[go: up one dir, main page]

WO2019096075A1 - Method and apparatus for message protection - Google Patents

Method and apparatus for message protection Download PDF

Info

Publication number
WO2019096075A1
WO2019096075A1 PCT/CN2018/114908 CN2018114908W WO2019096075A1 WO 2019096075 A1 WO2019096075 A1 WO 2019096075A1 CN 2018114908 W CN2018114908 W CN 2018114908W WO 2019096075 A1 WO2019096075 A1 WO 2019096075A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
nas message
terminal device
network device
message
Prior art date
Application number
PCT/CN2018/114908
Other languages
French (fr)
Chinese (zh)
Inventor
胡力
陈璟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2019096075A1 publication Critical patent/WO2019096075A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity

Definitions

  • the present application relates to the field of communications technologies, and in particular, to a method and an apparatus for message protection.
  • NAS non-access stratum
  • SMC NAS security mode command
  • the NAS message transmitted between the terminal device and the network device is a message that has not been secured, so these messages are tampered with or snangled by the attacker. Exploring the risks.
  • the initial NAS message sent by the terminal device to the network device only includes the user permanent identifier (SUPI) and the security capability of the terminal device, when the terminal After receiving the NAS SMC message, the device protects the other parameters in the initial NAS message and sends it to the network device.
  • SUPI user permanent identifier
  • This implementation delays the processing of the initial NAS message by the network device and affects the access of the terminal device. Efficiency, but more complicated.
  • the embodiment of the present invention provides a message protection method and device, which helps reduce the complexity of security protection for an initial NAS message and improve the access efficiency of the terminal device.
  • the message protection method of the embodiment of the present application includes:
  • the terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm, and sends the protected initial NAS message to the first network device; and sends the key related parameter to the second network device, where the key is related
  • the parameter is used to obtain a symmetric key.
  • the terminal device can perform security protection on the initial NAS message by using the symmetric key and the first security algorithm, which improves the security of the initial NAS message transmission, and helps reduce the comparison compared with the prior art solution.
  • the complexity of the initial NAS message for security protection helps to improve the access efficiency of the terminal device.
  • the key related parameters include the public key of the terminal device, and the terminal device can obtain the symmetric key according to the following manner:
  • the terminal device generates a symmetric key according to the public key of the second network device and the private key of the terminal device.
  • the terminal device generates a symmetric key according to the public key of the second network device and the private key of the terminal device.
  • a possible design is:
  • the terminal device generates an intermediate key according to the public key of the second network device and the private key of the terminal device, and then generates a symmetric key according to the intermediate key and the fixed string.
  • the fixed string can be pre-configured in the terminal device.
  • the key-related parameter includes a ciphertext of a symmetric key, wherein the ciphertext of the symmetric key is obtained according to the public key of the second network device, and the terminal device can obtain the symmetric key according to the following manner:
  • the terminal device generates a symmetric key according to a random key generation algorithm; or, optionally, the terminal device generates a symmetric key according to a random number, a permanent key, and a key derivation function (KDF). .
  • KDF key derivation function
  • the key related parameter includes the ciphertext of the first security algorithm, wherein the ciphertext of the first security algorithm is obtained according to the public key of the second network device.
  • the above technical solution helps to improve the security of transmitting the first security algorithm.
  • the first security algorithm is determined by the terminal device according to a pre-configured policy.
  • the initial NAS message is a registration request message.
  • the terminal device after receiving the protected downlink NAS message from the first network device, decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message.
  • the downlink NAS message may be a registration accept message or a NAS SMC message.
  • the above technical solution helps to improve the security of transmitting a registration accept message or a NAS SMC message.
  • the terminal device receives the protected downlink NAS message from the first network device, where the downlink NAS message includes a second security algorithm, and the terminal device can be configured according to the symmetric key and the first security algorithm.
  • the protected downlink NAS message is decrypted, the downlink NAS message is obtained, and then the second security algorithm is obtained from the downlink NAS message.
  • the terminal device according to the The second security algorithm verifies the integrity of the protected downlink NAS message. If the first network device performs integrity protection on the downlink NAS message, the terminal device checks the integrity of the downlink NAS message according to the second security algorithm.
  • the downlink NAS message is a registration accept message.
  • the first network device in the foregoing solution can send the second security algorithm to the terminal device by using the registration accept message, so that the NAS SMC message can be transmitted to the terminal device, which helps save signaling overhead.
  • the second security algorithm is a security algorithm selected by the first network device.
  • the terminal device receives the protected downlink NAS message from the first network device, and verifies the integrity of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message may be Downward rejection message.
  • the foregoing technical solution can verify the integrity of the downlink reject message, and help the terminal device determine whether the downlink reject message is forged or falsified, and reduce the possibility that the terminal device enters a Deny of Service (DoS) state. .
  • DoS Deny of Service
  • the first network device is an access management function (AMF)
  • the second network device is a unified data management (UDM) entity, or an authentication service function (Authentication server function, AUSF) entity.
  • AMF access management function
  • UDM unified data management
  • AUSF authentication service function
  • the second aspect, the method for message protection in the embodiment of the present application includes:
  • the second network device receives the key related parameter from the terminal device, obtains a symmetric key according to the key related parameter, and then sends a symmetric key to the first network device, wherein the key related parameter is used to obtain a symmetric key, and the symmetric The key is used to secure the initial NAS message.
  • the second network device can send the symmetric key to the first network device, so that the first network device can obtain the initial NAS message according to the symmetric key.
  • the key related parameters include the public key of the terminal device; the second network device obtains the symmetric key according to the following manner:
  • the second network device generates a symmetric key according to the public key of the terminal device and the private key of the second network device.
  • the second network device generates a symmetric key according to the public key of the terminal device and the private key of the second network device.
  • a possible design is:
  • the second network device generates an intermediate key according to the public key of the terminal device and the private key of the second network device, and then generates a symmetric key according to the intermediate key and the fixed string.
  • the fixed string may be pre-configured in the second network device.
  • the key related parameters include the ciphertext of the symmetric key; the second network device obtains the symmetric key according to the following manner:
  • the second network device decrypts the ciphertext of the symmetric key according to the private key of the second network device to obtain a symmetric key.
  • the key related parameter includes the ciphertext of the first security algorithm; the second network device decrypts the ciphertext of the first security algorithm according to the public key of the second network device, to obtain the first security algorithm, And transmitting the first security algorithm to the first network device.
  • the above technical solution helps to improve the security of the first security algorithm transmission.
  • the first network device is an AMF entity
  • the second network device is a UDM entity, or an AUSF entity.
  • the third aspect, the method for message protection in the embodiment of the present application includes:
  • the first network device receives the protected initial NAS message from the terminal device; and receives the symmetric key from the second network device; and then obtains the initial NAS message according to the symmetric key and the first security algorithm.
  • the security of the initial NAS message transmission is improved, and the initial solution is reduced compared with the prior art solution.
  • the complexity of NAS messages for security protection and helps improve the access efficiency of terminal devices.
  • the first network device receives the first security algorithm from the second network device.
  • the above technical solution helps to improve the security of the first security algorithm transmission.
  • the initial NAS message is a registration request message.
  • the first network device obtains the protected downlink NAS message according to the symmetric key and the first security algorithm; and sends the protected downlink NAS message to the terminal device.
  • the above technical solution helps to improve the security of transmitting downlink NAS messages.
  • the downlink NAS message is a registration accept message or a NAS SMC message.
  • the first network device obtains the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm;
  • the network device performs integrity protection on the ciphertext of the downlink NAS message according to the second security algorithm, obtains the protected downlink NAS message, and sends the protected downlink NAS message to the terminal device.
  • the first network device in the foregoing solution can send the second security algorithm to the terminal device by using the registration accept message, so that the NAS SMC message can be transmitted to the terminal device, which helps save signaling overhead.
  • the second security algorithm is a security algorithm selected by the first network device.
  • the first network device performs integrity protection on the downlink NAS message according to the second security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; then the first network device Obtaining the protected downlink NAS message according to the symmetric key and the first security algorithm, where the protected downlink NAS message is the ciphertext of the integrity protected downlink NAS message; finally, the first network device sends the protected downlink device to the terminal device Downstream NAS message.
  • the first network device in the foregoing solution can send the second security algorithm to the terminal device by using the registration accept message, so that the NAS SMC message can be transmitted to the terminal device, which helps save signaling overhead.
  • the second security algorithm is a security algorithm selected by the first network device.
  • the first network device performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm, obtains the protected downlink NAS message, and then sends the protected downlink NAS to the terminal device.
  • the message, wherein the downlink NAS message may be a registration reject message.
  • the foregoing technical solution can perform integrity protection on the downlink reject message, and helps the terminal device determine whether the received downlink reject message is forged or falsified, and reduces the possibility that the terminal device enters the DoS state.
  • the first network device is an AMF entity
  • the second network device is a UDM entity, or an AUSF entity.
  • the device for protecting a message in the embodiment of the present application may be a terminal device or a chip in the terminal device.
  • the device has the function of implementing the first aspect and the technical solutions of the various possible designs of the first aspect. This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the apparatus includes a processing unit and a communication unit, the processing unit may be, for example, a processor, the communication unit may be, for example, a transceiver, and the transceiver may include a radio frequency circuit.
  • the processing unit is configured to obtain the protected initial NAS message according to the symmetric key and the first security algorithm, the communication unit is configured to send the protected initial NAS message to the first network device, and send the key related parameter to the second network device. Where the key related parameter is used to obtain a symmetric key.
  • the apparatus includes a processor and a memory, wherein the memory is for storing a program, and the processor is configured to call a program stored in the memory to implement the first aspect and any of the possible designs of the first aspect The method of message protection.
  • the processor can transmit or receive data through an input/output interface, a pin or a circuit.
  • the memory can be a register, a cache, etc. within the chip.
  • the memory may also be a memory unit located outside the chip in the terminal device, such as a read-only memory (ROM), other types of static storage devices that can store static information and instructions, and random access memory (random Access memory, RAM), etc.
  • ROM read-only memory
  • RAM random access memory
  • the processor mentioned in any of the above may be a general central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more An integrated circuit for controlling a program for performing the method of message protection of any of the above-described first aspect or any of the first aspects.
  • CPU central processing unit
  • ASIC application-specific integrated circuit
  • the apparatus for message protection in the embodiment of the present application may be a network device or a chip in the network device.
  • the device has the function of realizing the technical solutions of the above-mentioned second aspect and the respective possible designs of the second aspect. This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the device comprises a processing unit and a communication unit
  • the processing unit may be, for example, a processor
  • the communication unit may be, for example, a communication interface, optionally, the processor and the communication interface may be through an optical fiber, a twisted pair, or the like.
  • the communication unit may also be a transceiver.
  • the transceiver may include a radio frequency circuit.
  • the processor and the transceiver may be connected by wireless means such as wireless fidelity (WIFI).
  • WIFI wireless fidelity
  • the communication unit is configured to receive a key related parameter from the terminal device, the key related parameter is used to obtain a symmetric key, the symmetric key is used to secure the initial NAS message, and the processing unit is configured to use the key related parameter according to the key A symmetric key is obtained, and the communication unit is further configured to send a symmetric key to the first network device.
  • the apparatus includes a processor and a memory, wherein the memory is for storing a program, and the processor is configured to call a program stored in the memory to implement the second aspect and any of the possible designs of the second aspect The method of message protection.
  • the processor can send or receive data through an input/output interface, a pin or a circuit.
  • the memory can be a register, a cache, etc. within the chip.
  • the memory can also be a memory unit external to the chip within the network device, such as a ROM, other types of static storage devices that can store static information and instructions, RAM, and the like.
  • the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more messages for controlling the execution of any of the above second aspect or the second aspect.
  • a method of protecting the integrated circuit of the program may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more messages for controlling the execution of any of the above second aspect or the second aspect.
  • the apparatus for message protection in the embodiment of the present application may be a network device or a chip in the network device.
  • the device has the function of realizing the technical solutions of the various possible designs of the third aspect and the third aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software.
  • the hardware or software includes one or more modules corresponding to the functions described above.
  • the device comprises a processing unit and a communication unit
  • the processing unit may be, for example, a processor
  • the communication unit may be, for example, a communication interface
  • the processor and the communication interface may be through an optical fiber, a twisted pair, or the like.
  • the communication unit may also be a transceiver, and the transceiver may include a radio frequency circuit.
  • the processor and the transceiver may be connected by wireless means such as WIFI.
  • the communication unit is configured to receive the protected initial NAS message from the terminal device, and receive a symmetric key from the second network device, where the processing unit is configured to obtain the initial NAS message according to the symmetric key and the first security algorithm.
  • the apparatus includes a processor and a memory, wherein the memory is for storing a program, and the processor is configured to call a program stored in the memory to implement the third aspect and any one of the possible designs of the third aspect The protection method of the message.
  • the processor can transmit or receive data through an input/output interface, a pin or a circuit.
  • the memory can be a register, a cache, etc. within the chip.
  • the memory can also be a memory unit external to the chip within the network device, such as a ROM, other types of static storage devices that can store static information and instructions, RAM, and the like.
  • the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more messages for controlling the possible design of any of the above third aspect or the third aspect.
  • a method of protecting the integrated circuit of the program may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more messages for controlling the possible design of any of the above third aspect or the third aspect.
  • the embodiment of the present application further provides a computer readable storage medium storing a program, when the program is run on a computer, causing the computer to execute the method described in the above aspects.
  • the present application also provides a computer program product comprising a program, which when executed on a computer, causes the computer to perform the method described in the above aspects.
  • the embodiment of the present application further provides a communication system, including any one of the possible aspects of the fourth aspect or the fourth aspect, the device of any one of the fifth aspect or the fifth aspect, and A device of any of the possible aspects of the sixth or sixth aspect.
  • FIG. 1 is a schematic diagram of a possible network architecture applicable to an embodiment of the present application
  • FIG. 2 is a schematic diagram of another possible network architecture applicable to an embodiment of the present application.
  • FIG. 3 is a schematic flowchart diagram of a method for message protection according to an embodiment of the present disclosure
  • FIG. 4 is a schematic flowchart diagram of another method for message protection according to an embodiment of the present disclosure.
  • FIG. 5 is a schematic flowchart of another method for message protection according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic flowchart of a method for message protection according to an embodiment of the present disclosure.
  • FIG. 7 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure.
  • FIG. 8 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure.
  • FIG. 9 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure.
  • FIG. 10 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure.
  • FIG. 11 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure.
  • FIG. 12 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure.
  • 13a and 13b are schematic diagrams of a communication system provided by an embodiment of the present application.
  • the network architecture is the 4th Generation mobile communication technology (4G) network architecture.
  • the network elements in the 4G architecture include a terminal device, a mobility management entity (MME), a serving GPRS support node (SGSN), a home subscriber server (HSS), and a service gateway ( Serving gateway, S-GW), packet data network gateway (PDN gateway, P-GW), policy and charging rules function (PCRF) entity, evolved universal terrestrial radio access Evolved universal terrestrial radio access network (E-TURAN).
  • MME mobility management entity
  • SGSN serving GPRS support node
  • HSS home subscriber server
  • PCRF policy and charging rules function
  • E-TURAN evolved universal terrestrial radio access Evolved universal terrestrial radio access network
  • the E-UTRAN is composed of a plurality of evolved base stations (eNodeBs), and the eNodeBs are interconnected by an X2 interface.
  • the eNodeB and the evolved packet core (EPC) are interconnected through an S1 interface, and the eNodeB and the terminal are connected.
  • the devices are interconnected via LTE-Uu.
  • the main functions of the MME are to support NAS messages and their security, management of track area (TA) lists, selection of P-GW and S-GW, selection of MMEs when switching across MMEs, and access to 2G/3G access systems.
  • TA track area
  • P-GW and S-GW selection of MMEs when switching across MMEs
  • 2G/3G access systems access to 2G/3G access systems.
  • SGSN selection terminal device authentication, roaming control, and bearer management, and mobility management between core network nodes of different access networks of the 3rd generation partnership project (3GPP) are performed.
  • 3GPP 3rd generation partnership project
  • the S-GW is a gateway terminated on the E-UTRAN interface. Its main functions include: acting as a local anchor point when performing inter-base station handover, and assisting in completing the reordering function of the base station; as a mobile when switching between 3GPP different access systems sexual anchor; perform lawful interception; perform routing and forwarding of data packets; perform packet marking at the upstream and downstream transport layers; and be used for inter-operator billing.
  • the P-GW is a gateway that terminates the PDN to the SGi interface. If the terminal device accesses multiple PDNs, the terminal device will correspond to one or more P-GWs.
  • the main functions of the P-GW include a packet filtering function based on the terminal device, a lawful interception function, an internet protocol (IP) address allocation function between the networks of the terminal devices, and a packet transmission level in the uplink. Marking, performing uplink and downlink service level charging and service level threshold control, and performing service-based uplink and downlink rate control.
  • IP internet protocol
  • the HSS is a database for storing terminal device subscription information, and the home network may include one or more HSSs.
  • the HSS is responsible for storing information related to the terminal device, such as terminal device identification, numbering and routing information, security information, location information, profile information, and the like.
  • the SGSN can be used for signaling interaction when the 2G/3G and E-UTRAN 3GPP access networks move, including the selection of the P-GW and the S-GW, and the terminal equipment for switching to the E-UTRAN 3GPP access network.
  • the selection of the MME is performed.
  • the PCRF entity terminates on the Rx interface and the Gx interface.
  • HPLMN public land mobile network
  • IP-connectivity access IP-connectivity access
  • Network IP-CAN session related
  • the traffic flow is local grooming, there may be two PCRFs associated with the IP-CAN session of a terminal device.
  • a terminal device is a wireless transceiver function that can be deployed on land, indoors or outdoors, handheld or on-board; it can also be deployed on the water (such as ships); it can also be deployed in the air (such as airplanes, balloons). And satellites, etc.).
  • the terminal device may be a user equipment (UE), a mobile phone, a tablet, a computer with wireless transceiver function, a virtual reality (VR) terminal, and augmented reality.
  • AR AR
  • wireless terminal in industrial control wireless terminal in self driving, wireless terminal in remote medical, wireless terminal in smart grid, A wireless terminal in a transportation safety, a wireless terminal in a smart city, a wireless terminal in a smart home, and the like.
  • FIG. 2 is a schematic diagram of another possible network architecture applicable to the embodiments of the present application.
  • the network architecture is the 5th Generation mobile communication technology (5G) network architecture.
  • the 5G architecture may include a terminal device, a radio access network (RAN), an AMF entity, a session management function (SMF) entity, a user plane function (UPF) entity, a UDM entity, Authentication server function (AUSF) entity, data network (DN).
  • the 5G network architecture may include an authentication credential Repository and Processing Function (ARPF) entity and a security anchor function (SEAF) in addition to the network element as shown in FIG. Entity, subscription identifier de-concealing function (SIDF) entity, etc.
  • ARPF authentication credential Repository and Processing Function
  • SEAF security anchor function
  • the main function of the RAN is to control the terminal device to access the mobile communication network through wireless.
  • the RAN is part of a mobile communication system. It implements a wireless access technology. Conceptually, it resides between devices (such as mobile phones, a computer, or any remote controller) and provides connectivity to its core network.
  • the RAN device includes, but is not limited to, (g nodeB, gNB), evolved node B (eNB), radio network controller (RNC), node B (node B, NB) in 5G, Base station controller (BSC), base transceiver station (BTS), home base station (for example, home evolved node B, or home node B, HNB), baseband unit (BBU), transmission A transmitting and receiving point (TRP), a transmitting point (TP), a mobile switching center, and the like may further include a wireless fidelity (wifi) access point (AP) and the like.
  • g nodeB, gNB evolved node B
  • RNC radio network controller
  • node B node B
  • BSC Base station controller
  • BTS base transceiver station
  • HNB home node B
  • BBU baseband unit
  • TRP transmitting and receiving point
  • TP transmitting point
  • AP wireless fidelity
  • the AMF entity is responsible for access management and mobility management of the terminal device. In practical applications, it includes the mobility management function of the MME in the 4G network framework and adds the access management function.
  • the SMF entity is responsible for session management, such as user session establishment.
  • the UPF entity is a functional network element of the user plane, and is mainly responsible for connecting to an external network, which includes related functions of the SGW and the P-GW in the 4G network architecture.
  • the DN is responsible for providing services for the terminal devices. For example, some DNs provide Internet access for terminal devices, and other DNs provide SMS functions for terminal devices.
  • the AUSF entity has an authentication service function for terminating the authentication function of the SEAF request.
  • the UDM entity can store subscription information of the terminal device and implement a backend similar to the HSS in 4G.
  • the ARPF entity has an authentication credential storage and processing function for storing a long-term authentication credential of the UE, such as a permanent key K.
  • a long-term authentication credential of the UE such as a permanent key K.
  • ARPF can be incorporated into UDM entities.
  • the SEAF entity is used to complete the authentication process for the terminal device.
  • the function of the SEAF can be incorporated into the AMF entity.
  • the SIDF entity can resolve the identity information of the subscriber, for example, obtaining a subscription permanent identifier (SUPI) according to a subscription concealed identifier (SUCI).
  • SUPI subscription permanent identifier
  • SUCI subscription concealed identifier
  • terminal device For the terminal device, refer to the terminal device in the network architecture shown in FIG. 1.
  • the embodiment of the present application is applicable to the 4G network architecture shown in FIG. 1 and to the 5G network architecture shown in FIG. 2 .
  • the first network device may be a mobility mobility management function entity for managing the terminal device, or may be a chip in the mobility management function entity or the mobility management function entity, for example, the MME in the 4G, 5G.
  • the second network device may be a private key for storing the network device, or a storage function entity for decrypting a message encrypted according to the public key of the network device, or a chip within the functional entity, for example, HSS in 4G, APRF entity in 5G, or AUSF entity, or SIDF entity, or UDM entity.
  • the embodiments of the present application are described by using the first network device as the mobility management function entity and the second network device as the storage function entity as an example, which is not limited.
  • the method provided by the embodiments of the present application can protect not only the complete initial NAS message but also some fields of the initial NAS message.
  • embodiments of the present application are described by taking a complete initial NAS message as an example.
  • the MAC may be replaced with the ciphertext of the initial NAS message part field, the MAC of the initial NAS message part field, and the MAC of the ciphertext of the initial NAS message part field, which are not limited.
  • a schematic flowchart of a method for message protection provided by an embodiment of the present application includes the following steps:
  • Step 301 The terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm.
  • the initial NAS message may be the first NAS message sent to the mobility management function entity during the process in which the terminal device accesses the mobility management function entity.
  • the initial NAS message may be a registration request (RR) message, an attach request message, or a tracking area update (TAU) update request (TAU request) message.
  • RR registration request
  • TAU tracking area update
  • the symmetric key may be an encryption key or an integrity protection key, and may also include an encryption key and an integrity protection key.
  • the symmetric key is an encryption key
  • the first security algorithm is an encryption algorithm
  • the symmetric key is an integrity protection key
  • the first security algorithm is an integrity protection algorithm
  • the symmetric key includes an encryption key.
  • the key and integrity protection keys, the first security algorithm includes an encryption algorithm and an integrity protection algorithm.
  • the encryption involved in the present application is used to obtain the true content of the message to be expressed by the third party after the message content sent by the target receiver is not known by the third party.
  • the integrity protection is used to ensure that the content of the message received by the target recipient has not been tampered with by the third party, consistent with the message sent by the sender to the intended recipient.
  • the protected initial NAS message may be the ciphertext of the initial NAS message; when the symmetric key is the integrity protection key, the first When a security algorithm is an integrity protection algorithm, the protected initial NAS message may be a message authentication code (MAC) of the initial NAS message and the initial NAS message; when the symmetric key includes an encryption key and an integrity protection secret At the time of the key, the protected initial NAS message may be the ciphertext and MAC of the initial NAS message, where the MAC may be the MAC of the ciphertext of the initial NAS message, or the MAC is the MAC of the initial NAS message, and further, when the symmetric key includes encryption When the key and the integrity protection key are used, the protected initial NAS message may also be the ciphertext of the integrity-protected initial NAS message, where the encrypted content in the ciphertext of the integrity-protected initial NAS message includes the initial NAS message.
  • MAC message authentication code
  • the MAC of the initial NAS message is the MAC of the ciphertext of the initial NAS message or the MAC of the initial NAS message and the terminal device is the beginning
  • the integrity protection of the NAS message is related to the integrity protection of the ciphertext of the initial NAS message, and whether the MAC is encrypted in the case of performing integrity protection on the initial NAS message, and is implemented by the terminal device in specific implementation. The internal implementation is determined.
  • the symmetric key may be pre-configured on the terminal device, or the symmetric key may be generated by the terminal device.
  • the method for generating a symmetric key is provided in the application, and may be applied to a case where a symmetric key generation algorithm is pre-configured on the terminal device, and may also be applied when the symmetric key is pre-configured in the terminal device. .
  • the first way for the terminal device to generate a symmetric key is as follows:
  • the terminal device generates a symmetric key according to the public key of the storage function entity and the private key of the terminal device. It should be noted that the terminal device can generate the public key and the private key of the terminal device according to the pre-configured asymmetric parameters.
  • the algorithm for generating the public key and the private key of the terminal device can be an elliptic curve complete encryption method (elliptic curve). Integrated encryption scheme, ECIES).
  • the following describes the manner in which the terminal device generates a symmetric key.
  • Example 1 The terminal device directly generates a symmetric key according to the public key of the storage function entity and the private key of the terminal device.
  • the algorithm for generating a symmetric key may be a key agreement function (KAF) pre-configured on the terminal device.
  • the symmetric key generated in the first example may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or, optional
  • the symmetric key generated in Example 1 can be used both as an encryption key and as an integrity protection key. It can be applied to symmetric keys including encryption keys and integrity protection keys, and encryption keys and integrity.
  • the terminal device may directly generate the symmetric key 1 and the symmetric key 2 according to the public key of the storage function entity and the private key of the terminal device for different private keys.
  • the terminal device may use the symmetric key 1 as an encryption key, and the symmetric key 2 may be used as an integrity protection key.
  • the terminal device includes two or more private keys, which may be applied to the symmetric key. The encryption key and the integrity protection key, and the encryption key and the integrity protection key are different.
  • Example 2 The terminal device generates an intermediate key according to the public key of the storage function entity and the private key of the terminal device, and then generates a symmetric key according to the intermediate key and the fixed string.
  • the fixed character string may be pre-configured on the terminal device and the network side (such as a storage function entity), or pre-configured on the terminal device or the network side. Specifically, the terminal device and the network side may pre-configure one or more fixed character strings. In a case where multiple fixed character strings are pre-configured, the terminal device may select at least one fixed character string according to a preset algorithm or rule, for example, Select at least one fixed string randomly, or select one or more fixed strings in a certain priority order.
  • the fixed string can be "NAS”, “INITIAL”, “INITIAL NAS”, “SUPI”, “INITIAL ENC”, “INITIAL NAS ENC”, “INITIAL INT”, “INITIAL NAS INT”, etc.
  • the method for generating the intermediate key in the second example is similar to the method for generating the symmetric key.
  • the algorithm for generating the intermediate key may be a KAF pre-configured at the terminal device.
  • the symmetric key generated in the second example may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or Alternatively, the symmetric key generated in the second example can be used as an encryption key or as an integrity protection key, and can be applied to a symmetric key including an encryption key and an integrity protection key, and an encryption key and integrity. If the protection key is the same, or alternatively, the terminal device may separately generate the symmetric key 1 and the symmetric key according to the public key of the storage function entity and the private key of the terminal device for different private keys. And then generate a symmetric key according to the intermediate key 1 and the fixed string 1.
  • a symmetric key 2 according to the intermediate key 2 and the fixed string, and directly use the symmetric key 1 as the encryption key and the symmetric key 2 as the integrity.
  • Protection key where the terminal device has two or more private keys, which can be applied to the symmetric key including the encryption key and the integrity protection key, and the encryption key and the integrity protection key.
  • the terminal device generates an intermediate key according to the public key of the storage function entity and the private key of the terminal device, and then the terminal device can select the encryption key and the integrity protection key.
  • Two different fixed strings such as fixed string 1 and fixed string 2.
  • fixed string 1 can be "ENC”, “KEY ENC”, “INIITIAL ENC”, etc.
  • fixed string 2 can be " INT”, “KEY INT”, “INIITIAL INT”, etc., and generate a symmetric key 1 based on the fixed string 1 and the intermediate key, and generate a symmetric key 2 based on the fixed string 2 and the intermediate key, which will be symmetric Key 1 is used as the encryption key, and symmetric key 2 is used as the integrity protection key.
  • the terminal device may have one or more private keys, which may be applied to the symmetric key including the encryption key and the integrity protection key, and The encryption key and the integrity protection key are different.
  • an optional manner is: the terminal device directly sends the public key of the terminal device to the storage function entity, in which case the storage function entity is based on the public key and storage of the terminal device.
  • the private key of the functional entity generates an intermediate key, and then generates a symmetric key according to the intermediate key and the symmetric string;
  • another optional manner is: the terminal device sends the generated intermediate key to the storage function entity, and the storage function
  • the entity can directly generate a symmetric key according to the intermediate key and the fixed string, which reduces the step of the storage function entity to generate a symmetric key, and helps improve communication efficiency.
  • An optional method is: the terminal device encrypts the symmetric key according to the public key of the storage function entity, and then sends the ciphertext of the symmetric key to the storage function entity.
  • the storage function entity only needs to A symmetric key is obtained by decrypting the ciphertext of the symmetric key by storing the private key of the functional entity.
  • the parameters sent by the specific terminal device to the storage function entity are determined by a pre-configured algorithm or policy in the terminal device.
  • Example 3 The terminal device generates a temporary key 1 according to the public key of the storage function entity and the private key of the terminal device, and then generates a temporary key 2 based on the temporary key 1 and further key derivation based on the pre-configured KDF.
  • the terminal device directly uses the temporary key 2 as a symmetric key; or, the terminal device cuts the length of the temporary key 1 or the temporary key 2 to a pre-configured length according to a pre-configured truncted function. Get a symmetric key.
  • the symmetric key generated in the third example may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or
  • the terminal device generates an encryption key or an integrity protection key according to the symmetric key and the fixed string generated in the third example.
  • the fixed string may be “NAS”, “INITIAL”, “INITIAL NAS”, etc.
  • the symmetric key generated in Example 3 can be used as an encryption key or as an integrity protection key, and can be applied to a symmetric key including an encryption key and an integrity protection key, and encrypted.
  • the terminal device can use the private key 1 and the private key 2 to generate the symmetric key 1 and the symmetric key 2 respectively according to the method in the third example, and then directly
  • the symmetric key 1 is used as the encryption key
  • the symmetric key 2 is used as the integrity protection key.
  • the terminal device has two or more private keys, which can be applied to the symmetric key including the encryption key. If the key and the integrity protection key are different, and the encryption key and the integrity protection key are different; or alternatively, the terminal device generates a temporary key according to the public key of the storage function entity and the private key of the terminal device.
  • the terminal device can select two different fixed string, such as fixed string 1 and fixed string 2, specifically, fixed string 1 can be “ENC” , “KEY ENC”, “INIITIAL ENC”, etc., fixed string 2 can be “INT”, “KEY INT”, “INIITIAL INT”, etc., and based on fixed string 1 and temporary key 1, based on pre-set KDF
  • fixed string 1 can be "ENC” , "KEY ENC”, “INIITIAL ENC”, etc.
  • fixed string 2 can be "INT”, “KEY INT”, “INIITIAL INT”, etc.
  • a symmetric key 1 is generated, and according to the fixed character string 2 and the intermediate key, based on the preset KDF for further key derivation, a symmetric key 2 is generated, and the symmetric key 1 is used as the encryption key.
  • the key, the symmetric key 2 is used as an integrity protection key, wherein the terminal device has one or more private keys, which can be applied to the symmetric key including the encryption key and the
  • the second way for the terminal device to generate a symmetric key is as follows:
  • the terminal device generates a symmetric key according to a random key generation algorithm.
  • the random key generation algorithm is pre-configured on the terminal device. Specifically, the terminal device generates a key that satisfies the required length of the random key generation algorithm according to a pre-configured random key generation algorithm, and uses the key as a symmetric key.
  • the symmetric key generated in the second mode may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or, optional
  • the symmetric key generated in the second method can be used as both an encryption key and an integrity protection key, and can be applied to a symmetric key including an encryption key and an integrity protection key, and an encryption key and integrity.
  • the symmetric key generated by the terminal device according to the pre-configured random key generation algorithm may include a symmetric key 1 and a symmetric key 2, wherein the terminal device may use the symmetric key 1 as an encryption key and symmetric key 2 as an integrity protection key, which can be applied to a case where a symmetric key includes an encryption key and an integrity protection key; or, alternatively, the terminal device can be pre-configured according to a random key generation algorithm, generating a temporary key 4, and then generating an encryption key based on the KDF based on the temporary key 4 and the pre-configured first fixed string, according to the temporary 4 and the second fixed key pre-configured string, generate an integrity protection key based KDF, may be applied to the symmetric key comprises an encryption key and an integrity protection key case.
  • the third way for the terminal device to generate a symmetric key is:
  • the terminal device generates a symmetric key according to the random number, the permanent key, and the KDF.
  • the permanent key and the KDF are pre-configured in the terminal device, and the random number is randomly generated by the terminal device.
  • the symmetric key generated in the third mode may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or, optional
  • the symmetric key generated in the third method can be used as both an encryption key and an integrity protection key, and can be applied to a symmetric key including an encryption key and an integrity protection key, and an encryption key and integrity. If the protection key is the same, or alternatively, the terminal device may respectively generate an encryption key and an integrity protection key according to different random numbers according to different random numbers, and may be applied to the symmetric key including the encryption key.
  • the terminal device may generate an encryption key based on the KDF based on the permanent key, the random number and the pre-configured first fixed string, and according to the permanent key, Random number and pre-configured second fixed string, based on KDF to generate integrity protection key, can be applied to symmetric key including encryption key and integrity protection secret in the case of.
  • the first security algorithm in the embodiment of the present application may be pre-configured in the terminal device, and the terminal device determines the policy according to the pre-configured policy, where the optional pre-configured policy is sent by the network side device to the terminal device, where the network
  • the side device may be a mobility management function entity that the terminal device needs to access in the embodiment of the present application, or may be another mobility management function entity that the terminal device in the network has accessed, for example, when the terminal device accesses the mobility management entity for the first time.
  • the pre-configured policy can be sent to other mobility management function entities that the terminal device in the network has accessed.
  • the pre-configured policy can also be manually configured in the terminal device.
  • the first security algorithm may be a security algorithm pre-configured in the terminal device, optionally, if the terminal device is pre-configured When multiple security algorithms are configured, the first security algorithm may be one of a plurality of pre-configured security algorithms. How the specific terminal device selects the first security algorithm from multiple pre-configured security algorithms is The internal implementation of the terminal device is determined. If the terminal device accesses the mobility management function entity for the Nth time, where N is an integer greater than or equal to 2, the first security algorithm may be used by the terminal device when accessing the mobility management entity (N-1) times. Security algorithm.
  • the pre-configured policy may be pre-configured in the terminal device at the factory. For example, the pre-configured policy may be the highest priority security algorithm in the security algorithm.
  • Step 302 The terminal device sends the protected initial NAS message to the mobility management function entity, and sends a key related parameter to the storage function entity, where the key related parameter is used to obtain a symmetric key.
  • the terminal device directly sends the key related parameter to the storage function entity; in another possible implementation manner, the terminal device transparently transmits the key related parameter to the storage function entity through the mobility management function entity, for example, the terminal The device may send the key related parameters along with the protected initial NAS message to the mobility management functional entity.
  • the key related parameter includes the public key of the terminal device; if the symmetric key is generated according to the random key generation algorithm, Or the symmetric key is generated according to the random number, the permanent key, and the KDF, and the key related parameter includes the ciphertext of the symmetric key, wherein the ciphertext of the symmetric key is obtained according to the public key of the storage function entity, and the specific The terminal device encrypts the symmetric key according to the public key of the storage function entity, and obtains the ciphertext of the symmetric key.
  • the key related parameter further includes a first security algorithm, or a ciphertext of the first security algorithm, where the first security
  • the ciphertext of the algorithm is obtained according to the public key of the storage function entity.
  • the terminal device encrypts the first security algorithm according to the public key of the storage function entity, and obtains the ciphertext of the first security algorithm.
  • the mobility management function entity may obtain the initial NAS message according to the symmetric key and its pre-configured security algorithm, and usually move
  • the pre-configured security algorithms in the management function entity include pre-configured security algorithms in the terminal device.
  • Step 303 After receiving the key related parameter, the storage function entity obtains a symmetric key according to the key related parameter.
  • the key related parameter includes a public key of the terminal device
  • the storage function entity may generate a symmetric key according to the public key of the terminal device and the private key of the storage function entity.
  • the storage function entity generates a symmetric key according to the public key of the terminal device and the private key of the storage function entity, and the manner in which the terminal device generates the symmetric key according to the public key of the storage function entity and the private key of the terminal device is similar to This will not be repeated here.
  • the storage function entity generates an intermediate key according to the public key of the terminal device and the private key of the storage function entity, and then generates a symmetric key according to the intermediate key and the fixed string and the terminal device according to the storage function entity.
  • the public key and the private key of the terminal device generate an intermediate key, and then the symmetric key is generated according to the intermediate key and the fixed character string, and is not described here.
  • the key related parameter includes a ciphertext of a symmetric key
  • the storage function entity decrypts the ciphertext of the symmetric key according to the private key of the storage function entity to obtain a symmetric key
  • the method further includes: the storage function entity decrypts the ciphertext of the first security algorithm according to the private key of the storage function entity, and obtains the first Security algorithm.
  • Step 304 The storage function entity sends a symmetric key to the mobility management function entity.
  • the symmetric key sent by the storage function entity to the mobility management function entity may also be an intermediate key.
  • a symmetric key for obtaining the initial NAS message can then be generated by the mobility management function entity based on the intermediate key and the fixed string.
  • the mobility management function entity may generate an encryption key based on the KDF according to the intermediate key and the pre-configured first fixed character string; The key and the pre-configured second fixed string generate an integrity protection key based on the KDF.
  • the mobility management function entity may also generate a symmetric key according to the intermediate key and the fixed string in other manners. For details, refer to the manner in which the storage function entity generates a symmetric key, and details are not described herein.
  • the method further includes: the storage function entity sending the first security algorithm to the mobility management function entity.
  • Step 305 After receiving the protected initial NAS message from the terminal device and the symmetric key from the storage function entity, the mobility management function entity obtains an initial NAS message according to the symmetric key and the first security algorithm.
  • the first security algorithm may be pre-configured on the mobility management functional entity.
  • the mobility management function entity further receives the first security algorithm from the storage function entity.
  • the mobility management function entity can obtain the initial NAS message based on the following methods:
  • Manner 1 The mobility management function entity decrypts the protected initial NAS message according to the symmetric key and the first security algorithm to obtain an initial NAS message, which can be applied to the protected initial NAS message as the ciphertext of the initial NAS message.
