CN118803744A - A method, device and medium for establishing a safe mode - Google Patents

Abstract

The invention discloses a method, equipment and medium for establishing a security mode, and relates to the technical field of communication. The method applied to the target AMF comprises the following steps: when authentication and authentication of the terminal are successful, determining a first cipher algorithm suite according to the algorithm supporting state of the target AMF; using a first cryptographic algorithm suite, deriving K _NASenc and K _NASint from the first K _AMF; sending NAS security mode establishment information to the terminal, encrypting and protecting the integrity of the NAS security mode establishment information by using K _NASenc and K _NASint, wherein the NAS security mode establishment information carries a first identifier, and the first identifier is used for indicating a first cipher algorithm suite; under the condition that the NAS security mode establishment completion message sent by the terminal is received, decrypting the NAS security mode establishment completion message and verifying the NAS integrity; and under the condition that the integrity verification of the NAS security mode establishment completion message is successful, establishing a security mode with the terminal. The invention can improve the compatibility of NAS authentication keys and adapt to more different network protocols.

Description

A method, device and medium for establishing a safe mode

Technical Field

The present invention relates to the field of communication technology, and in particular to a method, device and medium for establishing a security mode.

Background Art

With the rapid development of Internet technology, the network security risks of information systems continue to increase, and the threat challenges are becoming increasingly severe. Cryptographic security is an important foundation for information security and can be used to effectively protect the data security of network information systems. Commercial encryption is the core technology and important means to protect network information systems.

At present, the security mode of the non-access stratum (NAS) in the 5G communication network authentication protocol is established using an international cryptographic algorithm, which is usually incompatible with commercial encryption, does not support other algorithms, and does not support algorithm negotiation. In the case of low compatibility, it is difficult to complete authentication under different network protocols.

Summary of the invention

The embodiments of the present invention provide a security mode establishment method, device and medium, which can solve the problem in the related art that the key compatibility is low during the security mode establishment process, resulting in high authentication difficulty under different network protocols.

In a first aspect, an embodiment of the present invention provides a security mode establishment method, which is applied to a target AMF, and the method includes:

In the case where the terminal authentication is successful, determining the first cryptographic algorithm suite according to the algorithm support status of the target AMF;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through the first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

Sending a NAS security mode establishment message to the terminal, and using the K _NASenc and the K _NASint to encrypt and integrity protect the NAS security mode establishment message, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate the first cryptographic algorithm suite;

When receiving a NAS security mode establishment completion message sent by the terminal, decrypt the NAS security mode establishment completion message and perform NAS integrity verification;

In case that the NAS integrity verification of the NAS security mode establishment completion message is successful, a security mode is established with the terminal.

Optionally, determining the first cryptographic algorithm suite according to the algorithm support status of the target AMF includes any one of the following:

If the target AMF supports multiple cryptographic algorithm suites and is configured with a first algorithm identifier corresponding to NAS layer key derivation, determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF supports multiple cryptographic algorithm suites but is not configured with a first algorithm identifier corresponding to NAS layer key derivation, generate a first algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the target AMF is determined as the first cryptographic algorithm suite.

Optionally, generating a first algorithm identifier corresponding to NAS layer key derivation according to a preset strategy includes:

In a case where the target AMF is configured with a second algorithm identifier corresponding to AKA authentication and key derivation, the first algorithm identifier is generated according to the second algorithm identifier.

Optionally, before generating the first algorithm identifier corresponding to the NAS layer key derivation according to the preset strategy, the method further includes:

Receive the second algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, after sending the NAS security mode establishment message to the terminal, the method further includes:

Decrypts NAS uplink transmissions.

Optionally, after receiving the NAS security mode establishment completion message sent by the terminal, the method further includes:

Encrypt NAS downlink transmission.

Optionally, the method further comprises:

Receiving an initial NAS message sent by a terminal, where the initial NAS message carries a global unique temporary identifier GUTI of the terminal;

When the initial NAS message carries a NAS container and the integrity check of the initial message succeeds, obtaining a security context of the terminal, wherein the encrypted complete initial NAS message is stored in the NAS container;

Decoding the NAS container using the target _KAMF to obtain the initial NAS message;

Sending a first response message of the initial NAS message to the terminal;

The target _KAMF is the first _KAMF or the second _KAMF , and the second _KAMF is a _KAMF derived from the first _KAMF .

Optionally, the obtaining the security context of the terminal includes any one of the following:

In a case where the security context of the terminal is locally queried according to the GUTI, locally querying and acquiring the security context of the terminal;

When the security context of the terminal is not locally queried according to the GUTI, a first request message is sent to the source AMF, and when a second response message sent by the source AMF is received, and the second response message carries the permanent identifier SPUI of the terminal, the security context of the terminal sent by the source AMF is received, and the first request message carries the GUTI.

Optionally, the using the target _KAMF to decode the NAS container to obtain the initial NAS message includes any one of the following:

In the case where the second response message also carries the second _KAMF , the second _KAMF is used to decode the NAS container to obtain the initial NAS message.

In a case where the second response message does not carry the second _KAMF , the NAS container is decoded using the first _KAMF to obtain the initial NAS message.

In a second aspect, an embodiment of the present invention provides a full-mode establishment method, applied to a terminal, the method comprising:

receiving a NAS security mode establishment message sent by a target AMF, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate a first cryptographic algorithm suite;

Decrypt the NAS security mode establishment message and perform NAS integrity verification;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through the first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

If the NAS integrity verification of the NAS security mode establishment message is successful, a NAS security mode establishment completion message is sent to the target AMF, and the NAS security mode establishment completion message is encrypted and integrity protected using the K _NASenc and the K _NASint .

Optionally, the method further comprises:

In case the NAS integrity verification of the NAS security mode setup message is successful, the NAS uplink transmission is encrypted and the NAS downlink transmission is decrypted.

In a third aspect, an embodiment of the present invention provides a method for establishing a security mode, which is applied to a source AMF, and the method includes:

Upon receiving the first request message sent by the target AMF, query whether there is a security context of the terminal locally according to the global unique temporary identifier GUTI of the terminal carried in the first request message, and the first request message also carries an initial NAS message;

When it is found that the security context of the terminal exists locally and the NAS integrity verification of the initial NAS message is successful, the second response message is sent to the target AMF, where the second response message carries the SPUI of the terminal, and the SPUI is used to indicate that the target AMF receives the security context of the terminal.

Optionally, the method further comprises:

Determining a second cryptographic algorithm suite according to the algorithm support status of the source AMF;

In the case where the source AMF changes the first _KAMF , deriving the second _KAMF from the first _KAMF using the second cryptographic algorithm suite;

The second response message also carries the second _KAMF , and the second _KAMF is used to decode the complete initial NAS message in the NAS container.

Optionally, determining the second cryptographic algorithm suite according to the algorithm support status of the source AMF includes any one of the following:

If the source AMF supports multiple cryptographic algorithm suites and is configured with a third algorithm identifier corresponding to NAS layer key derivation, the cryptographic algorithm suite identified by the third algorithm identifier is used to determine the second cryptographic algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF supports multiple cryptographic algorithm suites but is not configured with a third algorithm identifier corresponding to NAS layer key derivation, generate a third algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and use the cryptographic algorithm suite identified by the third algorithm identifier as the target algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the source AMF is determined as the second cryptographic algorithm suite.

Optionally, generating a third algorithm identifier corresponding to NAS layer key derivation according to a preset strategy includes:

In a case where the source AMF is configured with a fourth algorithm identifier corresponding to AKA authentication and key derivation, the third algorithm identifier is generated according to the fourth algorithm identifier.

Optionally, before generating, according to a preset strategy, a third algorithm identifier corresponding to NAS layer key derivation, the method further includes:

Receive a fourth algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, the method further includes any one of the following:

When it is found that the security context of the terminal exists locally, the NAS integrity verification of the initial NAS message is successful, and the source AMF does not change the first _KAMF , the second response message is sent to the target AMF, where the second response message carries the SPUI of the terminal and the first _KAMF , and the SPUI is used to instruct the target AMF to receive the security context of the terminal, and the first _KAMF is used to decode the complete initial NAS message in the NAS container;

When it is found that the security context of the terminal does not exist locally, and/or the NAS integrity verification of the initial NAS message fails, a second response message is sent to the target AMF, and the second response message carries first indication information, and the first indication information is used to indicate that the security context of the terminal has not been queried.

In a fourth aspect, an embodiment of the present invention provides a target AMF, wherein the target AMF includes:

A first determination module is used to determine a first cryptographic algorithm suite according to the algorithm support status of the target AMF when the terminal authentication is successful;

a first derivation module, configured to derive K _NASenc and K _NASint by using the first cryptographic algorithm suite through a first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

a first sending module, configured to send a NAS security mode establishment message to the terminal, and use the K _NASenc and the K _NASint to encrypt and integrity protect the NAS security mode establishment message, wherein the NAS security mode establishment message carries a first identifier, and the first identifier is used to indicate the first cryptographic algorithm suite;

A first verification module is used to decrypt the NAS security mode establishment completion message sent by the terminal and perform NAS integrity verification;

The first establishing module is used to establish a security mode with the terminal when the NAS integrity verification of the NAS security mode establishment completion message is successful.

Optionally, the first determining module is used for any of the following:

If the target AMF supports multiple cryptographic algorithm suites and is configured with a first algorithm identifier corresponding to NAS layer key derivation, determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF supports multiple cryptographic algorithm suites but is not configured with a first algorithm identifier corresponding to NAS layer key derivation, generate a first algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the target AMF is determined as the first cryptographic algorithm suite.

Optionally, the first determining module is used to:

In a case where the target AMF is configured with a second algorithm identifier corresponding to AKA authentication and key derivation, the first algorithm identifier is generated according to the second algorithm identifier.

Optionally, the target AMF further includes:

The first receiving module is used to receive a second algorithm identifier corresponding to AKA authentication and key derivation sent by a user data manager UDM.

Optionally, the target AMF further includes:

The first decryption module is used to decrypt the transmission of the NAS uplink.

Optionally, the target AMF further includes:

The first encryption module is used to encrypt the transmission of the NAS downlink.

Optionally, the target AMF further includes:

A second receiving module is used to receive an initial NAS message sent by a terminal, where the initial NAS message carries a global unique temporary identifier GUTI of the terminal;

A first acquisition module is configured to acquire a security context of the terminal if the initial NAS message carries a NAS container and the initial message integrity check succeeds, wherein the NAS container stores an encrypted complete initial NAS message;

A first decoding module, configured to decode the NAS container using a target _KAMF to obtain the initial NAS message;

A second sending module, configured to send a first response message of the initial NAS message to the terminal;

The target _KAMF is the first _KAMF or the second _KAMF , and the second _KAMF is a _KAMF derived from the first _KAMF .

Optionally, the first acquisition module is used for any of the following:

In a case where the security context of the terminal is locally queried according to the GUTI, locally querying and acquiring the security context of the terminal;

When the security context of the terminal is not locally queried according to the GUTI, a first request message is sent to the source AMF, and when a second response message sent by the source AMF is received, and the second response message carries the permanent identifier SPUI of the terminal, the security context of the terminal sent by the source AMF is received, and the first request message carries the GUTI.

