WO2011038620A1 - Access authentication method, apparatus and system in mobile communication network - Google Patents

Access authentication method, apparatus and system in mobile communication network Download PDF

Info

Publication number
WO2011038620A1
WO2011038620A1 PCT/CN2010/076174 CN2010076174W WO2011038620A1 WO 2011038620 A1 WO2011038620 A1 WO 2011038620A1 CN 2010076174 W CN2010076174 W CN 2010076174W WO 2011038620 A1 WO2011038620 A1 WO 2011038620A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
ilr
access server
authentication result
random number
Prior art date
Application number
PCT/CN2010/076174
Other languages
French (fr)
Chinese (zh)
Inventor
张世伟
符涛
吴强
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2011038620A1 publication Critical patent/WO2011038620A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/126Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning

Definitions

  • the present invention relates to the field of mobile communications, and in particular, to a method, device and system for access authentication in a mobile communication network. Background technique
  • Access authentication is a basic requirement for the safe and normal operation of a communication network. With access authentication, the network can correctly identify the user's identity and give the legitimate user the contracted service capability, prevent other users from stealing the service, and ensure the correctness of the charging. .
  • WCDMA Wideband Code Division Multiple Access
  • AKA Authentication and Key Agreement
  • WCDMA authentication uses a shared key.
  • a shared key K exists between the Universal Subscriber Identity Module (USIM) card and the Home Location Register (HLR) of the user terminal, and the random number RAND is generated by the HLR, and then A proprietary algorithm that generates an authentication token (AUTN), an expected response value (XRES), an encryption key (CK), and an integrity protection key (IK).
  • AUTN authentication token
  • XRES expected response value
  • CK encryption key
  • IK integrity protection key
  • the HLR passes the XRES, AUTN, RAND to the Serving GPRS Support Node (SGSN), the SGSN saves the XRES, and passes the random numbers RAND and AUTN to the User Equipment (UE), and the UE utilizes RAND and shared key K calculate AUTN, and then compare the calculated AUTN with the transmitted AUTN, such as If they are consistent, it indicates that the terminal is accessing a legitimate network. If the inconsistency is a fake network.
  • SGSN Serving GPRS Support Node
  • UE User Equipment
  • the authentication parameters are transmitted through the plaintext between the HLR and the SGSN. This method is established in the case where each SGSN node is trusted and the message path of the SGSN to the HLR is strictly reliable. However, if this authentication is used in an IP-based network, since there may be multiple paths between the two networks of the IP network, if one intermediate node of one path is not secure enough, such as an intermediate forwarding node in the path Passing the authentication parameters may form a man-in-the-middle attack, as shown in Figure 1.
  • the SGSN routing information in the UE registration message sent by the SGSN to the HLR is changed to the routing of the malicious node SGSN-mal, so that after the intermediate node MN is modified, although the user registration can still succeed, the user access location recorded by the HLR is SGSN-mal instead of SGSN, so if other users send data to this UE, the access server of other users needs to query the HLR for the current location of the UE, but the routing information of the UE access point returned by the HLR is the malicious node SGSN-mal.
  • the information, such that the packet that should have been sent to the SGSN for forwarding to the UE is sent to the SGSN-Mal, resulting in a typical man-in-the-middle attack.
  • the present invention provides a method for access authentication in a mobile communication network, the method comprising:
  • the user terminal uses the pre-shared key K1 to pass the second message integrity check algorithm to the second
  • the authentication parameter calculates the authentication result RES 2 IL R , and sends the authentication result RES 2 IL R to the access server;
  • the pre-shared key K1 is a pre-shared key of the user terminal and the ILR;
  • the second authentication parameter includes the random number RANDUE, the random number RANDIL R , and a user identity identifier (SID) And the RID.
  • the method further includes:
  • the method further includes:
  • the SID and the random number RA DUE are sent to the access server;
  • the access server sends the received SID and random number RA DUE to the ILR along with the public key K ASN of the access server and the RID;
  • the ILR uses the pre-shared key K1 to calculate the authentication result RES 2UE for the first authentication parameter by using the first message integrity check algorithm, and uses the above!
  • the encrypted data E1 is sent to the access server; wherein the first authentication parameter includes the random number RA DUE and the random number
  • the first encryption parameter includes the authentication result RES 2UE and a random number RA DILR;
  • the access server After the access server decrypts the encrypted data E1 by using the private key K A of the access server, the obtained authentication result RES 2UE and the random number RAKDJLR are sent to the user terminal;
  • the user terminal After receiving the authentication result RES 2UE and the random number RA DILR, the user terminal uses the pre-shared key K1 to calculate the authentication result XRES 2UE and the first authentication parameter by using the first message integrity check algorithm. The authentication result RES 2UE is compared. If the authentication is successful, the user terminal passes the authentication of the authentication server. If not, the user terminal fails to authenticate the authentication server.
  • the ILR uses the authentication key KM shared by the ILR and the access server, calculates an authentication result RES 2ASN for the third authentication parameter by using a third message integrity check algorithm, and uses the public key of the access server.
  • the K ASI ⁇ second encryption parameter is encrypted to obtain the encrypted data E3, and the encrypted data E3 is sent to the access server;
  • the third authentication parameter includes a network of RAND ASN , RANDUE, RA Dn ⁇ RID, ILR An identifier (IID) and a SID;
  • the second encryption parameter includes the authentication result RES 2ASN ;
  • the access server After receiving the encrypted data E3, the access server decrypts the encrypted data E3 with the private key K A of the access server, extracts the RES 2ASN , and passes the third message with the authentication key KAJ.
  • the integrity check algorithm calculates the authentication result RES 2ASN for the third authentication parameter;
  • the access server compares the XRES 2ASN and the RES 2ASN . If they are consistent, the access server passes the authentication of the ILR; if not, the access server fails to authenticate the ILR. .
  • the first encryption parameter further includes a public key KJLR and an IID of the ILR;
  • the access data encryption key is used by the authentication server to utilize the shared encrypted root key K2 between the user terminal and the authentication server, and the RA D UE , RANDILR, SID, and RID.
  • the access data integrity verification key KJNT is an integrity key K3 shared by the authentication server between the user terminal and the authentication server, In the stated
  • RID is a parameter, which is calculated by using an integrity check key generation algorithm.
  • the step of the ILR transmitting the encrypted data E3 to the access server includes: the ILR generating a digital signature SIGNIL R of the encrypted data E3 with a private key of the ILR, and the digital signature 81& 11
  • the encrypted data E3 is sent to the access server together; before the access server decrypts the encrypted data E3, the method further includes: the access server first verifying the correctness of the digital signature SIGNILR by using the KIL R If yes, the step of decrypting the encrypted data E3 by the access server using the private key of the access server is continued.
  • the access server is a serving GPRS support node, a gateway GPRS support node, a packet data support node, a service gateway packet data gateway, or an external proxy.
  • the access server is configured to: after receiving the authentication result RES 2ILR , generate a random number RA D ASN , and send the authentication result RES 2 IL R and the random number RA D ASN to the ILR;
  • the ILR is configured to: after receiving the authentication result RES 2ILR sent by the access server and the random number RAND ASN , using the pre-shared key K1, by using a second message integrity check algorithm
  • the second authentication parameter calculates an authentication result XRES 2 IL R and compares the authentication result XRES 2 IL R with the received authentication result RES 2 IL R if the authentication result XRES 2 IL R and the authentication result RES 2 IL R is the same as the access authentication; if not, the access authentication fails;
  • the above method and system interpolate the process of distributing the ASN and ILR public keys K ASN and 3 ⁇ 4L R to each other to the UE for ILR authentication and ILR to UE authentication, ensuring that the public keys K ASN and IQLR are correct.
  • the ASN only needs to add the public key K ASN of the ASN ;
  • the terminal UE authenticates the authentication server ILR to prevent counterfeit network attacks.
  • the authentication of the terminal UE by the ILR prevents the fake terminal from accessing.
  • the RID and K ASN are correctly passed from the ASN to the ILR.
  • the IID and KILR ⁇ 'J ASN are correctly transmitted from the ILR, and a secure channel is established between the ASN and the ILR to facilitate the shared key for the UE generated by other ILRs. Transfer to the ASN through this secure channel.
  • this embodiment also provides a system for implementing the foregoing method, including a user terminal, an access server, and an authentication server, where:
  • An access server configured to send the received SID and the random number RANDUE, together with the public key of the access server (K ASN ) and the routing identifier (RID ) of the access server in the network to the authentication server; and use the private After the key K A decrypts the encrypted data E1 sent by the authentication server, The obtained RES 2UE and RA DM are sent to the user terminal
  • the fl algorithm is an authentication algorithm used for authentication of the authentication server by the user terminal, and exists in the user terminal and the authentication server.
  • Fl user terminal uses the algorithm XRES 2UE 2UE after comparing the RES, a user terminal, the access server and the authentication server is further configured to:
  • the access server is configured to: after receiving the authentication terminal request message, generate a random number RA D ASN , and encrypt the RES 2 ILR and the RA D ASN to send the encrypted data E2 to the authentication server; and the authentication server is configured to use the authentication
  • the private key of the server decrypts the encrypted data E2 sent by the access server to obtain RESIR and RA D ASN , and then uses K1, takes RANDue RA Due SID and RID as parameters, calculates XRES R by the £2 algorithm, and calculates the ⁇ 8 2 1 ⁇ is compared with the decrypted RES 2 IL R. If they are consistent, the authentication server passes the authentication of the user terminal; if not, the authentication server fails the authentication of the user terminal.
  • the ⁇ is an authentication algorithm that exists in both the user terminal and the authentication server.
  • the beta algorithm is an authentication algorithm that exists between the access server and the authentication server.
  • the present invention adds the route identifier RID to the access server when both the UE and the ILR calculate the authentication result, and the route identifier of the ASN seen by the UE and the route identifier of the ASN seen by the ILR are obtained from the mechanism. Consistently, the RID of the user registered in the ILR is consistent with the actual access, which avoids the man-in-the-middle attack caused by the intermediary modifying the RID of the access server. Second, the solution calculates the authentication result in the authentication server ILR or the terminal UE.
  • the random numbers RA Dn ⁇ RA D ASN and RA DUE generated by the respective nodes are used, which can prevent the middleman from changing the random number to a non-random number, such as an all-zero string, allowing the UE or ILR to generate an authentication result to guess. Shared key.
  • the middleman can modify the random number to a non-random value, such as 00000000, and then submit the result to the UE, thus having the parameter 00000000 and The authentication response RESUE - a comparison result. Then the middleman changes the random number to 00000001, and then the UE calculates the comparison result. After repeated multiple times, the middle person may have broken the shared key of the UE.
  • a message integrity check algorithm for ILR authentication of the UE calculating RES 2:LR and XRES 2 IL R in the UE and ILR, and present in both the UE and the ILR.
  • a message integrity check algorithm for ASN authentication of ILR RES 2ASN and XRES 2ASN are calculated in ILR and ASN, and exist in UE and ILR. ⁇ ⁇ ⁇ . ( ) Take the data in parentheses ( ) as the parameter, use the ⁇ algorithm, and use the key ⁇ to calculate the result. This algorithm is used for ASN to authenticate the ILR.

Abstract

An access authentication method in a mobile communication network is provided by the present invention. The method comprises an access authentication process for a user terminal performed by an identification location register in the mobile communication network. The present invention also provides a corresponding system. The system comprises a user terminal, an access server and an identification location register. The present invention also provides a corresponding apparatus. The present invention effectively avoids man-in-the-middle attack caused by passing through unreliable networks, ensures the access point to be a real access point of the user by binding the route information of the access point with the authentication result.