  • the symmetric key is an encryption key
  • the first security algorithm is an encryption algorithm
  • the ciphertext of the initial NAS message is obtained according to the encryption key and the first security algorithm.
  • the mobility management function entity verifies the integrity of the initial NAS message according to the symmetric key and the first security algorithm, and may be applied to the case where the symmetric key is an integrity protection key and the first security algorithm is an integrity protection algorithm. under. Specifically, the mobility management function entity may verify the integrity of the initial NAS message according to the following manner: since the protected initial NAS message is the MAC of the initial NAS message and the initial NAS message, the mobility management function entity may be based on the symmetric key, The first security algorithm and the received initial NAS message generate a new MAC.
  • the mobility management function entity verifies that the integrity of the initial NAS message is successful; if the new MAC is The MAC in the protected initial NAS message is different, and the mobility management function entity fails to verify the integrity of the initial NAS message.
  • Manner 3 The mobility management function entity verifies the integrity of the ciphertext of the initial NAS message according to the integrity protection key and the integrity protection key algorithm, wherein the mobility management function entity checks the integrity of the ciphertext of the initial NAS message and The integrity of the initial NAS message is verified by the mobility management function entity in mode 2, and the description is not repeated here.
  • the mobility management function entity verifies that the integrity of the ciphertext of the initial NAS message is successful, the mobility management function entity decrypts the ciphertext of the initial NAS message according to the encryption key and the encryption algorithm to obtain an initial The NAS message; or, optionally, the mobility management function entity directly decrypts the ciphertext of the initial NAS message regardless of the verification result of the integrity protection, and the foregoing manner can be applied to the protected initial NAS message as the initial NAS message.
  • the first security algorithm includes an encryption algorithm and an integrity protection algorithm
  • a ciphertext of the initial NAS message Obtained according to the encryption key and the encryption algorithm, the MAC of the ciphertext of the initial NAS message is obtained according to the integrity protection key and the integrity protection key algorithm.
  • Mode 4 The mobility management function entity first decrypts the protected initial NAS message according to the encryption key and the encryption algorithm, obtains the initial NAS message, and then verifies the initial according to the integrity protection key and the integrity protection algorithm.
  • the integrity of the NAS message where the integrity of the initial NAS message obtained by the mobility management function entity is verified and the integrity of the mobile management function entity verifying the initial NAS message in Mode 2 is similar, and the description is not repeated here.
  • the foregoing manner may be applied to the protected initial NAS message being the protected initial NAS message being the ciphertext of the initial NAS message and the MAC of the initial NAS message, or the ciphertext of the integrity-protected initial NAS message, after integrity protection.
  • the encrypted content of the initial NAS message includes the MAC of the initial NAS message and the initial NAS message
  • the symmetric key includes an encryption key and an integrity protection key
  • the first security algorithm includes an encryption algorithm and an integrity protection algorithm.
  • the ciphertext of the initial NAS message or the integrity-protected initial NAS message is obtained according to the encryption key and the encryption algorithm.
  • the MAC of the initial NAS message is obtained according to the integrity protection key and the integrity protection key algorithm. of.
  • the terminal device performs security protection on all or part of the content in the initial NAS message according to the symmetric key and the first security algorithm, and is not allowed to secure the NAS message after receiving the NAS SMC message sent by the network device.
  • the limitation of protection not only improves the reliability of the initial NAS message transmission, but also improves the access efficiency of the terminal device.
  • step 302 may be replaced by: the terminal device sends the protected initial NAS message and the key related parameter to the storage function entity.
  • the terminal device sends the protected initial NAS message and the key related parameter to the mobility management function entity, and the mobility management function entity receives the protected initial NAS message and the key related to the terminal device.
  • the protected initial NAS message and key related parameters are transparently transmitted to the storage function entity.
  • the terminal device directly sends the protected initial NAS message and the key related parameter to the storage function entity.
  • step 303 is performed, and after step 303 is performed, steps 304 and 305 are replaced with the following: the storage function entity obtains an initial NAS message according to the symmetric key and the first security algorithm, and then sends an initial NAS message to the mobility management function entity.
  • the manner in which the storage function entity obtains the initial NAS message according to the symmetric key and the first security algorithm is similar to the manner in which the mobile management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm in step 305, and details are not described herein again. .
  • the mobile management function entity obtains the real content that needs to be transmitted in the protected initial NAS message, which is obtained on the premise that the symmetric key and the first security algorithm are acquired, when the mobile management entity obtains the initial NAS message,
  • the downlink NAS message may be securely protected according to the symmetric key and the first security algorithm, and then sent to the terminal device.
  • an optional implementation is:
  • the mobility management function entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, and then sends the protected downlink NAS message to the terminal device, where the terminal device receives the protected downlink NAS from the mobility management function entity. After the message, the downlink NAS message is obtained according to the symmetric key and the first security algorithm.
  • the mobility management entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm refer to the manner in which the terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm.
  • the terminal device obtains the downlink NAS message according to the symmetric key and the first security algorithm refer to the manner in which the mobility management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm.
  • the downlink NAS message may be a registration accept message, a registration reject message, or a NAS SMC message.
  • the downlink NAS message is a NAS SMC message or a registration accept message.
  • the mobility management function entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm.
  • the protected downlink NAS message is the ciphertext of the downlink NAS message, and then the protected downlink NAS message is sent to the terminal device, and after receiving the protected downlink NAS message, the terminal device according to the symmetric key and the first security algorithm, The protected downlink NAS message is decrypted to obtain a downlink NAS message.
  • the above manner can be applied to the case where the symmetric key includes an encryption key and the first complete algorithm includes an encryption algorithm.
  • the protected downlink NAS message may include the density of the downlink NAS message.
  • the ciphertext MAC address of the text and the downlink NAS message, or the protected downlink NAS message includes the ciphertext of the downlink NAS message and the MAC address of the downlink NAS message, or the ciphertext of the integrity-protected downlink NAS message, where the integrity is protected.
  • the content encrypted by the ciphertext of the downlink NAS message includes the MAC of the downlink NAS message and the downlink NAS message.
  • the protected downlink NAS message is a MAC of a downlink NAS message and a downlink NAS message.
  • the downlink NAS message is a registration reject message
  • the mobility management function entity performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain the protected downlink NAS message; and sends the protected downlink message to the terminal device.
  • Downstream NAS message After receiving the downlink NAS message, the terminal device checks the integrity of the downlink NAS message according to the symmetric key and the first security algorithm. The above manner can be applied to the case where the symmetric key contains an integrity protection key and the first security algorithm includes an integrity protection algorithm.
  • the mobility management function entity may reject the registration request of the terminal device, such as the SUPI cannot be found, the terminal device is invalid, and the like, the reason why the mobility management function entity rejects the registration request of the terminal device may be referred to Table 9.9 of 3GPP TS 24.301. .3.9.1.
  • the registration rejection message cannot be protected, and the registration rejection message sent by the mobility management function entity to the terminal device may be tampered with, forged, sniffed, etc., causing the terminal device to enter the DoS state.
  • the mobility management function entity may perform integrity protection and/or encryption on the registration reject message according to the symmetric key and the first security algorithm. , thereby helping to reduce the possibility of registration rejection messages being tampered with, forged, sniffed, and the like.
  • the mobility management function entity obtains the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message includes the second security algorithm, and then the mobility management function entity performs the ciphertext of the downlink NAS message according to the second security algorithm. Integrity protection, obtaining the protected downlink NAS message, and then sending the protected downlink NAS message to the terminal device.
  • the terminal device After receiving the protected downlink NAS message from the mobility management function entity, the terminal device decrypts the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, and then the terminal device receives the downlink NAS message. And obtaining the second security algorithm, and then verifying the integrity of the ciphertext of the downlink NAS message according to the second security algorithm.
  • the downlink NAS message may be a registration accept message.
  • the mobility management function entity encrypts the downlink NAS message according to the encryption key and the encryption algorithm to obtain the downlink NAS message.
  • the terminal device decrypts the ciphertext of the downlink NAS message according to the encryption key and the encryption algorithm to obtain a downlink NAS message.
  • the mobility management function entity performs integrity protection on the downlink NAS message according to the second security algorithm, and obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, where the protected downlink NAS message is integrity protected.
  • the ciphertext of the downlink NAS message is then sent to the terminal device for the protected downlink NAS message.
  • the terminal device After receiving the protected downlink NAS message from the mobility management function entity, the terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain a downlink NAS message, and then obtains the downlink NAS message.
  • the second security algorithm checks the integrity of the downlink NAS message according to the second security algorithm. Specifically, the content encrypted by the ciphertext of the integrity-protected downlink NAS message includes the MAC of the downlink NAS message and the downlink NAS message.
  • the mobility management function entity may perform integrity protection on the downlink NAS message according to the second security algorithm, obtain the MAC address of the downlink NAS message, and perform downlink on the basis of the symmetric key and the first security algorithm.
  • the NAS message is encrypted to obtain the ciphertext of the downlink NAS message.
  • the protected downlink NAS message is the ciphertext of the downlink NAS message and the MAC of the downlink NAS message. The protected downlink NAS message is then sent to the terminal device.
  • the terminal device After receiving the protected downlink NAS message from the mobility management function entity, the terminal device decrypts the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, and then obtains the downlink NAS message from the downlink NAS message.
  • the second security algorithm further checks the integrity of the downlink NAS message according to the second security algorithm.
  • the downlink NAS message may be a registration accept message, a NAS SMC message, or the like.
  • the second security algorithm includes an integrity protection algorithm.
  • the second security algorithm may further include an encryption algorithm.
  • the second security algorithm is a mobility management function entity according to the terminal device. Security capabilities and a list of pre-configured algorithms are selected.
  • the first security algorithm and the second security algorithm may be the same or different.
  • the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm are the same, and the integrity of the first security algorithm is included.
  • the protection algorithm and the second security algorithm comprise different integrity protection algorithms; or the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm are different, the integrity protection algorithm included in the first security algorithm, and the second security
  • the algorithm includes the same integrity protection algorithm; or the encryption algorithm included in the first security algorithm is the same as the encryption algorithm included in the second security algorithm, the integrity protection algorithm included in the first security algorithm, and the integrity protection included in the second security algorithm
  • the algorithm is the same; or the encryption algorithm included in the first security algorithm is different from the encryption algorithm included in the second security algorithm, and the integrity protection algorithm included in the first security algorithm is different from the integrity protection algorithm included in the second security algorithm.
  • the second security algorithm may not be carried in the downlink NAS message, or the encryption algorithm included in the first security algorithm and the encryption included in the second security algorithm If the algorithm is the same, the integrity protection algorithm included in the first security algorithm, and the integrity protection algorithm included in the second security algorithm are different, the downlink NAS message carries the second security algorithm, and the second security algorithm carried in the downlink NAS message Includes encryption algorithms that are integrity protection algorithms and are not included.
  • the terminal device After obtaining the downlink NAS message, the terminal device communicates with the mobility management function entity based on the security algorithm carried in the downlink NAS message.
  • the mobility management function entity may send the security algorithm determined by the mobility management function entity to the terminal device by using the NAS SMC message, when the mobility management function entity determines If the security algorithm is consistent with the security algorithm determined by the terminal device, the mobility management function entity may not send the NAS SMC message to the terminal device, which helps to reduce signaling interaction to a certain extent and provide communication efficiency;
  • the NAS message is a registration accept message
  • the mobility management function entity can directly negotiate the security algorithm used by the terminal device through the registration accept message, omitting the transmission of the NAS SMC message, thereby reducing the signaling interaction and improving the communication efficiency.
  • a method for message protection is provided in the embodiment of the present application.
  • the method is described by using a symmetric key, including an encryption key and an integrity protection key, as follows.
  • Step 401 The terminal device generates a first symmetric key according to the public key of the storage function entity and the private key of the terminal device, where the first symmetric key includes the first encryption key and the first integrity protection key.
  • the terminal device generates the first symmetric key
  • Step 402 The terminal device encrypts the initial NAS message according to the first encryption key and the first encryption algorithm, and obtains the ciphertext of the initial NAS message.
  • the first encryption algorithm may be pre-configured in the terminal device and the mobility management function entity.
  • Step 403 The terminal device performs integrity protection on the ciphertext of the initial NAS message according to the first integrity protection key and the first integrity protection algorithm, and obtains the MAC address of the ciphertext of the initial NAS message.
  • the first integrity protection algorithm may be pre-configured in the terminal device and the mobility management function entity.
  • Step 404 The terminal device sends the protected initial NAS message and the public key of the terminal device to the mobility management function entity.
  • the protected initial NAS message may include the ciphertext of the initial NAS message and the ciphertext of the initial NAS message.
  • Step 405 After receiving the protected initial NAS message and the public key of the terminal device, the mobility management function entity sends the public key of the terminal device to the storage function entity.
  • Step 406 After receiving the public key of the terminal device sent by the mobility management function entity, the storage function entity generates a second symmetric key according to the public key of the terminal device and the private key of the storage function entity.
  • the second symmetric key may include a second encryption key and a second integrity protection key.
  • the second encryption key and the first encryption key may be the same, and the second integrity protection key and the first The integrity protection key can be the same.
  • the storage function entity For the manner in which the storage function entity generates the second symmetric key, refer to the manner in which the storage function entity generates a symmetric key according to the public key of the terminal device and the private key of the storage function entity in the embodiment shown in FIG. Description.
  • Step 407 The storage function entity sends a second symmetric key to the mobility management function entity.
  • Step 408 After receiving the second symmetric key sent by the storage function entity, the mobility management function entity checks the integrity of the ciphertext of the initial NAS message according to the second integrity protection key and the first integrity protection algorithm.
  • the manner in which the mobility management function entity checks the integrity of the ciphertext of the initial NAS message is similar to the manner in which the integrity of the initial NAS message is verified in the message protection method in FIG. 3, and the description is not repeated here.
  • Step 409 The mobility management function entity decrypts the ciphertext of the initial NAS message according to the second encryption key and the first encryption algorithm when the integrity check of the ciphertext of the initial NAS message is successful, to obtain an initial NAS message.
  • the mobility management function entity may send a downlink NAS message to the terminal device.
  • step 410 to step 412 may be performed.
  • Step 410 The mobility management function entity obtains the protected downlink NAS message according to the second symmetric key and the first security algorithm.
  • step 410 the specific implementation manner of obtaining the protected downlink NAS in the mobile management function entity in step 410 is similar to the specific implementation manner in which the mobility management function entity obtains the protected downlink NAS message in the embodiment shown in FIG. Repeat the instructions.
  • Step 411 The mobility management function entity sends the protected downlink NAS message to the terminal device.
  • Step 412 After receiving the protected downlink NAS message, the terminal device obtains the downlink NAS message according to the second symmetric key and the first security algorithm.
  • step 412 the specific implementation manner in which the terminal device obtains the downlink NAS in step 412 is similar to the specific implementation manner in which the terminal device obtains the downlink NAS message in the embodiment shown in FIG. 3, and the description is not repeated herein.
  • the downlink NAS message may be a registration accept message, a NAS SMC message, or a registration reject message, and the specific downlink NAS message may be used by the mobility management function entity according to the actual situation or pre-configured.
  • the strategy makes a decision.
  • the second symmetric key includes a second encryption key and a second integrity protection key
  • the first security algorithm includes a first encryption algorithm and a first integrity protection algorithm
  • Security protection mode 1 The mobility management function entity uses a partial key in the second symmetric key and a corresponding partial algorithm in the first security algorithm to secure the downlink NAS message, for example, using only the first encryption algorithm and the second encryption key.
  • the key is used to secure the downlink NAS message; or the first integrity protection algorithm and the second integrity protection key are used to secure the downlink NAS message.
  • Security protection mode 2 The mobility management function entity uses the first security algorithm and the second symmetric key to perform integrity protection and encryption on the downlink NAS message.
  • Security protection mode 3 The mobility management function entity encrypts the downlink NAS message according to the first encryption algorithm and the second encryption key, and performs integrity protection on the ciphertext of the downlink NAS message or the downlink NAS message according to the second security algorithm, where The second security algorithm is selected by the mobility management function entity based on the terminal device security capability and the pre-configured algorithm list; the second security algorithm includes a second integrity protection algorithm, and the optional second security algorithm may further include a second encryption algorithm.
  • the second security algorithm is included in the downlink NAS message.
  • the specific security protection mode selected by the mobility management function entity may be determined by a pre-configured algorithm.
  • the terminal device when initially accessing the network, the terminal device performs encryption and integrity protection on the initial NAS message according to the first symmetric key and the first security algorithm, which not only improves the security of the initial NAS message transmission, but also improves the terminal. The efficiency with which the device accesses the network.
  • the mobility management function entity after obtaining the initial NAS message, the mobility management function entity also performs security protection on the downlink NAS message sent to the terminal device, thereby improving the security of the downlink NAS message transmission.
  • step 402 and step 403 may be replaced by: if the protected initial NAS message includes the ciphertext of the initial NAS message and the MAC of the initial NAS message, Then, the terminal device performs integrity protection on the initial NAS message according to the first integrity protection key and the first integrity protection algorithm, and encrypts the initial NAS message according to the first encryption key and the first encryption algorithm. There is no necessary sequence of execution between the two steps. For example, the encryption step of the initial NAS message may be performed first, then the integrity protection step of the initial NAS message may be performed, and the integrity protection step of the initial NAS message may be performed first. The encryption step of the initial NAS message.
  • step 408 and step 409 may be replaced by: after receiving the protected initial NAS message, the protected initial NAS message includes the ciphertext of the initial NAS message and the MAC of the initial NAS message, and the mobility management
  • the functional entity may first decrypt the ciphertext of the initial NAS message to obtain the initial NAS message, and then verify the integrity of the initial NAS message.
  • the embodiment shown in FIG. 4 is only described as an example.
  • the method for generating a symmetric key is given in the embodiment shown in FIG. 4, and the symmetric key may also be used in advance in the embodiment of the present application. It is configured in the terminal device, or may generate a symmetric key according to a random key generation algorithm or a random number.
  • a method for message protection according to an embodiment of the present disclosure is described by taking a symmetric key as an encryption key as an example, as follows.
  • step 501 the terminal device generates an encryption key.
  • Step 502 The terminal device encrypts the encryption key according to the public key of the storage function entity, and obtains the ciphertext of the encryption key.
  • Step 503 The terminal device encrypts the initial NAS message according to the encryption key and the first encryption algorithm, and obtains the ciphertext of the initial NAS message.
  • the first encryption algorithm may be pre-configured in the terminal device and the mobility management function entity.
  • Step 504 The terminal device sends the ciphertext of the initial NAS message and the ciphertext of the encryption key to the mobility management function entity.
  • Step 505 After receiving the ciphertext of the initial NAS message and the ciphertext of the encryption key, the mobility management function entity sends the ciphertext of the encryption key to the storage function entity.
  • Step 506 After receiving the ciphertext of the encryption key sent by the mobility management function entity, the storage function entity decrypts the ciphertext of the encryption key according to the private key of the storage function entity to obtain an encryption key.
  • Step 507 The storage function entity sends an encryption key to the mobility management function entity.
  • Step 508 After receiving the encryption key sent by the storage function entity, the mobility management function entity decrypts the ciphertext of the initial NAS message according to the encryption key and the first encryption algorithm to obtain an initial NAS message.
  • the mobility management function entity may send a downlink NAS message to the terminal device.
  • step 509 to step 511 may be performed.
  • Step 509 The mobility management function entity encrypts the downlink NAS message according to the encryption key, and obtains the ciphertext of the downlink NAS message.
  • Step 510 The mobility management function entity sends the ciphertext of the downlink NAS message to the terminal device.
  • Step 511 After receiving the ciphertext of the downlink NAS message, the terminal device decrypts the ciphertext of the downlink NAS message according to the encryption key and the first encryption algorithm to obtain a downlink NAS message.
  • the downlink NAS message may be a registration accept message, a NAS SMC message, or a registration reject message.
  • the specific downlink NAS message may be used by the mobility management function entity according to the actual situation or pre- The configured policy is determined.
  • the mobility management function entity may select a new encryption algorithm and/or an integrity protection algorithm based on the security capabilities of the terminal device and the pre-configured algorithm list, and pass the downlink NAS. The message is sent to the terminal device.
  • the mobility management function entity may perform integrity protection on the downlink NAS message based on the selected new integrity protection algorithm, and then perform step 509.
  • the initial NAS message when the terminal device initially accesses the network, can be encrypted according to the encryption key and the first encryption algorithm, which not only improves the security of the initial NAS message transmission, but also improves the efficiency of the terminal device accessing the network.
  • the mobility management function entity after obtaining the initial NAS message, the mobility management function entity also performs security protection on the downlink NAS message sent to the terminal device, thereby improving the security of the downlink NAS message transmission.
  • the embodiment shown in FIG. 5 is only described as an example.
  • the encryption key in the embodiment of the present application may also be pre- It is configured in the terminal device, or may generate an encryption key according to the private key of the terminal device and the public key of the storage function entity, or a random number.
  • the security algorithm may be pre-configured in the storage function entity, and then sent to the mobility management function entity by the storage function entity.
  • the embodiment of the present application provides a method for message protection, which is described by taking a symmetric key as an integrity protection key as an example, as follows.
  • Step 601 The terminal device generates an integrity protection key.
  • the manner of the integrity protection key generated by the terminal device refer to the manner in which the terminal device generates a symmetric key in the embodiment shown in FIG. 3, and details are not described herein again.
  • Step 602 The terminal device encrypts the integrity protection key and the first integrity protection algorithm according to the public key of the storage function entity to obtain the first ciphertext.
  • the content encrypted by the first ciphertext may include an integrity protection key and a first integrity protection algorithm.
  • the first integrity protection algorithm may be determined by the terminal device according to the pre-configured policy, and the configuration of the pre-configured policy is similar to the related description in the embodiment shown in FIG.
  • Step 603 The terminal device performs integrity protection on the initial NAS message according to the integrity protection key and the first integrity protection algorithm, and obtains the MAC of the initial NAS message.
  • Step 604 The terminal device sends the MAC address of the initial NAS message, the initial NAS message, and the first ciphertext to the mobility management function entity.
  • the first integrity protection algorithm is pre-configured in the terminal device and the mobility management function entity.
  • the terminal device does not need to encrypt and send the first integrity protection algorithm to the storage function entity.
  • Step 605 After receiving the MAC, the initial NAS message, and the first ciphertext of the initial NAS message, the mobility management function entity sends the first ciphertext to the storage function entity.
  • Step 606 After receiving the first ciphertext sent by the mobility management function entity, the storage function entity decrypts the first ciphertext according to the private key of the storage function entity, and obtains an integrity protection key and a first integrity protection. algorithm.
  • Step 607 The storage function entity sends an integrity protection key and a first integrity protection algorithm to the mobility management function entity.
  • Step 608 After receiving the integrity protection key and the first integrity protection algorithm sent by the storage function entity, the mobility management function entity checks the integrity of the initial NAS message according to the integrity protection key and the first integrity protection algorithm. .
  • the manner in which the mobility management function entity checks the integrity of the initial NAS message is similar to the manner in which the integrity of the initial NAS message is verified in the embodiment shown in FIG. 3, and the description is not repeated here.
  • the mobile management function entity may send a downlink NAS message to the terminal device when the integrity check of the received initial NAS message is successful.
  • step 609 to step 611 may be performed.
  • Step 609 The mobility management function entity performs integrity protection on the downlink NAS message according to the integrity protection key and the first integrity protection algorithm, and obtains the MAC of the downlink NAS message.
  • Step 610 The mobility management function entity sends the MAC address of the downlink NAS message and the downlink NAS message to the terminal device.
  • Step 611 After receiving the MAC address of the downlink NAS message and the downlink NAS message, the terminal device checks the integrity of the downlink NAS message according to the integrity protection key and the first integrity protection algorithm.
  • the downlink NAS message may be a registration accept message, a NAS SMC message, or a registration reject message.
  • the downlink NAS message may be used by the mobility management function entity according to the actual situation or pre- The configured policy is determined.
  • the downlink NAS message may be sent to the terminal device.
  • the mobility management function entity may first perform integrity protection on the downlink NAS message based on the selected new integrity protection algorithm. Specifically, the terminal device receives the downlink. After the MAC of the NAS message and the downlink NAS message, the new integrity protection algorithm is obtained from the downlink NAS message, and then the integrity check of the downlink NAS message is performed.
  • the terminal device performs integrity protection on the initial NAS message according to the integrity key and the first integrity algorithm when initially accessing the network, thereby improving the integrity protection of the initial NAS message, and further, the mobility management function entity
  • the downlink NAS message sent to the terminal device is also integrity-protected, and the security of the downlink NAS message transmission is improved, when the protected initial NAS message is received and the integrity check of the initial NAS message is successful.
  • FIG. 6 is only described as an example.
  • the integrity protection key in the embodiment of the present application may also be based on the private content of the terminal device.
  • the public key generation of the key and storage function entity, or a random key generation algorithm, etc. generates an integrity protection key.
  • FIG. 6 only one security algorithm is configured.
  • a security algorithm may be pre-configured in the storage function entity, and then sent to the mobility management function entity by the storage function entity.
  • each of the foregoing network elements includes a hardware structure and/or a software module corresponding to each function.
  • the present application can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present application.
  • a schematic diagram of a message protection device provided by the present application may be a terminal device or a chip or a system on a chip in a terminal device, as shown in FIG. 3 and FIG. 4 .
  • the method performed by the terminal device in any of the embodiments shown in FIGS. 5 and 6.
  • the apparatus 700 includes at least one processor 710, a memory 730.
  • the memory 730 is used to store programs, and may be a ROM or other type of static storage device that can store static information and instructions, such as RAM or other types of dynamic storage devices that can store information and instructions, or may be electrically erasable or programmable. Electrostatic erasable programmabler-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc., disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store a desired program in the form of an instruction or data structure and that can be accessed by a computer, but is not limited thereto.
  • Memory 730 can exist independently and be coupled to processor 710. Memory 730 can also be integrated with processor 710.
  • the processor 710 is configured to execute the program in the memory 730 to implement the steps performed by the terminal device in the solution of the message protection in the embodiment of the present application.
  • processor 710 can be a general purpose CPU, a microprocessor, a particular ASIC, or one or more integrated circuits for controlling the execution of the program of the present application.
  • processor 710 may include one or more CPUs, such as CPU0 and CPU1 in FIG.
  • apparatus 700 can include multiple processors, such as processor 710 and processor 711 in FIG. Each of these processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.
  • processors such as processor 710 and processor 711 in FIG.
  • processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.
  • the transceiver 720 as shown in FIG. 7 may be further included for communicating with other devices or communication networks, and the transceiver 720 includes a radio frequency circuit.
  • the processor 710, the transceiver 720, and the memory 730 are connected in the terminal device through a communication bus.
  • the communication bus can include a path for communicating information between the above units.
  • the processor 710 can transmit or receive data through an input/output interface, a pin or a circuit or the like.
  • FIG. 8 is a schematic diagram of another apparatus for message protection according to an embodiment of the present application.
  • the apparatus may be a terminal device or a chip or a system on a chip in a terminal device, and may perform the foregoing FIG. 3, FIG. 4, FIG. The method performed by the terminal device in any of the embodiments shown in FIG. 6.
  • the apparatus includes a processing unit 801 and a communication unit 802.
  • the processing unit 801 is configured to obtain a protected initial NAS message according to the symmetric key and the first security algorithm
  • the communication unit 802 is configured to send the protected initial NAS message to the first network device; and to the second network.
  • the device sends a key related parameter, wherein the key related parameter is used to obtain a symmetric key.
  • the key related parameter includes a public key of the terminal device
  • the processing unit 801 is specifically configured to generate a symmetric key according to the public key of the second network device and the private key of the terminal device.
  • the processing unit 801 is specifically configured to generate an intermediate key according to the public key of the second network device and the private key of the terminal device; and then generate a symmetric key according to the intermediate key and the fixed string.
  • the key-related parameter includes a ciphertext of the symmetric key, where the ciphertext of the symmetric key is obtained according to the public key of the second network device, and the processing unit 801 is specifically configured to generate the heap according to the random key generation algorithm.
  • the processing unit 801 is specifically configured to generate a symmetric key according to a random number, a permanent key, and a key derivation function (KDF).
  • KDF key derivation function
  • the key related parameter includes a ciphertext of the first security algorithm, where the ciphertext of the first security algorithm is obtained according to the public key of the second network device.
  • the first security algorithm is determined by the terminal device according to the pre-configured policy.
  • the initial NAS message is a registration request message.
  • the processing unit 801 is further configured to: after the communication unit 802 receives the protected downlink NAS message from the first network device, decrypt the protected downlink NAS message according to the symmetric key and the first security algorithm, to obtain The downlink NAS message, where the downlink NAS message may be a registration accept message or a NAS SMC message.
  • the communication unit 802 is further configured to receive the protected downlink NAS message from the first network device, where the downlink NAS message includes a second security algorithm, and the processing unit 801 is further configured to use the symmetric key and the first security.
  • the algorithm decrypts the protected downlink NAS message, obtains the downlink NAS message, and then obtains the second security algorithm from the downlink NAS message.
  • the second security algorithm verifies the integrity of the protected downlink NAS message. If the first network device performs integrity protection on the downlink NAS message, the integrity of the downlink NAS message is verified according to the second security algorithm.
  • the downlink NAS message is a registration accept message.
  • the communication unit 802 is further configured to receive the protected downlink NAS message from the first network device, where the processing unit 801 is further configured to verify the integrity of the downlink NAS message according to the symmetric key and the first security algorithm, where The downlink NAS message may be a downlink reject message.
  • the first network device is an AMF
  • the second network device is a UDM, or an AUSF.
  • the device may be used to implement the steps performed by the terminal device in the method for message protection in the embodiment of the present application.
  • the device may be used to implement the steps performed by the terminal device in the method for message protection in the embodiment of the present application.
  • FIG. 9 a schematic diagram of a device for message protection provided by the present application, where the device may be, for example, a chip or a system on chip in a second network device or a second network device, 3.
  • the device may be, for example, a chip or a system on chip in a second network device or a second network device, 3.
  • the apparatus 900 includes at least one processor 910, a memory 930.
  • the memory 930 is used to store programs, and may be a ROM or other types of static storage devices such as RAM or other types of dynamic storage devices that can store static information and instructions, or may be EEPROM or CD-ROM. Or other disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used to carry or store expectations in the form of instructions or data structures And any other medium that can be accessed by a computer, but is not limited thereto.
  • the memory 930 can exist independently and be coupled to the processor 910. Memory 930 can also be integrated with processor 910.
  • processor 910 is configured to execute the program in the memory 930 to implement the steps performed by the second network device in the solution of the message protection in the embodiment of the present application.
  • processor 910 can be a general purpose CPU, a microprocessor, a particular ASIC, or one or more integrated circuits for controlling the execution of the program of the present application.
  • processor 910 may include one or more CPUs, such as CPU0 and CPU1 in FIG.
  • apparatus 900 can include multiple processors, such as processor 910 and processor 911 in FIG. Each of these processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.
  • the transceiver 920 as shown in FIG. 9 may be further included for communicating with other devices or communication networks, and the transceiver 920 includes a radio frequency circuit.
  • the processor 910, the transceiver 920, and the memory 930 may be connected by a communication bus in the second network device.
  • the communication bus can include a path for communicating information between the above units.
  • the processor 910 can transmit or receive data through an input/output interface, a pin or a circuit or the like.
  • FIG. 10 is a schematic diagram of another apparatus for protecting a message according to an embodiment of the present application.
  • the apparatus may be a second network device or a chip or a system on chip in the second network device, and the foregoing FIG. 3 and FIG. 4 may be performed.
  • the apparatus includes a processing unit 1001 and a communication unit 1002.
  • the communication unit 1002 is configured to receive a key related parameter from the terminal device, and the processing unit 1001 is configured to obtain a symmetric key according to the key related parameter, and then the communication unit 1002 is further configured to send the symmetric to the first network device.
  • a key where the key related parameter is used to obtain a symmetric key, and the symmetric key is used to secure the initial NAS message.
  • the key related parameter includes a public key of the terminal device; the processing unit 1001 is specifically configured to generate a symmetric key according to the public key of the terminal device and the private key of the second network device.
  • the processing unit 1001 is specifically configured to generate an intermediate key according to the public key of the terminal device and the private key of the second network device, and then generate a symmetric key according to the intermediate key and the fixed string.
  • the key-related parameter includes a ciphertext of the symmetric key.
  • the processing unit 1001 is specifically configured to decrypt the ciphertext of the symmetric key according to the private key of the second network device to obtain a symmetric key.
  • the key-related parameter includes a ciphertext of the first security algorithm
  • the processing unit 1001 is further configured to decrypt the ciphertext of the first security algorithm according to the public key of the second network device, to obtain the first security algorithm
  • the communication unit 1002 is further configured to send a first security algorithm to the first network device.
  • the first network device is an AMF entity; the device 1000 is a UDM entity, or an AUSF entity.
  • the device may be used to implement the steps performed by the second network device in the method for message protection in the embodiment of the present application.
  • the device may be used to implement the steps performed by the second network device in the method for message protection in the embodiment of the present application.
  • FIG. 11 a schematic diagram of a device for message protection provided by the present application, where the device may be a first network device, or a chip of a first network device or a system on the top, and the foregoing 3.
  • the first network device 1100 includes at least one processor 1110 and a memory 1130.
  • the memory 1130 is used to store programs, and may be a ROM or other types of static storage devices such as RAM or other types of dynamic storage devices that can store static information and instructions, or may be EEPROM or CD-ROM. Or other disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used to carry or store expectations in the form of instructions or data structures And any other medium that can be accessed by a computer, but is not limited thereto.
  • the memory 1130 can exist independently and be coupled to the processor 1110.
  • the memory 1130 can also be integrated with the processor 1110.
  • the processor 1110 is configured to execute the program in the memory 1130 to implement the steps performed by the first network device in the solution of the message protection in the embodiment of the present application.
  • processor 1110 can be a general purpose CPU, a microprocessor, a particular ASIC, or one or more integrated circuits for controlling the execution of the program of the present application.
  • the processor 1110 may include one or more CPUs, such as CPU0 and CPU1 in FIG.
  • apparatus 1100 can include multiple processors, such as processor 1110 and processor 1111 in FIG. Each of these processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.
  • processors such as processor 1110 and processor 1111 in FIG.
  • processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.
  • the transceiver 1120 as shown in FIG. 11 may be further included for communicating with other devices or communication networks, and the transceiver 1120 includes a radio frequency circuit.
  • the processor 1110, the transceiver 1120, and the memory 1130 may be connected by a communication bus in the first network device.
  • the communication bus can include a path for communicating information between the above units.
  • the processor 1110 can transmit or receive data through an input/output interface, a pin or a circuit or the like.
  • FIG. 12 is a schematic diagram of another apparatus for protecting a message according to an embodiment of the present application.
  • the apparatus may be a first network device or a chip or a system on a chip in the first network device, and the foregoing apparatus may be implemented as shown in FIG. 3 and FIG. 4 .
  • the apparatus includes a processing unit 1201 and a communication unit 1202.
  • the communication unit 1202 is configured to receive the protected initial NAS message from the terminal device, and receive the symmetric key from the second network device.
  • the processing unit 1201 is configured to obtain the initial NAS message according to the symmetric key and the first security algorithm. .
  • the communication unit 1202 is further configured to receive a first security algorithm from the second network device.
  • the initial NAS message is a registration request message.
  • the processing unit 1201 is further configured to obtain the protected downlink NAS message according to the symmetric key and the first security algorithm, and the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.
  • the downlink NAS message is a registration accept message or a NAS SMC message.
  • the processing unit 1201 is further configured to obtain the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; the communication unit 1202 The communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device according to the second security algorithm, performing integrity protection on the ciphertext of the downlink NAS message to obtain the protected downlink NAS message.
  • the processing unit 1201 is further configured to perform integrity protection on the downlink NAS message according to the second security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm;
  • the first security algorithm obtains the protected downlink NAS message, and the protected downlink NAS message is the ciphertext of the integrity-protected downlink NAS message.
  • the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.
  • the processing unit 1201 is further configured to perform integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain the protected downlink NAS message, and then the communication unit 1202 is further configured to send to the terminal device.
  • the protected downlink NAS message, wherein the downlink NAS message may be a registration reject message.
  • the device is an AMF entity; the second network device is a UDM entity, or an AUSF entity.
  • the device may be used to implement the steps performed by the first network device in the method for message protection in the embodiment of the present application.
  • the device may be used to implement the steps performed by the first network device in the method for message protection in the embodiment of the present application.
  • FIG. 8 the manner in which the device for message protection shown in FIG. 8, FIG. 10 and FIG. 12 is divided into modules is schematic, and only one logical function is divided, and the actual implementation may have another division manner.
  • the communication unit is divided into a receiving unit, a transmitting unit, and the like.
  • the embodiment of the present application further provides a communication system, which includes the device 700, the device 900, and the device 1100.
  • the connection manner may be as shown in FIG. 13a or as shown in FIG. 13b.
  • the computer program product includes one or more computer instructions.
  • the computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device.
  • the computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.).
  • the computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media.
  • the usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a Solid State Disk (SSD)) or the like.
  • a magnetic medium eg, a floppy disk, a hard disk, a magnetic tape
  • an optical medium eg, a DVD
  • a semiconductor medium such as a Solid State Disk (SSD)
  • embodiments of the present application can be provided as a method, apparatus (device), computer readable storage medium, or computer program product.
  • the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware aspects, which are collectively referred to herein as "module” or "system.”
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method and apparatus for message protection, which relate to the technical field of communications. The method comprises: a terminal device obtaining a protected initial NAS message according to a symmetric key and a first security algorithm, and sending the protected initial NAS message to a first network device; and sending a key-related parameter to a second network device, wherein the key-related parameter is used to obtain the symmetric key. Since a terminal device can carry out security protection on an initial NAS message by means of a symmetric key and a first security algorithm, the present invention improves the transmission security of the initial NAS message, and compared with the existing technical solution, is at the same time conducive to the reduction of the complexity of carrying out security protection on the initial NAS message, and is conducive to the improvement of the access efficiency of the terminal device.