Optionally, the first decoding module is used for any of the following:

In the case where the second response message also carries the second _KAMF , the second _KAMF is used to decode the NAS container to obtain the initial NAS message.

In a case where the second response message does not carry the second _KAMF , the NAS container is decoded using the first _KAMF to obtain the initial NAS message.

In a fifth aspect, an embodiment of the present invention provides a terminal, the terminal comprising:

A third receiving module is configured to receive a NAS security mode establishment message sent by a target AMF, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate a first cryptographic algorithm suite;

A second decryption module, used to decrypt the NAS security mode establishment message and perform NAS integrity verification;

a second derivation module, configured to derive K _NASenc and K _NASint by using the first cryptographic algorithm suite through a first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

The third sending module is used to send a NAS security mode establishment completion message to the target AMF when the NAS integrity verification of the NAS security mode establishment message is successful, and use the K _NASenc and the K _NASint to encrypt and integrity protect the NAS security mode establishment completion message.

Optionally, the terminal further includes:

The first processing module is used to encrypt the NAS uplink transmission and decrypt the NAS downlink transmission when the NAS integrity verification of the NAS security mode establishment message is successful.

In a sixth aspect, an embodiment of the present invention provides a source AMF, wherein the source AMF includes:

A first query module is configured to query whether there is a security context of the terminal locally according to the global unique temporary identifier GUTI of the terminal carried in the first request message when a first request message sent by the target AMF is received, and the first request message also carries an initial NAS message;

The fourth sending module is used to send the second response message to the target AMF when it is found that the security context of the terminal exists locally and the NAS integrity verification of the initial NAS message is successful, wherein the second response message carries the SPUI of the terminal, and the SPUI is used to indicate that the target AMF receives the security context of the terminal.

Optionally, the source AMF further includes:

A second determination module, configured to determine a second cryptographic algorithm suite according to the algorithm support status of the source AMF;

a third derivation module, configured to derive a second _KAMF from the first _KAMF by using the second cryptographic algorithm suite when the source AMF changes the first _KAMF ;

The second response message also carries the second _KAMF , and the second _KAMF is used to decode the complete initial NAS message in the NAS container.

Optionally, the second determining module is used for any of the following:

If the source AMF supports multiple cryptographic algorithm suites and is configured with a third algorithm identifier corresponding to NAS layer key derivation, the cryptographic algorithm suite identified by the third algorithm identifier is used to determine the second cryptographic algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF supports multiple cryptographic algorithm suites but is not configured with a third algorithm identifier corresponding to NAS layer key derivation, generate a third algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and use the cryptographic algorithm suite identified by the third algorithm identifier as the target algorithm suite to determine the target algorithm suite. The second response message also carries the third algorithm identifier.

If the source AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the source AMF is determined as the second cryptographic algorithm suite.

Optionally, the second determining module is used to:

In a case where the source AMF is configured with a fourth algorithm identifier corresponding to AKA authentication and key derivation, the third algorithm identifier is generated according to the fourth algorithm identifier.

Optionally, the source AMF further includes:

The fourth receiving module is used to receive a fourth algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, the source AMF further includes any one of the following:

a second verification module, configured to send the second response message to the target AMF when it is found that the security context of the terminal exists locally, the NAS integrity verification of the initial NAS message succeeds, and the source AMF does not change the first _KAMF , wherein the second response message carries the SPUI of the terminal and the first _KAMF , the SPUI is used to instruct the target AMF to receive the security context of the terminal, and the first _KAMF is used to decode the complete initial NAS message in the NAS container;

The fifth sending module is used to send a second response message to the target AMF when it is found that the security context of the terminal does not exist locally and/or the NAS integrity verification of the initial NAS message fails, wherein the second response message carries first indication information, and the first indication information is used to indicate that the security context of the terminal has not been queried.

In a seventh aspect, an embodiment of the present invention provides a target AMF, including a transceiver and a processor,

The processor is used to:

In the case where the terminal authentication is successful, determining the first cryptographic algorithm suite according to the algorithm support status of the target AMF;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through the first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

The transceiver is used for:

Sending a NAS security mode establishment message to the terminal, and using the K _NASenc and the K _NASint to encrypt and integrity protect the NAS security mode establishment message, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate the first cryptographic algorithm suite;

The processor is used to:

Upon receiving a NAS security mode establishment completion message sent by the terminal, decrypting the NAS security mode establishment completion message and performing NAS integrity verification;

In case that the NAS integrity verification of the NAS security mode establishment completion message is successful, a security mode is established with the terminal.

Optionally, the processor is used for any of the following:

If the target AMF supports multiple cryptographic algorithm suites and is configured with a first algorithm identifier corresponding to NAS layer key derivation, determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF supports multiple cryptographic algorithm suites but is not configured with a first algorithm identifier corresponding to NAS layer key derivation, generate a first algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the target AMF is determined as the first cryptographic algorithm suite.

Optionally, the processor is configured to:

In a case where the target AMF is configured with a second algorithm identifier corresponding to AKA authentication and key derivation, the first algorithm identifier is generated according to the second algorithm identifier.

Optionally, the transceiver is further used for:

Receive the second algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, the processor is further configured to:

Decrypts NAS uplink transmissions.

Optionally, the processor is further configured to:

Encrypt NAS downlink transmission.

Optionally, the transceiver is further used for:

Receiving an initial NAS message sent by a terminal, where the initial NAS message carries a global unique temporary identifier GUTI of the terminal;

The processor is further configured to:

When the initial NAS message carries a NAS container and the integrity check of the initial message succeeds, obtaining a security context of the terminal, wherein the encrypted complete initial NAS message is stored in the NAS container;

Decoding the NAS container using the target _KAMF to obtain the initial NAS message;

The transceiver is also used for:

Sending a first response message of the initial NAS message to the terminal;

The target _KAMF is the first _KAMF or the second _KAMF , and the second _KAMF is a _KAMF derived from the first _KAMF .

Optionally, the processor is configured to:

In the case where the security context of the terminal is locally queried according to the GUTI, the security context of the terminal is locally queried and acquired; or,

The transceiver is used for:

When the security context of the terminal is not locally queried according to the GUTI, a first request message is sent to the source AMF, and when a second response message sent by the source AMF is received, and the second response message carries the permanent identifier SPUI of the terminal, the security context of the terminal sent by the source AMF is received, and the first request message carries the GUTI.

Optionally, the processor is used for any of the following:

In the case where the second response message also carries the second _KAMF , the second _KAMF is used to decode the NAS container to obtain the initial NAS message.

In a case where the second response message does not carry the second _KAMF , the NAS container is decoded using the first _KAMF to obtain the initial NAS message.

In an eighth aspect, an embodiment of the present invention provides a terminal, including a transceiver and a processor.

The transceiver is used for:

receiving a NAS security mode establishment message sent by a target AMF, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate a first cryptographic algorithm suite;

The processor is used to:

Decrypt the NAS security mode establishment message and perform NAS integrity verification;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through the first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

The transceiver is used for:

If the NAS integrity verification of the NAS security mode establishment message is successful, a NAS security mode establishment completion message is sent to the target AMF, and the NAS security mode establishment completion message is encrypted and integrity protected using the K _NASenc and the K _NASint .

Optionally, the processor is configured to:

In case the NAS integrity verification of the NAS security mode setup message is successful, the NAS uplink transmission is encrypted and the NAS downlink transmission is decrypted.

In a ninth aspect, an embodiment of the present invention provides a source AMF, including a transceiver and a processor,

The processor is used to:

Upon receiving the first request message sent by the target AMF, query whether there is a security context of the terminal locally according to the global unique temporary identifier GUTI of the terminal carried in the first request message, and the first request message also carries an initial NAS message;

The transceiver is used for:

When it is found that the security context of the terminal exists locally and the NAS integrity verification of the initial NAS message is successful, the second response message is sent to the target AMF, where the second response message carries the SPUI of the terminal, and the SPUI is used to indicate that the target AMF receives the security context of the terminal.

Optionally, the processor is further configured to:

Determining a second cryptographic algorithm suite according to the algorithm support status of the source AMF;

In the case where the source AMF changes the first _KAMF , deriving the second _KAMF from the first _KAMF using the second cryptographic algorithm suite;

The second response message also carries the second _KAMF , and the second _KAMF is used to decode the complete initial NAS message in the NAS container.

Optionally, the processor is used for any of the following:

If the source AMF supports multiple cryptographic algorithm suites and is configured with a third algorithm identifier corresponding to NAS layer key derivation, the cryptographic algorithm suite identified by the third algorithm identifier is used to determine the second cryptographic algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF supports multiple cryptographic algorithm suites but is not configured with a third algorithm identifier corresponding to NAS layer key derivation, generate a third algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and use the cryptographic algorithm suite identified by the third algorithm identifier as the target algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the source AMF is determined as the second cryptographic algorithm suite.

Optionally, the processor is configured to:

In a case where the source AMF is configured with a fourth algorithm identifier corresponding to AKA authentication and key derivation, the third algorithm identifier is generated according to the fourth algorithm identifier.

Optionally, the transceiver is further used for:

Receive a fourth algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, the transceiver is further used for any of the following:

When it is found that the security context of the terminal exists locally, the NAS integrity verification of the initial NAS message is successful, and the source AMF does not change the first _KAMF , the second response message is sent to the target AMF, where the second response message carries the SPUI of the terminal and the first _KAMF , and the SPUI is used to instruct the target AMF to receive the security context of the terminal, and the first _KAMF is used to decode the complete initial NAS message in the NAS container;

When it is found that the security context of the terminal does not exist locally, and/or the NAS integrity verification of the initial NAS message fails, a second response message is sent to the target AMF, and the second response message carries first indication information, and the first indication information is used to indicate that the security context of the terminal has not been queried.

In the tenth aspect, an embodiment of the present invention provides a target AMF, comprising: a processor, a memory, and a program stored in the memory and executable on the processor, wherein when the program is executed by the processor, the steps of the security mode establishment method described in the first aspect are implemented.

In the eleventh aspect, an embodiment of the present invention provides a terminal, comprising: a processor, a memory, and a program stored in the memory and executable on the processor, wherein the program, when executed by the processor, implements the steps of the security mode establishment method as described in the second aspect.

In the twelfth aspect, an embodiment of the present invention provides a source AMF, comprising: a processor, a memory, and a program stored on the memory and executable on the processor, wherein when the program is executed by the processor, the steps of the security mode establishment method described in the third aspect are implemented.

In the thirteenth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the security mode establishment method as described in the first aspect are implemented, or when the computer program is executed by a processor, the steps of the security mode establishment method as described in the second aspect are implemented, or when the computer program is executed by a processor, the steps of the security mode establishment method as described in the third aspect are implemented.

In the embodiment of the present invention, based on the original 3GPP 5G NAS security mode establishment protocol, multiple algorithms can be supported according to the algorithm support status of the network and the terminal, algorithm negotiation for key derivation can be supported, and commercial and international cryptographic algorithms can be adaptively compatible. The compatibility of NAS keys is improved, and it can adapt to authentication under more different network protocols.

BRIEF DESCRIPTION OF THE DRAWINGS

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the accompanying drawings required for use in the description of the embodiments of the present invention will be briefly introduced below. Obviously, the accompanying drawings in the following description are only some embodiments of the present invention. For ordinary technicians in this field, other accompanying drawings can be obtained based on these accompanying drawings without paying creative labor.