Description

181001752 一种移动通讯网络中的接入认证方法、 装置及系统  181001752 Method, device and system for access authentication in mobile communication network
技术领域 Technical field
本发明涉及移动通讯领域, 尤其涉及一种移动通讯网络中的接入认证的 方法、 装置及系统。 背景技术  The present invention relates to the field of mobile communications, and in particular, to a method, device and system for access authentication in a mobile communication network. Background technique
接入认证是一个通讯网络的安全正常运行的基本需求, 利用接入认证, 网络可正确的鉴别用户身份, 并赋予合法用户所签约的业务能力, 防止其他 用户盗用业务, 保证计费的正确性。  Access authentication is a basic requirement for the safe and normal operation of a communication network. With access authentication, the network can correctly identify the user's identity and give the legitimate user the contracted service capability, prevent other users from stealing the service, and ensure the correctness of the charging. .
目前宽带码分多址( Wideband Code Division Multiple Access, WCDMA ) 所采用的认证与密钥协商 ( Authentication and Key Agreement, AKA )认证方 法是较完善的认证方法之一, WCDMA认证釆用了共享密钥方式, 用户终端 的全球用户识别卡 ( Universal Subscriber Identity Module, USIM )卡和归属位 置寄存器 (Home Location Register, HLR )之间存在一个共享密钥 K, 同时, 由 HLR生成随机数 RAND,然后通过几种专有算法,生成认证令牌( AUTN )、 期望响应值 (XRES ) 、 加密密钥 (CK ) 和完整性保护密钥 (IK ) , 这四个 参数连同随机数 RAND, 生成鉴权五元组向量, 然后 HLR将 XRES、 AUTN, RAND传递到服务 GPRS支持节点 ( Serving GPRS Support Node, SGSN ) , SGSN保存 XRES , 并将随机数 RAND 和 AUTN传递到用户终端 (User Equipment, UE ) , UE利用 RAND和共享密钥 K计算出 AUTN, 然后比对计 算出的 AUTN是否和传过来的 AUTN—致,如果一致则表明终端接入的是合 法的网络, 如果不一致说明是假冒的网络。  Currently, the Authentication and Key Agreement (AKA) authentication method adopted by Wideband Code Division Multiple Access (WCDMA) is one of the more complete authentication methods. WCDMA authentication uses a shared key. In this manner, a shared key K exists between the Universal Subscriber Identity Module (USIM) card and the Home Location Register (HLR) of the user terminal, and the random number RAND is generated by the HLR, and then A proprietary algorithm that generates an authentication token (AUTN), an expected response value (XRES), an encryption key (CK), and an integrity protection key (IK). These four parameters, along with the random number RAND, generate an authentication five-element. The group vector, then the HLR passes the XRES, AUTN, RAND to the Serving GPRS Support Node (SGSN), the SGSN saves the XRES, and passes the random numbers RAND and AUTN to the User Equipment (UE), and the UE utilizes RAND and shared key K calculate AUTN, and then compare the calculated AUTN with the transmitted AUTN, such as If they are consistent, it indicates that the terminal is accessing a legitimate network. If the inconsistency is a fake network.
当 UE确定所接入的网络是合法网络后, 它将根据随机数 RAND和密钥 K计算认证响应 ( RES ) , 然后 UE将 RES返回到 SGSN, SGSN判断 UE发 送的 RES和 HLR发送的 XRES是否一致,如果一致说明是终端 UE是合法用 户, 如果不一致, 则认为是 UE是非法用户。 可以看出, 这种 AKA算法采用 了双向认证, 很好地解决了接入认证、 加密以及完整性校验等问题, 成为一 种经典认证方法而被 3G网络广泛应用。 WCDMA这种 AKA认证方法, HLR和 SGSN之间是通过明文传递的认 证参数, 这种方法是建立在每个 SGSN节点都可信, 且 SGSN到 HLR的消息 路径都是严格可靠的情况下。 但如果这种认证用于基于 IP互联的网络中, 由 于 IP网络的两个网络之间可能有多条路径相连, 如果有一条路径的一个中间 节点不够安全, 如路径中的中间转发节点修改所传递的认证参数, 就可能形 成中间人攻击, 如图 1所示。 After the UE determines that the accessed network is a legitimate network, it will calculate an authentication response (RES) according to the random number RAND and the key K, and then the UE returns the RES to the SGSN, and the SGSN determines whether the RES sent by the UE and the XRES sent by the HLR are Consistently, if the consistent description is that the terminal UE is a legitimate user, if it is inconsistent, it is considered that the UE is an illegal user. It can be seen that the AKA algorithm adopts two-way authentication, which solves the problems of access authentication, encryption and integrity verification, and becomes a classic authentication method and is widely used by 3G networks. In the AKA authentication method of WCDMA, the authentication parameters are transmitted through the plaintext between the HLR and the SGSN. This method is established in the case where each SGSN node is trusted and the message path of the SGSN to the HLR is strictly reliable. However, if this authentication is used in an IP-based network, since there may be multiple paths between the two networks of the IP network, if one intermediate node of one path is not secure enough, such as an intermediate forwarding node in the path Passing the authentication parameters may form a man-in-the-middle attack, as shown in Figure 1.
在图 1中, 如果 SGSN和 HLR之间采用 IP网络传输, 在传输的过程中, 如果其中一个中间节点如路由器 (MN )是恶意节点, 此中间节点 MN截获 SGSN发到 HLR的认证消息后, 将 SGSN的发往 HLR的 UE注册消息中的 SGSN路由信息更改为恶意节点 SGSN— mal的路由, 这样经过中间节点 MN 修改后,虽然用户注册仍能成功,但 HLR记录的用户接入位置却是 SGSN— mal 而不是 SGSN, 这样如果其他用户向此 UE发送数据 , 其他用户所在接入服务 器需要向 HLR查询 UE的当前位置,但 HLR返回的 UE接入点路由信息却是 恶意节点 SGSN— mal的信息, 这样原本应该发向 SGSN转发给 UE的数据包, 却被发向 SGSN— mal, 从而导致了一种典型的中间人攻击。  In FIG. 1, if an IP network transmission is used between the SGSN and the HLR, in the process of transmission, if one of the intermediate nodes, such as a router (MN), is a malicious node, the intermediate node MN intercepts the authentication message sent by the SGSN to the HLR. The SGSN routing information in the UE registration message sent by the SGSN to the HLR is changed to the routing of the malicious node SGSN-mal, so that after the intermediate node MN is modified, although the user registration can still succeed, the user access location recorded by the HLR is SGSN-mal instead of SGSN, so if other users send data to this UE, the access server of other users needs to query the HLR for the current location of the UE, but the routing information of the UE access point returned by the HLR is the malicious node SGSN-mal. The information, such that the packet that should have been sent to the SGSN for forwarding to the UE, is sent to the SGSN-Mal, resulting in a typical man-in-the-middle attack.
从上面可以看出, 在 WCDMA的认证机制下, 由于 AKA认证时没有对 接入点 SGSN路由信息进行保护, 因而 HLR和终端甚至 ASN都不知道是否 存在中间人攻击 , 因此无法做合理的防范。 发明内容  It can be seen from the above that under the WCDMA authentication mechanism, since the ASG authentication does not protect the access point SGSN routing information, the HLR and the terminal and even the ASN do not know whether there is a man-in-the-middle attack, and therefore cannot be reasonably prevented. Summary of the invention
本发明要解决的技术问题是提供一种移动通讯网络中的接入认证的方法 和系统, 可以防范中间人攻击, 尤其适用于基于 IP的移动通信网络。  The technical problem to be solved by the present invention is to provide a method and system for access authentication in a mobile communication network, which can prevent man-in-the-middle attacks, and is particularly suitable for an IP-based mobile communication network.
为了解决上述问题, 本发明提供了一种移动通讯网络中的接入认证的方 法, 该方法包括: In order to solve the above problems, the present invention provides a method for access authentication in a mobile communication network, the method comprising:
用户终端需要进行认证时 , 产生随机数 RA DUE , 并获取接入服务器在 网络中的路由标识符 ( RID ) 以及 ILR产生的随机数 RA DJLR;  When the user terminal needs to perform authentication, a random number RA DUE is generated, and a route identifier (RID) of the access server in the network and a random number RA DJLR generated by the ILR are obtained;
所述用户终端利用预共享密钥 Kl,通过第二消息完整性校验算法对第二 认证参数计算得到认证结果 RES2ILR, 并将该认证结果 RES2ILR发送给接入服 务器; The user terminal uses the pre-shared key K1 to pass the second message integrity check algorithm to the second The authentication parameter calculates the authentication result RES 2 IL R , and sends the authentication result RES 2 IL R to the access server;
所述接入服务器收到所述认证结果 RES2ILR后, 产生随机数 RA DASN, 并将所述认证结果 RES2ILR与所述随机数 RANDASN发送给所述 ILR; 以及 所述 ILR利用所述预共享密钥 K1 ,通过第二消息完整性校验算法对第二 认证参数计算得到认证结果 XRES2ILR, 并将该认证结果 XRES2ILR与接收到的 认证结果 RES2ILR进行比较, 如果所述认证结果 XRES2ILR与所述认证结果 ES2JLR—致, 所述接入认证通过; 如果不一致, 则所述接入认证失败; After receiving the authentication result RES 2 IL R , the access server generates a random number RA DASN, and sends the authentication result RES 2ILR and the random number RANDASN to the ILR; and the ILR utilizes the The pre-shared key K1 is calculated by the second message integrity check algorithm for the second authentication parameter to obtain the authentication result XRES 2 IL R , and the authentication result XRES 2 IL R is compared with the received authentication result RES 2 IL R If the authentication result XRES 2 IL R is consistent with the authentication result ES 2 JL R , the access authentication passes; if not, the access authentication fails;
其中, 所述预共享密钥 K1为所述用户终端与所述 ILR的预共享密钥; 所述第二认证参数包括所述随机数 RANDUE、 所述随机数 RANDILR、 用户身 份标识符 (SID )和所述 RID。 The pre-shared key K1 is a pre-shared key of the user terminal and the ILR; the second authentication parameter includes the random number RANDUE, the random number RANDIL R , and a user identity identifier (SID) And the RID.
所述接入服务器产生随机数 RANDASN后, 并将所述认证结果 1 £811与 所述随机数 RA DASN发送给所述 ILR的步骤还包括: After the access server generates the random number RAND ASN , the step of sending the authentication result 1 £81 1 and the random number RA D ASN to the ILR further includes:
所述接入服务器将所述认证结果 RES ]^随机数 RANDASN用所述 ILR 的公钥采用非对称加密算法加密后生成加密数据 E2; 所述接入服务器将该加 密数据 E2发送给所述 ILR; The access server encrypts the authentication result RES ] ^ random number RAND ASN with the public key of the ILR by using an asymmetric encryption algorithm to generate encrypted data E2; the access server sends the encrypted data E2 to the ILR;
所述 ILR计算所述认证结果 XRES2ILR之前, 该方法还包括: Before the ILR calculates the authentication result XRES 2 ILR, the method further includes:
所述 ILR用所述 ILR的私钥 对所述加密数据 E2解密, 获取所述认证 结果 RES2ILR和所述随机数 RA DASNThe ILR decrypts the encrypted data E2 with the private key of the ILR, and obtains the authentication result RES 2ILR and the random number RA D ASN .
所述接入服务器将所述加密数据 E2发送给所述 ILR的步骤包括: 所述接入服务器用所述接入服务器的私钥 ^对所述加密数据 E2进行数 字签名 SIGNASN ; 所述接入服务器将所述加密数据 E2 和所述数字签名 SIGNASN发送给所述 ILR; The step of the access server sending the encrypted data E2 to the ILR includes: the access server digitally signing the encrypted data E2 with the private key of the access server, SIGN ASN ; Transmitting the encrypted data E2 and the digital signature SIGN ASN to the ILR;
所述 ILR对所述加密数据 E2解密前, 该方法还包括:  Before the ILR decrypts the encrypted data E2, the method further includes:
所述 ILR用所述接入服务器的公钥 KASN检验数字签名 SIGNASN的正确 性, 如果正确, 继续执行所述 ILR用所述 ILR的私钥 对所述加密数据 E2 解密的步骤。 The ILR checks the correctness of the digital signature SIGN ASN with the public key K ASN of the access server, and if correct, proceeds to the step of the ILR decrypting the encrypted data E2 with the private key of the ILR.
所述 ILR对所述用户终端的接入认证过程之前, 该方法还包括: 所述用 户终端对所述 ILR的认证, 所述用户终端对所述 ILR的认证包括: Before the access authentication process of the user terminal to the user terminal, the method further includes: The authentication of the ILR by the user terminal, and the authentication of the ILR by the user terminal includes:
当用户终端需要接入认证时 , 将所述 SID和所述随机数 RA DUE发送给 所述接入服务器;  When the user terminal needs to access the authentication, the SID and the random number RA DUE are sent to the access server;
所述接入服务器将接收到的所述 SID和随机数 RA DUE, 连同所述接入 服务器的公钥 KASN以及所述 RID发送给所述 ILR; The access server sends the received SID and random number RA DUE to the ILR along with the public key K ASN of the access server and the RID;
所述 ILR利用所述预共享密钥 K1通过第一消息完整性校验算法对第一 认证参数计算得到认证结果 RES2UE,并用所述!^^采用非对称加密算法对第 一加密参数加密后, 将加密数据 E1发送给所述接入服务器; 其中, 所述第一 认证参数包括所述随机数 RA DUE和随机数
Figure imgf000006_0001
所述第一加密参数包 括所述认证结果 RES2UE和随机数 RA DILR; The ILR uses the pre-shared key K1 to calculate the authentication result RES 2UE for the first authentication parameter by using the first message integrity check algorithm, and uses the above! After the first encryption parameter is encrypted by the asymmetric encryption algorithm, the encrypted data E1 is sent to the access server; wherein the first authentication parameter includes the random number RA DUE and the random number
Figure imgf000006_0001
The first encryption parameter includes the authentication result RES 2UE and a random number RA DILR;
所述接入服务器利用接入服务器的私钥 KA对所述加密数据 E1解密后, 将得到的认证结果 RES2UE和随机数 RAKDJLR发送给所述用户终端; 以及 After the access server decrypts the encrypted data E1 by using the private key K A of the access server, the obtained authentication result RES 2UE and the random number RAKDJLR are sent to the user terminal;
所述用户终端收到所述认证结果 RES2UE和随机数 RA DILR后,利用所述 预共享密钥 K1 通过第一消息完整性校验算法对第一认证参数计算得到认证 结果 XRES2UE后与所述认证结果 RES2UE进行比较, 如果一致, 所述用户终端 对所述认证服务器的认证通过, 如果不一致, 则所述用户终端对所述认证服 务器的认证失败。 After receiving the authentication result RES 2UE and the random number RA DILR, the user terminal uses the pre-shared key K1 to calculate the authentication result XRES 2UE and the first authentication parameter by using the first message integrity check algorithm. The authentication result RES 2UE is compared. If the authentication is successful, the user terminal passes the authentication of the authentication server. If not, the user terminal fails to authenticate the authentication server.
所述 ILR对所述用户终端的认证通过后, 该方法还包括所述接入服务器 对所述 ILR的认证, 所述接入服务器对所述 ILR的认证包括:  After the authentication of the user terminal is performed by the ILR, the method further includes: the access server, the authentication of the ILR, and the authentication of the ILR by the access server includes:
所述 ILR利用所述 ILR与所述接入服务器共享的认证密钥 KM, 通过第 三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN,并用所述 接入服务器的公钥 KASI^†第二加密参数加密后得到加密数据 E3 , 将该加密 数据 E3 发送给所述接入服务器; 其中, 所述第三认证参数包括 RANDASN, RANDUE, RA Dn^RID, ILR的网络标识符( IID )和 SID; 所述第二加密参数 包括所述认证结果 RES2ASNUsing the authentication key KM shared by the ILR and the access server, the ILR calculates an authentication result RES 2ASN for the third authentication parameter by using a third message integrity check algorithm, and uses the public key of the access server. The K ASI ^† second encryption parameter is encrypted to obtain the encrypted data E3, and the encrypted data E3 is sent to the access server; wherein the third authentication parameter includes a network of RAND ASN , RANDUE, RA Dn^RID, ILR An identifier (IID) and a SID; the second encryption parameter includes the authentication result RES 2ASN ;
所述接入服务器接收到所述加密数据 E3 后, 用所述接入服务器的私钥 KA将所述加密数据 E3解密, 提取所述 RES2ASN, 并用所述认证密钥 KAJ通过 第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN; 以及 所述接入服务器将所述 XRES2ASN和所述 RES2ASN进行比较, 如果一致, 则所述接入服务器对所述 ILR的认证通过; 如果不一致, 所述接入服务器对 所述 ILR的认证失败。 After receiving the encrypted data E3, the access server decrypts the encrypted data E3 with the private key K A of the access server, extracts the RES 2ASN , and passes the third message with the authentication key KAJ. The integrity check algorithm calculates the authentication result RES 2ASN for the third authentication parameter; The access server compares the XRES 2ASN and the RES 2ASN . If they are consistent, the access server passes the authentication of the ILR; if not, the access server fails to authenticate the ILR. .
