• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A more valid way of performing an assurance is provided by using an assurance challenge sent to the terminal to provide the terminal with information to calculate the assurance and cryptographic key values. As a result, separate communication does not need to provide key values to the terminal. The visit guarantee center obtains a random value R T , a guarantee key value K A , and an encryption key value K C from the home guarantee center. The visit assurance center then provides the terminal with a random number R T to update the terminal's endorsement key and cryptographic key values, and challenges the terminal as part of the endorsement process. The terminal uses R T to respond to the challenge of the visit assurance center, to calculate the endorsement key value K A and the encryption key value K C. In addition, the endorsement key value is used to verify the visited network's response to the endorsement challenge of the terminal of the network.
    公开号:KR20000062153A
    申请号:KR1019990049429
    申请日:1999-11-09
    公开日:2000-10-25
    发明作者:아담엘. 베렌즈위그;카롤엔리큐 브라스와이트
    申请人:루센트 테크놀러지스 인크;
    IPC主号:
    专利说明:

    Valid authentication with key update}
    Field of invention
    The present invention relates to communications, and in particular to the assurance of communication parties in wireless communication systems.
    Description of the related technology
    1 illustrates a base station 10, a cell 12 associated therewith, and a mobile 14 within cell 12. First, when mobile 14 attempts to register or attempt communications with base station 10, base station 10 verifies or verifies the identity of the mobile before allowing the mobile to connect to the communication network. When the mobile body 14 is present in any network other than the home network, it is said to be present in the visiting network. A home network is a network controlled by a service provider that contracts with an owner of a mobile terminal to provide wireless communication services. If the mobile is operating within the visited communication network, the warranty of the mobile by the base station 10 involves communication with the warranty center 16 of the home network of the mobile. In the example of FIG. 1, the mobile body 14 is in the visited network. As a result, the assurance of the mobile body 14 involves communication with the warranty center 16 of the mobile network of the home body. When the mobile object 14 tries to access the visitor network, the base station 10 communicates with the guarantee center 18 of the visited communication network. The warranty center 18 determines from the mobile or terminal identifier such as the telephone number of the mobile 14 that the mobile 14 is registered using the network using the home warranty center 16. The visit assurance center 18 then communicates with the home assurance center 16 via a network such as the IS41 signaling network 20. The home assurance center 16 then accesses the home location register 22 having the registration entries of the mobile body 14. Home location register 22 may be associated with a terminal or mobile by an identifier, such as the mobile number of the mobile. The information contained in the home location register is used to generate cryptographic keys, and other information is then supplied to the visitor location register 24 of the visitor guarantee center 18. The information from the visitor location register 24 is then used to supply the base station 14 with the information sent to the mobile unit 14 so that the mobile body 14 responds and assures that it is entitled to receive communication services. .
    2 shows a warranty procedure used in GSM wireless networks. In this case, the mobile and home position registers contain the key Ki. When the mobile object requests access to the visited network, the visited assurance center contacts the home assurance center to receive the variables RAND, SRES, Kc. The home guarantee center uses the kit value Ki from the home position register associated with the moving object to generate variable values SRES, Kc. The value SRES is computed using a cryptographic function known as A3 with random number RAND as input and Ki as key input. In a similar manner, the cryptographic key Kc is calculated by using cryptographic function A8 with RAND as input and Ki value as key input. These values are then sent to the visitor location register of the visitor guarantee center. The visit assurance center then challenges the mobile by sending a random number RAND to the mobile. The moving body then calculates the values SRES, Kc in the same way as it is calculated by the home warranty center. The moving object then sends a value of SRES to the visiting guarantee center, where the visiting guarantee center compares the variable SRES received from the moving object with the variable SRES received from the home guarantee center. If these values match, the mobile is allowed access to the visiting network. If additional communications between the mobile and the visiting network are encrypted, they are encrypted using an encryption message A5 with input encrypted message and key input such as variable value Kc. Cryptographic functions A3, A5, A8 are well known in the art and are recommended by the GSM standard. In the GSM system, this assurance process, which includes communication with the home assurance center, is performed each time the mobile initiates a new call with the visited network.
