Disclosure of Invention
The embodiment of the application provides a message protection method and device, which are beneficial to reducing the complexity of carrying out security protection on an initial NAS message and improving the access efficiency of terminal equipment.
In a first aspect, a message protection method in an embodiment of the present application includes:
the terminal equipment obtains the protected initial NAS information according to the symmetric key and the first security algorithm, and sends the protected initial NAS information to the first network equipment; and sending the key-related parameter to the second network device, wherein the key-related parameter is used to obtain the symmetric key.
In the embodiment of the application, the terminal device can perform security protection on the initial NAS message through the symmetric key and the first security algorithm, so that the transmission security of the initial NAS message is improved, and meanwhile, compared with the prior art, the complexity of performing security protection on the initial NAS message is favorably reduced, and the access efficiency of the terminal device is favorably improved.
In one possible design, the key-related parameter includes a public key of the terminal device, and the terminal device may obtain the symmetric key according to the following manner:
and the terminal equipment generates a symmetric key according to the public key of the second network equipment and the private key of the terminal equipment.
The terminal device generates a symmetric key according to the public key of the second network device and the private key of the terminal device, and in concrete implementation, one possible design is as follows:
the terminal device generates an intermediate key according to the public key of the second network device and the private key of the terminal device, and then generates a symmetric key according to the intermediate key and the fixed character string. Alternatively, the fixed character string may be configured in the terminal device in advance.
In one possible design, the key-related parameter includes a ciphertext of the symmetric key, where the ciphertext of the symmetric key is obtained according to a public key of the second network device, and the terminal device may obtain the symmetric key according to the following manner:
optionally, the terminal device generates a symmetric key according to a random key generation algorithm; or, optionally, the terminal device generates the symmetric key according to the random number, the permanent key, and a Key Derivation Function (KDF).
In one possible design, the key-related parameter includes a ciphertext of the first security algorithm, where the ciphertext of the first security algorithm is obtained from a public key of the second network device.
The technical scheme is beneficial to improving the safety of the transmission of the first safety algorithm.
In one possible design, the first security algorithm is determined by the terminal device according to a preconfigured policy.
In one possible design, the initial NAS message is a registration request message.
In a possible design, after receiving the protected downlink NAS message from the first network device, the terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, where the downlink NAS message may be a registration accept message or a NAS SMC message.
The technical scheme is beneficial to improving the security of transmitting the registration acceptance message or the NAS SMC message.
In a possible design, the terminal device receives a protected downlink NAS message from the first network device, where the downlink NAS message includes the second security algorithm, the terminal device may decrypt the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, then obtain the second security algorithm from the downlink NAS message, and finally, if the first network device performs integrity protection on a ciphertext of the downlink NAS message, the terminal device checks integrity of the protected downlink NAS message according to the second security algorithm, and if the first network device performs integrity protection on the downlink NAS message, the terminal device checks integrity of the downlink NAS message according to the second security algorithm. Wherein the downlink NAS message is a registration acceptance message.
In the above technical solution, the first network device may send the second security algorithm to the terminal device through the registration acceptance message, so that no NAS SMC message needs to be transmitted to the terminal device, which is beneficial to saving signaling overhead. Wherein the second security algorithm is the security algorithm selected by the first network device.
In one possible design, the terminal device receives a protected downlink NAS message from the first network device, and checks the integrity of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message may be a downlink reject message.
By the technical scheme, the integrity of the downlink rejection message can be verified, the terminal equipment is facilitated to determine whether the received downlink rejection message is forged, tampered and the like, and the possibility that the terminal equipment enters a denial of Service (DoS) state is reduced.
In one possible design, the first network device is an access and mobility management function (AMF), and the second network device is an independent data management (UDM) entity or an authentication service function (AUSF) entity.
In a second aspect, a method for message protection in an embodiment of the present application includes:
the second network device receives the key-related parameters from the terminal device, obtains a symmetric key according to the key-related parameters, and then sends the symmetric key to the first network device, wherein the key-related parameters are used for obtaining the symmetric key, and the symmetric key is used for performing security protection on the initial NAS message.
In the embodiment of the application, the second network device can send the symmetric key to the first network device, so that the first network device can obtain the initial NAS message according to the symmetric key.
In one possible design, the key-related parameter includes a public key of the terminal device; the second network device obtains the symmetric key according to the following manner:
and the second network equipment generates a symmetric key according to the public key of the terminal equipment and the private key of the second network equipment.
The second network device generates a symmetric key according to the public key of the terminal device and the private key of the second network device, and in a specific implementation, one possible design is as follows:
the second network equipment generates an intermediate key according to the public key of the terminal equipment and the private key of the second network equipment, and then generates a symmetric key according to the intermediate key and the fixed character string. Alternatively, the fixed string may be preconfigured in the second network device.
In one possible design, the key-related parameter includes a ciphertext of a symmetric key; the second network device obtains the symmetric key according to the following manner:
and the second network equipment decrypts the ciphertext of the symmetric key according to the private key of the second network equipment to obtain the symmetric key.
In one possible design, the key-related parameter includes a ciphertext of the first security algorithm; and the second network equipment decrypts the ciphertext of the first security algorithm according to the public key of the second network equipment to obtain the first security algorithm, and sends the first security algorithm to the first network equipment.
The technical scheme is beneficial to improving the transmission safety of the first safety algorithm.
In one possible design, the first network device is an AMF entity; the second network device is a UDM entity or an AUSF entity.
In a third aspect, a method for protecting a message in an embodiment of the present application includes:
the first network equipment receives a protected initial NAS message from the terminal equipment; and receiving a symmetric key from the second network device; then, an initial NAS message is obtained according to the symmetric key and the first security algorithm.
In the embodiment of the application, because the initial NAS message is subjected to security protection through the symmetric key and the first security algorithm, compared with the prior art, the security of the transmission of the initial NAS message is improved, and the complexity of performing security protection on the initial NAS message is reduced, and the access efficiency of the terminal device is improved.
In one possible design, a first network device receives a first security algorithm from a second network device.
The technical scheme is beneficial to improving the transmission safety of the first safety algorithm.
In one possible design, the initial NAS message is a registration request message.
In one possible design, the first network device obtains the protected downlink NAS message according to the symmetric key and the first security algorithm; and sending the protected downlink NAS message to the terminal equipment.
The technical scheme is beneficial to improving the safety of transmitting the downlink NAS message.
In one possible design, the downstream NAS message is a registration accept message or a NAS SMC message.
In one possible design, the first network device obtains a ciphertext of a downlink NAS message according to the symmetric key and a first security algorithm, where the downlink NAS message is a registration acceptance message, and the registration acceptance message includes a second security algorithm; and then the first network equipment performs integrity protection on the ciphertext of the downlink NAS message according to a second security algorithm to obtain a protected downlink NAS message, and sends the protected downlink NAS message to the terminal equipment. In the above technical solution, the first network device may send the second security algorithm to the terminal device through the registration acceptance message, so that no NAS SMC message needs to be transmitted to the terminal device, which is beneficial to saving signaling overhead. Wherein the second security algorithm is the security algorithm selected by the first network device.
In one possible design, the first network device performs integrity protection on the downlink NAS message according to a second security algorithm, where the downlink NAS message is a registration acceptance message, and the registration acceptance message includes the second security algorithm; then the first network equipment obtains a protected downlink NAS message according to the symmetric key and a first security algorithm, wherein the protected downlink NAS message is a ciphertext of the downlink NAS message after integrity protection; and finally, the first network equipment sends the protected downlink NAS message to the terminal equipment. In the above technical solution, the first network device may send the second security algorithm to the terminal device through the registration acceptance message, so that no NAS SMC message needs to be transmitted to the terminal device, which is beneficial to saving signaling overhead. Wherein the second security algorithm is the security algorithm selected by the first network device.
In a possible design, the first network device performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain a protected downlink NAS message, and then sends the protected downlink NAS message to the terminal device, where the downlink NAS message may be a registration reject message.
By the technical scheme, the integrity of the downlink rejection message can be protected, the terminal equipment is facilitated to determine whether the received downlink rejection message is forged, tampered and the like, and the possibility that the terminal equipment enters the DoS state is reduced.
In one possible design, the first network device is an AMF entity; the second network device is a UDM entity or an AUSF entity.
In a fourth aspect, the apparatus for message protection in the embodiment of the present application may be a terminal device, or may be a chip in the terminal device. The apparatus has the functionality to implement the first aspect described above and each of the possible designs of the first aspect. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
In one possible design, the apparatus includes a processing unit, which may be, for example, a processor, and a communication unit, which may be, for example, a transceiver, which may include radio frequency circuitry. The processing unit is configured to obtain a protected initial NAS message according to a symmetric key and a first security algorithm, and the communication unit is configured to send the protected initial NAS message to the first network device and send a key-related parameter to the second network device, where the key-related parameter is used to obtain the symmetric key.
In another possible design, the apparatus includes a processor and a memory, where the memory is configured to store a program, and the processor is configured to call the program stored in the memory to implement the method for message protection in the first aspect and any one of the possible designs of the first aspect. It should be noted that the processor may transmit or receive data through an input/output interface, a pin or a circuit, or the like. The memory may be on-chip registers, cache, etc. In addition, the memory may also be a storage unit located outside the chip in the terminal device, such as a read-only memory (ROM), other types of static storage devices that can store static information and instructions, a Random Access Memory (RAM), and so on.
The processor mentioned in any of the above may be a general purpose Central Processing Unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling a program for executing the method of the first aspect or any of the possible designs of the first aspect.
In a fifth aspect, the apparatus for message protection in the embodiment of the present application may be a network device, or may be a chip in the network device. The apparatus has the function of implementing the second aspect described above and each of the possible designs of the second aspect. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
In one possible design, the apparatus includes a processing unit, which may be, for example, a processor, and a communication unit, which may be, for example, a communication interface, and optionally, the processor and the communication interface may be connected by a wired manner such as an optical fiber, a twisted pair, and the like, and the communication unit may also be a transceiver, and the transceiver may include a radio frequency circuit, and optionally, the processor and the transceiver may be connected by a wireless manner such as wireless fidelity (WIFI).