所述第一加密参数还包括所述 ILR的公钥 KJLR和 IID;  The first encryption parameter further includes a public key KJLR and an IID of the ILR;
所述第二加密参数还包括接入数据加密密钥 KENC或接入数据完整性校 验密钥 ¾ΝΤ; The second encryption parameter further comprises data encryption keys K ENC access or access data integrity check key ¾Ν Τ;
其中, 所述接入数据加密密钥 ¾3^是所述认证服务器利用所述用户终端 与 所述认证服务器之间 的共享的加密根密钥 K2 , 以 所述 RA DUE,RANDILR, SID和 RID为参数, 釆用加密密钥生成算法计算得到; 所述接入数据完整性校验密钥 KJNT是所述认证服务器利用所述用户终端 与所述认证服务器之间共享的完整性密钥 K3 , 以所述
Figure imgf000007_0001
The access data encryption key is used by the authentication server to utilize the shared encrypted root key K2 between the user terminal and the authentication server, and the RA D UE , RANDILR, SID, and RID. Calculated by using an encryption key generation algorithm as a parameter; the access data integrity verification key KJNT is an integrity key K3 shared by the authentication server between the user terminal and the authentication server, In the stated
Figure imgf000007_0001
和 RID为参数, 采用完整性校验密钥生成算法计算得到。 And RID is a parameter, which is calculated by using an integrity check key generation algorithm.
所述 ILR将所述加密数据 E3发送给所述接入服务器的步骤包括: 所述 ILR用所述 ILR的私钥 生成所述加密数据 E3的数字签名 SIGNILR, 并将该数字签名 81&1½1与所述加密数据 E3一起发送给所述接入服务器; 所述接入服务器对所述加密数据 E3解密之前, 该方法还包括: 所述接入服务器先用所述 KILR检验数字签名 SIGNILR的正确性, 如果正 确, 则继续执行所述接入服务器利用接入服务器的私钥 对所述加密数据 E3解密的步骤。 The step of the ILR transmitting the encrypted data E3 to the access server includes: the ILR generating a digital signature SIGNIL R of the encrypted data E3 with a private key of the ILR, and the digital signature 81& 11 The encrypted data E3 is sent to the access server together; before the access server decrypts the encrypted data E3, the method further includes: the access server first verifying the correctness of the digital signature SIGNILR by using the KIL R If yes, the step of decrypting the encrypted data E3 by the access server using the private key of the access server is continued.
所述接入服务器是服务 GPRS支持节点、 网关 GPRS支持节点、 分组数 据支持节点、 服务网关分组数据网关或外部代理。  The access server is a serving GPRS support node, a gateway GPRS support node, a packet data support node, a service gateway packet data gateway, or an external proxy.
所述移动通讯网络为基于 IP的移动通讯网络。  The mobile communication network is an IP-based mobile communication network.
所述 ILR为归属位置寄存器、 归属用户服务器、授权 /认证 /计费服务器或 认证服务器。  The ILR is a home location register, a home subscriber server, an authorization/authentication/accounting server, or an authentication server.
为了解决上述问题, 本发明还提供了一种移动通讯网絡中的接入认证的 系统, 包括用户终端, 接入服务器和身份位置寄存器 (ILR ) , 其中: 所述用户终端设置为: 在需要进行认证时产生所述随机数 RA DUE, 获 取所述接入服务器在网络中的路由标识符 (RID ) 以及所述 ILR产生的随机 数 RANDILR, 并利用预共享密钥 K1 , 通过第二消息完整性校验算法对第二认 证参数计算得到认证结果 RES2ILR, 将该认证结果 RES2ILR发送给所述接入服 务器; In order to solve the above problems, the present invention also provides a system for access authentication in a mobile communication network, including a user terminal, an access server, and an identity location register (ILR), where: The user terminal is configured to: generate the random number RA DUE when authentication is required, obtain a route identifier (RID) of the access server in the network, and a random number RANDIL R generated by the ILR, and use the pre- The shared key K1 is obtained by the second message integrity check algorithm, and the authentication result RES 2ILR is calculated, and the authentication result RES 2 IL R is sent to the access server;
所述接入服务器设置为: 收到所述认证结果 RES2ILR后, 产生随机数 RA DASN, 并将所述认证结果 RES2ILR与所述随机数 RA DASN发送给所述 ILR; The access server is configured to: after receiving the authentication result RES 2ILR , generate a random number RA D ASN , and send the authentication result RES 2 IL R and the random number RA D ASN to the ILR;
所述 ILR设置为: 收到所述接入服务器发送来的所述认证结果 RES2ILR 与所述随机数 RANDASN后, 利用所述预共享密钥 Kl, 通过第二消息完整性 校验算法对第二认证参数计算得到认证结果 XRES2ILR, 并将该认证结果 XRES2ILR与接收到的认证结果 RES2ILR进行比较,如果所述认证结果 XRES2ILR 与所述认证结果 RES2ILR—致, 所述接入认证通过; 如果不一致, 则所述接入 认证失败; The ILR is configured to: after receiving the authentication result RES 2ILR sent by the access server and the random number RAND ASN , using the pre-shared key K1, by using a second message integrity check algorithm The second authentication parameter calculates an authentication result XRES 2 IL R and compares the authentication result XRES 2 IL R with the received authentication result RES 2 IL R if the authentication result XRES 2 IL R and the authentication result RES 2 IL R is the same as the access authentication; if not, the access authentication fails;
其中, 所述预共享密钥 K1为所述用户终端与所述 ILR的预共享密钥; 所述第二认证参数包括所述随机数 RANDUE、 所述随机数 RANDue、 用户身 份标识符 (SID )和所述 RID。  The pre-shared key K1 is a pre-shared key of the user terminal and the ILR; the second authentication parameter includes the random number RANDUE, the random number RANDue, and a user identity identifier (SID) And the RID.
所述用户终端还设置为: 在需要接入认证时将所述 SID 和所述随机数 RA DUE发送给所述接入服务器; 以及收到所述接入服务器发送来的随机数 RES2UE和随机数 RANDue后, 利用所述预共享密钥 K1通过第一消息完整性 校验算法对第一认证参数计算得到认证结果 XRES2UE后与所述认证结果 RES2UE进行比较, 如果一致, 所述用户终端对所述认证服务器的认证通过, 如果不一致, 则所述用户终端对所述认证服务器的认证失败; The user terminal is further configured to: send the SID and the random number RA DUE to the access server when access authentication is required; and receive a random number RES 2 UE and random number sent by the access server After the RANDue, the first shared authentication key is used to calculate the authentication result XRES 2UE by using the first message integrity check algorithm, and then compare with the authentication result RES 2UE . The authentication of the authentication server passes, and if not, the authentication of the authentication server by the user terminal fails;
所述接入服务器还设置为: 将接收到的所述 SID和随机数 RA DUE, 连 同所述接入服务器的公钥 KASN以及所述 RID发送给所述 ILR;  The access server is further configured to: send the received SID and the random number RA DUE, and send the public key KASN of the access server and the RID to the ILR;
所述 ILR还设置为: 利用所述预共享密钥 K1通过第一消息完整性校验 算法对第一认证参数计算得到认证结果 RES2UE,并用所述!^^采用非对称加 密算法对第一加密参数加密后,将加密数据 E1发送给所述接入服务器;其中, 所述第一认证参数包括所述认证结果 RA DUE和随机数 RA Due; 所述第一 加密参数包括所述认证结果 RES2UE和随机数 RA DILR; The ILR is further configured to: use the pre-shared key K1 to calculate an authentication result RES 2UE for the first authentication parameter by using a first message integrity check algorithm, and use the above! After the first encryption parameter is encrypted by the asymmetric encryption algorithm, the encrypted data E1 is sent to the access server; wherein the first authentication parameter includes the authentication result RA DUE and the random number RA Due; the first The encryption parameter includes the authentication result RES 2UE and a random number RA DILR;
所述接入服务器还设置为: 利用接入服务器的私钥 ^对所述加密数据 E1解密后, 将得到的认证结果 RES2UE和随机数 RANDILR发送给所述用户终 端。 The access server is further configured to: after decrypting the encrypted data E1 by using the private key of the access server, send the obtained authentication result RES 2UE and the random number RANDILR to the user terminal.
所述 ILR还设置为:利用所述 ILR与所述接入服务器共享的认证密钥 K , 通过第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN,并 用所述接入服务器的公钥 KASI^†第二加密参数加密后得到加密数据 E3 , 将 该加密数据 E3 发送给所述接入服务器; 其中, 所述第三认证参数包括 RA DASN, RANDUE, RANDILR,RID, IL 的网络标识符( IID )和 SID; 所述第 二加密参数包括所述认证结果 RES2ASN; The ILR is further configured to: use the authentication key K shared by the ILR with the access server, calculate an authentication result RES 2ASN for the third authentication parameter by using a third message integrity check algorithm, and use the access The public key K ASI ^ † of the server is encrypted to obtain the encrypted data E3 , and the encrypted data E3 is sent to the access server; wherein the third authentication parameter includes RA DASN, RANDUE, RANDIL R , RID a network identifier (IID) and an SID of the IL; the second encryption parameter includes the authentication result RES 2ASN ;
所述接入服务器还设置为: 在接收到所述加密数据 E3后, 用所述接入服 务器的私钥 将所述加密数据 E3解密,提取所述 RES2ASN, 并用所述认证密 钥 KAJ通过第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN, 并将所述认证结果 XRES2ASN和所述认证结果 RES2ASN进行比较, 如果一致, 则所述接入服务器对所述 ILR的认证通过; 如果不一致, 所述接 入服务器对所述 ILR的认证失败。 The access server is further configured to: after receiving the encrypted data E3, decrypt the encrypted data E3 with the private key of the access server, extract the RES 2ASN , and pass the authentication key KAJ The third message integrity check algorithm calculates an authentication result RES 2ASN for the third authentication parameter, and compares the authentication result XRES 2ASN with the authentication result RES 2ASN . If they are consistent, the access server pairs the The authentication of the ILR is passed; if not, the authentication of the ILR by the access server fails.
一种装置, 包括身份位置寄存器 (ILR ) , 所述 ILR设置为:  A device comprising an identity location register (ILR), the ILR being set to:
收到接入服务器发送来的认证结果 RESiR与随机数 RANDASN后, 利用 预共享密钥 κΐ,通过第二消息完整性校验算法对第二认证参数计算得到认证 结果 XRES2ILR, 并将该认证结果 XRES2ILR与接收到的认证结果 RES2ILR进行 比较, 如果所述认证结果 }¾£321^与所述认证结果 RES2ILR—致, 用户终端 的接入认证通过; 如果不一致, 则接入认证失败; After receiving the authentication result RESi R and the random number RAND ASN sent by the access server, using the pre-shared key κΐ, the second message integrity check algorithm calculates the authentication result XRES 2 IL R by using the second message integrity check algorithm, and the authentication result XRES 2 IL R and the received authentication result RES 2 IL R is compared, if the authentication result} ¾ £ 3 2 1 ^ with the authentication result RES 2 IL R - induced access, user terminal The authentication is passed; if they are inconsistent, the access authentication fails;
其中, 所述预共享密钥 K1为所述用户终端与所述 ILR的预共享密钥; 所述第二认证参数包括所述随机数 RANDUE、 所述随机数 RANDue、 用户身 份标识符 ( SID )和所述 RID;  The pre-shared key K1 is a pre-shared key of the user terminal and the ILR; the second authentication parameter includes the random number RANDUE, the random number RANDue, and a user identity identifier (SID) And the RID;
所述随机数 RA DASN由所述接入服务器产生并发送到所述 ILR; 所述认 证结果 RES2ILR由用户终端在需要进行认证时产生所述随机数 RANDUE,获取 所述接入服务器在网络中的路由标识符 (RID ) 以及所述 ILR产生的随机数 RA DJLR, 并利用预共享密钥 Kl, 通过第二消息完整性校验算法对第二认证 参数计算得到认证结果 RES2:LR, 将该认证结果 RES2ILR发送给所述接入服务 器, 再由所述接入服务器发送到所述 ILR。 The random number RA D ASN is generated by the access server and sent to the ILR; the authentication result RES 2 ILR is generated by the user terminal when the authentication needs to be performed, and the random access number RANDUE is obtained, and the access server is obtained. a route identifier (RID) in the network and a random number generated by the ILR The RA DJLR, and using the pre-shared key K1, calculates the authentication result RES 2:LR for the second authentication parameter by using the second message integrity check algorithm, and sends the authentication result RES 2 IL R to the access server. And then sent by the access server to the ILR.
所述 ILR还设置为: 利用所述预共享密钥 K1通过第一消息完整性校验 算法对第一认证参数计算得到认证结果 RES2UE,并用!^^釆用非对称加密算 法对第一加密参数加密后, 将加密数据 E1发送给所述接入服务器; 其中, 所 述第一认证参数包括所述认证结果 RA DUE和随机数 RA DILR; 所述第一加 密参数包括所述认证结果 RES2UE和随机数 RANDILR; The ILR is further configured to: use the pre-shared key K1 to calculate an authentication result RES 2UE for the first authentication parameter by using a first message integrity check algorithm, and use! After the first encryption parameter is encrypted by the asymmetric encryption algorithm, the encrypted data E1 is sent to the access server; wherein the first authentication parameter includes the authentication result RA DUE and the random number RA DILR; The first encryption parameter includes the authentication result RES 2UE and a random number RANDILR;
其中, 所述!^^是所述接入服务器的公钥, 由所述接入服务器将所述接 入服务器的公钥 KASN以及所述 RID发送给所述 ILR;所述 SID由用户终端发 送给所述接入服务器。 Among them, said! ^^ is the public key of the access server, the access server sends the public key K ASN of the access server and the RID to the ILR; the SID is sent by the user terminal to the connection Into the server.
所述 ILR还设置为:利用所述 ILR与所述接入服务器共享的认证密钥 K , 通过第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN,并 用所述接入服务器的公钥 KAS1^†第二加密参数加密后得到加密数据 E3 , 将 该加密数据 E3发送给所述接入服务器; The ILR is further configured to: use the authentication key K shared by the ILR with the access server, calculate an authentication result RES 2ASN for the third authentication parameter by using a third message integrity check algorithm, and use the access The public key K AS1 of the server is encrypted, and the encrypted data E3 is obtained by encrypting the second encryption parameter, and the encrypted data E3 is sent to the access server;
其中, 所述第三认证参数包括 RANDASN, RANDUE, RA DILR, ID, ILR的 网络标识符 ( IID )和 SID; 所述第二加密参数包括所述认证结果 RES2ASN; 由所述接入服务器在接收到所述加密数据 E3后,用所述接入服务器的私 钥 Ka将所述加密数据 E3解密, 提取所述 RES2ASN, 并用所述认证密钥 通过第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN,并 将所述认证结果 XRES2ASN和所述认证结果 RES2ASN进行比较, 如果一致, 则 所述接入服务器对所述 ILR的认证通过; 如果不一致, 所述接入服务器对所 述 ILR的认证失败。 The third authentication parameter includes RAND ASN , RANDUE, RA DIL R , ID, network identifier (IID) and SID of the ILR; the second encryption parameter includes the authentication result RES 2ASN ; After receiving the encrypted data E3, the server decrypts the encrypted data E3 with the private key K a of the access server, extracts the RES 2ASN , and passes the third message integrity check with the authentication key. The algorithm calculates an authentication result RES 2ASN for the third authentication parameter, and compares the authentication result XRES 2ASN with the authentication result RES 2ASN . If they are consistent, the access server passes the authentication of the ILR; The authentication of the ILR by the access server fails.
上述方法和系统有效地避免了经由不可靠网络而导致的中间人攻击, 通 过将接入点路由信息和认证结果绑定,来保证接入点就是用户真实的接入点。 在一实施例中, 还可以获得以下优点: The above method and system effectively avoids man-in-the-middle attacks caused by unreliable networks, and ensures that the access point is the user's real access point by binding the access point routing information with the authentication result. In an embodiment, the following advantages can also be obtained:
第一: 上述方法和系统在身份位置寄存器( ILR Identity Location Register, IL ) 或者 UE 计算认证结果时, 均采用了各自节点自己生成的随机数 RA DILR, RA DASN、 RA DUE, 这可以避免中间人将随机数改为非随机数, 让 UE或 ILR生成认证结果来破解共享密钥。 First: The above methods and systems are in the Identity Location Register (ILR Identity Location Register, When IL or UE calculates the authentication result, the random numbers RA DILR, RA D ASN and RA DUE generated by the respective nodes are used. This can prevent the middleman from changing the random number to a non-random number, and let the UE or ILR generate the authentication result. Crack the shared key.
