WO2017143685A1 - Procédé de mise à jour de clé, dispositif, et système - Google Patents

Procédé de mise à jour de clé, dispositif, et système Download PDF

Info

Publication number
WO2017143685A1
WO2017143685A1 PCT/CN2016/083676 CN2016083676W WO2017143685A1 WO 2017143685 A1 WO2017143685 A1 WO 2017143685A1 CN 2016083676 W CN2016083676 W CN 2016083676W WO 2017143685 A1 WO2017143685 A1 WO 2017143685A1
Authority
WO
WIPO (PCT)
Prior art keywords
iot device
server
random number
session key
iot
Prior art date
Application number
PCT/CN2016/083676
Other languages
English (en)
Chinese (zh)
Inventor
余万涛
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017143685A1 publication Critical patent/WO2017143685A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols

Definitions

  • the present application relates to, but is not limited to, the field of communications, and in particular, to a key update method, apparatus, and system.
  • AKA authentication and key agreement protocol
  • IoT Internet of Things
  • the number of IoT devices is huge, and IoT devices may continuously and intermittently send data.
  • the system needs to authenticate and key the IoT device every time the access network sends data. This makes the CIoT system require a lot of system resources to process the AKA process of the IoT device.
  • the IoT device needs to perform the problem of wasting network resources caused by authentication every time the data is transmitted to the network, and an effective solution has not been proposed.
  • the present invention provides a method, a device and a system for updating a key to at least solve the problem of waste of network resources caused by the authentication of the Internet of Things IoT device in the related art.
  • An embodiment of the present invention provides a key update method, including: receiving, by a server, user identity information of an Internet of Things IOT device, and determining whether a time point of receiving the user identity information is within a valid duration, where the effective duration The duration set by the server after the access authentication is completed each time the IOT device completes; if the determination result is yes, the server sends the specified information for generating the session key of the IOT device to The IOT device.
  • the method further includes: when the determining result is negative, the server terminates the timing operation of the valid duration, and triggers an operation of performing access authentication on the IOT device, and triggering the A re-timed operation that describes the effective duration.
  • the effective duration is determined by: setting, by the server, the time point of the IOT device access authentication as a starting time of the effective duration, and setting and configuring all the IOT devices in the cellular Internet of Things CIoT system.
  • the duration of the effective duration is the same; or the time when the server completes the access authentication by using the IOT devices in the cellular IoT CIoT system as the starting point of the effective duration, respectively, setting the effective duration of each of the IOT devices.
  • the specifying information includes: a random number used to generate the IOT device session key.
  • the server receiving the user identity information of the Internet of Things IOT device includes: the server receiving user identity information forwarded by the Internet of Things IOT device by the network side node; the server is configured to generate the session secret of the IOT device
  • Sending the designation information of the key to the IOT device includes: the server transmitting, by the network side node, specified information for generating a session key of the IOT device to the IOT device.
  • the method further includes: receiving, by the server, the user private secret sent by the IOT device a key; the server generates a session key using the random number and the user private key, and transmits the session key to a network side node.
  • the server includes any one of the following: a home location register HLR, and a home subscription subscriber server HSS.
  • the embodiment of the present invention further provides a key update method, including: the Internet of Things IOT device sends the user identity information to the server; the IOT device determines whether the specified information for generating the session key sent by the server is received, The specified information is sent to the time when it is determined that the time when the server receives the user identity information is within a preset effective time period.
  • the information of the IOT device, the effective duration is the duration set by the server after each time the IOT device completes the access authentication; if the determination result is yes, the IOT device generates the location according to the specified information.
  • the session key including: the Internet of Things IOT device sends the user identity information to the server; the IOT device determines whether the specified information for generating the session key sent by the server is received, The specified information is sent to the time when it is determined that the time when the server receives the user identity information is within a preset effective time period.
  • the information of the IOT device, the effective duration is the duration set by the server after each time the IOT device complete
  • the method further includes: when the determining result is no, the IOT device re-initiates an access authentication operation.
  • the specifying information includes: a random number used to generate the IOT device session key.
  • the generating, by the IOT device, the session key according to the specified information comprises: the IOT device receiving the random number forwarded by the server by a network side node; the IOT device using a user private key and The random number generates the session key.
  • the generating, by the IOT device, the session key according to the specified information comprises: the IOT device receiving a random number forwarded by the server by a network side node, and a randomization after performing encryption processing by the network side node
  • the IOT device generates a session key using the user secret key and the random number, and decrypts the encrypted random number according to the session key to obtain a decrypted random number
  • the IOT device Determining whether the decrypted random number and the random number forwarded by the server by the network side node are the same; if the determination result is yes, the IOT device sends the data to be sent to the network side node; If the result is no, the IOT device sends a request message to the server, wherein the request message is used to request the server to resend the random number.
  • the embodiment of the invention further provides a computer readable storage medium storing computer executable instructions, which are implemented when the computer executable instructions are executed.
  • the embodiment of the present invention further provides a key updating apparatus, which is applied to a server, and includes: a first processing module, configured to: receive user identity information of an Internet of Things IOT device, and determine a time point of receiving the user identity information. Whether the effective duration is the duration set by the server after each time the IOT device completes the access authentication; the first sending module is configured to: if the determination result is yes, The specified information for generating the session key of the IOT device is sent to the IOT device.
  • a key updating apparatus which is applied to a server, and includes: a first processing module, configured to: receive user identity information of an Internet of Things IOT device, and determine a time point of receiving the user identity information. Whether the effective duration is the duration set by the server after each time the IOT device completes the access authentication; the first sending module is configured to: if the determination result is yes, The specified information for generating the session key of the IOT device is sent to the IOT device.
  • the device further includes: a second processing module, configured to: if the determination result is negative, terminate the timing operation of the valid duration, and trigger an access authentication for the IOT device Operation, and a retiming operation that triggers the effective duration.
