WO2018126783A1 - Key transmission method, device, and computer storage medium - Google Patents

Key transmission method, device, and computer storage medium Download PDF

Info

Publication number
WO2018126783A1
WO2018126783A1 PCT/CN2017/109806 CN2017109806W WO2018126783A1 WO 2018126783 A1 WO2018126783 A1 WO 2018126783A1 CN 2017109806 W CN2017109806 W CN 2017109806W WO 2018126783 A1 WO2018126783 A1 WO 2018126783A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
base station
station system
pubk
network element
Prior art date
Application number
PCT/CN2017/109806
Other languages
French (fr)
Chinese (zh)
Inventor
谢振华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018126783A1 publication Critical patent/WO2018126783A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Definitions

  • the present invention relates to the field of communications, and in particular, to a key transmission method and apparatus for a mobile network, and a computer storage medium.
  • the 3rd Generation Partnership Project (3GPP) proposes a mobile network location area update scheme.
  • the terminal UE previously passes the next generation base station system 2 (such as the next generation base station node gNB, or enhanced).
  • the evolved base station node evolved eNB, etc.) performs some service, so that the authentication vector is cached in the next generation base station system 2.
  • the process of the location area update scheme includes the following steps:
  • Step 101 The terminal UE sends a location area update to the next generation base station system 1 at the current location, for example, sending a Tracking Area Update message;
  • Step 102 The next generation base station system 1 sends a combined location area update and access network authentication data request, such as sending, to a core network element (such as a mobility management function MMF, or a security anchor function SEAF, or a mobility management entity MME, etc.).
  • a core network element such as a mobility management function MMF, or a security anchor function SEAF, or a mobility management entity MME, etc.
  • the combined Tracking Area Update and AS Authentication Data Request messages carry the public key PubK of the next generation base station system 1;
  • Step 103 The core network element sends an access network authentication data request to the next-generation base station system 2, for example, sending an AS Authentication Data Request message, carrying the received PubK;
  • Step 104 The next generation base station system 2 caches the user's authentication vector, and the authentication vector is composed of four parts: a random number RAND, a network authentication parameter AUTN, an expected response XRES, and a key Knp; the next generation base station system 2 generates an encryption key.
  • Ks Key Ks, and use it to encrypt Knp in the authentication vector to prevent Knp from being leaked out during transmission, and then use PubK to encrypt Ks to get E PubK (Ks) for the receiver to decrypt the key in the authentication vector and prevent Ks
  • the authentication vector is leaked out during the transmission;
  • the modified authentication vector is the authentication vector 1, and the next-generation base station system 2 sends an access network authentication data response to the core network element, such as sending an AS Authentication Data Response message carrying the authentication vectors 1 and E. PubK (Ks);
  • Step 105 The core network element sends a combined user authentication request and an access network authentication data response to the next generation base station system 1, for example, sending a combined User Authentication Request and an AS Authentication Data Response message, carrying the authentication vector 1, the authentication parameter 2, and E PubK (Ks), where the authentication parameter 2 comes from part of the information in the authentication vector used by the core network, such as RAND and AUTN;
  • Step 106 The next-generation base station system 1 decrypts E PubK (Ks) using its own private key corresponding to the public key PubK, obtains Ks, and decrypts the Ks-encrypted key in the received authentication vector 1 using Ks to obtain Knp. ;
  • Step 107 The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
  • Step 108 The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and
  • the first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
  • Step 109 The next generation base station system 1 uses RES1 and the authentication vector used by the access network.
  • the XRES is compared to verify the terminal, and the authentication is sent to the core network element to send a user authentication response, such as sending a User Authentication Response message, carrying the authentication information 2, that is, RES2;
  • Step 110 The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message.
  • the core network element can modify any field content in the signaling information, so that the information received by the receiver is not actually sent by the sender.
  • the information if it changes PubK to its own public key, the next-generation base station system 2 will use the modified public key to encrypt Ks.
  • the core network element After receiving the authentication data response, the core network element can decrypt the Ks using its own private key.
  • Ks can be used to decrypt the keys in the authentication vector, causing these keys to be compromised, thereby affecting security.
  • This type of attack is a man-in-the-middle attack.
  • all the steps in the corresponding process are serial, resulting in low signaling efficiency and affecting service response time.
  • an embodiment of the present invention provides a key transmission method and apparatus, and a computer storage medium.
  • the embodiment of the invention provides a key transmission method, and the method includes:
  • the core network element receives the public key PubK from the second base station system
  • the core network element receives the second content information IE2 from the first base station system, and forwards the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
  • the method further includes:
  • a first check code MAC from the first base station system
  • the second base station system forwards the MAC, and the MAC is generated by the first base station system by using the ciphertext key and the PubK.
  • the embodiment of the invention further provides a key transmission method, the method comprising:
  • the first base station system receives the ciphertext key, the first content information IE1, and the public key PubK sent by the core network element, and the IE1 is generated based on the encrypted key in the ciphertext key;
  • the first base station system sends the IE2 to the core network element, and the IE2 is generated based on the IE1.
  • the method for generating the IE2 includes:
  • the F1 is encrypted using the PubK to obtain the IE2.
  • the method further includes:
  • the first base station system sends a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  • the method for generating the MAC includes:
  • the signature of the PubK is calculated using the Ks to obtain the MAC.
  • the embodiment of the invention further provides a key transmission method, the method comprising:
  • the second base station system sends the public key PubK to the core network element
  • the second base station system receives the second content information IE2 sent by the core network element, and the IE2 is used to generate a key with the private key of the second base station system.
  • the method further includes:
  • the second base station system receives a first check code MAC sent by the core network element, and the MAC is used for verification.
  • the verification includes:
  • the verification includes:
  • the embodiment of the present invention further provides a key transmission apparatus, which is applied to a core network element, where the apparatus includes: a receiving unit and a sending unit;
  • the receiving unit is configured to receive a public key PubK from the second base station system
  • the sending unit is configured to send a ciphertext key, a first content information IE1, and the PubK to the first base station system, where the IE1 is generated based on the encrypted key in the ciphertext key;
  • the receiving unit is further configured to receive second content information IE2 from the first base station system;
  • the sending unit is further configured to forward the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
  • the receiving unit is further configured to receive a first check code MAC from the first base station system
  • the sending unit is further configured to forward the MAC to the second base station system, where the MAC is generated by the first base station system by using the ciphertext key and the PubK.
  • the embodiment of the present invention further provides a key transmission apparatus, which is applied to a first base station system, where the apparatus includes: a receiving unit and a sending unit;
  • the receiving unit is configured to receive a ciphertext key, a first content information IE1, and a public key PubK sent by the core network element, where the IE1 is generated based on the encrypted key in the ciphertext key;
  • the sending unit is configured to send the IE2 to the core network element, where the IE2 is based on The IE1 is generated.
  • the apparatus further includes: a processing unit configured to decrypt the IE1 by using a private key of the first base station system to obtain F1; and encrypt the F1 by using the PubK to obtain the IE2.
  • the sending unit is further configured to send a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  • the device further includes:
  • a processing unit configured to decrypt the ciphertext key using the private key of the first base station system to obtain Ks; use the Ks to encrypt the PubK to obtain the MAC; or use the Ks to calculate a signature of the PubK Get the MAC.
  • the embodiment of the present invention further provides a key transmission apparatus, which is applied to a second base station system, where the apparatus includes: a sending unit and a receiving unit;
  • the sending unit is configured to send a public key PubK to a core network element
  • the receiving unit is configured to receive the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with a private key of the second base station system.
  • the receiving unit is further configured to receive a first check code MAC sent by the core network element, where the MAC is used for verification.
  • the device further includes:
  • a verification unit configured to encrypt the PubK using the key, or calculate a signature of the PubK using the key to obtain a second check code XMAC; compare the MAC with the XMAC.
  • the device further includes:
  • a verification unit configured to decrypt the MAC using the key to obtain a desired public key; compare the PubK with the expected public key.
  • the embodiment of the invention further provides a computer storage medium, the computer storage medium is stored There is a computer program configured to perform the above key transfer method.
  • the core network element receives the public key PubK from the second base station system; the core network element sends the ciphertext key, the first content information IE1, and the PubK to the first base station system.
  • the IE1 is generated based on the encrypted key in the ciphertext key; the core network element receives the second content information IE2 from the first base station system, and forwards the location to the second base station system IE2, the IE2 is generated by the first base station system by using the IE1.
  • the first base station system receives the ciphertext key, the first content information IE1, and the public key PubK sent by the core network element, and the IE1 is generated based on the encrypted key in the ciphertext key; the first base station system Sending the IE2 to the core network element, and the IE2 is generated based on the IE1.
  • the second base station system sends a public key PubK to the core network element; the second base station system receives the second content information IE2 sent by the core network element, and the IE2 is used for the private key of the second base station system. Generate a key.
  • the signaling process is adjusted, and the signaling transmission efficiency is improved; and another aspect can identify whether a man-in-the-middle attack occurs, thereby making a corresponding decision, such as when a man-in-the-middle attack occurs.
  • the network notifies the terminal that a man-in-the-middle attack occurs, and the terminal decides whether to continue, or whether the network decides whether to continue according to the security level, thereby ensuring the security of the network.
  • FIG. 1 is a schematic flow chart of a key transmission method in the prior art
  • FIG. 2 is a schematic flowchart 1 of a key transmission method according to an embodiment of the present invention.
  • FIG. 3 is a second schematic flowchart of a key transmission method according to an embodiment of the present invention.
  • FIG. 4 is a schematic flowchart 3 of a key transmission method according to an embodiment of the present invention.
  • FIG. 5 is a schematic flowchart 4 of a key transmission method according to an embodiment of the present invention.
  • FIG. 6 is a schematic flowchart 5 of a key transmission method according to an embodiment of the present invention.
  • FIG. 7 is a first schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • FIG. 8 is a second schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • FIG. 9 is a third schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • the technical solution of the embodiment of the present invention includes two aspects, one is to adjust the signaling flow, and improve the transmission efficiency of the signaling; the other is to identify whether a man-in-the-middle attack occurs, and accordingly, a corresponding decision is made, for example, a man-in-the-middle attack occurs.
  • the network notifies the terminal that a man-in-the-middle attack has occurred, and the terminal decides whether to continue, or the network decides whether to continue according to the security level.
  • FIG. 2 is a schematic flowchart 1 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 2, the process includes:
  • Step 201 The core network element receives the public key PubK from the second base station system.
  • Step 202 The core network element sends a ciphertext key, a first content information IE1, and the PubK to the first base station system, and the IE1 is generated based on the encrypted key in the ciphertext key.
  • Step 203 The core network element receives the second content information IE2 from the first base station system, and forwards the IE2 to the second base station system, where the IE2 uses the IE1 is generated.
  • the method further includes:
  • FIG. 3 is a schematic flowchart 2 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 3, the process includes:
  • Step 301 The first base station system receives the ciphertext key and the first content message sent by the core network element.
  • the IE1 and the public key PubK, the IE1 is generated based on the encrypted key in the ciphertext key.
  • Step 302 The first base station system sends the IE2 to the core network element, and the IE2 is generated based on the IE1.
  • the method for generating the IE2 includes:
  • the F1 is encrypted using the PubK to obtain the IE2.
  • the method further includes:
  • the first base station system sends a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  • the method for generating the MAC includes:
  • the signature of the PubK is calculated using the Ks to obtain the MAC.
  • FIG. 4 is a schematic flowchart 3 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 4, the process includes:
  • Step 401 The second base station system sends the public key PubK to the core network element.
  • Step 402 The second base station system receives the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with the private key of the second base station system.
  • the method further includes:
  • the second base station system receives a first check code MAC sent by the core network element, and the MAC is used for verification.
  • the verifying includes:
  • the verifying comprises:
  • FIG. 5 is a schematic flowchart diagram 4 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 5, the process includes:
  • Step 501 When the terminal UE performs the service through the next-generation base station system 2, the authentication vector-issued network element sends the authentication vector to the next-generation base station system 2 through the core network element, where Knp is encrypted and the encryption key is Ks. Calculate F1(Ks), and use the public key PubK of the next-generation base station system 2 to encrypt F1(Ks) to obtain E PubK (F1(Ks)), in order to avoid leakage of Ks during transmission, which ultimately leads to Knp. Leak, the authentication vector can also include E PubK (Ks), the core network element caches the authentication vector and E PubK (F1(Ks)) in this process, and can also cache E PubK (Ks);
  • the method for generating the F1 (Ks) in the above steps may be that the system sends the network element configuration sharing information to all the next-generation base station systems and the authentication vector in advance, and the authentication vector sends the network element to generate the key encryption Ks using the shared information to obtain F1 ( Ks), so that the next-generation base station system can decrypt F1 (Ks); or the authentication vector-issued network element can use its own private key to encrypt Ks, and only the next-generation base station system can obtain the public key of the authentication vector-issued network element, thereby The public key can be used to decrypt F1(Ks);