第二: 上述方法和系统将 ASN和 ILR的公钥 KASN和 ¾LR向对方分发的 过程穿插到 UE对 ILR的认证和 ILR对 UE的认证中,保证了公钥 KASN和 IQLR 能够正确无误的到达目的服务器,避免中间人对公钥 KASi^ K!LR截取或替换, 保证了后续数据传递的安全性。 Second: The above method and system interpolate the process of distributing the ASN and ILR public keys K ASN and 3⁄4L R to each other to the UE for ILR authentication and ILR to UE authentication, ensuring that the public keys K ASN and IQLR are correct. The arrival of the destination server, to avoid the interception or replacement of the public key K ASi ^ K! L R by the middleman, to ensure the security of subsequent data transmission.
第三: 通过三个认证过程, 艮好的保证了网络各方都不能被假冒, 保证 了整个网络认证体系的安全性。  Third: Through the three certification processes, the guarantee ensures that all parties on the network cannot be counterfeited, ensuring the security of the entire network authentication system.
第四: 通过数字签名,保证了 ILR中产生的密钥 KENC和 KM能通过不安 全网络正确到达 ASN, 保证了从 UE到 ASN的接入侧数据传输的安全性。 附图概述Fourth: Through the digital signature, it is ensured that the keys K ENC and KM generated in the ILR can correctly reach the ASN through the unsecure network, and the security of the data transmission on the access side from the UE to the ASN is ensured. BRIEF abstract
Figure imgf000011_0001
Figure imgf000011_0001
图 2所示为本发明实施例所采用的认证机制的示意图。 本发明的较佳实施方式  FIG. 2 is a schematic diagram of an authentication mechanism used in an embodiment of the present invention. Preferred embodiment of the invention
下面结合附图详细说明本发明的具体实施方式。  Specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
UE在接入网络时, 首先必须通过接入服务节点 (Access Service Node, ASN)的认证, 由于移动用户 UE经常从一个接入点漫游到另一个接入点, 因 此用户所接入的 ASN 和存储用户身份信息和位置信息的身份位置寄存器 ( ILR Identity Location Register, ILR )往往不在同一地, 当两者位于不同区 域通过 IP网络或其他数据网络互联时, 可能会出现背景技术图 1中描述的中 间人攻击。  When accessing the network, the UE must first authenticate through an Access Service Node (ASN). Since the mobile user UE often roams from one access point to another, the ASN and the user access the UE. The ILR Identity Location Register (IRR), which stores user identity information and location information, is often not in the same place. When the two are located in different areas connected by IP network or other data network, the background technology described in Figure 1 may appear. The middleman attacked.
本实施例中所述的认证方法至少包括 ILR对 UE的认证, 还可以进一步 包括 UE对 ILR的认证和 ASN对 ILR的认证。  The authentication method in this embodiment includes at least the authentication of the UE by the ILR, and may further include the authentication of the ILR by the UE and the authentication of the ISN by the ASN.
其中, ILR对 UE的认证可保证 UE为本网络的合法用户; UE对 ILR认 证可保证接入的网络是合法的网络, 防止假冒网络欺骗 UE; ASN对 ILR认 证可保证 ILR为合法认证服务器, 防止假冒 ILR和假冒 UE联合起来欺骗 ASN, 盗用 ASN宝贵的无线资源。 利用这三个相互融合的认证, 完全避免了 ASN和 ILR之间存在的不安全路径而被中间人攻击的可能, 使移动网络的认 证过程更加安全可靠。 The authentication of the UE by the ILR can ensure that the UE is a legitimate user of the network; the UE can ensure that the network accessed by the ILR authentication is a legitimate network, preventing the fake network from spoofing the UE; The certificate can guarantee that the ILR is a legitimate authentication server, preventing the fake ILR and the fake UE from uniting to deceive the ASN and stealing the valuable wireless resources of the ASN. The use of these three mutually integrated authentications completely avoids the insecure path between ASN and ILR and is attacked by a middleman, making the authentication process of the mobile network more secure and reliable.
其中, ASN可以是 SGSN、 网关 GPRS支持节点( Gateway GPRS Support Among them, ASN can be SGSN, gateway GPRS support node ( Gateway GPRS Support
Node, GGSN ) 、 分组数据支持节点 ( Packet Data Support Node , PDSN ) 、 服务网关( Serving Gateway, SGW )或分组数据网关( PDN Gateway, PGW ) , 外部代理( Foreign Agency, FA )等; Node, GGSN), Packet Data Support Node (PDSN), Serving Gateway (SGW) or Packet Data Gateway (PGW Gateway, PGW), Foreign Agency (FA), etc.
ILR是逻辑标识,在具体应用场景中可以是 HLR、归属用户服务器(Home Subscriber Server, HSS )、授权 /认证 /计费服务器( Authorization、 Authentication, Accounting, AAA )或其他认证服务器。  The ILR is a logical identifier. In a specific application scenario, it may be an HLR, a Home Subscriber Server (HSS), an Authorization, Authentication, Accounting (AAA), or other authentication server.
同时,定义 UE、 ASN和 ILR的标识符分別为用户身份标识符( Subscriber Identification, SID ) 、 路由标识符 ( Route Identification, RID )和 ILR在网络 中的路由标识 (IID ) ; UE和 ILR之间存在共享密钥 Kl、 Κ2和 Κ3; 其中, K1是 UE和 ILR预共享密钥,主要负责 UE对 ILR认证以及 ILR对 UE认证, Κ2为生成加密密钥的根密钥, Κ3为用于生成完整性校验密钥的根密钥, Κ2 和 Κ3可以由 UE和 ILR预先约定好, 也可以由 K1推导而来, UE和 ILR还 分别都具备认证算法 fl、 £2、 f4、 f5。 另外在 ASN和 ILR之间存在共享密钥 KAI, 并分别都具备认证算法8。  At the same time, the identifiers defining the UE, ASN and ILR are respectively the Subscriber Identification (SID), the Route Identification (RID) and the Route Identification (IID) of the ILR in the network; between the UE and the ILR. There are shared keys K1, Κ2, and Κ3; wherein, K1 is a UE and an ILR pre-shared key, and is mainly responsible for UE-to-ILR authentication and ILR-to-UE authentication, Κ2 is a root key for generating an encryption key, and Κ3 is used for generating The root key of the integrity check key, Κ2 and Κ3, may be pre-agreed by the UE and the ILR, or may be derived by K1. The UE and the ILR also have authentication algorithms fl, £2, f4, and f5, respectively. In addition, there is a shared key KAI between the ASN and the ILR, and each has an authentication algorithm 8.
下面具体描述本实施例的实现过程:  The implementation process of this embodiment is specifically described below:
步骤 201 : 当 UE漫游到一个新的接入点时, 将向此新接入点的 ASN发 送 SID;  Step 201: When the UE roams to a new access point, the SID is sent to the ASN of the new access point.
其中 SID可以通过发送 "接入请求" 消息发送, 也可以直接发起数据包, 其中携带 UE的身份标识符 SID。  The SID may be sent by sending an "access request" message, or may directly initiate a data packet, where the identity identifier SID of the UE is carried.
步骤 202: ASN收到该 SID后检查该 SID是否已通过认证, 如果没有通 过认证, 则向 UE发送 RID, 并指示 UE进行认证;  Step 202: After receiving the SID, the ASN checks whether the SID has passed the authentication. If the ASN does not pass the authentication, sends an RID to the UE, and instructs the UE to perform authentication.
其中, ASN可以通过向 UE发送 "需要接入认证" 消息发送 RID并指示 UE进行认证, 也可以通过广播方式将 SID传递给 UE。 步骤 203 : UE收到需要认证的指示后, 生成一个随机数 RA DUE, 并通 过 "认证网絡请求" 消息将该 RA DUE与 SID发送给 ASN; The ASN may send the RID by sending a "require access authentication" message to the UE and instruct the UE to perform authentication, or may transmit the SID to the UE by using a broadcast manner. Step 203: After receiving the indication that the UE needs to be authenticated, the UE generates a random number RA DUE, and sends the RA DUE and the SID to the ASN through an "authentication network request" message.
此外, 为了简化 ASN 收到 "认证网络请求" 消息后的处理, 也可以由 UE直接将 RA DUE、 SID一起以及 RID发送给 ASN;  In addition, in order to simplify the processing after the ASN receives the "authentication network request" message, the UE may directly send the RA DUE, the SID together, and the RID to the ASN;
本文中的随机数均可以由计算机编程语言中的伪随机数算法生成; 步骤 204: ASN将收到的 RA DUE和 SID , 连同 RID以及 ASN的公钥 KASN四个参数 "RAKDUE,SID,RID,KASN" 通过 "认证网络请求" 消息一起发 送给 ILR; The random numbers in this paper can all be generated by the pseudo-random number algorithm in the computer programming language; Step 204: The ASN will receive the RA DUE and SID, together with the RID and the ASN public key K ASN four parameters "RAKDUE, SID, RID , KASN "sends the message to the ILR via the "Authentication Network Request"message;
其中, 如果步骤 203中发来的 "需要接入认证" 包含 RID, ASN只需添 加 ASN的公钥 KASN即可; If the "required access authentication" sent in step 203 includes the RID, the ASN only needs to add the public key K ASN of the ASN ;
ASN的公钥 KASN可以有多组,也可临时生成, 只要在一个用户的认证过 程中保持不变就可以。 The ASN's public key K ASN can have multiple groups or can be generated temporarily, as long as it remains unchanged during the authentication process of a user.
步骤 205: ILR收到 ASN发送来的 "认证网络请求" 消息, 先产生一个 随机数 RA Due,并利用 SID对应的共享认证密钥 K1 ,以 RANDue RA Due SID, RID为参数, 通过 fl算法计算得到 RES2UE, 即 RES2UE=flK1 ( RANDUE, RA DILR, SID, RID ) , 并用 ASN的公钥 KASN把 RES2UE、 RA Due ILR 的公钥 Κπ^、 ILR的网络标识符 IID加密得到 El , 然后通过 "认证网络响应" 消息将加密数据 E1发送给 ASN; Step 205: The ILR receives the "authentication network request" message sent by the ASN, first generates a random number RA Due, and uses the shared authentication key K1 corresponding to the SID, and uses the RANDue RA Due SID, RID as a parameter, and calculates by the fl algorithm. Obtain RES 2UE , ie RES 2UE = fl K1 ( RANDUE, RA DILR, SID, RID ), and encrypt the public key Κ 2UE of the RES 2UE , RA Due ILR, and the network identifier IID of the ILR with the ASN public key K ASN to obtain El And then send the encrypted data E1 to the ASN through the "authentication network response"message;
优选地, 可以将 RES2UE、 RA DILR. ILR的公钥 ΚΠ^、 ILR的网络标识 符 IID并成一个长数据串 (
Figure imgf000013_0001
) , 然后 ILR对这个长数 据串 ( RESZUEIRA DILRIKILRIIID ) 用 ASN 的公钥 KASN进行加密, 得到 E Eio^RESzuElRA Dn^lKn^lIID]后通过 "认证网络响应 " 消息发送给 ASN; 其中, 将 RES2UE、 RA Dn^ KILR和 IID并成长数据串时可以以任何顺序进 行合并, 只要 ASN能够正确识别出这四个参数即可; 如, RES2UE、 RA DILR. KILR. HD可以采用约定的长度, 约定的顺序, 便于 ASN接收后按序分离这 四个参数; Preferably, the public key of the RES 2UE , the RA DILR. ILR, and the network identifier IID of the ILR may be combined into one long data string (
Figure imgf000013_0001
), then ILR encrypts the long data string (RESZUEIRA DILRIKILRIIID) with the ASN public key K ASN , and then obtains E Eio^RESzuElRA Dn^lKn^lIID] and sends it to the ASN through the "authentication network response"message; 2UE , RA Dn^ KILR and IID can be merged in any order when growing the data string, as long as ASN can correctly identify these four parameters; for example, RES 2UE , RA DILR. KILR. HD can adopt the agreed length, The agreed order facilitates the separation of these four parameters in sequence after ASN reception;
其中, EKASN[]表示用 ASN的公钥 KAS1^†方括号 Π内的数据加密, 此处的 加密算法可以是 RSA或数字签名算法(Digital Signature Algorithm, DSA )等 任意非对称加密算法; Wherein, E KASN [] indicates that the data in the ASN public key K AS1 ^ † square brackets is used for encryption, and the encryption algorithm herein may be RSA or Digital Signature Algorithm (DSA), etc. Any asymmetric encryption algorithm;
RES2UE表示发向 UE的认证计算结果; RES 2UE indicates an authentication calculation result sent to the UE;
fl为一种消息完整性认证算法, 具体算法可采用 MD5或 SHA-1以及其 他自定义消息摘要算法等, 本发明不指定 fl的具体算法, 具体釆用哪种算法 可由运营商根据实际运营的安全需求确定, 用于 UE对 ILR (网络)的认证和 IL 对 UE的认证 , 在 ILR和 UE中计算 RES2UE和 XRES2UE, 同时存在于 UE 和 ILR中, flKi ( RA DUE, RA DILR, SID, RID )表示用 RA DUE、 RA DILR, SID和 RID作为输入参数, 采用预共享密钥 K1经过 fl算法运算的结果; 步骤 206: ASN收到 ILR发送来的 "认证网絡响应" 消息后, 利用 ASN 的私钥 KA对 E^EKA^RESZUEIRA DJLRIKJLRIIID]解密, 得到 RES2UE 和 RA DILR, 并发送到 UE; Fl is a message integrity authentication algorithm. The specific algorithm can use MD5 or SHA-1 and other custom message digest algorithms. The present invention does not specify a specific algorithm of fl. Which algorithm can be used by the operator according to the actual operation. Security requirements determination, for UE authentication of ILR (network) and IL authentication of UE, calculation of RES 2UE and XRES 2UE in ILR and UE, present in UE and ILR, fl K i ( RA DUE, RA DILR , SID, RID) indicates the result of using the RA DUE, RA DILR, SID and RID as input parameters, and using the pre-shared key K1 to perform the operation of the fl algorithm; Step 206: After receiving the "authentication network response" message sent by the ILR, the ASN receives the message Decrypting E^EKA^RESZUEIRA DJLRIKJLRIIID] using the private key K A of the ASN, obtaining RES 2UE and RA DILR, and transmitting to the UE;
此时, ASN还可以进一步记录 KM和 IID, 用于当 ASN接收到 ILR向 ASN传递了 UE的数据加密密钥 KENC完整性密钥 KINT后, 在 UE和 ASN之 间的数据流需要加密和完整性校验时使用; 如果仅仅用于认证而 UE和 ASN 之间不需要加密和数据完整性校验等业务需要的共享安全密钥时, 步骤 205 和步骤 206中也可以不包括 KM和 IID。 At this time, the ASN may further record the KM and the IID, and after the ASN receives the ILR and transmits the UE's data encryption key K ENC integrity key KINT to the ASN, the data flow between the UE and the ASN needs to be encrypted and Used in the integrity check; if only the shared security key required for the service such as encryption and data integrity check is not required between the UE and the ASN, the steps 205 and 206 may not include the KM and the IID. .
步骤 207 : UE收到 RES2UE和 RAKDJLR后, 利用 fl算法得到 XRES2UE, 即 XRES2UE=flK1 ( RANDUE, RANDILR, SID, RID )后与 RES2UE进行比较, 对 ILR进行认证: Step 207: After the UE receives the RES 2UE and RAKDJLR, fl algorithm using XRES 2UE, i.e. after XRES 2UE = fl K1 (RANDUE, RANDILR, SID , RID) compared with the RES 2UE, for ILR authentication:
如果不一致, 则通知 ASN认证失败; 如果一致, UE对 ILR的认证通过; 如果 UE对 XRES2UE和 ES2UE的比较结果为一致, 可以继续 ILR对 UE 的认证, 此时, UE进一步向 ASN发送 "认证终端请求" 消息, 其中携带有 以 RANDue RANDILR, SID、 RID为参数, 用预共享密钥 K1并釆用 算法 计算出的返回给 ILR 的认证结果 RES2ILR, 即:
Figure imgf000014_0001
( RANDUE , RANDILR, SID, RID ) ; If not, then notify ASN authentication fails; if consistent, UE certification of the ILR through; if the UE is consistent comparison XRES 2UE and ES 2UE, you can continue to authenticate the UE ILR at this time, UE further sends ASN " The authentication terminal requests a message carrying the authentication result RES 2 IL R returned to the ILR using the pre-shared key K1 and using the pre-shared key K1 with the RANDue RANDILR, SID, and RID as parameters.
Figure imgf000014_0001
( RANDUE , RANDILR, SID, RID );
其中,如果 UE通过对 XRES2UE和 RES2UE进行比较,结果为二者不一致, 则说明网络是非法的, 或者遭受了中间人攻击; Among them, if the UE by comparing XRES 2UE and RES 2UE, the result is both inconsistent, then the network is illegal, or suffered a middleman attacks;
终端的 fl算法与 ILR上的 fl算法相同; 1^821^表示发向 ILR的认证计算结果; The fl algorithm of the terminal is the same as the fl algorithm on the ILR; 1^8 2 1^ indicates the result of the authentication calculation sent to the ILR;
GK1 ( RA DUE, RA DILR, SID , RID )表示用 RA DUE、 RA DILR, SID, RID作为输入参数, 采用共享认证密钥 K1经过 β算法运算的结果; G K1 ( RA DUE, RA DILR, SID , RID ) indicates the result of using the RA DUE, RA DILR, SID, RID as input parameters, and using the shared authentication key K1 to perform the β algorithm operation;
需要指出的是, 本文并不指定 G 的具体算法, 只要满足用 RA Due RA DILR. SID. RID作为输入参数, 采用共享认证密钥 K1经过 算法即可, 如可以是 MD5或 SHA-1等标准算法, 或者其他自定义算法;  It should be pointed out that this paper does not specify the specific algorithm of G. As long as RA Due RA DILR. SID. RID is used as the input parameter, the shared authentication key K1 can be used to pass the algorithm, such as MD5 or SHA-1. Algorithm, or other custom algorithm;
步骤 208: ASN收到终端发送来的 "认证终端请求" 消息后, 生成一个 随机数 RANDASN, 并用公钥 KJLR对 RESIR和 RANDASN加密, 得到 E2 , 再 用 ASN的私钥 Ka对加密数据 E2进行数字签名 SIGNASN,然后将加密数据 E2 以及数字签名 SIGNASN通过 "认证终端请求" 发送给认证服务器 ILR; Step 208: After receiving the "Authentication Terminal Request" message sent by the terminal, the ASN generates a random number RAND ASN , encrypts the RESIR and the RAND ASN with the public key KJLR, obtains E2, and encrypts the data by using the private key K a of the ASN. E2 performs digital signature SIGN ASN , and then sends the encrypted data E2 and the digital signature SIGN ASN to the authentication server ILR through the "authentication terminal request";