Description

一种消息保护的方法及装置Method and device for message protection

本申请中要求在2017年11月14日提交中国专利局、申请号为201711125181.0、申请名称为“一种消息保护的方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。In this application, the priority of the Chinese Patent Application entitled "Method and Apparatus for Message Protection", filed on November 14, 2017, with the application number of 201711125181.0, is hereby incorporated by reference. In the application.

技术领域Technical field

本申请涉及通信技术领域,特别涉及一种消息保护的方法及装置。The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for message protection.

背景技术Background technique

长期演进(long term evolution,LTE)中,非接入层(non-access stratum,NAS)消息的安全保护是在网络设备向终端设备发送NAS安全模式命令(security mode command,SMC)消息后激活的,对于终端设备在接收网络设备发送的NAS SMC消息之前,终端设备与网络设备之间传输的NAS消息如初始NAS消息,是没有经过安全保护的消息,因此这些消息存在被篡改或者被攻击者嗅探的风险。In long term evolution (LTE), the security protection of a non-access stratum (NAS) message is activated after the network device sends a NAS security mode command (SMC) message to the terminal device. Before the terminal device receives the NAS SMC message sent by the network device, the NAS message transmitted between the terminal device and the network device, such as the initial NAS message, is a message that has not been secured, so these messages are tampered with or snangled by the attacker. Exploring the risks.

现有技术中,为了提高初始NAS消息在通信过程中的安全性,终端设备向网络设备发送的初始NAS消息中只包含用户永久标识(subscriber permanent identifier,SUPI)和终端设备的安全能力,当终端设备接收到NAS SMC消息后,对初始NAS消息中的其它参数进行安全保护后,在发送给网络设备,这种实现方式使得网络设备对于初始NAS消息的处理相对滞后,影响了终端设备的接入效率,而且较为复杂。In the prior art, in order to improve the security of the initial NAS message in the communication process, the initial NAS message sent by the terminal device to the network device only includes the user permanent identifier (SUPI) and the security capability of the terminal device, when the terminal After receiving the NAS SMC message, the device protects the other parameters in the initial NAS message and sends it to the network device. This implementation delays the processing of the initial NAS message by the network device and affects the access of the terminal device. Efficiency, but more complicated.

发明内容Summary of the invention

本申请实施例提供一种消息保护的方法及装置,有助于降低对初始NAS消息进行安全保护的复杂性,以及提高终端设备的接入效率。The embodiment of the present invention provides a message protection method and device, which helps reduce the complexity of security protection for an initial NAS message and improve the access efficiency of the terminal device.

第一方面,本申请实施例的消息保护方法,包括:The first aspect, the message protection method of the embodiment of the present application includes:

终端设备根据对称密钥和第一安全算法,获得被保护的初始NAS消息,并向第一网络设备发送被保护的初始NAS消息;以及向第二网络设备发送密钥相关参数,其中密钥相关参数用于获得对称密钥。The terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm, and sends the protected initial NAS message to the first network device; and sends the key related parameter to the second network device, where the key is related The parameter is used to obtain a symmetric key.

本申请实施例中由于终端设备可以通过对称密钥和第一安全算法对初始NAS消息进行安全保护,在提高初始NAS消息传输安全性的同时,与现有技术方案相比,有助于降低对初始NAS消息进行安全保护的复杂性,而且有助于提高终端设备的接入效率。In the embodiment of the present application, the terminal device can perform security protection on the initial NAS message by using the symmetric key and the first security algorithm, which improves the security of the initial NAS message transmission, and helps reduce the comparison compared with the prior art solution. The complexity of the initial NAS message for security protection, and helps to improve the access efficiency of the terminal device.

在一种可能的设计中,密钥相关参数包括终端设备的公钥,终端设备可以根据下列方式获得对称密钥:In one possible design, the key related parameters include the public key of the terminal device, and the terminal device can obtain the symmetric key according to the following manner:

终端设备根据第二网络设备的公钥和终端设备的私钥,生成对称密钥。The terminal device generates a symmetric key according to the public key of the second network device and the private key of the terminal device.

终端设备根据第二网络设备的公钥和终端设备的私钥,生成对称密钥,在具体实现时,一种可能的设计为:The terminal device generates a symmetric key according to the public key of the second network device and the private key of the terminal device. In a specific implementation, a possible design is:

终端设备根据第二网络设备的公钥和终端设备的私钥,生成中间密钥,然后根据中间密钥和固定字符串,生成对称密钥。可选的,固定字符串可以预先配置在终端设备中。The terminal device generates an intermediate key according to the public key of the second network device and the private key of the terminal device, and then generates a symmetric key according to the intermediate key and the fixed string. Optionally, the fixed string can be pre-configured in the terminal device.

在一种可能的设计中,密钥相关参数包括对称密钥的密文,其中对称密钥的密文是根据第二网络设备的公钥获得的,终端设备可以根据下列方式获得对称密钥:In a possible design, the key-related parameter includes a ciphertext of a symmetric key, wherein the ciphertext of the symmetric key is obtained according to the public key of the second network device, and the terminal device can obtain the symmetric key according to the following manner:

可选的,终端设备根据随机密钥生成算法,生成对称密钥;或者,可选的,终端设备根据随机数、永久密钥和密钥衍生函数(key derivation function,KDF),生成对称密钥。Optionally, the terminal device generates a symmetric key according to a random key generation algorithm; or, optionally, the terminal device generates a symmetric key according to a random number, a permanent key, and a key derivation function (KDF). .

在一种可能的设计中,密钥相关参数包括第一安全算法的密文,其中第一安全算法的密文是根据第二网络设备的公钥获得的。In a possible design, the key related parameter includes the ciphertext of the first security algorithm, wherein the ciphertext of the first security algorithm is obtained according to the public key of the second network device.

通过上述技术方案有助于提高传输第一安全算法的安全性。The above technical solution helps to improve the security of transmitting the first security algorithm.

在一种可能的设计中,第一安全算法是终端设备根据预配置的策略确定的。In one possible design, the first security algorithm is determined by the terminal device according to a pre-configured policy.

在一种可能的设计中,初始NAS消息为注册请求消息。In one possible design, the initial NAS message is a registration request message.

在一种可能的设计中,终端设备在接收到来自第一网络设备的被保护的下行NAS消息后,根据对称密钥和第一安全算法对被保护的下行NAS消息进行解密,获得下行NAS消息,其中下行NAS消息可以为注册接受消息或者NAS SMC消息。In a possible design, after receiving the protected downlink NAS message from the first network device, the terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message. The downlink NAS message may be a registration accept message or a NAS SMC message.

通过上述技术方案有助于提高传输注册接受消息或者NAS SMC消息的安全性。The above technical solution helps to improve the security of transmitting a registration accept message or a NAS SMC message.

在一种可能的设计中,终端设备接收来自第一网络设备的被保护的下行NAS消息,其中下行NAS消息中包括第二安全算法,则终端设备可以根据对称密钥和第一安全算法对被保护的下行NAS消息进行解密,获得下行NAS消息,然后从下行NAS消息中获得第二安全算法,最后若第一网络设备是对下行NAS消息的密文进行的完整性保护,则终端设备根据第二安全算法校验被保护的下行NAS消息的完整性,若第一网络设备是对下行NAS消息进行的完整性保护,则终端设备根据第二安全算法校验下行NAS消息的完整性。其中下行NAS消息为注册接受消息。In a possible design, the terminal device receives the protected downlink NAS message from the first network device, where the downlink NAS message includes a second security algorithm, and the terminal device can be configured according to the symmetric key and the first security algorithm. The protected downlink NAS message is decrypted, the downlink NAS message is obtained, and then the second security algorithm is obtained from the downlink NAS message. Finally, if the first network device performs integrity protection on the ciphertext of the downlink NAS message, the terminal device according to the The second security algorithm verifies the integrity of the protected downlink NAS message. If the first network device performs integrity protection on the downlink NAS message, the terminal device checks the integrity of the downlink NAS message according to the second security algorithm. The downlink NAS message is a registration accept message.

由于上述技术方案中第一网络设备可以通过注册接受消息将第二安全算法发送给终端设备,从而可以不用再向终端设备传输NAS SMC消息,有助于节省信令的开销。其中第二安全算法为第一网络设备选择的安全算法。The first network device in the foregoing solution can send the second security algorithm to the terminal device by using the registration accept message, so that the NAS SMC message can be transmitted to the terminal device, which helps save signaling overhead. The second security algorithm is a security algorithm selected by the first network device.

在一种可能的设计中,终端设备接收来自第一网络设备的被保护的下行NAS消息,并根据对称密钥和第一安全算法,校验下行NAS消息的完整性,其中下行NAS消息可以为下行拒绝消息。In a possible design, the terminal device receives the protected downlink NAS message from the first network device, and verifies the integrity of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message may be Downward rejection message.

通过上述技术方案能够校验下行拒绝消息的完整性,有助于终端设备确定接收到下行拒绝消息是否被伪造、篡改等,降低终端设备进入拒绝服务攻击(Deny of Service,DoS)状态的可能性。The foregoing technical solution can verify the integrity of the downlink reject message, and help the terminal device determine whether the downlink reject message is forged or falsified, and reduce the possibility that the terminal device enters a Deny of Service (DoS) state. .

在一种可能的设计中,第一网络设备为接入与移动管理功能(authentication management function,AMF),第二网络设备为独立数据管理(unified data management,UDM)实体,或者鉴权服务功能(authentication server function,AUSF)实体。In a possible design, the first network device is an access management function (AMF), and the second network device is a unified data management (UDM) entity, or an authentication service function ( Authentication server function, AUSF) entity.

第二方面,本申请实施例的消息保护的方法,包括:The second aspect, the method for message protection in the embodiment of the present application includes:

第二网络设备接收来自终端设备的密钥相关参数,并根据密钥相关参数,获得对称密钥,然后向第一网络设备发送对称密钥,其中密钥相关参数用于获得对称密钥,对称密钥用于对初始NAS消息进行安全保护。The second network device receives the key related parameter from the terminal device, obtains a symmetric key according to the key related parameter, and then sends a symmetric key to the first network device, wherein the key related parameter is used to obtain a symmetric key, and the symmetric The key is used to secure the initial NAS message.

本申请实施例中由于第二网络设备能够将对称密钥发送给第一网络设备,从而使得第一网络设备能够根据对称密钥获得初始NAS消息。In the embodiment of the present application, the second network device can send the symmetric key to the first network device, so that the first network device can obtain the initial NAS message according to the symmetric key.

在一种可能的设计中,密钥相关参数包括终端设备的公钥;第二网络设备根据下列方式获得对称密钥:In one possible design, the key related parameters include the public key of the terminal device; the second network device obtains the symmetric key according to the following manner:

第二网络设备根据终端设备的公钥和第二网络设备的私钥,生成对称密钥。The second network device generates a symmetric key according to the public key of the terminal device and the private key of the second network device.

其中,第二网络设备根据终端设备的公钥和第二网络设备的私钥生成对称密钥,在具 体实现时,一种可能的设计为:The second network device generates a symmetric key according to the public key of the terminal device and the private key of the second network device. In a specific implementation, a possible design is:

第二网络设备根据终端设备的公钥和第二网络设备的私钥,生成中间密钥,然后根据中间密钥和固定字符串,生成对称密钥。可选的,固定字符串可以预先配置在第二网络设备中。The second network device generates an intermediate key according to the public key of the terminal device and the private key of the second network device, and then generates a symmetric key according to the intermediate key and the fixed string. Optionally, the fixed string may be pre-configured in the second network device.

在一种可能的设计中,密钥相关参数包括对称密钥的密文;第二网络设备根据下列方式获得对称密钥:In one possible design, the key related parameters include the ciphertext of the symmetric key; the second network device obtains the symmetric key according to the following manner:

第二网络设备根据第二网络设备的私钥对对称密钥的密文进行解密,获得对称密钥。The second network device decrypts the ciphertext of the symmetric key according to the private key of the second network device to obtain a symmetric key.

在一种可能的设计中,密钥相关参数包括第一安全算法的密文;第二网络设备根据第二网络设备的公钥对第一安全算法的密文进行解密,获得第一安全算法,并向第一网络设备发送第一安全算法。In a possible design, the key related parameter includes the ciphertext of the first security algorithm; the second network device decrypts the ciphertext of the first security algorithm according to the public key of the second network device, to obtain the first security algorithm, And transmitting the first security algorithm to the first network device.

通过上述技术方案有助于提高第一安全算法传输的安全性。The above technical solution helps to improve the security of the first security algorithm transmission.

在一种可能的设计中,第一网络设备为AMF实体;第二网络设备为UDM实体、或者AUSF实体。In one possible design, the first network device is an AMF entity; the second network device is a UDM entity, or an AUSF entity.

第三方面,本申请实施例的消息保护的方法,包括:The third aspect, the method for message protection in the embodiment of the present application includes:

第一网络设备接收来自终端设备的被保护的初始NAS消息;以及接收来自第二网络设备的对称密钥;然后根据对称密钥和第一安全算法,获得初始NAS消息。The first network device receives the protected initial NAS message from the terminal device; and receives the symmetric key from the second network device; and then obtains the initial NAS message according to the symmetric key and the first security algorithm.

本申请实施例中由于通过对称密钥和第一安全算法对初始NAS消息进行了安全保护,因而在提高初始NAS消息传输安全性的同时,与现有技术方案相比,有助于降低对初始NAS消息进行安全保护的复杂性,而且有助于提高终端设备的接入效率。In the embodiment of the present application, since the initial NAS message is securely protected by the symmetric key and the first security algorithm, the security of the initial NAS message transmission is improved, and the initial solution is reduced compared with the prior art solution. The complexity of NAS messages for security protection and helps improve the access efficiency of terminal devices.

在一种可能的设计中,第一网络设备接收来自第二网络设备的第一安全算法。In one possible design, the first network device receives the first security algorithm from the second network device.

通过上述技术方案有助于提高第一安全算法传输的安全性。The above technical solution helps to improve the security of the first security algorithm transmission.

在一种可能的设计中,初始NAS消息为注册请求消息。In one possible design, the initial NAS message is a registration request message.

在一种可能的设计中,第一网络设备根据对称密钥和第一安全算法,获得被保护的下行NAS消息;并向终端设备发送被保护的下行NAS消息。In a possible design, the first network device obtains the protected downlink NAS message according to the symmetric key and the first security algorithm; and sends the protected downlink NAS message to the terminal device.

通过上述技术方案有助于提高传输下行NAS消息的安全性。The above technical solution helps to improve the security of transmitting downlink NAS messages.

在一种可能的设计中,下行NAS消息为注册接受消息或者NAS SMC消息。In one possible design, the downlink NAS message is a registration accept message or a NAS SMC message.

在一种可能的设计中,第一网络设备根据对称密钥和第一安全算法,获得下行NAS消息的密文,其中下行NAS消息为注册接受消息,注册接受消息包括第二安全算法;然后第一网络设备根据第二安全算法,对下行NAS消息的密文进行完整性保护,获得被保护的下行NAS消息,并向终端设备发送被保护的下行NAS消息。由于上述技术方案中第一网络设备可以通过注册接受消息将第二安全算法发送给终端设备,从而可以不用再向终端设备传输NAS SMC消息,有助于节省信令的开销。其中第二安全算法为第一网络设备选择的安全算法。In a possible design, the first network device obtains the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; The network device performs integrity protection on the ciphertext of the downlink NAS message according to the second security algorithm, obtains the protected downlink NAS message, and sends the protected downlink NAS message to the terminal device. The first network device in the foregoing solution can send the second security algorithm to the terminal device by using the registration accept message, so that the NAS SMC message can be transmitted to the terminal device, which helps save signaling overhead. The second security algorithm is a security algorithm selected by the first network device.

在一种可能的设计中,第一网络设备根据第二安全算法,对下行NAS消息进行完整性保护,其中下行NAS消息为注册接受消息,注册接受消息包括第二安全算法;然后第一网络设备根据对称密钥和第一安全算法,获得被保护的下行NAS消息,被保护的下行NAS消息为完整性保护后的下行NAS消息的密文;最后,第一网络设备向终端设备发送被保护的下行NAS消息。由于上述技术方案中第一网络设备可以通过注册接受消息将第二安全算法发送给终端设备,从而可以不用再向终端设备传输NAS SMC消息,有助于节省信令的开销。其中第二安全算法为第一网络设备选择的安全算法。In a possible design, the first network device performs integrity protection on the downlink NAS message according to the second security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; then the first network device Obtaining the protected downlink NAS message according to the symmetric key and the first security algorithm, where the protected downlink NAS message is the ciphertext of the integrity protected downlink NAS message; finally, the first network device sends the protected downlink device to the terminal device Downstream NAS message. The first network device in the foregoing solution can send the second security algorithm to the terminal device by using the registration accept message, so that the NAS SMC message can be transmitted to the terminal device, which helps save signaling overhead. The second security algorithm is a security algorithm selected by the first network device.

在一种可能的设计中,第一网络设备根据对称密钥和第一安全算法,对下行NAS消息进行完整性保护,获得被保护的下行NAS消息,然后,向终端设备发送被保护的下行NAS消息,其中下行NAS消息可以为注册拒绝消息。In a possible design, the first network device performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm, obtains the protected downlink NAS message, and then sends the protected downlink NAS to the terminal device. The message, wherein the downlink NAS message may be a registration reject message.

通过上述技术方案能够对下行拒绝消息进行完整性保护,有助于终端设备确定接收到下行拒绝消息是否被伪造、篡改等,降低终端设备进入DoS状态的可能性。The foregoing technical solution can perform integrity protection on the downlink reject message, and helps the terminal device determine whether the received downlink reject message is forged or falsified, and reduces the possibility that the terminal device enters the DoS state.

在一种可能的设计中,第一网络设备为AMF实体;第二网络设备为UDM实体、或者AUSF实体。In one possible design, the first network device is an AMF entity; the second network device is a UDM entity, or an AUSF entity.

第四方面,本申请实施例的消息保护的装置,该装置可以是终端设备,也可以是终端设备内的芯片。该装置具有实现上述第一方面以及第一方面的各个可能设计的技术方案的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a fourth aspect, the device for protecting a message in the embodiment of the present application may be a terminal device or a chip in the terminal device. The device has the function of implementing the first aspect and the technical solutions of the various possible designs of the first aspect. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

在一种可能的设计中,该装置包括处理单元和通信单元,处理单元例如可以是处理器,通信单元例如可以是收发器,收发器可以包括射频电路。其中处理单元用于根据对称密钥和第一安全算法获得被保护的初始NAS消息,通信单元用于向第一网络设备发送被保护的初始NAS消息,以及向第二网络设备发送密钥相关参数,其中,密钥相关参数用于获得对称密钥。In one possible design, the apparatus includes a processing unit and a communication unit, the processing unit may be, for example, a processor, the communication unit may be, for example, a transceiver, and the transceiver may include a radio frequency circuit. The processing unit is configured to obtain the protected initial NAS message according to the symmetric key and the first security algorithm, the communication unit is configured to send the protected initial NAS message to the first network device, and send the key related parameter to the second network device. Where the key related parameter is used to obtain a symmetric key.

在另一种可能的设计中,该装置包括处理器和存储器,其中存储器用于存储程序,处理器用于调用存储器中存储的程序,以实现第一方面以及第一方面任意一项可能的设计中消息保护的方法。需要说明的是,处理器可以通过输入/输出接口、管脚或电路等发送或者接收数据。存储器可以为芯片内的寄存器、缓存等。此外,存储器还可以是终端设备内的位于芯片外部的存储单元,如只读存储器(read-only memory,ROM)、可存储静态信息和指令的其他类型的静态存储设备、随机存取存储器(random access memory,RAM)等。In another possible design, the apparatus includes a processor and a memory, wherein the memory is for storing a program, and the processor is configured to call a program stored in the memory to implement the first aspect and any of the possible designs of the first aspect The method of message protection. It should be noted that the processor can transmit or receive data through an input/output interface, a pin or a circuit. The memory can be a register, a cache, etc. within the chip. In addition, the memory may also be a memory unit located outside the chip in the terminal device, such as a read-only memory (ROM), other types of static storage devices that can store static information and instructions, and random access memory (random Access memory, RAM), etc.