  • Step 502 the next-generation base station system 2 encrypts the Ks with the public key PubK of the next-generation base station system 2 to obtain E PubK (Ks) at a certain time during the service execution, and then sends the E PubK (Ks) to the core network element.
  • the network access key is updated, for example, the AS Key Update message is sent, the E PubK (Ks) is carried, and the core network element cache is E PubK (Ks).
  • the next generation base station system 2 No more information related to the user is cached;
  • Step 503 The terminal UE sends a location area update to the next generation base station system 1 at the current location. For example, sending a Tracking Area Update message, or sending a service request, such as sending a Service Request message;
  • Step 504 The next generation base station system 1 sends the merged location area update and the access network authentication data request to the core network element, for example, sending the combined Tracking Area Update and AS Authentication Data Request messages, or sending the merged service request and access.
  • the network authentication data request for example, sending the combined Service Request and AS Authentication Data Request messages, carrying the public key PubK-B of the next generation base station system 1;
  • Step 505 The core network element sends a combined user authentication request and an access network authentication data response to the next generation base station system 1, for example, sending a combined User Authentication Request and an AS Authentication Data Response message, carrying the authentication vector 1 and the authentication parameter 2,
  • the authentication parameter 2 is derived from part of the information in the authentication vector used by the core network, such as RAND and AUTN;
  • Step 506 The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
  • Step 507 The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and
  • the first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
  • steps 508-511 occur after step 504, and the execution is not related to steps 505-507 and steps 512-513:
  • Step 508 The core network element sends an access network key request to the next generation base station system 2, for example, sends an AS Key Request message, carries the cached E PubK (Ks), E PubK (F1 (Ks)), and the received PubK. -B;
  • Step 509 The next generation base station system 2 decrypts Ks and F1 (Ks) with the private key corresponding to PubK, Optionally, calculate the check code MAC by using Ks and PubK-B, for example, encrypting PubK-B with Ks, or calculating the signature of PubK-B with Ks; and also obtaining F2 (Ks) by using PubK-B to encrypt F1 (Ks), And then sending an access network key response to the core network element, for example, sending an AS Key Response message, carrying F2 (Ks), and carrying the MAC;
  • Step 510 The core network element sends an access network key update to the next-generation base station system 1, for example, sending an AS Key Update message, carrying the received F2 (Ks), and carrying the received MAC;
  • Step 511 The next-generation base station system 1 decrypts F2 (Ks) with the private key corresponding to PubK-B to obtain F1 (Ks), and then calculates Ks from F1 (Ks). If MAC is received, Ks and PubK are used.
  • -B calculates the expected check code XMAC, such as encrypting PubK-B with Ks, or calculating the signature of PubK-B with Ks, then comparing the XMAC with the received MAC, or decrypting the MAC with Ks to get the expected public key, and compare PubK -B and the expected public key; if the comparison is the same, it can be identified that no man-in-the-middle attacks have occurred, otherwise a man-in-the-middle attack can be identified;
  • Step 512 After receiving the message of step 407, the next-generation base station system 1 uses RES1 to compare with the XRES in the authentication vector used by the access network to verify the terminal, and sends a user authentication response to the core network element, for example, sending the user.
  • Authentication Response message carrying the authentication information 2, that is, RES2;
  • Step 513 The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message, or send service establishment, such as sending an Initial UE Context message;
  • Step 514 The next generation base station system 1 forwards the location area update accept to the terminal UE, or sends a bearer setup, such as sending an RRC Connection Reconfiguration message.
  • FIG. 6 is a schematic flowchart 5 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 6, the process includes:
  • Step 601 When the terminal UE performs the service through the next-generation base station system 2, the authentication vector-issued network element sends the authentication vector to the next-generation base station system 2 through the core network element, where Knp is replaced by E PubK (F1(Knp) ), that is, using the public key PubK encryption F1 (Knp) of the next-generation base station system 2, in order to avoid leakage of Knp during transmission, thereby eventually causing Knp leakage, and the authentication vector may also include E PubK (Knp)
  • the core network element caches the authentication vector and E PubK (F1(Knp)) in this process, and can also cache E PubK (Knp);
  • the F1 (Knp) generation method in the above steps may be that the system sends the network element configuration sharing information to all the next-generation base station systems and the authentication vector in advance, and the authentication vector is sent by the network element to generate the key encryption Knp using the shared information to obtain F1 ( Knp), so that the next-generation base station system can decrypt F1 (Knp); or the authentication vector-issued network element can use its own private key to encrypt Knp, and only the next-generation base station system can obtain the public key of the authentication vector-issued network element, thereby The public key can be used to decrypt F1(Knp);
  • Step 602 the next-generation base station system 2 encrypts the Knp with the public key PubK of the next-generation base station system 2 to obtain E PubK (Knp) at a certain time during the execution of the service, and then sends the connection to the core network element.
  • Incoming network key update such as sending an AS Key Update message, carrying E PubK (Knp), core network element cache E PubK (Knp), when the terminal UE is no longer connected to the next generation base station system 2, the next generation base station system 2 No more information related to the user is cached;
  • Step 603 The terminal UE sends a location area update to the next-generation base station system 1 at the current location, for example, sending a Tracking Area Update message, or sending a service request, such as sending a Service Request message;
  • Step 604 The next generation base station system 1 sends the merged location area update and the access network authentication data request to the core network element, for example, sending the combined Tracking Area Update and AS Authentication Data Request messages, or sending the merged service request and access.
  • the network authentication data request for example, sending the combined Service Request and AS Authentication Data Request messages, carrying the public key PubK-B of the next generation base station system 1;
  • Step 605 The core network element sends a combined user authentication request to the next generation base station system 1 and
  • the access network authentication data response such as sending the combined User Authentication Request and AS Authentication Data Response messages, carries the authentication vector 1 and the authentication parameter 2, wherein the authentication parameter 2 comes from part of the information in the authentication vector used by the core network, such as RAND and AUTN. ;
  • Step 606 The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
  • Step 607 The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and
  • the first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
  • steps 608-611 occur after step 604, and the execution is not related to steps 605-607 and steps 612-613:
  • Step 608 The core network element sends an access network key request to the next generation base station system 2, for example, sends an AS Key Request message, carries the cached E PubK (Knp), E PubK (F1 (Knp)), and the received PubK. -B;
  • Step 609 The next-generation base station system 2 decrypts Knp and F1 (Knp) by using the private key corresponding to PubK.
  • the check code MAC is calculated by using Knp and PubK-B, for example, encrypting PubK-B with Knp, or using Knp calculates the signature of PubK-B; also uses Fub (Knp) to obtain F2 (Knp) with PubK-B, and then sends an access network key response to the core network element, such as sending an AS Key Response message carrying F2 (Knp) , can also carry MAC;
  • Step 610 The core network element sends an access network key update to the next-generation base station system 1, for example, sending an AS Key Update message, carrying the received F2 (Knp), and carrying the received MAC;
  • Step 611 The next-generation base station system 1 decrypts F2 (Knp) with the private key corresponding to PubK-B to obtain F1 (Knp), and then calculates Knp from F1 (Knp). If MAC is received, Knp and Knp are used.
  • PubK-B calculates the expected check code XMAC, such as encrypting PubK-B with Knp, or calculating the signature of PubK-B with Knp, then comparing the XMAC with the received MAC, or decrypting the MAC with Knp to get the expected public key, and compare PubK-B and the expected public key; if they are the same, it can be identified that no man-in-the-middle attacks have occurred, otherwise a man-in-the-middle attack can be identified;
  • Step 612 After receiving the message of step 607, the next-generation base station system 1 uses RES1 to compare with the XRES in the authentication vector used by the access network to verify the terminal, and sends a user authentication response to the core network element, for example, sending the user.
  • Authentication Response message carrying the authentication information 2, that is, RES2;
  • Step 613 The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message, or send service establishment, such as sending an Initial UE Context message;
  • Step 614 The next generation base station system 1 forwards the location area update accept to the terminal UE, or sends a bearer setup, such as sending an RRC Connection Reconfiguration message.
  • FIG. 7 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • the key transmission apparatus in this example is applied to a core network element.
  • the apparatus includes: a receiving unit 71, and a sending unit. 72; among them,
  • the receiving unit 71 is configured to receive a public key PubK from the second base station system
  • the sending unit 72 is configured to send, to the first base station system, a ciphertext key, a first content information IE1, and the PubK, where the IE1 is generated based on the encrypted key in the ciphertext key;
  • the receiving unit 71 is further configured to receive second content information IE2 from the first base station system;
  • the sending unit 72 is further configured to forward the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
  • the receiving unit 71 is further configured to receive the first base station.
  • the sending unit 72 is further configured to forward the MAC to the second base station system, where the MAC is generated by the first base station system by using the ciphertext key and the PubK.
  • the implementation functions of the units in the key transmission apparatus shown in FIG. 7 can be understood by referring to the related description of the foregoing key transmission method.
  • the functions of the units in the key transmission apparatus shown in FIG. 7 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
  • each unit in the key transmission device may be implemented by a central processing unit (CPU) located in the key transmission device, or a microprocessor (MPU, Micro Processor Unit). ), or a digital signal processor (DSP, Digital Signal Processor), or Field Programmable Gate Array (FPGA).
  • CPU central processing unit
  • MPU Micro Processor Unit
  • DSP Digital Signal Processor
  • FPGA Field Programmable Gate Array
  • FIG. 8 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • the key transmission apparatus in this example is applied to a first base station system.
  • the apparatus includes: a receiving unit 81, and a sending unit. 82; among them,
  • the receiving unit 81 is configured to receive a ciphertext key, a first content information IE1, and a public key PubK sent by the core network element, where the IE1 is generated based on the encrypted key in the ciphertext key;
  • the sending unit 82 is configured to send the IE2 to the core network element, and the IE2 is generated based on the IE1.
  • the device further includes: a processing unit 83, configured to decrypt the IE1 by using a private key of the first base station system to obtain F1; and use the PubK to encrypt the F1 to obtain the IE2.
  • a processing unit 83 configured to decrypt the IE1 by using a private key of the first base station system to obtain F1; and use the PubK to encrypt the F1 to obtain the IE2.
  • the sending unit 82 is further configured to send a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  • the device further includes:
  • the processing unit 83 is configured to decrypt the ciphertext key using the private key of the first base station system to obtain Ks; use the Ks to encrypt the PubK to obtain the MAC; or use the Ks to calculate the PubK The signature gets the MAC.
  • the implementation functions of the units in the key transmission apparatus shown in FIG. 8 can be understood by referring to the related description of the foregoing key transmission method.
  • the functions of the units in the key transmission device shown in FIG. 8 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
  • the functions implemented by the various units in the key transmission device can be implemented by a CPU, an MPU, or a DSP, or an FPGA or the like located in the key transmission device.
  • FIG. 9 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
  • the key transmission apparatus in this example is applied to a second base station system.
  • the apparatus includes: a sending unit 91 and a receiving unit. 92; among them,
  • the sending unit 91 is configured to send a public key PubK to a core network element
  • the receiving unit 92 is configured to receive the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with a private key of the second base station system.
  • the receiving unit 92 is further configured to receive a first check code MAC sent by the core network element, where the MAC is used for verification.
  • the device further includes:
  • the verification unit 93 is configured to encrypt the PubK by using the key, or calculate the signature of the PubK using the key to obtain a second check code XMAC; compare the MAC with the XMAC.
  • the device further includes:
  • the verification unit 93 is configured to decrypt the MAC using the key to obtain a desired public key; compare the PubK with the expected public key.
  • each unit in the key transmission device shown in FIG. 9 The function can be understood by referring to the related description of the aforementioned key transmission method.
  • the functions of the units in the key transmission device shown in FIG. 9 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
  • the functions implemented by the various units in the key transmission device can be implemented by a CPU, an MPU, or a DSP, or an FPGA or the like located in the key transmission device.
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. Instructions are provided for implementation The steps of a function specified in a block or blocks of a flow or a flow and/or a block diagram of a flow chart.
  • an embodiment of the present invention further provides a computer storage medium, wherein a computer program is configured, and the computer program is configured to execute a key transmission method according to an embodiment of the present invention.
  • the signaling process is adjusted to improve the transmission efficiency of signaling; and another aspect can identify whether a man-in-the-middle attack occurs, thereby making a corresponding decision, such as when a man-in-the-middle attack occurs.
  • the network notifies the terminal that a man-in-the-middle attack occurs, and the terminal decides whether to continue, or whether the network decides whether to continue according to the security level, thereby ensuring the security of the network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a key transmission method, device, and computer storage medium. The method comprises: a core network element receiving a public key (PubK) from a second base station system; the core network element transmitting a cipher key, first content information (IE1), and the PubK to a first base station system, the IE1 being generated based on an encrypted key in the cipher key; and the core network element receiving second content information (IE2) from the first base station system, and forwarding the IE2 to the second base station system, the IE2 being generated by the first base station system using the IE1. The method further comprises: the first base station system receiving the cipher key, the IE1, and the PUbK transmitted by the core network element, the IE1 being generated based on the encrypted key in the cipher key; and the first base station system transmitting the IE2 to the core network element, the IE2 being generated based on the IE1. The method further comprises: the second base station system transmitting the PubK to the core network element; and the second base station system receiving the IE2 transmitted by the core network element, the IE2 being configured to generate a key with a private key of the second base station system.