其中, ASN可以将生成的随机数 RA DASN与 RES R按照约定的顺序和 长度合并成一个数据串 RES2JLR|RANDasn, 也就是说, 也可以采用数据串 RA DASN| ES2ILR只要按约定顺序和长度就可以,下文中数据串中的参数顺序 也是按约定顺序和长度即可。 ASN然后使用 ILR的公钥 ¾^对这个串进行加 密, 形成加密后的数据 E2 , 如
Figure imgf000015_0001
The ASN may combine the generated random numbers RA DASN and RES R into a data string RES 2 JL R | RAND asn according to the agreed order and length, that is, the data string RA D A SN| ES 2 ILR may also be used. As long as the order and length are agreed, the order of the parameters in the data string below is also in the order and length. The ASN then encrypts the string using the ILR public key 3⁄4^ to form the encrypted data E2, such as
Figure imgf000015_0001
EKLTR[]表示用认证服务器 ILR的公钥 10^对方括号 []内的数据加密得到的 结果, 此处的加密算法同样也可以是 RSA或 DSA等非对称加密算法; E KLTR [] represents the result obtained by encrypting the data in the parentheses [] of the public key 10^ of the authentication server ILR, and the encryption algorithm here may also be an asymmetric encryption algorithm such as RSA or DSA;
步骤 209: ILR收到 ASN发送来的 "认证终端请求" 消息后, 用 ASN 的公钥 KASN检验数字签名 SIGNASN的正确性, 如果正确, 则用 ILR的私钥 对加密数据 E2 (如 EKLTR[RES2ILR|RA DASN] ) 进行解密, 得到 RES2ILR和 RANDASN, 然后用 £2算法计算
Figure imgf000015_0002
( RANDUE, RANDILR, SID , RID ) , 并将该 XRES2ILR与解密得到的 RES2ILR (即 UE发送来的 RES2ILR )进 行比较, 如果不一致, 则通知 ASN认证失败; 如果一致, 则认证通过; Step 209: After receiving the "Authentication Terminal Request" message sent by the ASN, the ILR checks the correctness of the digital signature SIGN ASN with the public key K ASN of the ASN . If correct, encrypts the data E2 with the private key of the ILR (such as E KLTR [RES 2ILR |RA D ASN ] ) Decrypt, get RES 2ILR and RANDASN, then calculate with £2 algorithm
Figure imgf000015_0002
(RANDUE, RANDILR, SID, RID), and compare the XRES 2 IL R with the decrypted RES 2 IL R (ie, RES 2 IL R sent by the UE), if not, notify the ASN authentication failure; , the certification is passed;
当 ILR对 UE的认证通过后,还可以进一步开始 ASN对 ILR的认证过程, 此时, ILR利用其与 ASN的共享密钥 , 采用 β算法计算 RES2ASN=BKAI ( RANDASN, RANDUE, RANDILR,RID,IID, SID ) ; 同时采用 f4算法和 UE与 ILR之间的共享的加密根密钥 K2计算 UE和 ASN之间的接入数据加密密钥 KENC ( RA DUE,RA DILR,SID,RID ) ; 并通过 f5算法和 UE与 ILR之间 的共享的完整性校验根密钥 K3计算 UE和 ASN之间的接入数据完整性校验 密钥
Figure imgf000016_0001
( RANDUE,RANDILR,SID,RID ) , 计算完整性密钥 ¾ΝΤ等; 然 后用 ASN的公钥 KASI^† RES2ASN、 KENC和 KINT加密后得到一加密数据, 并 用 ILR的私钥 生成该加密数据的数字签名 SIGNILR, 并通过 "认证通过" 消息将加密数据和 SIGNILR发送到 ASN。 After the ILR passes the authentication of the UE, the ASN authentication process can be further started. At this time, the ILR uses the shared key with the ASN to calculate RES 2ASN = B KAI ( RANDASN, RANDUE, RANDILR, RID using the β algorithm. , IID, SID); simultaneously using the f4 algorithm and the shared encrypted root key K2 between the UE and the ILR to calculate the access data encryption key KENC (RA DUE, RA DILR, SID, RID) between the UE and the ASN; And through the f5 algorithm and between the UE and the ILR Shared integrity check root key K3 calculates the access data integrity check key between the UE and the ASN
Figure imgf000016_0001
(RANDUE, RANDIL R , SID, RID), calculate the integrity key 3⁄4Ν Τ, etc.; then use ASN's public key K ASI ^ RES RES 2ASN , K ENC and KINT to obtain an encrypted data, and generate it with the private key of ILR The encrypted data is digitally signed by SIGNIL R and the encrypted data and SIGNIL R are sent to the ASN via the "Authentication Pass" message.
其中, 如果 1 £8211^与 RES2ILR比较的结果为不一致, 则说明终端 UE 是假冒的, 或者有中间人攻击; Wherein, if the result of comparing 1 £8 2 11^ with RES 2 IL R is inconsistent, it indicates that the terminal UE is impersonated or has a man-in-the-middle attack;
本文同样不具体定义 β算法;  This paper also does not specifically define the β algorithm;
本文同样不定义 f4、 f5的具体算法。  This paper also does not define the specific algorithm of f4, f5.
可以将 RES2ASN、 KENC和 ¾NT (以任意约定的顺序和长度) 并接成一个 长数据串,如可以是 RES2ASN|KENC|KINT, 然后使用 ASN的公钥 KAST^†该并接 后的长数据串加密得到 E3 , 即
Figure imgf000016_0002
, 并用 ILR的私钥 对加密后的数据 E3进行数字签名。 You can combine RES 2ASN , K ENC and 3⁄4N T (in any agreed order and length) into a long data string, such as RES 2ASN |K ENC |KIN T , and then use ASN's public key K AST ^† The long data string encrypted after the connection is E3, that is,
Figure imgf000016_0002
And digitally sign the encrypted data E3 with the private key of the ILR.
此外, 本步骤的 "认证通过" 还可以进一步包括其他需要从 ILR发送到 ASN的密钥或参数, 如也可以将 UE的切换密钥包含进去传递到 ASN等。  In addition, the "authentication pass" of this step may further include other keys or parameters that need to be sent from the ILR to the ASN, such as the UE's handover key may also be included and passed to the ASN.
ΐΙ,η,Β都是消息完整性校验算法, 可以为 MD5或 SHA-1或其他自定义 的消息摘要算法等, 可以是相同的或不同的消息完整性校验算法, f4是加密 密钥生成算法, f5是完整性校验密钥生成算法, 这两种算法一般与前面的不 同, 上述算法都可以由运营商自己设定, 本发明不指定具体算法。 关于这些 算法的分发和存放地点, 对于终端, 一般烧制于 SIM/USIM/UIM卡中或集成 于终端软件中, 对于认证服务器, 一般以加密方式保存于 ILR的数据库中, 对所有用户 fl ~ f5算法都是相同的, 不同的只是共享密钥 Kl、 Κ2、 Κ3。 在 实际运营中, 运营商一般也将 fl ~ f5对外界保密, 以保证更好的安全性。  ΐΙ, η, Β are all message integrity check algorithms, which can be MD5 or SHA-1 or other custom message digest algorithms, etc., can be the same or different message integrity check algorithm, f4 is the encryption key The algorithm is generated, and f5 is an integrity check key generation algorithm. The two algorithms are generally different from the previous ones. The above algorithms can all be set by the operator. The present invention does not specify a specific algorithm. For the distribution and storage location of these algorithms, the terminal is usually burned in the SIM/USIM/UIM card or integrated in the terminal software. For the authentication server, it is generally stored in the ILR database in an encrypted manner for all users. The f5 algorithm is the same, the only difference is the shared key Kl, Κ2, Κ3. In actual operation, operators generally keep fl ~ f5 secret to the outside world to ensure better security.
步骤 210 : ASN收到 ILR发送来的 "认证通过" 消息后, 先用 ILR的公 钥 ¾LR检验数字签名的正确性, 然后用 ASN的私钥 KA将加密数据 E3解密, 提取 RES2ASN、 KENC 以及 KINT , 然后 ASN 用密钥 及 β 算法计算
Figure imgf000016_0003
IID , SID ),并将 XRES2ASN 和 RES2ASN进行比较, 如果不一致, 认证失败; 如果一致, 则向 UE发送 "认 证通过消息 " ; Step 210: After ASN receive an "authentication" message sent by the ILR, the first public key ¾L R examines the digital signature of the correctness of ILR, then the private key K A ASN decrypting the encrypted data E3, extraction RES 2ASN, K ENC and KINT, then ASN is calculated using the key and the beta algorithm
Figure imgf000016_0003
IID, SID), and compare XRES 2ASN and RES 2ASN . If they are inconsistent, the authentication fails. If they are consistent, send the message to the UE. Pass the message ";
其中 , ASN还可以进一步地保存 KENC和 ΚΐΝτ, 分别用于后续对 UE和 ASN之间传输的数据的加密和完整性校验; The ASN may further store K ENC and ΚΐΝτ for subsequent encryption and integrity verification of data transmitted between the UE and the ASN;
当 ASN用 XRES2AS1^o RES2ASN进行比较时, 如果不一致, 说明是用户 UE和 ILR两个联合起来欺骗 ASN。 When the ASN is compared with XRES 2AS1 ^o RES 2ASN , if it is inconsistent, it means that the user UE and the ILR are combined to spoof the ASN.
步骤 211 : 终端 UE收到 "认证通过" 消息后, 分别计算出 KENC和 ΚΪΝΤ, 在后续和 ASN的数据交互中,可根据系统要求利用这两个密钥对 UE和 ASN 之间的数据进行加密和完整性校验。 Step 211: After receiving the "authentication pass" message, the terminal UE separately calculates K ENC and ΚΪΝΤ. In the subsequent data interaction with the ASN, the data between the UE and the ASN may be used by the two keys according to system requirements. Encryption and integrity check.
其中, KENC =f4K2 ( RA DUE,RA DILR,SID,RID ) ;Where K ENC = f4K2 ( RA DUE, RA DIL R , SID, RID);
Figure imgf000017_0001
( RA DUE,RANDILR,SID,RID ) 。
Figure imgf000017_0001
( RA DUE, RANDILR, SID, RID).
本发明通过将 ASN的 RID和公钥 KASN以及 ILR的公钥 ΚΜ作为 UE和 IL 双向认证的参数, 利用 UE和 ILR之间的共享认证密钥 K1来计算多个参 数, 并通过将多个参数混合运算后得出认证结果, 从而实现 ILR对 UE的认 证及 UE对 ILR双向认证的同时, 也保证了接入服务器 ASN的 RID和公钥 KASN能正确的从 ASN传送到 ILR,同时也保证了 ILR的公钥 KJLR能正确地从 IL 传送到 ASN, 以及在 ILR中生成加密密钥 KENC和完整性校验密钥 KINT 能正确的从 ILR传送到 ASN。 By the present invention the ASN KASN RID and public key a public key K0 and ILR as parameters [mu] and IL UE mutual authentication using the authentication key K1 shared between the UE and the ILR to calculate a plurality of parameters, and by a plurality of After the parameter mixing operation, the authentication result is obtained, thereby realizing the ILR authentication to the UE and the UE to the ILR two-way authentication, and also ensuring that the RID and the public key KASN of the access server ASN can be correctly transmitted from the ASN to the ILR, and also ensure The public key KJLR of the ILR can be correctly transferred from the IL to the ASN, and the encryption key K ENC and the integrity check key KIN T generated in the ILR can be correctly transmitted from the ILR to the ASN.
另外 , 本发明还加入了 ASN对 ILR的认证, 避免了 UE和 ILR同时假冒 来骗取 ASN的信任从而使用网絡的情况。  In addition, the present invention also adds the ASN authentication to the ILR, which avoids the situation that the UE and the ILR simultaneously spoof to defraud the ASN and use the network.
在上述实施例中, 有几种手段检测是否产生了中间人攻击: In the above embodiment, there are several means to detect whether a man-in-the-middle attack has occurred:
首先, UE收到 ILR发来的认证网络响应消息后, 利用共享密钥 K1和接 入点标识 RID、 用户身份标识 SID及相关随机数 RA DUE和 RA DILR算出的 认证结杲 XRES2UE和 ILR发来的 RES2UE不一致, 认为产生了中间人攻击。 First, after receiving the authentication network response message sent by the ILR, the UE sends the authentication certificate XRES 2UE and ILR calculated by using the shared key K1 and the access point identifier RID, the user identity identifier SID, and the related random numbers RA DUE and RA DILR. The incoming RES 2UE is inconsistent and it is believed that a man-in-the-middle attack has occurred
同样, 如果 ILR收到 UE发来的认证终端请求消息后, 利用共享密钥 K1 和接入点标识 RID、 用户身份标识 SID以及相关随机数 RANDUE和 RA Due 算出的认证结果 XRES2in^ ILR发来的 RES2ILR不一致, 认为产生了中间人 攻击。 Similarly, if the ILR receives the authentication terminal request message sent by the UE, the authentication result XRES 2 in^ ILR calculated by using the shared key K1 and the access point identification RID, the user identity SID, and the associated random numbers RANDUE and RA Due The RES 2 IL R came inconsistently and thought that a middleman was created. Attack.
另外, 如果 ASN收到 ILR发来的 RES2ASN和 ASN自己计算的 XRES2ASN 两个数字签名 SIGNASN和 SIGNILR如果传送的结果和计算结果不一致也 认为发生了中间人攻击。 In addition, if the ASN receives the RES 2ASN sent by the ILR and the XRES 2ASN calculated by the ASN itself, the two digital signatures SIGN ASN and SIGNINR are considered to have occurred as a man-in-the-middle attack if the result of the transmission is inconsistent with the calculation result.
通过上述流程, 实现了: Through the above process, it is realized:
1、 终端 UE对认证服务器 ILR的认证, 防止了假冒的网络攻击。  1. The terminal UE authenticates the authentication server ILR to prevent counterfeit network attacks.
2、 认证服务器 ILR对终端 UE的认证, 防止了假冒的终端接入。  2. Authentication server The authentication of the terminal UE by the ILR prevents the fake terminal from accessing.
3、 接入服务器 ASN对认证服务器 ILR的认证, 防止了假冒的终端和认 证服务器同时欺骗 ASN.  3. Access server The ASN authenticates the authentication server ILR, preventing the fake terminal and the authentication server from simultaneously spoofing the ASN.
4、 从 ASN正确传递了 RID和 KASN到 ILR, 从 ILR正确传递了 IID和 KILR ^'J ASN,在 ASN和 ILR之间建立了安全通道,便于后续其他 ILR产生的 针对 UE的共享密钥通过此安全通道传输到 ASN。 4. The RID and K ASN are correctly passed from the ASN to the ILR. The IID and KILR ^'J ASN are correctly transmitted from the ILR, and a secure channel is established between the ASN and the ILR to facilitate the shared key for the UE generated by other ILRs. Transfer to the ASN through this secure channel.
5、从 ILR正确传递了 KENC和 KINT到 ASN,在 UE和 ASN之间的接入侧 建立了安全数据传输通道。 5. The K ENC and KINT are correctly transmitted from the ILR to the ASN, and a secure data transmission channel is established on the access side between the UE and the ASN.
相应地, 本实施例还给出了一种实现上述方法的系统, 包括用户终端, 接入服务器和认证服务器, 其中: Correspondingly, this embodiment also provides a system for implementing the foregoing method, including a user terminal, an access server, and an authentication server, where:
用户终端, 用于当所述用户终端需要接入认证时, 产生一个随机数 a user terminal, configured to generate a random number when the user terminal needs to access authentication
RA DUE,并将用户身份标识符( SID )和随机数 RANDUE发送给接入服务器; 以及用户终端收到接入服务器发送来 RES2UE和 RA Due后, 利用 fl算法得 到 XRES2UE后与 RES2UE进行比较, 如果一致, 用户终端对所述认证服务器的 认证通过, 如果不一致, 用户终端对认证服务器的认证失败; RA DUE, and sending a user identity identifier (SID) and a random number RANDUE to the access server; and after receiving the RES 2UE and RA Due sent by the access server, the user terminal obtains the XRES 2 UE by using the fl algorithm and performs the RES 2 UE If the authentication is consistent, the user terminal passes the authentication of the authentication server. If the authentication is inconsistent, the authentication of the authentication server by the user terminal fails.
接入服务器, 用于将接收到的 SID和随机数 RANDUE, 连同接入服务器 的公钥 (KASN ) 以及接入服务器在网絡中的路由标识符 (RID )发送给认证 服务器; 以及利用其私钥 KA对认证服务器发送来的加密数据 E1解密后, 将 得到的 RES2UE和 RA DM发送给用户终端 An access server, configured to send the received SID and the random number RANDUE, together with the public key of the access server (K ASN ) and the routing identifier (RID ) of the access server in the network to the authentication server; and use the private After the key K A decrypts the encrypted data E1 sent by the authentication server, The obtained RES 2UE and RA DM are sent to the user terminal
认证服务器, 用于利用所述 RID和 KASN生成 RA DILR, 并利用 SID对 应的共享认证密钥 K1 , 以 RANDUE和 RA Dn^为参数, 通过 fl算法计算得 到 RES2UE, 并用 KASN把 RES2UE和 RA DILR加密, 并将加密后的加密数据 E1 发送给接入服务器; An authentication server, configured to generate RA DIL R by using the RID and the K ASN , and using the shared authentication key K1 corresponding to the SID, using RANDUE and RA Dn^ as parameters, calculating RES 2UE by using the fl algorithm, and using the K ASN to calculate the RES 2UE and RA DILR are encrypted, and the encrypted encrypted data E1 is sent to the access server;
其中,所述 fl算法为一种认证算法,用于用户终端对认证服务器的认证, 同时存在于用户终端和认证服务器中。  The fl algorithm is an authentication algorithm used for authentication of the authentication server by the user terminal, and exists in the user terminal and the authentication server.
加密数据 E1中还包括用所述 KASN加密的认证服务器的公钥 ( KJLR )和认 证服务器的网络标识符 (IID ) ; The encrypted data E1 further includes a public key (KJLR) of the authentication server encrypted by the K ASN and a network identifier (IID) of the authentication server;
用户终端利用 fl算法得到 XRES2UE后与 RES2UE进行比较后, 用户终端、 接入服务器和认证服务器还用于: Fl user terminal uses the algorithm XRES 2UE 2UE after comparing the RES, a user terminal, the access server and the authentication server is further configured to:
