CN109788474A - A kind of method and device of message protection - Google Patents

Abstract

A method and device for message protection relate to the field of communication technologies, wherein the method includes: a terminal device obtains a protected initial NAS message according to a symmetric key and a first security algorithm, and sends the protected initial NAS message to a first network device a NAS message; and sending a key-related parameter to the second network device, wherein the key-related parameter is used to obtain a symmetric key. Because the terminal device can perform security protection on the initial NAS message through the symmetric key and the first security algorithm, while improving the transmission security of the initial NAS message, compared with the prior art solution, it helps to reduce the security of the initial NAS message. It reduces the complexity of protection and helps to improve the access efficiency of terminal equipment.

Description

Method and device for message protection

technical field

The present application relates to the field of communication technologies, and in particular, to a method and device for message protection.

Background technique

In long term evolution (LTE), the security protection of non-access stratum (NAS) messages is activated after the network device sends a NAS security mode command (SMC) message to the terminal device. Before the terminal device receives the NAS SMC message sent by the network device, the NAS messages transmitted between the terminal device and the network device, such as the initial NAS message, are unprotected messages, so these messages may be tampered with or sniffed by attackers. risks of.

In the prior art, in order to improve the security of the initial NAS message during the communication process, the initial NAS message sent by the terminal device to the network device only contains the subscriber permanent identifier (SUPI) and the security capability of the terminal device. After the device receives the NAS SMC message, it performs security protection on other parameters in the initial NAS message and sends it to the network device. This implementation makes the network device relatively lag in processing the initial NAS message, which affects the access of the terminal device. Efficient and more complex.

SUMMARY OF THE INVENTION

Embodiments of the present application provide a method and apparatus for message protection, which help to reduce the complexity of security protection for initial NAS messages and improve the access efficiency of terminal equipment.

In a first aspect, the message protection method of the embodiment of the present application includes:

The terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm, and sends the protected initial NAS message to the first network device; and sends the key-related parameters to the second network device, wherein the key is related to the The parameter is used to obtain the symmetric key.

In the embodiment of the present application, since the terminal device can perform security protection on the initial NAS message by using the symmetric key and the first security algorithm, while improving the transmission security of the initial NAS message, compared with the prior art solution, it helps to reduce the need for The complexity of the security protection of the initial NAS message, and it helps to improve the access efficiency of the terminal device.

In a possible design, the key-related parameters include the public key of the terminal device, and the terminal device can obtain the symmetric key according to the following methods:

The terminal device generates a symmetric key according to the public key of the second network device and the private key of the terminal device.

The terminal device generates a symmetric key according to the public key of the second network device and the private key of the terminal device. During specific implementation, a possible design is:

The terminal device generates an intermediate key according to the public key of the second network device and the private key of the terminal device, and then generates a symmetric key according to the intermediate key and the fixed character string. Optionally, the fixed character string can be preconfigured in the terminal device.

In a possible design, the key-related parameters include the ciphertext of the symmetric key, where the ciphertext of the symmetric key is obtained according to the public key of the second network device, and the terminal device can obtain the symmetric key according to the following methods:

Optionally, the terminal device generates a symmetric key according to a random key generation algorithm; or, optionally, the terminal device generates a symmetric key according to a random number, a permanent key, and a key derivation function (key derivation function, KDF). .

In a possible design, the key-related parameter includes a ciphertext of the first security algorithm, wherein the ciphertext of the first security algorithm is obtained according to the public key of the second network device.

The above technical solution helps to improve the security of transmitting the first security algorithm.

In a possible design, the first security algorithm is determined by the terminal device according to a preconfigured policy.

In one possible design, the initial NAS message is a registration request message.

In a possible design, after receiving the protected downlink NAS message from the first network device, the terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message , where the downlink NAS message may be a registration accept message or a NAS SMC message.

The above technical solution helps to improve the security of the transmission of the registration acceptance message or the NAS SMC message.

In a possible design, the terminal device receives the protected downlink NAS message from the first network device, where the downlink NAS message includes the second security algorithm, and the terminal device can pair the protected downlink NAS message with the first security algorithm according to the symmetric key and the first security algorithm. The protected downlink NAS message is decrypted, the downlink NAS message is obtained, and then the second security algorithm is obtained from the downlink NAS message. The second security algorithm verifies the integrity of the protected downlink NAS message. If the first network device performs integrity protection on the downlink NAS message, the terminal device verifies the integrity of the downlink NAS message according to the second security algorithm. The downlink NAS message is a registration accept message.

In the above technical solution, the first network device can send the second security algorithm to the terminal device through the registration accept message, so that it is not necessary to transmit the NAS SMC message to the terminal device, which helps to save signaling overhead. The second security algorithm is a security algorithm selected by the first network device.

In a possible design, the terminal device receives the protected downlink NAS message from the first network device, and checks the integrity of the downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message may be Downstream reject message.

The above technical solution can verify the integrity of the downlink rejection message, which helps the terminal device to determine whether the received downlink rejection message has been forged or tampered with, and reduces the possibility of the terminal device entering a Deny of Service (DoS) state. .

In a possible design, the first network device is an access and mobility management function (authentication management function, AMF), and the second network device is an independent data management (unified data management, UDM) entity, or an authentication service function (authentication server function, AUSF) entity.

In a second aspect, the message protection method according to the embodiment of the present application includes:

The second network device receives the key-related parameters from the terminal device, obtains the symmetric key according to the key-related parameters, and then sends the symmetric key to the first network device, wherein the key-related parameters are used to obtain the symmetric key, and the symmetric key is used to obtain the symmetric key. The key is used to secure the initial NAS message.

In this embodiment of the present application, since the second network device can send the symmetric key to the first network device, the first network device can obtain the initial NAS message according to the symmetric key.

In a possible design, the key-related parameters include the public key of the terminal device; the second network device obtains the symmetric key according to the following methods:

The second network device generates a symmetric key according to the public key of the terminal device and the private key of the second network device.

Wherein, the second network device generates a symmetric key according to the public key of the terminal device and the private key of the second network device. During specific implementation, a possible design is:

The second network device generates an intermediate key according to the public key of the terminal device and the private key of the second network device, and then generates a symmetric key according to the intermediate key and the fixed character string. Optionally, the fixed character string may be preconfigured in the second network device.

In a possible design, the key-related parameters include the ciphertext of the symmetric key; the second network device obtains the symmetric key according to the following methods:

The second network device decrypts the ciphertext of the symmetric key according to the private key of the second network device to obtain the symmetric key.

In a possible design, the key-related parameters include the ciphertext of the first security algorithm; the second network device decrypts the ciphertext of the first security algorithm according to the public key of the second network device to obtain the first security algorithm, and send the first security algorithm to the first network device.

The above technical solution helps to improve the security of the transmission of the first security algorithm.

In a possible design, the first network device is an AMF entity; the second network device is a UDM entity or an AUSF entity.

In a third aspect, the message protection method according to the embodiment of the present application includes:

The first network device receives the protected initial NAS message from the terminal device; and receives the symmetric key from the second network device; and then obtains the initial NAS message according to the symmetric key and the first security algorithm.

In the embodiment of the present application, since the initial NAS message is protected by the symmetric key and the first security algorithm, while improving the transmission security of the initial NAS message, compared with the prior art solution, it is helpful to reduce the need for the initial NAS message. The complexity of NAS message security protection, and it helps to improve the access efficiency of terminal equipment.

In one possible design, the first network device receives the first security algorithm from the second network device.

The above technical solution helps to improve the security of the transmission of the first security algorithm.

In one possible design, the initial NAS message is a registration request message.

In a possible design, the first network device obtains the protected downlink NAS message according to the symmetric key and the first security algorithm; and sends the protected downlink NAS message to the terminal device.

The above technical solution helps to improve the security of the downlink NAS message transmission.

In a possible design, the downlink NAS message is a registration accept message or a NAS SMC message.

In a possible design, the first network device obtains the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, wherein the downlink NAS message is a registration acceptance message, and the registration acceptance message includes the second security algorithm; then the first A network device performs integrity protection on the ciphertext of the downlink NAS message according to the second security algorithm, obtains the protected downlink NAS message, and sends the protected downlink NAS message to the terminal device. In the above technical solution, the first network device can send the second security algorithm to the terminal device through the registration accept message, so that it is not necessary to transmit the NAS SMC message to the terminal device, which helps to save signaling overhead. The second security algorithm is a security algorithm selected by the first network device.

In a possible design, the first network device performs integrity protection on the downlink NAS message according to the second security algorithm, wherein the downlink NAS message is a registration accept message, and the registration accept message includes the second security algorithm; then the first network device According to the symmetric key and the first security algorithm, the protected downlink NAS message is obtained, and the protected downlink NAS message is the ciphertext of the integrity-protected downlink NAS message; finally, the first network device sends the protected downlink NAS message to the terminal device. Downlink NAS messages. In the above technical solution, the first network device can send the second security algorithm to the terminal device through the registration accept message, so that it is not necessary to transmit the NAS SMC message to the terminal device, which helps to save signaling overhead. The second security algorithm is a security algorithm selected by the first network device.

In a possible design, the first network device performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain the protected downlink NAS message, and then sends the protected downlink NAS message to the terminal device message, wherein the downlink NAS message may be a registration rejection message.

Through the above technical solution, the integrity of the downlink rejection message can be protected, which helps the terminal device to determine whether the received downlink rejection message is forged or tampered, and reduces the possibility of the terminal device entering the DoS state.

In a possible design, the first network device is an AMF entity; the second network device is a UDM entity or an AUSF entity.

In a fourth aspect, the apparatus for message protection according to the embodiment of the present application may be a terminal device or a chip in the terminal device. The device has the function of realizing the above-mentioned first aspect and the technical solutions of various possible designs of the first aspect. This function can be implemented by hardware or by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions.

In a possible design, the apparatus includes a processing unit and a communication unit, the processing unit may be, for example, a processor, and the communication unit may be, for example, a transceiver, and the transceiver may include a radio frequency circuit. The processing unit is configured to obtain the protected initial NAS message according to the symmetric key and the first security algorithm, the communication unit is configured to send the protected initial NAS message to the first network device, and send the key-related parameters to the second network device , where the key-related parameters are used to obtain the symmetric key.

In another possible design, the apparatus includes a processor and a memory, wherein the memory is used to store a program, and the processor is used to call the program stored in the memory, so as to implement the first aspect and any one of the possible designs of the first aspect Methods of message protection. It should be noted that the processor can send or receive data through input/output interfaces, pins or circuits. The memory may be an in-chip register, a cache, or the like. In addition, the memory may also be a storage unit located outside the chip in the terminal device, such as read-only memory (ROM), other types of static storage devices that can store static information and instructions, random access memory (random access memory) access memory, RAM), etc.

Wherein, the processor mentioned in any one of the above may be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more An integrated circuit for controlling a program for executing the above-mentioned first aspect or any one of the possible designs of the message protection method in the first aspect.

In a fifth aspect, in the apparatus for message protection according to the embodiment of the present application, the apparatus may be a network device or a chip in the network device. The device has the function of implementing the above-mentioned second aspect and the technical solutions of various possible designs of the second aspect. This function can be implemented by hardware or by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions.

In a possible design, the apparatus includes a processing unit and a communication unit. The processing unit may be, for example, a processor, and the communication unit may be, for example, a communication interface. Optionally, the processor and the communication interface may be connected through optical fibers, twisted pairs, etc. For wired connection, the communication unit may also be a transceiver, and the transceiver may include a radio frequency circuit. Optionally, the processor and the transceiver may be connected in a wireless manner such as wireless fidelity (WIFI, wireless fidelity).