  • a second processing module configured to: if the determination result is negative, terminate the timing operation of the valid duration, and trigger an access authentication for the IOT device Operation, and a retiming operation that triggers the effective duration.
  • the first processing module is further configured to: determine an effective duration by using a time point at which the IOT device accesses the authentication as a starting time of the valid duration, and is all under the cellular Internet of Things CIoT system.
  • the IOT device is set to have the same duration as the effective duration; or, the time point at which all the IOT devices under the cellular IoT CIoT system respectively complete the access authentication is used as the starting point of the effective duration, and the respective IOT devices are respectively set to be effective. duration.
  • the specifying information includes: a random number used to generate the IOT device session key.
  • the first processing module includes a first processing unit, where the first processing unit is configured to: receive user identity information of the Internet of Things IOT device, where the server receives the IoT IOT device forwarded by the network side node.
  • User identity information the first sending module includes a first sending unit, and the sending unit is configured to: send, by the network side node, specified information for generating a session key of the IOT device to the IOT device .
  • the device further includes: a receiving module, configured to: before the server sends the designation information for generating the session key of the IOT device to the IOT device, receive the sending by the IOT device a user privacy key; the third processing module is configured to: use the random number and the user privacy before the server sends the designation information for generating the session key of the IOT device to the IOT device The key generates a session key and sends the session key to the network side node.
  • a receiving module configured to: before the server sends the designation information for generating the session key of the IOT device to the IOT device, receive the sending by the IOT device a user privacy key
  • the third processing module is configured to: use the random number and the user privacy before the server sends the designation information for generating the session key of the IOT device to the IOT device
  • the key generates a session key and sends the session key to the network side node.
  • the server includes any one of the following: a home location register HLR, and a home subscription subscriber server HSS.
  • the embodiment of the present invention further provides a key updating apparatus, which is applied to an IoT IOT device, and includes: a second sending module, configured to: send user identity information to a server; and the determining module is configured to: determine whether the The specified information sent by the server for generating a session key, wherein the specified information is sent to the IOT device when it is determined that the time point when the server receives the user identity information is within a preset effective time period And the effective duration is the duration set by the server after each time the IOT device completes the access authentication; the obtaining module is configured to: when the determination result is yes, generate the location according to the specified information The session key.
  • a second sending module configured to: send user identity information to a server
  • the determining module is configured to: determine whether the The specified information sent by the server for generating a session key, wherein the specified information is sent to the IOT device when it is determined that the time point when the server receives the user identity information is within a preset effective time period And the effective duration is the duration
  • the device further includes: a fourth processing module, configured to re-initiate the access authentication operation if the determination result is negative.
  • the specifying information includes: setting: generating the IOT device session key Number of machines.
  • the acquiring module includes: a first receiving unit, configured to: receive the random number forwarded by the server by a network side node; and the acquiring unit is configured to: generate a user private key and the random number The session key.
  • the acquiring module includes: a second receiving unit, configured to: receive a random number forwarded by the server by the network side node, and a random number that is encrypted by the network side node; and a second processing unit, The method is configured to: generate a session key by using a user secret key and the random number, and decrypt the encrypted random number according to the session key to obtain a decrypted random number; and the determining unit is configured to: determine Whether the decrypted random number and the random number forwarded by the server through the network side node are the same; the second sending unit is configured to: send the data to be sent to the network side node if the determination result is yes And a third sending unit, configured to: when the determination result is no, send a request message to the server, wherein the request message is used to request the server to resend the random number.
  • a second receiving unit configured to: receive a random number forwarded by the server by the network side node, and a random number that is encrypted by the network side node
  • the embodiment of the present invention further provides a key update system, including: an Internet of Things IOT device, configured to: send user identity information to a network side node; the network side node is configured to: send the user identity information to a server, and Sending, to the IOT device, the specified information for generating the session key of the IOT device; the server is configured to: after receiving the user identity information, determine whether the time point of receiving the user identity information is Within the valid duration; if so, the specified information is sent to the network side node.
  • an Internet of Things IOT device configured to: send user identity information to a network side node
  • the network side node is configured to: send the user identity information to a server, and Sending, to the IOT device, the specified information for generating the session key of the IOT device
  • the server is configured to: after receiving the user identity information, determine whether the time point of receiving the user identity information is Within the valid duration; if so, the specified information is sent to the network side node.
  • the server receives the user identity information of the Internet of Things IOT device, and determines whether the time point of receiving the identity information of the user is within a valid duration, where the effective duration is that the IOT device completes access every time. After the authentication, the server sets the duration; if the judgment result is yes, the server sends the specified information for generating the session key of the IOT device to the IOT device. That is, in the embodiment of the present invention, after the IOT device completes the access authentication, the server sets the effective duration of the IOT device access authentication, and if the user identity information sent by the IOT device is received within the valid duration, only You need to generate a session key, and you do not need to perform IOT device access authentication.
  • the problem of waste of network resources caused by the authentication of the Internet of Things IoT device in each time when the Internet access IoT device transmits data is solved, thereby achieving the effect of saving network resources and further improving.
  • FIG. 1 is a flow chart of a first method of key update according to an embodiment of the present invention
  • FIG. 2 is a flowchart of an IoT device authentication method according to an embodiment of the present invention.
  • FIG. 3 is a flowchart of an IoT device re-authentication method according to an embodiment of the present invention.
  • FIG. 4 is a flowchart of a second method of key update according to an embodiment of the present invention.
  • FIG. 5 is a structural block diagram of a first type of key update apparatus according to an embodiment of the present invention.