Specifically, the communication unit is configured to receive a key-related parameter from the terminal device, where the key-related parameter is used to obtain a symmetric key, and the symmetric key is used to perform security protection on the initial NAS message; the processing unit is configured to obtain a symmetric key according to the key-related parameter, and the communication unit is further configured to send the symmetric key to the first network device.
In another possible design, the apparatus includes a processor and a memory, where the memory is used to store a program, and the processor is used to call the program stored in the memory to implement the method for message protection in the second aspect and any one of the possible designs of the second aspect. It should be noted that the processor may send or receive data through an input/output interface, a pin or a circuit, or the like. The memory may be on-chip registers, cache, etc. In addition, the memory may also be a storage unit located outside the chip within the network device, such as a ROM, other types of static storage devices that may store static information and instructions, a RAM, and so forth.
The processor referred to in any above may be a general purpose CPU, a microprocessor, a specific ASIC, or one or more integrated circuits for controlling the execution of the program for performing the method of message protection according to the second aspect or any of the possible designs of the second aspect.
In a sixth aspect, the apparatus for message protection in the embodiments of the present application may be a network device, or may be a chip in the network device. The apparatus has the function of implementing the technical solutions of the above third aspect and each possible design of the third aspect. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above.
In one possible design, the apparatus includes a processing unit, which may be, for example, a processor, and a communication unit, which may be, for example, a communication interface, and optionally, the processor and the communication interface may be connected in a wired manner such as an optical fiber, a twisted pair, and the like, and the communication unit may also be a transceiver, and the transceiver may include a radio frequency circuit, and optionally, the processor and the transceiver may be connected in a wireless manner such as WIFI.
Specifically, the communication unit is configured to receive a protected initial NAS message from the terminal device and receive a symmetric key from the second network device, and the processing unit is configured to obtain the initial NAS message according to the symmetric key and the first security algorithm.
In another possible design, the apparatus includes a processor and a memory, where the memory is used to store a program, and the processor is used to call the program stored in the memory to implement the message protection method in any one of the third aspect and the third aspect. It should be noted that the processor may send or receive data through an input/output interface, a pin or a circuit, or the like. The memory may be on-chip registers, cache, etc. In addition, the memory may also be a storage unit located outside the chip within the network device, such as a ROM, other types of static storage devices that may store static information and instructions, a RAM, and so forth.
The processor referred to in any of the above may be a general purpose CPU, a microprocessor, a specific ASIC, or one or more integrated circuits for controlling a program for executing the method of message protection according to any of the above third aspect or possible designs thereof.
In a seventh aspect, this application embodiment further provides a computer-readable storage medium, which stores a program and when the program runs on a computer, causes the computer to execute the method in the above aspects.
In an eighth aspect, the present application also provides a computer program product comprising a program which, when run on a computer, causes the computer to perform the method of the above aspects.
In a ninth aspect, the present application further provides a communication system, which includes the apparatus of any one of the possible designs of the fourth aspect or the fourth aspect, the apparatus of any one of the possible designs of the fifth aspect or the fifth aspect, and the apparatus of any one of the possible designs of the sixth aspect or the sixth aspect.
In addition, for technical effects brought by any one of the possible design manners in the fourth aspect to the ninth aspect, reference may be made to technical effects brought by different design manners in the first aspect, and details are not described here.
Detailed Description
Fig. 1 is a schematic diagram of a possible network architecture applicable to the embodiment of the present application. The network architecture is the 4th Generation mobile communication technology (4G) network architecture. The network element in the 4G architecture includes a terminal device, a Mobility Management Entity (MME), a Serving GPRS Support Node (SGSN), a Home Subscriber Server (HSS), a serving gateway (S-GW), a packet data network gateway (PDN gateway, P-GW), a policy and charging rules function (policy and charging rules function, PCRF) entity, an evolved universal radio access network (E-TURAN), and the like.
The E-UTRAN consists of a plurality of evolved node bs (enodebs), the enodebs are interconnected with each other through an X2 interface, the enodebs are interconnected with an Evolved Packet Core (EPC) through an S1 interface, and the enodebs are interconnected with terminal equipment through LTE-Uu.
The main functions of the MME are to support NAS messages and their security, management of Tracking Area (TA) lists, selection of P-GW and S-GW, selection of MME at handover across MMEs, selection of SGSN during handover to 2G/3G access systems, authentication of terminal devices, roaming control and bearer management, mobility management between core network nodes of different access networks of the third generation partnership project (3 GPP).
The S-GW is a gateway terminating at the E-UTRAN interface, and its main functions include: when switching between base stations is carried out, the base stations are used as local anchor points and assist in finishing the reordering function of the base stations; when switching between different access systems of 3GPP, the mobile anchor point is used; performing a lawful interception function; routing and forwarding the data packet; grouping and marking are carried out on an uplink transmission layer and a downlink transmission layer; for inter-operator charging, etc.
The P-GW is a gateway which faces PDNs and is terminated at an SGi interface, and if the terminal equipment accesses a plurality of PDNs, the terminal equipment corresponds to one or more P-GWs. The main functions of the P-GW include a packet filtering function based on the terminal device, a lawful interception function, an Internet Protocol (IP) address allocation function for interconnection between networks of the terminal device, marking of a data packet transmission level in an uplink, charging of an uplink and a downlink service level, control of a service level threshold, control of an uplink and a downlink rate based on a service, and the like.
The HSS is a database for storing terminal device subscription information, and may include one or more HSSs in the home network. The HSS is responsible for holding terminal device related information such as terminal device identification, numbering and routing information, security information, location information, profile information, etc.
The SGSN can be used for signaling interaction when 2G/3G and E-UTRAN 3GPP access networks move, including the selection of P-GW and S-GW, and the selection of MME for the terminal equipment switched to the E-UTRAN 3GPP access network.
The PCRF entity is terminated at an Rx interface and a Gx interface, and only one PCRF is related to an IP connectivity access network (IP-connectivity access network) of the terminal equipment in a local public land mobile network (HPLMN) when a non-roaming scene exists; in a roaming scenario and when the traffic flow is a local breakout, there may be two PCRFs associated with an IP-CAN session of a terminal device.
The terminal equipment is equipment with a wireless transceiving function, can be deployed on land and comprises an indoor or outdoor, a handheld or a vehicle-mounted terminal; can also be deployed on the water surface (such as a ship and the like); and may also be deployed in the air (e.g., airplanes, balloons, satellites, etc.). Specifically, the terminal device may be a User Equipment (UE), a mobile phone (mobile phone), a tablet (pad), a computer with a wireless transceiving function, a Virtual Reality (VR) terminal, an Augmented Reality (AR) terminal, a wireless terminal in industrial control (industrial control), a wireless terminal in self driving (self driving), a wireless terminal in remote medical (remote medical), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety, a wireless terminal in city (smart city), a wireless terminal in smart home (smart home), and the like.
Fig. 2 is a schematic diagram of another possible network architecture to which the embodiment of the present application is applicable. The network architecture is the 5th Generation mobile communication technology (5G) network architecture. The 5G architecture may include a terminal device, a Radio Access Network (RAN), an AMF entity, a Session Management Function (SMF) entity, a User Plane Function (UPF) entity, a UDM entity, an authentication service function (AUSF) entity, and a Data Network (DN). Furthermore, the 5G network architecture may include an Authentication Credential storage and processing Function (ARPF) entity, a security anchor Function (SEAF) entity, a subscription identity resolution Function (SIDF) entity, and the like, in addition to the network elements shown in fig. 2.
The main function of the RAN is to control the access of the terminal devices to the mobile communication network via radio. The RAN is part of a mobile communication system. It implements a wireless access technology. Conceptually, it resides between certain devices (e.g., a mobile phone, a computer, or any remote control machine) and provides connectivity to its core network. RAN equipment includes, but is not limited to: (G node B, gNB) in 5G, evolved node B (eNB), Radio Network Controller (RNC), node B (node B, NB), Base Station Controller (BSC), Base Transceiver Station (BTS), home base station (e.g., home evolved node B, or home node B, HNB), Base Band Unit (BBU), transmission point (TRP), Transmission Point (TP), mobile switching center, etc., and may further include wireless fidelity (wifi) access point (access point, AP), etc.
The AMF entity is responsible for access management and mobility management of the terminal device, and in practical application, the AMF entity includes a mobility management function of an MME in a 4G network framework and adds the access management function.
The SMF entity is responsible for session management, such as session establishment for the user.
The UPF entity is a functional network element of the user plane, and is mainly responsible for connecting with an external network, and includes related functions of the SGW and the P-GW in the 4G network architecture.
The DNs are responsible for networks providing services for the terminal devices, for example, some DNs provide internet access functions for the terminal devices, and other DNs provide short message functions for the terminal devices.
The AUSF entity has an authentication service function for terminating the authentication function of the SEAF request.
The UDM entity may store subscription information of the terminal device, implementing a backend similar to the HSS in 4G.
The ARPF entity has an authentication certificate storage and processing function and is used for storing long-term authentication certificates of the UE, such as a permanent key K and the like. In 5G, the functions of ARPF can be incorporated into the UDM entity.
The SEAF entity is used to complete the authentication process for the terminal device, and in 5G, the functions of SEAF may be incorporated into the AMF entity.
The SIDF entity may parse identity information of the subscriber, for example, obtain a subscription permanent identity (SUPI) from a subscription hidden identity (SUCI).
The terminal device may refer to the terminal device in the network architecture shown in fig. 1.
The embodiment of the present application is applicable to both the 4G network architecture shown in fig. 1 and the 5G network architecture shown in fig. 2.
In this embodiment of the present application, the first network device may be a mobility management function entity for managing the terminal device, or may also be a mobility management function entity or a chip in the mobility management function entity, for example, an MME in 4G, an AMF entity in 5G, or an SEAF entity; the second network device may be a storage function entity for storing a private key of the network device, or decrypting messages encrypted according to a public key of the network device, or a chip within the storage function entity, e.g. HSS in 4G, APRF entity in 5G, or AUSF entity, or SIDF entity, or UDM entity. For convenience of description, in the embodiments of the present application, the first network device is taken as a mobility management function entity, and the second network device is taken as a storage function entity for example, which is not limited.