Description

一种密钥传输方法及装置、计算机存储介质Key transmission method and device, computer storage medium
相关申请的交叉引用Cross-reference to related applications
本申请基于申请号为201710003062.1、申请日为2017年01月03日的中国专利申请提出,并要求该中国专利申请的优先权,该中国专利申请的全部内容在此引入本申请作为参考。The present application is filed on the basis of the Chinese Patent Application No. PCT Application No. PCT Application Serial No.
技术领域Technical field
本发明涉及通信领域,尤其涉及一种移动网络的密钥传输方法及装置、计算机存储介质。The present invention relates to the field of communications, and in particular, to a key transmission method and apparatus for a mobile network, and a computer storage medium.
背景技术Background technique
第三代合作伙伴计划(3GPP,3rd Generation Partnership Project)提出了一种移动网络位置区更新方案,如图1所示,终端UE之前通过下一代基站***2(比如下一代基站节点gNB,或增强的演进基站节点evolved eNB等)执行过某种业务,从而在下一代基站***2中缓存了认证向量,位置区更新方案的流程包括如下步骤:The 3rd Generation Partnership Project (3GPP) proposes a mobile network location area update scheme. As shown in FIG. 1, the terminal UE previously passes the next generation base station system 2 (such as the next generation base station node gNB, or enhanced). The evolved base station node evolved eNB, etc.) performs some service, so that the authentication vector is cached in the next generation base station system 2. The process of the location area update scheme includes the following steps:
步骤101:终端UE在当前位置向下一代基站***1发送位置区更新,比如发送Tracking Area Update消息;Step 101: The terminal UE sends a location area update to the next generation base station system 1 at the current location, for example, sending a Tracking Area Update message;
步骤102:下一代基站***1向核心网网元(比如移动管理功能MMF,或安全锚点功能SEAF,或移动管理实体MME等)发送合并的位置区更新和接入网认证数据请求,比如发送合并的Tracking Area Update和AS Authentication Data Request消息,携带下一代基站***1的公钥PubK;Step 102: The next generation base station system 1 sends a combined location area update and access network authentication data request, such as sending, to a core network element (such as a mobility management function MMF, or a security anchor function SEAF, or a mobility management entity MME, etc.). The combined Tracking Area Update and AS Authentication Data Request messages carry the public key PubK of the next generation base station system 1;
步骤103:核心网网元向下一代基站***2发送接入网认证数据请求,比如发送AS Authentication Data Request消息,携带收到的PubK; Step 103: The core network element sends an access network authentication data request to the next-generation base station system 2, for example, sending an AS Authentication Data Request message, carrying the received PubK;
步骤104:下一代基站***2缓存有用户的认证向量,认证向量由如下4部分组成:随机数RAND,网络认证参数AUTN,期望响应XRES,以及密钥Knp;下一代基站***2生成一个加密密钥Ks,并用其加密认证向量中的Knp以防止Knp在传输过程中被泄漏出去,然后再用PubK加密Ks得到EPubK(Ks),用于接收方解密认证向量中的密钥,并防止Ks在传输过程中被泄漏出去;修改后的认证向量为认证向量1,下一代基站***2向核心网网元发送接入网认证数据响应,比如发送AS Authentication Data Response消息,携带认证向量1和EPubK(Ks);Step 104: The next generation base station system 2 caches the user's authentication vector, and the authentication vector is composed of four parts: a random number RAND, a network authentication parameter AUTN, an expected response XRES, and a key Knp; the next generation base station system 2 generates an encryption key. Key Ks, and use it to encrypt Knp in the authentication vector to prevent Knp from being leaked out during transmission, and then use PubK to encrypt Ks to get E PubK (Ks) for the receiver to decrypt the key in the authentication vector and prevent Ks The authentication vector is leaked out during the transmission; the modified authentication vector is the authentication vector 1, and the next-generation base station system 2 sends an access network authentication data response to the core network element, such as sending an AS Authentication Data Response message carrying the authentication vectors 1 and E. PubK (Ks);
步骤105:核心网网元向下一代基站***1发送合并的用户认证请求和接入网认证数据响应,比如发送合并的User Authentication Request和AS Authentication Data Response消息,携带认证向量1、认证参数2以及EPubK(Ks),其中认证参数2来自核心网使用的认证向量中的部分信息,比如RAND和AUTN;Step 105: The core network element sends a combined user authentication request and an access network authentication data response to the next generation base station system 1, for example, sending a combined User Authentication Request and an AS Authentication Data Response message, carrying the authentication vector 1, the authentication parameter 2, and E PubK (Ks), where the authentication parameter 2 comes from part of the information in the authentication vector used by the core network, such as RAND and AUTN;
步骤106:下一代基站***1使用自己的相应于公钥PubK的私钥解密EPubK(Ks),获得Ks,并使用Ks解密收到的认证向量1中的被Ks加密过的密钥得到Knp;Step 106: The next-generation base station system 1 decrypts E PubK (Ks) using its own private key corresponding to the public key PubK, obtains Ks, and decrypts the Ks-encrypted key in the received authentication vector 1 using Ks to obtain Knp. ;
步骤107:下一代基站***1向终端UE发送用户认证请求,比如发送User Authentication Request消息,携带认证参数1和认证参数2,其中认证参数1来自接入网使用的认证向量中的部分信息,比如RAND和AUTN;Step 107: The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
步骤108:终端UE基于认证参数1或认证参数2中的AUTN验证网络;终端UE基于认证参数1中的RAND计算出响应值RES1,基于认证参数2中的RAND计算出响应值RES2,并向下一代基站***1发送用户认证响应,比如发送User Authentication Response消息,携带认证信息1,即RES1,携带认证信息2,即RES2;Step 108: The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and The first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
步骤109:下一代基站***1使用RES1与接入网使用的认证向量中的 XRES比较以验证终端,验证通过则向核心网网元发送用户认证响应,比如发送User Authentication Response消息,携带认证信息2,即RES2;Step 109: The next generation base station system 1 uses RES1 and the authentication vector used by the access network. The XRES is compared to verify the terminal, and the authentication is sent to the core network element to send a user authentication response, such as sending a User Authentication Response message, carrying the authentication information 2, that is, RES2;
步骤110:核心网网元使用RES2与核心网使用的认证向量中的XRES比较以验证终端,验证通过后,核心网网元通过下一代基站***1向终端UE发送位置区更新接受,比如发送Tracking Area Update Accept消息。Step 110: The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message.
相关技术中,如果核心网网元被黑客攻破可以窃取传递的信令信息,则核心网网元可以修改信令信息中的任何字段内容,导致接收方收到的信息实际上并不是发送方发送的信息,如果其将PubK改为自己的公钥,下一代基站***2会使用修改的公钥加密Ks,该核心网网元收到认证数据响应后,可以使用自己的私钥解密出Ks,从而可以使用Ks解密认证向量中的密钥,导致这些密钥被泄漏,从而影响安全性,这种攻击方式属于中间人(man-in-the-middle)攻击。另外,相应流程中,所有步骤都是串行的,导致信令的效率不高,影响业务响应时间。In the related art, if the core network element is hacked to steal the signaling information, the core network element can modify any field content in the signaling information, so that the information received by the receiver is not actually sent by the sender. The information, if it changes PubK to its own public key, the next-generation base station system 2 will use the modified public key to encrypt Ks. After receiving the authentication data response, the core network element can decrypt the Ks using its own private key. Thus, Ks can be used to decrypt the keys in the authentication vector, causing these keys to be compromised, thereby affecting security. This type of attack is a man-in-the-middle attack. In addition, all the steps in the corresponding process are serial, resulting in low signaling efficiency and affecting service response time.
发明内容Summary of the invention
为解决上述技术问题,本发明实施例提供了一种密钥传输方法及装置、计算机存储介质。To solve the above technical problem, an embodiment of the present invention provides a key transmission method and apparatus, and a computer storage medium.
本发明实施例提供了一种密钥传输方法,所述方法包括:The embodiment of the invention provides a key transmission method, and the method includes:
核心网网元接收来自第二基站***的公钥PubK;The core network element receives the public key PubK from the second base station system;
所述核心网网元向第一基站***发送密文密钥、第一内容信息IE1以及所述PubK,所述IE1基于所述密文密钥中的被加密密钥生成;Transmitting, by the core network element, the ciphertext key, the first content information IE1, and the PubK to the first base station system, where the IE1 is generated based on the encrypted key in the ciphertext key;
所述核心网网元接收来自所述第一基站***的第二内容信息IE2,并向所述第二基站***转发所述IE2,所述IE2为所述第一基站***利用所述IE1生成。The core network element receives the second content information IE2 from the first base station system, and forwards the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
上述方案中,所述方法还包括:In the above solution, the method further includes:
所述核心网网元接收来自所述第一基站***的第一校验码MAC,并向 所述第二基站***转发所述MAC,所述MAC为所述第一基站***利用所述密文密钥以及所述PubK生成。Receiving, by the core network element, a first check code MAC from the first base station system, and The second base station system forwards the MAC, and the MAC is generated by the first base station system by using the ciphertext key and the PubK.
本发明实施例又提供了一种密钥传输方法,所述方法包括:The embodiment of the invention further provides a key transmission method, the method comprising:
第一基站***接收核心网网元发送的密文密钥、第一内容信息IE1以及公钥PubK,所述IE1基于所述密文密钥中的被加密密钥生成;The first base station system receives the ciphertext key, the first content information IE1, and the public key PubK sent by the core network element, and the IE1 is generated based on the encrypted key in the ciphertext key;
所述第一基站***向所述核心网网元发送所述IE2,所述IE2基于所述IE1生成。The first base station system sends the IE2 to the core network element, and the IE2 is generated based on the IE1.
上述方案中,所述IE2的生成方法,包括:In the foregoing solution, the method for generating the IE2 includes:
使用所述第一基站***的私钥解密所述IE1,得到F1;Decrypting the IE1 using the private key of the first base station system to obtain F1;
使用所述PubK加密所述F1,得到所述IE2。The F1 is encrypted using the PubK to obtain the IE2.
上述方案中,所述方法还包括:In the above solution, the method further includes:
所述第一基站***向所述核心网网元发送第一校验码MAC,所述MAC为使用所述密文密钥以及所述PubK生成。The first base station system sends a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
上述方案中,所述MAC的生成方法,包括:In the above solution, the method for generating the MAC includes:
使用所述第一基站***的私钥解密所述密文密钥得到Ks;Decrypting the ciphertext key using the private key of the first base station system to obtain Ks;
使用所述Ks加密所述PubK得到所述MAC;或者,Encrypting the PubK using the Ks to obtain the MAC; or,
使用所述Ks计算所述PubK的签名得到所述MAC。The signature of the PubK is calculated using the Ks to obtain the MAC.
本发明实施例又提供了一种密钥传输方法,所述方法包括:The embodiment of the invention further provides a key transmission method, the method comprising:
第二基站***向核心网网元发送公钥PubK;The second base station system sends the public key PubK to the core network element;
所述第二基站***接收所述核心网网元发送的第二内容信息IE2,所述IE2用于与所述第二基站***的私钥生成密钥。The second base station system receives the second content information IE2 sent by the core network element, and the IE2 is used to generate a key with the private key of the second base station system.
上述方案中,所述方法还包括:In the above solution, the method further includes:
所述第二基站***接收所述核心网网元发送的第一校验码MAC,所述MAC用于校验。The second base station system receives a first check code MAC sent by the core network element, and the MAC is used for verification.
上述方案中,所述校验包括: In the above solution, the verification includes:
使用所述密钥加密所述PubK,或者,使用所述密钥计算所述PubK的签名,得到第二校验码XMAC;Encrypting the PubK by using the key, or calculating the signature of the PubK by using the key, to obtain a second check code XMAC;
比较所述MAC与所述XMAC。Comparing the MAC with the XMAC.
上述方案中,所述校验包括:In the above solution, the verification includes:
使用所述密钥解密所述MAC,得到期望公钥;Decrypting the MAC using the key to obtain a desired public key;
比较所述PubK与所述期望公钥。Comparing the PubK with the expected public key.
本发明实施例又提供了一种密钥传输装置,应用于核心网网元,所述装置包括:接收单元、发送单元;其中,The embodiment of the present invention further provides a key transmission apparatus, which is applied to a core network element, where the apparatus includes: a receiving unit and a sending unit;
所述接收单元,配置为接收来自第二基站***的公钥PubK;The receiving unit is configured to receive a public key PubK from the second base station system;
所述发送单元,配置为向第一基站***发送密文密钥、第一内容信息IE1以及所述PubK,所述IE1基于所述密文密钥中的被加密密钥生成;The sending unit is configured to send a ciphertext key, a first content information IE1, and the PubK to the first base station system, where the IE1 is generated based on the encrypted key in the ciphertext key;
所述接收单元,还配置为接收来自所述第一基站***的第二内容信息IE2;The receiving unit is further configured to receive second content information IE2 from the first base station system;
所述发送单元,还配置为向所述第二基站***转发所述IE2,所述IE2为所述第一基站***利用所述IE1生成。The sending unit is further configured to forward the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
上述方案中,In the above scheme,
所述接收单元,还配置为接收来自所述第一基站***的第一校验码MAC;The receiving unit is further configured to receive a first check code MAC from the first base station system;
所述发送单元,还配置为向所述第二基站***转发所述MAC,所述MAC为所述第一基站***利用所述密文密钥以及所述PubK生成。The sending unit is further configured to forward the MAC to the second base station system, where the MAC is generated by the first base station system by using the ciphertext key and the PubK.
本发明实施例又提供了一种密钥传输装置,应用于第一基站***,所述装置包括:接收单元、发送单元;其中,The embodiment of the present invention further provides a key transmission apparatus, which is applied to a first base station system, where the apparatus includes: a receiving unit and a sending unit;
所述接收单元,配置为接收核心网网元发送的密文密钥、第一内容信息IE1以及公钥PubK,所述IE1基于所述密文密钥中的被加密密钥生成;The receiving unit is configured to receive a ciphertext key, a first content information IE1, and a public key PubK sent by the core network element, where the IE1 is generated based on the encrypted key in the ciphertext key;