FIG1 is a flow chart of a method for establishing a security mode according to an embodiment of the present invention;

FIG2 is a second flow chart of a method for establishing a security mode provided in an embodiment of the present invention;

FIG3 is a third flow chart of a method for establishing a security mode provided in an embodiment of the present invention;

FIG4 is a schematic diagram of the structure of an algorithm identifier XX_AS provided in an embodiment of the present invention;

FIG5 is one of interactive schematic diagrams of establishing a NAS security mode provided by an embodiment of the present invention;

FIG6 is a second interactive schematic diagram of establishing a NAS security mode provided by an embodiment of the present invention;

FIG7 is a schematic diagram of a structure of a target AMF provided by an embodiment of the present invention;

FIG8 is one of the structural schematic diagrams of a terminal provided by an embodiment of the present invention;

FIG9 is a schematic diagram of a structure of a source AMF provided by an embodiment of the present invention;

FIG10 is a second schematic diagram of the structure of a target AMF provided in an embodiment of the present invention;

11 is a second schematic diagram of the structure of a terminal provided in an embodiment of the present invention;

FIG. 12 is a second schematic diagram of the structure of a source AMF provided in an embodiment of the present invention.

DETAILED DESCRIPTION

The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

The embodiment of the present invention proposes a method for establishing a security mode, which can solve the problem that the cryptographic algorithm in the related art has low compatibility and is difficult to complete authentication under different network protocols.

Please refer to Figure 1, which is one of the flow diagrams of a method for establishing a security mode provided by an embodiment of the present invention, which is applied to a target authentication management function (Authentication Management Function, AMF). The above-mentioned target AMF can be understood as the AMF currently interacting with the terminal in the authentication and key agreement protocol (Authentication and KeyAgreement, AKA) of the third-generation mobile communication network.

As shown in FIG1 , the security mode establishment method includes the following steps:

Step 101: When the UE is authenticated successfully, determine the first cryptographic algorithm suite according to the algorithm support status of the target AMF.

In an embodiment of the present invention, after the 5G AKA protocol is completed, a NAS security mode establishment (Security Mode Command, SMC) process needs to be performed between the UE and the target AMF. NAS SMC is used to establish a NAS security context between the UE and the AMF. This process includes round-trip messages between the target AMF and the UE. Based on the original 3GPP 5G NAS security mode establishment protocol, the target AMF can determine the corresponding first cryptographic algorithm suite based on its own algorithm support status to support algorithm negotiation for key derivation.

In specific implementation, the target AMF can be modified and upgraded, and the upgraded device can generate the corresponding algorithm identifier, which is used to identify the supported algorithm suite. The upgraded device can also recognize the algorithm identifiers of other devices. The implementation form of the algorithm identifier is not limited here, and can be specifically expressed as XX_AS. For example, AKA_AS can be used to identify the cryptographic algorithm suite used for AKA authentication and key derivation; or, NAS_AS can be used to identify the cryptographic algorithm suite used for NAS layer key derivation. The implementation form of the above algorithm identifier can usually be a string, which is generally an index value used to query the corresponding cryptographic algorithm suite in the database.

Step 102: Use the first cryptographic algorithm suite to derive K _NASenc and K _NASint through the first _KAMF , where K _NASenc is a key for NAS encryption, K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal.

In specific implementation, step 102 includes any one of the following implementation modes:

Implementation method 1: When the target AMF supports multiple cryptographic algorithm suites and is configured with a first algorithm identifier corresponding to NAS layer key derivation, the cryptographic algorithm suite identified by the first algorithm identifier is determined as the first cryptographic algorithm suite.

In this implementation, the first algorithm identifier corresponding to the NAS layer key derivation can be understood as the NAS_AS identifier generated corresponding to the target AMF. If the target AMF supports multiple cryptographic algorithm suites and a NAS_AS identifier is generated, the first cryptographic algorithm suite can be determined according to the cryptographic algorithm suite specified by the NAS_AS identifier.

Implementation method 2: When the target AMF supports multiple cryptographic algorithm suites but is not configured with a first algorithm identifier corresponding to NAS layer key derivation, a first algorithm identifier corresponding to NAS layer key derivation is generated according to a preset strategy, and the cryptographic algorithm suite identified by the first algorithm identifier is determined as the first cryptographic algorithm suite.

In this implementation, the first algorithm identifier corresponding to the NAS layer key derivation can be understood as the NAS_AS identifier generated corresponding to the target AMF. If the target AMF supports multiple cryptographic algorithm suites but no NAS_AS identifier is generated, the NAS_AS identifier can be generated according to a preset strategy, and the first cryptographic algorithm suite can be determined according to the cryptographic algorithm suite specified by the NAS_AS identifier.

In specific implementation, the above-mentioned preset strategy may include: when the target AMF is configured with a second algorithm identifier corresponding to AKA authentication and key derivation, that is, when the AKA_AS identifier is generated, the first cryptographic algorithm suite is determined according to the cryptographic algorithm suite specified by the AKA_AS identifier. In this embodiment, during the 5G AKA authentication process, the user data management (Unified Data Management, UDM) will determine the cryptographic algorithm suite supported by the network side devices and terminals, such as mobile equipment (Mobile Equipment, ME), security anchor function (Security Anchor Function, SEAF), authentication service function (Authentication Server Function, AUSF) and other devices according to the algorithm support status of the network side devices and terminals, according to the policy selection or negotiation, and generate the corresponding AKA_AS. UDM can send AKA_AS to the above-mentioned network side devices and terminals.

Implementation method three: when the target AMF does not support multiple cryptographic algorithm suites, the basic cryptographic algorithm suite supported by the target AMF is determined as the first cryptographic algorithm suite.

In this implementation, if the target AMF does not support multiple cryptographic algorithm suites and no NAS_AS identifier or AKA_AS identifier is generated, it means that the target AMF has not performed the upgrade involved in the embodiment of the present invention, and the target AMF can use the default basic cryptographic algorithm suite as the first cryptographic algorithm suite.

Referring to the above description, if the target AMF has a NAS_AS identifier, the cryptographic algorithm suite specified by NAS_AS is used to derive K _NASenc and K _NASint through the first K _AMF . If the target AMF does not have a NAS_AS identifier, the cryptographic algorithm suite used by the NAS layer is selected according to the policy to generate NAS_AS. An optional method is: if the target AMF has an AKA_AS identifier, NAS_AS is set to AKA_AS, otherwise NAS_AS is set to the default basic cryptographic algorithm suite 1, and then the cryptographic algorithm suite specified by NAS_AS is used to derive K _NASenc and K _NASint through the first K _AMF .

Step 103: Send a NAS security mode establishment message to the UE, and use K _NASenc and K _NASint to encrypt and integrity protect the NAS security mode establishment message, where the NAS security mode establishment message carries a first identifier, and the first identifier is used to indicate a first cryptographic algorithm suite.

In specific implementation, after the target AMF successfully authenticates the UE, the target AMF shall send a NAS security mode establishment message and encrypt and integrity protect the NAS security mode establishment message using K _NASenc and K _NASint . The NAS security mode establishment message may carry the following information: the replayed UE security functions, the selected NAS algorithm, and the key identifier used to identify the _KAMF , such as ngKSI. The NASSMC message may also include: K_AMF_change_flag (carried in the additional 5G security parameters IE specified in 3GPP TS24.501) to indicate the newly calculated _KAMF , the flag requesting a complete initial NAS message, and the inter-architecture anti-downgrade attack parameter (ABBA). When _{the KAMF} is horizontally derived during the mobility registration update process or during multiple registrations in the same PLMN, the K_AMF_change_flag shall be included in the NAS security mode establishment message. According to the _KAMF indicated by the key identifier used to identify the KAMF in the NAS security mode establishment message, the message shall be integrity protected (but not encrypted) using the NAS integrity key K _NASint based on _{the KAMF .} If the network supports interworking using the N26 interface between the network node (Mobility Management Entity, MME) and the AMF, the target AMF shall also include the selected EPS NAS algorithm used after moving to the Evolved Packet System (EPS) in the NAS Security Mode Establishment message. The UE shall save the algorithm used after moving to EPS. The AMF shall save the selected EPS algorithm in the UE security context.

In an embodiment of the present invention, the NAS security mode establishment message sent by the target AMF to the UE may carry the NAS_AS identifier of the target AMF. In specific implementation, the NAS_AS identifier may be used as a new parameter, or a reserved field in the message may be used. The NAS uplink decryption of the AMF may be enabled after sending the NAS security mode establishment message.

After receiving the NAS security mode establishment message, the UE can decrypt the NAS security mode establishment message and perform integrity verification. Specifically, it can include: checking whether the security capabilities sent by the target AMF match the security capabilities stored in the UE to ensure that attackers do not modify these security capabilities, and using the NAS integrity algorithm indicated in the NAS security mode establishment message and the NAS integrity key based on K _AMF indicated by ngKSI to verify the integrity.

It should be noted that if the NAS security mode establishment message includes K_AMF_change_flag, the UE should generate a new _KAMF and set NAS COUNT to zero. If the integrity verification of the NAS security mode establishment message is successful, the UE should use the security context indicated by ngKSI for NAS integrity protection and encryption/decryption. In an embodiment of the present invention, if the UE is an upgraded device, the cryptographic algorithm suite specified by NAS_AS can be identified and saved from the NAS security mode establishment message, and _KNASenc and _KNASint are derived through the first _KAMF . If the UE is a non-upgraded device, the default basic cryptographic algorithm suite is used, and _KNASenc and _KNASint are derived through the first _KAMF .

If the UE successfully verifies the integrity of the NAS security mode establishment message, the UE can send an encrypted, integrity-protected NAS security mode establishment completion message to the target AMF. Specifically, the NAS security mode establishment completion message can be encrypted and integrity-protected using K _NASenc and the K _NASint . Thereafter, the UE turns on the transmission encryption of the NAS uplink and the transmission decryption of the NAS downlink. If the target AMF requests a permanent equipment identifier (PEI) in the NAS SMC message, the NAS security mode establishment completion message sent by the UE can also carry the PEI. If K _AMF horizontal derivation is performed, the AMF shall set NAS COUNT to zero. The UE may include a complete initial NAS message.

If the UE fails to verify the integrity of the NAS security mode establishment message, the UE may return a NAS security mode reject message. The NAS security mode reject message and all subsequent NAS messages shall be protected using the previous (if any) 5G NAS security context. If no 5G NAS security context exists before the NAS security mode reject message, the NAS security mode reject message will not be protected. It should be noted that if the uplink NAS COUNT is reset by sending a NAS security mode reject message, the UE releases the NAS connection without sending a NAS security mode reject message.

Step 104: When receiving the NAS security mode establishment completion message sent by the UE, decrypt the NAS security mode establishment completion message and perform NAS integrity verification.

In specific implementation, after receiving the NAS security mode setup complete message sent by the UE, the target AMF can decrypt the NAS security mode setup complete message and verify its integrity. The NAS downlink encryption of the AMF should be enabled through this security context after receiving the NAS security mode setup complete message.

Step 105: When the NAS integrity verification of the NAS security mode establishment completion message is successful, a security mode is established with the terminal.

