WO2018137352A1 - Network verification method, user equipment, network authentication node and system - Google Patents

Abstract

A network authentication method, user equipment, network authentication node and system. The network authentication method comprises: user equipment sending authentication type indication information as well as ID and PVT of the user equipment to a network authentication node; the network authentication node sending ID and PVT of the network authentication node to the user equipment; the user equipment generating, according to the ID and PVT of the network authentication node, and on the basis of a global public key and a private key based on the identity of the user equipment, a user equipment symmetric key, and generating a first authentication key and a first key derivation key on the basis of the user equipment symmetric key; the network authentication node generating, according to the ID and PVT of the user equipment, and on the basis of a global public key and a private key based on the identity of the network authentication node, a network authentication node symmetric key, and generating a second authentication key and a second key derivation key on the basis of the network authentication node symmetric key; and the network authentication node and the user equipment performing EAP-PSK authentication. The present application enables IBC public key technology to match an existing EAP protocol.

Description

Network authentication method, user equipment, network authentication node and system Technical field

The present application relates to the field of communications technologies, and in particular, to a network authentication method, a user equipment, a network authentication node, and a system.

Background technique

Network authentication between the network authentication node and the user equipment is one of the important links to ensure the normal operation of the communication network.

With the rapid development of the mobile Internet, the convergence of the Internet and communication networks, and the expansion of its carrier network services, more and more devices are beginning to access wireless communication networks operated by operators, including not only existing mobile broadband devices such as mobile phones. (mobile), also includes many vertical Internet of Things (IOT) devices. Existing mobile communication network authentication methods, such as Evolved Packet System (EPS)-authentication and Keyword Authentication (AKA) network authentication in Long Term Evolution (LTE) The method of identity management does not fully satisfy the access of devices in all next-generation wireless communication networks, such as fifth-generation (5G) networks. Therefore, there is a need to establish a more open certification framework and introduce new authentication methods.

In order to enable next-generation wireless communication networks to support a wider variety of devices, the Third Generation Partnership Project (3GPP) standards organization's Security Working Group (SA3) is currently investigating the introduction of an open authentication architecture in 5G networks. Allows devices to access the network using a variety of identities and establish trust relationships using multiple authentication methods. Based on the Extensible Authentication Protocol (EAP) authentication framework, it has become an open and perfect certification after years of development by the Internet Protocol Task Force (IETF) and its widespread use in Internet systems. Agreement system. Therefore, 3GPP SA3 is ready to introduce an EAP-based authentication framework in next-generation wireless communication networks. A specific definition of the EAP authentication framework can be found in RFC 3748, RFC 5247. The EAP authentication framework supports a variety of EAP-based authentication protocols, such as EAP Transport Lay Protocol (EAP-TLS), and EAP Tunneled Transport Lay Protocol (EAP-EAP-based). TTLS), EAP-based shared key authentication method (EAP Pre-Shared Key, EAP-PSK).

In addition to the open authentication framework and the multiple authentication protocols it supports, 3GPP SA3 is also investigating the use of different cryptographic techniques for network authentication, including traditional Public Key Infrastructure (PKI) authentication techniques and new identity-based cryptography. (Identity Based Cryptography, IBC) certification technology. PKI-based technology has been supported in a variety of authentication technologies after years of research and protocol design.

IBC authentication technology provides an identity-based encryption and signature method and is a public key technology. Different from the PKI technology, when the key generation is performed by using the IBC public key technology, a common key center is combined with the ICC public key pre-configured by the key center according to the received identity information (Identification, ID) information of the user equipment. The global parameters of the technology, that is, the global private key and the public key of the key center, generate a private key corresponding to the user equipment ID for the user equipment and send it to the user equipment through the secure channel. In other words, the user equipment ID in the IBC public key technology is the public key. Therefore, it is not necessary to carry information such as the public key and signature necessary for the certificate, and therefore, it has the advantage of being short in length with respect to the certificate. At the same time, for the receiver, since there is no need to verify the signature of the certificate, there is an advantage in the amount of calculation. Network resource consumption and calculations are critical for low-cost IOT devices, so IBC-based public key technologies are more than PKI-based certificates. Suitable for next generation wireless communication networks.

However, since the authentication based on IBC public key technology is still in the development stage, the various authentication methods supported by EAP do not support authentication based on IBC public key technology, so it is impossible to work in 3GPP and its supported EAP authentication framework. IBC-based interactive authentication is performed on the above, and further design is needed in the actual use process, so that the IBC public key technology can match the existing protocols of EAP.

Summary of the invention

The embodiment of the present application provides a network authentication method, a user equipment, a network authentication node, and a system, so that the IBC public key technology can match an existing protocol of the EAP.

The first aspect provides a network authentication system, where the network authentication system includes a user equipment and a network authentication node, where: the user equipment sends an authentication type indication information, an ID of the user equipment, and the The PVT of the user equipment, the authentication type indication information is used to indicate that the user equipment needs to perform identity-based cryptography and shared key EAP-PSK authentication of the scalable authentication protocol. The network authentication node is configured to receive the authentication type indication information, the ID information of the user equipment, and the PVT of the user equipment, where the user equipment is determined according to the authentication type indication information. An identity-based cryptography and EAP-PSK authentication are required, and the ID of the network authentication node and the PVT of the network authentication node are sent to the user equipment. Receiving, by the user equipment, an ID of the network authentication node and a PVT of the network authentication node, according to an ID of the network authentication node, a PVT of the network authentication node, and based on the user equipment Generating a user equipment symmetric key by the private key of the identity and the global public key, generating a first authentication key and a first key derivation key according to the symmetric key of the user equipment, and using the first authentication key and the first key The derivation key and the network authentication node perform EAP-PSK authentication. The network authentication node generates a network authentication node symmetric key according to the ID of the user equipment, the PVT of the user equipment, and the private key and the global public key based on the identity of the network authentication node, according to the network authentication node symmetrically The key generates a second authentication key and a second key deduction key, and performs EAP-PSK authentication with the user equipment by using the second authentication key and the second key derivation key.