所述发送单元,配置为向所述核心网网元发送所述IE2,所述IE2基于 所述IE1生成。The sending unit is configured to send the IE2 to the core network element, where the IE2 is based on The IE1 is generated.
上述方案中,所述装置还包括:处理单元,配置为使用所述第一基站***的私钥解密所述IE1,得到F1;使用所述PubK加密所述F1,得到所述IE2。In the above solution, the apparatus further includes: a processing unit configured to decrypt the IE1 by using a private key of the first base station system to obtain F1; and encrypt the F1 by using the PubK to obtain the IE2.
上述方案中,所述发送单元,还配置为向所述核心网网元发送第一校验码MAC,所述MAC为使用所述密文密钥以及所述PubK生成。In the above solution, the sending unit is further configured to send a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
上述方案中,所述装置还包括:In the above solution, the device further includes:
处理单元,配置为使用所述第一基站***的私钥解密所述密文密钥得到Ks;使用所述Ks加密所述PubK得到所述MAC;或者,使用所述Ks计算所述PubK的签名得到所述MAC。a processing unit, configured to decrypt the ciphertext key using the private key of the first base station system to obtain Ks; use the Ks to encrypt the PubK to obtain the MAC; or use the Ks to calculate a signature of the PubK Get the MAC.
本发明实施例又提供了一种密钥传输装置,应用于第二基站***,所述装置包括:发送单元、接收单元;其中,The embodiment of the present invention further provides a key transmission apparatus, which is applied to a second base station system, where the apparatus includes: a sending unit and a receiving unit;
所述发送单元,配置为向核心网网元发送公钥PubK;The sending unit is configured to send a public key PubK to a core network element;
所述接收单元,配置为接收所述核心网网元发送的第二内容信息IE2,所述IE2用于与所述第二基站***的私钥生成密钥。The receiving unit is configured to receive the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with a private key of the second base station system.
上述方案中,所述接收单元,还配置为接收所述核心网网元发送的第一校验码MAC,所述MAC用于校验。In the above solution, the receiving unit is further configured to receive a first check code MAC sent by the core network element, where the MAC is used for verification.
上述方案中,所述装置还包括:In the above solution, the device further includes:
校验单元,配置为使用所述密钥加密所述PubK,或者,使用所述密钥计算所述PubK的签名,得到第二校验码XMAC;比较所述MAC与所述XMAC。a verification unit configured to encrypt the PubK using the key, or calculate a signature of the PubK using the key to obtain a second check code XMAC; compare the MAC with the XMAC.
上述方案中,所述装置还包括:In the above solution, the device further includes:
校验单元,配置为使用所述密钥解密所述MAC,得到期望公钥;比较所述PubK与所述期望公钥。a verification unit configured to decrypt the MAC using the key to obtain a desired public key; compare the PubK with the expected public key.
本发明实施例又提供了一种计算机存储介质,该计算机存储介质存储 有计算机程序,该计算机程序配置为执行上述密钥传输方法。The embodiment of the invention further provides a computer storage medium, the computer storage medium is stored There is a computer program configured to perform the above key transfer method.
本发明实施例的技术方案中,核心网网元接收来自第二基站***的公钥PubK;所述核心网网元向第一基站***发送密文密钥、第一内容信息IE1以及所述PubK,所述IE1基于所述密文密钥中的被加密密钥生成;所述核心网网元接收来自所述第一基站***的第二内容信息IE2,并向所述第二基站***转发所述IE2,所述IE2为所述第一基站***利用所述IE1生成。第一基站***接收核心网网元发送的密文密钥、第一内容信息IE1以及公钥PubK,所述IE1基于所述密文密钥中的被加密密钥生成;所述第一基站***向所述核心网网元发送所述IE2,所述IE2基于所述IE1生成。第二基站***向核心网网元发送公钥PubK;所述第二基站***接收所述核心网网元发送的第二内容信息IE2,所述IE2用于与所述第二基站***的私钥生成密钥。采用本发明实施例的技术方案,调整了信令流程,提高了信令的传输效率;另一个方面能够识别出是否发生中间人攻击,从而做出相应的决定,比如发生了中间人攻击的情况时,网络通知终端发生了中间人攻击,由终端决定是否继续,或网络根据安全级别决定是否继续,保障了网络的安全性。In the technical solution of the embodiment of the present invention, the core network element receives the public key PubK from the second base station system; the core network element sends the ciphertext key, the first content information IE1, and the PubK to the first base station system. The IE1 is generated based on the encrypted key in the ciphertext key; the core network element receives the second content information IE2 from the first base station system, and forwards the location to the second base station system IE2, the IE2 is generated by the first base station system by using the IE1. The first base station system receives the ciphertext key, the first content information IE1, and the public key PubK sent by the core network element, and the IE1 is generated based on the encrypted key in the ciphertext key; the first base station system Sending the IE2 to the core network element, and the IE2 is generated based on the IE1. The second base station system sends a public key PubK to the core network element; the second base station system receives the second content information IE2 sent by the core network element, and the IE2 is used for the private key of the second base station system. Generate a key. With the technical solution of the embodiment of the present invention, the signaling process is adjusted, and the signaling transmission efficiency is improved; and another aspect can identify whether a man-in-the-middle attack occurs, thereby making a corresponding decision, such as when a man-in-the-middle attack occurs. The network notifies the terminal that a man-in-the-middle attack occurs, and the terminal decides whether to continue, or whether the network decides whether to continue according to the security level, thereby ensuring the security of the network.
附图说明DRAWINGS
附图以示例而非限制的方式大体示出了本文中所讨论的各个实施例。The drawings generally illustrate the various embodiments discussed herein by way of example and not limitation.
图1为现有技术中密钥传输方法的流程示意图;1 is a schematic flow chart of a key transmission method in the prior art;
图2为本发明实施例的密钥传输方法的流程示意图一;2 is a schematic flowchart 1 of a key transmission method according to an embodiment of the present invention;
图3为本发明实施例的密钥传输方法的流程示意图二;3 is a second schematic flowchart of a key transmission method according to an embodiment of the present invention;
图4为本发明实施例的密钥传输方法的流程示意图三;4 is a schematic flowchart 3 of a key transmission method according to an embodiment of the present invention;
图5为本发明实施例的密钥传输方法的流程示意图四;FIG. 5 is a schematic flowchart 4 of a key transmission method according to an embodiment of the present invention;
图6为本发明实施例的密钥传输方法的流程示意图五;6 is a schematic flowchart 5 of a key transmission method according to an embodiment of the present invention;
图7为本发明实施例的密钥传输装置的结构组成示意图一; FIG. 7 is a first schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention; FIG.
图8为本发明实施例的密钥传输装置的结构组成示意图二;FIG. 8 is a second schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention; FIG.
图9为本发明实施例的密钥传输装置的结构组成示意图三。FIG. 9 is a third schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention.
具体实施方式detailed description
为了能够更加详尽地了解本发明实施例的特点与技术内容,下面结合附图对本发明实施例的实现进行详细阐述,所附附图仅供参考说明之用,并非用来限定本发明实施例。The embodiments of the present invention are described in detail below with reference to the accompanying drawings.
本发明实施例的技术方案包括两个方面,一个方面是调整信令流程,提高信令的传输效率;另一个方面是识别出是否发生中间人攻击,从而做出相应的决定,比如发生了中间人攻击的情况时,网络通知终端发生了中间人攻击,由终端决定是否继续,或网络根据安全级别决定是否继续。The technical solution of the embodiment of the present invention includes two aspects, one is to adjust the signaling flow, and improve the transmission efficiency of the signaling; the other is to identify whether a man-in-the-middle attack occurs, and accordingly, a corresponding decision is made, for example, a man-in-the-middle attack occurs. In the case of the network, the network notifies the terminal that a man-in-the-middle attack has occurred, and the terminal decides whether to continue, or the network decides whether to continue according to the security level.
图2为本发明实施例的密钥传输方法的流程示意图一,如图2所示,该流程包括:2 is a schematic flowchart 1 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 2, the process includes:
步骤201:核心网网元接收来自第二基站***的公钥PubK。Step 201: The core network element receives the public key PubK from the second base station system.
步骤202:所述核心网网元向第一基站***发送密文密钥、第一内容信息IE1以及所述PubK,所述IE1基于所述密文密钥中的被加密密钥生成。Step 202: The core network element sends a ciphertext key, a first content information IE1, and the PubK to the first base station system, and the IE1 is generated based on the encrypted key in the ciphertext key.
步骤203:所述核心网网元接收来自所述第一基站***的第二内容信息IE2,并向所述第二基站***转发所述IE2,所述IE2为所述第一基站***利用所述IE1生成。Step 203: The core network element receives the second content information IE2 from the first base station system, and forwards the IE2 to the second base station system, where the IE2 uses the IE1 is generated.
本发明实施例中,所述方法还包括:In the embodiment of the present invention, the method further includes:
所述核心网网元接收来自所述第一基站***的第一校验码MAC,并向所述第二基站***转发所述MAC,所述MAC为所述第一基站***利用所述密文密钥以及所述PubK生成。Receiving, by the core network element, a first check code MAC from the first base station system, and forwarding the MAC to the second base station system, where the MAC is used by the first base station system to use the ciphertext The key and the PubK generation.
图3为本发明实施例的密钥传输方法的流程示意图二,如图3所示,该流程包括:FIG. 3 is a schematic flowchart 2 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 3, the process includes:
步骤301:第一基站***接收核心网网元发送的密文密钥、第一内容信 息IE1以及公钥PubK,所述IE1基于所述密文密钥中的被加密密钥生成。Step 301: The first base station system receives the ciphertext key and the first content message sent by the core network element. The IE1 and the public key PubK, the IE1 is generated based on the encrypted key in the ciphertext key.
步骤302:所述第一基站***向所述核心网网元发送所述IE2,所述IE2基于所述IE1生成。Step 302: The first base station system sends the IE2 to the core network element, and the IE2 is generated based on the IE1.
本发明实施例中,所述IE2的生成方法,包括:In the embodiment of the present invention, the method for generating the IE2 includes:
使用所述第一基站***的私钥解密所述IE1,得到F1;Decrypting the IE1 using the private key of the first base station system to obtain F1;
使用所述PubK加密所述F1,得到所述IE2。The F1 is encrypted using the PubK to obtain the IE2.
本发明实施例中,所述方法还包括:In the embodiment of the present invention, the method further includes:
所述第一基站***向所述核心网网元发送第一校验码MAC,所述MAC为使用所述密文密钥以及所述PubK生成。The first base station system sends a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
本发明实施例中,所述MAC的生成方法,包括:In the embodiment of the present invention, the method for generating the MAC includes:
使用所述第一基站***的私钥解密所述密文密钥得到Ks;Decrypting the ciphertext key using the private key of the first base station system to obtain Ks;
使用所述Ks加密所述PubK得到所述MAC;或者,Encrypting the PubK using the Ks to obtain the MAC; or,
使用所述Ks计算所述PubK的签名得到所述MAC。The signature of the PubK is calculated using the Ks to obtain the MAC.
图4为本发明实施例的密钥传输方法的流程示意图三,如图4所示,该流程包括:FIG. 4 is a schematic flowchart 3 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 4, the process includes:
步骤401:第二基站***向核心网网元发送公钥PubK。Step 401: The second base station system sends the public key PubK to the core network element.
步骤402:所述第二基站***接收所述核心网网元发送的第二内容信息IE2,所述IE2用于与所述第二基站***的私钥生成密钥。Step 402: The second base station system receives the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with the private key of the second base station system.
本发明实施例中,所述方法还包括:In the embodiment of the present invention, the method further includes:
所述第二基站***接收所述核心网网元发送的第一校验码MAC,所述MAC用于校验。The second base station system receives a first check code MAC sent by the core network element, and the MAC is used for verification.
本发明实施例中,所述校验包括:In the embodiment of the present invention, the verifying includes:
使用所述密钥加密所述PubK,或者,使用所述密钥计算所述PubK的签名,得到第二校验码XMAC;Encrypting the PubK by using the key, or calculating the signature of the PubK by using the key, to obtain a second check code XMAC;
比较所述MAC与所述XMAC。 Comparing the MAC with the XMAC.
在另一实施方式中,所述校验包括:In another embodiment, the verifying comprises:
使用所述密钥解密所述MAC,得到期望公钥;Decrypting the MAC using the key to obtain a desired public key;
比较所述PubK与所述期望公钥。Comparing the PubK with the expected public key.
下面结合具体应用实例对本发明实施例的技术方案做进一步详细描述。The technical solutions of the embodiments of the present invention are further described in detail below with reference to specific application examples.
实施例一Embodiment 1
图5为本发明实施例的密钥传输方法的流程示意图四,如图5所示,该流程包括:FIG. 5 is a schematic flowchart diagram 4 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 5, the process includes:
步骤501:终端UE通过下一代基站***2执行业务时,认证向量下发网元会通过核心网网元向下一代基站***2下发认证向量,其中Knp被加密,加密密钥为Ks,同时计算出F1(Ks),并使用下一代基站***2的公钥PubK加密F1(Ks)得到EPubK(F1(Ks)),目的是为了避免传输过程中造成Ks的泄漏,从而最终导致Knp的泄漏,认证向量中还可包含EPubK(Ks),核心网网元在这个过程中缓存认证向量和EPubK(F1(Ks)),还可以缓存EPubK(Ks);Step 501: When the terminal UE performs the service through the next-generation base station system 2, the authentication vector-issued network element sends the authentication vector to the next-generation base station system 2 through the core network element, where Knp is encrypted and the encryption key is Ks. Calculate F1(Ks), and use the public key PubK of the next-generation base station system 2 to encrypt F1(Ks) to obtain E PubK (F1(Ks)), in order to avoid leakage of Ks during transmission, which ultimately leads to Knp. Leak, the authentication vector can also include E PubK (Ks), the core network element caches the authentication vector and E PubK (F1(Ks)) in this process, and can also cache E PubK (Ks);