其中,上述任一处提到的处理器,可以是一个通用的中央处理器(central processing unit,CPU),微处理器,特定应用集成电路(application-specific integrated circuit,ASIC),或一个或多个用于控制执行上述第一方面或者第一方面任意一项可能设计的消息保护的方法的程序的集成电路。The processor mentioned in any of the above may be a general central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more An integrated circuit for controlling a program for performing the method of message protection of any of the above-described first aspect or any of the first aspects.

第五方面,本申请实施例的消息保护的装置,该装置可以是网络设备,也可以是网络设备内的芯片。该装置具有实现上述第二方面以及第二方面的各个可能设计的技术方案的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a fifth aspect, the apparatus for message protection in the embodiment of the present application may be a network device or a chip in the network device. The device has the function of realizing the technical solutions of the above-mentioned second aspect and the respective possible designs of the second aspect. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

在一种可能的设计中,该装置包括处理单元和通信单元,处理单元例如可以是处理器,通信单元例如可以是通信接口,可选的,处理器和通信接口可以通过光纤、双绞线等有线方式连接,通信单元也可以是收发器,收发器可以包括射频电路,可选的,处理器和收发器可以通过无线保真(WIFI,wireless fidelity)等无线方式连接。In a possible design, the device comprises a processing unit and a communication unit, the processing unit may be, for example, a processor, and the communication unit may be, for example, a communication interface, optionally, the processor and the communication interface may be through an optical fiber, a twisted pair, or the like. In a wired manner, the communication unit may also be a transceiver. The transceiver may include a radio frequency circuit. Alternatively, the processor and the transceiver may be connected by wireless means such as wireless fidelity (WIFI).

具体的,通信单元用于接收来自终端设备的密钥相关参数,密钥相关参数用于获得对称密钥,对称密钥用于对初始NAS消息进行安全保护;处理单元用于根据密钥相关参数获得对称密钥,通信单元还用于向第一网络设备发送对称密钥。Specifically, the communication unit is configured to receive a key related parameter from the terminal device, the key related parameter is used to obtain a symmetric key, the symmetric key is used to secure the initial NAS message, and the processing unit is configured to use the key related parameter according to the key A symmetric key is obtained, and the communication unit is further configured to send a symmetric key to the first network device.

在另一种可能的设计中,该装置包括处理器和存储器,其中存储器用于存储程序,处理器用于调用存储器中存储的程序,以实现第二方面以及第二方面任意一项可能的设计中消息保护的方法。需要说明的是,处理器可以通过输入/输出接口、管脚或电路等发送或接 收数据。存储器可以为芯片内的寄存器、缓存等。此外,存储器还可以是网络设备内的位于芯片外部的存储单元,如ROM、可存储静态信息和指令的其他类型的静态存储设备、RAM等。In another possible design, the apparatus includes a processor and a memory, wherein the memory is for storing a program, and the processor is configured to call a program stored in the memory to implement the second aspect and any of the possible designs of the second aspect The method of message protection. It should be noted that the processor can send or receive data through an input/output interface, a pin or a circuit. The memory can be a register, a cache, etc. within the chip. In addition, the memory can also be a memory unit external to the chip within the network device, such as a ROM, other types of static storage devices that can store static information and instructions, RAM, and the like.

其中,上述任一处提到的处理器,可以是一个通用的CPU,微处理器,特定ASIC,或一个或多个用于控制执行上述第二方面或者第二方面任意一项可能设计的消息保护的方法的程序的集成电路。Wherein, the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more messages for controlling the execution of any of the above second aspect or the second aspect. A method of protecting the integrated circuit of the program.

第六方面,本申请实施例的消息保护的装置,该装置可以是网络设备,也可以是网络设备内的芯片。该装置具有实现上述第三方面以及第三方面的各个可能设计的技术方案的功能。该功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a sixth aspect, the apparatus for message protection in the embodiment of the present application may be a network device or a chip in the network device. The device has the function of realizing the technical solutions of the various possible designs of the third aspect and the third aspect described above. This function can be implemented in hardware or in hardware by executing the corresponding software. The hardware or software includes one or more modules corresponding to the functions described above.

在一种可能的设计中,该装置包括处理单元和通信单元,处理单元例如可以是处理器,通信单元例如可以是通信接口,可选的,处理器和通信接口可以通过光纤、双绞线等有线方式连接,通信单元也可以是收发器,收发器可以包括射频电路,可选的,处理器和收发器可以通过WIFI等无线方式连接。In a possible design, the device comprises a processing unit and a communication unit, the processing unit may be, for example, a processor, and the communication unit may be, for example, a communication interface, optionally, the processor and the communication interface may be through an optical fiber, a twisted pair, or the like. In a wired manner, the communication unit may also be a transceiver, and the transceiver may include a radio frequency circuit. Optionally, the processor and the transceiver may be connected by wireless means such as WIFI.

具体的,通信单元用于接收来自终端设备的被保护的初始NAS消息,以及接收来自第二网络设备的对称密钥,处理单元用于根据对称密钥和第一安全算法,获得初始NAS消息。Specifically, the communication unit is configured to receive the protected initial NAS message from the terminal device, and receive a symmetric key from the second network device, where the processing unit is configured to obtain the initial NAS message according to the symmetric key and the first security algorithm.

在另一种可能的设计中,该装置包括处理器和存储器,其中,存储器用于存储程序,处理器用于调用存储器中存储的程序,以实现第三方面以及第三方面任意一项可能的设计中消息的保护方法。需要说明的是,处理器可以通过输入/输出接口、管脚或电路等发送或接收数据。存储器可以为芯片内的寄存器、缓存等。此外,存储器还可以是网络设备内的位于芯片外部的存储单元,如ROM、可存储静态信息和指令的其他类型的静态存储设备、RAM等。In another possible design, the apparatus includes a processor and a memory, wherein the memory is for storing a program, and the processor is configured to call a program stored in the memory to implement the third aspect and any one of the possible designs of the third aspect The protection method of the message. It should be noted that the processor can transmit or receive data through an input/output interface, a pin or a circuit. The memory can be a register, a cache, etc. within the chip. In addition, the memory can also be a memory unit external to the chip within the network device, such as a ROM, other types of static storage devices that can store static information and instructions, RAM, and the like.

其中,上述任一处提到的处理器,可以是一个通用的CPU,微处理器,特定ASIC,或一个或多个用于控制执行上述第三方面或者第三方面任意一项可能设计的消息保护的方法的程序的集成电路。Wherein, the processor mentioned in any of the above may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more messages for controlling the possible design of any of the above third aspect or the third aspect. A method of protecting the integrated circuit of the program.

第七方面,本申请实施例还提供一种计算机可读存储介质,该计算机可读存储介质存储有程序,当该程序在计算机上运行时,使得计算机执行上述各方面所述的方法。In a seventh aspect, the embodiment of the present application further provides a computer readable storage medium storing a program, when the program is run on a computer, causing the computer to execute the method described in the above aspects.

第八方面,本申请还提供一种包含程序的计算机程序产品,当其在计算机上运行时,使得计算机执行上述各方面所述的方法。In an eighth aspect, the present application also provides a computer program product comprising a program, which when executed on a computer, causes the computer to perform the method described in the above aspects.

第九方面,本申请实施例还提供了一种通信系统,包括第四方面或者第四方面任意一种可能的设计的装置、第五方面或者第五方面任意一种可能的设计的装置、以及第六方面或者第六方面任意一种可能的设计的装置。In a ninth aspect, the embodiment of the present application further provides a communication system, including any one of the possible aspects of the fourth aspect or the fourth aspect, the device of any one of the fifth aspect or the fifth aspect, and A device of any of the possible aspects of the sixth or sixth aspect.

另外,第四方面至第九方面中任一种可能设计方式所带来的技术效果可参见第一方面中不同设计方式所带来的技术效果,此处不再赘述。In addition, the technical effects brought by any possible design manners in the fourth aspect to the ninth aspect can be referred to the technical effects brought by different design modes in the first aspect, and details are not described herein again.

附图说明DRAWINGS

图1为本申请实施例适用的一种可能的网络架构示意图;FIG. 1 is a schematic diagram of a possible network architecture applicable to an embodiment of the present application;

图2为本申请实施例适用的另一种可能的网络架构示意图;2 is a schematic diagram of another possible network architecture applicable to an embodiment of the present application;

图3为本申请实施例提供的一种消息保护的方法的流程示意图;FIG. 3 is a schematic flowchart diagram of a method for message protection according to an embodiment of the present disclosure;

图4为本申请实施例提供的另一种消息保护的方法的流程示意图;FIG. 4 is a schematic flowchart diagram of another method for message protection according to an embodiment of the present disclosure;

图5为本申请实施例提供的另一种消息保护的方法的流程示意图;FIG. 5 is a schematic flowchart of another method for message protection according to an embodiment of the present disclosure;

图6为本申请实施例提供的一种消息保护的方法的流程示意图;FIG. 6 is a schematic flowchart of a method for message protection according to an embodiment of the present disclosure;

图7为本申请实施例提供的另一种消息保护的装置示意图;FIG. 7 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure;

图8为本申请实施例提供的另一种消息保护的装置示意图;FIG. 8 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure;

图9为本申请实施例提供的另一种消息保护的装置示意图;FIG. 9 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure;

图10为本申请实施例提供的另一种消息保护的装置示意图;FIG. 10 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure;

图11为本申请实施例提供的另一种消息保护的装置示意图;FIG. 11 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure;

图12为本申请实施例提供的另一种消息保护的装置示意图;FIG. 12 is a schematic diagram of another apparatus for message protection according to an embodiment of the present disclosure;

图13a和图13b分别为本申请实施例提供的通信系统的示意图。13a and 13b are schematic diagrams of a communication system provided by an embodiment of the present application.

具体实施方式Detailed ways

如图1所示,为本申请实施例适用的一种可能的网络架构示意图。该网络架构为第四代移动通信技术(the 4th Generation mobile communication technology,4G)网络架构。该4G架构中的网元包括终端设备、移动管理实体(mobility management entity,MME)、服务GPRS支持节点(serving GPRS support node,SGSN)、归属签约用户服务器(home subscriber server,HSS)、服务网关(serving gateway,S-GW)、分组数据网络网关(packet data network gateway,PDN gateway,P-GW)、策略与计费规则功能(policy and charging rules function,PCRF)实体、演进的通用陆地无线接入网(evolved universal terrestrial radio access network,E-TURAN)等。As shown in FIG. 1 , it is a schematic diagram of a possible network architecture applicable to the embodiments of the present application. The network architecture is the 4th Generation mobile communication technology (4G) network architecture. The network elements in the 4G architecture include a terminal device, a mobility management entity (MME), a serving GPRS support node (SGSN), a home subscriber server (HSS), and a service gateway ( Serving gateway, S-GW), packet data network gateway (PDN gateway, P-GW), policy and charging rules function (PCRF) entity, evolved universal terrestrial radio access Evolved universal terrestrial radio access network (E-TURAN).

E-UTRAN由多个演进的基站(evolved nodeB,eNodeB)组成,eNodeB之间通过X2接口彼此互联,eNodeB与演进分组核心网(evolved packet core,EPC)之间通过S1接口互联,而eNodeB与终端设备通过LTE-Uu互联。The E-UTRAN is composed of a plurality of evolved base stations (eNodeBs), and the eNodeBs are interconnected by an X2 interface. The eNodeB and the evolved packet core (EPC) are interconnected through an S1 interface, and the eNodeB and the terminal are connected. The devices are interconnected via LTE-Uu.

MME的主要功能是支持NAS消息及其安全、跟踪区域(track area,TA)列表的管理、P-GW和S-GW的选择、跨MME切换时MME的选择、在向2G/3G接入系统切换过程中进行SGSN的选择、终端设备的鉴权、漫游控制以及承载管理、第三代合作伙伴计划(3rd generation partnership project,3GPP)不同接入网络的核心网络节点之间的移动性管理。The main functions of the MME are to support NAS messages and their security, management of track area (TA) lists, selection of P-GW and S-GW, selection of MMEs when switching across MMEs, and access to 2G/3G access systems. During the handover process, SGSN selection, terminal device authentication, roaming control, and bearer management, and mobility management between core network nodes of different access networks of the 3rd generation partnership project (3GPP) are performed.

S-GW是终止于E-UTRAN接口的网关,其主要功能包括:进行基站间切换时,作为本地锚定点,并协助完成基站的重排序功能;在3GPP不同接入系统间切换时,作为移动性锚点;执行合法侦听功能;进行数据包的路由和前转;在上行和下行传输层进行分组标记;用于运营商间的计费等。The S-GW is a gateway terminated on the E-UTRAN interface. Its main functions include: acting as a local anchor point when performing inter-base station handover, and assisting in completing the reordering function of the base station; as a mobile when switching between 3GPP different access systems Sexual anchor; perform lawful interception; perform routing and forwarding of data packets; perform packet marking at the upstream and downstream transport layers; and be used for inter-operator billing.

P-GW是面向PDN终结于SGi接口的网关,如果终端设备访问多个PDN,终端设备将对应一个或多个P-GW。P-GW的主要功能包括基于终端设备的包过滤功能、合法侦听功能、终端设备的网络之间互连的协议(internet protocol,IP)地址分配功能、在上行链路中进行数据包传送级标记、进行上下行服务等级计费以及服务水平门限的控制、进行基于业务的上下行速率的控制等。The P-GW is a gateway that terminates the PDN to the SGi interface. If the terminal device accesses multiple PDNs, the terminal device will correspond to one or more P-GWs. The main functions of the P-GW include a packet filtering function based on the terminal device, a lawful interception function, an internet protocol (IP) address allocation function between the networks of the terminal devices, and a packet transmission level in the uplink. Marking, performing uplink and downlink service level charging and service level threshold control, and performing service-based uplink and downlink rate control.

HSS是用于存储终端设备签约信息的数据库,归属网络中可以包含一个或多个HSS。HSS负责保存与终端设备相关的信息,例如终端设备标识、编号和路由信息、安全信息、位置信息、概要(profile)信息等。The HSS is a database for storing terminal device subscription information, and the home network may include one or more HSSs. The HSS is responsible for storing information related to the terminal device, such as terminal device identification, numbering and routing information, security information, location information, profile information, and the like.

SGSN可以用于2G/3G和E-UTRAN 3GPP接入网间移动时,进行信令交互,包括对 P-GW和S-GW的选择,同时为切换到E-UTRAN 3GPP接入网的终端设备进行MME的选择。The SGSN can be used for signaling interaction when the 2G/3G and E-UTRAN 3GPP access networks move, including the selection of the P-GW and the S-GW, and the terminal equipment for switching to the E-UTRAN 3GPP access network. The selection of the MME is performed.

PCRF实体终结于Rx接口和Gx接口,非漫游场景时,在本地公用陆地移动网络(home public land mobile network,HPLMN)中只有一个PCRF跟终端设备的一个IP连通性接入网络(IP-connectivity access network),IP-CAN会话相关;在漫游场景并且业务流是本地疏导时,可能会有两个PCRF跟一个终端设备的IP-CAN会话相关。The PCRF entity terminates on the Rx interface and the Gx interface. In the non-roaming scenario, there is only one PCRF in the local public land mobile network (HPLMN) and an IP connectivity access network of the terminal device (IP-connectivity access). Network), IP-CAN session related; in the roaming scenario and the traffic flow is local grooming, there may be two PCRFs associated with the IP-CAN session of a terminal device.

终端设备,是一种具有无线收发功能的设备,可以部署在陆地上,包括室内或室外、手持或车载;也可以部署在水面上(如轮船等);还可以部署在空中(例如飞机、气球和卫星上等)。具体的,终端设备可以是用户设备(user equipment,UE),手机(mobile phone)、平板电脑(pad)、带无线收发功能的电脑、虚拟现实(virtual reality,VR)终端、增强现实(augmented reality,AR)终端、工业控制(industrial control)中的无线终端、无人驾驶(self driving)中的无线终端、远程医疗(remote medical)中的无线终端、智能电网(smart grid)中的无线终端、运输安全(transportation safety)中的无线终端、智慧城市(smart city)中的无线终端、智慧家庭(smart home)中的无线终端等等。A terminal device is a wireless transceiver function that can be deployed on land, indoors or outdoors, handheld or on-board; it can also be deployed on the water (such as ships); it can also be deployed in the air (such as airplanes, balloons). And satellites, etc.). Specifically, the terminal device may be a user equipment (UE), a mobile phone, a tablet, a computer with wireless transceiver function, a virtual reality (VR) terminal, and augmented reality. , AR) terminal, wireless terminal in industrial control, wireless terminal in self driving, wireless terminal in remote medical, wireless terminal in smart grid, A wireless terminal in a transportation safety, a wireless terminal in a smart city, a wireless terminal in a smart home, and the like.

如图2所示,为本申请实施例适用的另一种可能的网络架构示意图。该网络架构为第五代移动通信技术(the 5th Generation mobile communication technology,5G)网络架构。该5G架构可以包括终端设备、无线接入网(radio access network,RAN)、AMF实体、会话管理功能(session management function,SMF)实体、用户面功能(user plane function,UPF)实体、UDM实体、鉴权服务功能(authentication server function,AUSF)实体、数据网络(data network,DN)。此外,5G网络架构除了包括如图2所示的网元之外,还可能包括认证凭证存储和处理功能(Authentication Credential Repository and Processing Function,ARPF)实体、安全锚点功能(security anchor function,SEAF)实体、签约身份解析功能(subscription identifier de-concealing function,SIDF)实体等。FIG. 2 is a schematic diagram of another possible network architecture applicable to the embodiments of the present application. The network architecture is the 5th Generation mobile communication technology (5G) network architecture. The 5G architecture may include a terminal device, a radio access network (RAN), an AMF entity, a session management function (SMF) entity, a user plane function (UPF) entity, a UDM entity, Authentication server function (AUSF) entity, data network (DN). In addition, the 5G network architecture may include an authentication credential Repository and Processing Function (ARPF) entity and a security anchor function (SEAF) in addition to the network element as shown in FIG. Entity, subscription identifier de-concealing function (SIDF) entity, etc.

RAN的主要功能是控制终端设备通过无线接入到移动通信网络。RAN是移动通信系统的一部分。它实现了一种无线接入技术。从概念上讲,它驻留某个设备之间(如移动电话、一台计算机,或任何远程控制机),并提供与其核心网的连接。RAN设备包括但不限于:5G中的(g nodeB,gNB)、演进型节点B(evolved node B,eNB)、无线网络控制器(radio network controller,RNC)、节点B(node B,NB)、基站控制器(base station controller,BSC)、基站收发台(base transceiver station,BTS)、家庭基站(例如,home evolved nodeB,或home node B,HNB)、基带单元(base band unit,BBU)、传输点(transmitting and receiving point,TRP)、发射点(transmitting point,TP)、移动交换中心等,此外,还可以包括无线保真(wireless fidelity,wifi)接入点(access point,AP)等。The main function of the RAN is to control the terminal device to access the mobile communication network through wireless. The RAN is part of a mobile communication system. It implements a wireless access technology. Conceptually, it resides between devices (such as mobile phones, a computer, or any remote controller) and provides connectivity to its core network. The RAN device includes, but is not limited to, (g nodeB, gNB), evolved node B (eNB), radio network controller (RNC), node B (node B, NB) in 5G, Base station controller (BSC), base transceiver station (BTS), home base station (for example, home evolved node B, or home node B, HNB), baseband unit (BBU), transmission A transmitting and receiving point (TRP), a transmitting point (TP), a mobile switching center, and the like may further include a wireless fidelity (wifi) access point (AP) and the like.

AMF实体负责终端设备的接入管理和移动性管理,在实际应用中,其包括了4G网络框架中MME的移动性管理功能,并加入了接入管理功能。The AMF entity is responsible for access management and mobility management of the terminal device. In practical applications, it includes the mobility management function of the MME in the 4G network framework and adds the access management function.

SMF实体负责会话管理,如用户的会话建立等。The SMF entity is responsible for session management, such as user session establishment.

UPF实体是用户面的功能网元,主要负责连接外部网络,其包括了4G网络架构中SGW和P-GW的相关功能。The UPF entity is a functional network element of the user plane, and is mainly responsible for connecting to an external network, which includes related functions of the SGW and the P-GW in the 4G network architecture.

DN负责为终端设备提供服务的网络,如一些DN为终端设备提供上网功能,另一些DN为终端设备提供短信功能等等。The DN is responsible for providing services for the terminal devices. For example, some DNs provide Internet access for terminal devices, and other DNs provide SMS functions for terminal devices.

AUSF实体具有鉴权服务功能,用于终结SEAF请求的认证功能。The AUSF entity has an authentication service function for terminating the authentication function of the SEAF request.

UDM实体可存储终端设备的签约信息,实现类似于4G中的HSS的后端。The UDM entity can store subscription information of the terminal device and implement a backend similar to the HSS in 4G.

ARPF实体具有认证凭证存储和处理功能,用于存储UE的长期认证凭证,如永久密钥K等。在5G中,ARPF的功能可以合并到UDM实体中。The ARPF entity has an authentication credential storage and processing function for storing a long-term authentication credential of the UE, such as a permanent key K. In 5G, the functionality of ARPF can be incorporated into UDM entities.

SEAF实体用于完成对终端设备的认证过程,在5G中,SEAF的功能可以合并到AMF实体中。The SEAF entity is used to complete the authentication process for the terminal device. In 5G, the function of the SEAF can be incorporated into the AMF entity.

SIDF实体可以解析签约用户的身份信息,例如,根据签约隐藏身份(subscription concealed identifier,SUCI)获得签约永久身份(subscription permanent identifier,SUPI)。The SIDF entity can resolve the identity information of the subscriber, for example, obtaining a subscription permanent identifier (SUPI) according to a subscription concealed identifier (SUCI).

终端设备,可以参见图1所示网络架构中的终端设备。For the terminal device, refer to the terminal device in the network architecture shown in FIG. 1.

本申请实施例既适用于图1所示的4G网络架构,也适用于图2所示的5G网络架构。The embodiment of the present application is applicable to the 4G network architecture shown in FIG. 1 and to the 5G network architecture shown in FIG. 2 .

在本申请实施例中,第一网络设备可以为用于管理终端设备的移动性移动管理功能实体,也可以为移动管理功能实体或移动管理功能实体内的芯片,例如,4G中的MME,5G中的AMF实体、或者SEAF实体;第二网络设备可以为用于存储网络设备的私钥,或解密根据网络设备的公钥加密的消息的存储功能实体,或存储功能实体内的芯片,例如,4G中的HSS,5G中的APRF实体、或者AUSF实体、或者SIDF实体、或者UDM实体。为方便说明,本申请各实施例以第一网络设备为移动管理功能实体,第二网络设备为存储功能实体为例进行说明,不予限制。In the embodiment of the present application, the first network device may be a mobility mobility management function entity for managing the terminal device, or may be a chip in the mobility management function entity or the mobility management function entity, for example, the MME in the 4G, 5G. The AMF entity or the SEAF entity; the second network device may be a private key for storing the network device, or a storage function entity for decrypting a message encrypted according to the public key of the network device, or a chip within the functional entity, for example, HSS in 4G, APRF entity in 5G, or AUSF entity, or SIDF entity, or UDM entity. For convenience of description, the embodiments of the present application are described by using the first network device as the mobility management function entity and the second network device as the storage function entity as an example, which is not limited.

需要说明的是,采用本申请各实施例提供的方法不但可以保护完整的初始NAS消息,还可以保护初始NAS消息的部分字段。为方便说明,本申请各实施例以完整的初始NAS消息为例进行说明,当保护初始NAS消息的部分字段时,初始NAS消息的密文,初始NAS消息的MAC,初始NAS消息的密文的MAC可以分别替换为初始NAS消息部分字段的密文,初始NAS消息部分字段的MAC,初始NAS消息部分字段的密文的MAC,不予限制。It should be noted that the method provided by the embodiments of the present application can protect not only the complete initial NAS message but also some fields of the initial NAS message. For convenience of description, embodiments of the present application are described by taking a complete initial NAS message as an example. When protecting a part of the field of the initial NAS message, the ciphertext of the initial NAS message, the MAC of the initial NAS message, and the ciphertext of the initial NAS message. The MAC may be replaced with the ciphertext of the initial NAS message part field, the MAC of the initial NAS message part field, and the MAC of the ciphertext of the initial NAS message part field, which are not limited.

下面结合附图对本申请实施例的消息保护的方法进行详细说明。The method for message protection in the embodiment of the present application is described in detail below with reference to the accompanying drawings.

如图3所示,为本申请实施例提供的一种消息保护的方法的流程示意图,包括以下步骤:As shown in FIG. 3, a schematic flowchart of a method for message protection provided by an embodiment of the present application includes the following steps:

步骤301、终端设备根据对称密钥和第一安全算法,获得被保护的初始NAS消息。Step 301: The terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm.

其中,初始NAS消息可以是终端设备接入到移动管理功能实体的过程中,发送给移动管理功能实体的第一条NAS消息。示例的,初始NAS消息可以是注册请求(registration request,RR)消息、附着请求(attach request)消息、或跟踪区(tracking area update,TAU)更新请求(TAU request)消息等。The initial NAS message may be the first NAS message sent to the mobility management function entity during the process in which the terminal device accesses the mobility management function entity. For example, the initial NAS message may be a registration request (RR) message, an attach request message, or a tracking area update (TAU) update request (TAU request) message.

其中,对称密钥可以为加密密钥或者完整性保护密钥,也可以包括加密密钥和完整性保护密钥。The symmetric key may be an encryption key or an integrity protection key, and may also include an encryption key and an integrity protection key.

示例性地,对称密钥为加密密钥,第一安全算法为加密算法;或者,对称密钥为完整性保护密钥,第一安全算法为完整性保护算法;或者,对称密钥包括加密密钥和完整性保护密钥,第一安全算法包括加密算法和完整性保护算法。Exemplarily, the symmetric key is an encryption key, and the first security algorithm is an encryption algorithm; or the symmetric key is an integrity protection key, the first security algorithm is an integrity protection algorithm; or the symmetric key includes an encryption key. The key and integrity protection keys, the first security algorithm includes an encryption algorithm and an integrity protection algorithm.

其中,本申请中涉及到的加密用于在发送方向目标接收方发送的消息内容被不知道加密密钥等相关参数的第三方获取后,无法获知该消息要表达的真正内容,本申请中涉及到的完整性保护用于确保目标接收方接收到的消息内容没有被第三方篡改,与发送方发给目标接收方的消息保持一致。The encryption involved in the present application is used to obtain the true content of the message to be expressed by the third party after the message content sent by the target receiver is not known by the third party. The integrity protection is used to ensure that the content of the message received by the target recipient has not been tampered with by the third party, consistent with the message sent by the sender to the intended recipient.

需要说明的是,当对称密钥为加密密钥、第一安全算法为加密算法时,被保护的初始NAS消息可以为初始NAS消息的密文;当对称密钥为完整性保护密钥,第一安全算法为 完整性保护算法时,被保护的初始NAS消息可以为初始NAS消息和初始NAS消息的消息鉴别码(message authentication code,MAC);当对称密钥包括加密密钥和完整性保护密钥时,被保护的初始NAS消息可以为初始NAS消息的密文和MAC,其中MAC可以为初始NAS消息的密文的MAC,或者MAC为初始NAS消息的MAC,此外,当对称密钥包括加密密钥和完整性保护密钥时,被保护的初始NAS消息还可以为完整性保护后的初始NAS消息的密文,其中完整性保护后的初始NAS消息的密文中加密的内容包括初始NAS消息和初始NAS消息的MAC,具体的被保护的初始NAS消息中的MAC为初始NAS消息的密文的MAC还是初始NAS消息的MAC与终端设备是对初始NAS消息进行完整性保护还是对初始NAS消息的密文进行完整性保护有关,以及在对初始NAS消息先进行完整性保护在进行加密的情况下是否对MAC加密,在具体实现时是由终端设备的内部实现方式决定的。It should be noted that when the symmetric key is an encryption key and the first security algorithm is an encryption algorithm, the protected initial NAS message may be the ciphertext of the initial NAS message; when the symmetric key is the integrity protection key, the first When a security algorithm is an integrity protection algorithm, the protected initial NAS message may be a message authentication code (MAC) of the initial NAS message and the initial NAS message; when the symmetric key includes an encryption key and an integrity protection secret At the time of the key, the protected initial NAS message may be the ciphertext and MAC of the initial NAS message, where the MAC may be the MAC of the ciphertext of the initial NAS message, or the MAC is the MAC of the initial NAS message, and further, when the symmetric key includes encryption When the key and the integrity protection key are used, the protected initial NAS message may also be the ciphertext of the integrity-protected initial NAS message, where the encrypted content in the ciphertext of the integrity-protected initial NAS message includes the initial NAS message. And the MAC of the initial NAS message, the MAC in the specific protected initial NAS message is the MAC of the ciphertext of the initial NAS message or the MAC of the initial NAS message and the terminal device is the beginning The integrity protection of the NAS message is related to the integrity protection of the ciphertext of the initial NAS message, and whether the MAC is encrypted in the case of performing integrity protection on the initial NAS message, and is implemented by the terminal device in specific implementation. The internal implementation is determined.

具体实现时,对称密钥可以预先配置在终端设备上,也可以由终端设备生成对称密钥。本申请中提供了三种终端设备生成对称密钥的方式,可以应用于在终端设备上预先配置对称密钥的生成算法的情况下,也可以应用在对称密钥预先配置在终端设备的情况下。In a specific implementation, the symmetric key may be pre-configured on the terminal device, or the symmetric key may be generated by the terminal device. The method for generating a symmetric key is provided in the application, and may be applied to a case where a symmetric key generation algorithm is pre-configured on the terminal device, and may also be applied when the symmetric key is pre-configured in the terminal device. .

终端设备生成对称密钥的方式一为:The first way for the terminal device to generate a symmetric key is as follows:

终端设备根据存储功能实体的公钥和终端设备的私钥,生成对称密钥。需要说明的是,终端设备可以根据预先配置的非对称参数生成终端设备的公钥和私钥,可选的,生成终端设备的公钥和私钥的算法可以为椭圆曲线完整加密方法(elliptic curve integrated encryption scheme,ECIES)。The terminal device generates a symmetric key according to the public key of the storage function entity and the private key of the terminal device. It should be noted that the terminal device can generate the public key and the private key of the terminal device according to the pre-configured asymmetric parameters. Optionally, the algorithm for generating the public key and the private key of the terminal device can be an elliptic curve complete encryption method (elliptic curve). Integrated encryption scheme, ECIES).

下面对终端设备生成对称密钥的方式一进行举例说明。The following describes the manner in which the terminal device generates a symmetric key.

示例一:终端设备根据存储功能实体的公钥和终端设备的私钥,直接生成对称密钥。可选的,生成对称密钥的算法可以为预先配置在终端设备的密钥协商函数(key agreement function,KAF)。可选的,示例一中生成的对称密钥可以为加密密钥或者完整性保护密钥,可应用于对称密钥为加密密钥,或者完整性保护密钥的情况下;或者,可选的,示例一中生成的对称密钥既可以作为加密密钥,又可以作为完整性保护密钥,可以应用于在对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥相同的情况下;或者,可选的,终端设备可以针对不同的私钥,分别按照根据存储功能实体的公钥和终端设备的私钥,直接生成对称密钥1和对称密钥2,其中终端设备可以将对称密钥1作为加密密钥,可以将对称密钥2作为完整性保护密钥,其中终端设备包括两个或者两个以上的私钥,可以应用于在对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥不同的情况下。Example 1: The terminal device directly generates a symmetric key according to the public key of the storage function entity and the private key of the terminal device. Optionally, the algorithm for generating a symmetric key may be a key agreement function (KAF) pre-configured on the terminal device. Optionally, the symmetric key generated in the first example may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or, optional The symmetric key generated in Example 1 can be used both as an encryption key and as an integrity protection key. It can be applied to symmetric keys including encryption keys and integrity protection keys, and encryption keys and integrity. If the protection key is the same, or alternatively, the terminal device may directly generate the symmetric key 1 and the symmetric key 2 according to the public key of the storage function entity and the private key of the terminal device for different private keys. The terminal device may use the symmetric key 1 as an encryption key, and the symmetric key 2 may be used as an integrity protection key. The terminal device includes two or more private keys, which may be applied to the symmetric key. The encryption key and the integrity protection key, and the encryption key and the integrity protection key are different.