In the embodiment of the present application, the user equipment generates a symmetric key of the user equipment according to the ID of the network authentication node, the PVT of the network authentication node, and the IBC identity information based on the private key of the user equipment and the global public key, and the network authentication. The node generates a symmetric key of the network authentication node according to the ID of the user equipment, the PVT of the user equipment, and the IBC identity information such as the private key of the network authentication node and the global public key. The user equipment and the network authentication node use the symmetric key generated by the user as the pre-shared key, which enables the mutual authentication using the EAP-PSK-based authentication method without changing the EAP-PSK authentication protocol interaction and its format. IBC-based interactive authentication is performed on the existing work of 3GPP and its supported EAP authentication framework, so that the IBC public key technology can match the existing protocols of EAP.

In a possible design, the user equipment generates the first authentication key and the first key deduction key according to the user equipment symmetric key in a manner that the network authentication node is further configured to send the The private key expiration date information of the network authentication node, so that the user equipment can further generate the first authentication key and the first secret according to the user equipment symmetric key, the private key expiration date information of the user equipment, and the network authentication node private key expiration date information. Key deduction key. Receiving, by the user equipment, the private key expiration date information of the network authentication node sent by the network authentication node, according to the private key expiration date information of the user equipment, the private key expiration date information of the network authentication node, and the user equipment The symmetric key generates a first authentication key and a first key derivation key. Or the user equipment generates a first authentication key and the first according to at least one of a random number generated by the user equipment and a received random number generated by the network authentication node, and the user equipment symmetric key. Key derivation key.

The network authentication node generates a second authentication key and a second key deduction key according to the network authentication node symmetric key, and the user equipment is further configured to send the private key expiration date information of the user equipment, The network authentication node may further generate the second authentication key and the second key deduction key according to the network authentication node symmetric key, the private key expiration date information of the network authentication node, and the private key expiration date information of the user equipment. Receiving, by the network authentication node, the private key expiration date information of the user equipment sent by the user equipment, according to the private key expiration date information of the network authentication node, the private key expiration date information of the user equipment, and the network authentication node A symmetric key, generating a second authentication key and a second key derivation key. Or the network authentication node generates a second authentication key according to at least one of a random number generated by the network authentication node and a received random number generated by the user equipment, and the network authentication node symmetric key. The second key derivation key.

The authentication type indication information may be an authentication request including an EAP-PSK flag bit and a symmetric key for indicating an identity-based cryptography. Or the authentication type indication information may also be an ID of the user equipment and a PVT of the user equipment.

The user equipment may send the authentication type indication information, the ID of the user equipment, and the PVT of the user equipment by using the access request information. User device and private key expiration date information of the user device. Or the user equipment may send the authentication type indication information by using the access request information, and send the ID of the user equipment and the PVT of the user equipment by using a second message of the EAP-PSK authentication protocol.

The user equipment may send the authentication type indication information, the ID of the user equipment, the PVT of the user equipment, and the private key expiration date information of the user equipment by using the access request information. Or the user equipment may send the authentication type indication information by using the access request information, and send the ID of the user equipment, the PVT of the user equipment, and the private information of the user equipment by using a second message of the EAP-PSK authentication protocol. Key expiration date information.

The network authentication node may send the ID of the network authentication node and the PVT of the network authentication node by using a first message of the EAP-PSK authentication protocol.

The network authentication node may send the ID of the network authentication node, the PVT of the network authentication node, and the private key expiration date information of the network authentication node by using a first message of the EAP-PSK authentication protocol.

In a possible design, the user equipment symmetric key satisfies the formula K_UE=(SSK_UE) ([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF).

The network authentication node symmetric key satisfies the formula K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE).

The K_UE is the user equipment symmetric key, the SSK_UE is the private key of the user equipment, the KPAK is the global public key, the ID_AUSF is the identifier of the network authentication node, the PVT_AUSF is the PVT of the network authentication node, and the K_AUSF is the network authentication node symmetric key, SSK_AUSF For the private key of the network authentication node, KPAK is the global public key, ID_UE is the identifier of the user equipment, PVT_UE is the PVT of the user equipment, G is the elliptic curve generator, and [x]P is the point multiplication of the point P on the elliptic curve. Where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection.

The second aspect provides a user equipment, where the user equipment includes a sending unit, a receiving unit, and an authentication unit, where the sending unit is configured to send, to the network authentication node, the authentication type indication information, the ID of the user equipment, and the The PVT of the user equipment is used to indicate that the user equipment needs to perform identity-based cryptography and a shared key EAP-PSK authentication of the scalable authentication protocol. The receiving unit is configured to receive an ID of the network authentication node sent by the network authentication node and a PVT of the network authentication node. The authentication unit is configured to: according to an ID of the network authentication node, a PVT of the network authentication node, and based on the user equipment Generating a user equipment symmetric key by the private key of the identity and the global public key, generating a first authentication key and a first key derivation key according to the symmetric key of the user equipment, and using the first authentication key and the first key The derivation key and the network authentication node perform EAP-PSK authentication.

The sending unit sends the authentication type indication information, the ID of the user equipment, and the PVT of the user equipment by using the access request information, or sending the authentication type indication information by using the access request information, and adopting EAP-PSK authentication. The second message of the protocol sends the ID of the user equipment and the PVT of the user equipment.