上述步骤中的F1(Ks)生成方法,可以是***预先向所有下一代基站***和认证向量下发网元配置共享信息,认证向量下发网元使用共享信息生成密钥加密Ks,得到F1(Ks),从而下一代基站***可以解密F1(Ks);或可以是认证向量下发网元使用自己的私钥加密Ks,只有下一代基站***才能获取认证向量下发网元的公钥,从而可以使用该公钥解密F1(Ks);The method for generating the F1 (Ks) in the above steps may be that the system sends the network element configuration sharing information to all the next-generation base station systems and the authentication vector in advance, and the authentication vector sends the network element to generate the key encryption Ks using the shared information to obtain F1 ( Ks), so that the next-generation base station system can decrypt F1 (Ks); or the authentication vector-issued network element can use its own private key to encrypt Ks, and only the next-generation base station system can obtain the public key of the authentication vector-issued network element, thereby The public key can be used to decrypt F1(Ks);
步骤502:可选的,下一代基站***2在业务执行过程中的某个时刻,将Ks用下一代基站***2的公钥PubK加密得到EPubK(Ks),然后向核心网网元发送接入网密钥更新,比如发送AS Key Update消息,携带EPubK(Ks),核心网网元缓存EPubK(Ks),当终端UE不再接入下一代基站***2时,下一代基站***2不再缓存与用户相关的任何信息;Step 502: Optionally, the next-generation base station system 2 encrypts the Ks with the public key PubK of the next-generation base station system 2 to obtain E PubK (Ks) at a certain time during the service execution, and then sends the E PubK (Ks) to the core network element. The network access key is updated, for example, the AS Key Update message is sent, the E PubK (Ks) is carried, and the core network element cache is E PubK (Ks). When the terminal UE is no longer connected to the next generation base station system 2, the next generation base station system 2 No more information related to the user is cached;
步骤503:终端UE在当前位置向下一代基站***1发送位置区更新, 比如发送Tracking Area Update消息,或发送业务请求,比如发送Service Request消息;Step 503: The terminal UE sends a location area update to the next generation base station system 1 at the current location. For example, sending a Tracking Area Update message, or sending a service request, such as sending a Service Request message;
步骤504:下一代基站***1向核心网网元发送合并的位置区更新和接入网认证数据请求,比如发送合并的Tracking Area Update和AS Authentication Data Request消息,或发送合并的业务请求和接入网认证数据请求,比如发送合并的Service Request和AS Authentication Data Request消息,携带下一代基站***1的公钥PubK-B;Step 504: The next generation base station system 1 sends the merged location area update and the access network authentication data request to the core network element, for example, sending the combined Tracking Area Update and AS Authentication Data Request messages, or sending the merged service request and access. The network authentication data request, for example, sending the combined Service Request and AS Authentication Data Request messages, carrying the public key PubK-B of the next generation base station system 1;
步骤505:核心网网元向下一代基站***1发送合并的用户认证请求和接入网认证数据响应,比如发送合并的User Authentication Request和AS Authentication Data Response消息,携带认证向量1和认证参数2,其中认证参数2来自核心网使用的认证向量中的部分信息,比如RAND和AUTN;Step 505: The core network element sends a combined user authentication request and an access network authentication data response to the next generation base station system 1, for example, sending a combined User Authentication Request and an AS Authentication Data Response message, carrying the authentication vector 1 and the authentication parameter 2, The authentication parameter 2 is derived from part of the information in the authentication vector used by the core network, such as RAND and AUTN;
步骤506:下一代基站***1向终端UE发送用户认证请求,比如发送User Authentication Request消息,携带认证参数1和认证参数2,其中认证参数1来自接入网使用的认证向量中的部分信息,比如RAND和AUTN;Step 506: The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
步骤507:终端UE基于认证参数1或认证参数2中的AUTN验证网络;终端UE基于认证参数1中的RAND计算出响应值RES1,基于认证参数2中的RAND计算出响应值RES2,并向下一代基站***1发送用户认证响应,比如发送User Authentication Response消息,携带认证信息1,即RES1,携带认证信息2,即RES2;Step 507: The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and The first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
以下步骤508~511发生在步骤504之后,其执行与步骤505~507以及步骤512~513不相关:The following steps 508-511 occur after step 504, and the execution is not related to steps 505-507 and steps 512-513:
步骤508:核心网网元向下一代基站***2发送接入网密钥请求,比如发送AS Key Request消息,携带缓存的EPubK(Ks)、EPubK(F1(Ks))和收到的PubK-B;Step 508: The core network element sends an access network key request to the next generation base station system 2, for example, sends an AS Key Request message, carries the cached E PubK (Ks), E PubK (F1 (Ks)), and the received PubK. -B;
步骤509:下一代基站***2用与PubK相对应的私钥解密Ks和F1(Ks), 可选的,用Ks和PubK-B计算校验码MAC,比如用Ks加密PubK-B,或用Ks计算PubK-B的签名;还用PubK-B加密F1(Ks)得到F2(Ks),然后向核心网网元发送接入网密钥响应,比如发送AS Key Response消息,携带F2(Ks),还可携带MAC;Step 509: The next generation base station system 2 decrypts Ks and F1 (Ks) with the private key corresponding to PubK, Optionally, calculate the check code MAC by using Ks and PubK-B, for example, encrypting PubK-B with Ks, or calculating the signature of PubK-B with Ks; and also obtaining F2 (Ks) by using PubK-B to encrypt F1 (Ks), And then sending an access network key response to the core network element, for example, sending an AS Key Response message, carrying F2 (Ks), and carrying the MAC;
步骤510:核心网网元向下一代基站***1发送接入网密钥更新,比如发送AS Key Update消息,携带收到的F2(Ks),还可携带收到的MAC;Step 510: The core network element sends an access network key update to the next-generation base station system 1, for example, sending an AS Key Update message, carrying the received F2 (Ks), and carrying the received MAC;
步骤511:下一代基站***1用与PubK-B相对应的私钥解密F2(Ks)得到F1(Ks),再从F1(Ks)中解算出Ks,如果收到MAC,则用Ks和PubK-B计算期望校验码XMAC,比如用Ks加密PubK-B,或用Ks计算PubK-B的签名,然后比对XMAC和收到的MAC,或用Ks解密MAC得到期望公钥,并比较PubK-B和期望公钥;如果比较相同则可识别没有发生中间人攻击,否则可识别发生了中间人攻击;Step 511: The next-generation base station system 1 decrypts F2 (Ks) with the private key corresponding to PubK-B to obtain F1 (Ks), and then calculates Ks from F1 (Ks). If MAC is received, Ks and PubK are used. -B calculates the expected check code XMAC, such as encrypting PubK-B with Ks, or calculating the signature of PubK-B with Ks, then comparing the XMAC with the received MAC, or decrypting the MAC with Ks to get the expected public key, and compare PubK -B and the expected public key; if the comparison is the same, it can be identified that no man-in-the-middle attacks have occurred, otherwise a man-in-the-middle attack can be identified;
步骤512:下一代基站***1收到步骤407的消息后,使用RES1与接入网使用的认证向量中的XRES比较以验证终端,验证通过则向核心网网元发送用户认证响应,比如发送User Authentication Response消息,携带认证信息2,即RES2;Step 512: After receiving the message of step 407, the next-generation base station system 1 uses RES1 to compare with the XRES in the authentication vector used by the access network to verify the terminal, and sends a user authentication response to the core network element, for example, sending the user. Authentication Response message carrying the authentication information 2, that is, RES2;
步骤513:核心网网元使用RES2与核心网使用的认证向量中的XRES比较以验证终端,验证通过后,核心网网元通过下一代基站***1向终端UE发送位置区更新接受,比如发送Tracking Area Update Accept消息,或发送业务建立,比如发送Initial UE Context消息;Step 513: The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message, or send service establishment, such as sending an Initial UE Context message;
步骤514:下一代基站***1向终端UE转发位置区更新接受,或发送承载建立,比如发送RRC Connection Reconfiguration消息。Step 514: The next generation base station system 1 forwards the location area update accept to the terminal UE, or sends a bearer setup, such as sending an RRC Connection Reconfiguration message.
实施例二Embodiment 2
图6为本发明实施例的密钥传输方法的流程示意图五,如图6所示,该流程包括: 6 is a schematic flowchart 5 of a key transmission method according to an embodiment of the present invention. As shown in FIG. 6, the process includes:
步骤601:终端UE通过下一代基站***2执行业务时,认证向量下发网元会通过核心网网元向下一代基站***2下发认证向量,其中Knp被替换为EPubK(F1(Knp)),即使用下一代基站***2的公钥PubK加密F1(Knp)得到,目的是为了避免传输过程中造成Knp的泄漏,从而最终导致Knp的泄漏,认证向量中还可包含EPubK(Knp),核心网网元在这个过程中缓存认证向量和EPubK(F1(Knp)),还可缓存EPubK(Knp);Step 601: When the terminal UE performs the service through the next-generation base station system 2, the authentication vector-issued network element sends the authentication vector to the next-generation base station system 2 through the core network element, where Knp is replaced by E PubK (F1(Knp) ), that is, using the public key PubK encryption F1 (Knp) of the next-generation base station system 2, in order to avoid leakage of Knp during transmission, thereby eventually causing Knp leakage, and the authentication vector may also include E PubK (Knp) The core network element caches the authentication vector and E PubK (F1(Knp)) in this process, and can also cache E PubK (Knp);
上述步骤中的F1(Knp)生成方法,可以是***预先向所有下一代基站***和认证向量下发网元配置共享信息,认证向量下发网元使用共享信息生成密钥加密Knp,得到F1(Knp),从而下一代基站***可以解密F1(Knp);或可以是认证向量下发网元使用自己的私钥加密Knp,只有下一代基站***才能获取认证向量下发网元的公钥,从而可以使用该公钥解密F1(Knp);The F1 (Knp) generation method in the above steps may be that the system sends the network element configuration sharing information to all the next-generation base station systems and the authentication vector in advance, and the authentication vector is sent by the network element to generate the key encryption Knp using the shared information to obtain F1 ( Knp), so that the next-generation base station system can decrypt F1 (Knp); or the authentication vector-issued network element can use its own private key to encrypt Knp, and only the next-generation base station system can obtain the public key of the authentication vector-issued network element, thereby The public key can be used to decrypt F1(Knp);
步骤602:可选的,下一代基站***2在业务执行过程中的某个时刻,将Knp用下一代基站***2的公钥PubK加密得到EPubK(Knp),然后向核心网网元发送接入网密钥更新,比如发送AS Key Update消息,携带EPubK(Knp),核心网网元缓存EPubK(Knp),当终端UE不再接入下一代基站***2时,下一代基站***2不再缓存与用户相关的任何信息;Step 602: Optionally, the next-generation base station system 2 encrypts the Knp with the public key PubK of the next-generation base station system 2 to obtain E PubK (Knp) at a certain time during the execution of the service, and then sends the connection to the core network element. Incoming network key update, such as sending an AS Key Update message, carrying E PubK (Knp), core network element cache E PubK (Knp), when the terminal UE is no longer connected to the next generation base station system 2, the next generation base station system 2 No more information related to the user is cached;
步骤603:终端UE在当前位置向下一代基站***1发送位置区更新,比如发送Tracking Area Update消息,或发送业务请求,比如发送Service Request消息;Step 603: The terminal UE sends a location area update to the next-generation base station system 1 at the current location, for example, sending a Tracking Area Update message, or sending a service request, such as sending a Service Request message;
步骤604:下一代基站***1向核心网网元发送合并的位置区更新和接入网认证数据请求,比如发送合并的Tracking Area Update和AS Authentication Data Request消息,或发送合并的业务请求和接入网认证数据请求,比如发送合并的Service Request和AS Authentication Data Request消息,携带下一代基站***1的公钥PubK-B;Step 604: The next generation base station system 1 sends the merged location area update and the access network authentication data request to the core network element, for example, sending the combined Tracking Area Update and AS Authentication Data Request messages, or sending the merged service request and access. The network authentication data request, for example, sending the combined Service Request and AS Authentication Data Request messages, carrying the public key PubK-B of the next generation base station system 1;
步骤605:核心网网元向下一代基站***1发送合并的用户认证请求和 接入网认证数据响应,比如发送合并的User Authentication Request和AS Authentication Data Response消息,携带认证向量1和认证参数2,其中认证参数2来自核心网使用的认证向量中的部分信息,比如RAND和AUTN;Step 605: The core network element sends a combined user authentication request to the next generation base station system 1 and The access network authentication data response, such as sending the combined User Authentication Request and AS Authentication Data Response messages, carries the authentication vector 1 and the authentication parameter 2, wherein the authentication parameter 2 comes from part of the information in the authentication vector used by the core network, such as RAND and AUTN. ;
步骤606:下一代基站***1向终端UE发送用户认证请求,比如发送User Authentication Request消息,携带认证参数1和认证参数2,其中认证参数1来自接入网使用的认证向量中的部分信息,比如RAND和AUTN;Step 606: The next-generation base station system 1 sends a user authentication request to the terminal UE, for example, sends a User Authentication Request message, carrying the authentication parameter 1 and the authentication parameter 2, wherein the authentication parameter 1 is from part of the authentication vector used by the access network, such as RAND and AUTN;
步骤607:终端UE基于认证参数1或认证参数2中的AUTN验证网络;终端UE基于认证参数1中的RAND计算出响应值RES1,基于认证参数2中的RAND计算出响应值RES2,并向下一代基站***1发送用户认证响应,比如发送User Authentication Response消息,携带认证信息1,即RES1,携带认证信息2,即RES2;Step 607: The terminal UE verifies the network based on the AUTN in the authentication parameter 1 or the authentication parameter 2; the terminal UE calculates the response value RES1 based on the RAND in the authentication parameter 1, calculates the response value RES2 based on the RAND in the authentication parameter 2, and The first generation base station system 1 sends a user authentication response, for example, sends a User Authentication Response message, carries the authentication information 1, that is, RES1, and carries the authentication information 2, that is, RES2;