    3A and 3B illustrate the assurance process used for an IS41 compliant network. Examples of IS41 compliant networks are networks that use AMPS, TDMA, CDMA protocols. In this system, the mobile and home position registers contain a secret value called AKEY. When the mobile object requests access to the visited network, the visited network warranty center requests data from the home warranty center. Before the actual guarantee process is initiated, the key update is performed by providing the moving object and the visited location register with keys used for cryptographic algorithms of guarantee and communication. The home location register associated with the mobile is located and uses an identifier such as the mobile number of the mobile, and the AKEY value stored in the home location register is used to generate the data transferred to the visitor location register. The calculated values are shared secret data A (SSDA) and shared secret data B (SSDB) values. These values are calculated by performing a CAVE algorithm using random RS as input and AKEY value as key input. This CAVE algorithm is well known in the art and detailed in the IS41 standard. The Home Assurance Center then sends the values Rs, SSDA and SSDB to the visitor location register of the visiting network. The visited network then updates the shared secret data (SSDB, SSDB) used by the mobile by sending Rs to the mobile. The moving body then calculates SSDA and SSDB in the same way as it is calculated by the home guarantee center. Now that the mobile and visitor location registers contain the SSDA, SSDB values, a guarantee process occurs.
    3B shows how the mobile is guaranteed in the visited network after the mobile and the visited location register have received the key values SSDA, SSDB. The visit guarantee center challenges the mobile by sending a random number R N to the mobile. At this time, the mobile body and the visit guarantee center calculate a value AUTHR, where the value AUTHR is equal to the output of the CAVE algorithm using a random number R N as an input and SSDA value as a key input. The mobile then sends the calculated value AUTHR to the visitor's assurance center. The Visit Guarantee Center compares the calculated value that is AUTHER with the value received from the mobile. If these values match, the mobile is guaranteed and access to the visiting network is allowed. Additionally, the mobile and the visitor's assurance center compute a cryptographic key value Kc, where the value of Kc is equal to the output of the CAVE algorithm using the value R N as input and the value SSDS as key input. At this time, communications between the mobile and the visited network are allowed and can be encrypted using a cryptographic function, where the inputs are the encrypted message and the key value Kc. Cryptographic functions are specified by the respective standards of CDMA, TDMA. For IS41, it should be noted that the communications between the Visit Assurance Center and the Home Assurance Center are only performed each time the mobile registers using the visiting network, as opposed to every time a call is made to the mobile.
    The above-described methods illustrate a method of demonstrating that a mobile is allowed to access a network, which does not handle a mobile that proves that a mobile is required to identify itself by a legitimate network. 4 shows an improved proposal of the IS41 standard to allow mutual assurance between the visited network and the mobile. Fig. 4 illustrates a mutual guarantee process in which the mobile unit and the visited position register receive the SSDA, SSDB values described above in Fig. 3A. Landing network is a random number RNChallenge the mobile by sending The moving object is then R as inputsN, RMCryptographic function F using values and SSDA values as keystrokesOneAnswer by doing a calculation to get the output of. In this case, RNThe value is the same value sent by the landing network, and RMThe value is a random number calculated by the moving object. In addition to sending the output of this cryptographic function, RMThe value is also sent in unencrypted format to the visited network. Visit network uses F as the keystrokeOneAs inputs to the cryptographic function, RNValues and RMCryptographic function F using an unencrypted formOneCalculate the output of. This output value is compared with the value received from the mobile, and if these values match, the mobile is verified or guaranteed. Visit network then RMBy responding to a challenge (communication) provided by the mobile in the form of a value, it is either guaranteed or verified by the mobile. Visit the warranty center then enter RMCryptographic function F using values and SSDA values as keystrokes2Send the output of The moving body then performs the same calculations, the values received from the visited network, the key values SSDA and RMPassword function F using a value2Compare the values obtained from the output of. If these values match, the mobile assumes that the network is certified or verified and continues to communicate with the network. Both the VW and the moving object are input RN, RMAnd a cryptographic function F that uses SSDB values as keystrokes.3Compute the value of the encryption key Kc by getting the output of. At this time, the mobile and the visited network can communicate; However, if encrypted communications are desired, the messages are encrypted with input and an encryption algorithm F with a Kc value as key input.4To Is encrypted using. Cryptographic Functions FOne, F2, F3Can be hash functions or a cryptographic function such as SHA-1, function F4May be a cryptographic function such as DES. Hash functions, cryptographic functions such as SHA-1 and cryptographic functions such as DES are well known in the art.
