KR101780401B1 - Method and apparatus for setting of authorazation and security in radio communication system - Google Patents

Method and apparatus for setting of authorazation and security in radio communication system Download PDF

Info

Publication number
KR101780401B1
KR101780401B1 KR1020160007489A KR20160007489A KR101780401B1 KR 101780401 B1 KR101780401 B1 KR 101780401B1 KR 1020160007489 A KR1020160007489 A KR 1020160007489A KR 20160007489 A KR20160007489 A KR 20160007489A KR 101780401 B1 KR101780401 B1 KR 101780401B1
Authority
KR
South Korea
Prior art keywords
message
authentication
integrated
user terminal
security
Prior art date
Application number
KR1020160007489A
Other languages
Korean (ko)
Other versions
KR20170087654A (en
Inventor
김헌진
김찬례
Original Assignee
콘텔라 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 콘텔라 주식회사 filed Critical 콘텔라 주식회사
Priority to KR1020160007489A priority Critical patent/KR101780401B1/en
Publication of KR20170087654A publication Critical patent/KR20170087654A/en
Application granted granted Critical
Publication of KR101780401B1 publication Critical patent/KR101780401B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W60/00Affiliation to network, e.g. registration; Terminating affiliation with the network, e.g. de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W88/00Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
    • H04W88/14Backbone network devices

Abstract

The present invention discloses a method and apparatus for authentication and security establishment in a wireless communication system. A method for authentication and security establishment in a wireless communication system according to an aspect of the present invention includes: receiving a network registration request message from a user terminal; The mobility management apparatus transmits an authentication data request message to the home subscriber apparatus and receives an authentication data response message in response thereto; And the mobility management apparatus transmits an integrated authentication and security request message to the user terminal and receives an integrated response message in response thereto.

Figure R1020160007489

Description

TECHNICAL FIELD The present invention relates to a method and apparatus for authentication and security setting in a wireless communication system,

The present invention relates to a method and apparatus for authentication and security setting in a wireless communication system, and more particularly, to a method and apparatus for setting authentication and security in a wireless communication system including an EPC network, And more particularly, to a method and apparatus for authentication and security establishment in a wireless communication system that integrates and simplifies a wireless communication system.

Recently, due to the rapid development of communication, computer network and semiconductor technology, not only various services using wireless communication networks have been provided, but the demand of users has been increasing day by day, and the global wireless Internet service market has been exploding Trend. Accordingly, a service provided by a mobile communication system using a wireless communication network is being developed not only as a voice service, but also as a multimedia communication service for transmitting various data.

Long Term Evolution (LTE), one of the typical wireless networks, realizes high data rate, low latency, and packet optimized radio access requirements for the access network. And is designed to accommodate high-speed rich media while ensuring backward compatibility with existing 3GPP / non-3GPP access networks. LTE is an All-IP-based network that excludes existing circuit-switched based communications and enhances quality of service (OoS) management functions to provide real-time services (eg, voice communications, video communications) By providing differentiated QoS for real-time services (eg, web browsing, Store and Forward data transfer), we have increased the efficiency of network resources. In addition, by introducing smart antenna technology (ie, MIMO), the bandwidth for wireless communications has been extended.

In an EPC (Evolved Packet Core) network, which is an LTE core network, a base station (eNodeB), a mobility management entity (MME), a mobility management apparatus and a serving gateway (SGW) And operates organically between a packet data network gateway (PGW) to perform call processing for voice and data processing. In order to perform the call processing, it is essential for the user terminal to perform authentication (terminal authentication in the network, network authentication of the terminal) and security procedures when accessing the network for the first time. At this time, in the prior art, the authentication and security procedure execution are performed respectively. That is, a transmission / reception message for the authentication procedure and a transmission / reception message for performing the security procedure are transmitted between the user terminal and the mobility management apparatus, respectively, thereby increasing the processing time and increasing the network load.

Korean Laid-open Patent No. 2015-0031783 (published Feb. 25, 2015)

SUMMARY OF THE INVENTION The present invention has been proposed in order to solve the above problems, and it is an object of the present invention to provide a mobile communication system including an EPC network, And to provide a method and apparatus for establishing authentication and security in a wireless communication system that simplifies the procedure.