以下步骤608~611发生在步骤604之后,其执行与步骤605~607以及步骤612~613不相关:The following steps 608-611 occur after step 604, and the execution is not related to steps 605-607 and steps 612-613:
步骤608:核心网网元向下一代基站***2发送接入网密钥请求,比如发送AS Key Request消息,携带缓存的EPubK(Knp)、EPubK(F1(Knp))和收到的PubK-B;Step 608: The core network element sends an access network key request to the next generation base station system 2, for example, sends an AS Key Request message, carries the cached E PubK (Knp), E PubK (F1 (Knp)), and the received PubK. -B;
步骤609:下一代基站***2用与PubK相对应的私钥解密Knp和F1(Knp),可选的,用Knp和PubK-B计算校验码MAC,比如用Knp加密PubK-B,或用Knp计算PubK-B的签名;还用PubK-B加密F1(Knp)得到F2(Knp),然后向核心网网元发送接入网密钥响应,比如发送AS Key Response消息,携带F2(Knp),还可携带MAC;Step 609: The next-generation base station system 2 decrypts Knp and F1 (Knp) by using the private key corresponding to PubK. Alternatively, the check code MAC is calculated by using Knp and PubK-B, for example, encrypting PubK-B with Knp, or using Knp calculates the signature of PubK-B; also uses Fub (Knp) to obtain F2 (Knp) with PubK-B, and then sends an access network key response to the core network element, such as sending an AS Key Response message carrying F2 (Knp) , can also carry MAC;
步骤610:核心网网元向下一代基站***1发送接入网密钥更新,比如发送AS Key Update消息,携带收到的F2(Knp),还可携带收到的MAC;Step 610: The core network element sends an access network key update to the next-generation base station system 1, for example, sending an AS Key Update message, carrying the received F2 (Knp), and carrying the received MAC;
步骤611:下一代基站***1用与PubK-B相对应的私钥解密F2(Knp)得到F1(Knp),再从F1(Knp)中解算出Knp,如果收到MAC,则用Knp和 PubK-B计算期望校验码XMAC,比如用Knp加密PubK-B,或用Knp计算PubK-B的签名,然后比对XMAC和收到的MAC,或用Knp解密MAC得到期望公钥,并比较PubK-B和期望公钥;如果比较相同则可识别没有发生中间人攻击,否则可识别发生了中间人攻击;Step 611: The next-generation base station system 1 decrypts F2 (Knp) with the private key corresponding to PubK-B to obtain F1 (Knp), and then calculates Knp from F1 (Knp). If MAC is received, Knp and Knp are used. PubK-B calculates the expected check code XMAC, such as encrypting PubK-B with Knp, or calculating the signature of PubK-B with Knp, then comparing the XMAC with the received MAC, or decrypting the MAC with Knp to get the expected public key, and compare PubK-B and the expected public key; if they are the same, it can be identified that no man-in-the-middle attacks have occurred, otherwise a man-in-the-middle attack can be identified;
步骤612:下一代基站***1收到步骤607的消息后,使用RES1与接入网使用的认证向量中的XRES比较以验证终端,验证通过则向核心网网元发送用户认证响应,比如发送User Authentication Response消息,携带认证信息2,即RES2;Step 612: After receiving the message of step 607, the next-generation base station system 1 uses RES1 to compare with the XRES in the authentication vector used by the access network to verify the terminal, and sends a user authentication response to the core network element, for example, sending the user. Authentication Response message carrying the authentication information 2, that is, RES2;
步骤613:核心网网元使用RES2与核心网使用的认证向量中的XRES比较以验证终端,验证通过后,核心网网元通过下一代基站***1向终端UE发送位置区更新接受,比如发送Tracking Area Update Accept消息,或发送业务建立,比如发送Initial UE Context消息;Step 613: The core network element uses the RES2 to compare with the XRES in the authentication vector used by the core network to verify the terminal. After the verification is passed, the core network element sends the location area update acceptance to the terminal UE through the next generation base station system 1, for example, sending Tracking. Area Update Accept message, or send service establishment, such as sending an Initial UE Context message;
步骤614:下一代基站***1向终端UE转发位置区更新接受,或发送承载建立,比如发送RRC Connection Reconfiguration消息。Step 614: The next generation base station system 1 forwards the location area update accept to the terminal UE, or sends a bearer setup, such as sending an RRC Connection Reconfiguration message.
图7为本发明实施例的密钥传输装置的结构组成示意图一,本示例中的秘钥传输装置应用于核心网网元,如图7所示,所述装置包括:接收单元71、发送单元72;其中,FIG. 7 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention. The key transmission apparatus in this example is applied to a core network element. As shown in FIG. 7, the apparatus includes: a receiving unit 71, and a sending unit. 72; among them,
所述接收单元71,配置为接收来自第二基站***的公钥PubK;The receiving unit 71 is configured to receive a public key PubK from the second base station system;
所述发送单元72,配置为向第一基站***发送密文密钥、第一内容信息IE1以及所述PubK,所述IE1基于所述密文密钥中的被加密密钥生成;The sending unit 72 is configured to send, to the first base station system, a ciphertext key, a first content information IE1, and the PubK, where the IE1 is generated based on the encrypted key in the ciphertext key;
所述接收单元71,还配置为接收来自所述第一基站***的第二内容信息IE2;The receiving unit 71 is further configured to receive second content information IE2 from the first base station system;
所述发送单元72,还配置为向所述第二基站***转发所述IE2,所述IE2为所述第一基站***利用所述IE1生成。The sending unit 72 is further configured to forward the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
本发明实施例中,所述接收单元71,还配置为接收来自所述第一基站 ***的第一校验码MAC;In the embodiment of the present invention, the receiving unit 71 is further configured to receive the first base station. The first check code MAC of the system;
所述发送单元72,还配置为向所述第二基站***转发所述MAC,所述MAC为所述第一基站***利用所述密文密钥以及所述PubK生成。The sending unit 72 is further configured to forward the MAC to the second base station system, where the MAC is generated by the first base station system by using the ciphertext key and the PubK.
本领域技术人员应当理解,图7所示的钥传输装置中的各单元的实现功能可参照前述钥传输方法的相关描述而理解。图7所示的钥传输装置中的各单元的功能可通过运行于处理器上的程序而实现,也可通过具体的逻辑电路而实现。Those skilled in the art should understand that the implementation functions of the units in the key transmission apparatus shown in FIG. 7 can be understood by referring to the related description of the foregoing key transmission method. The functions of the units in the key transmission apparatus shown in FIG. 7 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
在实际应用中,所述密钥传输装置中的各个单元所实现的功能,均可由位于密钥传输装置中的中央处理器(CPU,Central Processing Unit)、或微处理器(MPU,Micro Processor Unit)、或数字信号处理器(DSP,Digital Signal Processor)、或现场可编程门阵列(FPGA,Field Programmable Gate Array)等实现。In practical applications, the functions implemented by each unit in the key transmission device may be implemented by a central processing unit (CPU) located in the key transmission device, or a microprocessor (MPU, Micro Processor Unit). ), or a digital signal processor (DSP, Digital Signal Processor), or Field Programmable Gate Array (FPGA).
图8为本发明实施例的密钥传输装置的结构组成示意图二,本示例中的秘钥传输装置应用于第一基站***,如图8所示,所述装置包括:接收单元81、发送单元82;其中,FIG. 8 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention. The key transmission apparatus in this example is applied to a first base station system. As shown in FIG. 8, the apparatus includes: a receiving unit 81, and a sending unit. 82; among them,
所述接收单元81,配置为接收核心网网元发送的密文密钥、第一内容信息IE1以及公钥PubK,所述IE1基于所述密文密钥中的被加密密钥生成;The receiving unit 81 is configured to receive a ciphertext key, a first content information IE1, and a public key PubK sent by the core network element, where the IE1 is generated based on the encrypted key in the ciphertext key;
所述发送单元82,配置为向所述核心网网元发送所述IE2,所述IE2基于所述IE1生成。The sending unit 82 is configured to send the IE2 to the core network element, and the IE2 is generated based on the IE1.
本发明实施例中,所述装置还包括:处理单元83,配置为使用所述第一基站***的私钥解密所述IE1,得到F1;使用所述PubK加密所述F1,得到所述IE2。In the embodiment of the present invention, the device further includes: a processing unit 83, configured to decrypt the IE1 by using a private key of the first base station system to obtain F1; and use the PubK to encrypt the F1 to obtain the IE2.
本发明实施例中,所述发送单元82,还配置为向所述核心网网元发送第一校验码MAC,所述MAC为使用所述密文密钥以及所述PubK生成。In the embodiment of the present invention, the sending unit 82 is further configured to send a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
本发明实施例中,所述装置还包括: In the embodiment of the present invention, the device further includes:
处理单元83,配置为使用所述第一基站***的私钥解密所述密文密钥得到Ks;使用所述Ks加密所述PubK得到所述MAC;或者,使用所述Ks计算所述PubK的签名得到所述MAC。The processing unit 83 is configured to decrypt the ciphertext key using the private key of the first base station system to obtain Ks; use the Ks to encrypt the PubK to obtain the MAC; or use the Ks to calculate the PubK The signature gets the MAC.
本领域技术人员应当理解,图8所示的钥传输装置中的各单元的实现功能可参照前述钥传输方法的相关描述而理解。图8所示的钥传输装置中的各单元的功能可通过运行于处理器上的程序而实现,也可通过具体的逻辑电路而实现。It should be understood by those skilled in the art that the implementation functions of the units in the key transmission apparatus shown in FIG. 8 can be understood by referring to the related description of the foregoing key transmission method. The functions of the units in the key transmission device shown in FIG. 8 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
在实际应用中,所述密钥传输装置中的各个单元所实现的功能,均可由位于密钥传输装置中的CPU、或MPU、或DSP、或FPGA等实现。In practical applications, the functions implemented by the various units in the key transmission device can be implemented by a CPU, an MPU, or a DSP, or an FPGA or the like located in the key transmission device.
图9为本发明实施例的密钥传输装置的结构组成示意图三,本示例中的秘钥传输装置应用于第二基站***,如图9所示,所述装置包括:发送单元91、接收单元92;其中,FIG. 9 is a schematic structural diagram of a key transmission apparatus according to an embodiment of the present invention. The key transmission apparatus in this example is applied to a second base station system. As shown in FIG. 9, the apparatus includes: a sending unit 91 and a receiving unit. 92; among them,
所述发送单元91,配置为向核心网网元发送公钥PubK;The sending unit 91 is configured to send a public key PubK to a core network element;
所述接收单元92,配置为接收所述核心网网元发送的第二内容信息IE2,所述IE2用于与所述第二基站***的私钥生成密钥。The receiving unit 92 is configured to receive the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with a private key of the second base station system.
本发明实施例中,所述接收单元92,还配置为接收所述核心网网元发送的第一校验码MAC,所述MAC用于校验。In the embodiment of the present invention, the receiving unit 92 is further configured to receive a first check code MAC sent by the core network element, where the MAC is used for verification.
本发明实施例中,所述装置还包括:In the embodiment of the present invention, the device further includes:
校验单元93,配置为使用所述密钥加密所述PubK,或者,使用所述密钥计算所述PubK的签名,得到第二校验码XMAC;比较所述MAC与所述XMAC。The verification unit 93 is configured to encrypt the PubK by using the key, or calculate the signature of the PubK using the key to obtain a second check code XMAC; compare the MAC with the XMAC.
本发明实施例中,所述装置还包括:In the embodiment of the present invention, the device further includes:
校验单元93,配置为使用所述密钥解密所述MAC,得到期望公钥;比较所述PubK与所述期望公钥。The verification unit 93 is configured to decrypt the MAC using the key to obtain a desired public key; compare the PubK with the expected public key.
本领域技术人员应当理解,图9所示的钥传输装置中的各单元的实现 功能可参照前述钥传输方法的相关描述而理解。图9所示的钥传输装置中的各单元的功能可通过运行于处理器上的程序而实现,也可通过具体的逻辑电路而实现。Those skilled in the art should understand that the implementation of each unit in the key transmission device shown in FIG. The function can be understood by referring to the related description of the aforementioned key transmission method. The functions of the units in the key transmission device shown in FIG. 9 can be realized by a program running on the processor, or can be realized by a specific logic circuit.
在实际应用中,所述密钥传输装置中的各个单元所实现的功能,均可由位于密钥传输装置中的CPU、或MPU、或DSP、或FPGA等实现。In practical applications, the functions implemented by the various units in the key transmission device can be implemented by a CPU, an MPU, or a DSP, or an FPGA or the like located in the key transmission device.
本领域内的技术人员应明白,本发明的实施例可提供为方法、***、或计算机程序产品。因此,本发明可采用硬件实施例、软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
本发明是参照根据本发明实施例的方法、设备(***)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现 在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. Instructions are provided for implementation The steps of a function specified in a block or blocks of a flow or a flow and/or a block diagram of a flow chart.
相应地,本发明实施例还提供一种计算机存储介质,其中存储有计算机程序,该计算机程序配置为执行本发明实施例的密钥传输方法。Correspondingly, an embodiment of the present invention further provides a computer storage medium, wherein a computer program is configured, and the computer program is configured to execute a key transmission method according to an embodiment of the present invention.
以上所述,仅为本发明的较佳实施例而已,并非用于限定本发明的保护范围。The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.
工业实用性Industrial applicability
本发明实施例的技术方案中,调整了信令流程,提高了信令的传输效率;另一个方面能够识别出是否发生中间人攻击,从而做出相应的决定,比如发生了中间人攻击的情况时,网络通知终端发生了中间人攻击,由终端决定是否继续,或网络根据安全级别决定是否继续,保障了网络的安全性。 In the technical solution of the embodiment of the present invention, the signaling process is adjusted to improve the transmission efficiency of signaling; and another aspect can identify whether a man-in-the-middle attack occurs, thereby making a corresponding decision, such as when a man-in-the-middle attack occurs. The network notifies the terminal that a man-in-the-middle attack occurs, and the terminal decides whether to continue, or whether the network decides whether to continue according to the security level, thereby ensuring the security of the network.