In the embodiment of the present application, the user equipment sends the authentication type indication information, the ID of the user equipment, and the PVT of the user equipment to the network authentication node, and receives the ID and location of the network authentication node sent by the network authentication node. The PVT of the network authentication node is generated, so that the symmetric key of the user equipment can be generated according to the ID of the network authentication node, the PVT of the network authentication node, and the IBC identity information based on the private key of the user equipment and the global public key. Generating a symmetric key as a pre-shared key, generating an authentication key and a key derivation key, and performing EAP-PSK authentication with the network authentication node by using the first authentication key and the first key derivation key, Implementation of EAP-PSK-based authentication method to achieve interactive authentication without changing the EAP-PSK authentication protocol interaction and its format, to perform IBC-based interaction on the existing 3GPP work and its supported EAP authentication framework Authentication enables the IBC public key technology to match the existing protocols of EAP.

In a possible design, the authentication unit generates a first authentication key and a first key deduction key according to the user equipment symmetric key in the following manner:

Generating a first authentication key and a first key deduction secret according to the private key expiration date information of the receiving unit user equipment, the received private key expiration date information of the network authentication node, and the user equipment symmetric key Generating a first authentication key and a first key according to at least one of a random number generated by the user equipment and a received random number generated by the network authentication node, and the user equipment symmetric key Deductive key.

In another possible design, the authentication type indication information is an authentication request that includes an EAP-PSK flag bit and an identity-based cryptographic technique for generating a symmetric key, or the authentication type indication information is the user equipment. ID and PVT of the user equipment.

In another possible design, the sending unit is further configured to send private key expiration date information of the user equipment;

The sending unit sends the authentication type indication information, the ID of the user equipment, the PVT of the user equipment, and the private key expiration date information of the user equipment by using the access request information; or sending the request information through the access request information. The authentication type indication information is sent by the second message of the EAP-PSK authentication protocol, the ID of the user equipment, the PVT of the user equipment, and the private key expiration date information of the user equipment.

In another possible design, the user equipment symmetric key satisfies the formula K_UE=(SSK_UE) ([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF).

The K_UE is the user equipment symmetric key, the SSK_UE is the private key of the user equipment, the KPAK is the global public key, the ID_AUSF is the identifier of the network authentication node, the PVT_AUSF is the PVT of the network authentication node, and the G is the elliptic curve generation element, [x] P represents the point multiplication for the point P on the elliptic curve, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection.

In a third aspect, a network authentication node is provided, the network authentication node comprising a receiving unit, a sending unit, and an authentication unit. The receiving unit is configured to receive the authentication type indication information sent by the user equipment, the ID information of the user equipment, and the PVT of the user equipment. The sending unit, configured to send, according to the authentication type indication information, that the user equipment needs to perform identity-based key technology and EAP-PSK authentication, send the network authentication node to the user equipment ID and PVT of the network authentication node. The authentication unit, And generating a network authentication node symmetric key according to the ID of the user equipment, a PVT of the user equipment, and a private key and a global public key based on the identity of the network authentication node, according to the symmetric key generation of the network authentication node. The second authentication key and the second key derivation key are used to perform EAP-PSK authentication with the user equipment using the second authentication key and the second key derivation key.

The sending unit sends the ID of the network authentication node and the PVT of the network authentication node by using a first message of the EAP-PSK authentication protocol.

In the embodiment of the present application, the network authentication node receives the authentication type indication information sent by the user equipment, the ID information of the user equipment, and the PVT of the user equipment, according to the ID of the user equipment, and the PVT of the user equipment. And generating a network authentication node symmetric key based on the private key and the global public key of the network authentication node identity, using the generated symmetric key as a pre-shared key, and generating a second authentication key according to the network authentication node symmetric key Deriving a key with the second key, and performing EAP-PSK authentication with the user equipment by using the second authentication key and the second key derivation key, which can implement the interaction without changing the EAP-PSK authentication protocol and its format. In this case, the EAP-PSK-based authentication method is used to implement mutual authentication to perform IBC-based interactive authentication on the existing 3GPP work and the supported EAP authentication framework, so that the IBC public key technology can match the existing EAP protocol. .

In a possible design, the authentication unit generates a second authentication key and a second key deduction key according to the network authentication node symmetric key in the following manner:

Generating a second authentication key and a second key deduction key according to the private key expiration date information of the network authentication node, the received private key expiration date information of the user equipment, and the network authentication node symmetric key. Or generating a second authentication key and a second key deduction according to at least one of a random number generated by the network authentication node and the received random number generated by the user equipment, and the network authentication node symmetric key Key.

In another possible design, the authentication type indication information is an authentication request that includes an EAP-PSK flag bit and an identity-based cryptographic technique for generating a symmetric key, or the authentication type indication information is the user equipment. ID and PVT of the user equipment.

In another possible design, the sending unit is further configured to send private key expiration date information of the network authentication node. And sending, by the first message of the EAP-PSK authentication protocol, the sending unit, the ID of the network authentication node, the PVT of the network authentication node, and the private key expiration date information of the network authentication node.

In another possible design, the network authentication node symmetric key satisfies the formula K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE). The K_AUSF is the network authentication node symmetric key, the SSK_AUSF is the private key of the network authentication node, the KPAK is the global public key, the ID_UE is the identifier of the user equipment, the PVT_UE is the PVT of the user equipment, and the G is the elliptic curve generation element, [x] P represents the point multiplication for the point P on the elliptic curve, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection.