Specifically, the communication unit is used to receive the key-related parameters from the terminal device, the key-related parameters are used to obtain a symmetric key, and the symmetric key is used to secure the initial NAS message; the processing unit is used to obtain the symmetric key according to the key-related parameters. The symmetric key is obtained, and the communication unit is further configured to send the symmetric key to the first network device.

In another possible design, the apparatus includes a processor and a memory, wherein the memory is used to store a program, and the processor is used to call the program stored in the memory, so as to implement the second aspect and any possible design of the second aspect Methods of message protection. It should be noted that the processor can send or receive data through input/output interfaces, pins or circuits. The memory may be an in-chip register, a cache, or the like. In addition, the memory may also be a storage unit located outside the chip in the network device, such as ROM, other types of static storage devices that can store static information and instructions, RAM, and the like.

Wherein, the processor mentioned in any of the above can be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more messages used to control the execution of the second aspect or any of the possible designs of the second aspect A method of protecting an integrated circuit of a program.

In a sixth aspect, in the apparatus for message protection according to the embodiment of the present application, the apparatus may be a network device or a chip in the network device. The device has the function of realizing the above-mentioned third aspect and the technical solutions of various possible designs of the third aspect. This function can be implemented by hardware or by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions.

In a possible design, the apparatus includes a processing unit and a communication unit. The processing unit may be, for example, a processor, and the communication unit may be, for example, a communication interface. Optionally, the processor and the communication interface may be connected through optical fibers, twisted pairs, etc. For wired connection, the communication unit may also be a transceiver, and the transceiver may include a radio frequency circuit. Optionally, the processor and the transceiver may be connected wirelessly such as WIFI.

Specifically, the communication unit is configured to receive the protected initial NAS message from the terminal device and the symmetric key from the second network device, and the processing unit is configured to obtain the initial NAS message according to the symmetric key and the first security algorithm.

In another possible design, the apparatus includes a processor and a memory, wherein the memory is used to store a program, and the processor is used to call the program stored in the memory, so as to implement the third aspect and any possible design of the third aspect How to protect messages in . It should be noted that the processor can send or receive data through input/output interfaces, pins or circuits. The memory may be an in-chip register, a cache, or the like. In addition, the memory may also be a storage unit located outside the chip in the network device, such as ROM, other types of static storage devices that can store static information and instructions, RAM, and the like.

The processor mentioned in any of the above can be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more messages used to control the execution of the third aspect or any of the possible designs of the third aspect A method of protecting an integrated circuit of a program.

In a seventh aspect, embodiments of the present application further provide a computer-readable storage medium, where a program is stored in the computer-readable storage medium, and when the program runs on a computer, the computer executes the methods described in the above aspects.

In an eighth aspect, the present application further provides a computer program product comprising a program, which, when run on a computer, causes the computer to execute the methods described in the above aspects.

In a ninth aspect, an embodiment of the present application further provides a communication system, including the fourth aspect or any possible design device of the fourth aspect, the fifth aspect or any possible design device of the fifth aspect, and The sixth aspect or the device of any possible design of the sixth aspect.

In addition, for the technical effects brought by any possible design manners in the fourth aspect to the ninth aspect, reference may be made to the technical effects brought about by different design manners in the first aspect, which will not be repeated here.

Description of drawings

FIG. 1 is a schematic diagram of a possible network architecture to which an embodiment of the present application is applicable;

FIG. 2 is a schematic diagram of another possible network architecture applicable to the embodiment of the present application;

3 is a schematic flowchart of a method for message protection provided by an embodiment of the present application;

4 is a schematic flowchart of another message protection method provided by an embodiment of the present application;

FIG. 5 is a schematic flowchart of another message protection method provided by an embodiment of the present application;

6 is a schematic flowchart of a method for message protection provided by an embodiment of the present application;

FIG. 7 is a schematic diagram of another apparatus for message protection provided by an embodiment of the present application;

FIG. 8 is a schematic diagram of another apparatus for message protection provided by an embodiment of the present application;

FIG. 9 is a schematic diagram of another apparatus for message protection provided by an embodiment of the present application;

FIG. 10 is a schematic diagram of another apparatus for message protection provided by an embodiment of the present application;

11 is a schematic diagram of another apparatus for message protection provided by an embodiment of the present application;

12 is a schematic diagram of another apparatus for message protection provided by an embodiment of the present application;

FIG. 13a and FIG. 13b are schematic diagrams of a communication system provided by an embodiment of the present application, respectively.

Detailed ways

As shown in FIG. 1 , it is a schematic diagram of a possible network architecture applicable to the embodiment of the present application. The network architecture is the 4th Generation mobile communication technology (the 4th Generation mobile communication technology, 4G) network architecture. The network elements in the 4G architecture include a terminal device, a mobility management entity (MME), a serving GPRS support node (SGSN), a home subscriber server (HSS), and a serving gateway (serving gateway). gateway, S-GW), packet data network gateway (PDN gateway, P-GW), policy and charging rules function (policy and charging rules function, PCRF) entity, evolved universal terrestrial radio access network (evolved universalterrestrial radio access network, E-TURAN) and so on.

E-UTRAN consists of multiple evolved base stations (evolved nodeB, eNodeB). The eNodeBs are interconnected with each other through the X2 interface, the eNodeB and the evolved packet core (EPC) are interconnected through the S1 interface, and the eNodeB and the terminal are interconnected through the S1 interface. Devices are interconnected via LTE-Uu.

The main functions of MME are to support NAS messages and their security, management of tracking area (TA) list, selection of P-GW and S-GW, selection of MME during cross-MME handover, system access to 2G/3G During the handover process, SGSN selection, terminal equipment authentication, roaming control and bearer management, and mobility management between core network nodes of different access networks are performed in the 3rd Generation Partnership Project (3GPP).

The S-GW is a gateway that terminates at the E-UTRAN interface. Its main functions include: when handover between base stations is performed, it acts as a local anchor point and assists in completing the reordering function of base stations; when handover between different 3GPP access systems, it acts as a mobile perform legal interception functions; perform packet routing and forwarding; perform packet marking at the uplink and downlink transport layers; be used for inter-operator billing, etc.

The P-GW is a gateway oriented to the PDN and terminated on the SGi interface. If the terminal device accesses multiple PDNs, the terminal device will correspond to one or more P-GWs. The main functions of the P-GW include the terminal equipment-based packet filtering function, the lawful interception function, the Internet Protocol (IP) address allocation function for interconnection between the network of the terminal equipment, and the data packet transmission level in the uplink. Mark, perform uplink and downlink service level charging and service level threshold control, perform service-based uplink and downlink rate control, etc.

The HSS is a database for storing subscription information of terminal equipment, and the home network may include one or more HSSs. The HSS is responsible for storing information related to terminal equipment, such as terminal equipment identification, numbering and routing information, security information, location information, profile information, and the like.

SGSN can be used for signaling interaction when moving between 2G/3G and E-UTRAN 3GPP access networks, including the selection of P-GW and S-GW, and is also used for terminal equipment switching to E-UTRAN 3GPP access network. Make selection of MME.

The PCRF entity terminates at the Rx interface and the Gx interface. In the non-roaming scenario, there is only one PCRF and one IP-connectivity access network (IP-connectivity access network) of the terminal device in the local public land mobile network (HPLMN). ), the IP-CAN session is related; in the roaming scenario and the service flow is local grooming, there may be two PCRFs related to the IP-CAN session of a terminal device.

Terminal equipment is a device with wireless transceiver function, which can be deployed on land, including indoor or outdoor, handheld or vehicle; it can also be deployed on water (such as ships, etc.); it can also be deployed in the air (such as aircraft, balloons, etc.) and satellite, etc.). Specifically, the terminal device may be user equipment (user equipment, UE), a mobile phone (mobile phone), a tablet computer (pad), a computer with a wireless transceiver function, a virtual reality (virtual reality, VR) terminal, an augmented reality (augmented reality) terminal , AR) terminal, wireless terminal in industrial control, wireless terminal in self driving, wireless terminal in remote medical, wireless terminal in smart grid, Wireless terminals in transportation safety, wireless terminals in smart cities, wireless terminals in smart homes, and so on.

As shown in FIG. 2 , it is a schematic diagram of another possible network architecture applicable to the embodiment of the present application. The network architecture is the 5th Generation mobile communication technology (5G) network architecture. The 5G architecture may include a terminal device, a radio access network (RAN), an AMF entity, a session management function (SMF) entity, a user plane function (UPF) entity, a UDM entity, an authentication Authorization service function (authentication server function, AUSF) entity, data network (data network, DN). In addition, in addition to the network elements shown in Figure 2, the 5G network architecture may also include Authentication Credential Repository and Processing Function (ARPF) entities, security anchor function (security anchor function, SEAF) entities , Subscription identifier de-concealing function (SIDF) entity, etc.

The main function of the RAN is to control the terminal equipment to access the mobile communication network through wireless. RAN is a part of a mobile communication system. It implements a wireless access technology. Conceptually, it resides between some device (such as a mobile phone, a computer, or any remote control machine) and provides a connection to its core network. RAN equipment includes but is not limited to: (g nodeB, gNB) in 5G, evolved node B (evolved node B, eNB), radio network controller (radio network controller, RNC), node B (node B, NB), base station Controller (base station controller, BSC), base transceiver station (base transceiver station, BTS), home base station (for example, home evolved node B, or homenode B, HNB), base band unit (base band unit, BBU), transmission point ( A transmitting and receiving point (TRP), a transmitting point (TP), a mobile switching center, etc., in addition, a wireless fidelity (wireless fidelity, wifi) access point (access point, AP) and the like may also be included.

The AMF entity is responsible for the access management and mobility management of the terminal equipment. In practical applications, it includes the mobility management function of the MME in the 4G network framework, and adds the access management function.

The SMF entity is responsible for session management, such as user session establishment.

The UPF entity is the functional network element of the user plane, which is mainly responsible for connecting to the external network, including the related functions of the SGW and the P-GW in the 4G network architecture.

The DN is responsible for the network that provides services for the terminal equipment. For example, some DNs provide the terminal equipment with the Internet access function, and other DNs provide the terminal equipment with the short message function and so on.

The AUSF entity has an authentication service function, which is used to terminate the authentication function requested by the SEAF.

The UDM entity can store the subscription information of the terminal equipment to realize the back end similar to the HSS in 4G.

The ARPF entity has authentication credential storage and processing functions, and is used to store the UE's long-term authentication credential, such as the permanent key K. In 5G, the functionality of ARPF can be incorporated into the UDM entity.

The SEAF entity is used to complete the authentication process for the terminal device. In 5G, the function of the SEAF can be incorporated into the AMF entity.

The SIDF entity can parse the identity information of the subscriber, for example, obtain the subscription permanent identifier (SUPI) according to the subscription concealed identifier (SUCI).

For the terminal device, refer to the terminal device in the network architecture shown in FIG. 1 .

The embodiments of the present application are applicable to both the 4G network architecture shown in FIG. 1 and the 5G network architecture shown in FIG. 2 .

In this embodiment of the present application, the first network device may be a mobility management functional entity for managing terminal devices, or may be a mobility management functional entity or a chip in the mobility management functional entity, for example, MME in 4G, 5G The AMF entity or the SEAF entity in the second network device can be a storage function entity for storing the private key of the network device, or a storage function entity for decrypting messages encrypted according to the public key of the network device, or a chip in the storage function entity, for example, HSS in 4G, APRF entity in 5G, or AUSF entity, or SIDF entity, or UDM entity. For convenience of description, the embodiments of the present application are described by taking the first network device as a mobility management functional entity and the second network device as a storage functional entity as an example, which is not limited.