Claims (21)

  1. 一种密钥传输方法,所述方法包括:A key transmission method, the method comprising:
    核心网网元接收来自第二基站***的公钥PubK;The core network element receives the public key PubK from the second base station system;
    所述核心网网元向第一基站***发送密文密钥、第一内容信息IE1以及所述PubK,所述IE1基于所述密文密钥中的被加密密钥生成;Transmitting, by the core network element, the ciphertext key, the first content information IE1, and the PubK to the first base station system, where the IE1 is generated based on the encrypted key in the ciphertext key;
    所述核心网网元接收来自所述第一基站***的第二内容信息IE2,并向所述第二基站***转发所述IE2,所述IE2为所述第一基站***利用所述IE1生成。The core network element receives the second content information IE2 from the first base station system, and forwards the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
  2. 根据权利要求1所述的密钥传输方法,其中,所述方法还包括:The key transmission method according to claim 1, wherein the method further comprises:
    所述核心网网元接收来自所述第一基站***的第一校验码MAC,并向所述第二基站***转发所述MAC,所述MAC为所述第一基站***利用所述密文密钥以及所述PubK生成。Receiving, by the core network element, a first check code MAC from the first base station system, and forwarding the MAC to the second base station system, where the MAC is used by the first base station system to use the ciphertext The key and the PubK generation.
  3. 一种密钥传输方法,所述方法包括:A key transmission method, the method comprising:
    第一基站***接收核心网网元发送的密文密钥、第一内容信息IE1以及公钥PubK,所述IE1基于所述密文密钥中的被加密密钥生成;The first base station system receives the ciphertext key, the first content information IE1, and the public key PubK sent by the core network element, and the IE1 is generated based on the encrypted key in the ciphertext key;
    所述第一基站***向所述核心网网元发送所述IE2,所述IE2基于所述IE1生成。The first base station system sends the IE2 to the core network element, and the IE2 is generated based on the IE1.
  4. 根据权利要求3所述的密钥传输方法,其中,所述IE2的生成方法,包括:The key transmission method according to claim 3, wherein the method for generating the IE2 comprises:
    使用所述第一基站***的私钥解密所述IE1,得到F1;Decrypting the IE1 using the private key of the first base station system to obtain F1;
    使用所述PubK加密所述F1,得到所述IE2。The F1 is encrypted using the PubK to obtain the IE2.
  5. 根据权利要求3所述的密钥传输方法,其中,所述方法还包括:The key transmission method according to claim 3, wherein the method further comprises:
    所述第一基站***向所述核心网网元发送第一校验码MAC,所述MAC为使用所述密文密钥以及所述PubK生成。The first base station system sends a first check code MAC to the core network element, where the MAC is generated by using the ciphertext key and the PubK.
  6. 根据权利要求5所述的密钥传输方法,其中,所述MAC的生成 方法,包括:The key transmission method according to claim 5, wherein said MAC generation Methods, including:
    使用所述第一基站***的私钥解密所述密文密钥得到Ks;Decrypting the ciphertext key using the private key of the first base station system to obtain Ks;
    使用所述Ks加密所述PubK得到所述MAC;或者,Encrypting the PubK using the Ks to obtain the MAC; or,
    使用所述Ks计算所述PubK的签名得到所述MAC。The signature of the PubK is calculated using the Ks to obtain the MAC.
  7. 一种密钥传输方法,所述方法包括:A key transmission method, the method comprising:
    第二基站***向核心网网元发送公钥PubK;The second base station system sends the public key PubK to the core network element;
    所述第二基站***接收所述核心网网元发送的第二内容信息IE2,所述IE2用于与所述第二基站***的私钥生成密钥。The second base station system receives the second content information IE2 sent by the core network element, and the IE2 is used to generate a key with the private key of the second base station system.
  8. 根据权利要求7所述的密钥传输方法,其中,所述方法还包括:The key transmission method according to claim 7, wherein the method further comprises:
    所述第二基站***接收所述核心网网元发送的第一校验码MAC,所述MAC用于校验。The second base station system receives a first check code MAC sent by the core network element, and the MAC is used for verification.
  9. 根据权利要求8所述的密钥传输方法,其中,所述校验包括:The key transmission method according to claim 8, wherein said verifying comprises:
    使用所述密钥加密所述PubK,或者,使用所述密钥计算所述PubK的签名,得到第二校验码XMAC;Encrypting the PubK by using the key, or calculating the signature of the PubK by using the key, to obtain a second check code XMAC;
    比较所述MAC与所述XMAC。Comparing the MAC with the XMAC.
  10. 根据权利要求8所述的密钥传输方法,其中,所述校验包括:The key transmission method according to claim 8, wherein said verifying comprises:
    使用所述密钥解密所述MAC,得到期望公钥;Decrypting the MAC using the key to obtain a desired public key;
    比较所述PubK与所述期望公钥。Comparing the PubK with the expected public key.
  11. 一种密钥传输装置,应用于核心网网元,所述装置包括:接收单元、发送单元;其中,A key transmission apparatus is applied to a core network element, where the apparatus includes: a receiving unit and a sending unit;
    所述接收单元,配置为接收来自第二基站***的公钥PubK;The receiving unit is configured to receive a public key PubK from the second base station system;
    所述发送单元,配置为向第一基站***发送密文密钥、第一内容信息IE1以及所述PubK,所述IE1基于所述密文密钥中的被加密密钥生成;The sending unit is configured to send a ciphertext key, a first content information IE1, and the PubK to the first base station system, where the IE1 is generated based on the encrypted key in the ciphertext key;
    所述接收单元,还配置为接收来自所述第一基站***的第二内容信息IE2; The receiving unit is further configured to receive second content information IE2 from the first base station system;
    所述发送单元,还配置为向所述第二基站***转发所述IE2,所述IE2为所述第一基站***利用所述IE1生成。The sending unit is further configured to forward the IE2 to the second base station system, where the IE2 is generated by the first base station system by using the IE1.
  12. 根据权利要求11所述的密钥传输装置,其中,The key transmission device according to claim 11, wherein
    所述接收单元,还配置为接收来自所述第一基站***的第一校验码MAC;The receiving unit is further configured to receive a first check code MAC from the first base station system;
    所述发送单元,还配置为向所述第二基站***转发所述MAC,所述MAC为所述第一基站***利用所述密文密钥以及所述PubK生成。The sending unit is further configured to forward the MAC to the second base station system, where the MAC is generated by the first base station system by using the ciphertext key and the PubK.
  13. 一种密钥传输装置,应用于第一基站***,所述装置包括:接收单元、发送单元;其中,A key transmission apparatus is applied to a first base station system, where the apparatus includes: a receiving unit and a sending unit;
    所述接收单元,配置为接收核心网网元发送的密文密钥、第一内容信息IE1以及公钥PubK,所述IE1基于所述密文密钥中的被加密密钥生成;The receiving unit is configured to receive a ciphertext key, a first content information IE1, and a public key PubK sent by the core network element, where the IE1 is generated based on the encrypted key in the ciphertext key;
    所述发送单元,配置为向所述核心网网元发送所述IE2,所述IE2基于所述IE1生成。The sending unit is configured to send the IE2 to the core network element, and the IE2 is generated based on the IE1.
  14. 根据权利要求13所述的密钥传输装置,其中,所述装置还包括:处理单元,配置为使用所述第一基站***的私钥解密所述IE1,得到F1;使用所述PubK加密所述F1,得到所述IE2。The key transmission device according to claim 13, wherein said apparatus further comprises: a processing unit configured to decrypt said IE1 using said private key of said first base station system to obtain F1; said said using said PubK to encrypt said F1, the IE2 is obtained.
  15. 根据权利要求13所述的密钥传输装置,其中,所述发送单元,还配置为向所述核心网网元发送第一校验码MAC,所述MAC为使用所述密文密钥以及所述PubK生成。The key transmission device according to claim 13, wherein the sending unit is further configured to send a first check code MAC to the core network element, where the MAC is to use the ciphertext key and the PubK generation.
  16. 根据权利要求15所述的密钥传输装置,其中,所述装置还包括:The key transmission device of claim 15, wherein the device further comprises:
    处理单元,配置为使用所述第一基站***的私钥解密所述密文密钥得到Ks;使用所述Ks加密所述PubK得到所述MAC;或者,使用所述Ks计算所述PubK的签名得到所述MAC。a processing unit, configured to decrypt the ciphertext key using the private key of the first base station system to obtain Ks; use the Ks to encrypt the PubK to obtain the MAC; or use the Ks to calculate a signature of the PubK Get the MAC.
  17. 一种密钥传输装置,应用于第二基站***,所述装置包括:发 送单元、接收单元;其中,A key transmission device is applied to a second base station system, the device comprising: Delivery unit, receiving unit; wherein
    所述发送单元,配置为向核心网网元发送公钥PubK;The sending unit is configured to send a public key PubK to a core network element;
    所述接收单元,配置为接收所述核心网网元发送的第二内容信息IE2,所述IE2用于与所述第二基站***的私钥生成密钥。The receiving unit is configured to receive the second content information IE2 sent by the core network element, where the IE2 is used to generate a key with a private key of the second base station system.
  18. 根据权利要求17所述的密钥传输装置,其中,所述接收单元,还配置为接收所述核心网网元发送的第一校验码MAC,所述MAC用于校验。The key transmission device according to claim 17, wherein the receiving unit is further configured to receive a first check code MAC sent by the core network element, and the MAC is used for verification.
  19. 根据权利要求18所述的密钥传输装置,其中,所述装置还包括:The key transmission device of claim 18, wherein the device further comprises:
    校验单元,配置为使用所述密钥加密所述PubK,或者,使用所述密钥计算所述PubK的签名,得到第二校验码XMAC;比较所述MAC与所述XMAC。a verification unit configured to encrypt the PubK using the key, or calculate a signature of the PubK using the key to obtain a second check code XMAC; compare the MAC with the XMAC.
  20. 根据权利要求18所述的密钥传输装置,其中,所述装置还包括:The key transmission device of claim 18, wherein the device further comprises:
    校验单元,配置为使用所述密钥解密所述MAC,得到期望公钥;比较所述PubK与所述期望公钥。a verification unit configured to decrypt the MAC using the key to obtain a desired public key; compare the PubK with the expected public key.
  21. 一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,该计算机可执行指令配置为执行权利要求1-2任一项所述的密钥传输方法,或者权利要求3-6任一项所述的密钥传输方法,权利要求7-10任一项所述的密钥传输方法。 A computer storage medium having stored therein computer executable instructions configured to perform the key transmission method of any of claims 1-2, or any of claims 3-6 A key transmission method according to any one of claims 7 to 10, wherein the key transmission method.
PCT/CN2017/109806 2017-01-03 2017-11-07 Key transmission method, device, and computer storage medium WO2018126783A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710003062.1A CN108270560B (en) 2017-01-03 2017-01-03 Key transmission method and device
CN201710003062.1 2017-01-03