It should be noted that, by using the method provided by the embodiments of the present application, not only the complete initial NAS message can be protected, but also a partial field of the initial NAS message can be protected. For convenience of description, in the embodiments of the present application, a complete initial NAS message is taken as an example for description, and when a partial field of the initial NAS message is protected, the ciphertext of the initial NAS message, the MAC of the initial NAS message, and the MAC of the ciphertext of the initial NAS message may be replaced by the ciphertext of the initial NAS message partial field, the MAC of the initial NAS message partial field, and the MAC of the ciphertext of the initial NAS message partial field, respectively, without limitation.
The following describes a message protection method according to an embodiment of the present application in detail with reference to the accompanying drawings.
As shown in fig. 3, a schematic flow chart of a method for protecting a message provided in the embodiment of the present application includes the following steps:
step 301, the terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm.
The initial NAS message may be a first NAS message sent to the mobility management function entity in a process that the terminal device accesses the mobility management function entity. For example, the initial NAS message may be a Registration Request (RR) message, an attach request (attach request) message, a Tracking Area Update (TAU) message, or the like.
The symmetric key may be an encryption key or an integrity protection key, and may also include an encryption key and an integrity protection key.
Illustratively, the symmetric key is an encryption key and the first security algorithm is an encryption algorithm; or, the symmetric key is an integrity protection key, and the first security algorithm is an integrity protection algorithm; alternatively, the symmetric key comprises an encryption key and an integrity protection key, and the first security algorithm comprises an encryption algorithm and an integrity protection algorithm.
The encryption related in the application is used for ensuring that the message content received by the target receiver is not tampered by a third party and is consistent with the message sent by the sender to the target receiver.
It should be noted that, when the symmetric key is an encryption key and the first security algorithm is an encryption algorithm, the protected initial NAS message may be a ciphertext of the initial NAS message; when the symmetric key is an integrity protection key and the first security algorithm is an integrity protection algorithm, the protected initial NAS message may be an initial NAS message and a Message Authentication Code (MAC) of the initial NAS message; when the symmetric key comprises the ciphering key and the integrity protection key, the protected initial NAS message may be a cipher text and a MAC of the initial NAS message, where the MAC may be a MAC of the cipher text of the initial NAS message, or the MAC is a MAC of the initial NAS message, and when the symmetric key comprises the ciphering key and the integrity protection key, the protected initial NAS message may be a cipher text of the initial NAS message after integrity protection, where contents encrypted in the cipher text of the initial NAS message after integrity protection include the initial NAS message and the MAC of the initial NAS message, and whether the MAC of the initial NAS message or the MAC of the initial NAS message in a specific protected initial NAS message is the MAC of the cipher text of the initial NAS message is related to whether the terminal device performs integrity protection on the initial NAS message or the cipher text of the initial NAS message, and whether the MAC is encrypted under the condition that the initial NAS message is integrity protected first, the specific implementation is determined by the internal implementation of the terminal device.
In a specific implementation, the symmetric key may be configured in advance on the terminal device, or the terminal device may generate the symmetric key. The method for generating the symmetric key by the terminal device can be applied to the situation that the generation algorithm of the symmetric key is configured on the terminal device in advance, and can also be applied to the situation that the symmetric key is configured on the terminal device in advance.
The first way of generating the symmetric key by the terminal device is as follows:
and the terminal equipment generates a symmetric key according to the public key of the storage function entity and the private key of the terminal equipment. It should be noted that the terminal device may generate a public key and a private key of the terminal device according to the preconfigured asymmetric parameter, and optionally, an algorithm for generating the public key and the private key of the terminal device may be an elliptic curve complete encryption method (ECIES).
The following illustrates a first way in which the terminal device generates the symmetric key.
Example one: and the terminal equipment directly generates a symmetric key according to the public key of the storage function entity and the private key of the terminal equipment. Alternatively, the algorithm for generating the symmetric key may be a Key Agreement Function (KAF) pre-configured in the terminal device. Optionally, the symmetric key generated in example one may be an encryption key or an integrity protection key, and may be applied to the case where the symmetric key is an encryption key or an integrity protection key; or, optionally, the symmetric key generated in example one may be used as both the encryption key and the integrity protection key, and may be applied to a case where the symmetric key includes the encryption key and the integrity protection key, and the encryption key and the integrity protection key are the same; or, optionally, the terminal device may directly generate the symmetric key 1 and the symmetric key 2 according to the public key of the storage function entity and the private key of the terminal device, respectively, for different private keys, where the terminal device may use the symmetric key 1 as an encryption key and may use the symmetric key 2 as an integrity protection key, and the terminal device includes two or more private keys, and may be applied to a case where the symmetric key includes the encryption key and the integrity protection key and the encryption key and the integrity protection key are different.
Example two: the terminal equipment generates an intermediate key according to the public key of the storage function entity and the private key of the terminal equipment, and then generates a symmetric key according to the intermediate key and the fixed character string. The fixed character string may be pre-configured on the terminal device and the network side (such as a storage function entity), or pre-configured on the terminal device or the network side. Specifically, the terminal device and the network side may be configured with one or more fixed character strings in advance, and in the case of configuring a plurality of fixed character strings in advance, the terminal device may select at least one fixed character string according to a preset algorithm or rule, for example, randomly select at least one fixed character string, or select one or more fixed character strings according to a certain priority order. Specifically, the fixed string may be "NAS", "INITIAL", "INITIAL NAS", "SUPI", "INITIAL ENC", "INITIAL NAS ENC", "INITIAL INT", "INITIAL NAS INT", and the like, and it should be noted that the manner of generating the intermediate key in the second example is similar to the manner of generating the symmetric key in the first example, for example, the algorithm for generating the intermediate key may be KAF configured in the terminal device in advance.
For example, optionally, the symmetric key generated in example two may be an encryption key or an integrity protection key, and may be applied to the case where the symmetric key is an encryption key or an integrity protection key; or, optionally, the symmetric key generated in the second example may be used as both the encryption key and the integrity protection key, and may be applied to the case where the symmetric key includes the encryption key and the integrity protection key, and the encryption key and the integrity protection key are the same; or, optionally, the terminal device may directly generate the symmetric key 1 and the symmetric key 2 according to the public key of the storage function entity and the private key of the terminal device respectively for different private keys, then generate the symmetric key 1 according to the intermediate key 1 and the fixed character string, generate the symmetric key 2 according to the intermediate key 2 and the fixed character string, directly use the symmetric key 1 as the encryption key and the symmetric key 2 as the integrity protection key, where the terminal device has two or more private keys, and may be applied to the case where the symmetric key includes the encryption key and the integrity protection key and the encryption key and the integrity protection key are different; or, optionally, the terminal device generates an intermediate KEY according to the public KEY of the storage function entity and the private KEY of the terminal device, and then in order to obtain the encryption KEY and the integrity protection KEY, the terminal device may select two different fixed strings, such as fixed string 1 and fixed string 2, specifically, the fixed string 1 may be "ENC", "KEY ENC", "INIITIAL ENC", etc., the fixed string 2 may be "INT", "KEY INT", "INIITIAL INT", etc., and generate the symmetric KEY 1 according to the fixed string 1 and the intermediate KEY, and generate the symmetric KEY 2 according to the fixed string 2 and the intermediate KEY, and use the symmetric KEY 1 as the encryption KEY and the symmetric KEY 2 as the integrity protection KEY, where the terminal device may have one or more private KEYs, and may be applied to the symmetric KEY including the encryption KEY and the integrity protection KEY, and may include the encryption KEY and the integrity protection KEY, And the encryption key and the integrity protection key are different.
It should be noted that, in the second example, an optional manner is: the terminal equipment directly sends the public key of the terminal equipment to the storage function entity, under the condition, the storage function entity generates an intermediate key according to the public key of the terminal equipment and the private key of the storage function entity, and then generates a symmetric key according to the intermediate key and the symmetric character string; another optional mode is: the terminal equipment sends the generated intermediate key to the storage function entity, and the storage function entity directly generates the symmetric key according to the intermediate key and the fixed character string, so that the steps of generating the symmetric key by the storage function entity are reduced, and the communication efficiency is improved. Yet another alternative is: the terminal device encrypts the symmetric key according to the public key of the storage function entity, and then sends the ciphertext of the symmetric key to the storage function entity. The parameters sent by the specific terminal device to the storage function entity are determined by an algorithm or a strategy configured in advance in the terminal device.
Example three: the terminal equipment generates a temporary secret key 1 according to the public key of the storage function entity and the private key of the terminal equipment, and then further secret key derivation is carried out on the basis of a KDF configured in advance according to the temporary secret key 1 to generate a temporary secret key 2. Optionally, the terminal device directly uses the temporary key 2 as a symmetric key; or, the terminal device truncates the length of the temporary key 1 or the temporary key 2 to a length that satisfies a preconfigured length according to a preconfigured truncation (truncated) function, and obtains the symmetric key.
For example, optionally, the symmetric key generated in example three may be an encryption key or an integrity protection key, and may be applied to a case where the symmetric key is an encryption key or an integrity protection key; or, optionally, the terminal device generates an encryption key or an integrity protection key according to the symmetric key and the fixed string generated in example three, specifically, the fixed string may be "NAS", "INITIAL", "INITIAL NAS", or the like; or, optionally, the symmetric key generated in the third example may be used as both the encryption key and the integrity protection key, and may be applied to the case where the symmetric key includes the encryption key and the integrity protection key, and the encryption key and the integrity protection key are the same; or, optionally, the terminal device may use the private key 1 and the private key 2 to generate the symmetric key 1 and the symmetric key 2 respectively according to the method in example three, and then directly use the symmetric key 1 as the encryption key and the symmetric key 2 as the integrity protection key, where the terminal device has two or more private keys, and may be applied to the cases where the symmetric keys include the encryption key and the integrity protection key, and the encryption key and the integrity protection key are different; or, optionally, the terminal device generates a temporary KEY 1 according to the public KEY of the storage function entity and the private KEY of the terminal device, and then in order to obtain the encryption KEY and the integrity protection KEY, the terminal device may select two different fixed strings, such as fixed string 1 and fixed string 2, specifically, the fixed string 1 may be "ENC", "KEY ENC", "INIITIAL ENC", etc., and the fixed string 2 may be "INT", "KEY INT", "INIITIALINT", etc., and perform further KEY derivation based on the preset KDF according to the fixed string 1 and the temporary KEY 1 to generate the symmetric KEY 1, and perform further KEY derivation based on the preset KDF according to the fixed string 2 and the intermediate KEY to generate the symmetric KEY 2, and use the symmetric KEY 1 as the encryption KEY and the symmetric KEY 2 as the integrity protection KEY, the terminal device has one or more private keys, and can be applied to the situation that the symmetric key comprises an encryption key and an integrity protection key, and the encryption key and the integrity protection key are different.