Other objects and advantages of the present invention can be understood by the following description, and will be more clearly understood by one embodiment of the present invention. It will also be readily apparent that the objects and advantages of the invention may be realized and attained by means of the instrumentalities and combinations particularly pointed out in the appended claims.

According to another aspect of the present invention, there is provided a method for establishing authentication and security in a wireless communication system, the method comprising: receiving a network registration request message from a user terminal; The mobility management apparatus transmits an authentication data request message to the home subscriber apparatus and receives an authentication data response message in response thereto; And the mobility management apparatus transmits an integrated authentication and security request message to the user terminal and receives an integrated response message in response thereto.

The method may further include checking whether the integrated message support enable information is included in the authentication data response message, and the step of receiving the integrated response message includes receiving the integrated message supportable information in the authentication data response message Is included.

The method includes the steps of: if the authentication data response message does not include the unified message supportable information, the mobility management apparatus transmits individually a message for authentication and a message for security to the user terminal, And receiving the message.

The integrated authentication and security request message includes RAND, AUTN, KSI, Alg, NAS-MAC, and the integrated response message includes RES, NAS-MAC.

According to another aspect of the present invention, there is provided an apparatus for authentication and security setting in a wireless communication system, the apparatus comprising: An authentication data transmission / reception unit for transmitting an authentication data response message in response to the authentication data response message; And an integrated message transmission / reception unit transmitting an integrated authentication and security request message to the user terminal and receiving an integrated response message.

If the integrated message support enable information is included in the authentication data response message, the integrated message transceiver transmits an integrated authentication and security request message to the user terminal and receives the integrated response message.

If the integrated message supportable information is not included in the authentication data response message, the integrated message transmission / reception unit separately transmits a message for authentication and a message for security to the user terminal, and receives the response message individually .

The integrated authentication and security request message includes RAND, AUTN, KSI, Alg, NAS-MAC, and the integrated response message includes RES, NAS-MAC.

According to an aspect of the present invention, there is provided an effect of reducing load and processing time of a network by simplifying a procedure by integrating messages to be transmitted and received in an authentication and security setting procedure between a user terminal (UE) and a mobility management apparatus have.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate exemplary embodiments of the invention and, together with the specific details for carrying out the invention, And shall not be construed as limited to the matters described.
FIG. 1 schematically shows a configuration of a wireless communication system according to an embodiment of the present invention. FIG.
2 is a view schematically showing the configuration of a mobility management apparatus (MME) according to an embodiment of the present invention,
3 is a flowchart illustrating an authentication and security procedure between a user equipment (UE) and a mobility management apparatus (MME) according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will become more apparent from the following detailed description of the present invention when taken in conjunction with the accompanying drawings, in which: There will be. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail. Hereinafter, a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.

Throughout the specification, when an element is referred to as " comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. In addition, the term "Quot; and " part " refer to a unit that processes at least one function or operation, which may be implemented in hardware, software, or a combination of hardware and software.

FIG. 1 is a view schematically showing a configuration of a wireless communication system according to an embodiment of the present invention. FIG. 2 is a view schematically showing the configuration of a mobility management apparatus (MME) according to an embodiment of the present invention.

In describing the present embodiment, the user terminal (UE) 110 may be configured to support the existing authentication and security procedures in the home subscriber unit (HSS) 140 during the initial activation, or to perform authentication and security procedures Message transmission / reception) is supported. In this case, it is assumed that the user terminal (UE) 110 supports simplified authentication and security procedures (integrated message transmission / reception function) in this embodiment. (NAS Security) is a process for securely transmitting a signaling message between the user terminal 110 and the mobility management apparatus 130 over a wireless link, And performs an integrity check and ciphering on the signaling message.