    The proposed mutual guarantee process is inefficient in that the moving object and the visited location register must have SSDA, SSDB values before starting the guarantee process. As a result, at least two sets of communications are required between the mobile body and the visiting guarantee center. The first set of communications provides the mobile with information used to calculate SSDA, SSDB values. The second set of communications is used to perform mutual guarantees.
    1 illustrates communication between a mobile body, a visited network, and a home network.
    2 shows a guarantee process of a GSM network.
    3A and 3B illustrate key update and guarantee processing of an IS41 compliant network.
    4 illustrates a proposed mutual guarantee method.
    5 illustrates a method of performing mutual assurance with key updates.
    ※ Explanation of symbols about main part of drawing ※
    10; Base station 14: mobile body
    Summary of the Invention
    The present invention provides a more effective method of performing an assurance process by using an assurance challenge sent to the terminal to provide the terminal with information to calculate assurance and cryptographic key values. As a result, separate communication does not need to provide key values to the terminal, eliminating the inefficiency of the two sets of communication. The visit guarantee center obtains a random value R T guarantee key value K A and an encryption key value K c from the home guarantee center. The visiting guarantee center then sends a random number R T to the terminal to update the terminal's guarantee key and encryption key values, and challenges the terminal as part of the guarantee process. The terminal uses the value of R T to respond to the communication of the visiting assurance center, to calculate the guarantee key value K A and the encryption key value K c. Additionally. The endorsement key value is used to verify the response of the visiting network to the terminal endorsement challenge of the network.
    details
    Figure 5 illustrates how a single random value sent to a mobile or stationary terminal is used to provide a challenge challenge to the terminal such that it updates the terminal's guarantee and cryptographic key values. The move or stop terminal 70, home position register 72, distributes the key value Ki. When the mobile terminal 70 requests access to the visited network, the visit guarantee center contacts the home guarantee center to obtain a random value R T , a guarantee key value K A , and an encryption key value K c. In response to this request, the home warranty center accesses the home location register 72 associated with the mobile terminal 70 using an identifier, such as a telephone number provided by the mobile terminal, through the visit guarantee center. The Home Assurance Center then calculates the guarantee key value K A by having the output of the cryptographic function F A using the random number R T as input and the value Ki as key input. Additionally, the Home Assurance Center calculates the cryptographic key value K C using the output of cryptographic function F C , which uses the value R T as input and the value Ki as key input. Once these values are calculated, the home warranty center communicates the R T , K A , K C values with the visited warranty center. The visit guarantee center then stores the KA, K C , R T values in the visit location register associated with the mobile terminal 70. The visit assurance center then communicates the R T value with the mobile terminal 70 with a value and a challenge challenge used to update the guarantee and cryptographic key values used by the mobile terminal. The mobile terminal uses the value R T received from the visiting guarantee center to calculate the guarantee key value K A and the encryption key value K C in the same way as the values are calculated by the home guarantee center. The mobile terminal then uses the endorsement key value K A to respond to the endorsement challenge of the visiting endorsement center. The mobile terminal determines the output of cryptographic function F 1 using R T , R M values as inputs and a guarantee key value K A as key inputs; However, it may also use a value that is less than R T R T, R M as inputs. The output of the cryptographic function F 1 and the value R T communicate with the visiting guarantee center; However, if R M is not used as input to cryptographic function F 1 or if network assurance is not required, the value R M may not be transmitted. The value R M is a random value selected by the mobile terminal. The visit guarantee center also calculates the output value of the function F 1 using the inputs R T , R M and the key input value K A so that the result value can be compared with the value communicated by the mobile terminal. If these values match, then the mobile terminal is then guaranteed or verified for the visited network. The R M value provided by the mobile terminal is used as a challenge challenge to the visited network by the mobile 70. It is used by the mobile unit 70 for assured communication to the visited network. The visited network computes the output of function F 2 , using the value R M as input and the value K A as key input. This output value then communicates with the mobile terminal, where the terminal independently determines the output of function F 2 using the value R M as input and the value K A as key input. If the output values match, then the mobile terminal then verifies or vouches in the visiting network.