In specific implementation, the NAS downlink encryption of the target AMF shall be enabled through the security context after receiving the NAS security mode setup complete message. It should be noted that if the target AMF successfully verifies the NAS security mode setup complete message, it can be indicated that the target AMF has successfully confirmed that the SUPI from the home network matches the SUPI used by the UE.

It should be noted that before the UE and the target AMF establish a security mode, a protection mechanism for the initial NAS message can also be established between the UE and the target AMF. The specific instructions are as follows:

In an optional embodiment, the method further comprises the following steps:

An initial NAS message sent by a receiving terminal carries a globally unique temporary identifier GUTI of the terminal;

When the initial NAS message carries a NAS container and the initial message integrity check succeeds, the security context of the terminal is obtained, and the encrypted complete initial NAS message is stored in the NAS container;

Use the target K _AMF to decode the NAS container and obtain the initial NAS message;

Sending a first response message of an initial NAS message to the terminal;

The target _KAMF is the first _KAMF or the second _KAMF , and the second _KAMF is the _KAMF derived from the first _KAMF .

In specific implementation, the UE can send the initial NAS message to the target AMF.

Case 1: If the UE does not have a NAS security context, the initial NAS message may carry only plain text information elements (IE), which may include but are not limited to: user identifier (such as SUCI or GUTI), UE security capabilities, S-NSSAI, ngKSI, an indication that the UE is moving from EPC to 5G, additional GUTI, and an IE containing a Tracking Area Identity (TAU) request from Long Term Evolution (LTE) to 5G New Radio (NR).

Case 2: If the UE has a NAS security context, the initial NAS message can carry not only the above-mentioned IEs sent in plain text, but also the complete initial NAS message. The above-mentioned initial NAS message can be encrypted in the NAS container, and the sent message should be integrity protected. After receiving the initial NAS message, the target AMF will confirm whether the UE has a security context based on the user identifier GUTI carried in the initial NAS message. In other words, if the initial NAS message carries a NAS container, it indicates that the current UE has a security context.

The target AMF can first query locally whether there is a security context for the UE. If the initial NAS message is protected and the target AMF queries locally for the same security context, the target AMF can directly return a response message to the initial NAS message to the UE. If the UE's security context does not exist locally, the historical AMF, here referred to as the source AMF, can be used to query whether there is a security context for the UE. The specific implementation is as follows:

The target AMF can identify the source AMF based on the UE's 5G-GUTI and obtain the security context from the source AMF. Specifically, the target AMF can send a first request message to the source AMF, and the first request message can carry the 5G-GUTI and the initial NAS message received from the UE. Upon receiving the first request message, the source AMF can search for the UE's data in the database and check the integrity protection of the registration request message.

(1) If the UE is found and the integrity protection check is successful, that is, when the UE's security context is found locally and the NAS integrity verification of the initial NAS message is successful, a second response message can be sent to the target AMF. The second response message carries the UE's SPUI to instruct the target AMF to receive the UE's security context. In addition, when the source AMF finds that the UE's security context is found locally and the NAS integrity verification of the initial NAS message is successful, it can be divided into the following two cases and handled separately:

In case 1, when the source AMF does not change the _KAMF according to its local policy, the source AMF will send a second response message back to the target AMF. The second response message may carry the SUPI and possibly any current 5G security context it has.

Case 2: When the source AMF changes the KAMF according to its local _policy , the source AMF will send a second response message back to the target AMF. The second response message may carry SUPI, keyAmfHDerivationInd, and may carry a new 5G security context derived from the current 5G security context it has, that is, a new _KAMF derived based on the current _KAMF . It should be noted that the source AMF can determine the second cryptographic algorithm suite to complete the above steps based on its own algorithm support status. Specifically, if the source AMF has a NAS_AS identifier, the cryptographic algorithm suite specified by NAS_AS is used to derive a new _KAMF from the first _KAMF . If the source AMF does not have a NAS_AS identifier, the cryptographic algorithm suite used by the NAS layer is selected according to the policy to generate NAS_AS. An optional method is: if the source AMF has an AKA_AS identifier, NAS_AS is set to AKA_AS, otherwise NAS_AS is set to the default basic cryptographic algorithm suite, and then the cryptographic algorithm suite specified by NAS_AS is used to derive a new _KAMF from the first _KAMF . In this case, the second response message sent by the source AMF to the target AMF carries the NAS_AS identifier and the new _KAMF , which is referred to as the second _KAMF . The source AMF can then delete the 5G security context it owns.

(2) If the source AMF cannot identify the UE and/or the integrity protection check fails, the source AMF shall send a first indication message indicating that the temporary identifier 5G-GUTI cannot be retrieved, and the first indication information may be carried in the second response message.

If the target AMF receives a response message carrying SUPI, it indicates that the source AMF has queried the security context of the UE, and the target AMF can create an entry and store the 5G security context that may have been received and may be received later. If the received response message also carries the second _KAMF , the target AMF can store NAS_AS and the second _KAMF .

If neither the target AMF nor the source AMF can query the UE's security context, and/or the integrity check of the initial NAS message fails, the target AMF shall initiate the authentication process with the UE. After the 5G AKA protocol is completed, the authentication and authorization are completed between the UE and the access network AMF/SEAF, and K _SEAF is shared. K _AMF is derived from K _SEAF for secure interaction between the UE and AMF.

When the target AMF successfully authenticates the UE, the above-mentioned steps 101 to 105 can be executed, which will not be repeated here. At this point, the NAS message encryption and integrity protection function activation is completed between the UE and the target AMF.

In the embodiments of the present invention, based on the original 3GPP 5G NAS security mode establishment protocol, multiple algorithms can be supported according to the algorithm support status of the network and the terminal, algorithm negotiation for key derivation can be supported, and commercial and international cryptographic algorithms can be adaptively compatible. The compatibility of NAS keys is improved, and it can adapt to authentication under more different network protocols.

Please refer to Figure 2, which is a flow chart of a second method for establishing a security mode provided by an embodiment of the present invention, which is applied to a terminal (UE). As shown in Figure 4, the method for establishing a security mode includes the following steps:

Step 201: Receive a NAS security mode establishment message sent by a target AMF, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate a first cryptographic algorithm suite;

Step 202: decrypt the NAS security mode establishment message and perform NAS integrity verification;

Step 203: Use the first cryptographic algorithm suite to derive K _NASenc and K _NASint through the first _KAMF , where K _NASenc is a key for NAS encryption, K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

Step 204: If the NAS integrity verification of the NAS security mode establishment message is successful, send a NAS security mode establishment completion message to the target AMF, and use the K _NASenc and the K _NASint to encrypt and integrity protect the NAS security mode establishment completion message.

Optionally, the method further comprises:

In case the NAS integrity verification of the NAS security mode setup message is successful, the NAS uplink transmission is encrypted and the NAS downlink transmission is decrypted.

It should be noted that this embodiment is an implementation method corresponding to the terminal in the above method embodiment. Its specific implementation method can refer to the relevant description in the above method embodiment. To avoid repeated description, this embodiment will not be repeated.

Please refer to Figure 3, which is a flowchart of a method for establishing a security mode provided by an embodiment of the present invention, which is applied to the source AMF. The above-mentioned source AMF can be understood as a historical AMF interacting with the UE.

As shown in FIG3 , the security mode establishment method includes the following steps:

Step 301: upon receiving a first request message sent by a target AMF, query whether a security context of the terminal exists locally according to the global unique temporary identifier GUTI of the terminal carried in the first request message, and the first request message also carries an initial NAS message;

Step 302: When it is found that the security context of the terminal exists locally and the NAS integrity verification of the initial NAS message is successful, the second response message is sent to the target AMF, where the second response message carries the SPUI of the terminal, and the SPUI is used to indicate that the target AMF receives the security context of the terminal.

Optionally, the method further comprises:

Determining a second cryptographic algorithm suite according to the algorithm support status of the source AMF;

In the case where the source AMF changes the first _KAMF , deriving the second _KAMF from the first _KAMF using the second cryptographic algorithm suite;

The second response message also carries the second _KAMF , and the second _KAMF is used to decode the complete initial NAS message in the NAS container.

Optionally, determining the second cryptographic algorithm suite according to the algorithm support status of the source AMF includes any one of the following:

If the source AMF supports multiple cryptographic algorithm suites and is configured with a third algorithm identifier corresponding to NAS layer key derivation, the cryptographic algorithm suite identified by the third algorithm identifier is used to determine the second cryptographic algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF supports multiple cryptographic algorithm suites but is not configured with a third algorithm identifier corresponding to NAS layer key derivation, generate a third algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and use the cryptographic algorithm suite identified by the third algorithm identifier as the target algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the source AMF is determined as the second cryptographic algorithm suite.

Optionally, generating a third algorithm identifier corresponding to NAS layer key derivation according to a preset strategy includes:

In a case where the source AMF is configured with a fourth algorithm identifier corresponding to AKA authentication and key derivation, the third algorithm identifier is generated according to the fourth algorithm identifier.

Optionally, before generating, according to a preset strategy, a third algorithm identifier corresponding to NAS layer key derivation, the method further includes:

Receive a fourth algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, the method further includes any one of the following:

When it is found that the security context of the terminal exists locally, the NAS integrity verification of the initial NAS message is successful, and the source AMF does not change the first _KAMF , the second response message is sent to the target AMF, where the second response message carries the SPUI of the terminal and the first _KAMF , and the SPUI is used to instruct the target AMF to receive the security context of the terminal, and the first _KAMF is used to decode the complete initial NAS message in the NAS container;

When it is found that the security context of the terminal does not exist locally, and/or the NAS integrity verification of the initial NAS message fails, a second response message is sent to the target AMF, and the second response message carries first indication information, and the first indication information is used to indicate that the security context of the terminal has not been queried.

It should be noted that this embodiment is an implementation method corresponding to the source AMF in the above method embodiment. Its specific implementation method can refer to the relevant description in the above method embodiment. To avoid repeated description, this embodiment will not be repeated.

A specific implementation of an embodiment of the present invention is described below:

It should be noted that in this implementation, the upgraded device refers to the device that has been implemented according to the solution involved in the embodiment of the present invention, including but not limited to UE, SEAF, AMF, and can support multiple cryptographic algorithm suites, for example, including cryptographic algorithm suite 1, cryptographic algorithm suite 2, cryptographic algorithm suite 3, etc. Generally speaking, all devices support a basic cryptographic algorithm suite, which is defined as cryptographic algorithm suite 1 here. For example, in 5G, the international cryptographic algorithms AES-128 and SHA-256 are used. Non-upgraded devices refer to devices implemented according to existing 3GPP standards and support a basic cryptographic algorithm suite.

In this implementation manner, the cryptographic algorithm support status of the relevant network elements and devices indicates the algorithms supported by the network elements and devices in authentication and key derivation. Upgraded devices can generate the corresponding algorithm identifier XX_AS, and can also recognize the algorithm identifier XX_AS of other devices. Non-upgraded devices may not be able to generate XX_AS, and may not be able to recognize XX_AS of other devices. If XX_AS does not exist, it means that the device XX is a non-upgraded device and only supports cryptographic algorithm suite 1. AKA_AS represents the cryptographic algorithm suite used for AKA authentication and key derivation, generally as an index value. NAS_AS represents the cryptographic algorithm suite used for NAS layer key derivation, generally as an index value.