1, a wireless communication system according to an embodiment of the present invention includes a user equipment (UE) 110, a base station (eNodeB) 120, a mobility management unit (MME) 130, a home subscriber unit ) 140, a serving gateway (SGW) 150, a packet data network gateway (PGW) 160 and a packet data network (PDN) 170. The above system is called an evolved packet system . The EPS includes a Radio Access Network (RAN) such as an Evolved Packet Core (EPC) and an Evolved Universal Terrestrial Radio Access Network (E-UTRAN), which are IP based packet switched core networks. The EPC includes a mobility management (MME) 130, a serving gateway (SGW) 150, a packet data network gateway (PGW) 160 and a home subscriber unit (HSS) 140. Although not shown in FIG. 1, the above-described wireless communication system may further include a rate policy management device (PCRF), an online charging device (OCS), and an offline charging device (OFCS).

The user terminal (UE) 110 communicates with network nodes or other terminals constituting a core network through a radio access network (RAN) such as Evolved-UMTS Terrestrial Radio Access Network (E-UTRAN) Lt; / RTI > The UE 110 may be a mobile device and may include any user device capable of operating in a wireless environment such as a cellular phone, a digital versatile disc (PDA), a smart phone, . However, the present invention is not limited to this, and it may be any device that operates by wireless connection.

The mobility management device (MME) 130 supports access to network connections, allocation, tracking, paging, roaming, and handover of network resources of a user terminal (UE) And perform signaling and control functions. The mobility management device (MME) 130 controls control plane functions related to subscriber and session management. The mobility management device (MME) 130 manages a plurality of base stations (eNodeBs) 120 and performs signaling for selection of a gateway for handover to another 2G / 3G network. In addition, the mobility management device (MME) 130 may include security procedures, terminal-to-network session handling, and idle terminal location management. Function.

According to the present embodiment, the mobility management apparatus (MME) 130 performs an authentication procedure for a user terminal (UE) 110 requesting a connection to an initial network, Perform security procedures. The mobility management apparatus 130 may be configured to perform an authentication procedure for a UE 110 and a UE 110 after a mobility management apparatus Perform the procedure. At this time, the mobility management apparatus (MME) 130 according to the present embodiment consolidates the request messages for the above procedure (authentication and security) into one.

Referring to FIG. 2, the mobility management apparatus (MME) 130 includes an authentication data transmission / reception unit 210 and an integrated message transmission / reception unit 230.

The authentication data transmitting and receiving unit 210 transmits an authentication data request message to the home subscriber unit (HSS) 140 when receiving a network registration request message (Attach Request) from the user terminal (UE) 110, Message.

The network registration request message is transmitted to the mobility management apparatus 130 when the user terminal 110 first accesses the network. The network registration request message includes an IMSI (Subscriber Identity), UE Network Capability (used by the user terminal 110) KSIasme = 7 (KSIasme is an identifier for identifying Kasme between the user terminal 110 and the mobility management device 130, and numeral 7 means that the user terminal 110 does not have an authentication key) ), And the like.

The MSS 130 recognizes that the user terminal (UE) 110 does not have a Kasme due to the first access, and transmits the authentication data request message (Auth Info Request) to the home subscriber unit (HSS) 140 ), And includes information such as IMSI, SNID, n, and the like. The SNID is an identifier (PLAN ID (composed of MCC + MNC) of the network to which the subscriber terminal is connected), and n is an identifier of the subscriber terminal to which the mobility management apparatus 130 requests the home subscriber apparatus 140 The number of authentication vectors.

The authentication data response message is a response message sent from the home subscriber unit (HSS) 140 to the mobility management apparatus (MME) 130 for the authentication data request message. The home subscriber unit (HSS) 140 configures as many authentication vectors (AUTN, XRES, Kasme, RAND) as the number (n) requested by the mobility management apparatus (MME) To the mobility management apparatus (MME) 130. Also, the authentication data response message may include information on whether the integrated message is supported.