The second way of generating the symmetric key by the terminal device is as follows:
and the terminal equipment generates a symmetric key according to a random key generation algorithm. Optionally, the random key generation algorithm is configured in advance on the terminal device. Specifically, the terminal device generates a key satisfying the length required by the random key generation algorithm according to a pre-configured random key generation algorithm, and uses the key as a symmetric key.
For example, optionally, the symmetric key generated in the second method may be an encryption key or an integrity protection key, and may be applied to the case where the symmetric key is an encryption key or an integrity protection key; or, optionally, the symmetric key generated in the second method may be used as both the encryption key and the integrity protection key, and may be applied to the case where the symmetric key includes the encryption key and the integrity protection key, and the encryption key and the integrity protection key are the same; or, optionally, the symmetric key generated by the terminal device according to the preconfigured random key generation algorithm may include a symmetric key 1 and a symmetric key 2, where the terminal device may use the symmetric key 1 as an encryption key and the symmetric key 2 as an integrity protection key, and may be applied to the case where the symmetric key includes an encryption key and an integrity protection key; or, optionally, the terminal device may generate a temporary key 4 according to a preconfigured random key generation algorithm, then generate an encryption key based on the KDF according to the temporary key 4 and a preconfigured first fixed character string, and generate an integrity protection key based on the KDF according to the temporary key 4 and a preconfigured second fixed character string, which may be applied to a case where the symmetric key includes an encryption key and an integrity protection key.
The third way of generating the symmetric key by the terminal equipment is as follows:
the terminal device generates a symmetric key according to the random number, the permanent key and the KDF, optionally, the permanent key and the KDF are pre-configured in the terminal device, and the random number is generated randomly by the terminal device.
For example, optionally, the symmetric key generated in the third method may be an encryption key or an integrity protection key, and may be applied to the case where the symmetric key is an encryption key or an integrity protection key; or, optionally, the symmetric key generated in the third method may be used as both the encryption key and the integrity protection key, and may be applied to the case where the symmetric key includes the encryption key and the integrity protection key, and the encryption key and the integrity protection key are the same; or, optionally, the terminal device may generate the encryption key and the integrity protection key based on the same manner according to different random numbers, respectively, and may be applied to a case where the symmetric key includes the encryption key and the integrity protection key; or, alternatively, the terminal device may generate the encryption key based on the KDF according to the permanent key, the random number, and the first pre-configured fixed string, and generate the integrity protection key based on the KDF according to the permanent key, the random number, and the second pre-configured fixed string, which may be applied to the case where the symmetric key includes the encryption key and the integrity protection key.
In addition, in this embodiment of the present application, the first security algorithm may be pre-configured in the terminal device, and the terminal device determines according to a pre-configured policy, where the selectable pre-configured policy is sent to the terminal device by the network side device, where the network side device may be a mobility management function entity that the terminal device needs to access in this embodiment of the present application, or may be another mobility management function entity that the terminal device has accessed in the network, for example, when the terminal device accesses the mobility management entity for the first time, the pre-configured policy may be sent by another mobility management function entity that the terminal device has accessed in the network. In addition, the preconfigured strategy can also be artificially configured in the terminal equipment. An exemplary alternative preconfigured policy approach is: if the terminal device accesses the mobility management function entity for the first time, the first security algorithm may be a security algorithm preconfigured in the terminal device, and optionally, if the terminal device is preconfigured with a plurality of security algorithms, the first security algorithm may be one of the plurality of preconfigured security algorithms, and a specific manner of how the terminal device selects the first security algorithm from the plurality of preconfigured security algorithms is determined by an internal implementation manner of the terminal device. If the terminal device accesses the mobility management function entity N times, where N is an integer greater than or equal to 2, the first security algorithm may be a security algorithm used when the terminal device accesses the mobility management entity (N-1) times. Optionally, the preconfigured policy may also be preconfigured in the terminal device at the time of factory shipment, for example, the preconfigured policy may be selecting a security algorithm with the highest priority among the security algorithms.
Step 302, the terminal device sends the protected initial NAS message to the mobility management functional entity, and sends the key-related parameter to the storage functional entity, where the key-related parameter is used to obtain the symmetric key.
In a possible implementation manner, the terminal equipment directly sends the key related parameters to the storage function entity; in another possible implementation manner, the terminal device passes through the key related parameter to the storage function entity through the mobility management function entity, for example, the terminal device may send the key related parameter to the mobility management function entity together with the protected initial NAS message.
For example, if the symmetric key is generated according to the public key of the storage function entity and the private key of the terminal device, the key-related parameter includes the public key of the terminal device; if the symmetric key is generated according to a random key generation algorithm, or the symmetric key is generated according to a random number, a permanent key and a KDF, the key-related parameters include a ciphertext of the symmetric key, wherein the ciphertext of the symmetric key is obtained according to a public key of the storage function entity, and specifically, the terminal device encrypts the symmetric key according to the public key of the storage function entity to obtain the ciphertext of the symmetric key.
Optionally, in order to facilitate the mobile management functional entity to obtain the initial NAS message after receiving the protected initial NAS message, the key-related parameter further includes a first security algorithm or a ciphertext of the first security algorithm, where the ciphertext of the first security algorithm is obtained according to the public key of the storage functional entity, and specifically, the terminal device encrypts the first security algorithm according to the public key of the storage functional entity to obtain the ciphertext of the first security algorithm.
In the case that the key-related parameter does not include the first security algorithm or the ciphertext of the first security algorithm, the mobility management function entity may obtain the initial NAS message according to the symmetric key and the security algorithm preconfigured by itself, and typically, the security algorithm preconfigured in the mobility management function entity includes the security algorithm preconfigured in the terminal device.
Step 303, after receiving the key-related parameter, the storage function entity obtains a symmetric key according to the key-related parameter.
In an example, the key related parameter includes a public key of the terminal device, and the storage function entity may generate the symmetric key according to the public key of the terminal device and a private key of the storage function entity. Specifically, the way in which the storage function entity generates the symmetric key according to the public key of the terminal device and the private key of the storage function entity is similar to the way in which the terminal device generates the symmetric key according to the public key of the storage function entity and the private key of the terminal device, and is not described herein again.
In another example, the storage function entity generates an intermediate key according to the public key of the terminal device and the private key of the storage function entity, and then generates a symmetric key according to the intermediate key and the fixed character string, which is similar to the way that the terminal device generates an intermediate key according to the public key of the storage function entity and the private key of the terminal device, and then generates a symmetric key according to the intermediate key and the fixed character string, and is not described herein again.
In another example, the key related parameter includes a ciphertext of the symmetric key, and the storage function entity decrypts the ciphertext of the symmetric key according to a private key of the storage function entity to obtain the symmetric key.
In addition, in the case where the cipher text of the first security algorithm is included in the key-related parameter, the method further includes: and the storage functional entity decrypts the ciphertext of the first security algorithm according to the private key of the storage functional entity to obtain the first security algorithm.
Step 304, the storage function entity sends the symmetric key to the mobility management function entity.
It should be noted that, in the case that the storage functional entity generates the intermediate key according to the public key of the terminal device and the private key of the storage functional entity, the symmetric key sent by the storage functional entity to the mobility management functional entity may also be the intermediate key, and then the mobility management functional entity may generate the symmetric key for acquiring the initial NAS message according to the intermediate key and the fixed character string.
For example, in the case that the symmetric key includes an encryption key and an integrity protection key, the mobility management function entity may generate the encryption key based on the KDF according to the intermediate key and a first fixed string configured in advance; and generating an integrity protection key based on the KDF according to the intermediate key and a second preset fixed character string. In addition, the mobile management functional entity may also generate the symmetric key according to the intermediate key and the fixed character string in other manners, which may specifically refer to a manner of generating the symmetric key by the storage functional entity, and is not described herein again.
In the case that the key-related parameter includes the first security algorithm or the ciphertext of the first security algorithm, the method further includes: the storage function entity sends the first security algorithm to the mobility management function entity.
Step 305, after receiving the protected initial NAS message from the terminal device and the symmetric key from the storage function entity, the mobility management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm.
The first security algorithm may be pre-configured on the mobility management function entity.
Optionally, in the case that the storage functional entity sends the first security algorithm to the mobility management functional entity, the mobility management functional entity further receives the first security algorithm from the storage functional entity.
Specifically, the mobility management function entity may obtain the initial NAS message based on the following manner:
mode 1: the mobile management functional entity decrypts the protected initial NAS message according to the symmetric key and the first security algorithm to obtain the initial NAS message, and can be applied to the situation that the protected initial NAS message is the ciphertext of the initial NAS message, wherein the symmetric key is the encryption key, the first security algorithm is the encryption algorithm, and the ciphertext of the initial NAS message is obtained according to the encryption key and the first security algorithm.
Mode 2: the mobile management functional entity verifies the integrity of the initial NAS message according to the symmetric key and the first security algorithm, and can be applied to the condition that the symmetric key is an integrity protection key and the first security algorithm is an integrity protection algorithm. Specifically, the mobility management function entity may verify the integrity of the initial NAS message based on: because the protected initial NAS message is the initial NAS message and the MAC of the initial NAS message, the mobility management function entity may generate a new MAC according to the symmetric key, the first security algorithm, and the received initial NAS message, and if the new MAC is the same as the MAC in the protected initial NAS message, the mobility management function entity successfully verifies the integrity of the initial NAS message; if the new MAC is different from the MAC in the protected initial NAS message, the mobile management function entity fails to verify the integrity of the initial NAS message.