The implementation methods of XX_AS include but are not limited to the following two:

The first is the algorithm list form. Specifically, XX_AS consists of two parts, one is the supported encryption algorithm list (EAS), and the other is the supported hash algorithm list (IAS). Among them, the supported encryption algorithm list (EAS), for example, can use a bit array to mark all available encryption algorithms, for example, the 0th bit indicates whether encryption algorithm 1 (such as Advanced Encryption Standard (AES)), etc.) is supported, and the 1st bit indicates whether encryption algorithm 2 (such as SM4, etc.) is supported. If a certain bit is 1, it means that the corresponding algorithm is supported, and 0 means that the corresponding algorithm is not supported. The supported hash algorithm list (IAS), for example, can use a bit array to mark all available hash algorithms (including HASH algorithms and corresponding HMAC algorithms), for example, the 0th bit indicates whether hash algorithm 1 (such as SHA256 and HMAC_SHA256, etc.) is supported, and the 1st bit indicates whether hash algorithm 2 (such as SM3 and HMAC_SM3, etc.) is supported. If a certain bit is 1, it means that the corresponding algorithm is supported, and 0 means that the corresponding algorithm is not supported. For example, see FIG4 .

The second is the single-bit format. XX_AS can be represented by one bit: 1 means support for commercial encryption, and 0 means no support for commercial encryption. This method can only support two encryption algorithm negotiations, which can reduce the difficulty of upgrading and transformation.

This implementation is specifically implemented as follows:

1. Protection mechanism of initial NAS message

The initial NAS message is the first NAS message sent after the UE transitions from the idle state, and its specific process is shown in FIG5 .

Step 1: The UE shall send an initial message to the target AMF. If the UE does not have a NAS security context, the initial NAS message shall contain only plain text IEs, namely the user identifier (such as SUCI or GUTI), UE security capabilities, S-NSSAI, ngKSI, an indication that the UE is moving from EPC to 5G, additional GUTI, and an IE containing a TAU request for moving from LTE to NR.

If the UE has a NAS security context, the message sent shall contain the above information sent in plain text and the complete initial NAS message, the initial NAS message is encrypted in the NAS container, and the message sent shall be integrity protected. In the case where the initial message is protected and the target AMF has the same security context, the following steps 2 to 4 can be omitted. In this case, the target AMF shall respond with the complete initial NAS message in the NAS container.

The target AMF identifies whether it needs to obtain the security context from the source AMF based on the UE's 5G-GUTI. If not, step 2a is ignored.

Step 2a: The target AMF identifies the source AMF based on the UE's 5G-GUTI and obtains the security context from the source AMF:

(1) The target AMF sends a message to the source AMF, which contains the 5G-GUTI and the received registration request message.

(2) The source AMF searches the UE’s data in the database and checks the integrity protection of the Registration Request message.

a. If the UE is found and the integrity protection check succeeds, the source AMF shall send back a response message, which shall include the SUPI and possibly any current 5G security context it has, provided that the source AMF does not change the KAMF according to its local policy.

b. If the UE is found and the integrity protection check succeeds, the source AMF shall send a response message when the source AMF changes the KAMF according to its local policy: it shall include SUPI, keyAmfHDerivationInd and may include a new 5G security context derived from the current 5G security context it has.

It should be noted that in step b, if the source AMF is a non-upgraded device, the cryptographic algorithm suite 1 is used for execution; if the source AMF is an upgraded device, the following processing is performed: If NAS_AS exists, the cryptographic algorithm suite specified by NAS_AS is used to derive a new _KAMF from _KAMF . If NAS_AS does not exist, the cryptographic algorithm suite used by the NAS layer is selected according to the policy to generate NAS_AS. For example: if AKA_AS exists, NAS_AS is set to AKA_AS, and a new _KAMF is derived from _KAMF using the cryptographic algorithm suite specified by AKA_AS. Otherwise, NAS_AS is set to cryptographic algorithm suite 1, and a new _KAMF is derived from _KAMF using cryptographic algorithm suite 1. Afterwards, the source AMF can send NAS_AS and the new _KAMF to the target AMF, and delete the 5G security context it owns.

c. If the source AMF cannot identify the UE or the integrity protection check fails, the source AMF shall send a response indicating that the temporary identity 5G-GUTI could not be retrieved.

(3) If the target AMF receives a response message with SUPI, it shall create an entry and store the 5G security context that may have been received.

It should be noted that in step (3), if the target AMF is a non-upgraded device, the above steps are executed. If the target AMF is an upgraded device, NAS_AS and the new KAMF are obtained and saved.)

Step 2: If neither the target AMF nor the source AMF has a security context or the integrity check fails, the target AMF shall initiate the authentication process with the UE.

After the 5G AKA protocol is completed, the authentication is completed between the UE and the access network AMF/SEAF, and K _SEAF is shared. K _AMF is derived from K _SEAF for secure interaction between the UE and AMF. The target AMF can also obtain the UE's security status (Security Capability) through the Registration Request message during the AKA protocol process.

It should be noted that in this implementation, during the 5G AKA authentication process, UDM will select or negotiate the appropriate cryptographic algorithm suite AKA_AS based on the cryptographic algorithm suite support status of ME, AMF/SEAF, AUSF, etc., and according to the policy, for example, cryptographic algorithm suite 1 or cryptographic algorithm suite 2 supported by each device, etc. AKA_AS is used to indicate the cryptographic algorithm suite that ME, SEAF, AUSF and other devices should use in authentication and key derivation. UDM sends AKA_AS to network elements such as ME, gNB, AMF/SEAF, AUSF, and AMF deletes the old NAS_AS. ME, gNB, AMF/SEAF, AUSF and other network elements will calculate authentication parameters and key derivation based on the cryptographic algorithm suite specified by AKA_AS.

Step 3: After successfully authenticating the UE, the target AMF shall send a NAS Security Mode Command (NAS SMC) message. If the initial NAS message sent is integrity protected but fails the integrity check, other AMFs will not be able to decrypt the complete initial NAS message in the NAS container. The target AMF shall include a flag in the NAS Security Mode Setup message to request the UE to send the complete initial NAS message in the NAS Security Mode Setup Complete message.

Step 4: The UE shall send a NAS Security Mode Complete message to the network in response to the NAS Security Mode Setup message. The NAS Security Mode Setup Complete message shall be encrypted and integrity protected. In addition, if the target AMF requests or the UE does not protect the initial NAS message sent, the complete initial NAS message shall be included in the NAS Security Mode Setup Complete message. At this time, the AMF shall respond with the complete initial NAS message in the NAS container.

Step 5: The AMF shall send a response to the initial NAS message. This message shall be encrypted and integrity protected.

2. NAS Security Mode Establishment (Security Mode Command, SMC) Process:

After the 5G AKA protocol is completed, the NAS SMC process needs to be performed between the UE and the AMF. The NAS SMC is used to establish a NAS security context between the UE and the AMF. This process includes round-trip messages between the AMF and the UE. The AMF sends a NAS SMC message to the UE, and the UE returns a NAS SMC message, as shown in Figure 6.

Step 1a: The target AMF activates NAS integrity protection before sending the NAS Security Mode Setup message and derives K _NASenc and K _NASint through _KAMF .

It should be noted that if the target AMF is a non-upgraded device, the above steps are performed using cryptographic algorithm suite 1. If the target AMF is an upgraded device, the following processing is performed: If NAS_AS exists, the cryptographic algorithm suite specified by NAS_AS is used to derive K _NASenc and K _NASint from _KAMF . If NAS_AS does not exist, the cryptographic algorithm suite used by the NAS layer is selected according to the policy to generate NAS_AS. For example, if AKA_AS exists, NAS_AS is set to AKA_AS, and the cryptographic algorithm suite specified by AKA_AS is used to derive K _NASenc and K _NASint from _KAMF . Otherwise, NAS_AS is set to cryptographic algorithm suite 1, and cryptographic algorithm suite 1 is used to derive K _NASenc and K _NASint from _KAMF .

Step 1b: The target AMF sends a NAS security mode establishment message to the UE. The NAS security mode establishment message shall include: the replayed UE security functions, the selected NAS algorithms, and the ngKSI used to identify the KAMF. The NAS security mode establishment message may also include: K_AMF_change_flag (carried in the additional 5G security parameters IE specified in 3GPP TS 24.501) to indicate the newly calculated _KAMF , a flag requesting a complete initial NAS message, and ABBA. When _KAMF is horizontally derived during the mobility registration update process or during multiple registrations in the same PLMN, the K_AMF_change_flag shall be included in the NAS security mode establishment message.

The message shall be integrity protected (but not encrypted) using the NAS integrity key based on the K _AMF indicated by ngKSI in the NAS Security Mode Establishment message. If the network supports interworking using the N26 interface between the MME and the _AMF , the AMF shall also include in the NAS SMC message the selected EPS NAS algorithm to be used after moving to EPS. The UE shall save the algorithm to be used after moving to EPS. The AMF shall save the selected EPS algorithm in the UE security context.

When an AMF change occurs during N2 handover or idle mode mobility, the selected EPS NAS algorithm shall be included in the 5GUE security context and sent to the target AMF.

It should be noted that if the AMF is a non-upgraded device, the above steps are performed using cryptographic algorithm suite 1. If the AMF is an upgraded device, the following processing is performed: The NASSMC sent by the AMF to the ME should contain NAS_AS, where NAS_AS can be used as a new parameter or as a reserved field in the message.

Step 1c: AMF activates NAS uplink decryption after sending the NAS Security Mode Establishment message.

Step 2a: The UE shall validate the NAS Security Mode Establishment message, including checking that the security capabilities sent by the UE AMF match the security capabilities stored in the UE to ensure that these security capabilities have not been modified by an attacker, and verifying the integrity using the indicated NAS integrity algorithm and the KAMF-based NAS integrity keys indicated by ngKSI.

If the NAS security mode establishment message includes K_AMF_change_flag, the UE shall generate a new KAMF and set NAS COUNT to zero. If the integrity verification of the NAS security mode establishment message succeeds, the UE shall use the security context indicated by ngKSI for NAS integrity protection and encryption/decryption.

It should be noted that if the ME is not an upgraded device, the above steps are performed using cryptographic algorithm suite 1. If the ME is an upgraded device, the following processing is performed: NAS_AS is identified and saved from the NAS security mode establishment message. The NAS encryption key K _NASenc and integrity key K _NASint are calculated using the cryptographic algorithm suite specified by NAS_AS, otherwise cryptographic algorithm suite 1 is used for calculation.

Step 2b: The UE sends an encrypted and integrity protected NAS Security Mode Setup Complete message to the AMF. If the AMF requested PEI in the NAS Security Mode Setup message, the NAS Security Mode Setup Complete message shall include the PEI. If KAMF level derivation is performed, the AMF shall set the NAS COUNT to zero. The UE may include the complete initial NAS message.

If the UE's NAS security mode setup message verification fails, the UE shall return a NAS security mode setup reject message. The NAS security mode setup reject message and all subsequent NAS messages shall be protected using the previous (if any) 5G NAS security context, in other words, the 5G NAS security context before the NAS security mode setup message. If no 5G NAS security context exists before the NAS security mode setup message, the NAS security mode setup reject message shall not be protected.