  • FIG. 6 is a structural block diagram of a second type of key update apparatus according to an embodiment of the present invention.
  • FIG. 7 is a structural block diagram of a third type of key updating apparatus according to an embodiment of the present invention.
  • FIG. 8 is a structural block diagram of a fourth type of key update apparatus according to an embodiment of the present invention.
  • FIG. 9 is a structural block diagram of an IOT device authentication management apparatus according to an embodiment of the present invention.
  • FIG. 10 is a structural block diagram of an IOT device session key checking apparatus according to an embodiment of the present invention.
  • FIG. 11 is a flowchart of a third method of key update according to an embodiment of the present invention.
  • FIG. 12 is a flowchart of a fourth key update method according to an embodiment of the present invention.
  • FIG. 13 is a structural block diagram of a fifth type of key updating apparatus according to an embodiment of the present invention.
  • FIG. 14 is a structural block diagram of a sixth type of key updating apparatus according to an embodiment of the present invention.
  • FIG. 15 is a block diagram showing the structure of a seventh type of key updating apparatus according to an embodiment of the present invention.
  • 16 is a block diagram showing the structure of a key update system according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of a first key update method according to an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps:
  • Step S102 The server receives the user identity information of the IoT IOT device, and determines whether the time point of receiving the user identity information is within a valid duration, where the effective duration is after each time the IOT device completes the access authentication, The length of time the server is set;
  • Step S104 If the determination result is yes, the server sends the designation information for generating the session key of the IOT device to the IOT device.
  • the application scenario of the foregoing key update method may include, but is not limited to, a Cellular Internet of Things (CIoT) system, where a large number of objects may be disposed in the system.
  • IoT Internet of Things
  • the server may receive the user identity information of the IoT IOT device, and determine whether the time point of receiving the identity information of the user is within a valid duration, where the effective duration may be completed each time the IOT device is completed. After the access authentication, the length of time set by the server; if the judgment result is yes, the server may send the specified information for generating the session key of the IOT device to the IOT device.
  • the server sets the effective duration of the IOT device access authentication, and if the user identity information sent by the IOT device is received within the valid duration, only You need to generate a session key, and you do not need to perform IOT device access authentication.
  • the present embodiment provides a key update method, which is applicable to a cellular Internet of Things (CIOT) communication system including an IoT device, wherein the server uses a Home Location Register/Home Subscriber Server (Home Location Register/Home Subscriber Server,
  • the HLR/HSS is used as an example.
  • the IoT device may include a Subscriber Identity Module (SIM)/Universal Subscriber Identity Module (USIM) card, which may include the following content:
  • the HLR/HSS determines when to re-authenticate the IoT device, as defined by the HLR/HSS for each authentication effective duration.
  • HLR/HSS can define a uniform authentication effective duration for all IoT devices, and can also define a separate authentication effective duration for different IoT devices.
  • the HLR/HSS can initiate the authentication timing of the IoT device. When the authentication timing exceeds the validity period of the authentication, the HLR/HSS may terminate the authentication timing of the IoT device. All uncertified IoT devices will need to be certified subsequently. For example, HLR/HSS can define the effective duration of an IoT device.
  • the HLR/HSS can set a counter for the IoT device. When the counter reaches the authentication valid period, the HLR/HSS can clear the counter and cancel the counting for the IoT device. Upon subsequent receipt of the user identity information sent by the IoT device, the HLR/HSS will initiate the authentication process.
  • the HLR/HSS may initiate the authentication process for the IoT device after receiving the identity information sent by the IoT device;
  • the HLR/HSS can perform authentication timing for the IoT device.
  • the IoT device user identity information may be sent to a network side node, such as a Serving General Packet Radio Service Node (Serving GPRS Support Node, SGSN);
  • a network side node such as a Serving General Packet Radio Service Node (Serving GPRS Support Node, SGSN);
  • the network side node such as the SGSN, may forward the information to the HLR/HSS after receiving the identity information sent by the IoT device;
  • the HLR/HSS can check whether the authentication duration of the IoT device reaches the validity time of the authentication according to the defined validity period. If the authentication is valid or exceeded, the HLR/HSS can initiate an authentication process for the IoT device. If the authentication validity period is not reached, the HLR/HSS can generate a new random number for the IoT device and generate a new session key using the new random number and the IoT device user secret key, and then the new session key. And sending a new random number to the network side node, such as the SGSN;
  • the SGSN After receiving the new session key and the new random number, the SGSN can send the new random number to the IoT device;
  • the SGSN may encrypt the new random number with a new session, and then send the new random number together with the encrypted new random number to the IoT device;
  • the IoT device may generate a session key according to the user secret key saved on the SIM/USIM and the new random number received;
  • the IoT device may generate a session key according to the user secret key saved on the SIM/USIM and the received new random number, and use the session secret.
  • the key decrypts the encrypted new random number and checks whether the decrypted new random number is the same as the received new random number. If different, the IoT device can request retransmission to the network side node, such as the SGSN; if the same, the IoT device can communicate securely with the network side node, such as the SGSN.
  • the method may include the following steps:
  • step S11 the server terminates the timing operation of the valid duration, and triggers an operation of performing access authentication on the IOT device, and a re-timing operation that triggers the effective duration.
  • the server terminates the timing operation of the valid duration, and triggers an operation of performing access authentication on the IOT device to implement the IOT.
  • the secure communication between the device and the network side node avoids the problem that the communication security caused by the access authentication operation is not reduced even if the time point of the user identity information sent by the IOT device is not within the effective duration.
  • an IoT device authentication method wherein the effective duration can be implemented by a timer counter, and the server is described by taking an HLR/HSS as an example. As shown in Figure 2, the following steps are included:
  • Step S201 the IoT device accesses the network and completes AKA authentication
  • Step S202 the HLR/HSS starts a timing counter for the IoT device
  • step S203 when the counter reaches the authentication valid duration of the IoT device set by the HLR/HSS, the HLR/HSS clears the counter and cancels the counting for the IoT device.
  • an IoT device re-authentication method is also provided.
  • the server uses the HLR/HSS as an example. As shown in Figure 3, the following steps are included:
  • Step S301 when the IoT device needs to send data, send the IoT device user identity information to the network side node SGSN;
  • Step S302 after receiving the user identity information sent by the IoT device, the network side node SGSN forwards the IoT device user identity information to the HLR/HSS;