Mode 3: the mobile management functional entity checks the integrity of the ciphertext of the initial NAS message according to the integrity protection key and the integrity protection key algorithm, where the integrity of the ciphertext of the initial NAS message checked by the mobile management functional entity is similar to the integrity of the initial NAS message checked by the mobile management functional entity in the mode 2, and a description thereof will not be repeated. Optionally, under the condition that the mobile management functional entity successfully verifies the integrity of the ciphertext of the initial NAS message, the mobile management functional entity decrypts the ciphertext of the initial NAS message according to the encryption key and the encryption algorithm to obtain the initial NAS message; or, optionally, the mobile management functional entity directly decrypts the ciphertext of the initial NAS message regardless of the check result of the integrity protection, where the above manner may be applied to a case that the protected initial NAS message is the ciphertext of the initial NAS message and the MAC of the ciphertext of the initial NAS message, where the symmetric key includes an encryption key and an integrity protection key, the first security algorithm includes an encryption algorithm and an integrity protection algorithm, the ciphertext of the initial NAS message is obtained according to the encryption key and the encryption algorithm, and the MAC of the ciphertext of the initial NAS message is obtained according to the integrity protection key and the integrity protection key algorithm.
Mode 4: the mobility management function entity decrypts the protected initial NAS message according to the ciphering key and the ciphering algorithm to obtain an initial NAS message, and then verifies the integrity of the obtained initial NAS message according to the integrity protection key and the integrity protection algorithm, where the integrity of the initial NAS message verified by the mobility management function entity is similar to the integrity of the initial NAS message verified by the mobility management function entity in the method 2, and a description thereof is not repeated. The above method may be applied to the case that the protected initial NAS message is a ciphertext of the protected initial NAS message and an MAC of the initial NAS message, or a ciphertext of the initial NAS message after integrity protection, and the encrypted content of the initial NAS message after integrity protection includes the initial NAS message and the MAC of the initial NAS message, where the symmetric key includes an encryption key and an integrity protection key, the first security algorithm includes an encryption algorithm and an integrity protection algorithm, the ciphertext of the initial NAS message or the ciphertext of the initial NAS message after integrity protection is obtained according to the encryption key and the encryption algorithm, and the MAC of the initial NAS message is obtained according to the integrity protection key and the integrity protection key algorithm.
In this embodiment, the terminal device performs security protection on all or part of the content in the initial NAS message according to the symmetric key and the first security algorithm, and is not limited by the fact that the NAS message can be safely protected after the NAS SMC message sent by the network device is received, so that the reliability of transmission of the initial NAS message is improved, and the access efficiency of the terminal device is also improved.
It should be noted that, as an alternative to the embodiment shown in fig. 3, step 302 may be replaced by: and the terminal equipment sends the protected initial NAS message and the key related parameters to the storage function entity. During specific implementation, optionally, the terminal device sends the protected initial NAS message and the key related parameter to the mobility management functional entity, and after receiving the protected initial NAS message and the key related parameter from the terminal device, the mobility management functional entity transparently transmits the protected initial NAS message and the key related parameter to the storage functional entity. Or, optionally, the terminal device directly sends the protected initial NAS message and the key-related parameter to the storage function entity. Step 303 is then performed and after step 303 is performed, steps 304 and 305 are replaced with: the storage function entity obtains the initial NAS message according to the symmetric key and the first security algorithm, and then sends the initial NAS message to the mobility management function entity, where a manner in which the storage function entity obtains the initial NAS message according to the symmetric key and the first security algorithm is similar to a manner in which the mobility management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm in step 305, and details are not repeated here.
In addition, since the actual content that needs to be transmitted in the initial NAS message that is protected and obtained by the mobility management functional entity is obtained on the premise that the symmetric key and the first security algorithm are obtained, when the mobility management entity needs to send the downlink NAS message to the terminal device after obtaining the initial NAS message, in order to improve the reliability of downlink NAS message transmission, the downlink NAS message may also be subjected to security protection according to the symmetric key and the first security algorithm and then sent to the terminal device.
Specifically, a, an optional implementation manner is as follows:
the mobile management functional entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, then sends the protected downlink NAS message to the terminal equipment, and the terminal equipment obtains the downlink NAS message according to the symmetric key and the first security algorithm after receiving the protected downlink NAS message from the mobile management functional entity. It should be noted that, the manner in which the mobility management entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm may refer to the manner in which the terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm. And the terminal equipment refers to the mode of the mobile management functional entity for obtaining the initial NAS message according to the symmetric key and the first security algorithm.
For example, when the initial NAS message is a registration request message, the downstream NAS message may be a registration accept (registration accept) message, a registration reject (registration reject) message, or a NAS SMC message.
For example, the downlink NAS message is an NAS SMC message or a registration accept message, and in order to improve the reliability of downlink NAS message transmission, optionally, the mobility management functional entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, where the protected downlink NAS message is a ciphertext of the downlink NAS message, then sends the protected downlink NAS message to the terminal device, and after receiving the protected downlink NAS message, the terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message. The above approach may be applied in the case where the symmetric key comprises an encryption key and the first full algorithm comprises an encryption algorithm. In addition, optionally, when the symmetric key includes an encryption key and an integrity protection key, and the first security algorithm includes an encryption algorithm and an integrity protection algorithm, the protected downlink NAS message may include a cipher text of the downlink NAS message and an MAC of the cipher text of the downlink NAS message, or the protected downlink NAS message includes the cipher text of the downlink NAS message and an MAC of the downlink NAS message, or the cipher text of the downlink NAS message after integrity protection, where contents encrypted by the cipher text of the downlink NAS message after integrity protection include the downlink NAS message and the MAC of the downlink NAS message. Optionally, when the symmetric key includes an integrity protection key and the first security algorithm is an integrity protection algorithm, the protected downlink NAS message is a downlink NAS message and an MAC of the downlink NAS message.
For another example, the downlink NAS message is a registration rejection message, and the mobility management functional entity performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain a protected downlink NAS message; and sending the protected downlink NAS message to the terminal equipment. And after receiving the downlink NAS message, the terminal equipment checks the integrity of the downlink NAS message according to the symmetric key and the first security algorithm. The above-described approach may be applied to the case where the symmetric key comprises an integrity protection key and the first security algorithm comprises an integrity protection algorithm.
Specifically, the reason why the mobile management function entity rejects the registration request of the terminal device may be that the mobile management function entity may reject the registration request of the terminal device, such as that SUPI cannot be found, the terminal device is illegal, and the like, which is described in table 9.9.3.9.1 of 3GPP TS 24.301. However, in the prior art, the registration rejection message cannot be protected under a normal condition, so that the registration rejection message sent to the terminal device by the mobile management functional entity may be tampered, forged, sniffed, and the like, and the terminal device enters a DoS state. In the embodiment of the present application, when the downlink NAS message is the registration rejection message, the mobility management functional entity may perform integrity protection and/or encryption on the registration rejection message according to the symmetric key and the first security algorithm by using the implementation manner a, so as to help reduce the possibility that the registration rejection message is tampered, forged, sniffed, and the like.
b. Another optional implementation manner is as follows:
and the mobile management functional entity obtains the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, wherein the downlink NAS message comprises a second security algorithm, then the mobile management functional entity performs integrity protection on the ciphertext of the downlink NAS message according to the second security algorithm to obtain a protected downlink NAS message, and then sends the protected downlink NAS message to the terminal equipment. After receiving the protected downlink NAS message from the mobile management function entity, the terminal device decrypts the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, then the terminal device obtains the second security algorithm from the downlink NAS message, and then the integrity of the ciphertext of the downlink NAS message is verified according to the second security algorithm. For example, in this implementation, the downlink NAS message may be a registration accept message.
Specifically, under the condition that the symmetric key comprises an encryption key and the first security algorithm comprises an encryption algorithm, the mobile management functional entity encrypts the downlink NAS message according to the encryption key and the encryption algorithm on the network side to obtain a ciphertext of the downlink NAS message; and at the terminal side, the terminal equipment decrypts the ciphertext of the downlink NAS message according to the encryption key and the encryption algorithm to obtain the downlink NAS message.
c. Yet another possible implementation is:
and the mobile management functional entity performs integrity protection on the downlink NAS message according to the second security algorithm, obtains a protected downlink NAS message according to the symmetric key and the first security algorithm, wherein the protected downlink NAS message is a ciphertext of the downlink NAS message after the integrity protection, and then sends the protected downlink NAS message to the terminal equipment. After receiving the protected downlink NAS message from the mobile management function entity, the terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, then obtains a second security algorithm from the downlink NAS message, and verifies the integrity of the downlink NAS message according to the second security algorithm. Specifically, the content encrypted by the ciphertext of the downlink NAS message after integrity protection includes the downlink NAS message and the MAC of the downlink NAS message.
It should be noted that, in the embodiment of the present application, the mobility management functional entity may further perform integrity protection on the downlink NAS message according to the second security algorithm to obtain the MAC of the downlink NAS message, and encrypt the downlink NAS message according to the symmetric key and the first security algorithm to obtain the ciphertext of the downlink NAS message, where the protected downlink NAS message in this implementation manner is the ciphertext of the downlink NAS message and the MAC of the downlink NAS message. And then sending the protected downlink NAS message to the terminal equipment. After receiving the protected downlink NAS message from the mobile management function entity, the terminal equipment decrypts the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, then acquires the second security algorithm from the downlink NAS message, and verifies the integrity of the downlink NAS message according to the second security algorithm.
For example, in the foregoing implementation, the downlink NAS message may be a registration accept message, or a NAS SMC message, or the like.
In the implementation manners b and c, the second security algorithm includes an integrity protection algorithm, optionally, the second security algorithm may further include an encryption algorithm, and specifically, the second security algorithm is selected by the mobility management function entity according to the security capability of the terminal device and the preconfigured algorithm list. It should be noted that the first security algorithm and the second security algorithm may be the same or different, for example, the encryption algorithm included in the first security algorithm is the same as the encryption algorithm included in the second security algorithm, and the integrity protection algorithm included in the first security algorithm is different from the integrity protection algorithm included in the second security algorithm; or the encryption algorithm included by the first security algorithm is different from the encryption algorithm included by the second security algorithm, and the integrity protection algorithm included by the first security algorithm is the same as the integrity protection algorithm included by the second security algorithm; or the encryption algorithm included by the first security algorithm is the same as the encryption algorithm included by the second security algorithm, and the integrity protection algorithm included by the first security algorithm is the same as the integrity protection algorithm included by the second security algorithm; or the encryption algorithm included in the first security algorithm is different from the encryption algorithm included in the second security algorithm, and the integrity protection algorithm included in the first security algorithm is different from the integrity protection algorithm included in the second security algorithm. Optionally, under the condition that the first security algorithm and the second security algorithm are the same, the second security algorithm may not be carried in the downlink NAS message, or under the condition that the encryption algorithm included in the first security algorithm is the same as the encryption algorithm included in the second security algorithm and the integrity protection algorithm included in the first security algorithm is different from the integrity protection algorithm included in the second security algorithm, the second security algorithm included in the downlink NAS message includes the integrity protection algorithm and does not include the encryption algorithm. And after the terminal equipment obtains the downlink NAS message, the terminal equipment is communicated with the mobile management functional entity based on a security algorithm carried in the downlink NAS message.