A fourth aspect provides a network authentication method, in which a user equipment sends an authentication type indication information, an ID of the user equipment, and a PVT of the user equipment to a network authentication node, where the authentication type indication information is used. The user equipment is instructed to perform shared key EAP-PSK authentication using an identity-based cryptographic technique and an extensible authentication protocol. The network authentication node receives the authentication type indication information sent by the user equipment, the identity identifier ID information of the user equipment, and the public key authentication token PVT of the user equipment. If the network authentication node determines that the user equipment needs to perform the shared key EAP-PSK authentication of the identity-based cryptography and the scalable authentication protocol according to the authentication type indication information, send the network authentication to the user equipment. The ID of the node and the PVT of the network authentication node. Receiving, by the user equipment, an ID of the network authentication node sent by the network authentication node And a PVT of the network authentication node. The user equipment generates a user equipment symmetric key according to the ID of the network authentication node, the PVT of the network authentication node, and the private key and the global public key based on the identity of the user equipment, and according to the symmetric key of the user equipment Generating a first authentication key and a first key derivation key, and performing EAP-PSK authentication with the network authentication node using the first authentication key and the first key derivation key. The network authentication node generates a network authentication node symmetric key according to the ID of the user equipment, the PVT of the user equipment, and the private key and the global public key based on the identity of the network authentication node, according to the network authentication node symmetrically The key generates a second authentication key and a second key deduction key, and performs EAP-PSK authentication with the user equipment by using the second authentication key and the second key derivation key.

The user equipment sends the authentication type indication information, the ID of the user equipment, and the PVT of the user equipment by using the access request information. Or the user equipment sends the authentication type indication information by using the access request information, and sends the ID of the user equipment and the PVT of the user equipment by using a second message of the EAP-PSK authentication protocol. The network authentication node sends the ID of the network authentication node and the PVT of the network authentication node by using a first message of the EAP-PSK authentication protocol.

In a possible design, the generating the first authentication key and the first key derivation key according to the user equipment symmetric key comprises: receiving a private key of the network authentication node sent by the network authentication node The expiration date information is generated according to the private key expiration date information of the user equipment, the private key expiration date information of the network authentication node, and the user equipment symmetric key, to generate a first authentication key and a first key derivation key. Or generating, according to at least one of the random number generated by the user equipment and the received random number generated by the network authentication node, and the user equipment symmetric key, generating a first authentication key and a first key push secret key.

In another possible design, the generating the second authentication key and the second key derivation key according to the network authentication node symmetric key includes: receiving the private key of the user equipment sent by the user equipment The expiration date information generates a second authentication key and a second key deduction key according to the private key expiration date information of the network authentication node, the private key expiration date information of the user equipment, and the network authentication node symmetric key. Or generating a second authentication key and a second key deduction according to at least one of a random number generated by the network authentication node and the received random number generated by the user equipment, and the network authentication node symmetric key Key.

The authentication type indication information is an authentication request that includes an EAP-PSK flag bit and is used to generate a symmetric key based on the identity signature, or the authentication type indication information is an ID of the user equipment and a PVT of the user equipment. .

In another possible design, the user equipment sends the authentication type indication information, the ID of the user equipment, the PVT of the user equipment, and the private key expiration date information of the user equipment by using the access request information. Or the user equipment sends the authentication type indication information by using the access request information, and sends the ID of the user equipment, the PVT of the user equipment, and the private key of the user equipment expired by using the second message of the EAP-PSK authentication protocol. Date information.

In another possible design, the network authentication node sends the ID of the network authentication node, the PVT of the network authentication node, and the private key of the network authentication node by using the first message of the EAP-PSK authentication protocol. Expiration date information.

In another possible design, the user equipment symmetric key satisfies the formula K_UE=(SSK_UE) ([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF). The K_UE is the user equipment symmetric key, the SSK_UE is the private key of the user equipment, the KPAK is the global public key, the ID_AUSF is the identifier of the network authentication node, the PVT_AUSF is the PVT of the network authentication node, and the G is the elliptic curve generation element, [x] P represents the point multiplication for the point P on the elliptic curve, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection.

In another possible design, the network authentication node symmetric key satisfies the formula K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE). The K_AUSF is the network authentication node symmetric key, the SSK_AUSF is the private key of the network authentication node, the KPAK is the global public key, the ID_UE is the identifier of the user equipment, the PVT_UE is the PVT of the user equipment, and the G is the elliptic curve generation element, [x] P represents the point multiplication for the point P on the elliptic curve, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection.

In the embodiment of the present application, the user equipment generates a symmetric key of the user equipment according to the ID of the network authentication node, the PVT of the network authentication node, and the IBC identity information based on the private key of the user equipment and the global public key, and the network authentication. The node generates a symmetric key of the network authentication node according to the ID of the user equipment, the PVT of the user equipment, and the IBC identity information such as the private key of the network authentication node and the global public key. The user equipment and the network authentication node use the symmetric key generated by the user as the pre-shared key, which enables the mutual authentication using the EAP-PSK-based authentication method without changing the EAP-PSK authentication protocol interaction and its format. IBC-based interactive authentication is performed on the existing work of 3GPP and its supported EAP authentication framework, so that the IBC public key technology can match the existing protocols of EAP.

DRAWINGS

FIG. 1 is a schematic structural diagram of a network authentication system according to an embodiment of the present application;

2 is a schematic diagram of an EAP-based authentication framework in the prior art;

3 is a flowchart of implementing EAP-PSK interactive authentication in the prior art;

4 is a schematic structural diagram of a network authentication system according to an embodiment of the present application;

FIG. 5 is a schematic structural diagram of a communication apparatus according to an embodiment of the present application;

FIG. 6 is a flowchart of a network authentication interaction according to an embodiment of the present application;

FIG. 7 is a flowchart of an implementation of a first embodiment according to an embodiment of the present disclosure;

FIG. 8 is a flowchart of an implementation of a second embodiment according to an embodiment of the present disclosure;

FIG. 9 is a flowchart of an implementation of a third embodiment according to an embodiment of the present disclosure;

FIG. 10 is a flowchart of an implementation of a fourth embodiment according to an embodiment of the present disclosure;

FIG. 11 is a flowchart of an implementation of a fifth embodiment according to an embodiment of the present disclosure;

FIG. 12 is a schematic structural diagram of a user equipment and a network authentication node according to an embodiment of the present disclosure.

detailed description

The technical solutions in the embodiments of the present application will be described below with reference to the accompanying drawings.