The integrated message transmission / reception unit 230 transmits the integrated message to the user terminal (UE) 110 and receives the response message for the integrated message transmission. That is, if the authentication message response message received by the authentication data transmission and reception unit 210 includes information on the capability of supporting the integrated message, the integrated message transmission and reception unit 230 may be integrated into the user terminal (UE) Message, and receive a response message for the unified message transmission. In this case, the unified message transmitted to the user terminal (UE) 110 is a combination of conventional user authentication and security request messages. Conventionally, a message according to a user authentication and a security request has been individually transmitted and received. However, It is possible to reduce the traffic of the network and to reduce the load of the home subscriber unit (HSS) 140. [ The unified message includes information such as RAND, AUTN, KSI, Alg, NAS-MAC, and the like. The response message to the unified message may include information such as RES, NAS-MAC, and the like. In addition to the above-described information, the unified message may further include an Authentication request message type, a NAS key set identifier, a Security mode command message identity, a Spare half octet, a Replayed UE security capabilities, an IMEISV request, a Replayed non- . In addition to the above-described information, the response message to the unified message may further include an authentication response message type, an authentication response parameter, a security mode complete message identity, and IMEISV information.

If the integrated message transmission / reception unit 230 does not include information on the integrated message support capability in the authentication data response message received by the authentication data transmission / reception unit 210, the integrated message transmission / To and from the user terminal 110, respectively.

The home subscriber unit (HSS) 140 manages user subscription information (or subscription data or subscription records) and location information. In particular, the home subscriber unit (HSS) 140 includes an authentication center (AuC). The user terminal (UE) 110 and the AuC store an LTE key (K) and IMSI, which are master keys for EPS. The LTE key K and the IMSI are stored at the time of manufacturing the USIM card installed in the UE, and the AuC is provisioned when the user joins the carrier network.

The serving gateway SGW 150 operates as a boundary between the radio access network RAN and the core network and maintains a data path between the base station (eNodeB) 120 and the packet data network gateway (PGW) It is an element that functions. In addition, when the user terminal (UE) 110 moves (e.g., handover, etc.) over an area served by the base station (eNodeB) 120, the serving gateway (SGW) It serves as an anchor point. That is, the packets may be routed through the serving gateway (SGW) 150 for mobility in the E-UTRAN. In addition, the serving gateway (SGW) 150 may be connected to another 3GPP network (RAN defined before 3GPP Release 8, for example, UTRAN or GERAN (Enhanced Data Rates for Global Evolution (SGW) 150 may also function as an anchor point for movement to an E-UTRAN radio access network (E-UTRAN). In addition, the serving gateway (SGW) 150 may perform an E-UTRAN idle mode downlink packet buffering, interception) can be performed.

The packet data network gateway (PGW) 160 corresponds to the termination point of the data interface toward the packet data network (PDN) The packet data network gateway (PGW) 160 may include policy enforcement features, packet filtering, charging support, lawful interception, UE IP allocation, , Packet screening, and the like. Also, for mobility management with 3GPP networks and non-3GPP networks (e.g., untrusted networks such as Interworking Wireless Local Area Network (IWLAN), Code Division Multiple Access (CDMA) networks or trusted networks such as WiMax) It can serve as an anchor point.

The policy management apparatus PCRF manages a policy, a quality of service (QoS), and the like to be applied to the user terminal (UE) The policy management device PCRF is connected to the packet data network gateway (PGW) 160 through an interface, and the PCC (Policy and Charging Control) rule generated in the rate policy management device (PCRF) (PGW) < / RTI >

The on-line billing apparatus (OCS) receives a billing information of a subscriber requiring real-time billing information, provides a credit management function such as a limit service, and is connected to a packet data network gateway (PGW) 160 via an interface. At this time, the packet data network gateway (PGW) 160 generates billing data of a packet flow based on the billing information provided by the online charging apparatus (OCS).

The off-line charging apparatus (OFCS) is a charging system that collects charging data generated by the packet data network gateway (PGW) 160 and processes the data into billing data required by a BS (billing system) and transmits the billing data. Also, the off-line charging apparatus (OFCS) accepts various charging protocols such as Radius, Diameter, GTPP, and provides unified BS interface.

Hereinafter, a method of authentication and security performing procedures between the mobility management apparatus (MME) 130 and the user terminal (UE) 110 of the wireless communication system will be described with reference to FIG.