  • Step S303 after receiving the IoT device user identity information, the HLR/HSS checks whether there is a timing counter of the IoT device. If not, the HLR/HSS determines that the IoT device needs to be re-authenticated.
  • Step S304 an AKA authentication process is performed between the HLR/HSS and the IoT.
  • Step S305 after the end of the authentication between the HLR/HSS and the IoT, the HLR/HSS starts a new timing counter for the IoT device.
  • the effective duration can be determined by the following steps:
  • step S21 the time point at which the server accesses the authentication by the IOT device is used as the starting point of the effective duration, and all the IOT devices in the cellular IoT CIoT system are set to have the same duration as the effective duration; or
  • step S22 the server uses the time point for completing the access authentication for all the IOT devices in the cellular Internet of Things (CIoT system) as the starting point of the effective duration, and sets the effective duration of each of the IOT devices.
  • CIP system cellular Internet of Things
  • the effective duration is preset for all the IOT devices in the cellular Internet of Things CIoT system by using a predetermined rule, and the dynamic setting of the effective duration is realized.
  • the foregoing specifying information may include: a random number used to generate the IOT device session key.
  • the random number may be used to generate a security key according to the random number after receiving the random number by the IOT device.
  • the server receiving the user identity information of the Internet of Things IOT device may include the following steps:
  • Step S31 the server receives user identity information forwarded by the Internet of Things IOT device through the network side node;
  • the server sends the specified information for generating the session key of the IOT device to the IOT device, which may include the following steps:
  • Step S32 The server sends the specified information for generating the session key of the IOT device to the IOT device through the network side node.
  • the network side node is used as an intermediate node for receiving user identity information and transmitting designated information, and the related art is required, and the IoT device needs to perform authentication every time the data is sent to the network.
  • the resulting problem of wasted network resources thereby achieving the effect of saving network resources, and further improving the efficiency of key update.
  • the method may further include the following steps:
  • Step S41 The server receives the user secret key sent by the IOT device.
  • Step S42 the server generates the session key by using the random number and the user private key, and sends the session key to the network side node.
  • the user secret key may be saved on the SIM/USIM.
  • the server generates a session key by using a user secret key and a random number sent by the IOT device, and sends the session key to the network side node, thereby further implementing secure communication between the IOT device and the network side node. effect.
  • an IoT device key update method is provided.
  • the server is described by taking the HLR/HSS as an example. As shown in FIG. 4, the method includes the following steps:
  • Step S401 when the IoT device needs to send data, send the IoT device user identity information to the network side node SGSN;
  • Step S402 after receiving the user identity information sent by the IoT device, the network side node SGSN forwards the IoT device user identity information to the HLR/HSS;
  • Step S403 after receiving the IoT device user identity information, the HLR/HSS checks whether there is a timing counter of the IoT device, and if so, the HLR/HSS generates a new random number for the IoT device, and uses the new random number and The IoT device user private key generates a new session key.
  • Step S404 the HLR/HSS sends the new session key and the new random number to the network side node, such as the SGSN;
  • Step S405 after receiving the new session key and the new random number, the SGSN sends the new random number to the IoT device.
  • Step S406 After receiving the new random number, the IoT device generates a session key according to the user secret key saved on the SIM/USIM and the received new random number.
  • step S407 the IoT device performs secure communication with the network side node, such as the SGSN.
  • the server may include any one of the following: a home location register HLR, a home subscription subscriber server HSS.
  • the method according to the above embodiments can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, disk).
  • the optical disc includes a plurality of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in the embodiments of the present invention.
  • a key update device is also provided, which is configured to implement the foregoing embodiments and optional implementations, and details are not described herein.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the devices described in the following embodiments may be implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 5 is a structural block diagram of a first type of key update apparatus according to an embodiment of the present invention. As shown in FIG. 5, the apparatus includes:
  • the first processing module 52 is configured to: receive user identity information of the Internet of Things IOT device, and determine whether the time point of receiving the user identity information is within a valid duration, wherein the effective duration is each time the IOT device The length of time set by the server after the access authentication is completed;
  • the first sending module 54 is configured to: when the determination result is YES, send designation information for generating a session key of the IOT device to the IOT device.
  • the application scenario of the foregoing key update method may include, but is not limited to, a Cellular Internet of Things (CIoT) system, where A large number of Internet of Things (IoT) devices are installed in the system.
  • the server may receive the user identity information of the IoT IOT device, and determine whether the time point of receiving the identity information of the user is within a valid duration, where the effective duration may be completed each time the IOT device is completed. After the access authentication, the length of time set by the server; if the judgment result is yes, the server may send the specified information for generating the session key of the IOT device to the IOT device.
  • the server may set the effective duration of the IOT device access authentication, and if the user identity information sent by the IOT device is received within the valid duration, Simply generate a session key and no need to perform IOT device access authentication.
  • the problem of waste of network resources caused by the authentication of the Internet of Things IoT device during each access to the network is required to be solved, thereby achieving the effect of saving network resources and further improving the density.
  • the present embodiment provides a key update method, which can be applied to a cellular IoT CIoT communication system including an IoT device, wherein the server is described by taking an HLR/HSS as an example, and the IoT device can include a SIM/USIM card. , can include the following steps:
  • the HLR/HSS determines when the IoT device is re-authenticated, for example, the HLR/HSS can define the effective duration of each authentication.
  • HLR/HSS can define a uniform authentication effective duration for all IoT devices, and can also define a separate authentication effective duration for different IoT devices.
  • the HLR/HSS can initiate the authentication timing of the IoT device. When the authentication timing exceeds the validity period of the authentication, the HLR/HSS may terminate the authentication timing of the IoT device. All uncertified IoT devices will need to be certified subsequently. For example, HLR/HSS can define the effective duration of an IoT device.
  • the HLR/HSS can set a counter for the IoT device. When the counter reaches the authentication valid period, the HLR/HSS can clear the counter and cancel the counting for the IoT device. Upon subsequent receipt of the user identity information sent by the IoT device, the HLR/HSS will initiate the authentication process.
  • the HLR/HSS may initiate the authentication process for the IoT device after receiving the identity information sent by the IoT device;