用户终端, 还用于如果不一致, 用户终端通知接入服务器认证失败; 如 果一致,用户终端向接入服务器发送认证终端请求消息,其中携带有利用 Kl, 以 RANDue RA DILR, SID和 RID为参数, 釆用 G算法计算出的返回给认 证服务器的认证结果 RES2ILR; The user terminal is further configured to notify the access server that the authentication fails if not consistent; if the user terminal is consistent, the user terminal sends an authentication terminal request message to the access server, where the K1 is carried, and the RANDue RA DILR, SID, and RID are used as parameters.认证 The authentication result RES 2 IL R returned to the authentication server calculated by the G algorithm;
接入服务器, 用于收到认证终端请求消息后, 生成随机数 RA DASN, 并 用 ¾^对 RES2ILR和 RA DASN加密后将加密数据 E2发送给认证服务器; 认证服务器, 用于利用认证服务器的私钥 对接入服务器发送来的加密 数据 E2解密得到 RESIR和 RA DASN,然后利用 K1, 以 RANDue RA Due SID和 RID为参数, 用 £2算法计算出 XRES R, 并将该 ^821^与解密得 到的 RES2ILR进行比较, 如果一致, 认证服务器对用户终端的认证通过; 如果 不一致, 认证服务器对用户终端的认证失败。 The access server is configured to: after receiving the authentication terminal request message, generate a random number RA D ASN , and encrypt the RES 2 ILR and the RA D ASN to send the encrypted data E2 to the authentication server; and the authentication server is configured to use the authentication The private key of the server decrypts the encrypted data E2 sent by the access server to obtain RESIR and RA D ASN , and then uses K1, takes RANDue RA Due SID and RID as parameters, calculates XRES R by the £2 algorithm, and calculates the ^8 2 1^ is compared with the decrypted RES 2 IL R. If they are consistent, the authentication server passes the authentication of the user terminal; if not, the authentication server fails the authentication of the user terminal.
所述 Ώ为一种认证算法, 同时存在于同时存在于用户终端和认证服务器 中。  The Ώ is an authentication algorithm that exists in both the user terminal and the authentication server.
认证服务器对所述用户终端的认证通过后, 接入服务器和认证服务器还 用于:  After the authentication server passes the authentication of the user terminal, the access server and the authentication server are further used to:
认证服务器, 用于利用其与接入服务器的共享密钥 KA!, 以 RANDASN, RANDUE, RA DILR,RID,IID和 SID作为参数, 用 β算法计算 RES2ASN, 并用 接入服务器的公钥 KASi^†RES2ASN加密后得到一加密数据 E3 ,将该加密数据 E3发送给接入服务器; Authentication server, used to share the shared key KA with the access server! Using RAND ASN , RANDUE, RA DIL R , RID, IID and SID as parameters, calculate RES 2ASN with β algorithm, and use The public key K ASi ^ † RES 2ASN of the access server is encrypted to obtain an encrypted data E3, and the encrypted data E3 is sent to the access server;
接入服务器, 用于接收到加密数据 E3后, 用接入服务器的私钥 Ka将加 密数据 E3解密, 提取 RES2ASN, 并将 XRES2ASN和 RES2ASN进行比较, 如果不 一致, 接入服务器对认证服务器的认证失败; 如果一致, 则接入服务器对认 证服务器的认证通过; The access server, after receiving the encrypted data E3, decrypts the encrypted data E3 with the private key K a of the access server, extracts the RES 2ASN , and compares the XRES 2ASN and the RES 2ASN . If not, the access server authenticates The authentication of the server fails. If they are consistent, the authentication of the authentication server is passed by the access server.
所述 β算法为一种认证算法,同时存在于接入服务器和认证服务器之间。  The beta algorithm is an authentication algorithm that exists between the access server and the authentication server.
综上所述, 本方法有下述优点: In summary, the method has the following advantages:
第一, 由于本发明在 UE和 ILR双方计算认证结果的时候, 加入了对接 入服务器的路由标识 RID计算,从机制上使 UE看到的 ASN的路由标识和 ILR 看到的 ASN的路由标识一致, 保证了 ILR中登记的用户接入的 RID和实际 接入的一致, 避免了中间人修改接入服务器标识 RID而产生的中间人攻击; 第二, 本方案在认证服务器 ILR或者终端 UE计算认证结果时, 均采用 了各自节点自己生成的随机数 RA Dn^ RA DASN、 RA DUE, 这可以避免 中间人将随机数改为非随机数, 如全 0字符串, 让 UE或 ILR生成认证结果 来猜测共享密钥。 First, the present invention adds the route identifier RID to the access server when both the UE and the ILR calculate the authentication result, and the route identifier of the ASN seen by the UE and the route identifier of the ASN seen by the ILR are obtained from the mechanism. Consistently, the RID of the user registered in the ILR is consistent with the actual access, which avoids the man-in-the-middle attack caused by the intermediary modifying the RID of the access server. Second, the solution calculates the authentication result in the authentication server ILR or the terminal UE. At the same time, the random numbers RA Dn^ RA D ASN and RA DUE generated by the respective nodes are used, which can prevent the middleman from changing the random number to a non-random number, such as an all-zero string, allowing the UE or ILR to generate an authentication result to guess. Shared key.
举例来说, 如果随机数全由对方生成, 如果信令被中间人截取, 中间人 就可以将随机数修改为一个不随机的数值, 如 00000000, 然后交由 UE计算 结果, 这样就有了参数 00000000和认证响应 RESUE—个对照结果。 然后中间 人再将随机数改为 00000001 , 然后再由 UE计算对照结果。 多次重复后, 中 间人可能就攻破了 UE的共享密钥。  For example, if the random number is generated by the other party, if the signaling is intercepted by the intermediary, the middleman can modify the random number to a non-random value, such as 00000000, and then submit the result to the UE, thus having the parameter 00000000 and The authentication response RESUE - a comparison result. Then the middleman changes the random number to 00000001, and then the UE calculates the comparison result. After repeated multiple times, the middle person may have broken the shared key of the UE.
在 WCDMA中, 只有 HLR服务器产生随机数, UE不产生随机数, 因此 在 WCDMA中, 不能排除上述攻击 UE的可能。 而在本发明的方案中, 由于 UE、 ILR和 ASN各自都产生随机数, 因此杜绝了中间人修改随机数来形成攻 击的可能, 从而保证了接入认证中共享密钥的安全性。  In WCDMA, only the HLR server generates random numbers, and the UE does not generate random numbers. Therefore, in WCDMA, the above possibility of attacking the UE cannot be excluded. In the solution of the present invention, since the UE, the ILR, and the ASN each generate a random number, the possibility that the middleman modifies the random number to form an attack is eliminated, thereby ensuring the security of the shared key in the access authentication.
第三, 本方案巧妙的将 ASN和 ILR的公钥 KASN和 KILR向对方分发的过 程穿插到 UE对 ILR的认证和 ILR对 UE的认证中, 保证了公钥 KASN和 IQLR 能够正确无误的到达目的服务器,避免中间人对公钥 1^^和¾^截取或替换, 保证了后续数据传递的安全性。 Third, the scheme subtly interpolates the process of distributing the ASN and ILR public keys K ASN and KILR to each other to the UE for ILR authentication and ILR to UE authentication, ensuring the public key K ASN and IQLR It can reach the destination server correctly and avoid the interception or replacement of the public key 1^^ and 3⁄4^ by the middleman, which ensures the security of subsequent data transmission.
第四 本文使用的三个认证过程, 很好的保证了网络各方都不能被假冒, 保证了整个网络认证体系的安全性。  Fourth, the three authentication processes used in this paper ensure that all parties on the network cannot be impersonated, which ensures the security of the entire network authentication system.
第五,通过数字签名,保证了 ILR中产生的密钥 KENC和 KJNT能通过不安 全网络正确到达 ASN, 保证了从 UE到 ASN的接入侧数据传输的安全性。 Fifth, through the digital signature, it is ensured that the keys K ENC and KJNT generated in the ILR can correctly reach the ASN through the unsecure network, and the security of the data transmission on the access side from the UE to the ASN is ensured.
此外, 本发明涉及的名词缩写如下表: In addition, the abbreviations referred to in the present invention are as follows:
Figure imgf000021_0001
钥 KASN对方括号[]内的数据加密得到的结果
Figure imgf000021_0001
The result of the encryption of the data in the parentheses [] of the key K ASN
EKlLR[] 非对称加密算法,表示用认证服务器 ILR的公钥 E KlLR [] asymmetric encryption algorithm, representing the public key of the authentication server ILR
¾LR对方括号[]内的数据加密得到的结果 3⁄4L R results obtained by encrypting the data in the parentheses []
fl 一种消息完整性校验算法,用于 UE对 ILR (网络) 的认证,在 ILR和 UE中计算 RES2UE和 XRES2UE , 同时存在于 UE和 ILR中。 flKi ( ) 用密钥 K1以括号 ( ) 内的数据为参数, 采用 fl fl one kind of message integrity check algorithm, authentication for the UE ILR (network), and the UE calculates RES 2UE ILR and XRES 2UE, exist in the UE and ILR. Fl K i ( ) using the key K1 with the data in parentheses ( ) as the parameter, using fl
算法进行计算的结果, 此算法用于终端对网络的 认证  The result of the algorithm calculation, which is used for terminal authentication of the network.
n 一种消息完整性校验算法, 用于 ILR对 UE的认 证, 在 UE和 ILR中计算 RES2:LR和 XRES2ILR, 同时存在于 UE和 ILR中。 n A message integrity check algorithm for ILR authentication of the UE, calculating RES 2:LR and XRES 2 IL R in the UE and ILR, and present in both the UE and the ILR.
£2KI 用密钥 K1以括号 ( ) 内的数据为参数, 采用 £2 £2KI uses the key K1 with the data in parentheses ( ) as the parameter, using £2
算法进行计算的结果, 此算法用于网絡对终端的 认证  The result of the algorithm calculation, which is used for network-to-terminal authentication.
β 一种消息完整性校验算法, 用于 ASN对 ILR的 认证, 在 ILR 和 ASN 中计算 RES2ASN 和 XRES2ASN, 同时存在于 UE和 ILR中。 βΚΛ. ( ) 以括号( ) 内的数据为参数, 采用 β算法, 用密 钥 ΚΑΙ进行计算的结果, 此算法用于 ASN对 ILR 的认证 β A message integrity check algorithm for ASN authentication of ILR. RES 2ASN and XRES 2ASN are calculated in ILR and ASN, and exist in UE and ILR. β Κ Λ. ( ) Take the data in parentheses ( ) as the parameter, use the β algorithm, and use the key ΚΑΙ to calculate the result. This algorithm is used for ASN to authenticate the ILR.
f4 一种加密密钥生成算法,用于 UE和 ASN之间数 据传输所用的加密密钥的生成, 此算法分别在 UE和 ILR之间计算, 在认证成功时, ILR将此 算法生成的加密密钥 KENC传送到 ASN。 f4K2 ( ) 以括号( ) 内的数据为参数, 采用 f4算法, 用根 密钥 K2进行计算的结果,此算法用于 UE和 ASN 之间的数据加密密钥 KENC的生成。 f5 一种完整性校验密钥生成算法, 用于 UE和 ASN 之间数据传输所用的完整性校验密钥的生成, 此 算法分别在 UE和 ILR之间计算 f5K3 ( ) 以括号( ) 内的数据为参数, 采用 f5算法, 用根 密钥 K3进行计算的结果,此算法用于 UE和 ASN 之间的数据完整性校验密钥 ¾ΝΤ的生成。 F4 An encryption key generation algorithm for generating an encryption key used for data transmission between a UE and an ASN. The algorithm is respectively calculated between the UE and the ILR. When the authentication is successful, the ILR generates an encryption key generated by the algorithm. The key K ENC is passed to the ASN. f4K2 ( ) takes the data in parentheses ( ) as the parameter, uses the f4 algorithm, and uses the root key K 2 to calculate the result. This algorithm is used to generate the data encryption key K ENC between the UE and the ASN. F5 An integrity check key generation algorithm for generating an integrity check key used for data transmission between the UE and the ASN. The algorithm calculates f5 K3 ( ) between the UE and the ILR in parentheses ( ) data in the parameter using the algorithm f5, with the result root key K 3 calculated, the algorithm for generating the data between the UE and the ASN ¾Ν Τ the integrity check key.
IID ILR在网络中的路由标识, 通常为 IP地址格式, 可以通过 IID直接寻址到 ILR。  The IID ILR routing identifier in the network, usually in the IP address format, can be directly addressed to the ILR through the IID.
ILR 身份位置寄存器( Identity Location Register ) , ILR 是逻辑标识, 在具体应用场景中可以是 HLR、 HSS或 AAA等其他认证服务器.  ILR is the Identity Location Register. The ILR is a logical identifier. It can be other authentication servers such as HLR, HSS or AAA in specific application scenarios.
KA ASN的私钥, 和 ASN的公钥 KASN配对使用 K A ASN private key, paired with ASN public key KASN
KAI ASN和 ILR之间的共享的认证密钥  Shared authentication key between KAI ASN and ILR
KASN ASN的公钥, 和 ASN的私钥 KA配对使用 The public key of the KASN ASN is paired with the private key K A of the ASN.
KENC 用于 UE和 ASN之间数据流加密的密钥,由算法 f4和密钥 K2生成, KENC is used for the encryption of the data stream between the UE and the ASN, and is generated by the algorithm f4 and the key K2.
IL 的私钥, 和 ILR的公钥 ΚΜ配对使用 IL private key, public key and ILR paired Κ Μ
KiNT 用于 UE和 ASN之间数据完整性校验密钥,由算 法 f5和密钥 K3生成, KiNT is used for the data integrity check key between the UE and the ASN, and is generated by the algorithm f5 and the key K3.
KILR ILR的公钥, 和 ILR的私钥 配对使用  The public key of the KILR ILR, paired with the private key of the ILR
Kl UE和 ILR之间的预共享密钥, 用于 UE的接入 认证。  A pre-shared key between the K1 UE and the ILR, used for access authentication of the UE.
K2 UE和 ILR之间共享的加密根密钥, 可以独立共 享, 也可以由 K1通过一定算法生成。  The encrypted root key shared between the K2 UE and the ILR can be shared independently or generated by K1 through a certain algorithm.
K3 UE和 ILR之间共享的完整性校验才艮密钥, 可以 独立共享, 也可以由 K1通过一定算法生成。 A DASN 由 ASN产生的随机数 RA DUE 由 UE产生的随机数The integrity check shared between the K3 UE and the ILR is the key, which can be shared independently or generated by K1 through a certain algorithm. AD ASN random number generated by ASN RA DUE Random number generated by the UE
A DJLR 由 ILR产生的随机数  A DJLR random number generated by ILR
RES2ASN 由 ILR 根据 ASN 的要求生成的认证结果, RES 2 ASN The result of the certification generated by the ILR according to the requirements of the ASN,
RES誦 = ΒΚΛ, ( RAND凰 RANDUE, RA DILR,RID, IID , SID ) RES诵= ΒΚΛ, ( RAND RANDUE, RA DIL R , RID, IID , SID )
RES2ILR 由 UE 生成的认证结果, RES2ILR = GK1 RES2ILR Authentication result generated by the UE, RES 2 IL R = G K1
( RANDUE,
Figure imgf000024_0001
SID, RID ) ( RANDUE,
Figure imgf000024_0001
SID, RID)
RES2UE 由 ILR生成的认证结果, RES2UE =flKi( A DUE, RES2UE Authentication result generated by ILR, RES 2UE = fl K i( A DUE,
RA DJLR, SID, RID ) , 传送到 ASN, 并由 ASN 分离后传送到 UE。  RA DJLR, SID, RID), transmitted to the ASN, separated by the ASN and transmitted to the UE.
RID ASN 在 网 络 中 的 路 由 标识符 ( Route  RID ASN Routing identifier in the network ( Route
IDentification ) , 可以是 IP地址格式或者其他可 在通讯网中路由到 ASN的标识  IDentification ) , which can be an IP address format or other identifier that can be routed to the ASN in the communication network.
SID 用户身份标识符 (Subscriber IDentification )  SID User ID (Subscriber IDentification)
SIGNASN 用 ASN的私钥 KA对相关的数据进行数字签名的 结果 SIGNASN digitally signs the relevant data with the ASN private key K A
SIGNER 用 ILR的私钥 对相关的数据进行数字签名的 结果  SIGNER digitally signs the relevant data with the private key of the ILR
UE 用户设备终端 ( User Equipment )  UE User Equipment Terminal ( User Equipment )
XRES2ASN 由 ASN 生成的认证结果, XRES2ASN = β XRES 2 ASN Authentication result generated by ASN, XRES 2ASN = β
( RAND凰 RANDUE, RANDILR,RID, IID, SID ) , 用于 ASN对 ILR进行认证, 即与 ILR生成的认 证结果 RES2ASN比较,判断 ILR是否为合法的 ILR ( RAND RANDUE, RANDIL R , RID, IID, SID), used for ASN to authenticate ILR, that is, compared with the authentication result RES 2ASN generated by ILR, to determine whether ILR is a legal ILR
XRES21LR 由 ILR 生成的认证结果, XRES2ILR = f2K1 XRES21LR Authentication result generated by ILR, XRES 2 IL R = f2 K1
( RANDUE, RAKDILR, SID, RID ) , 用于对 UE 进行认证, 即和 UE生成的认证结果 RES2ILR比 较, 判断终端是否为合法终端。 42 XRES2UE 在 UE 中通过 XRES2UE =flKi ( RA DUE, ( RANDUE, RAKDILR, SID, RID ), used to authenticate the UE, that is, compared with the authentication result RES 2 IL R generated by the UE, to determine whether the terminal is a legitimate terminal. 42 XRES 2 UE passes XRES 2UE = fl K i ( RA DUE, in the UE
RA DILR, SID , RID )计算的认证结果, 用于对 RA DILR, SID, RID) calculated authentication result, used for
ILR的认证, 即与 ILR发来的 RES2UE进行比较, 以确定网络是否是合法的网络。 The ILR is authenticated, that is, compared with the RES 2UE sent by the ILR to determine if the network is a legitimate network.
工业实用性 Industrial applicability
本发明有效地避免了经由不可靠网络而导致的中间人攻击, 通过将接入 点路由信息和认证结果绑定, 来保证接入点就是用户真实的接入点。  The invention effectively avoids the man-in-the-middle attack caused by the unreliable network, and ensures that the access point is the real access point of the user by binding the access point routing information and the authentication result.