Publications (1)

Publication Number Publication Date
WO2018126783A1 true WO2018126783A1 (en) 2018-07-12

Family

ID=62770741

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/109806 WO2018126783A1 (en) 2017-01-03 2017-11-07 Key transmission method, device, and computer storage medium

Country Status (2)

Country Link
CN (1) CN108270560B (en)
WO (1) WO2018126783A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104727B (en) * 2018-08-08 2021-05-04 兴唐通信科技有限公司 EAP-AKA' based security enhancement method for authentication process between network elements of core network
CN113132924B (en) * 2021-04-19 2022-01-21 北京达源环保科技有限公司 Information transmission method and system for high-deployment-density sludge anaerobic digestion monitoring terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101232731A (en) * 2008-02-04 2008-07-30 中兴通讯股份有限公司 Method and system for UE to generate cryptographic key switching from UTRAN to EUTRAN
CN101257723A (en) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 Method, apparatus and system for generating cipher key
US20160261565A1 (en) * 2015-03-06 2016-09-08 Qualcomm Incorporated Apparatus and method for providing a public key for authenticating an integrated circuit

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101309503A (en) * 2007-05-17 2008-11-19 华为技术有限公司 Wireless switching method, base station and terminal
US20090209259A1 (en) * 2008-02-15 2009-08-20 Alec Brusilovsky System and method for performing handovers, or key management while performing handovers in a wireless communication system
CN101640887B (en) * 2008-07-29 2012-10-03 上海华为技术有限公司 Authentication method, communication device and communication system
CN102395120B (en) * 2008-09-27 2014-07-09 华为技术有限公司 Mobility management method, associated equipment and communication system
WO2010133036A1 (en) * 2009-05-22 2010-11-25 华为技术有限公司 Communication method, device and communication system between base stations
CN102244862A (en) * 2010-05-10 2011-11-16 北京三星通信技术研究有限公司 Method for acquiring security key
CN104955039B (en) * 2014-03-27 2019-10-25 西安西电捷通无线网络通信股份有限公司 A kind of method and apparatus of network authentication certification
WO2015197121A1 (en) * 2014-06-26 2015-12-30 Nokia Solutions And Networks Oy Offloading of a wireless node authentication with core network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101232731A (en) * 2008-02-04 2008-07-30 中兴通讯股份有限公司 Method and system for UE to generate cryptographic key switching from UTRAN to EUTRAN
CN101257723A (en) * 2008-04-08 2008-09-03 中兴通讯股份有限公司 Method, apparatus and system for generating cipher key
US20160261565A1 (en) * 2015-03-06 2016-09-08 Qualcomm Incorporated Apparatus and method for providing a public key for authenticating an integrated circuit

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZTE: "Solution for independent RAN keys", 3GPP TSG SA WG3 (SECURITY) MEETING #85 S3-161608, 11 November 2016 (2016-11-11), XP051185703 *

Also Published As

Publication number Publication date
CN108270560B (en) 2023-06-09
CN108270560A (en) 2018-07-10

Similar Documents

Publication Publication Date Title
JP6023152B2 (en) Enhanced security for direct link communication
CN107809411B (en) Authentication method of mobile network, terminal equipment, server and network authentication entity
US10003966B2 (en) Key configuration method and apparatus
JP5597676B2 (en) Key material exchange
KR102112542B1 (en) Method and system for generating session key using Diffie-Hellman procedure
JP2011139457A (en) System and method for secure transaction of data between wireless communication device and server
JP2012019511A (en) System and method of safety transaction between wireless communication apparatus and server
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
WO2015144041A1 (en) Network authentication method and device
US11863977B2 (en) Key generation method, device, and system
WO2021103772A1 (en) Data transmission method and apparatus
WO2018126783A1 (en) Key transmission method, device, and computer storage medium
Leu et al. Improving security level of LTE authentication and key agreement procedure
Singh et al. Elliptic curve cryptography based mechanism for secure Wi-Fi connectivity
Alnashwan et al. Privacy-aware secure region-based handover for small cell networks in 5G-enabled mobile communication
WO2018126791A1 (en) Authentication method and device, and computer storage medium
CN110536287B (en) Forward safety implementation method and device
Southern et al. Solutions to security issues with legacy integration of GSM into UMTS
Southern et al. Wireless security: securing mobile UMTS communications from interoperation of GSM
Nomula et al. Multi-photon tolerant protocols for quantum secure communication in wireless standards
WO2018176273A1 (en) Communication method, apparatus and system
Vafaei Encryption of 4G mobile broadband systems
US20220360981A1 (en) Wireless device and network node for verification of a device as well as corresponding methods in a wireless communication system
Yan et al. An efficient anonymous group handover authentication protocol for MTC devices for 5G networks
WO2018126750A1 (en) Key delivery method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17889598

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17889598

Country of ref document: EP

Kind code of ref document: A1