FIG. 1 is a schematic structural diagram of a network authentication system according to an embodiment of the present application. As shown in FIG. 1, the network authentication system 100 can include a user equipment 10, a network authentication node 20 (such as an Authentication Server Function (AUSF)), a Security Anchor Function (SEAF) 30, and an authentication context storage and processing. Authentication Credential Repository and Processing Function (ARPF) 40. The user equipment 10 may include a user terminal such as a mobile phone, a tablet computer, a notebook computer, a mobile Internet device (MID), a wearable device (such as a smart watch, a smart bracelet, a pedometer, etc.), and may also include IoT devices can also include other communication devices. The AUSF provides network authentication services for all users accessing the network and interacts with ARPF and SEAF. It is the endpoint for receiving the request information of the SEAF, and can also be configured in a third-party system. SEAF is used for authentication network functions. Mainly interacts with AUSF and user equipment. For AKA authentication, SEAF receives the intermediate key from the AUSF and is responsible for session key management of the user equipment. ARPF storage is used for The network function of the long-term security context of authentication and encryption algorithms can also be used to store security-related user profiles.

It should be noted that the various network function nodes (such as SEAF, AUSF, ARPF, etc.) shown in FIG. 1 are the names appearing in the current 3GPP SA3 Standard Organization Document and Technical Report (TR), and these names may be changed, such as Renaming, network function merging, splitting, etc., the application is not limited to the names of these network function nodes and which network elements are specifically configured in these network elements. The same applies to other network elements that implement similar functions.

In FIG. 1, the user equipment 10 can perform mutual authentication with the AUSF by using an access network element such as a base station (NodeB), a base station controller (Radio Network Controller, RNC) or an access gateway that provides the network access service function for the user equipment 10. . The following embodiments of the present application mainly describe an interactive authentication process between the user equipment 10 and the network authentication node 20.

The EAP-PSK interactive authentication may be performed between the user equipment 10 and the network authentication node 20 based on the EAP-PSK protocol supported by the EAP-based authentication framework. Figure 2 shows a schematic diagram of an EAP-based authentication framework. In FIG. 2, the EAP-based authentication framework is mainly composed of three entities, namely, an authentication request client (Supplicant) on the user equipment side, an authentication node (Authenticator) on the access network, and an authentication server (Server) on the network side. Supplicant is the entity responsible for running the EAP authentication protocol framework on the terminal side. It contains the interface with the key storage entity. The Authenticator is responsible for the relay of authentication messages and the distribution of session keys. The server is responsible for network side authentication.

FIG. 3 is a flowchart showing an implementation of EAP-PSK interactive authentication between the user equipment 10 and the network authentication node 20 in the prior art. See Figure 3, including:

S101: The network authentication node 20 sends a first message to the user equipment 10, where the first message includes a random number (RAND_S) and identification information (ID_S) of the network authentication node 20.

S102: The user equipment 10 sends a second message to the network authentication node 20, where the second message includes a random number (RAND_S) generated by the network authentication node 20, and a random number (RAND_P) generated by the user equipment 10 and the user equipment 10 Identification information (ID_P).

S103: The network authentication node 20 sends a third message, where the third message includes a message authentication code (MAC) generated by using the pre-shared key for the third message, and is used for user equipment 10 authentication. The network authentication node 20 can be represented as MAC_S.

S104: After the user equipment 10 receives the third message sent by the network authentication node 20, the user equipment 10 generates and sends a fourth message, where the fourth message also includes a MAC generated by using the pre-shared key. The user equipment 10 is authenticated by the network authentication node 20.

After the above interaction process, the user equipment 10 and the network authentication node 20 use the random number and its pre-shared key contained in the interactive information to generate a session key for the user equipment 10 and the network authentication node 20 to use in subsequent communications. The specific session key generation method can be found in RFC 4764.

The user equipment 10 and the network authentication node 20 may also perform mutual authentication based on the IBC public key technology. In the process of interactive authentication based on the IBC public key technology, the key center owns the private key s, and generates a global public key (KPAK) using the private key and global parameters, and generates a signature for the user equipment 10 when the key center generates a signature. In the case of the private key, the key center generates a random number first, and then uses the random number and the ID of the user equipment 10, and other global parameters, to generate a private key (SSK) for the user equipment 10, and To use the random number, a Public Key Authentication Token (PVT) is generated, and the SSK, PVT, and KPAK are sent to the user equipment 10 in combination. The user equipment 10 signs the message using the SSK and sends the signed message to the network authentication node 20, the signed message containing the user's ID and its PVT. Network authentication node 20 can use the KPAK saved by itself, and the received ID of the user equipment 10 and the PVT verify the signature of the message.

The user equipment 10 and the network authentication node 20 use the above method to perform the mutual authentication process. The "multiple authentication methods supported by the EAP do not support the authentication based on the IBC public key technology, and therefore cannot be implemented in the 3GPP. Technical issues of IBC-based interactive authentication over existing work and the EAP authentication framework it supports.

The interaction authentication method provided by the embodiment of the present application, in combination with the authentication method based on the IBC public key technology and the EAP-PSK-based authentication mode, the user equipment 10 and the network authentication node 20 generate a symmetric key when having an IBC identity and a key. Key, and the symmetric key is used as a pre-shared key. If the EAP-PSK authentication protocol interaction and its format are not changed, the EAP-PSK-based authentication method is used to implement mutual authentication, so as to work in 3GPP and its The IBC-based interactive authentication is performed on the supported EAP authentication framework, so that the IBC public key technology can match the existing protocols of EAP.