  • the HLR/HSS can perform authentication timing for the IoT device.
  • the IoT device When the IoT device needs to send data, it can send the IoT device to the network side node, such as the SGSN.
  • the network side node such as the SGSN.
  • the network side node such as the SGSN, may forward the information to the HLR/HSS after receiving the identity information sent by the IoT device;
  • the HLR/HSS can check whether the authentication duration of the IoT device reaches the validity time of the authentication according to the defined validity period. If the authentication is valid or exceeded, the HLR/HSS can initiate an authentication process for the IoT device. If the authentication validity period is not reached, the HLR/HSS can generate a new random number for the IoT device and generate a new session key using the new random number and the IoT device user secret key, and then the new session key. And sending a new random number to the network side node, such as the SGSN;
  • the SGSN After receiving the new session key and the new random number, the SGSN can send the new random number to the IoT device;
  • the SGSN may encrypt the new random number with a new session, and then send the new random number together with the encrypted new random number to the IoT device;
  • the IoT device may generate a session key according to the user secret key saved on the SIM/USIM and the new random number received;
  • the IoT device may generate a session key according to the user secret key saved on the SIM/USIM and the received new random number, and use the session secret.
  • the key decrypts the encrypted new random number and checks whether the decrypted new random number is the same as the received new random number. If different, the IoT device can request retransmission to the network side node, such as the SGSN; if the same, the IoT device can communicate securely with the network side node, such as the SGSN.
  • FIG. 6 is a structural block diagram of a second type of key update apparatus according to an embodiment of the present invention. As shown in FIG. 6, the apparatus includes, in addition to all the modules shown in FIG.
  • the second processing module 62 is configured to: if the determination result is negative, terminate the timing operation of the valid duration, trigger an operation of performing access authentication on the IOT device, and trigger a re-timed of the valid duration operating.
  • the server may terminate the timing operation of the valid duration, and trigger an operation of performing access authentication on the IOT device, thereby implementing Secure communication between the IOT device and the network side node, avoiding even When the time point of the user identity information sent by the IOT device is not within the valid duration, the communication security caused by the access authentication operation is not reduced.
  • the first processing module may be further configured to: determine an effective duration by using a time point at which the IOT device accesses the authentication as a starting point of the effective duration, and is a cellular IoT system under the CIoT system. All the IOT devices are set to have the same duration as the effective duration; or, the time points at which all the IOT devices under the cellular IoT CIoT system respectively complete the access authentication are used as the starting point of the effective duration, and the respective IOT devices are respectively set to be effective. duration.
  • the effective duration can be preset for all IOT devices under the cellular Internet of Things CIoT system through predetermined rules, and the dynamic setting of the effective duration is realized.
  • the specifying information may include: a random number used to generate the IOT device session key.
  • the random number may be used to generate a security key according to the random number after receiving the random number by the IOT device.
  • FIG. 7 is a structural block diagram of a third type of key updating apparatus according to an embodiment of the present invention.
  • the first processing module 52 includes:
  • the first processing unit 72 is configured to: receive user identity information of the Internet of Things IOT device, where the server receives user identity information forwarded by the Internet of Things IOT device through the network side node;
  • the first sending module 54 includes:
  • the first sending unit 74 is configured to: send the designation information for generating the session key of the IOT device to the IOT device through the network side node.
  • the network side node is used as an intermediate node for receiving user identity information and transmitting designated information, and the related art is required, and the IoT device needs to perform authentication every time the data is sent to the network.
  • the resulting problem of wasted network resources thereby achieving the effect of saving network resources, and further improving the efficiency of key update.
  • FIG. 8 is a structural block diagram of a fourth key updating apparatus according to an embodiment of the present invention. As shown in FIG. 8, the apparatus includes, in addition to all the modules shown in FIG. :
  • the receiving module 82 is configured to: the session secret that the server will use to generate the IOT device Receiving the user secret key sent by the IOT device before sending the specified information of the key to the IOT device;
  • the third processing module 84 is configured to: before the server sends the designation information for generating the session key of the IOT device to the IOT device, generate the session key by using the random number and the user secret key, And send the session key to the network side node.
  • the user secret key may be saved on the SIM/USIM.
  • the server may generate a session key by using a user secret key and a random number sent by the IOT device, and send the session key to the network side node, thereby further implementing secure communication between the IOT device and the network side node. Effect.
  • the foregoing server may include any one of the following: a home location register HLR, and a home subscription subscriber server HSS.
  • an IOT device authentication management device is further provided in this embodiment.
  • the method includes:
  • the authentication timing module 92 is configured to: perform authentication timing for the IoT device after the AKA process ends;
  • the management module 94 the user HLR/HSS manages the authentication timing module, and checks whether the timing counter for one IoT device timing module has reached the authentication effective duration. When the authentication is valid for a long time, the counter is cleared and the timing for the IoT device is cancelled.
  • the checking module 96 is configured to: check whether the IoT device needs to be authenticated according to the IoT device user identity information, or update the session key;
  • a session key checking apparatus is further provided, as shown in FIG. 10, including:
  • the session key check management module 1002 is configured to: update the IoT device session key, and check whether the update session key needs to be renegotiated.
  • FIG. 11 is a flowchart of a third key update method according to an embodiment of the present invention. As shown in FIG. 11, the method includes the following steps:
  • Step S1102 The Internet of Things IOT device sends user identity information to the server.
  • Step S1104 The IOT device determines whether the specified information for generating the session key sent by the server is received, where the specified information is when the time point when the server receives the user identity information is within a preset effective time period.
  • the information sent to the IOT device, the effective duration being the length of time set by the server after the IOT device completes the access authentication;
  • step S1106 if the determination result is yes, the IOT device generates the session key according to the specified information.
  • the application scenario of the foregoing key update method may include, but is not limited to, a Cellular Internet of Things (CIoT) system, where a large number of Internet of Things is set in the system. (Internet of Things, referred to as IoT) devices.
  • IoT Internet of Things
  • the IoT IOT device may send the user identity information to the server; the IOT device may determine whether the specified information sent by the server for generating the session key is received, wherein the specified information may be determining the server.