示例二:终端设备根据存储功能实体的公钥和终端设备的私钥,生成中间密钥,然后根据中间密钥和固定字符串,生成对称密钥。其中,固定字符串可以预先配置在终端设备和网络侧(如存储功能实体),或者预先配置在终端设备或者网络侧。具体的,终端设备和网络侧可以预先配置一个或者多个固定字符串,在预先配置多个固定字符串的情况下,终端设备可以根据预先设定的算法或规则选择至少一个固定字符串,例如随机选择至少一个固定字符串、或者按照某种优先级顺序选择一个或多个固定字符串。具体的,固定字符串可以是“NAS”,“INITIAL”,“INITIAL NAS”,“SUPI”,“INITIAL ENC”,“INITIAL NAS ENC”,“INITIAL INT”,“INITIAL NAS INT”等,此外需要说明的是,示例二中生成中间密钥的方式与示例一种生成对称密钥的方式类似,例如,生成中间密钥的算法可以为预先 配置在终端设备的KAF。Example 2: The terminal device generates an intermediate key according to the public key of the storage function entity and the private key of the terminal device, and then generates a symmetric key according to the intermediate key and the fixed string. The fixed character string may be pre-configured on the terminal device and the network side (such as a storage function entity), or pre-configured on the terminal device or the network side. Specifically, the terminal device and the network side may pre-configure one or more fixed character strings. In a case where multiple fixed character strings are pre-configured, the terminal device may select at least one fixed character string according to a preset algorithm or rule, for example, Select at least one fixed string randomly, or select one or more fixed strings in a certain priority order. Specifically, the fixed string can be "NAS", "INITIAL", "INITIAL NAS", "SUPI", "INITIAL ENC", "INITIAL NAS ENC", "INITIAL INT", "INITIAL NAS INT", etc. It is noted that the method for generating the intermediate key in the second example is similar to the method for generating the symmetric key. For example, the algorithm for generating the intermediate key may be a KAF pre-configured at the terminal device.

例如,可选的,示例二中生成的对称密钥可以为加密密钥或者完整性保护密钥,可以应用于对称密钥为加密密钥、或者完整性保护密钥的情况下;或者,可选的,示例二中生成的对称密钥即可以作为加密密钥,又可以作为完整性保护密钥,可以应用于对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥相同的情况下;或者,可选的,终端设备可以针对不同的私钥,分别根据存储功能实体的公钥和终端设备的私钥,直接生成对称密钥1和对称密钥2,然后根据中间密钥1和固定字符串生成对称密钥1、根据中间密钥2和固定字符串生成对称密钥2,直接将对称密钥1作为加密密钥,对称密钥2作为完整性保护密钥,其中终端设备存在两个或者两个以上私钥,可以应用于对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥不同的情况下;或者,可选的,终端设备根据存储功能实体的公钥和终端设备的私钥,生成一个中间密钥,然后为了获得加密密钥和完整性保护密钥,终端设备可以选择两个不同的固定字符串,如固定字符串1和固定字符串2,具体的,固定字符串1可以是“ENC”、“KEY ENC”、“INIITIAL ENC”等,固定字符串2可以是“INT”、“KEY INT”、“INIITIAL INT”等,并根据固定字符串1和中间密钥,生成对称密钥1,以及根据固定字符串2和中间密钥,生成对称密钥2,将对称密钥1作为加密密钥,对称密钥2作为完整性保护密钥,其中终端设备可以存在一个或者一个以上的私钥,可以应用于对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥不同的情况下。For example, the symmetric key generated in the second example may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or Alternatively, the symmetric key generated in the second example can be used as an encryption key or as an integrity protection key, and can be applied to a symmetric key including an encryption key and an integrity protection key, and an encryption key and integrity. If the protection key is the same, or alternatively, the terminal device may separately generate the symmetric key 1 and the symmetric key according to the public key of the storage function entity and the private key of the terminal device for different private keys. And then generate a symmetric key according to the intermediate key 1 and the fixed string 1. Generate a symmetric key 2 according to the intermediate key 2 and the fixed string, and directly use the symmetric key 1 as the encryption key and the symmetric key 2 as the integrity. Protection key, where the terminal device has two or more private keys, which can be applied to the symmetric key including the encryption key and the integrity protection key, and the encryption key and the integrity protection key. In the same case; or alternatively, the terminal device generates an intermediate key according to the public key of the storage function entity and the private key of the terminal device, and then the terminal device can select the encryption key and the integrity protection key. Two different fixed strings, such as fixed string 1 and fixed string 2. Specifically, fixed string 1 can be "ENC", "KEY ENC", "INIITIAL ENC", etc., fixed string 2 can be " INT", "KEY INT", "INIITIAL INT", etc., and generate a symmetric key 1 based on the fixed string 1 and the intermediate key, and generate a symmetric key 2 based on the fixed string 2 and the intermediate key, which will be symmetric Key 1 is used as the encryption key, and symmetric key 2 is used as the integrity protection key. The terminal device may have one or more private keys, which may be applied to the symmetric key including the encryption key and the integrity protection key, and The encryption key and the integrity protection key are different.

需要说明的是,在示例二中,一种可选的方式为:终端设备直接将终端设备的公钥发送给存储功能实体,在这种情况下,存储功能实体根据终端设备的公钥和存储功能实体的私钥生成中间密钥,然后根据中间密钥和对称字符串生成对称密钥;另一种可选的方式为:终端设备将生成的中间密钥发送给存储功能实体,由存储功能实体根据中间密钥和固定字符串直接生成对称密钥即可,减少了存储功能实体生成对称密钥的步骤,有助于提高通信效率。还有一种可选的方式为:终端设备根据存储功能实体的公钥对对称密钥进行加密,然后将对称密钥的密文发送给存储功能实体,在这种情况下,存储功能实体只需通过存储功能实体的私钥,对对称密钥的密文解密,来获得对称密钥。具体终端设备向存储功能实体发送的参数是由终端设备中预先配置的算法或策略决定的。It should be noted that, in the second example, an optional manner is: the terminal device directly sends the public key of the terminal device to the storage function entity, in which case the storage function entity is based on the public key and storage of the terminal device. The private key of the functional entity generates an intermediate key, and then generates a symmetric key according to the intermediate key and the symmetric string; another optional manner is: the terminal device sends the generated intermediate key to the storage function entity, and the storage function The entity can directly generate a symmetric key according to the intermediate key and the fixed string, which reduces the step of the storage function entity to generate a symmetric key, and helps improve communication efficiency. An optional method is: the terminal device encrypts the symmetric key according to the public key of the storage function entity, and then sends the ciphertext of the symmetric key to the storage function entity. In this case, the storage function entity only needs to A symmetric key is obtained by decrypting the ciphertext of the symmetric key by storing the private key of the functional entity. The parameters sent by the specific terminal device to the storage function entity are determined by a pre-configured algorithm or policy in the terminal device.

示例三:终端设备根据存储功能实体的公钥和终端设备的私钥,生成临时密钥1,然后根据临时密钥1,基于预先配置的KDF作进一步的密钥衍生,生成临时密钥2。可选的,终端设备直接将临时密钥2作为对称密钥;或者,终端设备根据预先配置的截断(truncted)函数将临时密钥1或临时密钥2的长度截断为满足预先配置的长度,获得对称密钥。Example 3: The terminal device generates a temporary key 1 according to the public key of the storage function entity and the private key of the terminal device, and then generates a temporary key 2 based on the temporary key 1 and further key derivation based on the pre-configured KDF. Optionally, the terminal device directly uses the temporary key 2 as a symmetric key; or, the terminal device cuts the length of the temporary key 1 or the temporary key 2 to a pre-configured length according to a pre-configured truncted function. Get a symmetric key.

例如,可选的,示例三中生成的对称密钥可以为加密密钥或者完整性保护密钥,可以应用于对称密钥为加密密钥、或者完整性保护密钥的情况下;或者,可选的,终端设备根据示例三中生成的对称密钥和固定字符串生成加密密钥或者完整性保护密钥,具体的,固定字符串可以是“NAS”,“INITIAL”,“INITIAL NAS”等;或者,可选的,示例三中生成的对称密钥即可以作为加密密钥,又可以作为完整性保护密钥,可以应用于对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥相同的情况下;或者,可选的,终端设备可以使用私钥1和私钥2分别按照示例三中的方式生成对称密钥1和对称密钥2,然后直接将对称密钥1作为加密密钥,对称密钥2作为完整性保护密钥,其中,终端设备存在两个或者两个以上私钥,可以应用于对称密钥包括加密密钥和完整性保护密钥、且加 密密钥和完整性保护密钥不同的情况下;或者,可选的,终端设备根据存储功能实体的公钥和终端设备的私钥,生成一个临时密钥1,然后为了获得加密密钥和完整性保护密钥,终端设备可以选择两个不同的固定字符串,如固定字符串1和固定字符串2,具体的,固定字符串1可以是“ENC”,“KEY ENC”,“INIITIAL ENC”等,固定字符串2可以是“INT”,“KEY INT”,“INIITIAL INT”等,并根据固定字符串1和临时密钥1,基于预先设置的KDF作进一步的密钥衍生,生成对称密钥1,以及根据固定字符串2和中间密钥,基于预先设置的KDF作进一步的密钥衍生,生成对称密钥2,将对称密钥1作为加密密钥,对称密钥2作为完整性保护密钥,其中,终端设备存在一个或者一个以上私钥,可以应用于对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥不同的情况下。For example, the symmetric key generated in the third example may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or Optionally, the terminal device generates an encryption key or an integrity protection key according to the symmetric key and the fixed string generated in the third example. Specifically, the fixed string may be “NAS”, “INITIAL”, “INITIAL NAS”, etc. Or, optionally, the symmetric key generated in Example 3 can be used as an encryption key or as an integrity protection key, and can be applied to a symmetric key including an encryption key and an integrity protection key, and encrypted. If the key and the integrity protection key are the same; or, optionally, the terminal device can use the private key 1 and the private key 2 to generate the symmetric key 1 and the symmetric key 2 respectively according to the method in the third example, and then directly The symmetric key 1 is used as the encryption key, and the symmetric key 2 is used as the integrity protection key. The terminal device has two or more private keys, which can be applied to the symmetric key including the encryption key. If the key and the integrity protection key are different, and the encryption key and the integrity protection key are different; or alternatively, the terminal device generates a temporary key according to the public key of the storage function entity and the private key of the terminal device. 1, in order to obtain the encryption key and integrity protection key, the terminal device can select two different fixed string, such as fixed string 1 and fixed string 2, specifically, fixed string 1 can be "ENC" , "KEY ENC", "INIITIAL ENC", etc., fixed string 2 can be "INT", "KEY INT", "INIITIAL INT", etc., and based on fixed string 1 and temporary key 1, based on pre-set KDF For further key derivation, a symmetric key 1 is generated, and according to the fixed character string 2 and the intermediate key, based on the preset KDF for further key derivation, a symmetric key 2 is generated, and the symmetric key 1 is used as the encryption key. The key, the symmetric key 2 is used as an integrity protection key, wherein the terminal device has one or more private keys, which can be applied to the symmetric key including the encryption key and the integrity protection key, and is encrypted. The key and integrity protection keys are different.

终端设备生成对称密钥的方式二为:The second way for the terminal device to generate a symmetric key is as follows:

终端设备根据随机密钥生成算法,生成对称密钥。可选的,随机密钥生成算法预先配置在终端设备上。具体的,终端设备根据预先配置的随机密钥生成算法,生成满足随机密钥生成算法要求长度的密钥,将该密钥作为对称密钥。The terminal device generates a symmetric key according to a random key generation algorithm. Optionally, the random key generation algorithm is pre-configured on the terminal device. Specifically, the terminal device generates a key that satisfies the required length of the random key generation algorithm according to a pre-configured random key generation algorithm, and uses the key as a symmetric key.

例如,可选的,方式二中生成的对称密钥可以为加密密钥或者完整性保护密钥,可以应用于对称密钥为加密密钥或者完整性保护密钥的情况下;或者,可选的,方式二中生成的对称密钥既可以作为加密密钥,又可以作为完整性保护密钥,可以应用于对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥相同的情况下;或者,可选的,终端设备根据预先配置的随机密钥生成算法生成的对称密钥可以包括对称密钥1和对称密钥2,其中终端设备可以将对称密钥1作为加密密钥、对称密钥2作为完整性保护密钥,可以应用于对称密钥包括加密密钥和完整性保护密钥的情况下;或者,可选的,终端设备可以根据预先配置的随机密钥生成算法,生成一个临时密钥4,然后根据临时密钥4和预先配置的第一固定字符串,基于KDF生成加密密钥,根据临时密钥4和预先配置的第二固定字符串,基于KDF生成完整性保护密钥,可以应用于对称密钥包括加密密钥和完整性保护密钥的情况下。For example, the symmetric key generated in the second mode may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or, optional The symmetric key generated in the second method can be used as both an encryption key and an integrity protection key, and can be applied to a symmetric key including an encryption key and an integrity protection key, and an encryption key and integrity. If the protection key is the same, or alternatively, the symmetric key generated by the terminal device according to the pre-configured random key generation algorithm may include a symmetric key 1 and a symmetric key 2, wherein the terminal device may use the symmetric key 1 as an encryption key and symmetric key 2 as an integrity protection key, which can be applied to a case where a symmetric key includes an encryption key and an integrity protection key; or, alternatively, the terminal device can be pre-configured according to a random key generation algorithm, generating a temporary key 4, and then generating an encryption key based on the KDF based on the temporary key 4 and the pre-configured first fixed string, according to the temporary 4 and the second fixed key pre-configured string, generate an integrity protection key based KDF, may be applied to the symmetric key comprises an encryption key and an integrity protection key case.

终端设备生成对称密钥的方式三为:The third way for the terminal device to generate a symmetric key is:

终端设备根据随机数、永久密钥和KDF,生成对称密钥,可选的,永久密钥、KDF是预先配置在终端设备中的,随机数是终端设备随机生成的。The terminal device generates a symmetric key according to the random number, the permanent key, and the KDF. Optionally, the permanent key and the KDF are pre-configured in the terminal device, and the random number is randomly generated by the terminal device.

例如,可选的,方式三中生成的对称密钥可以为加密密钥或者完整性保护密钥,可以应用于对称密钥为加密密钥或者完整性保护密钥的情况下;或者,可选的,方式三中生成的对称密钥既可以作为加密密钥,又可以作为完整性保护密钥,可以应用于对称密钥包括加密密钥和完整性保护密钥、且加密密钥和完整性保护密钥相同的情况下;或者,可选的,终端设备可以分别根据不同的随机数,基于相同的方式来分别生成加密密钥和完整性保护密钥,可以应用于对称密钥包括加密密钥和完整性保护密钥的情况下;或者,可选的,终端设备可以根据永久密钥,随机数和预先配置的第一固定字符串,基于KDF生成加密密钥,以及根据永久密钥,随机数和预先配置的第二固定字符串,基于KDF生成完整性保护密钥,可以应用于对称密钥包括加密密钥和完整性保护密钥的情况下。For example, the symmetric key generated in the third mode may be an encryption key or an integrity protection key, and may be applied when the symmetric key is an encryption key or an integrity protection key; or, optional The symmetric key generated in the third method can be used as both an encryption key and an integrity protection key, and can be applied to a symmetric key including an encryption key and an integrity protection key, and an encryption key and integrity. If the protection key is the same, or alternatively, the terminal device may respectively generate an encryption key and an integrity protection key according to different random numbers according to different random numbers, and may be applied to the symmetric key including the encryption key. In the case of a key and integrity protection key; or, optionally, the terminal device may generate an encryption key based on the KDF based on the permanent key, the random number and the pre-configured first fixed string, and according to the permanent key, Random number and pre-configured second fixed string, based on KDF to generate integrity protection key, can be applied to symmetric key including encryption key and integrity protection secret in the case of.

此外,本申请实施例中第一安全算法可以预先配置在终端设备中,由终端设备根据预配置的策略确定,其中,可选的预配置的策略为网络侧设备发送给终端设备的,其中网络侧设备可以为本申请实施例中终端设备需要接入的移动管理功能实体,也可以为网络中的终端设备曾经接入过的其它移动管理功能实体,例如当终端设备首次接入该移动管理实体 时,预配置的策略可以为网络中终端设备曾经接入过的其它移动管理功能实体发送的。另外,预配置的策略也可以为人为配置在终端设备中的。示例的一种可选的预配置的策略方式为:若终端设备首次接入该移动管理功能实体,则第一安全算法可以为预配置在终端设备的安全算法,可选的,若终端设备预配置了多个安全算法时,则第一安全算法可以为预配置的多个安全算法中的一个安全算法,具体的终端设备如何从预配置的多个安全算法选择第一安全算法的方式是由终端设备的内部实现方式决定的。若终端设备是第N次接入该移动管理功能实体,其中N为大于等于2的整数,则第一安全算法可以为终端设备在第(N-1)次接入该移动管理实体时所使用的安全算法。可选的,预配置的策略还可以为出厂时预先配置在终端设备中的,例如预配置的策略可以为选择安全算法中优先级最高的安全算法。In addition, the first security algorithm in the embodiment of the present application may be pre-configured in the terminal device, and the terminal device determines the policy according to the pre-configured policy, where the optional pre-configured policy is sent by the network side device to the terminal device, where the network The side device may be a mobility management function entity that the terminal device needs to access in the embodiment of the present application, or may be another mobility management function entity that the terminal device in the network has accessed, for example, when the terminal device accesses the mobility management entity for the first time. The pre-configured policy can be sent to other mobility management function entities that the terminal device in the network has accessed. In addition, the pre-configured policy can also be manually configured in the terminal device. An optional pre-configured policy mode is as follows: if the terminal device accesses the mobility management function entity for the first time, the first security algorithm may be a security algorithm pre-configured in the terminal device, optionally, if the terminal device is pre-configured When multiple security algorithms are configured, the first security algorithm may be one of a plurality of pre-configured security algorithms. How the specific terminal device selects the first security algorithm from multiple pre-configured security algorithms is The internal implementation of the terminal device is determined. If the terminal device accesses the mobility management function entity for the Nth time, where N is an integer greater than or equal to 2, the first security algorithm may be used by the terminal device when accessing the mobility management entity (N-1) times. Security algorithm. Optionally, the pre-configured policy may be pre-configured in the terminal device at the factory. For example, the pre-configured policy may be the highest priority security algorithm in the security algorithm.

步骤302,终端设备向移动管理功能实体发送被保护的初始NAS消息,以及向存储功能实体发送密钥相关参数,密钥相关参数用于获得对称密钥。Step 302: The terminal device sends the protected initial NAS message to the mobility management function entity, and sends a key related parameter to the storage function entity, where the key related parameter is used to obtain a symmetric key.

一种可能的实现方式,终端设备直接向存储功能实体发送密钥相关参数;另一种可能的实现方式,终端设备通过移动管理功能实体将密钥相关参数透传给存储功能实体,例如,终端设备可以将密钥相关参数和被保护的初始NAS消息一起发送给移动管理功能实体。In a possible implementation manner, the terminal device directly sends the key related parameter to the storage function entity; in another possible implementation manner, the terminal device transparently transmits the key related parameter to the storage function entity through the mobility management function entity, for example, the terminal The device may send the key related parameters along with the protected initial NAS message to the mobility management functional entity.

示例的,若对称密钥是根据存储功能实体的公钥和终端设备的私钥生成的,则密钥相关参数包括终端设备的公钥;若对称密钥是根据随机密钥生成算法生成的,或者对称密钥是根据随机数、永久密钥和KDF生成的,则密钥相关参数包括对称密钥的密文,其中对称密钥的密文是根据存储功能实体的公钥获得的,具体的,终端设备根据存储功能实体的公钥,对对称密钥加密,获得对称密钥的密文。For example, if the symmetric key is generated according to the public key of the storage function entity and the private key of the terminal device, the key related parameter includes the public key of the terminal device; if the symmetric key is generated according to the random key generation algorithm, Or the symmetric key is generated according to the random number, the permanent key, and the KDF, and the key related parameter includes the ciphertext of the symmetric key, wherein the ciphertext of the symmetric key is obtained according to the public key of the storage function entity, and the specific The terminal device encrypts the symmetric key according to the public key of the storage function entity, and obtains the ciphertext of the symmetric key.

可选的,为了便于移动管理功能实体在接收到被保护的初始NAS消息后,获得初始NAS消息,密钥相关参数还包括第一安全算法、或者第一安全算法的密文,其中第一安全算法的密文是根据存储功能实体的公钥获得的,具体的,终端设备根据存储功能实体的公钥,对第一安全算法进行加密,获得第一安全算法的密文。Optionally, in order to facilitate the mobility management function entity to obtain the initial NAS message after receiving the protected initial NAS message, the key related parameter further includes a first security algorithm, or a ciphertext of the first security algorithm, where the first security The ciphertext of the algorithm is obtained according to the public key of the storage function entity. Specifically, the terminal device encrypts the first security algorithm according to the public key of the storage function entity, and obtains the ciphertext of the first security algorithm.

在密钥相关参数不包括第一安全算法或者第一安全算法的密文的情况下,移动管理功能实体可以根据对称密钥和自身预配置的安全算法,来获得初始NAS消息,通常情况下移动管理功能实体中预配置的安全算法包括终端设备中预配置的安全算法。In the case that the key-related parameter does not include the first security algorithm or the ciphertext of the first security algorithm, the mobility management function entity may obtain the initial NAS message according to the symmetric key and its pre-configured security algorithm, and usually move The pre-configured security algorithms in the management function entity include pre-configured security algorithms in the terminal device.

步骤303,存储功能实体在接收到密钥相关参数后,根据密钥相关参数,获得对称密钥。Step 303: After receiving the key related parameter, the storage function entity obtains a symmetric key according to the key related parameter.

一种示例下,密钥相关参数中包括终端设备的公钥,存储功能实体可以根据终端设备的公钥和存储功能实体的私钥,生成对称密钥。具体的,存储功能实体根据终端设备的公钥和存储功能实体的私钥生成对称密钥的方式与终端设备根据存储功能实体的公钥和终端设备的私钥生成对称密钥的方式类似,在此不再赘述。In an example, the key related parameter includes a public key of the terminal device, and the storage function entity may generate a symmetric key according to the public key of the terminal device and the private key of the storage function entity. Specifically, the storage function entity generates a symmetric key according to the public key of the terminal device and the private key of the storage function entity, and the manner in which the terminal device generates the symmetric key according to the public key of the storage function entity and the private key of the terminal device is similar to This will not be repeated here.

另一种示例下,存储功能实体根据终端设备的公钥和存储功能实体的私钥生成中间密钥,然后根据中间密钥和固定字符串生成对称密钥的方式与终端设备根据存储功能实体的公钥和终端设备的私钥生成中间密钥,然后根据中间密钥和固定字符串生成对称密钥的方式类似,在此不再赘述。In another example, the storage function entity generates an intermediate key according to the public key of the terminal device and the private key of the storage function entity, and then generates a symmetric key according to the intermediate key and the fixed string and the terminal device according to the storage function entity. The public key and the private key of the terminal device generate an intermediate key, and then the symmetric key is generated according to the intermediate key and the fixed character string, and is not described here.

再一种示例下,密钥相关参数中包括对称密钥的密文,存储功能实体根据存储功能实体的私钥,对对称密钥的密文进行解密,获得对称密钥。In another example, the key related parameter includes a ciphertext of a symmetric key, and the storage function entity decrypts the ciphertext of the symmetric key according to the private key of the storage function entity to obtain a symmetric key.

此外,在密钥相关参数中包括第一安全算法的密文的情况下,上述方法还包括:存储 功能实体根据存储功能实体的私钥,对第一安全算法的密文进行解密,获得第一安全算法。In addition, in the case that the ciphertext of the first security algorithm is included in the key-related parameter, the method further includes: the storage function entity decrypts the ciphertext of the first security algorithm according to the private key of the storage function entity, and obtains the first Security algorithm.

步骤304,存储功能实体向移动管理功能实体发送对称密钥。Step 304: The storage function entity sends a symmetric key to the mobility management function entity.

需要说明的是,在存储功能实体根据终端设备的公钥和存储功能实体的私钥生成中间密钥的情况下,存储功能实体向移动管理功能实体发送的对称密钥还可以是中间密钥,然后可以由移动管理功能实体根据中间密钥和固定字符串生成用于获取初始NAS消息的对称密钥。It should be noted that, in a case that the storage function entity generates an intermediate key according to the public key of the terminal device and the private key of the storage function entity, the symmetric key sent by the storage function entity to the mobility management function entity may also be an intermediate key. A symmetric key for obtaining the initial NAS message can then be generated by the mobility management function entity based on the intermediate key and the fixed string.

例如,在对称密钥包括加密密钥和完整性保护密钥的情况下,移动管理功能实体可以根据中间密钥和预先配置的第一固定字符串,基于KDF生成加密密钥;以及根据中间密钥和预先配置的第二固定字符串,基于KDF生成完整性保护密钥。此外,移动管理功能实体还可以通过其它方式根据中间密钥和固定字符串生成对称密钥,具体的可参见存储功能实体生成对称密钥的方式,在此不再赘述。For example, in the case where the symmetric key includes an encryption key and an integrity protection key, the mobility management function entity may generate an encryption key based on the KDF according to the intermediate key and the pre-configured first fixed character string; The key and the pre-configured second fixed string generate an integrity protection key based on the KDF. In addition, the mobility management function entity may also generate a symmetric key according to the intermediate key and the fixed string in other manners. For details, refer to the manner in which the storage function entity generates a symmetric key, and details are not described herein.

在密钥相关参数中包括第一安全算法或第一安全算法的密文的情况下,上述方法还包括:存储功能实体向移动管理功能实体发送第一安全算法。In the case that the first security algorithm or the ciphertext of the first security algorithm is included in the key related parameter, the method further includes: the storage function entity sending the first security algorithm to the mobility management function entity.

步骤305,移动管理功能实体在接收到来自终端设备的被保护的初始NAS消息和来自存储功能实体的对称密钥后,根据对称密钥和第一安全算法,获得初始NAS消息。Step 305: After receiving the protected initial NAS message from the terminal device and the symmetric key from the storage function entity, the mobility management function entity obtains an initial NAS message according to the symmetric key and the first security algorithm.

第一安全算法可以是预配置在移动管理功能实体上的。The first security algorithm may be pre-configured on the mobility management functional entity.

可选的,在存储功能实体向移动管理功能实体发送第一安全算法的情况下,移动管理功能实体还接收来自存储功能实体的第一安全算法。Optionally, in a case that the storage function entity sends the first security algorithm to the mobility management function entity, the mobility management function entity further receives the first security algorithm from the storage function entity.

具体的,移动管理功能实体可以基于下列方式获得初始NAS消息:Specifically, the mobility management function entity can obtain the initial NAS message based on the following methods:

方式1:移动管理功能实体根据对称密钥和第一安全算法,对被保护的初始NAS消息进行解密,来获得初始NAS消息,可以应用于被保护的初始NAS消息为初始NAS消息的密文的情况下,其中对称密钥为加密密钥、第一安全算法为加密算法,初始NAS消息的密文是根据加密密钥和第一安全算法获得的,。Manner 1: The mobility management function entity decrypts the protected initial NAS message according to the symmetric key and the first security algorithm to obtain an initial NAS message, which can be applied to the protected initial NAS message as the ciphertext of the initial NAS message. In the case, the symmetric key is an encryption key, and the first security algorithm is an encryption algorithm, and the ciphertext of the initial NAS message is obtained according to the encryption key and the first security algorithm.

方式2:移动管理功能实体根据对称密钥和第一安全算法,校验初始NAS消息的完整性,可以应用于对称密钥为完整性保护密钥、第一安全算法为完整性保护算法的情况下。具体的,移动管理功能实体可基于下述方式校验初始NAS消息的完整性:由于被保护的初始NAS消息为初始NAS消息和初始NAS消息的MAC,则移动管理功能实体可以根据对称密钥、第一安全算法和接收到的初始NAS消息生成新MAC,若新MAC与被保护的初始NAS消息中的MAC相同,则移动管理功能实体校验初始NAS消息的完整性成功;若新MAC与被保护的初始NAS消息中的MAC不同,则移动管理功能实体校验初始NAS消息的完整性失败。Manner 2: The mobility management function entity verifies the integrity of the initial NAS message according to the symmetric key and the first security algorithm, and may be applied to the case where the symmetric key is an integrity protection key and the first security algorithm is an integrity protection algorithm. under. Specifically, the mobility management function entity may verify the integrity of the initial NAS message according to the following manner: since the protected initial NAS message is the MAC of the initial NAS message and the initial NAS message, the mobility management function entity may be based on the symmetric key, The first security algorithm and the received initial NAS message generate a new MAC. If the new MAC is the same as the MAC in the protected initial NAS message, the mobility management function entity verifies that the integrity of the initial NAS message is successful; if the new MAC is The MAC in the protected initial NAS message is different, and the mobility management function entity fails to verify the integrity of the initial NAS message.

方式3:移动管理功能实体根据完整性保护密钥和完整性保护密钥算法,校验初始NAS消息的密文的完整性,其中移动管理功能实体校验初始NAS消息的密文的完整性和方式2中移动管理功能实体校验初始NAS消息的完整性类似,在此不再重复说明。可选的,在移动管理功能实体校验初始NAS消息的密文的完整性成功的情况下,移动管理功能实体再根据加密密钥和加密算法,对初始NAS消息的密文进行解密,获得初始NAS消息;或者,可选的,移动管理功能实体不管完整性保护的校验结果如何,都直接对初始NAS消息的密文进行解密,上述方式可以应用于被保护的初始NAS消息为初始NAS消息的密文和初始NAS消息的密文的MAC的情况下,其中对称密钥包括加密密钥和完整性保护密钥, 第一安全算法包括加密算法和完整性保护算法,初始NAS消息的密文是根据加密密钥和加密算法获得的,初始NAS消息的密文的MAC是根据完整性保护密钥和完整性保护密钥算法获得的。Manner 3: The mobility management function entity verifies the integrity of the ciphertext of the initial NAS message according to the integrity protection key and the integrity protection key algorithm, wherein the mobility management function entity checks the integrity of the ciphertext of the initial NAS message and The integrity of the initial NAS message is verified by the mobility management function entity in mode 2, and the description is not repeated here. Optionally, in the case that the mobility management function entity verifies that the integrity of the ciphertext of the initial NAS message is successful, the mobility management function entity decrypts the ciphertext of the initial NAS message according to the encryption key and the encryption algorithm to obtain an initial The NAS message; or, optionally, the mobility management function entity directly decrypts the ciphertext of the initial NAS message regardless of the verification result of the integrity protection, and the foregoing manner can be applied to the protected initial NAS message as the initial NAS message. In the case of the ciphertext of the ciphertext and the ciphertext of the initial NAS message, wherein the symmetric key includes an encryption key and an integrity protection key, the first security algorithm includes an encryption algorithm and an integrity protection algorithm, and a ciphertext of the initial NAS message. Obtained according to the encryption key and the encryption algorithm, the MAC of the ciphertext of the initial NAS message is obtained according to the integrity protection key and the integrity protection key algorithm.