The architecture diagram of the network authentication system composed of the user equipment 10 and the network authentication node 20 that implements the mutual authentication based on the authentication method of the IBC public key technology and the EAP-PSK-based authentication method can be as shown in FIG. 4 . In the network authentication system 200 described in FIG. 4, the user equipment 10 and the network authentication node 20 can be functionally divided into an IBC module and an EAP-PSK module. Among them, the IBC module can be used for the management and storage of keys such as SSK, PVT, KPAK, ID and its expiration date, as well as receiving the ID, expiration date and PVT sent by the peer, and the received ID and its expiration. On the day, the PVT or the like performs a legality check. For example, the IBC module of the user equipment 10 can determine whether the received ID is the ID of the network authentication node 20, and whether the date has expired or the like. The IBC module can also be used to generate a symmetric key based on the peer IBC parameters provided by the EAP-PSK module, such as ID, expiration date and PVT, and send the symmetric key to the EAP-PSK module. The functions of the EAP-PSK module include: generation and transmission of EAP-PSK authentication messages, encapsulation of IBC-based parameters such as ID, expiration date, PVT, etc. in EAP-PSK-based messages, and from EAP-PSK messages The IBC-based parameters such as ID, expiration date, PVT, etc. are sent to the IBC module. The symmetric key generated by the IBC module is used for authentication. The session key is further generated according to the key generated after the authentication, and the peer end performs EAP-PSK authentication.

The user equipment 10 or the network authentication node 20 in FIG. 4 can be implemented by the communication device (or system) 300 shown in FIG.

As shown in FIG. 5, the communication device (or system) 300 can include at least one processor 301, a memory 303, and at least one communication interface 304. These components can communicate over one or more communication buses 302.

It should be noted that FIG. 5 is only an implementation manner of the embodiment of the present application. In practical applications, the communication device 300 may further include more or fewer components, which are not limited herein.

Communication interface 304 is for receiving and transmitting radio frequency signals, coupled to the receiver and transmitter of communication device 300. The communication interface 304 communicates with the communication network and other communication devices through radio frequency signals, such as Ethernet, Radio Access Technology (RAN), Wireless Local Area Networks (WLAN), and the like. In a specific implementation, the communication protocol supported by the communication interface 304 may include, but is not limited to, 2G/3G, Long Term Evolution (LTE), Wireless-Fidelity (Wi-Fi), and 5G new radio (New Radio). , NR) and so on.

Memory 303 is coupled to processor 301 for storing various software programs and/or sets of instructions. In particular implementations, memory 303 can include high speed random access memory, and can also include non-volatile memory, such as one or more magnetic disk storage devices, flash memory devices, or other non-volatile solid state storage devices. The memory 303 can store an operating system (hereinafter referred to as a system) such as an embedded operating system such as ANDROID, IOS, WINDOWS, or LINUX. The memory 303 can be used to store implementations of embodiments of the present application. The memory 303 can also store a network communication program that can be used with one or more additional devices, one or more terminal devices, one or more network devices Prepare for communication.

The processor 301 can be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more programs for controlling the execution of the program of the present application. integrated circuit.

In some embodiments, communication device 300 can also include an output device 305 and an input device 306. Output device 305 is in communication with processor 301 and can display information in a variety of ways. For example, the output device 305 can be a liquid crystal display (LCD), a light emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector. Wait. Input device 306 is in communication with processor 301 and can receive user input in a variety of ways. For example, input device 306 can be a mouse, keyboard, touch screen device, or sensing device, and the like. In order to facilitate the user's use of the output device 305 and the input device 306, in some embodiments, the memory 303 may also store a user interface program, which can realistically display the content of the application through a graphical operation interface. The user receives control of the application through input controls such as menus, dialog boxes, and buttons. When the communication device 300 shown in FIG. 5 is implemented as the user equipment 10 shown in FIG. 4, one or more software modules may be stored in the memory of the communication device 300, which may be used to provide an access request, generate a symmetric key, and authenticate the user. For details of the response, etc., refer to the subsequent method embodiments. When the communication device 300 shown in FIG. 5 is implemented as the network authentication node 20 shown in FIG. 4, one or more software modules may be stored in the memory of the communication device 300, which may be used to provide a symmetric key and access user legitimacy. For details, refer to the following method embodiments. For details, refer to the following method embodiments.

The implementation method of the mutual authentication by the user equipment 10 and the network authentication node 20 in combination with the authentication method based on the IBC public key technology and the EAP-PSK based authentication method will be described below.

FIG. 6 is a flowchart of a network authentication interaction provided by an embodiment of the present application. See Figure 6, which includes:

S201: The user equipment 10 sends the authentication type indication information, the ID of the user equipment 10, and the PVT of the user equipment 10 to the network authentication node 20, where the authentication type indication information is used to indicate that the user equipment 10 needs to perform identity-based Cryptography and EAP-PSK certification.

In the embodiment of the present application, the authentication type indication information may be sent by using the access request information. The ID of the user equipment 10 and the PVT of the user equipment 10 may be sent by using the access request information, or may be sent by the second message of the EAP-PSK authentication protocol.

S202: The network authentication node 20 receives the authentication type indication information, the ID information of the user equipment 10, and the PVT of the user equipment 10, and determines the user according to the authentication type indication information. Whether the device 10 needs to perform identity-based cryptography and EAP-PSK authentication.