  • the information sent to the IOT device when the time point of receiving the user identity information is within a preset effective time period, and the effective duration may be the duration set by the server after each time the IOT device completes the access authentication; If the determination result is yes, the IOT device may generate the session key according to the specified information. That is, after the IOT device sends the user identity information to the server, if the specified information for generating the session key sent by the server is received within the length of the IOT device authentication, the access authentication is not required, but can be directly based on The specified information generates the session key, thereby solving the problem of waste of network resources caused by the authentication of the IoT IoT device in each of the related technologies in the related art, thereby achieving the effect of saving network resources. , further improve the efficiency of key update.
  • the method may include the following steps:
  • step S51 the IOT device re-initiates the access authentication operation.
  • the IOT device re-initiates the access authentication operation when the IOT device determines that the specified information for generating the session key sent by the server is not received, thereby avoiding related technologies.
  • the problem of wasted network resources caused by the authentication is required, thereby achieving the effect of saving network resources and further improving the efficiency of key update.
  • the foregoing specifying information may include: used to generate the IOT device The random number of the session key.
  • the random number may be used to generate a security key according to the random number after receiving the random number by the IOT device.
  • the generating, by the IOT device, the session key according to the specified information may include the following steps:
  • Step S61 the IOT device receives the random number forwarded by the server through the network side node
  • Step S62 the IOT device generates the session key by using the user secret key and the random number.
  • the user secret key may be saved on the SIM/USIM.
  • the IOT device may receive a random number sent by the server, and generate the session key according to the user private key and the random number to further implement secure communication.
  • the generating, by the IOT device, the session key according to the specified information may include the following steps:
  • Step S71 The IOT device receives the random number forwarded by the server through the network side node and the random number after the network side node performs encryption processing.
  • Step S72 The IOT device generates a session key by using the user secret key and the random number, and decrypts the encrypted random number according to the session key to obtain the decrypted random number.
  • Step S73 the IOT device determines whether the decrypted random number is the same as the random number forwarded by the server through the network side node;
  • Step S74 in the case that the determination result is yes, the IOT device sends the data to be sent to the network side node;
  • Step S75 If the determination result is no, the IOT device sends a request message to the server, where the request message is used to request the server to resend the random number.
  • the IOT device can compare the random number sent by the receiving server with the decrypted random number, and perform corresponding operations according to the comparison result, which solves the problem that the Internet of Things IoT device sends in each access network.
  • the problem of wasted network resources caused by authentication is required, and the effect of saving network resources is achieved at the same time.
  • the secure communication of the IOT device is further guaranteed.
  • an IoT device key update method is provided, where the server takes the HLR/HSS as an example. As shown in Figure 12, the following steps are included:
  • Step S1201 When the IoT device needs to send data, send the IoT device user identity information to the network side node SGSN.
  • Step S1202 After receiving the user identity information sent by the IoT device, the network side node SGSN forwards the IoT device user identity information to the HLR/HSS.
  • Step S1203 After receiving the IoT device user identity information, the HLR/HSS checks whether there is a counter of the IoT device, and if so, the HLR/HSS generates a new random number for the IoT device, and uses the new random number and IoT.
  • the device user private key generates a new session key.
  • Step S1204 the HLR/HSS sends the new session key and the new random number to the network side node, such as the SGSN;
  • Step S1205 the SGSN encrypts the new random number with the new session, and then sends the new random number together with the encrypted new random number to the IoT device;
  • Step S1206 After receiving the new random number and the encrypted new random number, the IoT device generates a session key according to the user secret key saved on the SIM/USIM and the received new random number, and decrypts the session key.
  • the encrypted new random number checks whether the decrypted new random number is the same as the received new random number. If they are the same, step 407 is performed. If different, the IoT device requests retransmission from the network side node, such as the SGSN.
  • step S1207 the IoT device performs secure communication with the network side node, such as the SGSN.
  • the method according to the above embodiments can be implemented by means of software plus a necessary general hardware platform, and of course, by hardware.
  • the technical solution of the embodiments of the present invention may be embodied in the form of a software product in essence or in the form of a software product stored in a storage medium (such as ROM/RAM, disk).
  • the optical disc includes a plurality of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method described in the embodiments of the present invention.
  • a key update device is further provided, which is configured to implement the above implementation.
  • the examples and optional embodiments have not been described again.
  • the term "module” may implement a combination of software and/or hardware of a predetermined function.
  • the devices described in the following embodiments may be implemented in software, hardware, or a combination of software and hardware, is also possible and contemplated.
  • FIG. 13 is a structural block diagram of a fifth type of key update apparatus according to an embodiment of the present invention. As shown in FIG. 13, the apparatus includes:
  • the second sending module 1302 is configured to: send user identity information to the server;
  • the determining module 1304 is configured to: determine whether the specified information for generating the session key sent by the server is received, where the specified information is pre-set at a time point when determining that the server receives the user identity information
  • the information sent to the IOT device during the effective duration is the duration set by the server after each time the IOT device completes the access authentication;
  • the obtaining module 1306 is configured to: when the determination result is YES, generate the session key according to the specified information.
  • the application scenario of the foregoing key update method may include, but is not limited to, a Cellular Internet of Things (CIoT) system, where a large number of objects may be disposed in the system.
  • IoT Internet of Things
  • the IoT IOT device may send the user identity information to the server; the IOT device may determine whether the specified information sent by the server for generating the session key is received, wherein the specified information may be determining the server.