方式4:移动管理功能实体首先要根据加密密钥和加密算法,对被保护的初始NAS消息进行解密,得到初始NAS消息,然后根据完整性保护密钥和完整性保护算法,校验得到的初始NAS消息的完整性,其中移动管理功能实体校验得到的初始NAS消息的完整性和方式2中移动管理功能实体校验初始NAS消息的完整性类似,在此不再重复说明。上述方式可以应用于被保护的初始NAS消息为被保护的初始NAS消息为初始NAS消息的密文和初始NAS消息的MAC、或者完整性保护后的初始NAS消息的密文,完整性保护后的初始NAS消息的所加密的内容中包括初始NAS消息和初始NAS消息的MAC的情况下,其中对称密钥包括加密密钥和完整性保护密钥,第一安全算法包括加密算法和完整性保护算法,初始NAS消息的密文或者完整性保护后的初始NAS消息的密文是根据加密密钥和加密算法获得的,初始NAS消息的MAC是根据完整性保护密钥和完整性保护密钥算法获得的。Mode 4: The mobility management function entity first decrypts the protected initial NAS message according to the encryption key and the encryption algorithm, obtains the initial NAS message, and then verifies the initial according to the integrity protection key and the integrity protection algorithm. The integrity of the NAS message, where the integrity of the initial NAS message obtained by the mobility management function entity is verified and the integrity of the mobile management function entity verifying the initial NAS message in Mode 2 is similar, and the description is not repeated here. The foregoing manner may be applied to the protected initial NAS message being the protected initial NAS message being the ciphertext of the initial NAS message and the MAC of the initial NAS message, or the ciphertext of the integrity-protected initial NAS message, after integrity protection. Where the encrypted content of the initial NAS message includes the MAC of the initial NAS message and the initial NAS message, wherein the symmetric key includes an encryption key and an integrity protection key, and the first security algorithm includes an encryption algorithm and an integrity protection algorithm. The ciphertext of the initial NAS message or the integrity-protected initial NAS message is obtained according to the encryption key and the encryption algorithm. The MAC of the initial NAS message is obtained according to the integrity protection key and the integrity protection key algorithm. of.

本实施例中,终端设备根据对称密钥和第一安全算法对初始NAS消息中的全部或部分内容进行了安全保护,不受在接收到网络设备发送的NAS SMC消息后才能对NAS消息进行安全保护的限制,不但提高了初始NAS消息传输的可靠性,还提高终端设备的接入效率。In this embodiment, the terminal device performs security protection on all or part of the content in the initial NAS message according to the symmetric key and the first security algorithm, and is not allowed to secure the NAS message after receiving the NAS SMC message sent by the network device. The limitation of protection not only improves the reliability of the initial NAS message transmission, but also improves the access efficiency of the terminal device.

需要说明的是,作为图3所示的实施例的一种可替换方案,步骤302可以替换为:终端设备向存储功能实体发送被保护的初始NAS消息和密钥相关参数。在具体实现时,可选的,终端设备向移动管理功能实体发送被保护的初始NAS消息和密钥相关参数,移动管理功能实体在接收到来自终端设备的被保护的初始NAS消息和密钥相关参数后,将被保护的初始NAS消息和密钥相关参数透传给存储功能实体。或者,可选的,终端设备直接将被保护的初始NAS消息和密钥相关参数发送给存储功能实体。然后执行步骤303,并在执行完步骤303后,将步骤304和步骤305替换为:存储功能实体根据对称密钥和第一安全算法,获得初始NAS消息,然后向移动管理功能实体发送初始NAS消息,其中,存储功能实体根据对称密钥和第一安全算法获得初始NAS消息的方式与步骤305中移动管理功能实体根据对称密钥和第一安全算法获得初始NAS消息的方式类似,在此不再赘述。It should be noted that, as an alternative to the embodiment shown in FIG. 3, step 302 may be replaced by: the terminal device sends the protected initial NAS message and the key related parameter to the storage function entity. In a specific implementation, optionally, the terminal device sends the protected initial NAS message and the key related parameter to the mobility management function entity, and the mobility management function entity receives the protected initial NAS message and the key related to the terminal device. After the parameter, the protected initial NAS message and key related parameters are transparently transmitted to the storage function entity. Alternatively, optionally, the terminal device directly sends the protected initial NAS message and the key related parameter to the storage function entity. Then step 303 is performed, and after step 303 is performed, steps 304 and 305 are replaced with the following: the storage function entity obtains an initial NAS message according to the symmetric key and the first security algorithm, and then sends an initial NAS message to the mobility management function entity. The manner in which the storage function entity obtains the initial NAS message according to the symmetric key and the first security algorithm is similar to the manner in which the mobile management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm in step 305, and details are not described herein again. .

此外,由于移动管理功能实体获得被保护的初始NAS消息中需要传输的真实内容是在获取到对称密钥和第一安全算法的前提下获得的,因此当移动管理实体在获取到初始NAS消息后,需要向终端设备发送下行NAS消息时,为了提高下行NAS消息传输的可靠性,也可以根据对称密钥和第一安全算法对下行NAS消息进行安全保护后,发送给终端设备。In addition, since the mobile management function entity obtains the real content that needs to be transmitted in the protected initial NAS message, which is obtained on the premise that the symmetric key and the first security algorithm are acquired, when the mobile management entity obtains the initial NAS message, When the downlink NAS message needs to be sent to the terminal device, in order to improve the reliability of the downlink NAS message transmission, the downlink NAS message may be securely protected according to the symmetric key and the first security algorithm, and then sent to the terminal device.

具体的,a、一种可选的实现方式为:Specifically, a, an optional implementation is:

移动管理功能实体根据对称密钥和第一安全算法,获得被保护的下行NAS消息,然后向终端设备发送被保护的下行NAS消息,终端设备在接收到来自移动管理功能实体的被保护的下行NAS消息后,根据对称密钥和第一安全算法获得下行NAS消息。其中,需要说明的是,移动管理实体根据对称密钥和第一安全算法获得被保护的下行NAS消息的方式可以参见终端设备根据对称密钥和第一安全算法获得被保护的初始NAS消息的方式。终端设备根据对称密钥和第一安全算法获得下行NAS消息的方式参见移动管理功能实体 根据对称密钥和第一安全算法获得初始NAS消息的方式。The mobility management function entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, and then sends the protected downlink NAS message to the terminal device, where the terminal device receives the protected downlink NAS from the mobility management function entity. After the message, the downlink NAS message is obtained according to the symmetric key and the first security algorithm. It should be noted that, in a manner that the mobility management entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, refer to the manner in which the terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm. . For the manner in which the terminal device obtains the downlink NAS message according to the symmetric key and the first security algorithm, refer to the manner in which the mobility management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm.

示例的,初始NAS消息为注册请求消息时,下行NAS消息可以为注册接受(registration accept)消息、注册拒绝(registration reject)消息或者NAS SMC消息等。For example, when the initial NAS message is a registration request message, the downlink NAS message may be a registration accept message, a registration reject message, or a NAS SMC message.

例如,下行NAS消息为NAS SMC消息或者注册接受消息,为了提高下行NAS消息传输的可靠性,可选的,移动管理功能实体根据对称密钥和第一安全算法,获得被保护的下行NAS消息,其中被保护的下行NAS消息为下行NAS消息的密文,然后向终端设备发送被保护的下行NAS消息,终端设备在接收到被保护的下行NAS消息后,根据对称密钥和第一安全算法,对被保护的下行NAS消息进行解密,获得下行NAS消息。上述方式可以应用于对称密钥包括加密密钥、第一完全算法包括加密算法的情况下。此外,可选的,在对称密钥包括加密密钥和完整性保护密钥,第一安全算法包括加密算法和完整性保护算法的情况下,被保护的下行NAS消息可以包括下行NAS消息的密文和下行NAS消息的密文的MAC、或者被保护的下行NAS消息包括下行NAS消息的密文和下行NAS消息的MAC、或者完整性保护后的下行NAS消息的密文,其中完整性保护后的下行NAS消息的密文所加密的内容中包括下行NAS消息和下行NAS消息的MAC。可选的,在对称密钥包括完整性保护密钥、第一安全算法为完整性保护算法的情况下,被保护的下行NAS消息为下行NAS消息和下行NAS消息的MAC。For example, the downlink NAS message is a NAS SMC message or a registration accept message. To improve the reliability of the downlink NAS message transmission, optionally, the mobility management function entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm. The protected downlink NAS message is the ciphertext of the downlink NAS message, and then the protected downlink NAS message is sent to the terminal device, and after receiving the protected downlink NAS message, the terminal device according to the symmetric key and the first security algorithm, The protected downlink NAS message is decrypted to obtain a downlink NAS message. The above manner can be applied to the case where the symmetric key includes an encryption key and the first complete algorithm includes an encryption algorithm. In addition, optionally, in the case that the symmetric key includes an encryption key and an integrity protection key, and the first security algorithm includes an encryption algorithm and an integrity protection algorithm, the protected downlink NAS message may include the density of the downlink NAS message. The ciphertext MAC address of the text and the downlink NAS message, or the protected downlink NAS message includes the ciphertext of the downlink NAS message and the MAC address of the downlink NAS message, or the ciphertext of the integrity-protected downlink NAS message, where the integrity is protected. The content encrypted by the ciphertext of the downlink NAS message includes the MAC of the downlink NAS message and the downlink NAS message. Optionally, in the case that the symmetric key includes an integrity protection key and the first security algorithm is an integrity protection algorithm, the protected downlink NAS message is a MAC of a downlink NAS message and a downlink NAS message.

再例如,下行NAS消息为注册拒绝消息,移动管理功能实体根据对称密钥和第一安全算法,对下行NAS消息进行完整性保护,获得被保护的下行NAS消息;并向终端设备发送被保护的下行NAS消息。终端设备在接收到下行NAS消息后,根据对称密钥和第一安全算法,校验下行NAS消息的完整性。上述方式可以应用于对称密钥包含完整性保护密钥、第一安全算法包含完整性保护算法的情况下。For example, the downlink NAS message is a registration reject message, and the mobility management function entity performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain the protected downlink NAS message; and sends the protected downlink message to the terminal device. Downstream NAS message. After receiving the downlink NAS message, the terminal device checks the integrity of the downlink NAS message according to the symmetric key and the first security algorithm. The above manner can be applied to the case where the symmetric key contains an integrity protection key and the first security algorithm includes an integrity protection algorithm.

具体的,由于移动管理功能实体有可能拒绝终端设备的注册请求,如SUPI无法找到、终端设备不合法等,具体导致移动管理功能实体拒绝终端设备的注册请求的原因可参见3GPP TS 24.301的表9.9.3.9.1。而现有技术中注册拒绝消息通常情况下无法被保护,导致移动管理功能实体向终端设备发送的注册拒绝消息可能被篡改、被伪造、被嗅探等,导致终端设备进入DoS状态。而本申请实施例中,在下行NAS消息为注册拒绝消息的情况下,通过实现方式a移动管理功能实体可以根据对称密钥和第一安全算法,对注册拒绝消息进行完整性保护和/或者加密,从而有助于降低注册拒绝消息被篡改、被伪造、被嗅探等的可能性。Specifically, since the mobility management function entity may reject the registration request of the terminal device, such as the SUPI cannot be found, the terminal device is invalid, and the like, the reason why the mobility management function entity rejects the registration request of the terminal device may be referred to Table 9.9 of 3GPP TS 24.301. .3.9.1. In the prior art, the registration rejection message cannot be protected, and the registration rejection message sent by the mobility management function entity to the terminal device may be tampered with, forged, sniffed, etc., causing the terminal device to enter the DoS state. In the embodiment of the present application, in the case that the downlink NAS message is a registration reject message, the mobility management function entity may perform integrity protection and/or encryption on the registration reject message according to the symmetric key and the first security algorithm. , thereby helping to reduce the possibility of registration rejection messages being tampered with, forged, sniffed, and the like.

b、另一种可选的实现方式为:b. Another alternative implementation is:

移动管理功能实体根据对称密钥和第一安全算法,获得下行NAS消息的密文,其中下行NAS消息包括第二安全算法,然后移动管理功能实体根据第二安全算法对下行NAS消息的密文进行完整性保护,获得被保护的下行NAS消息,再向终端设备发送被保护的下行NAS消息。终端设备在接收到来自移动管理功能实体的被保护的下行NAS消息后,根据对称密钥和第一安全算法对下行NAS消息的密文进行解密,获得下行NAS消息,然后终端设备从下行NAS消息中获的第二安全算法,然后根据第二安全算法,校验下行NAS消息的密文的完整性。示例的,在该种实现方式中,下行NAS消息可以为注册接受消息。The mobility management function entity obtains the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message includes the second security algorithm, and then the mobility management function entity performs the ciphertext of the downlink NAS message according to the second security algorithm. Integrity protection, obtaining the protected downlink NAS message, and then sending the protected downlink NAS message to the terminal device. After receiving the protected downlink NAS message from the mobility management function entity, the terminal device decrypts the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, and then the terminal device receives the downlink NAS message. And obtaining the second security algorithm, and then verifying the integrity of the ciphertext of the downlink NAS message according to the second security algorithm. For example, in this implementation, the downlink NAS message may be a registration accept message.

具体的,在对称密钥包含加密密钥、第一安全算法包含加密算法的情况下,在网络侧,移动管理功能实体根据加密密钥和加密算法对下行NAS消息进行加密,获得下行NAS消息的密文;在终端侧,终端设备根据加密密钥和加密算法对下行NAS消息的密文进行解 密,得到下行NAS消息。Specifically, in the case that the symmetric key includes the encryption key and the first security algorithm includes the encryption algorithm, on the network side, the mobility management function entity encrypts the downlink NAS message according to the encryption key and the encryption algorithm to obtain the downlink NAS message. On the terminal side, the terminal device decrypts the ciphertext of the downlink NAS message according to the encryption key and the encryption algorithm to obtain a downlink NAS message.

c、再一种可能的实现方式为:c. Another possible implementation is:

移动管理功能实体根据第二安全算法,对下行NAS消息进行完整性保护,以及根据对称密钥和第一安全算法,获得被保护的下行NAS消息,其中被保护的下行NAS消息为完整性保护后的下行NAS消息的密文,然后向终端设备发送被保护的下行NAS消息。终端设备在接收到来自移动管理功能实体的被保护的下行NAS消息后,根据对称密钥和第一安全算法对被保护的下行NAS消息进行解密,得到下行NAS消息,然后从下行NAS消息中获得第二安全算法,并根据第二安全算法,校验下行NAS消息的完整性。具体的,完整性保护后的下行NAS消息的密文所加密的内容中包括下行NAS消息和下行NAS消息的MAC。The mobility management function entity performs integrity protection on the downlink NAS message according to the second security algorithm, and obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, where the protected downlink NAS message is integrity protected. The ciphertext of the downlink NAS message is then sent to the terminal device for the protected downlink NAS message. After receiving the protected downlink NAS message from the mobility management function entity, the terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain a downlink NAS message, and then obtains the downlink NAS message. The second security algorithm checks the integrity of the downlink NAS message according to the second security algorithm. Specifically, the content encrypted by the ciphertext of the integrity-protected downlink NAS message includes the MAC of the downlink NAS message and the downlink NAS message.

需要说明的是,本申请实施例移动管理功能实体还可以根据第二安全算法,对下行NAS消息进行完整性保护,得到下行NAS消息的MAC,以及根据对称密钥和第一安全算法,对下行NAS消息进行加密,得到下行NAS消息的密文,在这种实现方式中被保护的下行NAS消息为下行NAS消息的密文和下行NAS消息的MAC。然后向终端设备发送被保护的下行NAS消息。终端设备在接收到来自移动管理功能实体的被保护的下行NAS消息后,先根据对称密钥和第一安全算法对下行NAS消息的密文进行解密得到下行NAS消息,然后从下行NAS消息中获取第二安全算法,再根据第二安全算法校验下行NAS消息的完整性。It should be noted that, in the embodiment of the present application, the mobility management function entity may perform integrity protection on the downlink NAS message according to the second security algorithm, obtain the MAC address of the downlink NAS message, and perform downlink on the basis of the symmetric key and the first security algorithm. The NAS message is encrypted to obtain the ciphertext of the downlink NAS message. In this implementation, the protected downlink NAS message is the ciphertext of the downlink NAS message and the MAC of the downlink NAS message. The protected downlink NAS message is then sent to the terminal device. After receiving the protected downlink NAS message from the mobility management function entity, the terminal device decrypts the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, and then obtains the downlink NAS message from the downlink NAS message. The second security algorithm further checks the integrity of the downlink NAS message according to the second security algorithm.

示例的,在上述实现方式中,下行NAS消息可以为注册接受消息、或者NAS SMC消息等。For example, in the foregoing implementation manner, the downlink NAS message may be a registration accept message, a NAS SMC message, or the like.

其中在实现方式b、c中,第二安全算法包括完整性保护算法,可选的,第二安全算法中还可以包括加密算法,具体的,第二安全算法是移动管理功能实体根据终端设备的安全能力和预配置的算法列表选择的。需要说明的是,第一安全算法与第二安全算法可以相同,也可以不同,例如,第一安全算法包括的加密算法和第二安全算法包括的加密算法相同、第一安全算法包括的完整性保护算法和第二安全算法包括的完整性保护算法不同;或者,第一安全算法包括的加密算法和第二安全算法包括的加密算法不同、第一安全算法包括的完整性保护算法和第二安全算法包括的完整性保护算法相同;或者,第一安全算法包括的加密算法和第二安全算法包括的加密算法相同、第一安全算法包括的完整性保护算法和第二安全算法包括的完整性保护算法相同;或者,第一安全算法包括的加密算法和第二安全算法包括的加密算法不同、第一安全算法包括的完整性保护算法和第二安全算法包括的完整性保护算法不同。可选的,在第一安全算法和第二安全算法相同的情况下,可以不在下行NAS消息中携带第二安全算法,或者,在第一安全算法包括的加密算法和第二安全算法包括的加密算法相同、第一安全算法包括的完整性保护算法和第二安全算法包括的完整性保护算法不同的情况下,下行NAS消息中携带第二安全算法,下行NAS消息中携带的第二安全算法中包括完整性保护算法、且不包括的加密算法。终端设备在获得下行NAS消息后,则后续基于下行NAS消息中携带的安全算法,与移动管理功能实体之间进行通信。In the implementation manners b and c, the second security algorithm includes an integrity protection algorithm. Optionally, the second security algorithm may further include an encryption algorithm. Specifically, the second security algorithm is a mobility management function entity according to the terminal device. Security capabilities and a list of pre-configured algorithms are selected. It should be noted that the first security algorithm and the second security algorithm may be the same or different. For example, the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm are the same, and the integrity of the first security algorithm is included. The protection algorithm and the second security algorithm comprise different integrity protection algorithms; or the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm are different, the integrity protection algorithm included in the first security algorithm, and the second security The algorithm includes the same integrity protection algorithm; or the encryption algorithm included in the first security algorithm is the same as the encryption algorithm included in the second security algorithm, the integrity protection algorithm included in the first security algorithm, and the integrity protection included in the second security algorithm The algorithm is the same; or the encryption algorithm included in the first security algorithm is different from the encryption algorithm included in the second security algorithm, and the integrity protection algorithm included in the first security algorithm is different from the integrity protection algorithm included in the second security algorithm. Optionally, if the first security algorithm and the second security algorithm are the same, the second security algorithm may not be carried in the downlink NAS message, or the encryption algorithm included in the first security algorithm and the encryption included in the second security algorithm If the algorithm is the same, the integrity protection algorithm included in the first security algorithm, and the integrity protection algorithm included in the second security algorithm are different, the downlink NAS message carries the second security algorithm, and the second security algorithm carried in the downlink NAS message Includes encryption algorithms that are integrity protection algorithms and are not included. After obtaining the downlink NAS message, the terminal device communicates with the mobility management function entity based on the security algorithm carried in the downlink NAS message.

当下行NAS消息为NAS SMC消息时,有助于在提高初始NAS消息传输可靠性的同时更好的兼容现有的安全算法的协商流程。可选的,当移动管理功能实体确定的安全算法与终端设备确定的安全算法不一致的情况下,移动管理功能实体可以通过NAS SMC消息 向终端设备发送自身确定的安全算法,当移动管理功能实体确定的安全算法与终端设备确定的安全算法一致的情况下,可以移动管理功能实体可以不向终端设备发送NAS SMC消息,有助于在一定程度上减少信令的交互,提供通信的效率;当下行NAS消息为注册接受消息时,则移动管理功能实体可以直接通过注册接受消息与终端设备协商使用的安全算法,省略NAS SMC消息的传输,有助于减少信令的交互,提高通信的效率。When the downlink NAS message is a NAS SMC message, it helps to better complicate the negotiation process of the existing security algorithm while improving the reliability of the initial NAS message transmission. Optionally, when the security algorithm determined by the mobility management function entity is inconsistent with the security algorithm determined by the terminal device, the mobility management function entity may send the security algorithm determined by the mobility management function entity to the terminal device by using the NAS SMC message, when the mobility management function entity determines If the security algorithm is consistent with the security algorithm determined by the terminal device, the mobility management function entity may not send the NAS SMC message to the terminal device, which helps to reduce signaling interaction to a certain extent and provide communication efficiency; When the NAS message is a registration accept message, the mobility management function entity can directly negotiate the security algorithm used by the terminal device through the registration accept message, omitting the transmission of the NAS SMC message, thereby reducing the signaling interaction and improving the communication efficiency.

下面基于对称密钥不同的实现方式,对本申请实施例消息保护的方法进行具体的介绍。The method for message protection in the embodiment of the present application is specifically described below based on the implementation of different symmetric keys.

参见图4所示,本申请实施例提供的一种消息保护的方法,该方法以对称密钥包括加密密钥和完整性保护密钥为例进行说明,具体包括如下步骤:As shown in FIG. 4, a method for message protection is provided in the embodiment of the present application. The method is described by using a symmetric key, including an encryption key and an integrity protection key, as follows.

步骤401,终端设备根据存储功能实体的公钥和终端设备的私钥,生成第一对称密钥,其中第一对称密钥包括第一加密密钥和第一完整性保护密钥。Step 401: The terminal device generates a first symmetric key according to the public key of the storage function entity and the private key of the terminal device, where the first symmetric key includes the first encryption key and the first integrity protection key.

具体的,终端设备生成第一对称密钥的方式可以参见图3所示实施例中终端设备根据存储功能实体的公钥和终端设备的私钥生成对称密钥的方式,在此不再赘述。Specifically, for the manner in which the terminal device generates the first symmetric key, refer to the manner in which the terminal device generates a symmetric key according to the public key of the storage function entity and the private key of the terminal device in the embodiment shown in FIG. 3, and details are not described herein again.

步骤402,终端设备根据第一加密密钥和第一加密算法,对初始NAS消息进行加密,获得初始NAS消息的密文。Step 402: The terminal device encrypts the initial NAS message according to the first encryption key and the first encryption algorithm, and obtains the ciphertext of the initial NAS message.

其中,第一加密算法可以预先配置在终端设备和移动管理功能实体中。The first encryption algorithm may be pre-configured in the terminal device and the mobility management function entity.

步骤403,终端设备根据第一完整性保护密钥和第一完整性保护算法,对初始NAS消息的密文进行完整性保护,获得初始NAS消息的密文的MAC。Step 403: The terminal device performs integrity protection on the ciphertext of the initial NAS message according to the first integrity protection key and the first integrity protection algorithm, and obtains the MAC address of the ciphertext of the initial NAS message.

其中,第一完整性保护算法可以预先配置在终端设备和移动管理功能实体中。The first integrity protection algorithm may be pre-configured in the terminal device and the mobility management function entity.

步骤404,终端设备向移动管理功能实体发送被保护的初始NAS消息和终端设备的公钥。Step 404: The terminal device sends the protected initial NAS message and the public key of the terminal device to the mobility management function entity.

其中,被保护的初始NAS消息可以包含初始NAS消息的密文和初始NAS消息的密文的MAC。The protected initial NAS message may include the ciphertext of the initial NAS message and the ciphertext of the initial NAS message.

步骤405,移动管理功能实体在接收到被保护的初始NAS消息和终端设备的公钥后,向存储功能实体发送终端设备的公钥。Step 405: After receiving the protected initial NAS message and the public key of the terminal device, the mobility management function entity sends the public key of the terminal device to the storage function entity.

步骤406,存储功能实体接收到移动管理功能实体发送的终端设备的公钥后,根据终端设备的公钥和存储功能实体的私钥,生成第二对称密钥。Step 406: After receiving the public key of the terminal device sent by the mobility management function entity, the storage function entity generates a second symmetric key according to the public key of the terminal device and the private key of the storage function entity.

其中,第二对称密钥可以包括第二加密密钥和第二完整性保护密钥,具体的,第二加密密钥和第一加密密钥可以相同,第二完整性保护密钥和第一完整性保护密钥可以相同。The second symmetric key may include a second encryption key and a second integrity protection key. Specifically, the second encryption key and the first encryption key may be the same, and the second integrity protection key and the first The integrity protection key can be the same.

其中,存储功能实体生成第二对称密钥的方式可以参见图3所示实施例中存储功能实体根据终端设备的公钥和存储功能实体的私钥生成对称密钥的方式,在此不再重复说明。For the manner in which the storage function entity generates the second symmetric key, refer to the manner in which the storage function entity generates a symmetric key according to the public key of the terminal device and the private key of the storage function entity in the embodiment shown in FIG. Description.

步骤407,存储功能实体向移动管理功能实体发送第二对称密钥。Step 407: The storage function entity sends a second symmetric key to the mobility management function entity.

步骤408,移动管理功能实体接收到存储功能实体发送的第二对称密钥后,根据第二完整性保护密钥和第一完整性保护算法,校验初始NAS消息的密文的完整性。Step 408: After receiving the second symmetric key sent by the storage function entity, the mobility management function entity checks the integrity of the ciphertext of the initial NAS message according to the second integrity protection key and the first integrity protection algorithm.

其中,移动管理功能实体校验初始NAS消息的密文的完整性的方式与图3中消息保护的方法中校验初始NAS消息的完整性的方式类似,在此不再重复说明。The manner in which the mobility management function entity checks the integrity of the ciphertext of the initial NAS message is similar to the manner in which the integrity of the initial NAS message is verified in the message protection method in FIG. 3, and the description is not repeated here.

步骤409,移动管理功能实体在初始NAS消息的密文的完整性校验成功时,根据第二加密密钥和第一加密算法,对初始NAS消息的密文进行解密,获得初始NAS消息。Step 409: The mobility management function entity decrypts the ciphertext of the initial NAS message according to the second encryption key and the first encryption algorithm when the integrity check of the ciphertext of the initial NAS message is successful, to obtain an initial NAS message.

其中,移动管理功能实体在获得初始NAS消息后,可以向终端设备发送下行NAS消息,为了提高传输下行NAS消息的可靠性,还可以执行步骤410~步骤412。After the initial NAS message is obtained, the mobility management function entity may send a downlink NAS message to the terminal device. To improve the reliability of transmitting the downlink NAS message, step 410 to step 412 may be performed.

步骤410,移动管理功能实体根据第二对称密钥和第一安全算法,获得被保护的下行NAS消息。Step 410: The mobility management function entity obtains the protected downlink NAS message according to the second symmetric key and the first security algorithm.

需要说明的是,步骤410中移动管理功能实体获得被保护的下行NAS的具体实现方式与参见图3所示实施例中移动管理功能实体获得被保护的下行NAS消息的具体实现方式类似,在此不再重复说明。It should be noted that the specific implementation manner of obtaining the protected downlink NAS in the mobile management function entity in step 410 is similar to the specific implementation manner in which the mobility management function entity obtains the protected downlink NAS message in the embodiment shown in FIG. Repeat the instructions.

步骤411,移动管理功能实体向终端设备发送被保护的下行NAS消息。Step 411: The mobility management function entity sends the protected downlink NAS message to the terminal device.

步骤412,终端设备在接收到被保护的下行NAS消息后,根据第二对称密钥和第一安全算法,获得下行NAS消息。Step 412: After receiving the protected downlink NAS message, the terminal device obtains the downlink NAS message according to the second symmetric key and the first security algorithm.

需要说明的是,步骤412中终端设备获得下行NAS的具体实现方式与参见图3所示实施例中终端设备获得下行NAS消息的具体实现方式类似,在此不再重复说明。It should be noted that the specific implementation manner in which the terminal device obtains the downlink NAS in step 412 is similar to the specific implementation manner in which the terminal device obtains the downlink NAS message in the embodiment shown in FIG. 3, and the description is not repeated herein.

其中,在初始NAS消息为注册请求的情况下,下行NAS消息可以为注册接受消息、NAS SMC消息或者注册拒绝消息,具体下行NAS消息为哪个消息可以由移动管理功能实体根据实际情况或者预配置的策略进行决定。In the case that the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, a NAS SMC message, or a registration reject message, and the specific downlink NAS message may be used by the mobility management function entity according to the actual situation or pre-configured. The strategy makes a decision.

示例性地,在图4所示的实施例中,第二对称密钥包括第二加密密钥和第二完整性保护密钥,第一安全算法包括第一加密算法和第一完整性保护算法,移动管理功能实体可以按照下列方式对下行NAS消息进行安全保护:Exemplarily, in the embodiment shown in FIG. 4, the second symmetric key includes a second encryption key and a second integrity protection key, and the first security algorithm includes a first encryption algorithm and a first integrity protection algorithm. The mobility management function entity can secure the downlink NAS message in the following manner:

安全保护方式一:移动管理功能实体使用第二对称密钥中的部分密钥和第一安全算法中的相应部分算法对下行NAS消息进行安全保护,例如只使用第一加密算法和第二加密密钥对下行NAS消息进行安全保护;或者只使用第一完整性保护算法和第二完整性保护密钥对下行NAS消息进行安全保护等。Security protection mode 1: The mobility management function entity uses a partial key in the second symmetric key and a corresponding partial algorithm in the first security algorithm to secure the downlink NAS message, for example, using only the first encryption algorithm and the second encryption key. The key is used to secure the downlink NAS message; or the first integrity protection algorithm and the second integrity protection key are used to secure the downlink NAS message.

安全保护方式二:移动管理功能实体使用第一安全算法和第二对称密钥既对下行NAS消息进行完整性保护和加密。Security protection mode 2: The mobility management function entity uses the first security algorithm and the second symmetric key to perform integrity protection and encryption on the downlink NAS message.

安全保护方式三:移动管理功能实体根据第一加密算法和第二加密密钥对下行NAS消息进行加密,根据第二安全算法对下行NAS消息或者下行NAS消息的密文进行完整性保护,其中第二安全算法是移动管理功能实体基于终端设备的安全能力和预配置的算法列表选择的;第二安全算法包括第二完整性保护算法,可选的第二安全算法还可以包括第二加密算法,其中在安全保护方式三中,下行NAS消息中包括第二安全算法。Security protection mode 3: The mobility management function entity encrypts the downlink NAS message according to the first encryption algorithm and the second encryption key, and performs integrity protection on the ciphertext of the downlink NAS message or the downlink NAS message according to the second security algorithm, where The second security algorithm is selected by the mobility management function entity based on the terminal device security capability and the pre-configured algorithm list; the second security algorithm includes a second integrity protection algorithm, and the optional second security algorithm may further include a second encryption algorithm. In the third security protection mode, the second security algorithm is included in the downlink NAS message.

需要说明的是,移动管理功能实体具体选择哪种安全保护方式可以由预配置的算法决定。It should be noted that the specific security protection mode selected by the mobility management function entity may be determined by a pre-configured algorithm.

本实施例中,终端设备在初始接入网络时,根据第一对称密钥和第一安全算法对初始NAS消息进行加密和完整性保护,不但提高了初始NAS消息传输安全性,还提高了终端设备接入网络的效率。此外,移动管理功能实体在获得初始NAS消息后,对向终端设备发送的下行NAS消息也进行了安全保护,提高了下行NAS消息传输的安全性。In this embodiment, when initially accessing the network, the terminal device performs encryption and integrity protection on the initial NAS message according to the first symmetric key and the first security algorithm, which not only improves the security of the initial NAS message transmission, but also improves the terminal. The efficiency with which the device accesses the network. In addition, after obtaining the initial NAS message, the mobility management function entity also performs security protection on the downlink NAS message sent to the terminal device, thereby improving the security of the downlink NAS message transmission.

还需要说明的是,作为图4所示实施例的一种可替换方案,步骤402和步骤403可以替换为:若被保护的初始NAS消息包括初始NAS消息的密文和初始NAS消息的MAC,则终端设备根据第一完整性保护密钥和第一完整性保护算法对初始NAS消息进行完整性保护,并根据第一加密密钥和第一加密算法对初始NAS消息进行加密。两者个步骤之间没有必然的先后执行顺序,例如,可以先执行初始NAS消息的加密步骤,再执行初始NAS消息的完整性保护步骤,还可以先执行初始NAS消息的完整性保护步骤再执行初始NAS消息的加密步骤。It should be noted that, as an alternative to the embodiment shown in FIG. 4, step 402 and step 403 may be replaced by: if the protected initial NAS message includes the ciphertext of the initial NAS message and the MAC of the initial NAS message, Then, the terminal device performs integrity protection on the initial NAS message according to the first integrity protection key and the first integrity protection algorithm, and encrypts the initial NAS message according to the first encryption key and the first encryption algorithm. There is no necessary sequence of execution between the two steps. For example, the encryption step of the initial NAS message may be performed first, then the integrity protection step of the initial NAS message may be performed, and the integrity protection step of the initial NAS message may be performed first. The encryption step of the initial NAS message.