3 is a flowchart illustrating a flow of authentication and security procedures between a UE 110 and a MME 130 according to an embodiment of the present invention.

The mobility management device (MME) 130 receives a network registration request message (Attach Request) from the user terminal 110 (S310). The network registration request message is transmitted to the mobility management apparatus (MME) 130 when the user terminal (UE) 110 first accesses the network. The network registration request message includes an IMSI (Subscriber Identity), a UE Network Capability KSIasme = 7 (KSIasme is an identifier for identifying Kasme between the user terminal 110 and the mobility management device 130, and numeral 7 is an authentication key for the user terminal 110) And does not have authentication information).

The mobility management device (MME) 130 transmits an authentication data request message (Auth Info Request) to the home subscriber device (HSS) 140 (S320). The MSS 130 recognizes that the user terminal (UE) 110 does not have a Kasme due to the first access, and transmits the authentication data request message (Auth Info Request) to the home subscriber unit (HSS) 140 ), And includes information such as IMSI, SNID, n, and the like. The SNID is an identifier (PLAN ID (composed of MCC + MNC) of the network to which the subscriber terminal is connected), and n is the number of mobility management units (MMEs) The number of authentication vectors requested by the user.

The mobility management device (MME) 130 receives a response message (Auth Info Answer) to the authentication data request message (Auth Info Request) from the home subscriber device (HSS) 140 (S330). The authentication data response message (Auth Info Answer) is a response message sent from the home subscriber device 140 to the mobility management device (MME) 130 for the authentication data request message (Auth Info Request). The home subscriber unit (HSS) 140 configures as many authentication vectors (AUTN, XRES, Kasme, RAND) as the number (n) requested by the mobility management apparatus (MME) To the mobility management apparatus (MME) 130. Also, the authentication data response message may include information on whether the integrated message is supported.

The mobility management apparatus 130 transmits an authentication request / security mode command for authentication and security setting to the user terminal 110 and transmits the authentication request / security mode command from the user terminal (UE) (Authentication Response / Security Mode Complete) for a message (Authentication Request / Security Mode Command) (S340) (S350). At this time, the response message for the unified message and the unified message may include information for authentication and security setting. For example, the unified message includes information such as RAND, AUTN, KSI, Alg, and NAS-MAC, and the response message to the unified message may include information such as RES, NAS-MAC, In addition to the above-described information, the unified message may further include an Authentication request message type, a NAS key set identifier, a Security mode command message identity, a Spare half octet, a Replayed UE security capabilities, an IMEISV request, a Replayed non- . In addition to the above-described information, the response message to the unified message may further include an authentication response message type, an authentication response parameter, a security mode complete message identity, and IMEISV information. For example, if the message received in step S330 includes information on the capability of supporting the integrated message, the mobility management device (MME) 130 may transmit the unified message to the user terminal (UE) 110, Lt; / RTI > In this case, the unified message transmitted to the user terminal (UE) 110 is a combination of conventional user authentication and security request messages. Conventionally, a message according to a user authentication and a security request has been individually transmitted and received. However, It is possible to reduce the traffic of the network and to reduce the load of the home subscriber unit (HSS) 140. [ The unified message includes information such as RAND, AUTN, KSI, Alg, NAS-MAC, and the like. The response message to the unified message may include information such as RES, NAS-MAC, and the like. In step S330, the MME 130 stores the authentication vectors received from the home subscriber unit (HSS) 140, selects one of the authentication vectors, and transmits the authentication vector to the user terminal UE ) 110 and performs mutual authentication and security procedures. The mobility management device (MME) 130 includes RAND and AUTN values in the selected authentication vector and transmits the RAND and AUTN values to the user terminal (UE) 110. The user terminal 110 receives the RAND and AUTN values, Use to generate RES, AUTN, and Kasme. The user terminal (UE) 110 authenticates the network by comparing the AUTN value generated by the user terminal 110 with the AUTN value received from the mobility management device (MME) 130, and when the network authentication is successful, (MME) 130, as shown in FIG. The mobility management apparatus (MME) 130 compares the XRES received from the home subscriber unit (HSS) 140 with the RES received from the user terminal (UE) 110 to authenticate the user. When the mutual authentication is successfully completed as described above, the user terminal (UE) 110 and the mobility management device (MME) 130 have the same Kasme.