  • the information sent to the IOT device when the time point of receiving the user identity information is within a preset effective time period, and the effective duration may be the duration set by the server after each time the IOT device completes the access authentication; If the determination result is yes, the IOT device may generate the session key according to the specified information. That is, after the IOT device sends the user identity information to the server, if the specified information for generating the session key sent by the server is received within the length of the IOT device authentication, the access authentication is not required, but directly according to the The specified information generates the session key, thereby solving the problem of waste of network resources caused by the authentication of the IoT IoT device in each of the related technologies in the related art, thereby achieving the effect of saving network resources. Further improve the efficiency of key update.
  • FIG. 14 is a structural block diagram of a sixth key updating apparatus according to an embodiment of the present invention. As shown in FIG. 14, the apparatus includes all the modules shown in FIG. Also includes:
  • the fourth processing module 1402 is configured to: re-initiate the access authentication operation if the determination result is no.
  • the IOT device re-initiates the access authentication operation when the IOT device determines that the specified information for generating the session key sent by the server is not received, thereby avoiding related technologies.
  • the problem of wasted network resources caused by the authentication is required, thereby achieving the effect of saving network resources and further improving the efficiency of key update.
  • the specifying information may include: a random number used to generate the IOT device session key.
  • the random number may be used to generate a security key according to the random number after receiving the random number by the IOT device.
  • FIG. 15 is a structural block diagram of a seventh key updating apparatus according to an embodiment of the present invention.
  • the obtaining module 1306 includes:
  • the first receiving unit 1502 is configured to: receive the random number forwarded by the server by the network side node;
  • the obtaining unit 1504 is configured to generate the session key using the user private key and the random number.
  • the unit included in the obtaining module 106 may also perform equivalent replacement by using the following unit: 1) the second receiving unit is configured to: receive the random number forwarded by the server through the network side node, and a random number after the network side node performs encryption processing; 2) the second processing unit is configured to: generate a session key by using the user private key and the random number, and randomly process the encrypted process according to the session key The number is decrypted to obtain the decrypted random number; 3) the determining unit is configured to: determine whether the decrypted random number is the same as the random number forwarded by the server through the network side node; 4) the second sending unit is set to: If the determination result is yes, the data to be sent is sent to the network side node; 5) the third sending unit is configured to: if the determination result is no, send a request message to the server, where the request message Used to request the server to resend a random number.
  • a key update system is also provided in this embodiment. As shown in FIG. 16, the system includes:
  • the Internet of Things IOT device 1602 is configured to: send user identity information to the network side node;
  • the network side node 1604 is configured to: send the user identity information to the server, and send the designated information for generating the session key of the IOT device to the IOT device;
  • the server 1606 is configured to: after receiving the identity information of the user, determine whether the time point of receiving the identity information of the user is within a valid duration; if yes, send the specified information to the network side node.
  • the server 1606 may include: a home location register HLR, a home subscription subscriber server HSS.
  • modules may be implemented by software or hardware.
  • the foregoing may be implemented by, but not limited to, the foregoing modules are all located in the same processor; or, the modules are respectively located in multiple processes. In the device.
  • the embodiment of the invention further provides a storage medium.
  • the foregoing storage medium may be configured to store program code for performing the following steps:
  • the server receives the user identity information of the IoT IOT device, and determines whether the time point of receiving the identity information of the user is within a valid duration, where the effective duration is after each time the IOT device completes the access authentication, the server The length of time set;
  • the server sends the designation information for generating the session key of the IOT device to the IOT device.
  • the storage medium may also be arranged to store program code for performing the following steps:
  • the Internet of Things IOT device sends user identity information to the server;
  • the IOT device determines whether the specified information for generating the session key sent by the server is received, where the specified information is determined to be within a preset effective time when the server receives the identity information of the user.
  • the information sent to the IOT device, the effective duration is the duration set by the server after each time the IOT device completes the access authentication;
  • the IOT device If the determination result is yes, the IOT device generates the session key according to the specified information.
  • the foregoing storage medium may include, but not limited to, a USB flash drive, a Read-Only Memory (ROM), a Random Access Memory (RAM), a mobile hard disk, and a magnetic memory.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • a mobile hard disk e.g., a hard disk
  • magnetic memory e.g., a hard disk
  • the processor may perform the foregoing steps S1, S2 according to the stored program code in the storage medium.
  • the processor may perform the foregoing steps S3, S4, and S5 according to the stored program code in the storage medium.
  • the embodiment of the invention further provides a computer readable storage medium storing computer executable instructions, which are implemented when the computer executable instructions are executed.
  • all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
  • the devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
  • the device/function module/functional unit in the above embodiment When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium.
  • the above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
  • the server receives the user identity information of the Internet of Things IOT device, and determines whether the time point of receiving the identity information of the user is within a valid duration, where the effective duration is that the IOT device completes access every time. After the authentication, the server sets the duration; if the judgment result is yes, the server sends the specified information for generating the session key of the IOT device to the IOT device. That is, in the embodiment of the present invention, after the IOT device completes the access authentication, the server sets the effective duration of the IOT device access authentication, and if the user identity information sent by the IOT device is received within the valid duration, only You need to generate a session key, and you do not need to perform IOT device access authentication.
  • the problem of waste of network resources caused by the authentication of the Internet of Things IoT device in each time when the Internet access IoT device transmits data is solved, thereby achieving the effect of saving network resources and further improving.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Un procédé de mise à jour de clé comprend les étapes suivantes : un serveur reçoit des informations d'identification d'utilisateur d'un dispositif de l'Internet des objets (IOT), et détermine si les informations d'identification d'utilisateur sont reçues pendant une durée valide, la durée valide étant une durée définie par le serveur chaque fois que le dispositif IOT exécute un processus d'authentification d'accès ; et si tel est le cas, le serveur transmet au dispositif IOT des informations désignées d'une clé de session.
PCT/CN2016/083676 2016-02-23 2016-05-27 Procédé de mise à jour de clé, dispositif, et système WO2017143685A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610101539.5 2016-02-23
CN201610101539.5A CN107104932A (zh) 2016-02-23 2016-02-23 密钥更新方法、装置及***