进一步地,步骤408和步骤409可以替换为:移动管理功能实体在接收到被保护的初始NAS消息后,该被保护的初始NAS消息包括初始NAS消息的密文和初始NAS消息的MAC,移动管理功能实体可以先对初始NAS消息的密文进行解密得到初始NAS消息后,再校验初始NAS消息的完整性。其它步骤可参见图4所示实施例中的步骤,不再赘述。Further, step 408 and step 409 may be replaced by: after receiving the protected initial NAS message, the protected initial NAS message includes the ciphertext of the initial NAS message and the MAC of the initial NAS message, and the mobility management The functional entity may first decrypt the ciphertext of the initial NAS message to obtain the initial NAS message, and then verify the integrity of the initial NAS message. For other steps, refer to the steps in the embodiment shown in FIG. 4, and details are not described herein again.

当然,图4所示实施例只是作为一种示例进行说明,例如,图4所示实施例中仅给出了一种生成对称密钥的方式,此外本申请实施例中对称密钥还可以预先配置在终端设备中,或者,还可以根据随机密钥生成算法,或者随机数等生成对称密钥。Of course, the embodiment shown in FIG. 4 is only described as an example. For example, only the method for generating a symmetric key is given in the embodiment shown in FIG. 4, and the symmetric key may also be used in advance in the embodiment of the present application. It is configured in the terminal device, or may generate a symmetric key according to a random key generation algorithm or a random number.

参见图5所示,本申请实施例提供的一种消息保护的方法,该方法以对称密钥为加密密钥为例进行说明,具体如下。As shown in FIG. 5, a method for message protection according to an embodiment of the present disclosure is described by taking a symmetric key as an encryption key as an example, as follows.

步骤501,终端设备生成加密密钥。In step 501, the terminal device generates an encryption key.

具体的,终端设备生成加密密钥的方式可以参见图3所示实施例中终端设备生成对称密钥的方式,在此不再赘述。Specifically, for the manner in which the terminal device generates the encryption key, refer to the manner in which the terminal device generates the symmetric key in the embodiment shown in FIG. 3, and details are not described herein again.

步骤502,终端设备根据存储功能实体的公钥,对加密密钥进行加密,得到加密密钥的密文。Step 502: The terminal device encrypts the encryption key according to the public key of the storage function entity, and obtains the ciphertext of the encryption key.

步骤503,终端设备根据加密密钥和第一加密算法,对初始NAS消息进行加密,获得初始NAS消息的密文。Step 503: The terminal device encrypts the initial NAS message according to the encryption key and the first encryption algorithm, and obtains the ciphertext of the initial NAS message.

其中,第一加密算法可以预先配置在终端设备和移动管理功能实体中。The first encryption algorithm may be pre-configured in the terminal device and the mobility management function entity.

步骤504,终端设备向移动管理功能实体发送初始NAS消息的密文和加密密钥的密文。Step 504: The terminal device sends the ciphertext of the initial NAS message and the ciphertext of the encryption key to the mobility management function entity.

步骤505,移动管理功能实体在接收到初始NAS消息的密文和加密密钥的密文后,向存储功能实体发送加密密钥的密文。Step 505: After receiving the ciphertext of the initial NAS message and the ciphertext of the encryption key, the mobility management function entity sends the ciphertext of the encryption key to the storage function entity.

步骤506,存储功能实体接收到移动管理功能实体发送的加密密钥的密文后,根据存储功能实体的私钥,对加密密钥的密文进行解密,得到加密密钥。Step 506: After receiving the ciphertext of the encryption key sent by the mobility management function entity, the storage function entity decrypts the ciphertext of the encryption key according to the private key of the storage function entity to obtain an encryption key.

步骤507,存储功能实体向移动管理功能实体发送加密密钥。Step 507: The storage function entity sends an encryption key to the mobility management function entity.

步骤508,移动管理功能实体接收到存储功能实体发送的加密密钥后,根据加密密钥和第一加密算法,解密初始NAS消息的密文,得到初始NAS消息。Step 508: After receiving the encryption key sent by the storage function entity, the mobility management function entity decrypts the ciphertext of the initial NAS message according to the encryption key and the first encryption algorithm to obtain an initial NAS message.

具体地,移动管理功能实体在获得初始NAS消息后,可以向终端设备发送下行NAS消息,为了提高传输下行NAS消息的可靠性,可以执行步骤509~步骤511。Specifically, after obtaining the initial NAS message, the mobility management function entity may send a downlink NAS message to the terminal device. To improve the reliability of transmitting the downlink NAS message, step 509 to step 511 may be performed.

步骤509,移动管理功能实体根据加密密钥,对下行NAS消息进行加密,得到下行NAS消息的密文。Step 509: The mobility management function entity encrypts the downlink NAS message according to the encryption key, and obtains the ciphertext of the downlink NAS message.

步骤510,移动管理功能实体向终端设备发送下行NAS消息的密文。Step 510: The mobility management function entity sends the ciphertext of the downlink NAS message to the terminal device.

步骤511,终端设备在接收到下行NAS消息的密文后,根据加密密钥和第一加密算法,对下行NAS消息的密文进行解密,获得下行NAS消息。Step 511: After receiving the ciphertext of the downlink NAS message, the terminal device decrypts the ciphertext of the downlink NAS message according to the encryption key and the first encryption algorithm to obtain a downlink NAS message.

其中,在初始NAS消息为注册请求的情况下,下行NAS消息可以为注册接受消息、NAS SMC消息或者注册拒绝消息,此外,具体下行NAS消息为哪个消息可以由移动管理功能实体根据实际情况或者预配置的策略进行决定。In the case that the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, a NAS SMC message, or a registration reject message. In addition, the specific downlink NAS message may be used by the mobility management function entity according to the actual situation or pre- The configured policy is determined.

此外,在图5所示实施例的消息保护的方法中,移动管理功能实体可以基于终端设备的安全能力和预配置的算法列表选择新的加密算法和/或完整性保护算法,并通过下行NAS消息发送给终端设备,另外,移动管理功能实体在选择了新的完整性保护算法后,可以先基于选择的新的完整性保护算法对下行NAS消息进行完整性保护后,再执行步骤509。In addition, in the message protection method of the embodiment shown in FIG. 5, the mobility management function entity may select a new encryption algorithm and/or an integrity protection algorithm based on the security capabilities of the terminal device and the pre-configured algorithm list, and pass the downlink NAS. The message is sent to the terminal device. In addition, after the new integrity protection algorithm is selected, the mobility management function entity may perform integrity protection on the downlink NAS message based on the selected new integrity protection algorithm, and then perform step 509.

本实施例中,终端设备在初始接入网络时,能够根据加密密钥和第一加密算法对初始 NAS消息进行加密,不但提高初始NAS消息传输安全性,还提高了终端设备接入网络的效率,此外,移动管理功能实体在获得初始NAS消息后,对向终端设备发送的下行NAS消息也进行了安全保护,提高了下行NAS消息传输的安全性。In this embodiment, when the terminal device initially accesses the network, the initial NAS message can be encrypted according to the encryption key and the first encryption algorithm, which not only improves the security of the initial NAS message transmission, but also improves the efficiency of the terminal device accessing the network. In addition, after obtaining the initial NAS message, the mobility management function entity also performs security protection on the downlink NAS message sent to the terminal device, thereby improving the security of the downlink NAS message transmission.

当然,图5所示实施例只是作为一种示例进行说明,例如,图5所示实施例中仅给出了一种生成加密密钥的方式,此外本申请实施例中加密密钥还可以预先配置在终端设备中,或者,还可以根据终端设备的私钥和存储功能实体的公钥生成,或者随机数等生成加密密钥。再例如,图5所示实施例中仅给出了一种安全算法的配置方式,此外,还可以在存储功能实体中预先配置安全算法,再由存储功能实体发送给移动管理功能实体等。Of course, the embodiment shown in FIG. 5 is only described as an example. For example, in the embodiment shown in FIG. 5, only one way of generating an encryption key is given. In addition, the encryption key in the embodiment of the present application may also be pre- It is configured in the terminal device, or may generate an encryption key according to the private key of the terminal device and the public key of the storage function entity, or a random number. For example, in the embodiment shown in FIG. 5, only a configuration manner of the security algorithm is given. In addition, the security algorithm may be pre-configured in the storage function entity, and then sent to the mobility management function entity by the storage function entity.

参见图6所示,本申请实施例提供了一种消息保护的方法,该方法以对称密钥为完整性保护密钥为例进行说明,具体如下。As shown in FIG. 6, the embodiment of the present application provides a method for message protection, which is described by taking a symmetric key as an integrity protection key as an example, as follows.

步骤601,终端设备生成完整性保护密钥。Step 601: The terminal device generates an integrity protection key.

具体的,终端设备生成的完整性保护密钥的方式可以参见图3所示实施例中终端设备生成对称密钥的方式,在此不再赘述。Specifically, for the manner of the integrity protection key generated by the terminal device, refer to the manner in which the terminal device generates a symmetric key in the embodiment shown in FIG. 3, and details are not described herein again.

步骤602,终端设备根据存储功能实体的公钥,对完整性保护密钥和第一完整性保护算法进行加密,得到第一密文。Step 602: The terminal device encrypts the integrity protection key and the first integrity protection algorithm according to the public key of the storage function entity to obtain the first ciphertext.

其中,第一密文所加密的内容可以包括完整性保护密钥和第一完整性保护算法。The content encrypted by the first ciphertext may include an integrity protection key and a first integrity protection algorithm.

其中,第一完整性保护算法可以是终端设备根据预配置的策略确定的,其中预配置的策略的配置方式与图3所示实施例中的相关描述类似,在此不再重复赘述。The first integrity protection algorithm may be determined by the terminal device according to the pre-configured policy, and the configuration of the pre-configured policy is similar to the related description in the embodiment shown in FIG.

步骤603,终端设备根据完整性保护密钥和第一完整性保护算法,对初始NAS消息进行完整性保护,获得初始NAS消息的MAC。Step 603: The terminal device performs integrity protection on the initial NAS message according to the integrity protection key and the first integrity protection algorithm, and obtains the MAC of the initial NAS message.

步骤604,终端设备向移动管理功能实体发送初始NAS消息的MAC、初始NAS消息和第一密文。Step 604: The terminal device sends the MAC address of the initial NAS message, the initial NAS message, and the first ciphertext to the mobility management function entity.

可选的,第一完整性保护算法预先配置在终端设备和移动管理功能实体中,在这种情况下,终端设备无需对第一完整性保护算法进行加密发送给存储功能实体。Optionally, the first integrity protection algorithm is pre-configured in the terminal device and the mobility management function entity. In this case, the terminal device does not need to encrypt and send the first integrity protection algorithm to the storage function entity.

步骤605,移动管理功能实体在接收到初始NAS消息的MAC、初始NAS消息和第一密文后,向存储功能实体发送第一密文。Step 605: After receiving the MAC, the initial NAS message, and the first ciphertext of the initial NAS message, the mobility management function entity sends the first ciphertext to the storage function entity.

步骤606,存储功能实体接收到移动管理功能实体发送的第一密文后,根据存储功能实体的私钥,对第一密文进行解密钥,得到完整性保护密钥和第一完整性保护算法。Step 606: After receiving the first ciphertext sent by the mobility management function entity, the storage function entity decrypts the first ciphertext according to the private key of the storage function entity, and obtains an integrity protection key and a first integrity protection. algorithm.

步骤607,存储功能实体向移动管理功能实体发送完整性保护密钥和第一完整性保护算法。Step 607: The storage function entity sends an integrity protection key and a first integrity protection algorithm to the mobility management function entity.

步骤608,移动管理功能实体接收到存储功能实体发送的完整性保护密钥和第一完整性保护算法后,根据完整性保护密钥和第一完整性保护算法,校验初始NAS消息的完整性。Step 608: After receiving the integrity protection key and the first integrity protection algorithm sent by the storage function entity, the mobility management function entity checks the integrity of the initial NAS message according to the integrity protection key and the first integrity protection algorithm. .

其中,移动管理功能实体校验初始NAS消息完整性的方式与图3所示实施例中校验初始NAS消息的完整性的方式类似,在此不再重复说明。The manner in which the mobility management function entity checks the integrity of the initial NAS message is similar to the manner in which the integrity of the initial NAS message is verified in the embodiment shown in FIG. 3, and the description is not repeated here.

移动管理功能实体在对接收到的初始NAS消息的完整性校验成功时,可以向终端设备发送下行NAS消息,为了提高传输下行NAS消息的可靠性,还可以执行步骤609~步骤611。The mobile management function entity may send a downlink NAS message to the terminal device when the integrity check of the received initial NAS message is successful. To improve the reliability of transmitting the downlink NAS message, step 609 to step 611 may be performed.

步骤609,移动管理功能实体根据完整性保护密钥和第一完整性保护算法,对下行NAS消息进行完整性保护,得到下行NAS消息的MAC。Step 609: The mobility management function entity performs integrity protection on the downlink NAS message according to the integrity protection key and the first integrity protection algorithm, and obtains the MAC of the downlink NAS message.

步骤610,移动管理功能实体向终端设备发送下行NAS消息的MAC和下行NAS消息。Step 610: The mobility management function entity sends the MAC address of the downlink NAS message and the downlink NAS message to the terminal device.

步骤611,终端设备在接收到下行NAS消息和下行NAS消息的MAC后,根据完整性保护密钥和第一完整性保护算法,校验下行NAS消息的完整性。Step 611: After receiving the MAC address of the downlink NAS message and the downlink NAS message, the terminal device checks the integrity of the downlink NAS message according to the integrity protection key and the first integrity protection algorithm.

其中,在初始NAS消息为注册请求的情况下,下行NAS消息可以为注册接受消息、NAS SMC消息或者注册拒绝消息,具体地,下行NAS消息为哪个消息可以由移动管理功能实体根据实际情况或者预配置的策略进行决定。In the case that the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, a NAS SMC message, or a registration reject message. Specifically, the downlink NAS message may be used by the mobility management function entity according to the actual situation or pre- The configured policy is determined.

此外,在图6所示的消息保护的方法中,若移动管理功能实体基于终端设备的安全能力和预配置的算法列表选择了新的完整性保护算法,可以通过下行NAS消息发送给终端设备,另外,在移动管理功能实体选择了新的完整性保护算法后,移动管理功能实体可以先基于选择的新的完整性保护算法对下行NAS消息进行完整性保护,具体的,终端设备在接收到下行NAS消息和下行NAS消息的MAC后,先从下行NAS消息中获取新的完整性保护算法,然后再进行下行NAS消息的完整性校验。In addition, in the message protection method shown in FIG. 6, if the mobility management function entity selects a new integrity protection algorithm based on the security capabilities of the terminal device and the pre-configured algorithm list, the downlink NAS message may be sent to the terminal device. In addition, after the mobility management function entity selects a new integrity protection algorithm, the mobility management function entity may first perform integrity protection on the downlink NAS message based on the selected new integrity protection algorithm. Specifically, the terminal device receives the downlink. After the MAC of the NAS message and the downlink NAS message, the new integrity protection algorithm is obtained from the downlink NAS message, and then the integrity check of the downlink NAS message is performed.

本实施例中,终端设备在初始接入网络时,根据完整性密钥和第一完整性算法对初始NAS消息进行完整性保护,从而提高对初始NAS消息完整性保护,此外,移动管理功能实体能够在接收到被保护的初始NAS消息,并初始NAS消息的完整性校验成功的情况下,对向终端设备发送的下行NAS消息也进行完整性保护,提高了下行NAS消息传输的安全性。In this embodiment, the terminal device performs integrity protection on the initial NAS message according to the integrity key and the first integrity algorithm when initially accessing the network, thereby improving the integrity protection of the initial NAS message, and further, the mobility management function entity The downlink NAS message sent to the terminal device is also integrity-protected, and the security of the downlink NAS message transmission is improved, when the protected initial NAS message is received and the integrity check of the initial NAS message is successful.

当然,图6只是作为一种示例进行说明,例如,图6中仅给出了一种生成完整性保护密钥的方式,此外本申请实施例中完整性保护密钥还可以根据终端设备的私钥和存储功能实体的公钥生成,或者随机密钥生成算法等生成完整性保护密钥。再例如,图6中仅给出了一种安全算法的配置方式,此外,还可以在存储功能实体中预先配置安全算法,再由存储功能实体发送给移动管理功能实体等。Of course, FIG. 6 is only described as an example. For example, only a manner of generating an integrity protection key is given in FIG. 6. In addition, the integrity protection key in the embodiment of the present application may also be based on the private content of the terminal device. The public key generation of the key and storage function entity, or a random key generation algorithm, etc., generates an integrity protection key. For example, in FIG. 6, only one security algorithm is configured. In addition, a security algorithm may be pre-configured in the storage function entity, and then sent to the mobility management function entity by the storage function entity.

上述主要从各个网元之间交互的角度对本申请提供的方案进行了介绍。可以理解的是,上述实现各网元为了实现上述功能,其包含了执行各个功能相应的硬件结构和/或软件模块。本领域技术人员应该很容易意识到,结合本申请中所公开的实施例描述的各示例的单元及算法步骤,本申请能够以硬件或硬件和计算机软件的结合形式来实现。某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范围。The foregoing provides a description of the solution provided by the present application from the perspective of interaction between the various network elements. It can be understood that, in order to implement the above functions, each of the foregoing network elements includes a hardware structure and/or a software module corresponding to each function. Those skilled in the art will readily appreciate that the present application can be implemented in a combination of hardware or hardware and computer software in combination with the elements and algorithm steps of the various examples described in the embodiments disclosed herein. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present application.

基于相同的构思,如图7所示,为本申请提供的一种消息保护的装置示意图,该装置可以是终端设备也可以终端设备中的芯片或片上系统,可执行上述如图3、图4、图5和图6所示的任一实施例中由终端设备执行的方法。Based on the same concept, as shown in FIG. 7 , a schematic diagram of a message protection device provided by the present application may be a terminal device or a chip or a system on a chip in a terminal device, as shown in FIG. 3 and FIG. 4 . The method performed by the terminal device in any of the embodiments shown in FIGS. 5 and 6.

该装置700包括至少一个处理器710、存储器730。The apparatus 700 includes at least one processor 710, a memory 730.

其中,存储器730用于存储程序,可以是ROM或可存储静态信息和指令的其他类型的静态存储设备如RAM或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(Electrically erasable programmabler-only memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序并能够由计算机存取 的任何其他介质,但不限于此。存储器730可以是独立存在,与处理器710相连接。存储器730也可以和处理器710集成在一起。The memory 730 is used to store programs, and may be a ROM or other type of static storage device that can store static information and instructions, such as RAM or other types of dynamic storage devices that can store information and instructions, or may be electrically erasable or programmable. Electrostatic erasable programmabler-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc., disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store a desired program in the form of an instruction or data structure and that can be accessed by a computer, but is not limited thereto. Memory 730 can exist independently and be coupled to processor 710. Memory 730 can also be integrated with processor 710.

处理器710用于执行存储器730中的程序,以实现本申请实施例消息保护的方案中终端设备所执行的步骤,相关特征可以参照上文,此处不再赘述。例如,处理器710可以是一个通用CPU、微处理器、特定ASIC、或一个或多个用于控制本申请技术方案程序执行的集成电路。The processor 710 is configured to execute the program in the memory 730 to implement the steps performed by the terminal device in the solution of the message protection in the embodiment of the present application. For related features, reference may be made to the above, and details are not described herein again. For example, processor 710 can be a general purpose CPU, a microprocessor, a particular ASIC, or one or more integrated circuits for controlling the execution of the program of the present application.

在具体实现中,作为一种实施例,处理器710可以包括一个或多个CPU,例如图7中的CPU0和CPU1。In a particular implementation, as an embodiment, processor 710 may include one or more CPUs, such as CPU0 and CPU1 in FIG.

在具体实现中,作为一种实施例,装置700可以包括多个处理器,例如图7中的处理器710和处理器711。这些处理器中的每一个可以是一个单核(single-CPU)处理器,也可以是一个多核(multi-CPU)处理器,这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。In a particular implementation, as an embodiment, apparatus 700 can include multiple processors, such as processor 710 and processor 711 in FIG. Each of these processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.

可选的,当装置700为终端设备时还可以包括如图7所示的收发器720,用于与其他设备或通信网络通信,收发器720包括射频电路。其中在终端设备中处理器710、收发器720、存储器730可以通过通信总线连接。通信总线可包括一通路,在上述单元之间传送信息。当装置700为终端设备中的芯片或者偏上系统时,处理器710可以通过输入/输出接口、管脚或电路等发送或接收数据。Optionally, when the device 700 is a terminal device, the transceiver 720 as shown in FIG. 7 may be further included for communicating with other devices or communication networks, and the transceiver 720 includes a radio frequency circuit. The processor 710, the transceiver 720, and the memory 730 are connected in the terminal device through a communication bus. The communication bus can include a path for communicating information between the above units. When the device 700 is a chip in a terminal device or a system on the top, the processor 710 can transmit or receive data through an input/output interface, a pin or a circuit or the like.

如图8所示,本申请实施例另一种消息保护的装置的示意图,该装置可以是终端设备也可以终端设备中的芯片或片上系统,可执行上述如图3、图4、图5和图6所示的任一实施例中由终端设备执行的方法。FIG. 8 is a schematic diagram of another apparatus for message protection according to an embodiment of the present application. The apparatus may be a terminal device or a chip or a system on a chip in a terminal device, and may perform the foregoing FIG. 3, FIG. 4, FIG. The method performed by the terminal device in any of the embodiments shown in FIG. 6.

该装置包括处理单元801和通信单元802。The apparatus includes a processing unit 801 and a communication unit 802.

其中,处理单元801,用于根据对称密钥和第一安全算法,获得被保护的初始NAS消息,通信单元802,用于向第一网络设备发送被保护的初始NAS消息;以及向第二网络设备发送密钥相关参数,其中密钥相关参数用于获得对称密钥。The processing unit 801 is configured to obtain a protected initial NAS message according to the symmetric key and the first security algorithm, and the communication unit 802 is configured to send the protected initial NAS message to the first network device; and to the second network. The device sends a key related parameter, wherein the key related parameter is used to obtain a symmetric key.

可选的,密钥相关参数包括终端设备的公钥,处理单元801具体用于根据第二网络设备的公钥和终端设备的私钥,生成对称密钥。Optionally, the key related parameter includes a public key of the terminal device, and the processing unit 801 is specifically configured to generate a symmetric key according to the public key of the second network device and the private key of the terminal device.

可选的,处理单元801具体用于根据第二网络设备的公钥和终端设备的私钥,生成中间密钥;然后根据中间密钥和固定字符串,生成对称密钥。Optionally, the processing unit 801 is specifically configured to generate an intermediate key according to the public key of the second network device and the private key of the terminal device; and then generate a symmetric key according to the intermediate key and the fixed string.

可选的,密钥相关参数包括对称密钥的密文,其中对称密钥的密文是根据第二网络设备的公钥获得的,处理单元801具体用于根据随机密钥生成算法,生成堆成密钥;或者,可选的,处理单元801具体用于根据随机数、永久密钥和密钥衍生函数(key derivation function,KDF),生成对称密钥。Optionally, the key-related parameter includes a ciphertext of the symmetric key, where the ciphertext of the symmetric key is obtained according to the public key of the second network device, and the processing unit 801 is specifically configured to generate the heap according to the random key generation algorithm. Alternatively, the processing unit 801 is specifically configured to generate a symmetric key according to a random number, a permanent key, and a key derivation function (KDF).

可选的,密钥相关参数包括第一安全算法的密文,其中第一安全算法的密文是根据第二网络设备的公钥获得的。Optionally, the key related parameter includes a ciphertext of the first security algorithm, where the ciphertext of the first security algorithm is obtained according to the public key of the second network device.

可选的,第一安全算法是终端设备根据预配置的策略确定的。Optionally, the first security algorithm is determined by the terminal device according to the pre-configured policy.

可选的,初始NAS消息为注册请求消息。Optionally, the initial NAS message is a registration request message.

可选的,处理单元801还用于在通信单元802接收到来自第一网络设备的被保护的下行NAS消息后,根据对称密钥和第一安全算法对被保护的下行NAS消息进行解密,获得下行NAS消息,其中下行NAS消息可以为注册接受消息或者NAS SMC消息。Optionally, the processing unit 801 is further configured to: after the communication unit 802 receives the protected downlink NAS message from the first network device, decrypt the protected downlink NAS message according to the symmetric key and the first security algorithm, to obtain The downlink NAS message, where the downlink NAS message may be a registration accept message or a NAS SMC message.

可选的,通信单元802还用于接收来自第一网络设备的被保护的下行NAS消息,其 中下行NAS消息中包括第二安全算法,则处理单元801还用于根据对称密钥和第一安全算法对被保护的下行NAS消息进行解密,获得下行NAS消息,然后从下行NAS消息中获得第二安全算法,最后若第一网络设备是对下行NAS消息的密文进行的完整性保护,则根据第二安全算法校验被保护的下行NAS消息的完整性,若第一网络设备是对下行NAS消息进行的完整性保护,则根据第二安全算法校验下行NAS消息的完整性。其中下行NAS消息为注册接受消息。Optionally, the communication unit 802 is further configured to receive the protected downlink NAS message from the first network device, where the downlink NAS message includes a second security algorithm, and the processing unit 801 is further configured to use the symmetric key and the first security. The algorithm decrypts the protected downlink NAS message, obtains the downlink NAS message, and then obtains the second security algorithm from the downlink NAS message. Finally, if the first network device performs integrity protection on the ciphertext of the downlink NAS message, The second security algorithm verifies the integrity of the protected downlink NAS message. If the first network device performs integrity protection on the downlink NAS message, the integrity of the downlink NAS message is verified according to the second security algorithm. The downlink NAS message is a registration accept message.

可选的,通信单元802还用于接收来自第一网络设备的被保护的下行NAS消息,处理单元801还用于根据对称密钥和第一安全算法,校验下行NAS消息的完整性,其中下行NAS消息可以为下行拒绝消息。Optionally, the communication unit 802 is further configured to receive the protected downlink NAS message from the first network device, where the processing unit 801 is further configured to verify the integrity of the downlink NAS message according to the symmetric key and the first security algorithm, where The downlink NAS message may be a downlink reject message.

可选的,第一网络设备为AMF,第二网络设备为UDM,或者AUSF。Optionally, the first network device is an AMF, and the second network device is a UDM, or an AUSF.

应理解,该装置可以用于实现本申请实施例的消息保护的方法中由终端设备执行的步骤,相关特征可以参照上文,此处不再赘述。It should be understood that the device may be used to implement the steps performed by the terminal device in the method for message protection in the embodiment of the present application. For related features, reference may be made to the above, and details are not described herein again.

基于相同的构思,如图9所示,为本申请提供的一种消息保护的装置示意图,该装置例如可以是第二网络设备或第二网络设备内的芯片或片上系统,可执行上述如图3、图4、图5和图6所示的任一实施例中由存储功能实体执行的方法。Based on the same concept, as shown in FIG. 9 , a schematic diagram of a device for message protection provided by the present application, where the device may be, for example, a chip or a system on chip in a second network device or a second network device, 3. A method performed by a storage function entity in any of the embodiments illustrated in Figures 4, 5 and 6.

该装置900包括至少一个处理器910、存储器930。The apparatus 900 includes at least one processor 910, a memory 930.

其中,存储器930用于存储程序,可以是ROM或可存储静态信息和指令的其他类型的静态存储设备如RAM或者可存储信息和指令的其他类型的动态存储设备,也可以是EEPROM、CD-ROM或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序并能够由计算机存取的任何其他介质,但不限于此。存储器930可以是独立存在,与处理器910相连接。存储器930也可以和处理器910集成在一起。The memory 930 is used to store programs, and may be a ROM or other types of static storage devices such as RAM or other types of dynamic storage devices that can store static information and instructions, or may be EEPROM or CD-ROM. Or other disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used to carry or store expectations in the form of instructions or data structures And any other medium that can be accessed by a computer, but is not limited thereto. The memory 930 can exist independently and be coupled to the processor 910. Memory 930 can also be integrated with processor 910.

处理器910用于执行存储器930中的程序,以实现本申请实施例消息保护的方案中第二网络设备所执行的步骤,相关特征可以参照上文,此处不再赘述。例如,处理器910可以是一个通用CPU、微处理器、特定ASIC、或一个或多个用于控制本申请技术方案程序执行的集成电路。The processor 910 is configured to execute the program in the memory 930 to implement the steps performed by the second network device in the solution of the message protection in the embodiment of the present application. For related features, reference may be made to the above, and details are not described herein again. For example, processor 910 can be a general purpose CPU, a microprocessor, a particular ASIC, or one or more integrated circuits for controlling the execution of the program of the present application.

在具体实现中,作为一种实施例,处理器910可以包括一个或多个CPU,例如图9中的CPU0和CPU1。In a particular implementation, as an embodiment, processor 910 may include one or more CPUs, such as CPU0 and CPU1 in FIG.

在具体实现中,作为一种实施例,装置900可以包括多个处理器,例如图9中的处理器910和处理器911。这些处理器中的每一个可以是一个单核(single-CPU)处理器,也可以是一个多核(multi-CPU)处理器,这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。In a particular implementation, as an embodiment, apparatus 900 can include multiple processors, such as processor 910 and processor 911 in FIG. Each of these processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.

可选的,当装置900为第一网络设备时还可以包括如图9所示的收发器920,用于与其他设备或通信网络通信,收发器920包括射频电路。其中在第二网络设备中处理器910、收发器920、存储器930可以通过通信总线连接。通信总线可包括一通路,在上述单元之间传送信息。当装置900为第二网络设备中的芯片或者偏上系统时,处理器910可以通过输入/输出接口、管脚或电路等发送或接收数据。Optionally, when the device 900 is the first network device, the transceiver 920 as shown in FIG. 9 may be further included for communicating with other devices or communication networks, and the transceiver 920 includes a radio frequency circuit. The processor 910, the transceiver 920, and the memory 930 may be connected by a communication bus in the second network device. The communication bus can include a path for communicating information between the above units. When the device 900 is a chip in the second network device or a system on the top, the processor 910 can transmit or receive data through an input/output interface, a pin or a circuit or the like.

如图10所示,本申请实施例另一种消息保护的装置的示意图,该装置可以是第二网络设备也可以第二网络设备中的芯片或片上系统,可执行上述如图3、图4、图5和图6 所示的任一实施例中由存储功能实体执行的方法。FIG. 10 is a schematic diagram of another apparatus for protecting a message according to an embodiment of the present application. The apparatus may be a second network device or a chip or a system on chip in the second network device, and the foregoing FIG. 3 and FIG. 4 may be performed. The method performed by the storage function entity in any of the embodiments shown in Figures 5 and 6.

该装置包括处理单元1001和通信单元1002。The apparatus includes a processing unit 1001 and a communication unit 1002.

其中,通信单元1002,用于接收来自终端设备的密钥相关参数,处理单元1001,用于根据密钥相关参数,获得对称密钥,然后通信单元1002,还用于向第一网络设备发送对称密钥,其中密钥相关参数用于获得对称密钥,对称密钥用于对初始NAS消息进行安全保护。The communication unit 1002 is configured to receive a key related parameter from the terminal device, and the processing unit 1001 is configured to obtain a symmetric key according to the key related parameter, and then the communication unit 1002 is further configured to send the symmetric to the first network device. A key, where the key related parameter is used to obtain a symmetric key, and the symmetric key is used to secure the initial NAS message.

可选的,密钥相关参数包括终端设备的公钥;处理单元1001具体用于根据终端设备的公钥和第二网络设备的私钥,生成对称密钥。Optionally, the key related parameter includes a public key of the terminal device; the processing unit 1001 is specifically configured to generate a symmetric key according to the public key of the terminal device and the private key of the second network device.

可选的,处理单元1001具体用于根据终端设备的公钥和第二网络设备的私钥,生成中间密钥,然后根据中间密钥和固定字符串,生成对称密钥。Optionally, the processing unit 1001 is specifically configured to generate an intermediate key according to the public key of the terminal device and the private key of the second network device, and then generate a symmetric key according to the intermediate key and the fixed string.