It should be noted that, by using the methods provided by the embodiments of the present application, not only the complete initial NAS message but also some fields of the initial NAS message can be protected. For convenience of description, the embodiments of the present application take the complete initial NAS message as an example for description. When protecting part of the fields of the initial NAS message, the ciphertext of the initial NAS message, the MAC of the initial NAS message, and the ciphertext of the initial NAS message. The MAC may be replaced by the ciphertext of the initial NAS message part field, the MAC of the initial NAS message part field, and the MAC of the ciphertext of the initial NAS message part field, which are not limited.

The message protection method according to the embodiment of the present application will be described in detail below with reference to the accompanying drawings.

As shown in FIG. 3, a schematic flowchart of a method for message protection provided by an embodiment of the present application includes the following steps:

Step 301: The terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm.

The initial NAS message may be the first NAS message sent to the mobility management functional entity in the process of the terminal device accessing the mobility management functional entity. For example, the initial NAS message may be a registration request (RR) message, an attach request (attach request) message, or a tracking area update (TAU) update request (TAU request) message, or the like.

The symmetric key may be an encryption key or an integrity protection key, and may also include an encryption key and an integrity protection key.

Exemplarily, the symmetric key is an encryption key, and the first security algorithm is an encryption algorithm; or, the symmetric key is an integrity protection key, and the first security algorithm is an integrity protection algorithm; or, the symmetric key includes an encryption key. key and integrity protection key, the first security algorithm includes an encryption algorithm and an integrity protection algorithm.

Among them, the encryption involved in this application is used to obtain the real content of the message after the content of the message sent to the target receiver is obtained by a third party who does not know the encryption key and other related parameters. The integrity protection is used to ensure that the content of the message received by the target receiver has not been tampered with by a third party, and is consistent with the message sent by the sender to the target receiver.

It should be noted that when the symmetric key is the encryption key and the first security algorithm is the encryption algorithm, the protected initial NAS message may be the ciphertext of the initial NAS message; when the symmetric key is the integrity protection key, the first When a security algorithm is an integrity protection algorithm, the protected initial NAS message can be the initial NAS message and the message authentication code (MAC) of the initial NAS message; when the symmetric key includes an encryption key and an integrity protection key The protected initial NAS message can be the ciphertext and MAC of the initial NAS message, where the MAC can be the MAC of the ciphertext of the initial NAS message, or the MAC can be the MAC of the initial NAS message. In addition, when the symmetric key includes encrypted When the key and the integrity protection key are used, the protected initial NAS message may also be the ciphertext of the integrity-protected initial NAS message, wherein the encrypted content in the ciphertext of the integrity-protected initial NAS message includes the initial NAS message and the MAC of the initial NAS message, specifically whether the MAC in the protected initial NAS message is the MAC of the ciphertext of the initial NAS message or the MAC of the initial NAS message and whether the terminal device performs integrity protection on the initial NAS message or whether the initial NAS message is It is related to the integrity protection of the ciphertext of the original NAS message, and whether to encrypt the MAC when the initial NAS message is encrypted first, is determined by the internal implementation of the terminal device during the specific implementation.

During specific implementation, the symmetric key may be pre-configured on the terminal device, or the symmetric key may be generated by the terminal device. This application provides three ways for a terminal device to generate a symmetric key, which can be applied to the case where the generation algorithm of the symmetric key is preconfigured on the terminal device, or it can be applied to the case where the symmetric key is preconfigured on the terminal device .

The first way for the terminal device to generate the symmetric key is as follows:

The terminal device generates a symmetric key according to the public key of the storage functional entity and the private key of the terminal device. It should be noted that the terminal device can generate the public key and private key of the terminal device according to the preconfigured asymmetric parameters. Optionally, the algorithm for generating the public key and private key of the terminal device can be an elliptic curve integrated encryption method. encryption scheme, ECIES).

The first way of generating a symmetric key by a terminal device is described below by way of example.

Example 1: The terminal device directly generates a symmetric key according to the public key of the storage functional entity and the private key of the terminal device. Optionally, the algorithm for generating the symmetric key may be a key agreement function (key agreement function, KAF) pre-configured on the terminal device. Optionally, the symmetric key generated in Example 1 can be an encryption key or an integrity protection key, which can be applied to the case where the symmetric key is an encryption key or an integrity protection key; or, optional , the symmetric key generated in Example 1 can be used as both an encryption key and an integrity protection key. When the protection keys are the same; or, optionally, the terminal device can directly generate symmetric key 1 and symmetric key 2 according to the public key of the storage functional entity and the private key of the terminal device for different private keys. , where the terminal device can use the symmetric key 1 as the encryption key and the symmetric key 2 as the integrity protection key, where the terminal device includes two or more private keys, which can be applied to the symmetric key including When the encryption key and the integrity protection key are different, and the encryption key and the integrity protection key are different.

Example 2: The terminal device generates an intermediate key according to the public key of the storage functional entity and the private key of the terminal device, and then generates a symmetric key according to the intermediate key and the fixed character string. The fixed character string may be pre-configured on the terminal device and the network side (eg, a storage functional entity), or pre-configured on the terminal device or the network side. Specifically, the terminal device and the network side can preconfigure one or more fixed character strings. In the case of preconfiguring multiple fixed character strings, the terminal device can select at least one fixed character string according to a preset algorithm or rule, for example At least one fixed string is randomly selected, or one or more fixed strings are selected in some priority order. Specifically, the fixed string can be "NAS", "INITIAL", "INITIAL NAS", "SUPI", "INITIAL ENC", "INITIAL NAS ENC", "INITIAL INT", "INITIAL NAS INT", etc. It should be noted that the manner of generating the intermediate key in Example 2 is similar to the manner of generating the symmetric key in Example 1, for example, the algorithm for generating the intermediate key may be KAF pre-configured on the terminal device.

For example, optionally, the symmetric key generated in Example 2 can be an encryption key or an integrity protection key, which can be applied to a situation where the symmetric key is an encryption key or an integrity protection key; or, it can be Optionally, the symmetric key generated in Example 2 can be used as both an encryption key and an integrity protection key, and can be applied to symmetric keys including encryption keys and integrity protection keys, and encryption keys and integrity protection keys. In the case of the same property protection key; or, optionally, the terminal device can directly generate symmetric key 1 and symmetric key 2 according to the public key of the storage functional entity and the private key of the terminal device for different private keys. , and then generate symmetric key 1 based on intermediate key 1 and fixed string, generate symmetric key 2 based on intermediate key 2 and fixed string, and directly use symmetric key 1 as the encryption key and symmetric key 2 as integrity Protection key, where the terminal device has two or more private keys, which can be applied to the case where the symmetric key includes an encryption key and an integrity protection key, and the encryption key and the integrity protection key are different; or , optionally, the terminal device generates an intermediate key according to the public key of the storage functional entity and the private key of the terminal device, and then in order to obtain the encryption key and the integrity protection key, the terminal device can select two different fixed characters String, such as fixed string 1 and fixed string 2, specifically, fixed string 1 can be "ENC", "KEY ENC", "INIITIAL ENC", etc., fixed string 2 can be "INT", "KEY INT" ", "INIITIAL INT", etc., and according to the fixed string 1 and the intermediate key, generate the symmetric key 1, and according to the fixed string 2 and the intermediate key, generate the symmetric key 2, and use the symmetric key 1 as the encryption key. The symmetric key 2 is used as the integrity protection key, in which the terminal device may have one or more private keys, which can be applied to the symmetric key including the encryption key and the integrity protection key, and the encryption key and the integrity protection key. different protection keys.

It should be noted that, in Example 2, an optional way is: the terminal device directly sends the public key of the terminal device to the storage function entity. The private key of the functional entity generates an intermediate key, and then generates a symmetric key according to the intermediate key and the symmetric string; another optional method is: the terminal device sends the generated intermediate key to the storage function entity, and the storage function The entity can directly generate the symmetric key according to the intermediate key and the fixed character string, which reduces the steps for the storage function entity to generate the symmetric key and helps to improve communication efficiency. There is also an optional way: the terminal device encrypts the symmetric key according to the public key of the storage functional entity, and then sends the ciphertext of the symmetric key to the storage functional entity. In this case, the storage functional entity only needs to The symmetric key is obtained by storing the private key of the functional entity and decrypting the ciphertext of the symmetric key. The parameters sent by the specific terminal device to the storage functional entity are determined by the algorithm or policy preconfigured in the terminal device.

Example 3: The terminal device generates a temporary key 1 according to the public key of the storage functional entity and the private key of the terminal device, and then performs further key derivation based on the pre-configured KDF according to the temporary key 1 to generate the temporary key 2. Optionally, the terminal device directly uses the temporary key 2 as the symmetric key; or, the terminal device truncates the length of the temporary key 1 or the temporary key 2 according to a preconfigured truncation (truncated) function to meet the preconfigured length, Obtain a symmetric key.

For example, optionally, the symmetric key generated in Example 3 can be an encryption key or an integrity protection key, which can be applied to the case where the symmetric key is an encryption key or an integrity protection key; or, it can be Optionally, the terminal device generates an encryption key or an integrity protection key according to the symmetric key and the fixed string generated in Example 3. Specifically, the fixed string can be "NAS", "INITIAL", "INITIAL NAS", etc. ; or, optionally, the symmetric key generated in Example 3 can be used as both an encryption key and an integrity protection key, and can be applied to symmetric keys including encryption keys and integrity protection keys, and encryption keys. In the case where the key and the integrity protection key are the same; or, alternatively, the terminal device can use the private key 1 and the private key 2 to generate the symmetric key 1 and the symmetric key 2 according to the method in Example 3, and then directly The symmetric key 1 is used as the encryption key, and the symmetric key 2 is used as the integrity protection key, wherein the terminal device has two or more private keys, which can be applied to symmetric keys including encryption keys and integrity protection keys. In the case where the encryption key and the integrity protection key are different; or, optionally, the terminal device generates a temporary key 1 according to the public key of the storage functional entity and the private key of the terminal device, and then in order to obtain the encryption key Key and integrity protection key, the terminal device can choose two different fixed strings, such as fixed string 1 and fixed string 2, specifically, fixed string 1 can be "ENC", "KEY ENC", "INIITIAL ENC", etc., the fixed string 2 can be "INT", "KEY INT", "INIITIALINT", etc., and based on the fixed string 1 and the temporary key 1, based on the preset KDF for further key derivation, Generate symmetric key 1, and perform further key derivation based on the preset KDF according to the fixed string 2 and the intermediate key, generate symmetric key 2, use symmetric key 1 as the encryption key, and symmetric key 2 as the The integrity protection key, wherein the terminal device has one or more private keys, can be applied to the case where the symmetric key includes an encryption key and an integrity protection key, and the encryption key and the integrity protection key are different.

The second method for the terminal device to generate a symmetric key is as follows:

The terminal device generates a symmetric key according to a random key generation algorithm. Optionally, the random key generation algorithm is preconfigured on the terminal device. Specifically, the terminal device generates a key that meets the length required by the random key generation algorithm according to a preconfigured random key generation algorithm, and uses the key as a symmetric key.

For example, optionally, the symmetric key generated in the second method can be an encryption key or an integrity protection key, which can be applied to the case where the symmetric key is an encryption key or an integrity protection key; or, optional Yes, the symmetric key generated in the second method can be used as both an encryption key and an integrity protection key. It can be applied to symmetric keys including encryption keys and integrity protection keys, and encryption keys and integrity protection keys. In the case where the protection keys are the same; or, optionally, the symmetric key generated by the terminal device according to the pre-configured random key generation algorithm may include symmetric key 1 and symmetric key 2, where the terminal device can use the symmetric key 1 as the encryption key and symmetric key 2 as the integrity protection key, which can be applied to the case where the symmetric key includes the encryption key and the integrity protection key; or, optionally, the terminal device can The random key generation algorithm generates a temporary key 4, and then generates an encryption key based on KDF according to the temporary key 4 and the pre-configured first fixed string, and generates an encryption key based on the temporary key 4 and the pre-configured second fixed string , the integrity protection key is generated based on KDF, which can be applied to the case where the symmetric key includes encryption key and integrity protection key.