Publications (1)

Publication Number Publication Date
WO2017143685A1 true WO2017143685A1 (fr) 2017-08-31

Family

ID=59658460

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/083676 WO2017143685A1 (fr) 2016-02-23 2016-05-27 Procédé de mise à jour de clé, dispositif, et système

Country Status (2)

Country Link
CN (1) CN107104932A (fr)
WO (1) WO2017143685A1 (fr)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108449756B (zh) * 2018-06-29 2020-06-05 北京邮电大学 一种网络密钥更新的***、方法及装置
JP7185978B2 (ja) * 2018-07-03 2022-12-08 株式会社ソラコム 認証情報の設定を仲介するための装置及び方法
CN110519052B (zh) * 2019-08-23 2022-07-05 青岛海尔科技有限公司 基于物联网操作***的数据交互方法和装置
CN111988143B (zh) * 2020-08-28 2024-03-01 百度时代网络技术(北京)有限公司 密钥更新方法、装置、设备以及存储介质
CN112671532B (zh) * 2020-12-07 2023-03-28 华帝股份有限公司 一种通信密钥的生成方法及相关设备
CN112784250B (zh) * 2021-01-27 2024-04-23 深圳融安网络科技有限公司 身份认证方法、客户端、服务器及存储介质
CN112953923A (zh) * 2021-02-03 2021-06-11 广州技象科技有限公司 一种基于密钥更新的安全入网方法及装置
CN116415227A (zh) * 2021-12-31 2023-07-11 中兴通讯股份有限公司 密钥更新方法、服务器、客户端及存储介质
CN115767522B (zh) * 2023-01-09 2023-05-05 中国电子科技集团公司第三十研究所 通信安全一体化设计的物联网应用安全增强***和方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102547680A (zh) * 2010-12-17 2012-07-04 北京创毅视讯科技有限公司 一种物联网***及物联网***的安全管理方法
CN103686717A (zh) * 2013-12-23 2014-03-26 江苏物联网研究发展中心 一种物联网传感***的密钥管理方法
US20140192976A1 (en) * 2012-10-31 2014-07-10 Snu R&Db Foundation Method and system for id-based encryption and decryption
CN104853354A (zh) * 2015-05-18 2015-08-19 深圳门萨通信科技有限公司 一种蓝牙鉴权方法及其***
CN105117657A (zh) * 2015-07-22 2015-12-02 南京邮电大学 一种基于智慧服务的开放式授权接入的设计方法和***

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102420799B (zh) * 2010-09-27 2015-03-11 ***通信集团公司 一种用户认证方法、装置及***
CN103117983B (zh) * 2011-11-16 2015-11-04 ***通信集团公司 数据服务请求应答方法和数据服务协议栈的设计方法
CN103532713B (zh) * 2012-07-04 2018-03-23 ***通信集团公司 传感器认证和共享密钥产生方法和***以及传感器

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102547680A (zh) * 2010-12-17 2012-07-04 北京创毅视讯科技有限公司 一种物联网***及物联网***的安全管理方法
US20140192976A1 (en) * 2012-10-31 2014-07-10 Snu R&Db Foundation Method and system for id-based encryption and decryption
CN103686717A (zh) * 2013-12-23 2014-03-26 江苏物联网研究发展中心 一种物联网传感***的密钥管理方法
CN104853354A (zh) * 2015-05-18 2015-08-19 深圳门萨通信科技有限公司 一种蓝牙鉴权方法及其***
CN105117657A (zh) * 2015-07-22 2015-12-02 南京邮电大学 一种基于智慧服务的开放式授权接入的设计方法和***

Also Published As

Publication number Publication date
CN107104932A (zh) 2017-08-29

Similar Documents

Publication Publication Date Title
WO2017143685A1 (fr) Procédé de mise à jour de clé, dispositif, et système
KR101838872B1 (ko) 애플리케이션-특정적 네트워크 액세스 크리덴셜들을 이용한 무선 네트워크들에 대한 후원된 접속을 위한 장치 및 방법
US9843575B2 (en) Wireless network authentication method and wireless network authentication apparatus
CN108293223B (zh) 一种数据传输方法、用户设备和网络侧设备
US8375432B2 (en) Methods, apparatus, and computer program products for subscriber authentication and temporary code generation
US9331993B2 (en) Authentication server and communication device
KR102224368B1 (ko) D2D(device to device) 통신에서의 과금 정보 기록을 위한 방법 및 시스템
JP6504630B2 (ja) Gprsシステム鍵強化方法、sgsnデバイス、ue、hlr/hss、およびgprsシステム
EP3657835A1 (fr) Procédé d'accès d'équipement utilisateur et équipement utilisateur
KR102232121B1 (ko) 장치 대 장치 통신 시스템에서 보안키를 관리하는 방법 및 장치
WO2018201946A1 (fr) Procédé de génération de clé d'ancrage, dispositif et système
TW201644292A (zh) 用於使用特定於應用的網路存取身份碼來進行到無線網路的受贊助連接的設備和方法(二)
WO2021212928A1 (fr) Procédé et appareil d'accès d'autorisation à des données de chaîne de blocs, et dispositif
AU2020200523B2 (en) Methods and arrangements for authenticating a communication device
WO2018076740A1 (fr) Procédé de transmission de données et dispositif associé
JP6951445B2 (ja) 緊急番号設定方法、取得方法および装置
CN112514436A (zh) 发起器和响应器之间的安全的、被认证的通信
WO2018010480A1 (fr) Procédé de verrouillage de réseau pour une carte esim, terminal et serveur d'authentification de verrouillage de réseau
CN111065101A (zh) 基于区块链的5g通信信息加解密方法、设备及存储介质
WO2013185709A1 (fr) Procédé d'authentification d'appel, dispositif et système
WO2011124051A1 (fr) Procédé et système d'authentification de terminal
US10349278B2 (en) Method for accessing LTE network, electronic device, and computer storage medium
CN105828330B (zh) 一种接入方法及装置
CN109756451B (zh) 一种信息交互方法及装置
WO2018099407A1 (fr) Procédé et dispositif de connexion basée sur une authentification de compte

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16891139

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16891139

Country of ref document: EP

Kind code of ref document: A1