Claims

权 利 要 求 书 Claim
1、 一种移动通讯网络中的接入认证的方法, 所述方法包括:  A method for access authentication in a mobile communication network, the method comprising:
用户终端需要进行认证时, 产生随机数 RANDUE, 并获取接入服务器在 网络中的路由标识符 (RID ) 以及身份位置寄存器 (ILR ) 产生的随机数 A DJLR;  When the user terminal needs to perform authentication, generate a random number RANDUE, and obtain a route identifier (RID) of the access server in the network and a random number A DJLR generated by the identity location register (ILR);
所述用户终端利用预共享密钥 K1 ,通过第二消息完整性校验算法对第二 认证参数计算得到认证结果 RES2ILR, 并将该认证结果 RES2ILR发送给接入服 务器; The user terminal uses the pre-shared key K1 to calculate the authentication result RES 2ILR for the second authentication parameter by using the second message integrity check algorithm, and sends the authentication result RES 2ILR to the access server;
所述接入服务器收到所述认证结果 RES2ILR后, 产生随机数 RANDASN, 并将所述认证结果 RES2ILR与所述随机数 RANDASN发送给所述 ILR; 以及 所述 ILR利用所述预共享密钥 K1 ,通过第二消息完整性校验算法对第二 认证参数计算得到认证结果 XRESIR, 并将该认证结果 XRES2ILR与接收到的 认证结果 RES2ILR进行比较, 如果所述认证结果 XRES2ILR与所述认证结果 RES2ILR—致, 所述接入认证通过; 如果不一致, 则所述接入认证失败; 其中, 所述预共享密钥 K1为所述用户终端与所述 ILR的预共享密钥; 所述第二认证参数包括所述随机数 RAKDUE、 所述随机数 RANDue 用户身 份标识符 (SID )和所述 RID。 After receiving the authentication result RES 2ILR , the access server generates a random number RAND ASN , and sends the authentication result RES 2 IL R and the random number RAND ASN to the ILR; and the ILR utilization station Calculating the pre-shared key K1, calculating the authentication result XRESIR for the second authentication parameter by using the second message integrity check algorithm, and comparing the authentication result XRES 2 IL R with the received authentication result RES 2 IL R The authentication result XRES 2 ILR is consistent with the authentication result RES 2 IL R , the access authentication is passed; if not, the access authentication fails; wherein the pre-shared key K1 is the user a pre-shared key of the terminal and the ILR; the second authentication parameter includes the random number RAKDUE, the random number RANDue user identity identifier (SID), and the RID.
2、 如权利要求 1所述的方法, 其中,  2. The method of claim 1 wherein
所述接入服务器产生随机数 A DASN后, 并将所述认证结果 RES2ILR与 所述随机数 RANDASN发送给所述 ILR的步骤还包括: After the access server generates the random number A DASN, the step of sending the authentication result RES 2 IL R and the random number RANDASN to the ILR further includes:
所述接入服务器将所述认证结果 RES2ILR和随机数 RANDASN用所述 ILR 的公钥釆用非对称加密算法加密后生成加密数据 E2; 所述接入服务器将该加 密数据 E2发送给所述 ILR; The access server encrypts the authentication result RES 2 IL R and the random number RAND ASN with the public key of the ILR by using an asymmetric encryption algorithm to generate encrypted data E2; the access server sends the encrypted data E2 Giving the ILR;
所述 ILR计算所述认证结果 XRES2ILR之前, 该方法还包括: Before the ILR calculates the authentication result XRES 2 IL R , the method further includes:
所述 ILR用所述 ILR的私钥 对所述加密数据 E2解密, 获取所述认证 结果 RES2ILR和所述随机数 RANDASN The ILR decrypts the encrypted data E2 with the private key of the ILR, and obtains the authentication result RES 2 IL R and the random number RANDASN
3、 如权利要求 2 所述的方法, 其中, 所述接入服务器将所述加密数据 E2发送给所述 ILR的步骤包括: 3. The method of claim 2, wherein the access server will encrypt the data The steps of sending E2 to the ILR include:
所述接入服务器用所述接入服务器的私钥 ^对所述加密数据 E2进行数 字签名 SIGNASN ; 所述接入服务器将所述加密数据 E2 和所述数字签名 SIGNASN发送给所述 ILR; Said access server with a private key of the access server the encrypted data E2 ^ digitally sign SIGN ASN; the access server, the encrypted data E2 and the digital signature SIGN ASN transmitted to the ILR ;
所述 ILR对所述加密数据 E2解密前, 该方法还包括:  Before the ILR decrypts the encrypted data E2, the method further includes:
所述 ILR用所述接入服务器的公钥 KASN检验数字签名 SIGNASN的正确 性, 如果正确, 继续执行所述 ILR用所述 ILR的私钥 对所述加密数据 E2 解密的步骤。 The ILR checks the correctness of the digital signature SIGN ASN with the public key K ASN of the access server, and if correct, proceeds to the step of the ILR decrypting the encrypted data E2 with the private key of the ILR.
4、 如权利要求 1所述的方法, 其中, 所述 ILR对所述用户终端的接入认 证过程之前, 该方法还包括: 所述用户终端对所述 ILR的认证, 所述用户终 端对所述 ILR的认证包括:  The method of claim 1, wherein before the accessing the authentication process of the user terminal to the user terminal, the method further includes: authenticating, by the user terminal, the ILR, where the user terminal is The ILR certification includes:
当用户终端需要接入认证时, 将所述 SID和所述随机数 RAKDUE发送给 所述接入服务器;  Sending the SID and the random number RAKDUE to the access server when the user terminal needs to access the authentication;
所述接入服务器将接收到的所述 SID和随机数 RA DUE, 连同所述接入 服务器的公钥 KASN以及所述 RID发送给所述 ILR; The access server sends the received SID and random number RA DUE to the ILR along with the public key K ASN of the access server and the RID;
所述 ILR利用所述预共享密钥 K1通过第一消息完整性校验算法对第一 认证参数计算得到认证结果 RES2UE,并用所述!^^采用非对称加密算法对第 一加密参数加密后, 将加密数据 E1发送给所述接入服务器; 其中, 所述第一 认证参数包括所述随机数 RA DUE和随机数
Figure imgf000027_0001
所述第一加密参数包 括所述认证结果 RES2UE和随机数 RA DILR; The ILR uses the pre-shared key K1 to calculate the authentication result RES 2UE for the first authentication parameter by using the first message integrity check algorithm, and uses the above! After the first encryption parameter is encrypted by the asymmetric encryption algorithm, the encrypted data E1 is sent to the access server; wherein the first authentication parameter includes the random number RA DUE and the random number
Figure imgf000027_0001
The first encryption parameter includes the authentication result RES 2UE and a random number RA DILR;
所述接入服务器利用接入服务器的私钥 KA对所述加密数据 E1解密后, 将得到的认证结果 RES2UE和随机数 RANDJLR发送给所述用户终端; 以及 所述用户终端收到所述认证结果 RES2UE和随机数 RA DILR后,利用所述 预共享密钥 K1 通过第一消息完整性校验算法对第一认证参数计算得到认证 结果 XRES2UE后与所述认证结果 RES2UE进行比较, 如果一致, 所述用户终端 对所述认证服务器的认证通过, 如果不一致, 则所述用户终端对所述认证服 务器的认证失败。 After the access server decrypts the encrypted data E1 by using the private key K A of the access server, the obtained authentication result RES 2UE and the random number RANDJLR are sent to the user terminal; and the user terminal receives the After the authentication result RES 2UE and the random number RA DILR, the authentication result XRES 2UE is calculated by using the pre-shared key K1 to the first authentication parameter by using the first message integrity check algorithm, and then compared with the authentication result RES 2UE , If the authentication of the authentication server is passed, if the user terminal fails to authenticate, the authentication of the authentication server by the user terminal fails.
5、 如权利要求 4所述的方法, 其中, 所述 ILR对所述用户终端的认证通 过后, 该方法还包括: 所述接入服务器对所述 ILR的认证, 所述接入服务器 对所述 ILR的认证包括: The method according to claim 4, wherein the ILR authenticates the user terminal After the method, the method further includes: authenticating, by the access server, the identifier of the ILR, where the authentication of the ILR by the access server includes:
所述 ILR利用所述 ILR与所述接入服务器共享的认证密钥 KM, 通过第 三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN,并用所述 接入服务器的公钥 KASN对第二加密参数加密后得到加密数据 E3, 将该加密 数据 E3 发送给所述接入服务器; 其中, 所述第三认证参数包括 RANDASN, RA DUE, RA Dn^RID, ILR的网络标识符( IID )和 SID; 所述第二加密参数 包括所述认证结果 RES2ASNUsing the authentication key KM shared by the ILR and the access server, the ILR calculates an authentication result RES 2ASN for the third authentication parameter by using a third message integrity check algorithm, and uses the public key of the access server. The K ASN encrypts the second encryption parameter to obtain the encrypted data E3, and sends the encrypted data E3 to the access server. The third authentication parameter includes a network of RAND ASN , RA DUE, RA Dn^RID, and ILR. An identifier (IID) and a SID; the second encryption parameter includes the authentication result RES 2ASN ;
所述接入服务器接收到所述加密数据 E3 后, 用所述接入服务器的私钥 Ka将所述加密数据 E3解密, 提取所述 RES2ASN, 并用所述认证密钥 通过 第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN; 以及 所述接入服务器将所述 XRES2ASN和所述 RES2ASN进行比较, 如果一致, 则所述接入服务器对所述 ILR的认证通过; 如果不一致, 所述接入服务器对 所述 ILR的认证失败。 After receiving the encrypted data E3, the access server decrypts the encrypted data E3 by using the private key K a of the access server, extracts the RES 2ASN , and completes the third message by using the authentication key. The verification algorithm calculates an authentication result RES 2ASN for the third authentication parameter; and the access server compares the XRES 2ASN with the RES 2ASN , and if they are consistent, the access server authenticates the ILR Passing; If not, the access server fails to authenticate the ILR.
6、 如权利要求 5所述的方法, 其中,  6. The method of claim 5, wherein
所述第一加密参数还包括所述 ILR的公钥 ¾^和 IID;  The first encryption parameter further includes a public key 3⁄4^ and an IID of the ILR;
所述第二加密参数还包括接入数据加密密钥 KENC或接入数据完整性校 验密钥 KJNT; The second encryption parameter further includes an access data encryption key K ENC or an access data integrity check key KJNT;
其中, 所述接入数据加密密钥 KENC是所述认证服务器利用所述用户终端 与 所述认证服务器之间 的共享的加密根密钥 K2 , 以 所述 RA DUE,RAKDILR, SID和 RID为参数, 采用加密密钥生成算法计算得到; 所述接入数据完整性校验密钥 KJNT是所述认证服务器利用所述用户终端 与所述认证服务器之间共享的完整性密钥 K3, 以所述 RA Du^RA Dn^SID 和 RID为参数, 釆用完整性校验密钥生成算法计算得到。 The access data encryption key K ENC is an encrypted root key K2 shared by the authentication server between the user terminal and the authentication server, and the RA DUE, RAKDILR, SID, and RID are The parameter is calculated by using an encryption key generation algorithm; the access data integrity verification key KJNT is an integrity key K3 shared by the authentication server between the user terminal and the authentication server, The RA Du^RA Dn^SID and RID are parameters, which are calculated by the integrity check key generation algorithm.
7、 如权利要求 5或 6所述的方法, 其中, 所述 ILR将所述加密数据 E3 发送给所述接入服务器的步骤包括:  7. The method according to claim 5 or 6, wherein the step of the ILR transmitting the encrypted data E3 to the access server comprises:
所述 ILR用所述 ILR的私钥 生成所述加密数据 E3的数字签名 SIGNILR, 并将该数字签名 81& !^与所述加密数据 E3—起发送给所述接入服务器; 所述接入服务器对所述加密数据 E3解密之前, 该方法还包括: 所述接入服务器先用所述 KILR检验数字签名 SIGNILR的正确性, 如果正 确, 则继续执行所述接入服务器利用接入服务器的私钥 ^对所述加密数据 E3解密的步骤。 The ILR generates a digital signature SIGNIL R of the encrypted data E3 by using a private key of the ILR, and sends the digital signature 81> to the access server together with the encrypted data E3; Before the access server decrypts the encrypted data E3, the method further includes: the access server first checking the correctness of the digital signature SIGNILR by using the KIL R , and if yes, continuing to perform the access server utilization. The private key of the access server ^ is a step of decrypting the encrypted data E3.
8、 如权利要求 1所述的方法, 其中,  8. The method of claim 1, wherein
所述接入服务器是服务 GPRS支持节点、 网关 GPRS支持节点、 分组数 据支持节点、 服务网关分组数据网关或外部代理。  The access server is a serving GPRS support node, a gateway GPRS support node, a packet data support node, a service gateway packet data gateway, or an external proxy.
9、 如权利要求 1所述的方法, 其中, 所述移动通讯网络为基于 IP的移 动通讯网络。  9. The method of claim 1, wherein the mobile communication network is an IP based mobile communication network.
10、 如权利要求 1所述的方法, 其中,  10. The method of claim 1, wherein
所述 ILR为归属位置寄存器、 归属用户服务器、授权 /认证 /计费服务器或 认证服务器。  The ILR is a home location register, a home subscriber server, an authorization/authentication/accounting server, or an authentication server.
11、 一种移动通讯网络中的接入认证的系统, 所述系统包括用户终端, 接入服务器和身份位置寄存器 (ILR ) ; 其中,  11. A system for access authentication in a mobile communication network, the system comprising a user terminal, an access server and an identity location register (ILR);
所述用户终端设置为: 在需要进行认证时产生所述随机数 RA DUE, 获 取所述接入服务器在网络中的路由标识符 (RID ) 以及所述 ILR产生的随机 数 RANDn^ 并利用预共享密钥 Kl, 通过第二消息完整性校验算法对第二认 证参数计算得到认证结果 RES2:LR, 将该认证结果 RES2ILR发送给所述接入服 务器; The user terminal is configured to: generate the random number RA DUE when authentication is required, obtain a route identifier (RID) of the access server in the network, and a random number RANDn^ generated by the ILR and use pre-shared The key K1 is calculated by the second message integrity check algorithm for the second authentication parameter to obtain the authentication result RES 2:LR , and the authentication result RES 2ILR is sent to the access server;
所述接入服务器设置为: 收到所述认证结果 RES2ILR后, 产生随机数The access server is configured to: generate a random number after receiving the authentication result RES 2 ILR
RA DASN. 并将所述认证结果 RES2ILR与所述随机数 RA DASN发送给所述 IL ; RA DASN. and transmitting the authentication result RES 2ILR and the random number RA D ASN to the IL;
所述 ILR设置为: 收到所述接入服务器发送来的所述认证结果 RES2ILR 与所述随机数 RANDASN后, 利用所述预共享密钥 K1 , 通过第二消息完整性 校验算法对第二认证参数计算得到认证结果 XRES2ILR, 并将该认证结果 XRESiR与接收到的认证结果 RESIR进行比较,如果所述认证结果 XRESiR 与所述认证结果 RES2ILR—致, 所述接入认证通过; 如果不一致, 则所述接入 认证失败; 其中, 所述预共享密钥 K1为所述用户终端与所述 ILR的预共享密钥; 所述第二认证参数包括所述随机数 RANDUE、 所述随机数 RANDILR、 用户身 份标识符 (SID )和所述 RID。 The ILR is configured to: after receiving the authentication result RES 2ILR sent by the access server and the random number RAND ASN , using the pre-shared key K1, by using a second message integrity check algorithm The second authentication parameter calculates an authentication result XRES 2 ILR, and compares the authentication result XRESi R with the received authentication result RESIR, if the authentication result XRESi R is consistent with the authentication result RES 2 IL R The access authentication is passed; if not, the access authentication fails; The pre-shared key K1 is a pre-shared key of the user terminal and the ILR; the second authentication parameter includes the random number RANDUE, the random number RANDIL R , and a user identity identifier (SID) And the RID.
12、 如权利要求 11所述的系统, 其中,  12. The system of claim 11 wherein:
所述用户终端还设置为: 在需要接入认证时将所述 SID 和所述随机数 The user terminal is further configured to: when the access authentication is required, the SID and the random number
RA DUE发送给所述接入服务器; 以及收到所述接入服务器发送来的随机数 RES2UE和随机数 RA Due后, 利用所述预共享密钥 K1通过第一消息完整性 校验算法对第一认证参数计算得到认证结果 XRES2UE后与所述认证结果 RES2UE进行比较, 如果一致, 所述用户终端对所述认证服务器的认证通过, 如果不一致, 则所述用户终端对所述认证服务器的认证失败; And sending, by the RA DUE, the access server; and after receiving the random number RES 2 UE and the random number RA Due sent by the access server, using the pre-shared key K1 to pass the first message integrity check algorithm a first authentication parameter XRES calculated authentication result and the authentication result after 2UE 2UE compares the RES, if they are consistent, the terminal user authentication by the authentication server, and if not, then the user terminal to the authentication server Certification failed;
所述接入服务器还设置为: 将接收到的所述 SID和随机数 RA DUE , 连 同所述接入服务器的公钥 KASN以及所述 RID发送给所述 ILR;  The access server is further configured to: send the received SID and random number RA DUE, send the public key KASN of the access server, and the RID to the ILR;
所述 ILR还设置为: 利用所述预共享密钥 K1通过第一消息完整性校验 算法对第一认证参数计算得到认证结果 RES2UE,并用所述!^^釆用非对称加 密算法对第一加密参数加密后,将加密数据 E1发送给所述接入服务器;其中, 所述第一认证参数包括所述认证结果 RA DUE和随机数 RA Due; 所述第一 加密参数包括所述认证结果 RES2UE和随机数 RA DILR; The ILR is further configured to: use the pre-shared key K1 to calculate an authentication result RES 2UE for the first authentication parameter by using a first message integrity check algorithm, and use the above! After the first encryption parameter is encrypted by the asymmetric encryption algorithm, the encrypted data E1 is sent to the access server; wherein the first authentication parameter includes the authentication result RA DUE and the random number RA Due; The first encryption parameter includes the authentication result RES 2UE and a random number RA DILR;
所述接入服务器还设置为: 利用接入服务器的私钥 对所述加密数据 E1解密后, 将得到的认证结果 RES2UE和随机数 RANDue发送给所述用户终 端。 The access server is further configured to: after decrypting the encrypted data E1 by using a private key of the access server, send the obtained authentication result RES 2UE and the random number RANDue to the user terminal.
13、 如权利要求 11或 12所述的系统, 其中,  13. The system of claim 11 or 12, wherein
所述 ILR还设置为:利用所述 ILR与所述接入服务器共享的认证密钥 KM, 通过第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN,并 用所述接入服务器的公钥 KAS1^†第二加密参数加密后得到加密数据 E3 , 将 该加密数据 E3 发送给所述接入服务器; 其中, 所述第三认证参数包括 RA DASN, RANDUE, RA DILR,RID, IL 的网絡标识符( IID )和 SID; 所述第 二加密参数包括所述认证结果 RES2ASN; The ILR is further configured to: use the authentication key KM shared by the ILR and the access server, calculate an authentication result RES 2ASN for the third authentication parameter by using a third message integrity check algorithm, and use the access The public key K AS1 of the server is encrypted, and the encrypted data E3 is obtained by encrypting the second encryption parameter, and the encrypted data E3 is sent to the access server; wherein the third authentication parameter includes RA DASN, RANDUE, RA DILR, RID a network identifier (IID) and an SID of the IL; the second encryption parameter includes the authentication result RES 2ASN ;
所述接入服务器还设置为: 在接收到所述加密数据 E3后, 用所述接入服 务器的私钥 将所述加密数据 E3解密,提取所述 RES2ASN, 并用所述认证密 钥 KAJ通过第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN, 并将所述认证结果 XRES2AS1^o所述认证结果 RES2ASN进行比较, 如果一致, 则所述接入服务器对所述 ILR的认证通过; 如果不一致, 所述接 入服务器对所述 ILR的认证失败。 The access server is further configured to: after receiving the encrypted data E3, using the access service The private key of the server decrypts the encrypted data E3, extracts the RES 2ASN , and uses the authentication key KAJ to calculate the authentication result RES 2 ASN for the third authentication parameter by using the third message integrity check algorithm, and The authentication result XRES 2AS1 ^o is compared with the authentication result RES 2ASN . If they are consistent, the access server passes the authentication of the ILR; if not, the authentication of the ILR by the access server fails.
14、 一种装置, 包括: 身份位置寄存器 (ILR ) , 所述 ILR设置为: 收到接入服务器发送来的认证结果 RES2ILR与随机数 RA DASN后, 利用 预共享密钥 K1 ,通过第二消息完整性校验算法对第二认证参数计算得到认证 结果 XRES2ILR, 并将该认证结果 XRES2ILR与接收到的认证结果 RES2ILR进行 比较, 如果所述认证结果 ^821^与所述认证结果 RES2ILR—致, 用户终端 的接入认证通过; 如果不一致, 则接入认证失败; 14. An apparatus, comprising: an identity location register (ILR), wherein the ILR is set to: after receiving an authentication result RES 2 IL R and a random number RA D ASN sent by an access server, using a pre-shared key K1, Calculating the authentication result XRES 2 IL R for the second authentication parameter by the second message integrity check algorithm, and comparing the authentication result XRES 2 IL R with the received authentication result RES 2 IL R if the authentication result ^8 2 1^According to the authentication result RES 2 IL R , the access authentication of the user terminal passes; if not, the access authentication fails;
其中, 所述预共享密钥 K1为所述用户终端与所述 ILR的预共享密钥; 所述第二认证参数包括所述随机数 RAKDUE、 所述随机数 RANDILR、 用户身 份标识符 (SID )和所述 RID; The pre-shared key K1 is a pre-shared key of the user terminal and the ILR; the second authentication parameter includes the random number RAKDUE, the random number RANDIL R , and a user identity identifier (SID) And the RID;
所述随机数 RA DASN由所述接入服务器产生并发送到所述 ILR; 所述认 证结果 RES R由用户终端在需要进行认证时产生所述随机数 RA DUE,获取 所述接入服务器在网络中的路由标识符 (RID ) 以及所述 ILR产生的随机数 RA DTLR, 并利用预共享密钥 Kl, 通过第二消息完整性校验算法对第二认证 参数计算得到认证结果 RESiR, 将该认证结果 RES2ILR发送给所述接入服务 器, 再由所述接入服务器发送到所述 ILR。 The random number RA DASN is generated by the access server and sent to the ILR; the authentication result RES R is generated by the user terminal when the authentication needs to be performed, and the access server is obtained in the network. a route identifier (RID) and a random number RA DTLR generated by the ILR, and using the pre-shared key K1, the second message authentication check algorithm calculates the authentication result RESi R by using the second message integrity check algorithm, The authentication result RES 2 IL R is sent to the access server, which is then sent by the access server to the ILR.
15、 如权利要求 14所述的装置, 其中, 所述 ILR还设置为: 利用所述预 共享密钥 K1 通过第一消息完整性校验算法对第一认证参数计算得到认证结 果 RES2UE, 并用 KASN采用非对称加密算法对第一加密参数加密后,将加密数 据 E1 发送给所述接入服务器; 其中, 所述第一认证参数包括所述认证结果 RA DUE和随机数 RANDue; 所述第一加密参数包括所述认证结果 RES2UE和 随机数 RA Due; The device according to claim 14, wherein the ILR is further configured to: calculate, by using the pre-shared key K1, the authentication result RES 2UE by using the first message integrity check algorithm on the first authentication parameter, and use After the K ASN encrypts the first encryption parameter by using an asymmetric encryption algorithm, the encrypted data E1 is sent to the access server; wherein the first authentication parameter includes the authentication result RA DUE and a random number RANDue; An encryption parameter includes the authentication result RES 2UE and a random number RA Due;
其中, 所述 KASN是所述接入服务器的公钥, 由所述接入服务器将所述接 入服务器的公钥 KASN以及所述 RID发送给所述 ILR;所述 SID由用户终端发 送给所述接入服务器。 The K ASN is a public key of the access server, and the access server sends the public key KASN of the access server and the RID to the ILR; the SID is sent by the user terminal to The access server.
16、如权利要求 14所述的装置,其中,所述 ILR还设置为:利用所述 ILR 与所述接入服务器共享的认证密钥 KAJ,通过第三消息完整性校验算法对第三 认证参数计算得到认证结果 RES2ASN, 并用所述接入服务器的公钥 KASN对第 二加密参数加密后得到加密数据 E3 , 将该加密数据 E3发送给所述接入服务 哭' 16. The apparatus of claim 14, wherein the ILR is further configured to: utilize a third message integrity check algorithm for a third authentication using an authentication key KAJ shared by the ILR with the access server The parameter is calculated to obtain the authentication result RES 2ASN , and the second encryption parameter is encrypted by using the public key K ASN of the access server to obtain the encrypted data E3, and the encrypted data E3 is sent to the access service to cry '
其中 , 所述第三认证参数包括 RANDASN, RANDUE, RA DILR,RID, ILR的 网络标识符 (IID )和 SID; 所述第二加密参数包括所述认证结果 RES2ASN; The third authentication parameter includes a RAND ASN , a RANDUE, an RA DIL R , a RID, a network identifier (IID) and an SID of the ILR; the second encryption parameter includes the authentication result RES 2ASN ;
由所述接入服务器在接收到所述加密数据 E3后,用所述接入服务器的私 钥 KA将所述加密数据 E3解密, 提取所述 RES2ASN, 并用所述认证密钥 K 通过第三消息完整性校验算法对第三认证参数计算得到认证结果 RES2ASN,并 将所述认证结果 XRES2ASN和所述认证结果 RES2ASN进行比较, 如果一致, 则 所述接入服务器对所述 ILR的认证通过; 如果不一致, 所述接入服务器对所 述 ILR的认证失败。 After receiving the encrypted data E3, the access server decrypts the encrypted data E3 with the private key K A of the access server, extracts the RES 2ASN , and uses the authentication key K to pass the first The third message integrity check algorithm calculates an authentication result RES 2ASN for the third authentication parameter, and compares the authentication result XRES 2ASN with the authentication result RES 2ASN . If they are consistent, the access server pairs the ILR. If the authentication is inconsistent, the authentication of the ILR by the access server fails.
PCT/CN2010/076174 2009-09-29 2010-08-20 Access authentication method, apparatus and system in mobile communication network WO2011038620A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910176393.0 2009-09-29
CN200910176393.0A CN102036242B (en) 2009-09-29 2009-09-29 Access authentication method and system in mobile communication network