Meanwhile, the mobility management apparatus (MME) 130 may perform the following security procedures at the same time as the authentication procedure is performed. The mobility management device (MME) 130 selects the security algorithms Alg and uses it to obtain an integrity key and an encryption key from Kasme. Then, the mobility management device (MME) 130 generates an NAS message authentication code (NAS-MAC) by applying an integrity key to the integrated message, and incorporates the selected security algorithms Alg and NAS-MAC into an integrated message And transmits it to the user terminal (UE) 110. The user terminal (UE) 110 receiving the unified message verifies the integrity of the received message using the security algorithms Alg selected by the mobility management device (MME) 130 and transmits the NAS integrity / To generate an integrity key and an encryption key from Kasme. Then, the user terminal (UE) 110 applies the encryption key to the unified message received from the mobile line management device (MME) and encrypts it, applies the integrity key to the encrypted message, and generates the message authentication code do. Then, the UE 110 transmits the encrypted message including the NAS-MAC to the mobility management device (MME) 130. The MME 130 receives a response message (Authentication Response / Security Mode Complete) for the unified message from the UE 110 and performs integrity verification and decryption using the integrity key and the encryption key, The signaling messages exchanged between the UE 110 and the MME 130 are transmitted to the security keys (the integrity key and the encryption key) Lt; RTI ID = 0.0 > integrity-protected < / RTI >

Meanwhile, the mobility management apparatus (MME) 130 can support an integrated message in a response message (Auth Info Answer) to an authentication data request message (Auth Info Request) received from the home subscriber unit (HSS) The individual messages for the authentication procedure and the security procedure can be transmitted to and received from the user terminal 110 individually, as in the prior art.

While the specification contains many features, such features should not be construed as limiting the scope of the invention or the scope of the claims. In addition, the features described in the individual embodiments herein may be combined and implemented in a single embodiment. On the contrary, the various features described in the singular embodiments may be individually implemented in various embodiments or properly combined.

Although the operations are described in a particular order in the figures, it should be understood that such operations are performed in a particular order as shown, or that all described operations are performed in a series of sequential orders, or to obtain the desired result. In certain circumstances, multitasking and parallel processing may be advantageous. It should also be understood that the division of various system components in the above embodiments does not require such distinction in all embodiments. The above-described application components and systems can generally be packaged into a single software product or multiple software products.

The method of the present invention as described above can be implemented in an application and stored in a computer-readable recording medium (CD-ROM, RAM, ROM, floppy disk, hard disk, magneto-optical disk, etc.). Such a process can be easily carried out by those skilled in the art and will not be described in detail.

It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit or scope of the invention. The present invention is not limited to the drawings.

110: User terminal (UE)
120: base station (eNodeB)
130: Mobility Management Device (MME)
140: Home Subscriber Unit (HSS)
150: Serving gateway (SGW)
160: packet data network gateway (PGW)
170: packet data network (PDN)
210: Authentication data transmission /
230: Integrated message transmission /

Claims (8)