When the downlink NAS message is an NAS SMC message, the method is favorable for improving the transmission reliability of the initial NAS message and simultaneously being better compatible with the negotiation process of the existing security algorithm. Optionally, when the security algorithm determined by the mobility management functional entity is inconsistent with the security algorithm determined by the terminal device, the mobility management functional entity may send the security algorithm determined by itself to the terminal device through the NAS SMC message, and when the security algorithm determined by the mobility management functional entity is consistent with the security algorithm determined by the terminal device, the mobility management functional entity may not send the NAS SMC message to the terminal device, which is beneficial to reducing signaling interaction to a certain extent and improving communication efficiency; when the downlink NAS message is a registration acceptance message, the mobile management functional entity can directly negotiate a security algorithm used with the terminal equipment through the registration acceptance message, transmission of the NASBC message is omitted, signaling interaction is reduced, and communication efficiency is improved.
The following describes a method for protecting a message according to an embodiment of the present application in detail based on different implementations of symmetric keys.
Referring to fig. 4, a method for protecting a message provided in an embodiment of the present application is described by taking an example that a symmetric key includes an encryption key and an integrity protection key, and specifically includes the following steps:
step 401, the terminal device generates a first symmetric key according to the public key of the storage function entity and the private key of the terminal device, where the first symmetric key includes a first encryption key and a first integrity protection key.
Specifically, the manner in which the terminal device generates the first symmetric key may refer to the manner in which the terminal device generates the symmetric key according to the public key of the storage function entity and the private key of the terminal device in the embodiment shown in fig. 3, which is not described herein again.
Step 402, the terminal device encrypts the initial NAS message according to the first encryption key and the first encryption algorithm to obtain a ciphertext of the initial NAS message.
Wherein, the first encryption algorithm can be configured in the terminal device and the mobile management function entity in advance.
Step 403, the terminal device performs integrity protection on the ciphertext of the initial NAS message according to the first integrity protection key and the first integrity protection algorithm, so as to obtain the MAC of the ciphertext of the initial NAS message.
Wherein, the first integrity protection algorithm can be configured in the terminal device and the mobility management function entity in advance.
In step 404, the terminal device sends the protected initial NAS message and the public key of the terminal device to the mobility management function entity.
Wherein the protected initial NAS message may include the cipher text of the initial NAS message and the MAC of the cipher text of the initial NAS message.
Step 405, after receiving the protected initial NAS message and the public key of the terminal device, the mobility management functional entity sends the public key of the terminal device to the storage functional entity.
Step 406, after the storage function entity receives the public key of the terminal device sent by the mobility management function entity, a second symmetric key is generated according to the public key of the terminal device and the private key of the storage function entity.
The second symmetric key may include a second encryption key and a second integrity protection key, and specifically, the second encryption key and the first encryption key may be the same, and the second integrity protection key and the first integrity protection key may be the same.
The manner in which the storage function entity generates the second symmetric key may refer to the manner in which the storage function entity generates the symmetric key according to the public key of the terminal device and the private key of the storage function entity in the embodiment shown in fig. 3, and a description thereof is not repeated here.
Step 407, the storage function entity sends the second symmetric key to the mobility management function entity.
Step 408, after receiving the second symmetric key sent by the storage function entity, the mobile management function entity verifies the integrity of the ciphertext of the initial NAS message according to the second integrity protection key and the first integrity protection algorithm.
The way of checking the integrity of the ciphertext of the initial NAS message by the mobility management function entity is similar to the way of checking the integrity of the initial NAS message in the message protection method in fig. 3, and a description thereof is not repeated here.
Step 409, when the integrity check of the ciphertext of the initial NAS message is successful, the mobile management function entity decrypts the ciphertext of the initial NAS message according to the second encryption key and the first encryption algorithm to obtain the initial NAS message.
After obtaining the initial NAS message, the mobility management functional entity may send a downlink NAS message to the terminal device, and may further perform steps 410 to 412 in order to improve reliability of transmitting the downlink NAS message.
Step 410, the mobility management functional entity obtains the protected downlink NAS message according to the second symmetric key and the first security algorithm.
It should be noted that, a specific implementation manner of the mobility management function entity obtaining the protected downlink NAS in step 410 is similar to the specific implementation manner of the mobility management function entity obtaining the protected downlink NAS message in the embodiment shown in fig. 3, and a description thereof is not repeated here.
Step 411, the mobility management functional entity sends the protected downlink NAS message to the terminal device.
Step 412, after receiving the protected downlink NAS message, the terminal device obtains the downlink NAS message according to the second symmetric key and the first security algorithm.
It should be noted that a specific implementation manner of the terminal device obtaining the downlink NAS in step 412 is similar to the specific implementation manner of the terminal device obtaining the downlink NAS message in the embodiment shown in fig. 3, and a description thereof is not repeated here.
When the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, an NASSMC message, or a registration reject message, and specifically, which message the downlink NAS message is may be determined by the mobility management functional entity according to an actual situation or a preconfigured policy.
For example, in the embodiment shown in fig. 4, the second symmetric key includes a second ciphering key and a second integrity protection key, the first security algorithm includes a first ciphering algorithm and a first integrity protection algorithm, and the mobility management function entity may perform security protection on the downlink NAS message according to the following manners:
the first safety protection mode is as follows: the mobility management functional entity uses a part of keys in the second symmetric key and a corresponding part of algorithms in the first security algorithm to perform security protection on the downlink NAS message, for example, only uses the first encryption algorithm and the second encryption key to perform security protection on the downlink NAS message; or only using the first integrity protection algorithm and the second integrity protection key to perform security protection on the downlink NAS message and the like.
And a second safety protection mode: the mobile management function entity uses the first security algorithm and the second symmetric key to perform integrity protection and encryption on the downlink NAS message.
And a third safety protection mode: the mobile management functional entity encrypts the downlink NAS message according to a first encryption algorithm and a second encryption key, and performs integrity protection on the downlink NAS message or a ciphertext of the downlink NAS message according to a second security algorithm, wherein the second security algorithm is selected by the mobile management functional entity based on the security capability of the terminal equipment and a preconfigured algorithm list; the second security algorithm includes a second integrity protection algorithm, and the optional second security algorithm may further include a second ciphering algorithm, where in the third security protection mode, the downlink NAS message includes the second security algorithm.
It should be noted that, which security protection method is specifically selected by the mobility management function entity may be determined by a pre-configured algorithm.
In this embodiment, when the terminal device initially accesses the network, the initial NAS message is encrypted and integrity protected according to the first symmetric key and the first security algorithm, which not only improves the security of transmission of the initial NAS message, but also improves the efficiency of the terminal device accessing the network. In addition, after the mobility management functional entity obtains the initial NAS message, the downlink NAS message sent to the terminal equipment is also subjected to security protection, and the security of downlink NAS message transmission is improved.
It should also be noted that, as an alternative to the embodiment shown in fig. 4, step 402 and step 403 may be replaced by: and if the protected initial NAS message comprises the ciphertext of the initial NAS message and the MAC of the initial NAS message, the terminal equipment performs integrity protection on the initial NAS message according to the first integrity protection key and the first integrity protection algorithm, and encrypts the initial NAS message according to the first encryption key and the first encryption algorithm. There is no inevitable sequential execution order between the two steps, for example, the encryption step of the initial NAS message may be executed first, and then the integrity protection step of the initial NAS message may be executed, or the integrity protection step of the initial NAS message may be executed first, and then the encryption step of the initial NAS message may be executed.
Further, steps 408 and 409 may be replaced with: after receiving the protected initial NAS message, the mobile management functional entity may decrypt the ciphertext of the initial NAS message to obtain the initial NAS message, and then check the integrity of the initial NAS message. Other steps can refer to the steps in the embodiment shown in fig. 4, and are not described again.
Of course, the embodiment shown in fig. 4 is only described as an example, for example, only one way of generating the symmetric key is given in the embodiment shown in fig. 4, and in addition, the symmetric key may also be configured in the terminal device in advance in the embodiment of the present application, or the symmetric key may also be generated according to a random key generation algorithm, a random number, or the like.
Referring to fig. 5, a method for protecting a message provided in an embodiment of the present application is described by taking a symmetric key as an encryption key as an example, which is described in detail as follows.
In step 501, the terminal device generates an encryption key.
Specifically, the manner in which the terminal device generates the encryption key may refer to the manner in which the terminal device generates the symmetric key in the embodiment shown in fig. 3, and is not described herein again.
Step 502, the terminal device encrypts the encryption key according to the public key of the storage function entity to obtain a ciphertext of the encryption key.
Step 503, the terminal device encrypts the initial NAS message according to the encryption key and the first encryption algorithm to obtain a ciphertext of the initial NAS message.
Wherein, the first encryption algorithm can be configured in the terminal device and the mobile management function entity in advance.
In step 504, the terminal device sends the ciphertext of the initial NAS message and the ciphertext of the encryption key to the mobility management function entity.
In step 505, after receiving the ciphertext of the initial NAS message and the ciphertext of the encryption key, the mobile management functional entity sends the ciphertext of the encryption key to the storage functional entity.
Step 506, after the storage functional entity receives the ciphertext of the encryption key sent by the mobile management functional entity, the ciphertext of the encryption key is decrypted according to the private key of the storage functional entity, and the encryption key is obtained.
In step 507, the storage function entity sends the encryption key to the mobility management function entity.