Publications (1)

Publication Number Publication Date
WO2011038620A1 true WO2011038620A1 (en) 2011-04-07

Family

ID=43825536

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/076174 WO2011038620A1 (en) 2009-09-29 2010-08-20 Access authentication method, apparatus and system in mobile communication network

Country Status (2)

Country Link
CN (1) CN102036242B (en)
WO (1) WO2011038620A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493570A (en) * 2017-07-18 2017-12-19 东北大学 A kind of the PMIPV6 anonymous access authentication systems and method of identity-based group label

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102625311B (en) * 2012-03-14 2016-01-27 中国移动通信集团江苏有限公司 A kind of method for authenticating, right discriminating system and smart card
EP3396984B1 (en) 2012-06-29 2020-10-07 Nec Corporation Update of security for group based feature in m2m
CN104753687B (en) * 2013-12-31 2019-01-01 中国移动通信集团公司 A kind of charging method and device based on unified charging platform
CN103795542A (en) * 2014-01-24 2014-05-14 中国工商银行股份有限公司 Digital signature authentication method and device
CN104954129B (en) * 2014-03-31 2019-09-27 西安西电捷通无线网络通信股份有限公司 Method for authenticating entities and device
JP6348019B2 (en) * 2014-08-28 2018-06-27 ルネサスエレクトロニクス株式会社 COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AUTOMOBILE, AND COMMUNICATION METHOD
JP6517444B2 (en) * 2015-12-21 2019-05-22 コーニンクレッカ フィリップス エヌ ヴェKoninklijke Philips N.V. Network system for secure communication
CN105577699B (en) * 2016-03-03 2018-08-24 山东航天电子技术研究所 A kind of secure access authentication method of two-way dynamic non-stop layer authentication
US10382206B2 (en) * 2016-03-10 2019-08-13 Futurewei Technologies, Inc. Authentication mechanism for 5G technologies
US10873464B2 (en) 2016-03-10 2020-12-22 Futurewei Technologies, Inc. Authentication mechanism for 5G technologies
SG10201606164TA (en) * 2016-07-26 2018-02-27 Huawei Int Pte Ltd System and method for obtaining a common session key between devices
WO2019010701A1 (en) * 2017-07-14 2019-01-17 Zte Corporation Methods and computing device for transmitting encoded information during authentication
CN108174385B (en) * 2018-02-12 2020-07-10 海信集团有限公司 Method and device for detecting communication link
CN109335906B (en) * 2018-08-01 2020-09-11 苏州汇川技术有限公司 Verification method, elevator control device and elevator peripheral device
CN110349468A (en) * 2019-07-15 2019-10-18 贵州电网有限责任公司 A kind of insulation of electrical installation test dummy emulation system based on multi-person synergy
CN110493272B (en) * 2019-09-25 2020-10-02 北京风信科技有限公司 Communication method and communication system using multiple keys
WO2021134381A1 (en) * 2019-12-31 2021-07-08 华为技术有限公司 Method, apparatus and system for local communication
CN113206790B (en) * 2021-04-30 2022-10-18 网络通信与安全紫金山实验室 SRv6 transmission path authentication method, system and storage medium based on time period

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007038896A2 (en) * 2005-10-05 2007-04-12 Privasphere Ag Method and devices for user authentication
CN101022418A (en) * 2007-03-14 2007-08-22 华为技术有限公司 HMIP identifying method, equipment and system
CN101299667A (en) * 2008-06-05 2008-11-05 华为技术有限公司 Authentication method, system, client equipment and server

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007038896A2 (en) * 2005-10-05 2007-04-12 Privasphere Ag Method and devices for user authentication
CN101022418A (en) * 2007-03-14 2007-08-22 华为技术有限公司 HMIP identifying method, equipment and system
CN101299667A (en) * 2008-06-05 2008-11-05 华为技术有限公司 Authentication method, system, client equipment and server

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493570A (en) * 2017-07-18 2017-12-19 东北大学 A kind of the PMIPV6 anonymous access authentication systems and method of identity-based group label
CN107493570B (en) * 2017-07-18 2019-10-11 东北大学 A kind of the PMIPV6 anonymous access authentication system and method for identity-based group label

Also Published As

Publication number Publication date
CN102036242B (en) 2014-11-05
CN102036242A (en) 2011-04-27

Similar Documents

Publication Publication Date Title
WO2011038620A1 (en) Access authentication method, apparatus and system in mobile communication network
US10638321B2 (en) Wireless network connection method and apparatus, and storage medium
US7269730B2 (en) Method and apparatus for providing peer authentication for an internet key exchange
KR101009330B1 (en) Method, system and authentication centre for authenticating in end-to-end communications based on a mobile network
US7653200B2 (en) Accessing cellular networks from non-native local networks
JP4002035B2 (en) A method for transmitting sensitive information using unsecured communications
Mun et al. 3G-WLAN interworking: security analysis and new authentication and key agreement based on EAP-AKA
CN108880813B (en) Method and device for realizing attachment process
US20070192602A1 (en) Clone resistant mutual authentication in a radio communication network
WO2010012203A1 (en) Authentication method, re-certification method and communication device
Liu et al. Toward a secure access to 5G network
CN103155512A (en) System and method for providing secured access to services
KR20080108130A (en) Method and apparatus for binding multiple authentications
US20120102546A1 (en) Method And System For Authenticating Network Device
WO2010012201A1 (en) An authorization method, a communication apparatus and a communication system
WO2008043292A1 (en) An authentication method, device and system for multicast and broadcast service
WO2011041962A1 (en) Method and system for end-to-end session key negotiation which support lawful interception
Li et al. Efficient authentication for fast handover in wireless mesh networks
WO2011009268A1 (en) Wapi (wlan authentication and privacy infrastructure) -based authentication system and method
AU2004307420A1 (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
US20110055571A1 (en) Method and system for preventing lower-layer level attacks in a network
Alhakami et al. A secure MAC protocol for cognitive radio networks (SMCRN)
Gu et al. A green and secure authentication for the 4th generation mobile network
Khan et al. Another look at privacy threats in 3G mobile telephony
Trimintzios et al. WiFi and WiMAX secure deployments

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10819849

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10819849

Country of ref document: EP

Kind code of ref document: A1