The third way for the terminal device to generate the symmetric key is:

The terminal device generates a symmetric key according to the random number, permanent key and KDF. Optionally, the permanent key and KDF are pre-configured in the terminal device, and the random number is randomly generated by the terminal device.

For example, optionally, the symmetric key generated in the third method can be an encryption key or an integrity protection key, which can be applied to the case where the symmetric key is an encryption key or an integrity protection key; or, optional Yes, the symmetric key generated in method 3 can be used as both an encryption key and an integrity protection key, and can be applied to symmetric keys including encryption keys and integrity protection keys, and encryption keys and integrity protection keys. In the case of the same protection key; or, alternatively, the terminal device can generate the encryption key and the integrity protection key in the same way according to different random numbers, which can be applied to symmetric keys including encryption keys. In the case of the encryption key and the integrity protection key; or, optionally, the terminal device can generate the encryption key based on the KDF according to the permanent key, the random number and the pre-configured first fixed string, and according to the permanent key, The random number and the preconfigured second fixed character string generate the integrity protection key based on the KDF, which can be applied to the case where the symmetric key includes an encryption key and an integrity protection key.

In addition, in this embodiment of the present application, the first security algorithm may be preconfigured in the terminal device, and determined by the terminal device according to a preconfigured policy, wherein the optional preconfigured policy is sent by the network side device to the terminal device, wherein the network The side device may be the mobility management function entity that the terminal device needs to access in this embodiment of the application, or may be another mobility management function entity that the terminal device in the network has accessed once, for example, when the terminal device accesses the mobility management entity for the first time , the preconfigured policy can be sent by other mobility management function entities in the network that the terminal device has accessed. In addition, the preconfigured policy can also be manually configured in the terminal device. An example of an optional pre-configured policy approach is: if the terminal device accesses the mobility management functional entity for the first time, the first security algorithm may be a security algorithm pre-configured in the terminal device. When multiple security algorithms are configured, the first security algorithm may be one security algorithm among the multiple pre-configured security algorithms. The specific method of how the terminal device selects the first security algorithm from the multiple pre-configured security algorithms is determined by: It is determined by the internal implementation of the terminal device. If the terminal device accesses the mobility management entity for the Nth time, where N is an integer greater than or equal to 2, the first security algorithm may be used by the terminal device when accessing the mobility management entity for the (N-1)th time security algorithm. Optionally, the pre-configured policy may also be pre-configured in the terminal device when leaving the factory, for example, the pre-configured policy may be selecting the security algorithm with the highest priority among the security algorithms.

Step 302, the terminal device sends the protected initial NAS message to the mobility management function entity, and sends key-related parameters to the storage function entity, where the key-related parameters are used to obtain a symmetric key.

In one possible implementation, the terminal device directly sends the key-related parameters to the storage functional entity; in another possible implementation, the terminal device transparently transmits the key-related parameters to the storage functional entity through the mobility management functional entity, for example, the terminal The device may send the key-related parameters together with the protected initial NAS message to the mobility management function entity.

For example, if the symmetric key is generated according to the public key of the storage functional entity and the private key of the terminal device, the key-related parameters include the public key of the terminal device; if the symmetric key is generated according to the random key generation algorithm, Or the symmetric key is generated according to the random number, permanent key and KDF, the key-related parameters include the ciphertext of the symmetric key, and the ciphertext of the symmetric key is obtained according to the public key of the storage function entity. , the terminal device encrypts the symmetric key according to the public key of the storage functional entity to obtain the ciphertext of the symmetric key.

Optionally, in order to facilitate the mobility management function entity to obtain the initial NAS message after receiving the protected initial NAS message, the key-related parameters also include the first security algorithm or the ciphertext of the first security algorithm, wherein the first security The ciphertext of the algorithm is obtained according to the public key of the storage functional entity. Specifically, the terminal device encrypts the first security algorithm according to the public key of the storage functional entity to obtain the ciphertext of the first security algorithm.

When the key-related parameters do not include the first security algorithm or the ciphertext of the first security algorithm, the mobility management functional entity can obtain the initial NAS message according to the symmetric key and its own preconfigured security algorithm. The security algorithm preconfigured in the management function entity includes the security algorithm preconfigured in the terminal device.

Step 303: After receiving the key-related parameters, the storage functional entity obtains a symmetric key according to the key-related parameters.

In an example, the key-related parameters include the public key of the terminal device, and the storage function entity may generate a symmetric key according to the public key of the terminal device and the private key of the storage function entity. Specifically, the way that the storage function entity generates the symmetric key according to the public key of the terminal device and the private key of the storage function entity is similar to the way that the terminal device generates the symmetric key according to the public key of the storage function entity and the private key of the terminal device. This will not be repeated here.

In another example, the storage function entity generates an intermediate key according to the public key of the terminal device and the private key of the storage function entity, and then generates a symmetric key according to the intermediate key and the fixed character string. The method of generating an intermediate key from the public key and the private key of the terminal device, and then generating a symmetric key according to the intermediate key and the fixed character string is similar, and will not be repeated here.

In another example, the key-related parameters include the ciphertext of the symmetric key, and the storage functional entity decrypts the ciphertext of the symmetric key according to the private key of the storage functional entity to obtain the symmetric key.

In addition, when the key-related parameters include the ciphertext of the first security algorithm, the above method further includes: the storage function entity decrypts the ciphertext of the first security algorithm according to the private key of the storage function entity, and obtains the first security algorithm. security algorithm.

Step 304, the storage function entity sends the symmetric key to the mobility management function entity.

It should be noted that when the storage function entity generates an intermediate key according to the public key of the terminal device and the private key of the storage function entity, the symmetric key sent by the storage function entity to the mobility management function entity may also be an intermediate key, The symmetric key for obtaining the initial NAS message may then be generated by the mobility management function entity based on the intermediate key and the fixed string.

For example, in the case where the symmetric key includes an encryption key and an integrity protection key, the mobility management function entity may generate the encryption key based on the KDF according to the intermediate key and the preconfigured first fixed character string; key and a pre-configured second fixed string to generate an integrity protection key based on KDF. In addition, the mobility management functional entity may also generate the symmetric key according to the intermediate key and the fixed character string in other ways. For details, please refer to the way for the storage functional entity to generate the symmetric key, which will not be repeated here.

When the key-related parameter includes the first security algorithm or the ciphertext of the first security algorithm, the above method further includes: the storage functional entity sends the first security algorithm to the mobility management functional entity.

Step 305, after receiving the protected initial NAS message from the terminal device and the symmetric key from the storage functional entity, the mobility management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm.

The first security algorithm may be preconfigured on the mobility management functional entity.

Optionally, when the storage functional entity sends the first security algorithm to the mobility management functional entity, the mobility management functional entity also receives the first security algorithm from the storage functional entity.

Specifically, the mobility management function entity may obtain the initial NAS message based on the following methods:

Mode 1: The mobility management function entity decrypts the protected initial NAS message according to the symmetric key and the first security algorithm to obtain the initial NAS message, which can be applied to the case where the protected initial NAS message is the ciphertext of the initial NAS message. In the case where the symmetric key is the encryption key and the first security algorithm is the encryption algorithm, the ciphertext of the initial NAS message is obtained according to the encryption key and the first security algorithm.

Mode 2: The mobility management function entity verifies the integrity of the initial NAS message according to the symmetric key and the first security algorithm, which can be applied to the case where the symmetric key is the integrity protection key and the first security algorithm is the integrity protection algorithm Down. Specifically, the mobility management function entity can check the integrity of the initial NAS message based on the following methods: Since the protected initial NAS message is the initial NAS message and the MAC of the initial NAS message, the mobility management function entity can check the integrity of the initial NAS message according to the symmetric key, The first security algorithm and the received initial NAS message generate a new MAC. If the new MAC is the same as the MAC in the protected initial NAS message, the mobility management function entity checks the integrity of the initial NAS message successfully; If the MACs in the protected initial NAS messages are different, the mobility management function entity fails to verify the integrity of the initial NAS messages.

Mode 3: The mobility management function entity verifies the integrity of the ciphertext of the initial NAS message according to the integrity protection key and the integrity protection key algorithm, wherein the mobility management function entity verifies the integrity and sum of the ciphertext of the initial NAS message. The mobility management function entity in Mode 2 verifies the integrity of the initial NAS message is similar, and the description is not repeated here. Optionally, in the case that the mobility management functional entity successfully verifies the integrity of the ciphertext of the initial NAS message, the mobility management functional entity then decrypts the ciphertext of the initial NAS message according to the encryption key and the encryption algorithm to obtain the initial NAS message. NAS message; or, optionally, the mobility management function entity directly decrypts the ciphertext of the initial NAS message regardless of the integrity protection check result, and the above method can be applied to the initial NAS message being protected as the initial NAS message In the case of the MAC of the ciphertext and the ciphertext of the initial NAS message, where the symmetric key includes the encryption key and the integrity protection key, the first security algorithm includes the encryption algorithm and the integrity protection algorithm, the ciphertext of the initial NAS message is obtained according to the encryption key and encryption algorithm, and the MAC of the ciphertext of the initial NAS message is obtained according to the integrity protection key and the integrity protection key algorithm.

Mode 4: The mobility management function entity must first decrypt the protected initial NAS message according to the encryption key and the encryption algorithm to obtain the initial NAS message, and then verify the obtained initial NAS message according to the integrity protection key and the integrity protection algorithm. The integrity of the NAS message, wherein the integrity of the initial NAS message obtained by the mobility management function entity verification is similar to the integrity of the initial NAS message verified by the mobility management function entity in Mode 2, and the description is not repeated here. The above method can be applied when the initial NAS message to be protected is the ciphertext of the initial NAS message and the MAC of the initial NAS message, or the ciphertext of the initial NAS message after integrity protection, and the ciphertext of the initial NAS message after integrity protection. In the case where the encrypted content of the initial NAS message includes the initial NAS message and the MAC of the initial NAS message, the symmetric key includes an encryption key and an integrity protection key, and the first security algorithm includes an encryption algorithm and an integrity protection algorithm , the ciphertext of the initial NAS message or the ciphertext of the integrity-protected initial NAS message is obtained according to the encryption key and the encryption algorithm, and the MAC of the initial NAS message is obtained according to the integrity protection key and the integrity protection key algorithm of.

In this embodiment, the terminal device performs security protection on all or part of the initial NAS message according to the symmetric key and the first security algorithm, and does not secure the NAS message until it receives the NAS SMC message sent by the network device. The protection restriction not only improves the reliability of initial NAS message transmission, but also improves the access efficiency of terminal equipment.

It should be noted that, as an alternative to the embodiment shown in FIG. 3 , step 302 may be replaced by: the terminal device sends the protected initial NAS message and key-related parameters to the storage function entity. During specific implementation, optionally, the terminal device sends the protected initial NAS message and key-related parameters to the mobility management functional entity, and the mobility management functional entity receives the protected initial NAS message and key-related parameters from the terminal device. After setting the parameters, transparently transmit the protected initial NAS message and key-related parameters to the storage function entity. Or, optionally, the terminal device directly sends the protected initial NAS message and key-related parameters to the storage function entity. Then step 303 is performed, and after step 303 is performed, steps 304 and 305 are replaced by: the storage function entity obtains the initial NAS message according to the symmetric key and the first security algorithm, and then sends the initial NAS message to the mobility management function entity , wherein the manner in which the storage function entity obtains the initial NAS message according to the symmetric key and the first security algorithm is similar to the manner in which the mobility management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm in step 305, and will not be repeated here. .

In addition, since the mobile management function entity obtains the real content to be transmitted in the protected initial NAS message on the premise of obtaining the symmetric key and the first security algorithm, when the mobile management entity obtains the initial NAS message after obtaining the original NAS message , when the downlink NAS message needs to be sent to the terminal device, in order to improve the reliability of the downlink NAS message transmission, the downlink NAS message may also be securely protected according to the symmetric key and the first security algorithm, and then sent to the terminal device.

Specifically, a. An optional implementation manner is:

The mobility management function entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, and then sends the protected downlink NAS message to the terminal device. The terminal device receives the protected downlink NAS message from the mobility management function entity. After the message, the downlink NAS message is obtained according to the symmetric key and the first security algorithm. It should be noted that the way that the mobile management entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm may refer to the way that the terminal device obtains the protected initial NAS message according to the symmetric key and the first security algorithm . For the manner in which the terminal device obtains the downlink NAS message according to the symmetric key and the first security algorithm, refer to the manner in which the mobility management function entity obtains the initial NAS message according to the symmetric key and the first security algorithm.

For example, when the initial NAS message is a registration request message, the downlink NAS message may be a registration accept (registration accept) message, a registration reject (registration reject) message, or a NAS SMC message, or the like.

For example, the downlink NAS message is a NAS SMC message or a registration accept message. In order to improve the reliability of downlink NAS message transmission, optionally, the mobility management function entity obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, The protected downlink NAS message is the ciphertext of the downlink NAS message, and then sends the protected downlink NAS message to the terminal device. After the terminal device receives the protected downlink NAS message, according to the symmetric key and the first security algorithm, Decrypt the protected downlink NAS message to obtain the downlink NAS message. The above manner can be applied to the case where the symmetric key includes an encryption key and the first complete algorithm includes an encryption algorithm. In addition, optionally, when the symmetric key includes an encryption key and an integrity protection key, and the first security algorithm includes an encryption algorithm and an integrity protection algorithm, the protected downlink NAS message may include the encryption key of the downlink NAS message. The MAC of the ciphertext of the downlink NAS message and the downlink NAS message, or the protected downlink NAS message includes the ciphertext of the downlink NAS message and the MAC of the downlink NAS message, or the ciphertext of the integrity-protected downlink NAS message. The encrypted content of the ciphertext of the downlink NAS message includes the downlink NAS message and the MAC of the downlink NAS message. Optionally, when the symmetric key includes an integrity protection key and the first security algorithm is an integrity protection algorithm, the protected downlink NAS message is the downlink NAS message and the MAC of the downlink NAS message.

For another example, the downlink NAS message is a registration rejection message, and the mobility management function entity performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain the protected downlink NAS message; and sends the protected downlink NAS message to the terminal device. Downlink NAS messages. After receiving the downlink NAS message, the terminal device verifies the integrity of the downlink NAS message according to the symmetric key and the first security algorithm. The above manner can be applied to the case where the symmetric key includes the integrity protection key and the first security algorithm includes the integrity protection algorithm.

Specifically, since the mobile management function entity may reject the registration request of the terminal device, such as SUPI cannot be found, the terminal device is illegal, etc., the specific reasons for the mobile management function entity to reject the registration request of the terminal device can be found in Table 9.9 of 3GPP TS 24.301 .3.9.1. However, the registration rejection message in the prior art cannot be generally protected, so that the registration rejection message sent by the mobility management function entity to the terminal device may be tampered with, forged, sniffed, etc., causing the terminal device to enter a DoS state. However, in the embodiment of the present application, when the downlink NAS message is a registration rejection message, the mobility management function entity can perform integrity protection and/or encryption on the registration rejection message according to the symmetric key and the first security algorithm through the implementation mode a. , thereby helping to reduce the possibility of registration rejection messages being tampered with, forged, sniffed, etc.

b. Another optional implementation method is:

The mobility management functional entity obtains the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, wherein the downlink NAS message includes the second security algorithm, and then the mobility management functional entity performs the ciphertext of the downlink NAS message according to the second security algorithm. Integrity protection, obtain the protected downlink NAS message, and then send the protected downlink NAS message to the terminal device. After receiving the protected downlink NAS message from the mobility management function entity, the terminal device decrypts the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, and then the terminal device obtains the downlink NAS message from the downlink NAS message. Then, according to the second security algorithm, the integrity of the ciphertext of the downlink NAS message is checked. For example, in this implementation manner, the downlink NAS message may be a registration accept message.

Specifically, in the case where the symmetric key includes an encryption key and the first security algorithm includes an encryption algorithm, on the network side, the mobility management function entity encrypts the downlink NAS message according to the encryption key and the encryption algorithm, and obtains the information of the downlink NAS message. Ciphertext; on the terminal side, the terminal device decrypts the ciphertext of the downlink NAS message according to the encryption key and the encryption algorithm to obtain the downlink NAS message.

c. Another possible implementation is:

The mobility management function entity performs integrity protection on the downlink NAS message according to the second security algorithm, and obtains the protected downlink NAS message according to the symmetric key and the first security algorithm, wherein the protected downlink NAS message is an integrity-protected downlink NAS message. The ciphertext of the downlink NAS message, and then send the protected downlink NAS message to the terminal device. After receiving the protected downlink NAS message from the mobility management function entity, the terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, and then obtains the downlink NAS message from the downlink NAS message. The second security algorithm is used to verify the integrity of the downlink NAS message according to the second security algorithm. Specifically, the encrypted content of the ciphertext of the downlink NAS message after integrity protection includes the downlink NAS message and the MAC of the downlink NAS message.

It should be noted that, the mobility management function entity in this embodiment of the present application may further perform integrity protection on the downlink NAS message according to the second security algorithm, obtain the MAC of the downlink NAS message, and perform the integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm. The NAS message is encrypted to obtain the ciphertext of the downlink NAS message. In this implementation manner, the protected downlink NAS message is the ciphertext of the downlink NAS message and the MAC of the downlink NAS message. The protected downlink NAS message is then sent to the terminal device. After receiving the protected downlink NAS message from the mobility management function entity, the terminal device first decrypts the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message, and then obtains the downlink NAS message from the downlink NAS message. the second security algorithm, and then verify the integrity of the downlink NAS message according to the second security algorithm.

For example, in the above implementation manner, the downlink NAS message may be a registration accept message, or a NAS SMC message, or the like.

In implementations b and c, the second security algorithm includes an integrity protection algorithm. Optionally, the second security algorithm may also include an encryption algorithm. Specifically, the second security algorithm is a mobility management function entity based on the A list of security capabilities and preconfigured algorithms is selected. It should be noted that the first security algorithm and the second security algorithm may be the same or different, for example, the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm are the same, and the integrity included in the first security algorithm The protection algorithm and the integrity protection algorithm included in the second security algorithm are different; or, the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm are different, and the integrity protection algorithm included in the first security algorithm and the second security algorithm are different. The integrity protection algorithm included in the algorithm is the same; or, the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm are the same, and the integrity protection algorithm included in the first security algorithm and the integrity protection included in the second security algorithm are the same. The algorithms are the same; or, the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm are different, and the integrity protection algorithm included in the first security algorithm and the integrity protection algorithm included in the second security algorithm are different. Optionally, when the first security algorithm and the second security algorithm are the same, the second security algorithm may not be carried in the downlink NAS message, or the encryption algorithm included in the first security algorithm and the encryption algorithm included in the second security algorithm may not be included. When the algorithms are the same and the integrity protection algorithm included in the first security algorithm and the integrity protection algorithm included in the second security algorithm are different, the downlink NAS message carries the second security algorithm, and the downlink NAS message carries the second security algorithm in the Including integrity protection algorithms, and not including encryption algorithms. After obtaining the downlink NAS message, the terminal device subsequently communicates with the mobility management function entity based on the security algorithm carried in the downlink NAS message.

When the downlink NAS message is a NAS SMC message, it helps to improve the transmission reliability of the initial NAS message and is better compatible with the negotiation process of the existing security algorithm. Optionally, when the security algorithm determined by the mobility management functional entity is inconsistent with the security algorithm determined by the terminal device, the mobility management functional entity may send the security algorithm determined by itself to the terminal device through a NAS SMC message. When the mobility management functional entity determines In the case that the security algorithm determined by the terminal device is consistent with the security algorithm determined by the terminal device, the mobile management function entity may not send the NAS SMC message to the terminal device, which helps to reduce the interaction of signaling to a certain extent and improve the efficiency of communication; when the downlink When the NAS message is a registration acceptance message, the mobility management function entity can directly negotiate the security algorithm used by the terminal device through the registration acceptance message, omitting the transmission of the NASSMC message, which helps to reduce signaling interaction and improve communication efficiency.

Based on different implementation manners of the symmetric key, the message protection method according to the embodiment of the present application will be specifically introduced below.

Referring to FIG. 4 , a method for message protection provided by an embodiment of the present application is described by taking a symmetric key including an encryption key and an integrity protection key as an example, and specifically includes the following steps:

Step 401, the terminal device generates a first symmetric key according to the public key of the storage functional entity and the private key of the terminal device, where the first symmetric key includes a first encryption key and a first integrity protection key.

Specifically, for the manner in which the terminal device generates the first symmetric key, reference may be made to the manner in which the terminal device generates the symmetric key according to the public key of the storage functional entity and the private key of the terminal device in the embodiment shown in FIG.

Step 402, the terminal device encrypts the initial NAS message according to the first encryption key and the first encryption algorithm, and obtains the ciphertext of the initial NAS message.

Wherein, the first encryption algorithm may be pre-configured in the terminal device and the mobility management functional entity.

Step 403, the terminal device performs integrity protection on the ciphertext of the initial NAS message according to the first integrity protection key and the first integrity protection algorithm, and obtains the MAC of the ciphertext of the initial NAS message.

Wherein, the first integrity protection algorithm may be pre-configured in the terminal device and the mobility management functional entity.

Step 404, the terminal device sends the protected initial NAS message and the public key of the terminal device to the mobility management function entity.

The protected initial NAS message may include the ciphertext of the initial NAS message and the MAC of the ciphertext of the initial NAS message.

Step 405, after receiving the protected initial NAS message and the public key of the terminal device, the mobility management function entity sends the public key of the terminal device to the storage function entity.

Step 406: After the storage function entity receives the public key of the terminal device sent by the mobility management function entity, it generates a second symmetric key according to the public key of the terminal device and the private key of the storage function entity.

The second symmetric key may include a second encryption key and a second integrity protection key. Specifically, the second encryption key and the first encryption key may be the same, and the second integrity protection key and the first encryption key may be the same. The integrity protection keys can be the same.

For the manner in which the storage function entity generates the second symmetric key, reference may be made to the manner in which the storage function entity generates the symmetric key according to the public key of the terminal device and the private key of the storage function entity in the embodiment shown in FIG. 3 , which will not be repeated here. illustrate.

Step 407, the storage functional entity sends the second symmetric key to the mobility management functional entity.

Step 408: After the mobility management function entity receives the second symmetric key sent by the storage function entity, it verifies the integrity of the ciphertext of the initial NAS message according to the second integrity protection key and the first integrity protection algorithm.

The manner in which the mobility management function entity verifies the integrity of the ciphertext of the initial NAS message is similar to the manner in which the integrity of the initial NAS message is verified in the message protection method in FIG. 3 , and the description is not repeated here.

Step 409: When the integrity check of the ciphertext of the initial NAS message is successful, the mobility management function entity decrypts the ciphertext of the initial NAS message according to the second encryption key and the first encryption algorithm to obtain the initial NAS message.

Wherein, after obtaining the initial NAS message, the mobility management function entity may send a downlink NAS message to the terminal device, and in order to improve the reliability of transmitting the downlink NAS message, steps 410 to 412 may also be performed.

Step 410, the mobility management function entity obtains the protected downlink NAS message according to the second symmetric key and the first security algorithm.

It should be noted that in step 410, the specific implementation of the protected downlink NAS by the mobility management function entity is similar to the specific implementation of the protected downlink NAS message obtained by the mobility management function entity in the embodiment shown in FIG. Repeat instructions.

Step 411, the mobility management function entity sends the protected downlink NAS message to the terminal device.

Step 412, after receiving the protected downlink NAS message, the terminal device obtains the downlink NAS message according to the second symmetric key and the first security algorithm.

It should be noted that the specific implementation of the terminal device obtaining the downlink NAS in step 412 is similar to the specific implementation of the terminal device obtaining the downlink NAS message in the embodiment shown in FIG. 3 , and the description will not be repeated here.

Wherein, in the case where the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, a NASSMC message, or a registration rejection message, and the specific downlink NAS message may be determined by the mobility management function entity according to the actual situation or a preconfigured policy. make a decision.

Exemplarily, in the embodiment shown in FIG. 4 , the second symmetric key includes a second encryption key and a second integrity protection key, and the first security algorithm includes a first encryption algorithm and a first integrity protection algorithm. , the mobility management function entity can perform security protection on downlink NAS messages in the following ways:

Security protection method 1: The mobility management function entity uses the partial key in the second symmetric key and the corresponding partial algorithm in the first security algorithm to perform security protection on the downlink NAS message, for example, only the first encryption algorithm and the second encryption key are used. The downlink NAS message is protected by the key; or only the first integrity protection algorithm and the second integrity protection key are used to perform security protection on the downlink NAS message, and so on.

Security protection mode 2: The mobility management function entity uses the first security algorithm and the second symmetric key to perform integrity protection and encryption on the downlink NAS message.

Security protection mode 3: The mobility management function entity encrypts the downlink NAS message according to the first encryption algorithm and the second encryption key, and performs integrity protection on the downlink NAS message or the ciphertext of the downlink NAS message according to the second security algorithm, wherein the first The second security algorithm is selected by the mobility management functional entity based on the security capability of the terminal device and a preconfigured algorithm list; the second security algorithm includes a second integrity protection algorithm, and the optional second security algorithm may also include a second encryption algorithm, In the third security protection mode, the downlink NAS message includes the second security algorithm.

It should be noted that, which security protection mode the mobility management functional entity selects may be determined by a preconfigured algorithm.

In this embodiment, when the terminal device initially accesses the network, it encrypts and protects the integrity of the initial NAS message according to the first symmetric key and the first security algorithm, which not only improves the transmission security of the initial NAS message, but also improves the terminal The efficiency of device access to the network. In addition, after obtaining the initial NAS message, the mobility management function entity also performs security protection on the downlink NAS message sent to the terminal device, which improves the security of the downlink NAS message transmission.

It should also be noted that, as an alternative to the embodiment shown in FIG. 4 , step 402 and step 403 may be replaced with: if the initial NAS message to be protected includes the ciphertext of the initial NAS message and the MAC of the initial NAS message, Then, the terminal device performs integrity protection on the initial NAS message according to the first integrity protection key and the first integrity protection algorithm, and encrypts the initial NAS message according to the first encryption key and the first encryption algorithm. There is no necessary order of execution between the two steps. For example, the encryption step of the initial NAS message may be performed first, and then the integrity protection step of the initial NAS message may be performed, or the integrity protection step of the initial NAS message may be performed first and then performed. Encryption step for the initial NAS message.

Further, steps 408 and 409 can be replaced with: after the mobility management function entity receives the protected initial NAS message, the protected initial NAS message includes the ciphertext of the initial NAS message and the MAC of the initial NAS message, and the mobility management The functional entity may first decrypt the ciphertext of the initial NAS message to obtain the initial NAS message, and then verify the integrity of the initial NAS message. For other steps, reference may be made to the steps in the embodiment shown in FIG. 4 , which will not be repeated.

Of course, the embodiment shown in FIG. 4 is only described as an example. For example, only one way of generating a symmetric key is given in the embodiment shown in FIG. It is configured in the terminal device, or a symmetric key can also be generated according to a random key generation algorithm or a random number.

Referring to FIG. 5 , a method for message protection provided by an embodiment of the present application is described by taking a symmetric key as an encryption key as an example, and the details are as follows.

Step 501, the terminal device generates an encryption key.

Specifically, for the manner in which the terminal device generates the encryption key, reference may be made to the manner in which the terminal device generates the symmetric key in the embodiment shown in FIG. 3 , and details are not described herein again.

Step 502, the terminal device encrypts the encryption key according to the public key of the storage functional entity to obtain the ciphertext of the encryption key.

Step 503, the terminal device encrypts the initial NAS message according to the encryption key and the first encryption algorithm to obtain the ciphertext of the initial NAS message.

Wherein, the first encryption algorithm may be pre-configured in the terminal device and the mobility management functional entity.

Step 504, the terminal device sends the ciphertext of the initial NAS message and the ciphertext of the encryption key to the mobility management function entity.

Step 505: After receiving the ciphertext of the initial NAS message and the ciphertext of the encryption key, the mobility management function entity sends the ciphertext of the encryption key to the storage function entity.

Step 506, after receiving the ciphertext of the encryption key sent by the mobility management function entity, the storage function entity decrypts the ciphertext of the encryption key according to the private key of the storage function entity to obtain the encryption key.

Step 507, the storage function entity sends the encryption key to the mobility management function entity.

Step 508, after receiving the encryption key sent by the storage function entity, the mobility management function entity decrypts the ciphertext of the initial NAS message according to the encryption key and the first encryption algorithm to obtain the initial NAS message.

Specifically, after obtaining the initial NAS message, the mobility management function entity may send the downlink NAS message to the terminal device. In order to improve the reliability of transmitting the downlink NAS message, steps 509 to 511 may be performed.

Step 509, the mobility management function entity encrypts the downlink NAS message according to the encryption key to obtain the ciphertext of the downlink NAS message.

Step 510, the mobility management function entity sends the ciphertext of the downlink NAS message to the terminal device.

Step 511, after receiving the ciphertext of the downlink NAS message, the terminal device decrypts the ciphertext of the downlink NAS message according to the encryption key and the first encryption algorithm to obtain the downlink NAS message.

Wherein, in the case where the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, a NASSMC message or a registration rejection message. In addition, the specific downlink NAS message can be determined by the mobility management function entity according to the actual situation or pre-configured. strategy to decide.

In addition, in the method for message protection in the embodiment shown in FIG. 5, the mobility management functional entity may select a new encryption algorithm and/or an integrity protection algorithm based on the security capability of the terminal device and the preconfigured algorithm list, and use the downlink NAS to select a new encryption algorithm and/or an integrity protection algorithm. The message is sent to the terminal device. In addition, after selecting a new integrity protection algorithm, the mobility management function entity may perform integrity protection on the downlink NAS message based on the selected new integrity protection algorithm, and then execute step 509 .

In this embodiment, when the terminal device initially accesses the network, it can encrypt the initial NAS message according to the encryption key and the first encryption algorithm, which not only improves the transmission security of the initial NAS message, but also improves the efficiency of the terminal device accessing the network. In addition, after obtaining the initial NAS message, the mobility management function entity also performs security protection on the downlink NAS message sent to the terminal device, which improves the security of the downlink NAS message transmission.

Of course, the embodiment shown in FIG. 5 is only described as an example. For example, the embodiment shown in FIG. 5 only provides a method for generating an encryption key. It is configured in the terminal device, or, the encryption key can also be generated according to the private key of the terminal device and the public key of the storage functional entity, or a random number or the like. For another example, the embodiment shown in FIG. 5 only provides a configuration method of a security algorithm. In addition, the security algorithm may be pre-configured in the storage function entity, and then sent by the storage function entity to the mobility management function entity.

Referring to FIG. 6 , an embodiment of the present application provides a method for message protection. The method is described by taking a symmetric key as an integrity protection key as an example, and the details are as follows.

Step 601, the terminal device generates an integrity protection key.

Specifically, for the manner of the integrity protection key generated by the terminal device, reference may be made to the manner in which the terminal device generates the symmetric key in the embodiment shown in FIG. 3 , and details are not described herein again.

Step 602, the terminal device encrypts the integrity protection key and the first integrity protection algorithm according to the public key of the storage functional entity to obtain the first ciphertext.

The content encrypted by the first ciphertext may include an integrity protection key and a first integrity protection algorithm.

The first integrity protection algorithm may be determined by the terminal device according to a preconfigured policy, wherein the configuration mode of the preconfigured policy is similar to the related description in the embodiment shown in FIG. 3 , and details are not repeated here.

Step 603, the terminal device performs integrity protection on the initial NAS message according to the integrity protection key and the first integrity protection algorithm, and obtains the MAC of the initial NAS message.

Step 604, the terminal device sends the MAC of the initial NAS message, the initial NAS message and the first ciphertext to the mobility management function entity.

Optionally, the first integrity protection algorithm is preconfigured in the terminal device and the mobility management functional entity. In this case, the terminal device does not need to encrypt the first integrity protection algorithm and send it to the storage functional entity.

Step 605: After receiving the MAC of the initial NAS message, the initial NAS message and the first ciphertext, the mobility management function entity sends the first ciphertext to the storage function entity.

Step 606: After the storage function entity receives the first ciphertext sent by the mobility management function entity, it decrypts the first ciphertext according to the private key of the storage function entity to obtain the integrity protection key and the first integrity protection key. algorithm.

Step 607, the storage function entity sends the integrity protection key and the first integrity protection algorithm to the mobility management function entity.

Step 608: After receiving the integrity protection key and the first integrity protection algorithm sent by the storage function entity, the mobility management function entity verifies the integrity of the initial NAS message according to the integrity protection key and the first integrity protection algorithm .

The manner in which the mobility management function entity checks the integrity of the initial NAS message is similar to the manner in which the integrity of the initial NAS message is checked in the embodiment shown in FIG. 3 , and the description is not repeated here.

When the integrity check of the received initial NAS message is successful, the mobility management function entity may send a downlink NAS message to the terminal device, and may also perform steps 609 to 611 in order to improve the reliability of transmitting the downlink NAS message.

Step 609, the mobility management function entity performs integrity protection on the downlink NAS message according to the integrity protection key and the first integrity protection algorithm, and obtains the MAC of the downlink NAS message.

Step 610, the mobility management function entity sends the MAC of the downlink NAS message and the downlink NAS message to the terminal device.

Step 611, after receiving the downlink NAS message and the MAC of the downlink NAS message, the terminal device verifies the integrity of the downlink NAS message according to the integrity protection key and the first integrity protection algorithm.

Wherein, in the case where the initial NAS message is a registration request, the downlink NAS message may be a registration accept message, a NASSMC message or a registration rejection message. Specifically, which message the downlink NAS message is can be determined by the mobility management function entity according to the actual situation or pre-configured strategy to decide.

In addition, in the message protection method shown in FIG. 6, if the mobility management functional entity selects a new integrity protection algorithm based on the security capability of the terminal device and the pre-configured algorithm list, it can be sent to the terminal device through a downlink NAS message, In addition, after the mobility management functional entity selects a new integrity protection algorithm, the mobility management functional entity may first perform integrity protection on the downlink NAS message based on the selected new integrity protection algorithm. After the MAC of the NAS message and the downlink NAS message is obtained, a new integrity protection algorithm is obtained from the downlink NAS message first, and then the integrity check of the downlink NAS message is performed.

In this embodiment, when the terminal device initially accesses the network, it performs integrity protection on the initial NAS message according to the integrity key and the first integrity algorithm, thereby improving the integrity protection of the initial NAS message. In addition, the mobility management function entity When the protected initial NAS message is received and the integrity check of the initial NAS message is successful, the integrity of the downlink NAS message sent to the terminal device can also be protected, thereby improving the security of the downlink NAS message transmission.

Of course, FIG. 6 is only used as an example for illustration. For example, FIG. 6 only shows a method for generating an integrity protection key. In addition, the integrity protection key in this embodiment of the present application can also be based on the private key of the terminal device. The key and the public key of the storage functional entity are generated, or the random key generation algorithm is used to generate the integrity protection key. For another example, FIG. 6 only shows a configuration method of a security algorithm. In addition, the security algorithm may be preconfigured in the storage function entity, and then sent by the storage function entity to the mobility management function entity.

The foregoing mainly introduces the solution provided by the present application from the perspective of interaction between various network elements. It can be understood that, in order to implement the above-mentioned functions, each network element that implements the above includes corresponding hardware structures and/or software modules for executing each function. Those skilled in the art should easily realize that the unit and algorithm steps of each example described in conjunction with the embodiments disclosed in the present application can be implemented in hardware or in the form of a combination of hardware and computer software. Whether a function is performed by hardware or computer software driving hardware depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this application.

Based on the same concept, as shown in FIG. 7 , a schematic diagram of a message protection device provided by the present application, the device may be a terminal device or a chip or a system-on-chip in the terminal device, and can execute the above-mentioned FIG. 3 and FIG. 4 , a method performed by a terminal device in any of the embodiments shown in FIG. 5 and FIG. 6 .

The apparatus 700 includes at least one processor 710 and a memory 730 .

Wherein, the memory 730 is used to store programs, which can be ROM or other types of static storage devices that can store static information and instructions, such as RAM or other types of dynamic storage devices that can store information and instructions, or can be electrically erasable and programmable. Read-only memory (Electrically erasable programmabler-only memory, EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, Blu-ray disc, etc.), magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store the desired program in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. The memory 730 may exist independently and be connected to the processor 710 . The memory 730 may also be integrated with the processor 710 .

The processor 710 is configured to execute the program in the memory 730 to implement the steps performed by the terminal device in the message protection solution according to the embodiment of the present application, and the relevant features can be referred to above, which will not be repeated here. For example, the processor 710 may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more integrated circuits for controlling the execution of the programs of the technical solution of the present application.

In a specific implementation, as an embodiment, the processor 710 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 7 .

In a specific implementation, as an embodiment, the apparatus 700 may include multiple processors, such as the processor 710 and the processor 711 in FIG. 7 . Each of these processors may be a single-CPU processor or a multi-CPU processor, where processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.

Optionally, when the apparatus 700 is a terminal device, it may further include a transceiver 720 as shown in FIG. 7 for communicating with other devices or a communication network, and the transceiver 720 includes a radio frequency circuit. The processor 710, the transceiver 720, and the memory 730 in the terminal device may be connected through a communication bus. The communication bus may include a path to transfer information between the units. When the apparatus 700 is a chip in a terminal device or an on-board system, the processor 710 can send or receive data through input/output interfaces, pins or circuits, and the like.

As shown in FIG. 8, a schematic diagram of another apparatus for message protection according to an embodiment of the present application, the apparatus may be a terminal device or a chip or a system-on-a-chip in the terminal device, and can execute the above-mentioned FIG. 3, FIG. 4, FIG. 5 and A method performed by a terminal device in any of the embodiments shown in FIG. 6 .

The apparatus includes a processing unit 801 and a communication unit 802 .

The processing unit 801 is configured to obtain the protected initial NAS message according to the symmetric key and the first security algorithm, and the communication unit 802 is configured to send the protected initial NAS message to the first network device; and to the second network The device sends key-related parameters, where the key-related parameters are used to obtain a symmetric key.

Optionally, the key-related parameter includes the public key of the terminal device, and the processing unit 801 is specifically configured to generate a symmetric key according to the public key of the second network device and the private key of the terminal device.

Optionally, the processing unit 801 is specifically configured to generate an intermediate key according to the public key of the second network device and the private key of the terminal device; and then generate a symmetric key according to the intermediate key and the fixed character string.

Optionally, the key-related parameters include the ciphertext of the symmetric key, wherein the ciphertext of the symmetric key is obtained according to the public key of the second network device, and the processing unit 801 is specifically configured to generate a heap according to a random key generation algorithm. or, optionally, the processing unit 801 is specifically configured to generate a symmetric key according to a random number, a permanent key, and a key derivation function (key derivation function, KDF).

Optionally, the key-related parameter includes a ciphertext of the first security algorithm, where the ciphertext of the first security algorithm is obtained according to the public key of the second network device.

Optionally, the first security algorithm is determined by the terminal device according to a preconfigured policy.

Optionally, the initial NAS message is a registration request message.

Optionally, the processing unit 801 is further configured to, after the communication unit 802 receives the protected downlink NAS message from the first network device, decrypt the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain: Downlink NAS message, where the downlink NAS message may be a registration accept message or a NAS SMC message.

Optionally, the communication unit 802 is further configured to receive a protected downlink NAS message from the first network device, wherein the downlink NAS message includes the second security algorithm, and the processing unit 801 is further configured to receive the protected downlink NAS message according to the symmetric key and the first security algorithm. The algorithm decrypts the protected downlink NAS message, obtains the downlink NAS message, and then obtains the second security algorithm from the downlink NAS message. The second security algorithm verifies the integrity of the protected downlink NAS message. If the first network device performs integrity protection on the downlink NAS message, the integrity of the downlink NAS message is verified according to the second security algorithm. The downlink NAS message is a registration accept message.

Optionally, the communication unit 802 is further configured to receive a protected downlink NAS message from the first network device, and the processing unit 801 is further configured to verify the integrity of the downlink NAS message according to the symmetric key and the first security algorithm, wherein The downlink NAS message may be a downlink reject message.

Optionally, the first network device is AMF, and the second network device is UDM or AUSF.

It should be understood that the apparatus can be used to implement the steps performed by the terminal device in the message protection method of the embodiment of the present application, and the relevant features can be referred to the above, which will not be repeated here.

Based on the same concept, as shown in FIG. 9 , a schematic diagram of a message protection apparatus provided by the present application is provided. 3. The method performed by the storage functional entity in any of the embodiments shown in FIG. 4 , FIG. 5 and FIG. 6 .

The apparatus 900 includes at least one processor 910 and a memory 930 .

Wherein, the memory 930 is used to store programs, and can be ROM or other types of static storage devices that can store static information and instructions, such as RAM or other types of dynamic storage devices that can store information and instructions, or EEPROM, CD-ROM, etc. or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disc storage medium or other magnetic storage device, or capable of being used to carry or store desired in the form of instructions or data structures programs and any other medium that can be accessed by a computer, without limitation. The memory 930 may exist independently and be connected to the processor 910 . The memory 930 may also be integrated with the processor 910 .

The processor 910 is configured to execute the program in the memory 930 to implement the steps performed by the second network device in the message protection solution of the embodiment of the present application, and the relevant features can be referred to above, which will not be repeated here. For example, the processor 910 may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more integrated circuits for controlling the execution of the programs of the technical solution of the present application.

In a specific implementation, as an embodiment, the processor 910 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 9 .

In a specific implementation, as an embodiment, the apparatus 900 may include multiple processors, such as the processor 910 and the processor 911 in FIG. 9 . Each of these processors may be a single-CPU processor or a multi-CPU processor, where processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.

Optionally, when the apparatus 900 is the first network device, it may further include a transceiver 920 as shown in FIG. 9 for communicating with other devices or a communication network, and the transceiver 920 includes a radio frequency circuit. The processor 910, the transceiver 920, and the memory 930 in the second network device may be connected through a communication bus. The communication bus may include a path to transfer information between the units. When the apparatus 900 is a chip in the second network device or an on-board system, the processor 910 can send or receive data through an input/output interface, a pin or a circuit or the like.

As shown in FIG. 10 , which is a schematic diagram of another apparatus for message protection according to an embodiment of the present application, the apparatus may be a second network device or a chip or a system-on-chip in the second network device, and may execute the above-mentioned FIG. 3 and FIG. 4 , a method performed by a storage functional entity in any of the embodiments shown in FIG. 5 and FIG. 6 .

The apparatus includes a processing unit 1001 and a communication unit 1002 .

Among them, the communication unit 1002 is used to receive the key-related parameters from the terminal device, the processing unit 1001 is used to obtain the symmetric key according to the key-related parameters, and then the communication unit 1002 is also used to send the symmetric key to the first network device. The key, where the key-related parameters are used to obtain a symmetric key, and the symmetric key is used to secure the initial NAS message.

Optionally, the key-related parameters include the public key of the terminal device; the processing unit 1001 is specifically configured to generate a symmetric key according to the public key of the terminal device and the private key of the second network device.

Optionally, the processing unit 1001 is specifically configured to generate an intermediate key according to the public key of the terminal device and the private key of the second network device, and then generate a symmetric key according to the intermediate key and the fixed character string.

Optionally, the key-related parameter includes the ciphertext of the symmetric key; the processing unit 1001 is specifically configured to decrypt the ciphertext of the symmetric key according to the private key of the second network device to obtain the symmetric key.

Optionally, the key-related parameters include the ciphertext of the first security algorithm; the processing unit 1001 is further configured to decrypt the ciphertext of the first security algorithm according to the public key of the second network device to obtain the first security algorithm, and the communication unit 1002 is further configured to send the first security algorithm to the first network device.

Optionally, the first network device is an AMF entity; the apparatus 1000 is a UDM entity or an AUSF entity.

It should be understood that the apparatus may be used to implement the steps performed by the second network device in the message protection method of the embodiment of the present application, and the relevant features can be referred to above, which will not be repeated here.

Based on the same concept, as shown in FIG. 11 , a schematic diagram of an apparatus for message protection provided by the present application, the apparatus may be a first network device, or a chip of the first network device, or an upper system, and can execute the above-mentioned FIG. 3. The method executed by the mobility management functional entity in any of the embodiments shown in FIG. 4 , FIG. 5 and FIG. 6 .

The first network device 1100 includes at least one processor 1110 and a memory 1130 .

Among them, the memory 1130 is used to store programs, which can be ROM or other types of static storage devices that can store static information and instructions, such as RAM or other types of dynamic storage devices that can store information and instructions, or EEPROM, CD-ROM, etc. or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), magnetic disc storage medium or other magnetic storage device, or capable of being used to carry or store desired in the form of instructions or data structures programs and any other medium that can be accessed by a computer, without limitation. The memory 1130 may exist independently and be connected to the processor 1110 . The memory 1130 may also be integrated with the processor 1110.

The processor 1110 is configured to execute the program in the memory 1130 to implement the steps performed by the first network device in the message protection solution of the embodiment of the present application, and the relevant features can be referred to above, which will not be repeated here. For example, the processor 1110 may be a general-purpose CPU, a microprocessor, a specific ASIC, or one or more integrated circuits for controlling the execution of the programs of the technical solution of the present application.

In a specific implementation, as an embodiment, the processor 1110 may include one or more CPUs, such as CPU0 and CPU1 in FIG. 11 .

In a specific implementation, as an embodiment, the apparatus 1100 may include multiple processors, for example, the processor 1110 and the processor 1111 in FIG. 11 . Each of these processors may be a single-CPU processor or a multi-CPU processor, where processor may refer to one or more devices, circuits, and/or A processing core for processing data, such as computer program instructions.

Optionally, when the apparatus 1100 is the first network device, it may further include a transceiver 1120 as shown in FIG. 11 for communicating with other devices or a communication network, and the transceiver 1120 includes a radio frequency circuit. The processor 1110, the transceiver 1120, and the memory 1130 in the first network device may be connected through a communication bus. The communication bus may include a path to transfer information between the units. When the apparatus 1100 is a chip in the first network device or an on-board system, the processor 1110 can send or receive data through an input/output interface, a pin or a circuit or the like.

As shown in FIG. 12 , a schematic diagram of another apparatus for message protection according to an embodiment of the present application, the apparatus may be a first network device or a chip or a system-on-chip in the first network device, and may execute the above-mentioned FIG. 3 and FIG. 4 , the method performed by the mobility management functional entity in any of the embodiments shown in FIG. 5 and FIG. 6 .

The apparatus includes a processing unit 1201 and a communication unit 1202 .

Wherein, the communication unit 1202 is used for receiving the protected initial NAS message from the terminal device; and receiving the symmetric key from the second network device; the processing unit 1201 is used for obtaining the initial NAS message according to the symmetric key and the first security algorithm .

Optionally, the communication unit 1202 is further configured to receive the first security algorithm from the second network device.

Optionally, the initial NAS message is a registration request message.

Optionally, the processing unit 1201 is further configured to obtain the protected downlink NAS message according to the symmetric key and the first security algorithm; the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.

Optionally, the downlink NAS message is a registration accept message or a NAS SMC message.

Optionally, the processing unit 1201 is further configured to obtain the ciphertext of the downlink NAS message according to the symmetric key and the first security algorithm, wherein the downlink NAS message is a registration acceptance message, and the registration acceptance message includes the second security algorithm; the communication unit 1202 It is further configured to perform integrity protection on the ciphertext of the downlink NAS message according to the second security algorithm to obtain the protected downlink NAS message, and the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.

Optionally, the processing unit 1201 is further configured to perform integrity protection on the downlink NAS message according to the second security algorithm, wherein the downlink NAS message is a registration acceptance message, and the registration acceptance message includes the second security algorithm; and then according to the symmetric key and The first security algorithm obtains the protected downlink NAS message, and the protected downlink NAS message is the ciphertext of the integrity-protected downlink NAS message; the communication unit 1202 is further configured to send the protected downlink NAS message to the terminal device.

Optionally, the processing unit 1201 is further configured to perform integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm to obtain the protected downlink NAS message, and then the communication unit 1202 is further configured to send the message to the terminal device. The protected downlink NAS message, where the downlink NAS message may be a registration rejection message.

Optionally, the apparatus is an AMF entity; the second network device is a UDM entity or an AUSF entity.

It should be understood that the apparatus may be used to implement the steps performed by the first network device in the message protection method of the embodiment of the present application, and the relevant features may refer to the above, which will not be repeated here.

It should be understood that the manner in which the device for message protection shown in FIG. 8 , FIG. 10 and FIG. 12 is divided into modules is schematic, and is only a logical function division, and there may be other division manners in actual implementation. For example, the communication unit is divided into a receiving unit and a transmitting unit.

An embodiment of the present application further provides a communication system, where the communication system includes an apparatus 700, an apparatus 900, and an apparatus 1100, and the connection manner may be as shown in FIG. 13a or as shown in FIG. 13b.

In the above-mentioned embodiments, it may be implemented in whole or in part by software, hardware, firmware or any combination thereof. When implemented in software, it can be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, all or part of the processes or functions described in the embodiments of the present application are generated. The computer may be a general purpose computer, special purpose computer, computer network, or other programmable device. The computer instructions may be stored in or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be downloaded from a website site, computer, server or data center Transmission to another website site, computer, server, or data center is by wire (eg, coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that includes an integration of one or more available media. The usable media may be magnetic media (eg, floppy disks, hard disks, magnetic tapes), optical media (eg, DVD), or semiconductor media (eg, Solid State Disk (SSD)), and the like.

Although the application is described herein in conjunction with the various embodiments, those skilled in the art will understand and understand from a review of the drawings, the disclosure, and the appended claims in practicing the claimed application. Other variations of the disclosed embodiments are implemented. In the claims, the word "comprising" does not exclude other components or steps, and "a" or "an" does not exclude a plurality. A single processor or other unit may fulfill the functions of several items recited in the claims. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that these measures cannot be combined to advantage.

It should be understood by those skilled in the art that the embodiments of the present application may be provided as a method, an apparatus (apparatus), a computer-readable storage medium or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects, all of which are collectively referred to herein as a "module" or "system."

The present application is described with reference to flowchart illustrations and/or block diagrams of the methods, apparatus (apparatus) and computer program products of the present application. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

Although the application has been described in conjunction with specific features and embodiments thereof, it will be apparent that various modifications and combinations can be made therein without departing from the spirit and scope of the application. Accordingly, this specification and drawings are merely exemplary illustrations of the application as defined by the appended claims, and are deemed to cover any and all modifications, variations, combinations or equivalents within the scope of this application. Obviously, those skilled in the art can make various changes and modifications to the present application without departing from the spirit and scope of the present application. Thus, if these modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is also intended to include these modifications and variations.

Claims (30)

1. A method for message protection, wherein the method comprises: The terminal device obtains the protected initial non-access stratum NAS message according to the symmetric key and the first security algorithm; sending, by the terminal device, the protected initial NAS message to the first network device; The terminal device sends a key-related parameter to the second network device, where the key-related parameter is used to obtain the symmetric key. 2. The method according to claim 1, wherein the key-related parameter comprises the public key of the terminal device; the method further comprises: The terminal device generates the symmetric key according to the public key of the second network device and the private key of the terminal device. 3. The method according to claim 2, wherein the terminal device generates the symmetric key according to the public key of the second network device and the private key of the terminal device, comprising: The terminal device generates an intermediate key according to the public key of the second network device and the private key of the terminal device; The terminal device generates the symmetric key according to the intermediate key and the fixed character string. 4. The method of claim 1, wherein the key-related parameter comprises a ciphertext of the symmetric key, wherein the ciphertext of the symmetric key is based on the second network device's ciphertext obtained from the public key; The method also includes: The terminal device generates the symmetric key according to a random key generation algorithm; or, The terminal device generates the symmetric key according to the random number, the permanent key and the key derivation function KDF. 5. The method according to any one of claims 1 to 4, wherein the key-related parameter comprises a ciphertext of the first security algorithm, wherein the ciphertext of the first security algorithm is based on the obtained from the public key of the second network device. 6. The method of claim 5, wherein the first security algorithm is determined by the terminal device according to a preconfigured policy. 7. The method according to any one of claims 1 to 6, wherein the initial NAS message is a registration request message. 8. The method according to any one of claims 1 to 7, wherein the method further comprises: The terminal device receives a protected downlink NAS message from the first network device, where the downlink NAS message is a registration accept message or a NAS security mode command SMC message; The terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message. 9. The method according to any one of claims 1 to 7, wherein the method further comprises: receiving, by the terminal device, a protected downlink NAS message from the first network device, where the downlink NAS message is a registration accept message, and the registration accept message includes a second security algorithm; The terminal device decrypts the protected downlink NAS message according to the symmetric key and the first security algorithm to obtain the downlink NAS message; obtaining, by the terminal device, the second security algorithm from the downlink NAS message; The terminal device checks the integrity of the downlink NAS message or the protected downlink NAS message according to the second security algorithm. 10. The method according to any one of claims 1 to 7, wherein the method further comprises: receiving, by the terminal device, a protected downlink NAS message from the first network device, where the downlink NAS message is a registration rejection message; The terminal device verifies the integrity of the downlink NAS message according to the symmetric key and the first security algorithm. 11. The method according to any one of claims 1 to 10, wherein the first network device is an access and mobility management function AMF entity; The second network device is an independent data management UDM entity or an authentication service function AUSF entity. 12. A method for message protection, wherein the method comprises: The second network device receives a key-related parameter from the terminal device, where the key-related parameter is used to obtain a symmetric key, and the symmetric key is used for security protection of the initial non-access stratum NAS message; obtaining, by the second network device, the symmetric key according to the key-related parameter; The second network device sends the symmetric key to the first network device. 13. The method of claim 12, wherein the key-related parameter comprises a public key of the terminal device; The second network device obtains the symmetric key according to the key-related parameters, including: The second network device generates the symmetric key according to the public key of the terminal device and the private key of the second network device. 14. The method of claim 13, wherein the second network device generates the symmetric key according to the public key of the terminal device and the private key of the second network device, comprising: The second network device generates an intermediate key according to the public key of the terminal device and the private key of the second network device; The second network device generates the symmetric key according to the intermediate key and the fixed character string. 15. The method of claim 12, wherein the key-related parameter comprises a ciphertext of the symmetric key; The second network device obtains the symmetric key according to the key-related parameters, including: The second network device decrypts the ciphertext of the symmetric key according to the private key of the second network device to obtain the symmetric key. 16. The method according to any one of claims 12 to 15, wherein the key-related parameter comprises a ciphertext of the first security algorithm; the method further comprises: The second network device decrypts the ciphertext of the first security algorithm according to the public key of the second network device to obtain the first security algorithm; The second network device sends the first security algorithm to the first network device. 17. The method according to any one of claims 1 to 16, wherein the first network device is an access and mobility management function AMF entity; The second network device is an independent data management UDM entity or an authentication service function AUSF entity. 18. A method for message protection, wherein the method comprises: the first network device receives the protected initial non-access stratum NAS message from the terminal device; the first network device receives the symmetric key from the second network device; The first network device obtains the initial NAS message according to the symmetric key and the first security algorithm. 19. The method of claim 18, further comprising: The first network device receives the first security algorithm from the second network device. 20. The method of claim 18 or 19, wherein the initial NAS message is a registration request message. 21. The method of any one of claims 18 to 20, wherein the method further comprises: obtaining, by the first network device, a protected downlink NAS message according to the symmetric key and the first security algorithm; The first network device sends the protected downlink NAS message to the terminal device. 22. The method of claim 21, wherein the downlink NAS message is a registration accept message or a NAS security mode command SMC message. 23. The method of any one of claims 18 to 20, wherein the method further comprises: obtaining, by the first network device, a ciphertext of a downlink NAS message according to the symmetric key and the first security algorithm, where the downlink NAS message is a registration acceptance message, and the registration acceptance message includes a second security algorithm; The first network device performs integrity protection on the ciphertext of the downlink NAS message according to the second security algorithm to obtain a protected downlink NAS message; The first network device sends the protected downlink NAS message to the terminal device. 24. The method of any one of claims 18 to 20, wherein the method further comprises: The first network device performs integrity protection on the downlink NAS message according to the second security algorithm, the downlink NAS message is a registration acceptance message, and the registration acceptance message includes the second security algorithm; The first network device obtains a protected downlink NAS message according to the symmetric key and the first security algorithm, where the protected downlink NAS message is the ciphertext of the integrity-protected downlink NAS message; The first network device sends the protected downlink NAS message to the terminal device. 25. The method of any one of claims 18 to 20, wherein the method further comprises: The first network device performs integrity protection on the downlink NAS message according to the symmetric key and the first security algorithm, and obtains a protected downlink NAS message, where the downlink NAS message is a registration rejection message; The first network device sends the protected downlink NAS message to the terminal device. 26. The method according to any one of claims 18 to 25, wherein the first network device is an access and mobility management function AMF entity; the second network device is an independent data management UDM entity or an authentication The right service function AUSF entity. 27. An apparatus for message protection, comprising a processor and a memory, wherein: the memory stores a program; The processor is configured to call the program stored in the memory to execute the method according to any one of claims 1 to 11. 28. A device for message protection, comprising a processor and a memory, wherein: the memory stores a program; The processor is configured to call the program stored in the memory to execute the method according to any one of claims 12 to 17. 29. A device for message protection, comprising a processor, a memory, wherein: the memory stores a program; The processor is configured to call the program stored in the memory to execute the method according to any one of claims 18 to 26. 30. A computer-readable storage medium, characterized in that, the computer-readable storage medium stores a program, and when the program is run on a computer, the computer causes the computer to execute any one of claims 1 to 26. method.