The AMF shall decrypt the NAS Security Mode Setup Complete message and verify its integrity using the key and algorithm indicated in the NAS Security Mode Setup Complete message. The AMF's NAS downlink cipher shall be turned on through this security context after receiving the NAS Security Mode Setup Complete message.

Step 1d: AMF activates NAS downlink encryption.

It should be noted that if the uplink NAS COUNT is reset by sending a NAS security mode setup reject message, the UE releases the NAS connection without sending a NAS security mode setup reject message. If the AMF successfully verifies the NAS security mode setup complete message, it means that the AMF has successfully confirmed that the SUPI from the home network matches the SUPI used by the UE. However, SUPI mismatch is not the only reason for the failure of the integrity verification of the NAS security mode setup complete message on the AMF.

At this point, the UE and AMF have completed the activation of NAS message encryption and integrity protection functions.

Please refer to Figure 7, which is a target AMF provided by an embodiment of the present invention.

As shown in FIG7 , the target AMF 700 includes:

A first determination module 701 is used to determine a first cryptographic algorithm suite according to the algorithm support status of the target AMF when the terminal authentication is successful;

A first derivation module 702 is configured to derive K _NASenc and K _NASint by using the first cryptographic algorithm suite through a first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

A first sending module 703 is configured to send a NAS security mode establishment message to the terminal, and use the K _NASenc and the K _NASint to encrypt and integrity protect the NAS security mode establishment message, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate the first cryptographic algorithm suite;

A first verification module 704 is configured to, upon receiving a NAS security mode establishment completion message sent by the terminal, decrypt the NAS security mode establishment completion message and perform NAS integrity verification;

The first establishing module 705 is configured to establish a security mode with the terminal if the NAS integrity verification of the NAS security mode establishment completion message is successful.

Optionally, the first determining module 701 is used for any of the following:

If the target AMF supports multiple cryptographic algorithm suites and is configured with a first algorithm identifier corresponding to NAS layer key derivation, determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF supports multiple cryptographic algorithm suites but is not configured with a first algorithm identifier corresponding to NAS layer key derivation, generate a first algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the target AMF is determined as the first cryptographic algorithm suite.

Optionally, the first determining module 701 is used to:

In a case where the target AMF is configured with a second algorithm identifier corresponding to AKA authentication and key derivation, the first algorithm identifier is generated according to the second algorithm identifier.

Optionally, the target AMF700 further includes:

The first receiving module is used to receive a second algorithm identifier corresponding to AKA authentication and key derivation sent by a user data manager UDM.

Optionally, the target AMF700 further includes:

The first decryption module is used to decrypt the transmission of the NAS uplink.

Optionally, the target AMF700 further includes:

The first encryption module is used to encrypt the transmission of the NAS downlink.

Optionally, the target AMF700 further includes:

A second receiving module is used to receive an initial NAS message sent by a terminal, where the initial NAS message carries a global unique temporary identifier GUTI of the terminal;

A first acquisition module is configured to acquire a security context of the terminal if the initial NAS message carries a NAS container and the initial message integrity check succeeds, wherein the NAS container stores an encrypted complete initial NAS message;

A first decoding module, configured to decode the NAS container using a target _KAMF to obtain the initial NAS message;

A second sending module, configured to send a first response message of the initial NAS message to the terminal;

The target _KAMF is the first _KAMF or the second _KAMF , and the second _KAMF is a _KAMF derived from the first _KAMF .

Optionally, the first acquisition module is used for any of the following:

In a case where the security context of the terminal is locally queried according to the GUTI, locally querying and acquiring the security context of the terminal;

When the security context of the terminal is not locally queried according to the GUTI, a first request message is sent to the source AMF, and when a second response message sent by the source AMF is received, and the second response message carries the permanent identifier SPUI of the terminal, the security context of the terminal sent by the source AMF is received, and the first request message carries the GUTI.

Optionally, the first decoding module is used for any of the following:

In the case where the second response message also carries the second _KAMF , the second _KAMF is used to decode the NAS container to obtain the initial NAS message.

In a case where the second response message does not carry the second _KAMF , the NAS container is decoded using the first _KAMF to obtain the initial NAS message.

The target AMF700 can implement each process implemented by the method embodiment shown in FIG1 , and can achieve the same beneficial effects. To avoid repetition, it will not be described here.

Please refer to FIG. 8 , which is a terminal provided by an embodiment of the present invention.

As shown in FIG8 , the terminal 800 includes:

The third receiving module 801 is used to receive a NAS security mode establishment message sent by a target AMF, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate a first cryptographic algorithm suite;

A second decryption module 802 is used to decrypt the NAS security mode establishment message and perform NAS integrity verification;

a second derivation module 803, configured to use the first cryptographic algorithm suite to derive K _NASenc and K _NASint through a first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

The third sending module 804 is used to send a NAS security mode establishment completion message to the target AMF when the NAS integrity verification of the NAS security mode establishment message is successful, and use the K _NASenc and the K _NASint to encrypt and integrity protect the NAS security mode establishment completion message.

Optionally, the terminal 800 further includes:

The first processing module is used to encrypt the NAS uplink transmission and decrypt the NAS downlink transmission when the NAS integrity verification of the NAS security mode establishment message is successful.

The terminal 800 can implement each process implemented by the method embodiment shown in FIG. 2 and can achieve the same beneficial effects. To avoid repetition, they will not be described again here.

Please refer to Figure 9, which is a source AMF provided by an embodiment of the present invention.

As shown in FIG9 , the source AMF 900 includes:

The first query module 901 is used to query whether there is a security context of the terminal locally according to the global unique temporary identifier GUTI of the terminal carried in the first request message when receiving the first request message sent by the target AMF, and the first request message also carries an initial NAS message;

The fourth sending module 902 is used to send the second response message to the target AMF when it is found that the security context of the terminal exists locally and the NAS integrity verification of the initial NAS message is successful, wherein the second response message carries the SPUI of the terminal, and the SPUI is used to indicate that the target AMF receives the security context of the terminal.

Optionally, the source AMF 900 further includes:

A second determination module, configured to determine a second cryptographic algorithm suite according to the algorithm support status of the source AMF;

a third derivation module, configured to derive a second _KAMF from the first _KAMF by using the second cryptographic algorithm suite when the source AMF changes the first _KAMF ;

The second response message also carries the second _KAMF , and the second _KAMF is used to decode the complete initial NAS message in the NAS container.

Optionally, the second determining module is used for any of the following:

If the source AMF supports multiple cryptographic algorithm suites and is configured with a third algorithm identifier corresponding to NAS layer key derivation, the cryptographic algorithm suite identified by the third algorithm identifier is used to determine the second cryptographic algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF supports multiple cryptographic algorithm suites but is not configured with a third algorithm identifier corresponding to NAS layer key derivation, generate a third algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and use the cryptographic algorithm suite identified by the third algorithm identifier as the target algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the source AMF is determined as the second cryptographic algorithm suite.

Optionally, the second determining module is used to:

In a case where the source AMF is configured with a fourth algorithm identifier corresponding to AKA authentication and key derivation, the third algorithm identifier is generated according to the fourth algorithm identifier.

Optionally, the source AMF 900 further includes:

The fourth receiving module is used to receive a fourth algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, the source AMF 900 further includes any one of the following:

a second verification module, configured to send the second response message to the target AMF when it is found that the security context of the terminal exists locally, the NAS integrity verification of the initial NAS message succeeds, and the source AMF does not change the first _KAMF , wherein the second response message carries the SPUI of the terminal and the first _KAMF , the SPUI is used to instruct the target AMF to receive the security context of the terminal, and the first _KAMF is used to decode the complete initial NAS message in the NAS container;

The fifth sending module is used to send a second response message to the target AMF when it is found that the security context of the terminal does not exist locally and/or the NAS integrity verification of the initial NAS message fails, wherein the second response message carries first indication information, and the first indication information is used to indicate that the security context of the terminal has not been queried.

The source AMF 900 can implement each process implemented by the method embodiment shown in FIG. 3 and can achieve the same beneficial effects, which will not be described again here to avoid repetition.

An embodiment of the present invention also provides a target AMF, including: a processor, a memory, and a program stored on the memory and executable on the processor. When the program is executed by the processor, each process of the above-mentioned security mode establishment method embodiment applied to the target AMF is implemented, and the same technical effect can be achieved. To avoid repetition, it will not be repeated here.

Specifically, as shown in Figure 10, an embodiment of the present invention also provides a target AMF, including a bus 1001, a transceiver 1002, an antenna 1003, a bus interface 1004, a processor 1005 and a memory 1006.

The processor 1005 is used for:

In the case where the terminal authentication is successful, determining the first cryptographic algorithm suite according to the algorithm support status of the target AMF;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through the first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

The transceiver 10002 is used for:

Sending a NAS security mode establishment message to the terminal, and using the K _NASenc and the K _NASint to encrypt and integrity protect the NAS security mode establishment message, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate the first cryptographic algorithm suite;

The processor 1005 is used for:

Upon receiving a NAS security mode establishment completion message sent by the terminal, decrypting the NAS security mode establishment completion message and performing NAS integrity verification;

In case that the NAS integrity verification of the NAS security mode establishment completion message is successful, a security mode is established with the terminal.

Optionally, the processor 1005 is used for any of the following:

If the target AMF supports multiple cryptographic algorithm suites and is configured with a first algorithm identifier corresponding to NAS layer key derivation, determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF supports multiple cryptographic algorithm suites but is not configured with a first algorithm identifier corresponding to NAS layer key derivation, generate a first algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and determine the cryptographic algorithm suite identified by the first algorithm identifier as the first cryptographic algorithm suite;

If the target AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the target AMF is determined as the first cryptographic algorithm suite.

Optionally, the processor 1005 is configured to:

In a case where the target AMF is configured with a second algorithm identifier corresponding to AKA authentication and key derivation, the first algorithm identifier is generated according to the second algorithm identifier.

Optionally, the transceiver 1002 is further configured to:

Receive the second algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, the processor 1005 is further configured to:

Decrypts NAS uplink transmissions.

Optionally, the processor 1005 is further configured to:

Encrypt NAS downlink transmission.

Optionally, the transceiver 1002 is further configured to:

Receiving an initial NAS message sent by a terminal, where the initial NAS message carries a global unique temporary identifier GUTI of the terminal;

The processor 1005 is further configured to:

When the initial NAS message carries a NAS container and the integrity check of the initial message succeeds, obtaining a security context of the terminal, wherein the encrypted complete initial NAS message is stored in the NAS container;

Decoding the NAS container using the target _KAMF to obtain the initial NAS message;

The transceiver 1002 is also used for:

Sending a first response message of the initial NAS message to the terminal;

The target _KAMF is the first _KAMF or the second _KAMF , and the second _KAMF is a _KAMF derived from the first _KAMF .

Optionally, the processor 1005 is configured to:

In the case where the security context of the terminal is locally queried according to the GUTI, the security context of the terminal is locally queried and acquired; or,

The transceiver 1002 is used for:

When the security context of the terminal is not locally queried according to the GUTI, a first request message is sent to the source AMF, and when a second response message sent by the source AMF is received, and the second response message carries the permanent identifier SPUI of the terminal, the security context of the terminal sent by the source AMF is received, and the first request message carries the GUTI.