    Once the mobile terminal and the visited network are guaranteed or verified by each other's identifiers, communication continues. The communication can take place using unencrypted messages or encrypted messages. If encrypted messages are used, the messages are encrypted by using the output of the cryptographic function F 2 , using the message as input and the cipher value K C as the key input. This processing can be performed whenever a call is attempted between the mobile terminal and the visiting network. It is also possible to contact the home warranty center each time the mobile registers using the visiting network rather than each time a call is attempted, and the same values K A , K as long as the mobile remains registered using the visiting network. C and R T can be used. Cryptographic functions F 1 , F 2 , F A , F C may be hash functions or one cryptographic function such as SHA-1, and function F 3 may be a cryptographic function such as DES. Hash functions, cryptographic functions such as SHA-1, and cryptographic functions such as DES are well known in the art.
    When the mobile terminal is in the home network, the same procedure can be performed. In this case, the home warranty center is in communication with the mobile terminal rather than the visited warranty center. In a wireless network, communications between the terminal and the warranty center are through a wireless base base station.
    权利要求:
    Claims (20)
    [1" claim-type="Currently amended] In the guarantee method,
    Sending a first value to the terminal;
    Receiving a response from the terminal having at least a first response value, the first response value being at least a first cryptographic function using the first value at least as input and the first portion in the first key value as a key input Receiving the first key value being part of the output of a second cryptographic function using at least the first value as an input and a second part as a second key value as a key input;
    And verifying that the first response value is equal to the expected first response value.
    [2" claim-type="Currently amended] The method of claim 1, wherein the second key value is associated with the terminal.
    [3" claim-type="Currently amended] The method of claim 1, wherein the first and second cryptographic functions are the same.
    [4" claim-type="Currently amended] The method of claim 1, wherein the first and second portions are the same.
    [5" claim-type="Currently amended] 2. The method of claim 1, wherein said response has a second response value, further comprising the step of sending a second value to said terminal, said second value being at least input with said second response value and a key input. And a portion of the output of at least a third cryptographic function using the portion that is the third key value.
    [6" claim-type="Currently amended] In the guarantee method,
    Sending a first value to the terminal;
    Receiving a response from the terminal having at least a first response value and a second response value, the first response value being at least a portion of an output of at least a first cryptographic function using at least a first portion of the first value and At least the first response value and a first portion of the first key value as a key input, the first key value being at least the first value as an input and a second portion of a second key value as a key input Receiving at least part of the output of the second cryptographic function using
    And verifying that the first response value is equal to the expected first response value.
    [7" claim-type="Currently amended] 7. The method of claim 6, wherein the second key value is associated with the terminal.
    [8" claim-type="Currently amended] 7. The method of claim 6, wherein the first and second cryptographic functions are the same.
    [9" claim-type="Currently amended] The method of claim 6, wherein the first and second portions of the first value are the same.
    [10" claim-type="Currently amended] 7. The method of claim 6, wherein transmitting the second value to the terminal, the second value being at least a third cryptogram using at least an input of the second response value and a second portion of a third key value as a key input. The guarantee method, which is part of the output of the function.
    [11" claim-type="Currently amended] In the guarantee method,
    Receiving a first value,
    Transmitting a response having at least a first response value, wherein the first response value is at least part of an output of at least a first cryptographic function using the first portion as an input and a first portion as a first key value as a key input; And wherein said key value is at least part of an output of at least a second cryptographic function using said first value as input and a second portion as a second key value as key input.
    [12" claim-type="Currently amended] The method of claim 11, wherein the first and second cryptographic functions are the same.
    [13" claim-type="Currently amended] The method of claim 11, wherein the first and second portions are the same.