In the embodiment of the present application, the authentication type indication information sent by the user equipment 10 may be an authentication request including an EAP-PSK flag bit and used to generate a symmetric key based on the identity signature, and the network authentication node 20 receives the EAP-PSK. The flag bit and the authentication request for instructing the identity-based cryptographic technique to generate a symmetric key may determine that the user device 10 needs to perform identity signing and EAP-PSK authentication. The authentication type indication information sent by the user equipment 10 may also be the ID of the user equipment 10 and the PVT of the user equipment 10. The network authentication node 20 receives the ID of the user equipment 10 and the PVT of the user equipment 10, and may determine that the user equipment 10 needs Perform identity verification and EAP-PSK certification.

If the network authentication node 20 determines that the user equipment 10 needs to perform identity-based cryptography and EAP-PSK authentication according to the authentication type indication information, S203 and S204 may be performed.

S203: The network authentication node 20 is configured according to the ID of the user equipment 10 and the PVT of the user equipment 10 Generating a network authentication node 20 symmetric key based on the private key and the global public key of the network authentication node 20, and generating a second authentication key and a second key deduction key according to the network authentication node 20 symmetric key. .

The network authentication node 20 in the embodiment of the present application may be based on the Identity Based Signature (IBS) cryptography of RFC 6507 and its static Diffie-Helleman operation on the elliptic curve group, according to the ID of the user equipment 10, The PVT of the user equipment 10 and the private key and the global public key based on the identity of the network authentication node 20 generate a symmetric key of the network authentication node 20.

In an embodiment of the present application, the user equipment 10 may further send the private key expiration date information of the user equipment 10, so that the network authentication node 20 may according to the network authentication node 20 symmetric key and the private key expiration date information of the network authentication node 20 And the private key expiration date information of the user equipment 10 further generates a second authentication key and a second key deduction key.

The user equipment 10 may send the private key expiration date information of the user equipment 10 through the access request information, or may send the private key expiration date information of the user equipment 10 through the second message of the EAP-PSK authentication protocol.

In another embodiment of the present application, the user equipment 10 may be based on at least one of a random number generated by the user equipment 10 and a received random number generated by the network authentication node 20, and the user equipment 10 is symmetric. The key and further generate an authentication key and a key derivation key.

S204: The network authentication node 20 sends the ID of the network authentication node 20 and the PVT of the network authentication node 20 to the user equipment 10.

In the embodiment of the present application, the network authentication node 20 may send the ID of the network authentication node 20 and the PVT of the network authentication node 20 through the first message of the EAP-PSK authentication protocol.

The execution steps of S203 and S204 are in no particular order.

S205: The user equipment 10 receives the ID of the network authentication node 20 and the PVT of the network authentication node 20 sent by the network authentication node 20, according to the ID of the network authentication node 20, the network authentication node 20 The PVT and the private key and the global public key based on the identity of the user equipment 10 generate a symmetric key of the user equipment 10, and generate a first authentication key and a first key deduction key according to the symmetric key of the user equipment 10, EAP-PSK authentication is performed with the network authentication node 20.

In an embodiment of the present application, the network authentication node 20 may also send the private key expiration date information of the network authentication node 20, so that the user equipment 10 may be based on the user equipment 10 symmetric key, the user equipment 10 private key expiration date information, and the network. The authentication node 20 private key expiration date information further generates a first authentication key and a first key derivation key.

The network authentication node 20 may send the private key expiration date information of the network authentication node 20 through the first message of the EAP-PSK authentication protocol.

In another embodiment of the present application, the network authentication node 20 may further generate, according to the random number generated by the network authentication node 20 and the received random number sum generated by the user equipment 10, and the network. The authentication node 20 symmetrically keys and further generates a second authentication key and a second key deduction key.

S206: The user equipment 10 and the network authentication node 20 perform EAP-PSK authentication using the first authentication key and the first key derivation key. The network authentication node 20 and the user equipment 10 perform EAP-PSK authentication using the second authentication key and the second key derivation key.

It should be noted that, in the embodiment of the present application, the "first" and "second" authentication keys and the key derivation key are conveniently described, and the symmetric key generated by the user equipment is referred to as a user equipment symmetric key. The symmetric key generated by the network authentication node is referred to as a network authentication node symmetric key, and is only used to distinguish whether the keys are generated by the user equipment 10 or generated by the network authentication node 20, and the specific name is not limited. .

It should be further noted that the user equipment 10 performs EAP-PSK authentication with the network authentication node 20, If the authentication is passed, the user equipment symmetric key is the same as the network authentication node symmetric key, the first authentication key is the same as the second authentication key, and the first key derivation key is the same as the second key deduction key.

In the embodiment of the present application, the user equipment 10 generates the symmetry of the user equipment 10 according to the ID of the network authentication node 20, the PVT of the network authentication node 20, and the IBC identity information based on the private key of the user equipment 10 and the global public key. The key, the network authentication node 20 generates a symmetric key of the network authentication node 20 according to the ID of the user equipment 10, the PVT of the user equipment 10, and the IBC identity information of the network authentication node 20 itself and the global public key. The user equipment 10 and the network authentication node 20 use the symmetric key generated by the user as the pre-shared key, and can implement the mutual authentication by using the EAP-PSK-based authentication method without changing the EAP-PSK authentication protocol interaction and its format. IBC-based interactive authentication is performed on the existing work of 3GPP and its supported EAP authentication framework, so that IBC public key technology can match the existing protocols of EAP.

The following describes the process of implementing the interactive authentication by using the IBC public key technology-based authentication method and the EAP-PSK-based authentication method according to the present application in conjunction with a specific embodiment.

In the following embodiments, the user equipment 10 is a UE, and the network authentication node 20 is an AUSF as an example.

Embodiment 1

FIG. 7 is a flowchart of an implementation of a first embodiment provided by the present application. Referring to FIG. 7, the method includes:

S301: The UE sends an access request message (Attach) to the AUSF.