可选的,密钥相关参数包括对称密钥的密文;处理单元1001具体用于根据第二网络设备的私钥对对称密钥的密文进行解密,获得对称密钥。Optionally, the key-related parameter includes a ciphertext of the symmetric key. The processing unit 1001 is specifically configured to decrypt the ciphertext of the symmetric key according to the private key of the second network device to obtain a symmetric key.

可选的,密钥相关参数包括第一安全算法的密文;处理单元1001还用于根据第二网络设备的公钥对第一安全算法的密文进行解密,获得第一安全算法,通信单元1002还用于向第一网络设备发送第一安全算法。Optionally, the key-related parameter includes a ciphertext of the first security algorithm; the processing unit 1001 is further configured to decrypt the ciphertext of the first security algorithm according to the public key of the second network device, to obtain the first security algorithm, and the communication unit 1002 is further configured to send a first security algorithm to the first network device.

可选的,第一网络设备为AMF实体;该装置1000为UDM实体、或者AUSF实体。Optionally, the first network device is an AMF entity; the device 1000 is a UDM entity, or an AUSF entity.

应理解,该装置可以用于实现本申请实施例的消息保护的方法中由第二网络设备执行的步骤,相关特征可以参照上文,此处不再赘述。It should be understood that the device may be used to implement the steps performed by the second network device in the method for message protection in the embodiment of the present application. For related features, reference may be made to the above, and details are not described herein again.

基于相同的构思,如图11所示,为本申请提供的一种消息保护的装置示意图,该装置可以是第一网络设备、或者第一网络设备的芯片或者偏上系统,可执行上述如图3、图4、图5和图6所示的任一实施例中由移动管理功能实体执行的方法。Based on the same concept, as shown in FIG. 11 , a schematic diagram of a device for message protection provided by the present application, where the device may be a first network device, or a chip of a first network device or a system on the top, and the foregoing 3. A method performed by a mobility management function entity in any of the embodiments illustrated in Figures 4, 5 and 6.

该第一网络设备1100包括至少一个处理器1110、存储器1130。The first network device 1100 includes at least one processor 1110 and a memory 1130.

其中,存储器1130用于存储程序,可以是ROM或可存储静态信息和指令的其他类型的静态存储设备如RAM或者可存储信息和指令的其他类型的动态存储设备,也可以是EEPROM、CD-ROM或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序并能够由计算机存取的任何其他介质,但不限于此。存储器1130可以是独立存在,与处理器1110相连接。存储器1130也可以和处理器1110集成在一起。The memory 1130 is used to store programs, and may be a ROM or other types of static storage devices such as RAM or other types of dynamic storage devices that can store static information and instructions, or may be EEPROM or CD-ROM. Or other disc storage, optical disc storage (including compact discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used to carry or store expectations in the form of instructions or data structures And any other medium that can be accessed by a computer, but is not limited thereto. The memory 1130 can exist independently and be coupled to the processor 1110. The memory 1130 can also be integrated with the processor 1110.

处理器1110用于执行存储器1130中的程序,以实现本申请实施例消息保护的方案中第一网络设备所执行的步骤,相关特征可以参照上文,此处不再赘述。例如,处理器1110可以是一个通用CPU、微处理器、特定ASIC、或一个或多个用于控制本申请技术方案程序执行的集成电路。The processor 1110 is configured to execute the program in the memory 1130 to implement the steps performed by the first network device in the solution of the message protection in the embodiment of the present application. For related features, reference may be made to the above, and details are not described herein again. For example, processor 1110 can be a general purpose CPU, a microprocessor, a particular ASIC, or one or more integrated circuits for controlling the execution of the program of the present application.

在具体实现中,作为一种实施例,处理器1110可以包括一个或多个CPU,例如图11中的CPU0和CPU1。In a specific implementation, as an embodiment, the processor 1110 may include one or more CPUs, such as CPU0 and CPU1 in FIG.

在具体实现中,作为一种实施例,装置1100可以包括多个处理器,例如图11中的处理器1110和处理器1111。这些处理器中的每一个可以是一个单核(single-CPU)处理器,也可以是一个多核(multi-CPU)处理器,这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。In a particular implementation, as an embodiment, apparatus 1100 can include multiple processors, such as processor 1110 and processor 1111 in FIG. Each of these processors may be a single-CPU processor or a multi-core processor, where the processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.

可选的,当装置1100为第一网络设备时还可以包括如图11所示的收发器1120,用于 与其他设备或通信网络通信,收发器1120包括射频电路。其中在第一网络设备中处理器1110、收发器1120、存储器1130可以通过通信总线连接。通信总线可包括一通路,在上述单元之间传送信息。当装置1100为第一网络设备中的芯片或者偏上系统时,处理器1110可以通过输入/输出接口、管脚或电路等发送或接收数据。Optionally, when the device 1100 is the first network device, the transceiver 1120 as shown in FIG. 11 may be further included for communicating with other devices or communication networks, and the transceiver 1120 includes a radio frequency circuit. The processor 1110, the transceiver 1120, and the memory 1130 may be connected by a communication bus in the first network device. The communication bus can include a path for communicating information between the above units. When the device 1100 is a chip in the first network device or a system on the top, the processor 1110 can transmit or receive data through an input/output interface, a pin or a circuit or the like.

如图12所示,本申请实施例另一种消息保护的装置的示意图,该装置可以是第一网络设备也可以第一网络设备中的芯片或片上系统,可执行上述如图3、图4、图5和图6所示的任一实施例中由移动管理功能实体执行的方法。FIG. 12 is a schematic diagram of another apparatus for protecting a message according to an embodiment of the present application. The apparatus may be a first network device or a chip or a system on a chip in the first network device, and the foregoing apparatus may be implemented as shown in FIG. 3 and FIG. 4 . The method performed by the mobility management function entity in any of the embodiments illustrated in Figures 5 and 6.

该装置包括处理单元1201和通信单元1202。The apparatus includes a processing unit 1201 and a communication unit 1202.

其中,通信单元1202用于接收来自终端设备的被保护的初始NAS消息;以及接收来自第二网络设备的对称密钥;处理单元1201用于根据对称密钥和第一安全算法,获得初始NAS消息。The communication unit 1202 is configured to receive the protected initial NAS message from the terminal device, and receive the symmetric key from the second network device. The processing unit 1201 is configured to obtain the initial NAS message according to the symmetric key and the first security algorithm. .

可选的,通信单元1202,还用于接收来自第二网络设备的第一安全算法。Optionally, the communication unit 1202 is further configured to receive a first security algorithm from the second network device.

可选的,初始NAS消息为注册请求消息。Optionally, the initial NAS message is a registration request message.

可选的,处理单元1201,还用于根据对称密钥和第一安全算法,获得被保护的下行NAS消息;通信单元1202还用于向终端设备发送被保护的下行NAS消息。Optionally, the processing unit 1201 is further configured to obtain the protected downlink NAS message according to the symmetric key and the first security algorithm, and the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.

可选的,下行NAS消息为注册接受消息或者NAS SMC消息。Optionally, the downlink NAS message is a registration accept message or a NAS SMC message.

可选的,处理单元1201,还用于根据对称密钥和第一安全算法,获得下行NAS消息的密文,其中下行NAS消息为注册接受消息,注册接受消息包括第二安全算法;通信单元1202还用于根据第二安全算法,对下行NAS消息的密文进行完整性保护,获得被保护的下行NAS消息,通信单元1202还用于向终端设备发送被保护的下行NAS消息。Optionally, the processing unit 1201 is further configured to obtain the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; the communication unit 1202 The communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device according to the second security algorithm, performing integrity protection on the ciphertext of the downlink NAS message to obtain the protected downlink NAS message.

可选的,处理单元1201,还用于根据第二安全算法,对下行NAS消息进行完整性保护,其中下行NAS消息为注册接受消息,注册接受消息包括第二安全算法;然后根据对称密钥和第一安全算法,获得被保护的下行NAS消息,被保护的下行NAS消息为完整性保护后的下行NAS消息的密文;通信单元1202还用于向终端设备发送被保护的下行NAS消息。Optionally, the processing unit 1201 is further configured to perform integrity protection on the downlink NAS message according to the second security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; The first security algorithm obtains the protected downlink NAS message, and the protected downlink NAS message is the ciphertext of the integrity-protected downlink NAS message. The communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.

可选的,处理单元1201,还用于根据对称密钥和第一安全算法,对下行NAS消息进行完整性保护,获得被保护的下行NAS消息,然后,通信单元1202还用于向终端设备发送被保护的下行NAS消息,其中下行NAS消息可以为注册拒绝消息。Optionally, the processing unit 1201 is further configured to perform integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain the protected downlink NAS message, and then the communication unit 1202 is further configured to send to the terminal device. The protected downlink NAS message, wherein the downlink NAS message may be a registration reject message.

可选的,该装置为AMF实体;第二网络设备为UDM实体、或者AUSF实体。Optionally, the device is an AMF entity; the second network device is a UDM entity, or an AUSF entity.

应理解,该装置可以用于实现本申请实施例的消息保护的方法中由第一网络设备执行的步骤,相关特征可以参照上文,此处不再赘述。It should be understood that the device may be used to implement the steps performed by the first network device in the method for message protection in the embodiment of the present application. For related features, reference may be made to the above, and details are not described herein again.

应理解,图8、图10和图12所示的消息保护的装置为模块划分的方式是示意性的,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式。比如,将通信单元划分为接收单元和发送单元等。It should be understood that the manner in which the device for message protection shown in FIG. 8, FIG. 10 and FIG. 12 is divided into modules is schematic, and only one logical function is divided, and the actual implementation may have another division manner. For example, the communication unit is divided into a receiving unit, a transmitting unit, and the like.

本申请实施例还提供了一种通信系统,该通信系统包括装置700、装置900和装置1100,其连接方式可以如图13a所示,也可以如图13b所示。The embodiment of the present application further provides a communication system, which includes the device 700, the device 900, and the device 1100. The connection manner may be as shown in FIG. 13a or as shown in FIG. 13b.

在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算 机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘(Solid State Disk,SSD))等。In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions described in accordance with embodiments of the present application are generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer readable storage medium or transferred from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions can be from a website site, computer, server or data center Transfer to another website site, computer, server, or data center by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL), or wireless (eg, infrared, wireless, microwave, etc.). The computer readable storage medium can be any available media that can be accessed by a computer or a data storage device such as a server, data center, or the like that includes one or more available media. The usable medium may be a magnetic medium (eg, a floppy disk, a hard disk, a magnetic tape), an optical medium (eg, a DVD), or a semiconductor medium (such as a Solid State Disk (SSD)) or the like.

尽管在此结合各实施例对本申请进行了描述,然而,在实施所要求保护的本申请过程中,本领域技术人员通过查看所述附图、公开内容、以及所附权利要求书,可理解并实现所述公开实施例的其他变化。在权利要求中,“包括”(comprising)一词不排除其他组成部分或步骤,“一”或“一个”不排除多个的情况。单个处理器或其他单元可以实现权利要求中列举的若干项功能。相互不同的从属权利要求中记载了某些措施,但这并不表示这些措施不能组合起来产生良好的效果。Although the present application has been described herein in connection with the various embodiments, those skilled in the art can Other variations of the disclosed embodiments are achieved. In the claims, the word "comprising" does not exclude other components or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill several of the functions recited in the claims. Certain measures are recited in mutually different dependent claims, but this does not mean that the measures are not combined to produce a good effect.

本领域技术人员应明白,本申请的实施例可提供为方法、装置(设备)、计算机可读存储介质或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式,这里将它们都统称为“模块”或“系统”。Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, apparatus (device), computer readable storage medium, or computer program product. Thus, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware aspects, which are collectively referred to herein as "module" or "system."

本申请是参照本申请的方法、装置(设备)和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of the methods, apparatus, and computer program products of the present application. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

尽管结合具体特征及其实施例对本申请进行了描述,显而易见的,在不脱离本申请的精神和范围的情况下,可对其进行各种修改和组合。相应地,本说明书和附图仅仅是所附权利要求所界定的本申请的示例性说明,且视为已覆盖本申请范围内的任意和所有修改、变化、组合或等同物。显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。While the present invention has been described in connection with the specific embodiments and embodiments thereof, various modifications and combinations can be made without departing from the spirit and scope of the application. Accordingly, the description and drawings are to be regarded as It will be apparent to those skilled in the art that various modifications and changes can be made in the present application without departing from the spirit and scope of the application. Thus, it is intended that the present invention cover the modifications and variations of the present invention.

Claims (30)

一种消息保护的方法,其特征在于,所述方法包括:A method for message protection, characterized in that the method comprises: 终端设备根据对称密钥和第一安全算法,获得被保护的初始非接入层NAS消息;The terminal device obtains the protected initial non-access stratum NAS message according to the symmetric key and the first security algorithm; 所述终端设备向第一网络设备发送所述被保护的初始NAS消息;Transmitting, by the terminal device, the protected initial NAS message to the first network device; 所述终端设备向第二网络设备发送密钥相关参数,所述密钥相关参数用于获得所述对称密钥。The terminal device sends a key related parameter to the second network device, where the key related parameter is used to obtain the symmetric key. 如权利要求1所述的方法,其特征在于,所述密钥相关参数包括所述终端设备的公钥;所述方法还包括:The method of claim 1, wherein the key related parameter comprises a public key of the terminal device; the method further comprising: 所述终端设备根据所述第二网络设备的公钥和所述终端设备的私钥,生成所述对称密钥。The terminal device generates the symmetric key according to the public key of the second network device and the private key of the terminal device. 如权利要求2所述的方法,其特征在于,所述终端设备根据所述第二网络设备的公钥和所述终端设备的私钥,生成所述对称密钥,包括:The method according to claim 2, wherein the terminal device generates the symmetric key according to the public key of the second network device and the private key of the terminal device, including: 所述终端设备根据所述第二网络设备的公钥和所述终端设备的私钥,生成中间密钥;The terminal device generates an intermediate key according to the public key of the second network device and the private key of the terminal device; 所述终端设备根据所述中间密钥和固定字符串,生成所述对称密钥。The terminal device generates the symmetric key according to the intermediate key and a fixed character string. 如权利要求1所述的方法,其特征在于,所述密钥相关参数包括所述对称密钥的密文,其中,所述对称密钥的密文是根据所述第二网络设备的公钥获得的;The method according to claim 1, wherein the key related parameter comprises a ciphertext of the symmetric key, wherein the ciphertext of the symmetric key is based on a public key of the second network device acquired; 所述方法还包括:The method further includes: 所述终端设备根据随机密钥生成算法,生成所述对称密钥;或者,The terminal device generates the symmetric key according to a random key generation algorithm; or 所述终端设备根据随机数、永久密钥和密钥衍生函数KDF,生成所述对称密钥。The terminal device generates the symmetric key according to a random number, a permanent key, and a key derivation function KDF. 如权利要求1至4任一所述的方法,其特征在于,所述密钥相关参数包括所述第一安全算法的密文,其中,所述第一安全算法的密文是根据所述第二网络设备的公钥获得的。The method according to any one of claims 1 to 4, wherein the key related parameter comprises a ciphertext of the first security algorithm, wherein the ciphertext of the first security algorithm is according to the first The public key of the second network device is obtained. 如权利要求5所述的方法,其特征在于,所述第一安全算法是所述终端设备根据预配置的策略确定的。The method of claim 5 wherein said first security algorithm is determined by said terminal device in accordance with a pre-configured policy. 如权利要求1至6任一所述的方法,其特征在于,所述初始NAS消息为注册请求消息。The method according to any one of claims 1 to 6, wherein the initial NAS message is a registration request message. 如权利要求1至7任一所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 7, wherein the method further comprises: 所述终端设备接收来自所述第一网络设备的被保护的下行NAS消息,所述下行NAS消息为注册接受消息或者NAS安全模式命令SMC消息;Receiving, by the terminal device, the protected downlink NAS message from the first network device, where the downlink NAS message is a registration accept message or a NAS security mode command SMC message; 所述终端设备根据所述对称密钥和所述第一安全算法对所述被保护的下行NAS消息进行解密,获得所述下行NAS消息。The terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message. 如权利要求1至7任一所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 7, wherein the method further comprises: 所述终端设备接收来自所述第一网络设备的被保护的下行NAS消息,所述下行NAS消息为注册接受消息,所述注册接受消息包含第二安全算法;The terminal device receives the protected downlink NAS message from the first network device, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; 所述终端设备根据所述对称密钥和所述第一安全算法对所述被保护的下行NAS消息进行解密,获得所述下行NAS消息;Decrypting the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message; 所述终端设备从所述下行NAS消息中获得所述第二安全算法;The terminal device obtains the second security algorithm from the downlink NAS message; 所述终端设备根据所述第二安全算法,校验所述下行NAS消息或者所述被保护的下行NAS消息的完整性。The terminal device checks the integrity of the downlink NAS message or the protected downlink NAS message according to the second security algorithm. 如权利要求1至7任一所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 7, wherein the method further comprises: 所述终端设备接收来自所述第一网络设备的被保护的下行NAS消息,所述下行NAS消息为注册拒绝消息;Receiving, by the terminal device, a protected downlink NAS message from the first network device, where the downlink NAS message is a registration reject message; 所述终端设备根据所述对称密钥和所述第一安全算法,校验所述下行NAS消息的完整性。The terminal device checks the integrity of the downlink NAS message according to the symmetric key and the first security algorithm. 如权利要求1至10任一所述的方法,其特征在于,所述第一网络设备为接入与移动管理功能AMF实体;The method according to any one of claims 1 to 10, wherein the first network device is an access and mobility management function AMF entity; 所述第二网络设备为独立数据管理UDM实体、或者鉴权服务功能AUSF实体。The second network device is an independent data management UDM entity or an authentication service function AUSF entity. 一种消息保护的方法,其特征在于,所述方法包括:A method for message protection, characterized in that the method comprises: 第二网络设备接收来自终端设备的密钥相关参数,所述密钥相关参数用于获得对称密钥,所述对称密钥用于对初始非接入层NAS消息进行安全保护;The second network device receives a key-related parameter from the terminal device, where the key-related parameter is used to obtain a symmetric key, and the symmetric key is used to secure the initial non-access stratum NAS message; 所述第二网络设备根据所述密钥相关参数,获得所述对称密钥;The second network device obtains the symmetric key according to the key related parameter; 所述第二网络设备向第一网络设备发送所述对称密钥。The second network device sends the symmetric key to the first network device. 如权利要求12所述的方法,其特征在于,所述密钥相关参数包括所述终端设备的公钥;The method of claim 12, wherein the key related parameter comprises a public key of the terminal device; 所述第二网络设备根据所述密钥相关参数,获得所述对称密钥,包括:Obtaining the symmetric key according to the key related parameter, the second network device includes: 所述第二网络设备根据所述终端设备的公钥和所述第二网络设备的私钥,生成所述对称密钥。The second network device generates the symmetric key according to the public key of the terminal device and the private key of the second network device. 如权利要求13所述的方法,其特征在于,所述第二网络设备根据所述终端设备的公钥和所述第二网络设备的私钥,生成所述对称密钥,包括:The method according to claim 13, wherein the second network device generates the symmetric key according to the public key of the terminal device and the private key of the second network device, including: 所述第二网络设备根据所述终端设备的公钥和所述第二网络设备的私钥,生成中间密钥;The second network device generates an intermediate key according to the public key of the terminal device and the private key of the second network device; 所述第二网络设备根据所述中间密钥和固定字符串,生成所述对称密钥。The second network device generates the symmetric key according to the intermediate key and a fixed string. 如权利要求12所述的方法,其特征在于,所述密钥相关参数包括所述对称密钥的密文;The method of claim 12, wherein the key related parameter comprises a ciphertext of the symmetric key; 所述第二网络设备根据所述密钥相关参数,获得所述对称密钥,包括:Obtaining the symmetric key according to the key related parameter, the second network device includes: 所述第二网络设备根据所述第二网络设备的私钥对所述对称密钥的密文进行解密,获得所述对称密钥。The second network device decrypts the ciphertext of the symmetric key according to the private key of the second network device to obtain the symmetric key. 如权利要求12至15任一所述的方法,其特征在于,所述密钥相关参数包括第一安全算法的密文;所述方法还包括:The method according to any one of claims 12 to 15, wherein the key related parameter comprises a ciphertext of the first security algorithm; the method further comprising: 所述第二网络设备根据所述第二网络设备的公钥对所述第一安全算法的密文进行解密,获得所述第一安全算法;The second network device decrypts the ciphertext of the first security algorithm according to the public key of the second network device, to obtain the first security algorithm; 所述第二网络设备向所述第一网络设备发送所述第一安全算法。The second network device sends the first security algorithm to the first network device. 如权利要求1至16任一所述的方法,其特征在于,所述第一网络设备为接入与移动管理功能AMF实体;The method according to any one of claims 1 to 16, wherein the first network device is an access and mobility management function AMF entity; 所述第二网络设备为独立数据管理UDM实体、或者鉴权服务功能AUSF实体。The second network device is an independent data management UDM entity or an authentication service function AUSF entity. 一种消息保护的方法,其特征在于,所述方法包括:A method for message protection, characterized in that the method comprises: 第一网络设备接收来自终端设备的被保护的初始非接入层NAS消息;The first network device receives the protected initial non-access stratum NAS message from the terminal device; 所述第一网络设备接收来自第二网络设备的对称密钥;The first network device receives a symmetric key from the second network device; 所述第一网络设备根据所述对称密钥和第一安全算法,获得所述初始NAS消息。The first network device obtains the initial NAS message according to the symmetric key and a first security algorithm. 如权利要求18所述的方法,其特征在于,所述方法还包括:The method of claim 18, wherein the method further comprises: 所述第一网络设备接收来自所述第二网络设备的所述第一安全算法。The first network device receives the first security algorithm from the second network device. 如权利要求18或19所述的方法,其特征在于,所述初始NAS消息为注册请求消息。The method of claim 18 or 19, wherein the initial NAS message is a registration request message. 如权利要求18至20任一所述的方法,其特征在于,所述方法还包括:The method of any one of claims 18 to 20, wherein the method further comprises: 所述第一网络设备根据所述对称密钥和所述第一安全算法,获得被保护的下行NAS消息;The first network device obtains the protected downlink NAS message according to the symmetric key and the first security algorithm; 所述第一网络设备向所述终端设备发送所述被保护的下行NAS消息。The first network device sends the protected downlink NAS message to the terminal device. 如权利要求21所述的方法,其特征在于,所述下行NAS消息为注册接受消息或者NAS安全模式命令SMC消息。The method of claim 21, wherein the downlink NAS message is a registration accept message or a NAS security mode command SMC message. 如权利要求18至20任一所述的方法,其特征在于,所述方法还包括:The method of any one of claims 18 to 20, wherein the method further comprises: 所述第一网络设备根据所述对称密钥和所述第一安全算法,获得下行NAS消息的密文,所述下行NAS消息为注册接受消息,所述注册接受消息包括第二安全算法;The first network device obtains the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; 所述第一网络设备根据所述第二安全算法,对所述下行NAS消息的密文进行完整性保护,获得被保护的下行NAS消息;The first network device performs integrity protection on the ciphertext of the downlink NAS message according to the second security algorithm, to obtain a protected downlink NAS message. 所述第一网络设备向所述终端设备发送所述被保护的下行NAS消息。The first network device sends the protected downlink NAS message to the terminal device. 如权利要求18至20任一所述的方法,其特征在于,所述方法还包括:The method of any one of claims 18 to 20, wherein the method further comprises: 所述第一网络设备根据第二安全算法,对下行NAS消息进行完整性保护,所述下行NAS消息为注册接受消息,所述注册接受消息包括第二安全算法;The first network device performs integrity protection on the downlink NAS message according to the second security algorithm, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; 所述第一网络设备根据所述对称密钥和所述第一安全算法,获得被保护的下行NAS消息,所述被保护的下行NAS消息为完整性保护后的下行NAS消息的密文;And obtaining, by the first network device, the protected downlink NAS message according to the symmetric key and the first security algorithm, where the protected downlink NAS message is a ciphertext of the integrity protected downlink NAS message; 所述第一网络设备向所述终端设备发送所述被保护的下行NAS消息。The first network device sends the protected downlink NAS message to the terminal device. 如权利要求18至20任一所述的方法,其特征在于,所述方法还包括:The method of any one of claims 18 to 20, wherein the method further comprises: 所述第一网络设备根据所述对称密钥和所述第一安全算法,对下行NAS消息进行完整性保护,获得被保护的下行NAS消息,所述下行NAS消息为注册拒绝消息;The first network device performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm, and obtains a protected downlink NAS message, where the downlink NAS message is a registration reject message; 所述第一网络设备向所述终端设备发送所述被保护的下行NAS消息。The first network device sends the protected downlink NAS message to the terminal device. 如权利要求18至25任一所述的方法,其特征在于,所述第一网络设备为接入与移动管理功能AMF实体;所述第二网络设备为独立数据管理UDM实体、或者鉴权服务功能AUSF实体。The method according to any one of claims 18 to 25, wherein the first network device is an access and mobility management function AMF entity; the second network device is an independent data management UDM entity, or an authentication service. Functional AUSF entity. 一种消息保护的装置,其特征在于,包括处理器和存储器,其中:A message protection device, comprising: a processor and a memory, wherein: 所述存储器存储有程序;The memory stores a program; 所述处理器用于调用所述存储器中存储的程序,执行如权利要求1至11任一所述的方法。The processor is configured to invoke a program stored in the memory to perform the method of any one of claims 1 to 11. 一种消息保护的装置,其特征在于,包括处理器和存储器,其中:A message protection device, comprising: a processor and a memory, wherein: 所述存储器存储有程序;The memory stores a program; 所述处理器用于调用所述存储器中存储的程序,执行如权利要求12至17任一所述的方法。The processor is configured to invoke a program stored in the memory to perform the method of any one of claims 12 to 17. 一种消息保护的装置,其特征在于,包括处理器、存储器,其中:A message protection device, comprising: a processor and a memory, wherein: 所述存储器存储有程序;The memory stores a program; 所述处理器用于调用所述存储器中存储的程序,执行如权利要求18至26任一所述的 方法。The processor is operative to invoke a program stored in the memory to perform the method of any one of claims 18 to 26. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有程序,所述程序在计算机上运行时,使得所述计算机执行如权利要求1至26任一所述的方法。A computer readable storage medium, characterized in that the computer readable storage medium stores a program that, when run on a computer, causes the computer to perform the method of any one of claims 1 to 26.
PCT/CN2018/114908 2017-11-14 2018-11-09 Method and apparatus for message protection WO2019096075A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711125181.0 2017-11-14
CN201711125181.0A CN109788474A (en) 2017-11-14 2017-11-14 A kind of method and device of message protection

Publications (1)

Publication Number Publication Date
WO2019096075A1 true WO2019096075A1 (en) 2019-05-23

Family

ID=66494028

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/114908 WO2019096075A1 (en) 2017-11-14 2018-11-09 Method and apparatus for message protection

Country Status (2)

Country Link
CN (1) CN109788474A (en)
WO (1) WO2019096075A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022048265A1 (en) * 2020-09-01 2022-03-10 大唐移动通信设备有限公司 Application layer key determination method, terminal, network side device, and apparatus
US11689920B2 (en) 2018-09-24 2023-06-27 Nokia Technologies Oy System and method for security protection of NAS messages

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112087724A (en) * 2019-06-13 2020-12-15 华为技术有限公司 Communication method, network equipment, user equipment and access network equipment
CN112351431B (en) * 2019-08-09 2023-06-30 华为技术有限公司 Security protection mode determining method and device
CN112601222B (en) * 2019-09-16 2022-04-22 华为技术有限公司 Safety protection method and device for air interface information
WO2021051974A1 (en) 2019-09-16 2021-03-25 华为技术有限公司 Security protection method and apparatus for air interface information
CN112672336B (en) * 2019-09-30 2024-04-30 华为技术有限公司 Method, communication device and communication system for realizing external authentication
CN113141327B (en) * 2020-01-02 2023-05-09 中国移动通信有限公司研究院 An information processing method, device and equipment
CN112771815B (en) * 2020-03-31 2022-11-11 华为技术有限公司 Key processing method and device
CN114040387B (en) * 2020-07-21 2024-06-04 中国移动通信有限公司研究院 Method, device and equipment for determining attack message
CN114285557B (en) * 2021-12-23 2024-09-06 中国电信股份有限公司 Communication decryption method, system and device
CN119450460A (en) * 2023-08-04 2025-02-14 华为技术有限公司 Communication method and communication device
CN119729457A (en) * 2023-09-27 2025-03-28 大唐移动通信设备有限公司 NAS message security protection method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012035850A1 (en) * 2010-09-13 2012-03-22 Nec Corporation Relay node device authentication mechanism
CN102833739A (en) * 2012-08-24 2012-12-19 大唐移动通信设备有限公司 Method, device and system for transmitting initial non access stratum messages
WO2017026114A1 (en) * 2015-08-13 2017-02-16 日本電気株式会社 Communication terminal, base station, network device, data communication method, and security setting method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
MY140529A (en) * 2006-06-19 2009-12-31 Interdigital Tech Corp Method and apparatus for security protection of an original user identity in an initial signaling message
CN103096302B (en) * 2011-10-27 2016-03-02 华为技术有限公司 A kind of encryption method, decryption method and relevant apparatus
US10334435B2 (en) * 2016-04-27 2019-06-25 Qualcomm Incorporated Enhanced non-access stratum security

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012035850A1 (en) * 2010-09-13 2012-03-22 Nec Corporation Relay node device authentication mechanism
CN102833739A (en) * 2012-08-24 2012-12-19 大唐移动通信设备有限公司 Method, device and system for transmitting initial non access stratum messages
WO2017026114A1 (en) * 2015-08-13 2017-02-16 日本電気株式会社 Communication terminal, base station, network device, data communication method, and security setting method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZTE CORPORATION ET AL.: "Clarification to Chapter 7.5 of TR 33.869 for Further Study", 3GPP TSG SA WG3 (SECURITY) MEETING #71, S 3-130387, vol. SA WG3, 8 April 2013 (2013-04-08) - 12 April 2013 (2013-04-12), pages 1 - 4, XP050709774 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11689920B2 (en) 2018-09-24 2023-06-27 Nokia Technologies Oy System and method for security protection of NAS messages
US12081978B2 (en) 2018-09-24 2024-09-03 Nokia Technologies Oy System and method for security protection of NAS messages
WO2022048265A1 (en) * 2020-09-01 2022-03-10 大唐移动通信设备有限公司 Application layer key determination method, terminal, network side device, and apparatus

Also Published As

Publication number Publication date
CN109788474A (en) 2019-05-21

Similar Documents

Publication Publication Date Title
WO2019096075A1 (en) Method and apparatus for message protection
KR102601585B1 (en) Systems and method for security protection of nas messages
CN108966220B (en) A kind of method and the network equipment of secret key deduction
US10911948B2 (en) Method and system for performing network access authentication based on non-3GPP network, and related device
TWI724132B (en) Method of wireless communication, apparatus for wireless communication and computer program for performing the method
CN109362108B (en) A kind of methods, devices and systems of safeguard protection
WO2020029938A1 (en) Secure conversation method and device
US11627458B2 (en) Key derivation algorithm negotiation method and apparatus
WO2018137488A1 (en) Security implementation method, device and system
CN109874139B (en) Anchor key generation method, device and system
US10320754B2 (en) Data transmission method and apparatus
CN112738804B (en) A security protection method and device
CN105874766B (en) The method and apparatus of controlled certificate is provided between the subscriber devices
US20200228977A1 (en) Parameter Protection Method And Device, And System
CN109691154B (en) On-demand network function re-authentication based on key refresh
CN108293223A (en) A kind of data transmission method, user equipment and network side equipment
WO2020248624A1 (en) Communication method, network device, user equipment and access network device
WO2013185735A2 (en) Encryption realization method and system
US20230269589A1 (en) Slice-specific security requirement information
WO2013174267A1 (en) Method, system, and device for securely establishing wireless local area network
CN109803262B (en) Network parameter transmission method and device
WO2012083873A1 (en) Method, apparatus and system for key generation
CN114223231B (en) Communication method and device
WO2022134089A1 (en) Method and apparatus for generating security context, and computer-readable storage medium
US20250023740A1 (en) Multi Access Security Handling

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18877981

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18877981

Country of ref document: EP

Kind code of ref document: A1