    [14" claim-type="Currently amended] 12. The method of claim 11, wherein said response has a second response value, further comprising the step of receiving a second value, said second value being at least an input of said second response value and a third key value of a key input. And a part of the output of at least a third cryptographic function using the part.
    [15" claim-type="Currently amended] 15. The method of claim 14, further comprising the step of verifying that the second value is equal to the expected second value.
    [16" claim-type="Currently amended] In the guarantee method,
    Receiving a first value,
    Transmitting a response having at least a first response value and a second response value, the first response value being at least a first portion of the first value and at least inputs a first key as the second response value and a key input A portion of the output of at least a first cryptographic function using a first portion that is a value, wherein the first key value is at least of the output of at least a second cryptographic function using a second portion that is a second key value as the first value and a key input as an input And a transmission step that is part of it.
    [17" claim-type="Currently amended] The method of claim 16, wherein the first and second cryptographic functions are the same.
    [18" claim-type="Currently amended] The method of claim 16, wherein the first and second portions of the first value are the same.
    [19" claim-type="Currently amended] The output of at least a third cryptographic function as recited in claim 16, wherein said step of receiving a second value comprises at least an input of said second response value and a second portion of a third key value as a key input. Further comprising said step being part of.
    [20" claim-type="Currently amended] And further including the step of verifying that the second value is equal to the expected second value.
    类似技术:
    公开号 | 公开日 | 专利标题
    US9326142B2|2016-04-26|Cryptographic key generation
    US8861730B2|2014-10-14|Arranging data ciphering in a wireless telecommunication system
    US9467432B2|2016-10-11|Method and device for generating local interface key
    JP5597676B2|2014-10-01|Key material exchange
    US9009479B2|2015-04-14|Cryptographic techniques for a communications network
    DE69731665T2|2005-12-01|Preventing the abuse of a coded participant identity in a mobile radio system
    US5661806A|1997-08-26|Process of combined authentication of a telecommunication terminal and of a user module
    CA2277761C|2003-03-25|Method for two party authentication and key agreement
    DE602004003856T2|2007-06-28|Method and device for authentication in a communication system
    FI114180B|2004-08-31|Improved method and device arrangement for encrypting data transmission at the interface of the radio network terminal equipment and such terminal equipment
    JP4263384B2|2009-05-13|Improved method for authentication of user subscription identification module
    US5172414A|1992-12-15|Speech and control message encrypton in cellular radio
    KR100227301B1|1999-11-01|Method and apparatus for authentication in a communication system
    DE60017292T2|2005-12-01|Authentication method between a subscriber and a service provider that can be reached by a network operator by providing a secure channel
    US7395427B2|2008-07-01|Authenticated key exchange based on pairwise master key
    KR101485230B1|2015-01-22|Secure multi-uim authentication and key exchange
    CN1816997B|2011-02-16|Challenge response system and method
    RU2374778C2|2009-11-27|Protected bootstrapping for wireless communication
    KR100231743B1|1999-11-15|Communication method and device
    EP1757148B1|2009-04-08|Security in a mobile communications system
    ES2384634T7|2018-10-11|Enhanced security design for cryptography in mobile communications systems
    EP2763441B1|2017-09-06|Self provisioning of wireless terminals in wireless networks
    FI107486B|2001-08-15|Providing authentication and encryption in a mobile communication system
    KR100747825B1|2007-08-08|Method for establishing session key agreement
    US6260147B1|2001-07-10|Wireless subscription portability
    同族专利:
    公开号 | 公开日
    EP1001570A3|2002-09-25|
    CN1256599A|2000-06-14|
    EP1001570A2|2000-05-17|
    AU5718599A|2000-05-11|
    BR9905142A|2000-09-26|
    JP2000269959A|2000-09-29|
    CA2282942A1|2000-05-09|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    1998-11-09|Priority to US18881898A
    1998-11-09|Priority to US9/188818
    1999-11-09|Application filed by 루센트 테크놀러지스 인크
    2000-10-25|Publication of KR20000062153A
    优先权:
    申请号 | 申请日 | 专利标题
    US18881898A| true| 1998-11-09|1998-11-09|
    US9/188818|1998-11-09|
    [返回顶部]