Optionally, the processor 1005 is used for any of the following:

In the case where the second response message also carries the second _KAMF , the second _KAMF is used to decode the NAS container to obtain the initial NAS message.

In a case where the second response message does not carry the second _KAMF , the NAS container is decoded using the first _KAMF to obtain the initial NAS message.

In FIG. 10 , a bus architecture (represented by bus 1001) is shown. Bus 1001 may include any number of interconnected buses and bridges. Bus 1001 links various circuits including one or more processors 1005 represented by processor 1005 and memory represented by memory 1006. Bus 1001 may also link various other circuits such as peripherals, voltage regulators, and power management circuits, which are well known in the art and are therefore not further described herein. Bus interface 1004 provides an interface between bus 1001 and transceiver 1002. Transceiver 1002 may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on a transmission medium. Data processed by processor 1005 is transmitted on a wireless medium via antenna 1003. Further, antenna 1003 also receives data and transmits the data to processor 1005.

The processor 1005 is responsible for managing the bus 1001 and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management and other control functions. The memory 1006 can be used to store data used by the processor 1005 when performing operations.

Optionally, the processor 1005 may be a CPU, an ASIC, an FPGA or a CPLD.

An embodiment of the present invention also provides a terminal, comprising: a processor, a memory, and a program stored in the memory and executable on the processor. When the program is executed by the processor, the various processes of the above-mentioned security mode establishment method embodiment applied to the terminal are implemented, and the same technical effect can be achieved. To avoid repetition, it will not be repeated here.

Specifically, as shown in FIG. 11 , an embodiment of the present invention further provides a terminal, including a bus 1101 , a transceiver 1102 , an antenna 1103 , a bus interface 1104 , a processor 1105 and a memory 1106 .

The transceiver 1102 is used for:

receiving a NAS security mode establishment message sent by a target AMF, where the NAS security mode establishment message carries a first identifier, where the first identifier is used to indicate a first cryptographic algorithm suite;

The processor 1105 is used for:

Decrypt the NAS security mode establishment message and perform NAS integrity verification;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through the first _KAMF , wherein the K _NASenc is a key for NAS encryption, the K _NASint is a key for NAS integrity protection, and the first _KAMF is a _KAMF shared between the target AMF and the terminal;

The transceiver 1102 is used for:

If the NAS integrity verification of the NAS security mode establishment message is successful, a NAS security mode establishment completion message is sent to the target AMF, and the NAS security mode establishment completion message is encrypted and integrity protected using the K _NASenc and the K _NASint .

Optionally, the processor 1105 is configured to:

In case the NAS integrity verification of the NAS security mode setup message is successful, the NAS uplink transmission is encrypted and the NAS downlink transmission is decrypted.

In FIG. 11 , a bus architecture (represented by bus 1101) is shown. Bus 1101 may include any number of interconnected buses and bridges. Bus 1101 links various circuits including one or more processors 1105 represented by processor 1105 and memory represented by memory 1106. Bus 1101 may also link various other circuits such as peripherals, voltage regulators, and power management circuits, which are well known in the art and are therefore not further described herein. Bus interface 1104 provides an interface between bus 1101 and transceiver 1102. Transceiver 1102 may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on a transmission medium. Data processed by processor 1105 is transmitted on a wireless medium via antenna 1103. Further, antenna 1103 also receives data and transmits the data to processor 1105.

The processor 1105 is responsible for managing the bus 1101 and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management and other control functions. The memory 1106 can be used to store data used by the processor 1105 when performing operations.

Optionally, the processor 1105 may be a CPU, an ASIC, an FPGA or a CPLD.

An embodiment of the present invention also provides a source AMF, including: a processor, a memory, and a program stored on the memory and executable on the processor. When the program is executed by the processor, the various processes of the above-mentioned security mode establishment method embodiment applied to the source AMF are implemented, and the same technical effect can be achieved. To avoid repetition, it will not be repeated here.

Specifically, as shown in Figure 12, an embodiment of the present invention also provides a source AMF, including a bus 1201, a transceiver 1202, an antenna 1203, a bus interface 1204, a processor 1205 and a memory 1206.

The processor 1205 is used for:

Upon receiving the first request message sent by the target AMF, query whether there is a security context of the terminal locally according to the global unique temporary identifier GUTI of the terminal carried in the first request message, and the first request message also carries an initial NAS message;

The transceiver 1202 is used for:

When it is found that the security context of the terminal exists locally and the NAS integrity verification of the initial NAS message is successful, the second response message is sent to the target AMF, where the second response message carries the SPUI of the terminal, and the SPUI is used to indicate that the target AMF receives the security context of the terminal.

Optionally, the processor 1205 is further configured to:

Determining a second cryptographic algorithm suite according to the algorithm support status of the source AMF;

In the case where the source AMF changes the first _KAMF , deriving the second _KAMF from the first _KAMF using the second cryptographic algorithm suite;

The second response message also carries the second _KAMF , and the second _KAMF is used to decode the complete initial NAS message in the NAS container.

Optionally, the processor 1205 is used for any of the following:

If the source AMF supports multiple cryptographic algorithm suites and is configured with a third algorithm identifier corresponding to NAS layer key derivation, the cryptographic algorithm suite identified by the third algorithm identifier is used to determine the second cryptographic algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF supports multiple cryptographic algorithm suites but is not configured with a third algorithm identifier corresponding to NAS layer key derivation, generate a third algorithm identifier corresponding to NAS layer key derivation according to a preset policy, and use the cryptographic algorithm suite identified by the third algorithm identifier as the target algorithm suite, and the second response message also carries the third algorithm identifier;

If the source AMF does not support multiple cryptographic algorithm suites, a basic cryptographic algorithm suite supported by the source AMF is determined as the second cryptographic algorithm suite.

Optionally, the processor 1205 is configured to:

In a case where the source AMF is configured with a fourth algorithm identifier corresponding to AKA authentication and key derivation, the third algorithm identifier is generated according to the fourth algorithm identifier.

Optionally, the transceiver 1202 is further configured to:

Receive a fourth algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data manager UDM.

Optionally, the transceiver 1202 is further used for any of the following:

When it is found that the security context of the terminal exists locally, the NAS integrity verification of the initial NAS message is successful, and the source AMF does not change the first _KAMF , the second response message is sent to the target AMF, where the second response message carries the SPUI of the terminal and the first _KAMF , and the SPUI is used to instruct the target AMF to receive the security context of the terminal, and the first _KAMF is used to decode the complete initial NAS message in the NAS container;

When it is found that the security context of the terminal does not exist locally, and/or the NAS integrity verification of the initial NAS message fails, a second response message is sent to the target AMF, and the second response message carries first indication information, and the first indication information is used to indicate that the security context of the terminal has not been queried.

In FIG. 12 , a bus architecture (represented by bus 1201) is shown. Bus 1201 may include any number of interconnected buses and bridges. Bus 1201 links various circuits including one or more processors 1205 represented by processor 1205 and memory represented by memory 1206. Bus 1201 may also link various other circuits such as peripherals, voltage regulators, and power management circuits, which are well known in the art and are therefore not further described herein. Bus interface 1204 provides an interface between bus 1201 and transceiver 1202. Transceiver 1202 may be one element or multiple elements, such as multiple receivers and transmitters, providing a unit for communicating with various other devices on a transmission medium. Data processed by processor 1205 is transmitted on a wireless medium via antenna 1203. Further, antenna 1203 also receives data and transmits the data to processor 1205.

The processor 1205 is responsible for managing the bus 1201 and general processing, and can also provide various functions, including timing, peripheral interfaces, voltage regulation, power management and other control functions. The memory 1206 can be used to store data used by the processor 1205 when performing operations.

Optionally, the processor 1205 may be a CPU, an ASIC, an FPGA or a CPLD.

The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, each process of the above-mentioned security mode establishment method embodiment is implemented, and the same technical effect can be achieved. To avoid repetition, it is not repeated here. The computer-readable storage medium is, for example, a ROM, RAM, a magnetic disk or an optical disk.

It should be noted that, in this article, the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, article or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, article or device. In the absence of further restrictions, an element defined by the sentence "comprises a ..." does not exclude the existence of other identical elements in the process, method, article or device including the element.

Through the description of the above implementation methods, those skilled in the art can clearly understand that the above-mentioned embodiment methods can be implemented by means of software plus a necessary general hardware platform, and of course by hardware, but in many cases the former is a better implementation method. Based on such an understanding, the technical solution of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, a magnetic disk, or an optical disk), and includes a number of instructions for enabling a terminal (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the methods described in each embodiment of the present invention.

The embodiments of the present invention are described above in conjunction with the accompanying drawings, but the present invention is not limited to the above-mentioned specific implementation modes, which are merely illustrative rather than restrictive. Under the guidance of the present invention, ordinary technicians in this field can also make many forms without departing from the scope of protection of the present invention and the claims, all of which are within the protection of the present invention.

Claims (27)

1. A security mode establishment method, applied to a target AMF, comprising:

Under the condition that authentication and authentication of the terminal are successful, determining a first cipher algorithm suite according to the algorithm supporting state of the target AMF;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through a first K _AMF, wherein K _NASenc is a key for NAS encryption, K _NASint is a key for NAS integrity protection, and the first K _AMF is K _AMF shared between the target AMF and the terminal;

Sending an NAS security mode establishment message to the terminal, and encrypting and protecting the NAS security mode establishment message with integrity by using the K _NASenc and the K _NASint, wherein the NAS security mode establishment message carries a first identifier, and the first identifier is used for indicating the first cryptographic algorithm suite;

under the condition of receiving an NAS security mode establishment completion message sent by the terminal, decrypting the NAS security mode establishment completion message and performing NAS integrity verification;

and under the condition that the NAS integrity verification of the NAS security mode establishment completion message is successful, establishing a security mode with the terminal.

2. The method of claim 1, wherein the determining a first cryptographic algorithm suite according to the algorithm support status of the target AMF comprises any one of:

Under the condition that the target AMF supports a plurality of cipher algorithm suites and is configured with a first algorithm identifier corresponding to NAS layer key derivation, determining the cipher algorithm suite identified by the first algorithm identifier as the first cipher algorithm suite;

Under the condition that the target AMF supports a plurality of cipher algorithm suites but is not configured with a first algorithm identifier corresponding to NAS layer key derivation, generating a first algorithm identifier corresponding to NAS layer key derivation according to a preset strategy, and determining the cipher algorithm suite identified by the first algorithm identifier as the first cipher algorithm suite;

and determining the basic cryptographic algorithm suite supported by the target AMF as the first cryptographic algorithm suite when the target AMF does not support a plurality of cryptographic algorithm suites.

3. The method of claim 2, wherein the generating the first algorithm identifier corresponding to the NAS layer key derivation according to the preset policy includes:

And under the condition that the target AMF is configured with a second algorithm identifier corresponding to AKA authentication and key derivation, generating the first algorithm identifier according to the second algorithm identifier.

4. The method of claim 3, wherein before generating the first algorithm identifier corresponding to the NAS layer key derivation according to the preset policy, the method further includes:

And receiving a second algorithm identifier corresponding to the AKA authentication and key derivation sent by the user data management UDM.