Step 508, after receiving the encryption key sent by the storage function entity, the mobility management function entity decrypts the ciphertext of the initial NAS message according to the encryption key and the first encryption algorithm, so as to obtain the initial NAS message.
Specifically, after obtaining the initial NAS message, the mobility management functional entity may send a downlink NAS message to the terminal device, and to improve reliability of transmitting the downlink NAS message, steps 509 to 511 may be performed.
In step 509, the mobility management functional entity encrypts the downlink NAS message according to the encryption key to obtain a ciphertext of the downlink NAS message.
Step 510, the mobile management functional entity sends the ciphertext of the downlink NAS message to the terminal device.
And step 511, after receiving the ciphertext of the downlink NAS message, the terminal device decrypts the ciphertext of the downlink NAS message according to the encryption key and the first encryption algorithm to obtain the downlink NAS message.
When the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, a NASSMC message, or a registration reject message, and which message the specific downlink NAS message is may be determined by the mobility management functional entity according to an actual situation or a preconfigured policy.
In addition, in the method for message protection in the embodiment shown in fig. 5, the mobility management functional entity may select a new ciphering algorithm and/or an integrity protection algorithm based on the security capability of the terminal device and the preconfigured algorithm list, and send the new ciphering algorithm and/or the integrity protection algorithm to the terminal device through the downlink NAS message, and after selecting the new integrity protection algorithm, the mobility management functional entity may perform integrity protection on the downlink NAS message based on the selected new integrity protection algorithm, and then perform step 509.
In this embodiment, when initially accessing the network, the terminal device may encrypt the initial NAS message according to the encryption key and the first encryption algorithm, which not only improves security of transmission of the initial NAS message, but also improves efficiency of accessing the network by the terminal device.
Of course, the embodiment shown in fig. 5 is only described as an example, for example, only one way of generating the encryption key is given in the embodiment shown in fig. 5, and in addition, the encryption key may also be configured in the terminal device in advance in the embodiment of the present application, or may also be generated according to a private key of the terminal device and a public key of the storage function entity, or a random number, or the like. For another example, in the embodiment shown in fig. 5, only one configuration mode of the security algorithm is given, and in addition, the security algorithm may be configured in advance in the storage functional entity, and then the storage functional entity sends the security algorithm to the mobility management functional entity, and the like.
Referring to fig. 6, an embodiment of the present application provides a method for message protection, which takes a symmetric key as an integrity protection key as an example for description, and the details are as follows.
Step 601, the terminal device generates an integrity protection key.
Specifically, the integrity protection key generated by the terminal device may be generated by referring to the symmetric key generated by the terminal device in the embodiment shown in fig. 3, which is not described herein again.
Step 602, the terminal device encrypts the integrity protection key and the first integrity protection algorithm according to the public key of the storage function entity to obtain a first ciphertext.
The content encrypted by the first ciphertext may include an integrity protection key and a first integrity protection algorithm.
The first integrity protection algorithm may be determined by the terminal device according to a preconfigured policy, where a configuration manner of the preconfigured policy is similar to that described in the embodiment shown in fig. 3, and is not repeated here.
Step 603, the terminal device performs integrity protection on the initial NAS message according to the integrity protection key and the first integrity protection algorithm to obtain the MAC of the initial NAS message.
In step 604, the terminal device sends the MAC of the initial NAS message, and the first ciphertext to the mobility management function entity.
Optionally, the first integrity protection algorithm is preconfigured in the terminal device and the mobility management function entity, and in this case, the terminal device does not need to encrypt the first integrity protection algorithm and send the encrypted first integrity protection algorithm to the storage function entity.
Step 605, after receiving the MAC of the initial NAS message, and the first ciphertext, the mobile management functional entity sends the first ciphertext to the storage functional entity.
Step 606, after the storage function entity receives the first ciphertext sent by the mobile management function entity, the first ciphertext is decrypted according to the private key of the storage function entity, and an integrity protection key and a first integrity protection algorithm are obtained.
Step 607, the storage function entity sends the integrity protection key and the first integrity protection algorithm to the mobility management function entity.
Step 608, after receiving the integrity protection key and the first integrity protection algorithm sent by the storage function entity, the mobility management function entity verifies the integrity of the initial NAS message according to the integrity protection key and the first integrity protection algorithm.
The way for the mobility management function entity to check the integrity of the initial NAS message is similar to the way for checking the integrity of the initial NAS message in the embodiment shown in fig. 3, and a description thereof is not repeated here.
The mobility management functional entity may send the downlink NAS message to the terminal device when the integrity of the received initial NAS message is successfully checked, and may further perform steps 609 to 611 in order to improve reliability of transmitting the downlink NAS message.
Step 609, the mobility management functional entity performs integrity protection on the downlink NAS message according to the integrity protection key and the first integrity protection algorithm to obtain the MAC of the downlink NAS message.
Step 610, the mobility management functional entity sends the MAC of the downlink NAS message and the downlink NAS message to the terminal device.
Step 611, after receiving the downlink NAS message and the MAC of the downlink NAS message, the terminal device checks the integrity of the downlink NAS message according to the integrity protection key and the first integrity protection algorithm.
When the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, an NASSMC message, or a registration reject message, and specifically, which message the downlink NAS message is may be determined by the mobility management functional entity according to an actual situation or a preconfigured policy.
In addition, in the method for message protection shown in fig. 6, if the mobility management functional entity selects a new integrity protection algorithm based on the security capability of the terminal device and the preconfigured algorithm list, the new integrity protection algorithm may be sent to the terminal device through the downlink NAS message, and in addition, after the mobility management functional entity selects the new integrity protection algorithm, the mobility management functional entity may perform integrity protection on the downlink NAS message based on the selected new integrity protection algorithm, specifically, after receiving the downlink NAS message and the MAC of the downlink NAS message, the terminal device acquires the new integrity protection algorithm from the downlink NAS message first, and then performs integrity verification on the downlink NAS message.
In this embodiment, when the terminal device initially accesses the network, integrity protection is performed on the initial NAS message according to the integrity key and the first integrity algorithm, so as to improve integrity protection on the initial NAS message.
Of course, fig. 6 is only illustrated as an example, for example, fig. 6 only shows one way of generating the integrity protection key, and in addition, in the embodiment of the present application, the integrity protection key may be generated according to a private key of the terminal device and a public key of the storage function entity, or a random key generation algorithm, etc. to generate the integrity protection key. For another example, fig. 6 only shows a configuration manner of a security algorithm, and in addition, the security algorithm may be configured in advance in the storage functional entity, and then the storage functional entity sends the security algorithm to the mobility management functional entity.
The above-mentioned scheme provided by the present application is mainly introduced from the perspective of interaction between network elements. It is to be understood that the above-described implementation of each network element includes, in order to implement the above-described functions, a corresponding hardware structure and/or software module for performing each function. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
Based on the same concept, as shown in fig. 7, a schematic diagram of a message protection apparatus provided in the present application, which may be a terminal device or a chip or system on a chip in the terminal device, may perform the method performed by the terminal device in any of the embodiments shown in fig. 3, fig. 4, fig. 5, and fig. 6.
The apparatus 700 includes at least one processor 710, a memory 730.
The memory 730 is used for storing programs, and may be a ROM or other types of static storage devices capable of storing static information and instructions, such as a RAM or other types of dynamic storage devices capable of storing information and instructions, an EEPROM (Electrically erasable programmable read-only memory), a CD-ROM (compact disc read-only memory) or other optical disk storage, optical disk storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), a magnetic disk storage medium or other magnetic storage devices, or any other medium that can be used to carry or store desired programs in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these. The memory 730 may be separate and coupled to the processor 710. Memory 730 may also be integrated with processor 710.
The processor 710 is configured to execute the program in the memory 730 to implement the steps executed by the terminal device in the scheme for message protection according to the embodiment of the present application, and reference may be made to the above for related features, which are not described herein again. For example, the processor 710 may be a general purpose CPU, microprocessor, special purpose ASIC, or one or more integrated circuits configured to control the execution of programs in accordance with the teachings of the present application.
In particular implementations, processor 710 may include one or more CPUs such as CPU0 and CPU1 of fig. 7 as an example.
In particular implementations, apparatus 700 may include multiple processors, such as processor 710 and processor 711 in FIG. 7, for example, as an example. Each of these processors may be a single-Core (CPU) processor or a multi-Core (CPU) processor, where a processor may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
Optionally, when the apparatus 700 is a terminal device, a transceiver 720 as shown in fig. 7 may be further included for communicating with other devices or a communication network, and the transceiver 720 includes a radio frequency circuit. Wherein the processor 710, the transceiver 720, the memory 730 may be connected by a communication bus in the terminal device. The communication bus may include a path for transferring information between the units. When the apparatus 700 is a chip in a terminal device or a system-on-board, the processor 710 may send or receive data through an input/output interface, pins or circuits, etc.
As shown in fig. 8, another message protection apparatus according to an embodiment of the present application is a schematic diagram, where the apparatus may be a terminal device or a chip or a system on a chip in the terminal device, and may execute the method executed by the terminal device in any of the embodiments shown in fig. 3, fig. 4, fig. 5, and fig. 6.
The apparatus comprises a processing unit 801 and a communication unit 802.
Wherein, the processing unit 801 is configured to obtain a protected initial NAS message according to the symmetric key and the first security algorithm, and the communication unit 802 is configured to send the protected initial NAS message to the first network device; and sending the key-related parameter to the second network device, wherein the key-related parameter is used to obtain the symmetric key.
Optionally, the key-related parameter includes a public key of the terminal device, and the processing unit 801 is specifically configured to generate a symmetric key according to the public key of the second network device and a private key of the terminal device.
Optionally, the processing unit 801 is specifically configured to generate an intermediate key according to the public key of the second network device and the private key of the terminal device; a symmetric key is then generated based on the intermediate key and the fixed string.
Optionally, the key-related parameter includes a ciphertext of the symmetric key, where the ciphertext of the symmetric key is obtained according to a public key of the second network device, and the processing unit 801 is specifically configured to generate a stacked key according to a random key generation algorithm; alternatively, optionally, the processing unit 801 is specifically configured to generate the symmetric key according to a random number, a permanent key, and a Key Derivation Function (KDF).
Optionally, the key-related parameter includes a ciphertext of the first security algorithm, where the ciphertext of the first security algorithm is obtained according to a public key of the second network device.
Optionally, the first security algorithm is determined by the terminal device according to a preconfigured policy.
Optionally, the initial NAS message is a registration request message.
Optionally, the processing unit 801 is further configured to, after the communication unit 802 receives the protected downlink NAS message from the first network device, decrypt the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, where the downlink NAS message may be a registration accept message or a NAS SMC message.
Optionally, the communication unit 802 is further configured to receive a protected downlink NAS message from the first network device, where the downlink NAS message includes a second security algorithm, the processing unit 801 is further configured to decrypt the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, then obtain the second security algorithm from the downlink NAS message, and finally check the integrity of the protected downlink NAS message according to the second security algorithm if the first network device performs integrity protection on the ciphertext of the downlink NAS message, and check the integrity of the downlink NAS message according to the second security algorithm if the first network device performs integrity protection on the downlink NAS message. Wherein the downlink NAS message is a registration acceptance message.
Optionally, the communication unit 802 is further configured to receive a protected downlink NAS message from the first network device, and the processing unit 801 is further configured to check integrity of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message may be a downlink reject message.
Optionally, the first network device is an AMF, and the second network device is a UDM or an AUSF.
It should be understood that the apparatus may be used for implementing the steps executed by the terminal device in the method for message protection according to the embodiment of the present application, and related features may refer to the foregoing description, which is not described herein again.
Based on the same concept, as shown in fig. 9, a schematic diagram of an apparatus for message protection provided by the present application, which may be, for example, a second network device or a chip or a system on a chip in the second network device, may perform the method performed by the storage function entity in any of the embodiments shown in fig. 3, fig. 4, fig. 5, and fig. 6.
The apparatus 900 includes at least one processor 910, a memory 930.
The memory 930 is used for storing programs and may be, but is not limited to, ROM or other types of static storage devices that can store static information and instructions, such as RAM or other types of dynamic storage devices that can store information and instructions, EEPROM, CD-ROM or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired programs in the form of instructions or data structures and that can be accessed by a computer. The memory 930 may be separate and coupled to the processor 910. The memory 930 may also be integrated with the processor 910.
The processor 910 is configured to execute the program in the memory 930 to implement the steps executed by the second network device in the message protection scheme of the embodiment of the present application, and reference may be made to the above for related features, which are not described herein again. For example, the processor 910 may be a general purpose CPU, microprocessor, special purpose ASIC, or one or more integrated circuits for controlling the execution of programs in accordance with the teachings of the present application.
In particular implementations, processor 910 may include one or more CPUs such as CPU0 and CPU1 in fig. 9 for one embodiment.
In particular implementations, apparatus 900 may include multiple processors, such as processor 910 and processor 911 in FIG. 9, for example, as an example. Each of these processors may be a single-Core (CPU) processor or a multi-Core (CPU) processor, where a processor may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
Optionally, when the apparatus 900 is a first network device, a transceiver 920 shown in fig. 9 may be further included for communicating with other devices or a communication network, and the transceiver 920 includes a radio frequency circuit. Wherein the processor 910, the transceiver 920, and the memory 930 may be connected by a communication bus in the second network device. The communication bus may include a path for transferring information between the units. When the apparatus 900 is a chip in a second network device or a system on a bias, the processor 910 may send or receive data through an input/output interface, pins or circuits, etc.
As shown in fig. 10, another message protection apparatus according to an embodiment of the present application is a schematic diagram, where the apparatus may be a second network device or a chip or a system on a chip in the second network device, and may perform the method performed by the storage function entity in any of the embodiments shown in fig. 3, fig. 4, fig. 5, and fig. 6.
The apparatus comprises a processing unit 1001 and a communication unit 1002.
The communication unit 1002 is configured to receive a key related parameter from a terminal device, and the processing unit 1001 is configured to obtain a symmetric key according to the key related parameter, and then the communication unit 1002 is further configured to send the symmetric key to the first network device, where the key related parameter is used to obtain the symmetric key, and the symmetric key is used to perform security protection on the initial NAS message.
Optionally, the key-related parameter includes a public key of the terminal device; the processing unit 1001 is specifically configured to generate a symmetric key according to the public key of the terminal device and the private key of the second network device.
Optionally, the processing unit 1001 is specifically configured to generate an intermediate key according to the public key of the terminal device and the private key of the second network device, and then generate a symmetric key according to the intermediate key and the fixed character string.
Optionally, the key-related parameter includes a ciphertext of the symmetric key; the processing unit 1001 is specifically configured to decrypt the ciphertext of the symmetric key according to the private key of the second network device, so as to obtain the symmetric key.
Optionally, the key-related parameter includes a ciphertext of the first security algorithm; the processing unit 1001 is further configured to decrypt the ciphertext of the first security algorithm according to the public key of the second network device to obtain the first security algorithm, and the communication unit 1002 is further configured to send the first security algorithm to the first network device.
Optionally, the first network device is an AMF entity; the apparatus 1000 is a UDM entity, or an AUSF entity.
It should be understood that the apparatus may be used to implement the steps executed by the second network device in the method for message protection according to the embodiment of the present application, and reference may be made to the above for related features, which are not described herein again.
Based on the same concept, as shown in fig. 11, a schematic diagram of an apparatus for message protection provided in the present application, where the apparatus may be a first network device, or a chip or a system on a chip of the first network device, may perform the method performed by the mobility management function entity in any of the embodiments shown in fig. 3, fig. 4, fig. 5, and fig. 6.
The first network device 1100 includes at least one processor 1110, a memory 1130.
The memory 1130 is used for storing programs, and may be, but is not limited to, ROM or other types of static storage devices that can store static information and instructions, such as RAM or other types of dynamic storage devices that can store information and instructions, EEPROM, CD-ROM or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired programs in the form of instructions or data structures and that can be accessed by a computer. The memory 1130, which may be separate, is coupled to the processor 1110. Memory 1130 may also be integrated with processor 1110.
The processor 1110 is configured to execute the program in the memory 1130 to implement the steps executed by the first network device in the message protection scheme according to the embodiment of the present application, and relevant features may refer to the foregoing, which are not described herein again. For example, the processor 1110 may be a general purpose CPU, microprocessor, special purpose ASIC, or one or more integrated circuits for controlling the execution of programs in accordance with the teachings of the present application.
In particular implementations, processor 1110 may include one or more CPUs such as CPU0 and CPU1 in fig. 11 for one embodiment.
In particular implementations, apparatus 1100 may include multiple processors, such as processor 1110 and processor 1111 of FIG. 11, for example. Each of these processors may be a single-Core (CPU) processor or a multi-Core (CPU) processor, where a processor may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
Optionally, when the apparatus 1100 is a first network device, the apparatus may further include a transceiver 1120 as shown in fig. 11, which is used for communicating with other devices or a communication network, and the transceiver 1120 includes a radio frequency circuit. Wherein the processor 1110, the transceiver 1120, and the memory 1130 may be connected by a communication bus in the first network device. The communication bus may include a path for transferring information between the units. When the apparatus 1100 is a chip or a system-on-board in a first network device, the processor 1110 may send or receive data through an input/output interface, pins or circuits, etc.
As shown in fig. 12, a schematic diagram of another message protection apparatus according to an embodiment of the present application, which may be a first network device or a chip or a system on a chip in the first network device, may perform the method performed by the mobility management function entity in any of the embodiments shown in fig. 3, fig. 4, fig. 5, and fig. 6.
The apparatus comprises a processing unit 1201 and a communication unit 1202.
Wherein, the communication unit 1202 is configured to receive a protected initial NAS message from a terminal device; and receiving a symmetric key from the second network device; the processing unit 1201 is configured to obtain an initial NAS message according to the symmetric key and the first security algorithm.
Optionally, the communication unit 1202 is further configured to receive the first security algorithm from the second network device.
Optionally, the initial NAS message is a registration request message.
Optionally, the processing unit 1201 is further configured to obtain a protected downlink NAS message according to the symmetric key and the first security algorithm; the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.
Optionally, the downlink NAS message is a registration accept message or a NAS SMC message.
Optionally, the processing unit 1201 is further configured to obtain a ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message is a registration acceptance message, and the registration acceptance message includes the second security algorithm; the communication unit 1202 is further configured to perform integrity protection on the ciphertext of the downlink NAS message according to a second security algorithm to obtain a protected downlink NAS message, and the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.
Optionally, the processing unit 1201 is further configured to perform integrity protection on the downlink NAS message according to a second security algorithm, where the downlink NAS message is a registration acceptance message, and the registration acceptance message includes the second security algorithm; then obtaining a protected downlink NAS message according to the symmetric key and a first security algorithm, wherein the protected downlink NAS message is a ciphertext of the downlink NAS message after integrity protection; the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.
Optionally, the processing unit 1201 is further configured to perform integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain a protected downlink NAS message, and then the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device, where the downlink NAS message may be a registration reject message.
Optionally, the apparatus is an AMF entity; the second network device is a UDM entity or an AUSF entity.
It should be understood that the apparatus may be used to implement the steps executed by the first network device in the method for message protection according to the embodiment of the present application, and reference may be made to the above for related features, which are not described herein again.
It should be understood that the message protection apparatus shown in fig. 8, 10 and 12 is schematically illustrated as a module division, and is only a logic function division, and there may be another division in actual implementation. For example, the communication unit is divided into a receiving unit and a transmitting unit, etc.
An embodiment of the present application further provides a communication system, which includes a device 700, a device 900, and a device 1100, and the connection manner of the devices can be as shown in fig. 13a or fig. 13 b.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
While the present application has been described in connection with various embodiments, other variations to the disclosed embodiments can be understood and effected by those skilled in the art in practicing the claimed application, from a review of the drawings, the disclosure, and the appended claims. In the claims, the word "comprising" does not exclude other elements or steps, and the word "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, apparatus (device), computer-readable storage medium, or computer program product. Accordingly, this application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "module" or "system.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices) and computer program products of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Although the present application has been described in conjunction with specific features and embodiments thereof, it will be evident that various modifications and combinations can be made thereto without departing from the spirit and scope of the application. Accordingly, the specification and figures are merely exemplary of the present application as defined in the appended claims and are intended to cover any and all modifications, variations, combinations, or equivalents within the scope of the present application. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.