as claimed in claim 13, which is characterized in that the safety for carrying the UE in second attach request is calculated
Method, the authentication vector include third foundation key, expectation return information, the first random number, authentication signature AUTN, the third
Foundation key is the corresponding key of the LTE network;
The MME of the LTE network is specifically used for, based on the third foundation key, the expectation return information, described first with
Machine number and the AUTN and UE are interacted, to realize verifying and the LTE net of the UE to the LTE network
Verifying of the MME of network to the UE;
The MME of the LTE network is also used to generate the second random number, and be based on institute when determining to the UE when being verified
The network identity and the third foundation key of LTE-U network are stated, first foundation key is generated;
The MME of the LTE network is also used to the security algorithm based on the UE and generates Non-Access Stratum NAS key, and by described
Second random number described in NAS key pair is encrypted, and the 7th encrypted result is obtained;
The MME of the LTE network is also used to the first foundation key, the third foundation key, the NAS key, institute
Network identity, second random number and the 7th encrypted result for stating LTE-U network are sent to the LTE-U network
MME;
The MME of the LTE-U network is specifically used for being encrypted by the second random number described in the first foundation key pair, obtains
To the 8th encrypted result, and by the third foundation key, the NAS key, the LTE-U network network identity, described
7th encrypted result and the 8th encrypted result are sent to the UE;
The UE is specifically used for close based on the second basis of the network identity of the third foundation key and LTE-U network generation
Key, and the 8th encrypted result is decrypted by second foundation key, the first decrypted result is obtained, by described
The 7th encrypted result of NAS key pair is decrypted, and obtains the second decrypted result;
If it is identical with second decrypted result that the UE is also used to first decrypted result, it is determined that the LTE-U
Network is verified.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710510229.3A CN109151816B (en) | 2017-06-28 | 2017-06-28 | Network authentication method and system |
| PCT/CN2018/093319 WO2019001509A1 (en) | 2017-06-28 | 2018-06-28 | Network authentication method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710510229.3A CN109151816B (en) | 2017-06-28 | 2017-06-28 | Network authentication method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109151816A true CN109151816A (en) | 2019-01-04 |
| CN109151816B CN109151816B (en) | 2020-08-07 |
Family
ID=64741115
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710510229.3A Expired - Fee Related CN109151816B (en) | 2017-06-28 | 2017-06-28 | Network authentication method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN109151816B (en) |
| WO (1) | WO2019001509A1 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150281966A1 (en) * | 2014-03-28 | 2015-10-01 | Qualcomm Incorporated | Provisioning credentials in wireless communications |
| WO2016074707A1 (en) * | 2014-11-12 | 2016-05-19 | Nokia Solutions And Networks Oy | Method, apparatus and system |
| WO2016136647A1 (en) * | 2015-02-25 | 2016-09-01 | 京セラ株式会社 | Network device and user terminal |
| CN106465242A (en) * | 2014-05-06 | 2017-02-22 | 高通股份有限公司 | Techniques for network selection in unlicensed frequency bands |
| CN106470382A (en) * | 2015-08-14 | 2017-03-01 | 中兴通讯股份有限公司 | Authority checking method, configuration information method of reseptance, device, base station and terminal |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106455065A (en) * | 2015-08-06 | 2017-02-22 | 阿尔卡特朗讯 | Method and device to control the use of unauthorized frequency band |
| CN106888482B (en) * | 2015-12-15 | 2020-04-07 | 展讯通信(上海)有限公司 | Terminal, LTE-U base station and communication method thereof |
| CN106851662B (en) * | 2017-01-18 | 2019-11-19 | 京信通信***(中国)有限公司 | A kind of unlicensed spectrum resource allocation methods and device |
-
2017
- 2017-06-28 CN CN201710510229.3A patent/CN109151816B/en not_active Expired - Fee Related
-
2018
- 2018-06-28 WO PCT/CN2018/093319 patent/WO2019001509A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150281966A1 (en) * | 2014-03-28 | 2015-10-01 | Qualcomm Incorporated | Provisioning credentials in wireless communications |
| CN106465242A (en) * | 2014-05-06 | 2017-02-22 | 高通股份有限公司 | Techniques for network selection in unlicensed frequency bands |
| WO2016074707A1 (en) * | 2014-11-12 | 2016-05-19 | Nokia Solutions And Networks Oy | Method, apparatus and system |
| WO2016136647A1 (en) * | 2015-02-25 | 2016-09-01 | 京セラ株式会社 | Network device and user terminal |
| CN106470382A (en) * | 2015-08-14 | 2017-03-01 | 中兴通讯股份有限公司 | Authority checking method, configuration information method of reseptance, device, base station and terminal |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2019001509A1 (en) | 2019-01-03 |
| CN109151816B (en) | 2020-08-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220407713A1 (en) | Secure token refresh | |
| KR101648158B1 (en) | Wireless communication using concurrent re-authentication and connection setup | |
| US10904753B2 (en) | Systems and methods for authentication | |
| Jiang et al. | EAP-based group authentication and key agreement protocol for machine-type communications | |
| CN107005569A (en) | Peer-to-peer services layer certification | |
| EP3657835A1 (en) | Access method of user equipment and user equipment | |
| EP3223452A1 (en) | Method and apparatus for providing service on basis of identifier of user equipment | |
| CN112512045B (en) | Communication system, method and device | |
| CN109922462A (en) | Machine To Machine ROM BOOT | |
| EP3956792B1 (en) | Cryptographic key generation for mobile communications device | |
| EP4231680A1 (en) | Identity authentication system, method and apparatus, device, and computer readable storage medium | |
| CN103188229A (en) | Method and equipment for secure content access | |
| CN109314693A (en) | The method and apparatus of authentication secret requesting party | |
| US20230308875A1 (en) | Wi-fi security authentication method and communication apparatus | |
| WO2023083170A1 (en) | Key generation method and apparatus, terminal device, and server | |
| CN102932787A (en) | Service test system for extensible authentication protocol (EAP)-subscriber identity module (SIM) user authentication | |
| CN113543121A (en) | Protection method for updating terminal parameter and communication device | |
| CN108616350A (en) | A kind of HTTP-Digest class AKA identity authorization systems and method based on pool of symmetric keys | |
| CN114205072B (en) | Authentication method, device and system | |
| Miller et al. | The 5g key-establishment stack: In-depth formal verification and experimentation | |
| CN103781026A (en) | Authentication method of general authentication mechanism | |
| JP2023519997A (en) | Method and communication apparatus for securing terminal parameter updates | |
| US20220174490A1 (en) | System, method, storage medium and equipment for mobile network access | |
| CN109151816A (en) | A kind of network authentication method and system | |
| CN113039766B (en) | Optimized equivalent Simultaneous Authentication (SAE) authentication in wireless networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20200807 Termination date: 20210628 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |