CN101990201B - Method, system and device for generating general bootstrapping architecture (GBA) secret key - Google Patents

Abstract

The invention discloses a method for generating a GBA key and its system and equipment. The method includes: the BSF obtains the authentication information of the corresponding user from the HLR, and sends the random number therein to the user terminal. The key in the authentication information is obtained by the HLR according to It is generated by the corresponding stored key and the key shared by the user and the network side; the user terminal generates AKA authentication information according to the random number and the key shared by the user and the network side, and generates AKA authentication information according to the AKA authentication information and the user The key shared with the network side generates the root key of the GBA key, generates an authentication code, and sends the generated authentication code to the BSF device; after the BSF device authenticates the user terminal according to the received authentication code, according to its The obtained authentication information generates the root key of the GBA key; the BSF device and the user terminal respectively generate the GBA key according to the generated root key. By adopting the invention, the security of the GBA key can be improved.

Description

Method for generating GBA key, system and device thereof

technical field

The invention relates to the field of wireless communication, in particular to a method for generating a GBA key and its system and equipment.

Background technique

With the development of data services, both operators and users need a reliable authentication mechanism to ensure legal service use and correct billing. In 2G (second generation mobile communication network) services, many applications require two-way authentication between the terminal (such as UE) and the application server. Login authentication; if the business data flow needs to be scrambled or encrypted, confidential communication needs to be carried out between the terminal and the business system. However, if many businesses use their own independent certifications, it will result in repeated equipment replacements.

In order to solve a series of problems such as key sharing and service authentication at the application layer, 3GPP (Third Generation Mobile Communications Standardization Organization) defines a general authentication mechanism (General Bootstrapping Architecture, GBA). GBA provides a common mechanism for establishing a shared key between UE and server, which is implemented based on AKA authentication mechanism. The AKA authentication mechanism is a mutual authentication and key negotiation mechanism used in 2G/3G networks. GBA makes full use of the advantages of the AKA authentication mechanism to complete the secure boot process of services.

Referring to Fig. 1, it is a simple network model of GBA in the existing 2G network. As shown in the figure, BSF (Bootstrapping Service Function) is a network element introduced by the GBA mechanism, which can obtain GBA-related user data from the HLR (Home Location Register) through the Zh interface; use the AKA protocol to communicate with the UE through the Ub interface Authentication, and establish a shared key, this key will be applied between UE and NAF (Network Application Function, network application function); pass the shared key and related user data to NAF through the Zn interface, so that the UE and NAF Secure information exchange based on the shared key. Among them, the BSF obtains the HLR name for storing relevant user data by querying the SLF (Subscription Locater Function, subscription relationship locating function). SLF is not required in a single HLR environment. Also, when the BSF is configured to use a pre-assigned HLR, the use of the SLF is not required.

The related process of GBA is usually divided into GBA initialization phase (in this phase, GBA key material Ks will be generated) and GBA-based business access phase (that is, using Ks to generate GBA key and use it for business communication).

Based on the network model shown in Figure 1, the process of the GBA initialization phase based on the SIM (Subscriber Identity Module) card in the 2G network can be shown in Figure 2, including:

Step 201, the ME (Mobile Equipment, mobile equipment) of the UE sends a GBAbootstrapping request to the BSF, and the request carries IMSI (International Mobile Subscriber Identity, International Mobile Subscriber Identity) as the identifier of the ME.

In steps 202-203, the BSF requests the triplet authentication vector AV from the HLR, and the HLR returns the triplet authentication vector AV=(RAND, SRES, Kc) corresponding to the IMSI. From the type of the authentication vector, the BSF can identify that the user is using a SIM card.

Step 204, BSF saves SRES and Kc in AV, randomly selects Ks_input, and sends random number RAND and Ks_input to ME with 401 message.

Step 205, ME uses RAND and Ks_input as a challenge to authenticate the network, and after passing the authentication, uses RAND and Ks_input as parameters to call the GBA module in the SIM card.

Step 206, the GBA module of the SIM card transfers the AKA authentication module in the SIM card to calculate Kc and SRES, that is, Kc∥SRES=AKA(Ki, RAND); thereby the GBA root key Ks=KDF(key, Ks -input, "3gpp-gba-res", SRES), and save Ks in the SIM card, where key=Kc∥Kc∥RAND, where KDF is the key generation function; calculate the authentication code RES=KDF(key, " 3gpp-gba-res", SRES), return RES to ME.

Step 207, the ME forwards the RES to the BSF as an authentication code.

Step 208, BSF calculates the authentication code RES=KDF(key, "3gpp-gba-res", SRES) through the value in AV, compares it with the RES returned by ME, if they are the same, the authentication passes, otherwise the GBA process terminates; BSF passes Calculate Ks=KDF(key, Ks-input, "3gpp-gba-res", SRES) to generate GBA root key Ks, randomly generate B-TID as the temporary identifier of ME, and return it to ME.

Step 209, BSF generates a service key Ks_NAF=KDF(Ks, "gba-me", RAND, IMSI, NAF_id) according to the identifier (NAF_id) of the service platform NAF that ME needs to access, as a service protection for communication between ME and NAF Key, send Ks_NAF to NAF through the core network security channel.

In the service access phase, before the ME communicates with the NAF, the ME needs to call the GBA module command of the SIM card, and the SIM card needs to generate the service key Ks_NAF=KDF(Ks, "gba-me", RAND, IMSI, NAF_id) according to the NAF_id, As the service protection key for the communication between the SIM card and NAF; during the communication between ME and NAF, NAF uses Ks_NAF to encrypt the message and send it to ME, and ME needs to forward the encrypted message to the SIM card, and the SIM card uses Ks_NAF to decrypt it; ME’s message It also needs to be forwarded to the SIM card to be encrypted with Ks_NAF, and then sent to NAF for decryption, so as to realize safe transmission between ME and NAF.

If the ME is a trusted terminal, since Ks and Ks_NAF are in the SIM card, all encryption and decryption operations need to rely on the SIM card, then the GBA scheme based on the SIM card is safe. If the ME is an illegal terminal, or a terminal customized by an attacker, then by modifying the processing flow of ME, the following security problems will exist:

In the GBA initialization phase, after receiving the RAND, the ME does not call the GBA module of the SIM card, but calls the AKA authentication module in the SIM card with the RAND as a parameter. After the SIM card receives the AKA call, it thinks it is an access authentication request, and then calls the AKA authentication module in the SIM card to calculate Kc and SRES, that is, Kc∥SRES=AKA(Ki, RAND), and returns Kc and SRES to ME. ME uses the returned Kc and SRES to imitate the operation of the SIM card in the normal process, calculates the GBA root key Ks=KDF(key, Ks-input, "3gpp-gba-res", SRES), and saves Ks in the ME , where key=Kc∥Kc∥RAND, KDF is the key generation function; calculate the authentication code RES=KDF(key, "3gpp-gba-res", SRES), return RES to BSF as the authentication code;

In the service access phase, ME can use Ks to calculate the service key Ks_NAF=KDF(Ks, "gba-me", RAND, IMSI, NAF_id), as the service protection key for communication between ME and NAF, without calling the SIM card The GBA module of the GBA module generates Ks_NAF, so that ME can use the Ks_NAF generated by it to perform encryption and decryption operations, and it is completely separated from the SIM card.

Therefore, the attacker only needs to buy a legal SIM card and place it in the illegal ME, and legally order the service, so that Ks and Ks_NAF can be obtained through the above process, and Ks and Ks_NAF can be customized in the counterfeit client software , downloaded and used by others. It can be seen that the security of the GBA key cannot be properly guaranteed, which in turn leads to poor usage security of user data services.

Contents of the invention

The embodiment of the present invention provides a method for generating a GBA key to solve the problem of poor security of the GBA key in the existing GBA key implementation mechanism.

The method for generating the GBA key provided by an embodiment of the present invention includes:

After the authentication service function BSF device receives the request for starting the GBA key process sent by the user terminal, it obtains the authentication information of the corresponding user from the user information storage device, and sends the random number therein to the user terminal; The key is generated by the user information storage device according to the corresponding key stored in it and the key shared by the user and the network side;

The BSF device receives the authentication code sent by the user terminal, authenticates the user terminal according to the received authentication code, and when the authentication is passed, generates the root key of the GBA key according to the obtained authentication information, and generates The root key of the GBA key generates the GBA key for sharing between the user terminal and the Network Application Function NAF.

The method for generating the GBA key provided by another embodiment of the present invention includes:

After the user terminal sends a request to start the GBA key process, it receives the random number of the user corresponding to the user terminal returned by the network side;

The user terminal generates AKA authentication information according to the random number and the key shared by the user and the network side, and generates the root key of the GBA key according to the AKA authentication information and the key shared by the user and the network side; and , generating a GBA key for sharing between the user terminal and the network application function NAF according to the root key of the generated GBA key.

In the above embodiments of the present invention, on the network side, the user authentication information returned by the user information storage device to the BSF device is not completely the same as the prior art, and the key is based on the corresponding key stored in the user information storage device and the user authentication information. It is generated by a key shared with the network side, that is, after the user information storage device obtains the user's authentication information, it uses the key in it and the user key to generate a new key, and replaces the newly generated key with the existing technology The corresponding key in the authentication information in the authentication information is sent to the BSF device, so that the BSF device uses the key instead of the corresponding key in the prior art to generate the root key of the GBA key, and then generates the GBA key; at the user terminal On the side, use the AKA authentication information and the user key to generate the root key of the GBA key, and then generate the GBA key. Since the user key is introduced when the root key of the GBA key is generated on the terminal side and the network side, the security of the GBA key is improved. Assuming that an attacker (or an illegal user terminal) attempts to generate the root key of the GBA key by calling the AKA authentication module to simulate the generation of the GBA key, since the embodiment of the present invention introduces Therefore, the GBA root key generated by the attacker (or illegal user terminal) according to the existing method is different from the root key generated by the legal method provided by the embodiment of the present invention, thereby ensuring the security of the GBA key , thereby ensuring the security of users using data services.

The embodiment of the present invention also provides a system for generating a GBA key, which provides device-level guarantee for the above method for generating a GBA key on the network side.

The system for realizing the GBA key provided by the embodiment of the present invention includes:

The user information storage device is used to send the user's authentication information to the BSF device, and the key in the authentication information is generated by the user information storage device according to the corresponding key stored in it and the key shared by the user and the network side ;

The BSF device is configured to receive the authentication information, generate the root key of the GBA key of the corresponding user terminal according to the authentication information; and generate the root key for sharing between the corresponding user terminal and the network application function NAF according to the generated root key. GBA key.

In the above-mentioned embodiment of the present invention, a new key is generated by the user information storage device according to the corresponding key stored therein and the key shared between the user and the network side, and the corresponding key in the prior art is replaced with the newly generated key , sent to the BSF device as authentication information, so that the BSF device can generate the root key of the GBA key according to the authentication information, and generate the GBA key according to the root key. Since the user key is introduced into the authentication information, the security of the GBA key is improved.

The embodiment of the present invention also provides a user identity identification module card, which provides equipment-level guarantee for the above-mentioned method for realizing the GBA key on the terminal side.

The user identity identification module card provided by the embodiment of the present invention includes:

An AKA authentication module, configured to generate AKA authentication information according to the received random number and the key shared by the corresponding user and the network side;

The GBA module is used to generate the root key of the GBA key according to the AKA authentication information and the key shared by the user and the network side, and generate a NAF for the user terminal and the network application function according to the generated root key GBA key shared between.

In the above embodiments of the present invention, when the GBA module generates the root key of the GBA key, it generates the root key of the GBA key according to the AKA authentication information and the key shared between the user and the network side. The user key is introduced in the root key process of GBA, which improves the security of the GBA key.

Description of drawings

Fig. 1 is a schematic diagram of a simple network model of GBA in the prior art;

Fig. 2 is a schematic diagram of the implementation process of GBA in the prior art;

Fig. 3 is the schematic diagram of the implementation process of GBA in the embodiment of the present invention;

Fig. 4 is a schematic structural diagram of a user terminal in an embodiment of the present invention.

Detailed ways

Through the analysis of the existing GBA process, it can be seen that the main reason for its security problem is that the ME can call the access authentication process by calling the AKA authentication module, thereby simulating the SIM card to generate the root key Ks of the GBA key, and then Generate a GBA key. In order to solve this problem, the embodiment of the present invention respectively modifies the process and algorithm of SIM card and BSF generating Ks, and correspondingly revises the three-tuple authentication vector AV returned by HLR to BSF, thereby improving the root key Ks of the GBA key. security, thereby improving the security of the GBA key.

Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

Referring to FIG. 3 , it is a schematic flowchart of a GBA initialization phase in a 2G network provided by an embodiment of the present invention. The UE side and the network side (BSF) agree in advance on the related algorithm of the consistent GBA key. In the GBA initialization phase, when the ME needs to adopt the GBA security communication mechanism, check whether there is a GBA key, if not, perform the following steps:

Step 301, the ME of the UE sends a GBA bootstrapping request (GBA key activation request) to the BSF, which carries the IMSI as the identifier of the ME.

In step 302, the BSF requests the triplet authentication vector AV from the HLR, and may further identify in the request message that the message is a GBA request message (for example, the message carries the identifier of the GBA request message).

Step 303, HLR receives the AV request message, and after further judging that it is the GBA request message from the BSF (such as recognizing the GBA request message identifier), obtain the user's triplet authentication according to the user identification (such as IMSI) carried in the request message Vector AV=(RAND, SRES, Kc) and user key Ki, and calculate Kc'=KDF (Kc, Ki), wherein KDF is a key generation function, HLR triplet AV'=(RAND, SRES, Kc ') back to BSF.

Step 304, BSF saves SRES and Kc' in AV', randomly selects Ks_input, and sends RAND and Ks_input to ME in the format of 401 message.

Step 305, after ME receives RAND, use RAND, Ks_input as a challenge to authenticate the network, after the authentication is passed, use RAND, Ks_input as a parameter to call the GBA module in the SIM card (or other user cards, such as the Subscriber Identity Module USIM card) .

Step 306, after the GBA module of the SIM card receives RAND, Ks_input, call the AKA authentication module in the SIM card to calculate Kc and SRES, that is, Kc∥SRES=AKA(Ki, RAND), and then use Kc to calculate Kc'= KDF(Kc, Ki), then use Kc' to calculate the GBA root key Ks=KDF(key, Ks-input, "3gpp-gba-res", SRES), and save Ks in the SIM card, where key= Kc'‖Kc'‖RAND, KDF is the key generation function; the GBA module also uses Kc' to calculate the authentication code RES=KDF(key, "3gpp-gba-res", SRES), and returns the calculated RES to ME .

Step 307, the ME receives the RES returned by the SIM card, and forwards the RES to the BSF as an authentication code.

Step 308: After receiving RES, the BSF calculates the authentication code RES=KDF(key, "3gpp-gba-res", SRES) through the value in the ternary authentication vector AV', where key=Kc'∥Kc'∥RAND , KDF is a key generation function, compared with the RES returned by ME, if they are the same, the authentication is passed, otherwise the GBA process is terminated; BSF calculates Ks=KDF(key, Ks-input, "3gpp-gba-res", SRES) Generate GBA root key Ks, and randomly generate B-TID as the temporary identifier of ME, and return it to ME.

Step 309, the subsequent BSF generates a service key Ks_NAF=KDF(Ks, "gba-me", RAND, IMSI, NAF_id) according to the identifier (NAF_id) of the NAF that the ME needs to visit, as the service protection key for the communication between the ME and the NAF key, and send Ks_NAF to NAF through the core network security channel.

In the service access phase, before the ME communicates with the NAF, it needs to call the GBA module command of the SIM card. The GBA module needs to generate the service key Ks_NAF=KDF(Ks, "gba-me", RAND, IMSI, NAF_id) according to the NAF_id, as The service protection key for the communication between the SIM card and the NAF; during the communication between the ME and the NAF, the NAF uses Ks_NAF to encrypt the message and sends it to the ME, and the ME needs to forward the encrypted message to the SIM card, and the SIM card uses Ks_NAF to decrypt it; the message of the ME also It needs to be forwarded to the SIM card to be encrypted with Ks_NAF, and then sent to NAF for decryption to realize secure transmission between ME and NAF.

As can be seen from the above process, compared with the existing GBA initialization process, in the embodiment of the present invention, on the network side, the triplet authentication vector AV returned to the BSF by the HLR is different, and AV=(RAND, SRES in the prior art , Kc), AV'=(RAND, SRES, Kc') in the embodiment of the present invention, wherein Kc'=KDF(Kc, Ki), that is, after the HLR obtains the triplet authentication vector of the user, it uses the Kc and user key Ki generate Kc', and send Kc' instead of Kc in the original triplet authentication vector to BSF, so that BSF uses Kc' to replace Kc in the prior art to generate Ks, and then generate GBA key Ks_NAF; on the UE side, the mechanism for generating authentication parameters Kc and SRES by the AKA authentication module has not changed, but the GBA module has added the following functions: use the Kc generated by the AKA authentication module and the user key Ki to generate Kc', and the GBA module Subsequently, Kc' is used instead of Kc in the prior art to generate Ks, and then the GBA key Ks_NAF is generated.

Assume that an attacker (or an illegal ME) generates the authentication parameter Kc by calling the AKA authentication module in the same manner as above, uses Kc to generate Ks, uses Ks to generate a GBA key, and tries to use this key to access NAF, due to this The embodiment of the invention provides a new definition of the input parameter Kc of the Ks generation function, that is, Kc is generated by Kc and user key Ki in the prior art, and the attacker (or illegal ME) cannot know the user's key in the SIM card Key Ki, so the GBA key calculated by it is different from the GBA key calculated in a legal way, so as to ensure the security of the GBA key, thereby ensuring the security of the user's use of data services.

In addition, in the embodiment of the present invention, when the BSF authenticates the UE, the authentication code RES received from the UE is obtained as follows: the UE's SIM card uses Kc' to generate a key, and then uses the key and the SRES generated by the AKA authentication module and other parameters to generate a RES; correspondingly, the BSF also uses Kc' to generate an authentication code according to an agreed method, thereby authenticating the UE. It is also assumed that the attacker (or illegal ME) generates the authentication parameter SRES by calling the AKA authentication module, and then utilizes SRES and Kc to generate the authentication code. The authentication code generated in this way is the same as the legal method in the embodiment of the present invention The authentication codes are different. Therefore, the BSF can detect the attacker (or illegal ME) in time through the UE authentication process, and then end the GBA process, thereby eliminating security risks.

Of course, UE and BSF can also use the existing method to generate the authentication code RES. In this case, even if the attacker (or illegal ME) can pass the BSF authentication, the GBA key generated by the legal method and the GBA key If the key is different, it still cannot access NAF with its illegally generated GBA key.

It should be noted that the algorithmic functions involved in the above embodiments of the present invention, such as the algorithmic functions for generating Ks and RES, etc., all use the same algorithmic functions as those of the prior art, and only part of the input parameters are different from those of the prior art. Different, doing so can improve the existing technology as little as possible, but it should be understood that other functions can also be used to generate Ks and RES, etc., as long as the algorithm is agreed in advance on the network side and the terminal side, and the input parameters of the algorithm are at least Introduce the user key Ki. In addition, the algorithm function of Kc' can also be replaced by other functions, but it is necessary to ensure that the input parameters include Kc and user key Ki.

It should also be noted that the above embodiments of the present invention are described by taking the GBA process in the 2G network as an example, and this mechanism is also applicable to the 3G network. In the 3G network, the network entity related to the GBA process and the corresponding parameters involved in the GBA process can refer to the GBA process of the 3G network stipulated in the 3GPP agreement.

Based on the same technical idea, the embodiment of the present invention also provides a structure of a user terminal and a user identity identification module card thereof.

Referring to FIG. 4 , it is a schematic structural diagram of a user terminal and its user identity identification module card provided by an embodiment of the present invention. As shown in the figure, the user terminal includes a user identity module card 41 and ME 42, the user identity module card 41 can be a SIM card or a user identification card such as a USIM card, and the user and network are stored in the user identity module card 41 The key shared by the side, the user identification module card 41 includes: AKA authentication module 411 and GBA module 412, and also includes an interface module 413 communicating with ME 42, wherein:

AKA authentication module 411, configured to generate AKA authentication information. In the GBA initialization process, after the ME 42 receives the random number sent by the BSF equipment, it calls the GBA module 412 in the user identification module card 41, and the GBA module 412 calls the AKA authentication module 411 to generate the AKA authentication information;

The GBA module 412 is configured to generate the root key of the GBA key according to the AKA authentication information generated by the AKA authentication module 411 and the key shared between the user and the network side, and generate a root key for the user based on the generated root key. GBA key shared between terminal and Network Application Function NAF.

The GBA module 412 is also used to generate the authentication code of the user terminal where the user identification module card 41 is located according to the AKA authentication information and the key shared by the user and the network side, and send it to the ME 42 through the interface module 413, and send it through the ME 42 Go to the BSF device on the network side for authentication.

Wherein, the AKA authentication module 411 generates the authentication information and the GBA module 412 generates the GBA root key and the GBA key in the same manner as described above, which will not be repeated here.

Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalent technologies, the present invention also intends to include these modifications and variations.

Claims (15)

1. A method for generating a general authentication mechanism GBA key, characterized in that, comprising: After the authentication service function BSF device receives the request for starting the GBA key process sent by the user terminal, it obtains the authentication information of the corresponding user from the user information storage device, and sends the random number therein to the user terminal; The key is generated by the user information storage device according to the corresponding key stored in it and the key shared by the user and the network side; The BSF device receives the authentication code sent by the user terminal, authenticates the user terminal according to the received authentication code, and when the authentication is passed, generates the root key of the GBA key according to the obtained authentication information, and generates a root key of the GBA key generated for the GBA key shared between the user terminal and the Network Application Function NAF; Among them, the BSF device obtains the authentication information of the corresponding user from the user information storage device, including: The BSF sends a request message for obtaining the authentication information of the corresponding user to the user information storage device, which carries the GBA request message identifier and the user identifier; After the user information storage device identifies the GBA request message identifier, it obtains the stored authentication information of the corresponding user and the key shared between the user and the network side according to the user identifier carried in the request message, and according to the obtained authentication information The key and the key shared by the user and the network side generate a new key, and the newly generated key is sent to the BSF device along with the authentication information. 2. The method according to claim 1, wherein the BSF device generates the root key of the GBA key according to the obtained authentication information, specifically: Generate the root key of the GBA key in a manner agreed with the user terminal according to the key and the authentication code in the obtained authentication information. 3. The method according to claim 1, wherein the BSF device authenticates the user terminal according to the received authentication code, specifically: The BSF device generates an authentication code according to the obtained authentication information, and authenticates the user terminal by comparing the generated authentication code with the received authentication code, and ends the process of generating the GBA key when the authentication fails. 4. The method according to claim 3, wherein the BSF device generates an authentication code according to the obtained authentication information, specifically: Generate an authentication code in a manner agreed with the user terminal according to the key and the authentication code in the obtained authentication information. 5. The method according to claim 1, wherein, after receiving the random number, the user terminal comprises the steps of: Generate AKA authentication information according to the key shared by the user and the network side corresponding to the random number and the user terminal, and generate the root key of the GBA key according to the AKA authentication information and the key shared by the user and the network side; And, generate a GBA key for sharing between the user terminal and the Network Application Function NAF according to the root key of the generated GBA key. 6. The method according to any one of claims 1-5, wherein the method for generating a GBA key is applied to a 2G communication system, and the user information storage device is a home location register (HLR). 7. A method for generating a GBA key, comprising: After the user terminal sends a request to start the GBA key process, it receives the random number of the user corresponding to the user terminal returned by the network side; The user terminal generates AKA authentication information according to the random number and the key shared by the user and the network side, and generates a new key according to the key in the AKA authentication information and the key shared by the user and the network side, Then use the newly generated key and the authentication code in the AKA authentication information to generate the root key of the GBA key in a manner agreed with the BSF device; The GBA key shared between the user terminal and the NAF. 8. The method according to claim 7, wherein after the user terminal generates the AKA authentication information, it further comprises: The user identity identification module card of the user terminal generates an authentication code according to the AKA authentication information and the stored key shared by the user and the network side, and sends the authentication code to the BSF device for authentication of the user Terminal authentication. 9. The method according to claim 8, wherein the user identity module card of the user terminal generates an authentication code according to the AKA authentication information and the key shared by the user and the network side stored therein, Specifically: Generate a new key according to the key in the AKA authentication information and the key shared by the user and the network side; According to the newly generated key and the authentication code in the AKA authentication information, the authentication code is generated in the manner agreed with the BSF device. 10. A system for generating a GBA key, comprising: The user information storage device is used to send the user's authentication information to the BSF device, and the key in the authentication information is generated by the user information storage device according to the corresponding key stored in it and the key shared by the user and the network side ; The BSF device is configured to receive the authentication information, generate the root key of the GBA key of the corresponding user terminal according to the authentication information; and generate the root key for sharing between the corresponding user terminal and the network application function NAF according to the generated root key. GBA key; The BSF device is further configured to send a request message for acquiring authentication information of the corresponding user to the user information storage device, which carries a GBA request message identifier and a user identifier; The process of the user information storage device sending the user's authentication information to the BSF device includes: after the user information storage device recognizes the GBA request message identifier, obtains the corresponding user's authentication information stored in it according to the user identifier carried in the request message According to the key shared by the user and the network side, a new key is generated according to the key in the obtained authentication information and the key shared by the user and the network side, and the newly generated key is carried in the authentication information and sent to BSF equipment. 11. The system according to claim 10, wherein the BSF device generates the root key of the GBA key according to the received authentication information, specifically: Generate the root key of the GBA key in a manner agreed with the user terminal according to the key and the authentication code in the obtained authentication information. 12. The system according to claim 10, wherein the BSF device, before generating the root key of the GBA key, further includes: receiving the authentication code sent by the user terminal; An authentication code is generated according to the authentication information of the user terminal received from the user information storage device, and the user terminal is authenticated by comparing the generated authentication code with the received authentication code, and if the authentication passes, the user terminal is generated. The root key of the terminal's GBA key; otherwise, end the process of generating the GBA key. 13. A user identity recognition module card, characterized in that, comprising: An AKA authentication module, configured to generate AKA authentication information according to the received random number and the key shared by the corresponding user and the network side; The GBA module is used to generate a new key according to the key in the AKA authentication information and the key shared by the user and the network side, and then use the newly generated key and the authentication code in the AKA authentication information to be used with the BSF Generate a root key of the GBA key in a manner agreed by the device, and generate a GBA key for sharing between the user terminal and the network application function NAF according to the generated root key. 14. The subscriber identity module card according to claim 13, wherein the GBA module is also used to generate an authentication key based on the AKA authentication information and the stored key shared between the user and the network side. code and send. 15. The subscriber identity recognition module card according to claim 14, wherein the GBA module generates an authentication code, specifically: according to the key in the AKA authentication information and the key stored in the subscriber identity recognition module card The key shared by the user and the network side generates a new key, and the authentication code is generated according to the newly generated key and the authentication code in the AKA authentication information in the manner agreed with the BSF device.

Images