delete The mobility management apparatus receiving a network registration request message from a user terminal;
The mobility management apparatus transmits an authentication data request message to the home subscriber apparatus and receives an authentication data response message in response thereto;
Confirming whether the authentication data response message includes the integrated message supportable information; And
When the mobility management apparatus transmits the integrated authentication and security request message to the user terminal and receives the integrated response message in response to the authentication and response message,
The method comprising the steps of: 3. The method of claim 2,
If the authentication message is not included in the authentication data response message, the mobility management apparatus transmits a message for authentication and a message for security to the user terminal, respectively, and receives a response message individually The method of claim 1, further comprising: The method according to claim 2 or 3,
The integrated authentication and security request message includes RAND, AUTN, KSI, Alg, NAS-MAC,
Wherein the unified response message includes a RES and a NAS-MAC. delete An authentication data transmission / reception unit for transmitting an authentication data request message to a home subscriber device upon receiving a network registration request message from a user terminal and receiving an authentication data response message in response thereto; And
And an integrated message transmission / reception unit transmitting an integrated authentication and security request message to the user terminal and receiving an integrated response message,
The integrated message transmission /
And transmits an authentication and security request message integrated in the user terminal and receives an integrated response message to the user terminal when the authentication data response message includes the integrated message supportable information. The method according to claim 6,
The integrated message transmission /
Wherein when the authentication data response message does not include the integrated message supportable information, the mobility management apparatus transmits a message for authentication and a message for security to the user terminal individually and receives a response message individually. 8. The method according to any one of claims 6 to 7,
The integrated authentication and security request message includes RAND, AUTN, KSI, Alg, NAS-MAC,
Wherein the integrated response message comprises a RES and an NAS-MAC.
KR1020160007489A 2016-01-21 2016-01-21 Method and apparatus for setting of authorazation and security in radio communication system KR101780401B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020160007489A KR101780401B1 (en) 2016-01-21 2016-01-21 Method and apparatus for setting of authorazation and security in radio communication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020160007489A KR101780401B1 (en) 2016-01-21 2016-01-21 Method and apparatus for setting of authorazation and security in radio communication system

Publications (2)

Publication Number Publication Date
KR20170087654A KR20170087654A (en) 2017-07-31
KR101780401B1 true KR101780401B1 (en) 2017-09-20

Family

ID=59418909

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020160007489A KR101780401B1 (en) 2016-01-21 2016-01-21 Method and apparatus for setting of authorazation and security in radio communication system

Country Status (1)

Country Link
KR (1) KR101780401B1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101835076B1 (en) * 2017-11-15 2018-04-19 곽권섭 Enhanced EPS-AKA methodology for mobile telecom subscriber's authentication issue

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101521892B1 (en) * 2009-05-13 2015-05-20 삼성전자주식회사 Apparatus and method for handover in wireless communication system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101521892B1 (en) * 2009-05-13 2015-05-20 삼성전자주식회사 Apparatus and method for handover in wireless communication system

Also Published As

Publication number Publication date
KR20170087654A (en) 2017-07-31

Similar Documents

Publication Publication Date Title
US10841302B2 (en) Method and apparatus for authenticating UE between heterogeneous networks in wireless communication system
US11689920B2 (en) System and method for security protection of NAS messages
US10911948B2 (en) Method and system for performing network access authentication based on non-3GPP network, and related device
KR101800659B1 (en) Method and apparatus for setting terminal in mobile telecommunication system
US20180249479A1 (en) Data transmission and reception method and device of terminal in wireless communication system
KR20130015529A (en) Method and system for controlling pcc based location in mobile communication system, packet data network controlling pcc based location
US20130189955A1 (en) Method for context establishment in telecommunication networks
CN117499157A (en) System and method for secure updating of configuration parameters provided in user equipment
KR20210076981A (en) Method and apparatus for session management
EP2486741B1 (en) System and method for managing security keys for multiple security contexts of a wireless user device to handover communications in a network
US9641531B2 (en) Node and a method for enabling network access authorization
CN106470397B (en) Method for acquiring terminal position in WiFi network, terminal, LTE communication equipment and system
KR101780401B1 (en) Method and apparatus for setting of authorazation and security in radio communication system
US20170156047A1 (en) A node and method for providing authentication of a wireless device in a roaming state
US10045391B2 (en) Methods, apparatuses and computer program products for prose communication
US9554350B1 (en) Systems and methods for wireless device attachment in a communication network
KR101954397B1 (en) Method for packet barring in LTE mobile communication system and, system therefor
EP2600646B1 (en) Method for deriving key by multisystem radio access network and multisystem radio access network
WO2015003751A1 (en) A node and method for private mobile radio services
US20230292121A1 (en) System and method for security protection of nas messages
Magalakshmi et al. Privacy Protection and Authentication Handover in 4G Network: A Survey of Literature
KR101851327B1 (en) Method and apparatus for providing communication service between mobile terminals
WO2023213184A1 (en) Communication method and communication apparatus

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right