5. The method of claim 1, wherein after the sending of the NAS security mode setup message to the terminal, the method further comprises:

decrypting the NAS uplink transmissions.

6. The method of claim 1, wherein after receiving the NAS security mode establishment completion message sent by the terminal, the method further comprises:

The NAS downlink transmissions are encrypted.

7. The method according to claim 1, wherein the method further comprises:

Receiving an initial NAS message sent by the terminal, wherein the initial NAS message carries a globally unique temporary identifier GUTI of the terminal;

Acquiring the security context of the terminal under the condition that the initial NAS message carries an NAS container and the initial message integrity check is successful, wherein the NAS container stores the encrypted complete initial NAS message;

Decoding the NAS container by using a target K _AMF to obtain the initial NAS message;

A first response message of the initial NAS message is sent to the terminal;

Wherein the target K _AMF is the first K _AMF or the second K _AMF, and the second K _AMF is K _AMF derived from the first K _AMF.

8. The method according to claim 7, wherein the obtaining the security context of the terminal comprises any one of:

under the condition that the security context of the terminal is queried locally according to the GUTI, acquiring the security context of the terminal in a local query;

And under the condition that the security context of the terminal is not queried locally according to the GUTI, sending a first request message to a source AMF, and under the condition that a second response message sent by the source AMF is received and carries a permanent identifier SPUI of the terminal, receiving the security context of the terminal sent by the source AMF, wherein the first request message carries the GUTI.

9. The method of claim 8, wherein decoding the NAS container using the target K _AMF results in the initial NAS message, comprising any one of:

Decoding the NAS container using the second K _AMF to obtain the initial NAS message if the second response message also carries a second K _AMF;

and decoding the NAS container by using the first K _AMF to obtain the initial NAS message under the condition that the second response message does not carry the second K _AMF.

10. A security mode establishment method, applied to a terminal, comprising:

receiving an NAS security mode establishment message sent by a target AMF, wherein the NAS security mode establishment message carries a first identifier, and the first identifier is used for indicating a first cryptographic algorithm suite;

decrypting the NAS security mode establishment message and verifying the NAS integrity;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through a first K _AMF, wherein K _NASenc is a key for NAS encryption, K _NASint is a key for NAS integrity protection, and the first K _AMF is K _AMF shared between the target AMF and the terminal;

and under the condition that NAS integrity verification of the NAS security mode establishment message is successful, sending a NAS security mode establishment completion message to the target AMF, and encrypting and protecting the NAS security mode establishment completion message by using the K _NASenc and the K _NASint.

11. The method according to claim 10, wherein the method further comprises:

and encrypting the transmission of the NAS uplink and decrypting the transmission of the NAS downlink under the condition that the NAS integrity verification of the NAS security mode establishment message is successful.

12. A security mode establishment method, applied to a source AMF, comprising:

Under the condition that a first request message sent by a target AMF is received, inquiring whether a security context of a terminal exists locally or not according to a globally unique temporary identifier GUTI of the terminal carried by the first request message, wherein the first request message also carries an initial NAS message;

and if the security context of the terminal is queried to exist locally and the NAS integrity verification of the initial NAS message is successful, sending a second response message to the target AMF, wherein the second response message carries a permanent identifier SPUI of the terminal, and the SPUI is used for indicating the target AMF to receive the security context of the terminal.

13. The method according to claim 12, wherein the method further comprises:

Determining a second cryptographic algorithm suite according to the algorithm support state of the source AMF;

In the case of the source AMF altering the first K _AMF, deriving a second K _AMF from the first K _AMF using the second suite of cryptographic algorithms;

Wherein the second response message further carries the second K _AMF, and the second K _AMF is configured to decode a complete initial NAS message in a NAS container.

14. The method of claim 13, wherein the determining a second cryptographic algorithm suite according to the algorithm support status of the source AMF comprises any one of:

Under the condition that the source AMF supports a plurality of cipher algorithm suites and is configured with a third algorithm identifier corresponding to NAS layer key derivation, the cipher algorithm suite identified by the third algorithm identifier is used as the second cipher algorithm suite, and the second response message also carries the third algorithm identifier;

Under the condition that the source AMF supports a plurality of cipher algorithm suites but is not configured with a third algorithm identifier corresponding to NAS layer key derivation, generating a third algorithm identifier corresponding to NAS layer key derivation according to a preset strategy, taking the cipher algorithm suite identified by the third algorithm identifier as the target algorithm suite, and the second response message also carries the third algorithm identifier;

and determining the basic cryptographic algorithm suite supported by the source AMF as the second cryptographic algorithm suite when the source AMF does not support a plurality of cryptographic algorithm suites.

15. The method of claim 14, wherein the generating the third algorithm identifier corresponding to the NAS layer key derivation according to the preset policy includes:

And under the condition that the source AMF is configured with a fourth algorithm identifier corresponding to AKA authentication and key derivation, generating the third algorithm identifier according to the fourth algorithm identifier.

16. The method of claim 15, wherein before generating the third algorithm identifier corresponding to the NAS layer key derivation according to the preset policy, the method further comprises:

And receiving a fourth algorithm identifier corresponding to AKA authentication and key derivation sent by the user data management UDM.

17. The method of claim 12, further comprising any one of:

If the security context of the terminal is queried and the NAS integrity verification of the initial NAS message is successful and the source AMF does not change the first K _AMF, sending the second response message to the target AMF, wherein the second response message carries SPUI of the terminal and the first K _AMF, the SPUI is used for indicating the target AMF to receive the security context of the terminal, and the first K _AMF is used for decoding the complete initial NAS message in a NAS container;

And sending a second response message to the target AMF under the condition that the security context of the terminal does not exist locally and/or NAS integrity verification of the initial NAS message fails, wherein the second response message carries first indication information, and the first indication information is used for indicating that the security context of the terminal is not queried.

18. A target AMF, the target AMF comprising:

The first determining module is used for determining a first cipher algorithm suite according to the algorithm supporting state of the target AMF under the condition that authentication of the terminal is successful;

A first deriving module, configured to derive K _NASenc and K _NASint by using the first cryptographic algorithm suite through a first K _AMF, where K _NASenc is a key for NAS encryption, K _NASint is a key for NAS integrity protection, and a first K _AMF is K _AMF shared between the target AMF and the terminal;

A first sending module, configured to send a NAS security mode establishment message to the terminal, and encrypt and integrity protect the NAS security mode establishment message by using the K _NASenc and the K _NASint, where the NAS security mode establishment message carries a first identifier, and the first identifier is used to indicate the first cryptographic algorithm suite;

the first verification module is used for decrypting the NAS security mode establishment completion message and verifying the NAS integrity under the condition that the NAS security mode establishment completion message sent by the terminal is received;

and the first establishing module is used for establishing a security mode with the terminal under the condition that the NAS integrity verification of the NAS security mode establishment completion message is successful.

19. A terminal, the terminal comprising:

The third receiving module is used for receiving an NAS security mode establishment message sent by the target AMF, wherein the NAS security mode establishment message carries a first identifier, and the first identifier is used for indicating a first cipher algorithm suite;

the second decryption module is used for decrypting the NAS security mode establishment message and verifying the NAS integrity;

A second deriving module, configured to derive K _NASenc and K _NASint by using the first cryptographic algorithm suite through a first K _AMF, where K _NASenc is a key for NAS encryption, K _NASint is a key for NAS integrity protection, and the first K _AMF is K _AMF shared between the target AMF and the terminal;

And a third sending module, configured to send a NAS security mode establishment complete message to the target AMF if the NAS integrity verification of the NAS security mode establishment message is successful, and encrypt and integrity protect the NAS security mode establishment complete message using the K _NASenc and the K _NASint.

20. A source AMF, the source AMF comprising:

The first query module is used for querying whether a security context of the terminal exists locally or not according to a globally unique temporary identifier GUTI of the terminal carried by the first request message under the condition that the first request message sent by the target AMF is received, wherein the first request message also carries an initial NAS message;

A fourth sending module, configured to send a second response message to the target AMF when it is queried that the security context of the terminal exists locally and the NAS integrity verification of the initial NAS message is successful, where the second response message carries a permanent identifier SPUI of the terminal, and SPUI is configured to instruct the target AMF to receive the security context of the terminal.

21. A target AMF is characterized by comprising a transceiver and a processor,

The processor is configured to:

Under the condition that authentication and authentication of the terminal are successful, determining a first cipher algorithm suite according to the algorithm supporting state of the target AMF;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through a first K _AMF, wherein K _NASenc is a key for NAS encryption, K _NASint is a key for NAS integrity protection, and the first K _AMF is K _AMF shared between the target AMF and the terminal;

the transceiver is used for:

Sending an NAS security mode establishment message to the terminal, and encrypting and protecting the NAS security mode establishment message with integrity by using the K _NASenc and the K _NASint, wherein the NAS security mode establishment message carries a first identifier, and the first identifier is used for indicating the first cryptographic algorithm suite;

The processor is configured to:

under the condition of receiving an NAS security mode establishment completion message sent by the terminal, decrypting the NAS security mode establishment completion message and performing NAS integrity verification;

and under the condition that the NAS integrity verification of the NAS security mode establishment completion message is successful, establishing a security mode with the terminal.

22. A terminal, comprising a transceiver and a processor,

The transceiver is used for:

receiving an NAS security mode establishment message sent by a target AMF, wherein the NAS security mode establishment message carries a first identifier, and the first identifier is used for indicating a first cryptographic algorithm suite;

The processor is configured to:

decrypting the NAS security mode establishment message and verifying the NAS integrity;

Using the first cryptographic algorithm suite, deriving K _NASenc and K _NASint through a first K _AMF, wherein K _NASenc is a key for NAS encryption, K _NASint is a key for NAS integrity protection, and the first K _AMF is K _AMF shared between the target AMF and the terminal;

the transceiver is used for:

and under the condition that NAS integrity verification of the NAS security mode establishment message is successful, sending a NAS security mode establishment completion message to the target AMF, and encrypting and protecting the NAS security mode establishment completion message by using the K _NASenc and the K _NASint.

23. A source AMF is characterized by comprising a transceiver and a processor,

The processor is configured to:

Under the condition that a first request message sent by a target AMF is received, inquiring whether a security context of a terminal exists locally or not according to a globally unique temporary identifier GUTI of the terminal carried by the first request message, wherein the first request message also carries an initial NAS message;

the transceiver is used for:

and if the security context of the terminal is queried to exist locally and the NAS integrity verification of the initial NAS message is successful, sending a second response message to the target AMF, wherein the second response message carries a permanent identifier SPUI of the terminal, and the SPUI is used for indicating the target AMF to receive the security context of the terminal.

24. A target AMF, comprising: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the security mode establishment method according to any one of claims 1 to 9.

25. A terminal, comprising: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor, implements the steps of the security mode establishment method according to claim 10 or 11.

26. A source AMF, comprising a source AMF, characterized by comprising the following steps: a processor, a memory and a program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the security mode establishment method according to any of claims 12-17.

27. A computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the steps of the security mode establishment method according to any one of claims 1 to 9, or which computer program, when being executed by a processor, implements the steps of the security mode establishment method according to claim 10 or 11, or which computer program, when being executed by a processor, implements the steps of the security mode establishment method according to any one of claims 12 to 17.