The access request message sent by the UE to the AUSF includes the authentication type indication information, where the authentication type indication information is used to indicate that the UE needs to perform identity-based cryptography (IBC) and EAP-PSK authentication. The authentication type indication information in the embodiment of the present application is an EAP-PSK flag bit and is used to indicate an authentication request for generating a symmetric key based on the identity signature. The embodiment of the present application includes an EAP-PSK flag bit for indicating convenience and is used for indicating identity based. The authentication request for generating a symmetric key by the cryptographic technique is represented by EAP-PSK-IBS. The access request message sent by the UE to the AUSF may also include the ID of the UE, that is, ID_UE.

S302: The AUSF determines whether the UE needs to perform identity-based cryptography and EAP-PSK authentication. The AUSF receives the EAP-PSK-IBS, and can determine that the UE needs to perform identity signing and EAP-PSK authentication. The AUSF can also determine whether the UE needs to perform identity signature and EAP-PSK authentication according to the ID_UE of the UE carried in the attach message.

S303: After confirming that the UE needs to perform identity verification and EAP-PSK authentication, the AUSF sends a first message of the EAP-PSK authentication protocol to the UE, where the first message includes the random number RAND_S generated by the AUSF, and the identity of the AUSF Wherein the identity of the AUSF consists at least of the AUSF's ID (ID_AUSF) and its PTS (PVT_AUSF) corresponding to the IBS private key SSK.

S304: After receiving the first message of the EAP-PSK authentication protocol sent by the AUSF, the UE parses the corresponding parameters, including RAND_S, ID_AUSF, and PVT_AUSF. The UE generates the symmetric key of the UE by using the IBS private key SSK_UE, the elliptic curve generating element G, KPAK, and the received AUSF parameters ID_AUSF, PVT_AUSF, and the symmetric key of the UE can satisfy the following formula:

K_UE=(SSK_UE)([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF).

The K_UE is the UE symmetric key, the SSK_UE is the private key of the UE, the KPAK is the global public key, the ID_AUSF is the identifier of the AUSF, the PVT_AUSF is the PVT of the AUSF, the G is the elliptic curve generating element, and the [x]P is represented on the elliptic curve. Point multiplication of point P, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and || symbolizes a character connection.

In this embodiment of the present application, the UE may further generate the first authentication key required by the EAP-PSK by using the K_UE. (Authentication Key, AK) and the first Key Derivation Key (KDK).

S305: The UE sends a second message of the EAP-PSK authentication protocol to the AUSF, where the second message includes RAND_S, and the random number RAND_P generated by the UE includes the ID_UE and the PVT_UE in the ID field of the EAP-PSK, and the UE According to the EAP-PSK, the AK is used as the message verification code MAC_P generated by the above message, wherein the MAC_P satisfies the following formula:

MAC_P=CMAC-AES-128 (AK, ID_P||ID_S||RAND_S||RAND_P).

Among them, CMAC is a message authentication code, and AES is an encryption algorithm.

S306: After receiving the second message of the EAP-PSK authentication protocol, the AUSF first parses out RAND_S, RAND_UE, ID_UE, and PVT_UE, and then generates a symmetric key of the AUSF by using its own private key SSK_AUSF and its received parameters ID_UE and PVT_UE of the UE. Key K_AUSF, where K_AUSF satisfies the following formula:

K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE);

The K_AUSF is the AUSF symmetric key, the SSK_AUSF is the private key of the AUSF, the KPAK is the global public key, the ID_UE is the identifier of the UE, the PVT_UE is the PVT of the UE, the G is the elliptic curve generating element, and the [x]P is represented on the elliptic curve. Point multiplication of point P, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and || symbolizes a character connection.

In the embodiment of the present application, the AUSF further generates AK and KDK using K_AUSF, and generates a message verification code MAC_P' using the AK and the received information, wherein the MAC_P' satisfies the following formula:

MAC_P'=CMAC-AES-128(AK,ID_P||ID_S||RAND_S||RAND_P);

AUSF can verify MAC_P by MAC_P'.

Further, AUSF uses KDK and RAND_P to generate a session key.

S307: The AUSF sends a third message of the EAP-PSK authentication protocol to the UE, where the third message includes information specified by the EAP-PSK authentication protocol, such as RAND_S and message authentication code MAC.

S308: After receiving the third message of the EAP-PSK authentication protocol sent by the AUSF, the UE generates a session key by using the KDK and the RAND_P.

S309: After receiving the third message of the EAP-PSK authentication protocol sent by the AUSF, the UE sends a fourth message of the EAP-PSK authentication protocol to the AUSF, and the fourth message of the EAP-PSK authentication protocol can be understood as The response message of the UE to the third message of the EAP-PSK authentication protocol sent by the AUSF, which includes information specified by the EAP-PSK authentication protocol such as RAND_S.

In the first embodiment of the present application, the authentication type indication information is an authentication request that includes an EAP-PSK flag bit and is used to generate a symmetric key based on the identity signature, and is sent by using the access request information. The UE sends the ID of the UE and the PVT of the UE by using a second message of the EAP-PSK authentication protocol. The AUSF sends the ID of the AUSF and the PVT of the AUSF through the first message of the EAP-PSK authentication protocol.

Embodiment 2

FIG. 8 is a flowchart of an implementation of a second embodiment provided by the present application. Referring to FIG. 8, the method includes:

In FIG. 8, S401, S402, S407, S408, and S409 are the same as S301, S302, S307, S308, and S309 in the first embodiment, and are not described herein again. Only differences will be described below.

S403: After confirming that the UE needs to perform identity verification and EAP-PSK authentication, the AUSF sends a first message of the EAP-PSK authentication protocol to the UE, where the first message includes the random number RAND_S generated by the AUSF, and the identity of the AUSF , wherein the identity of the AUSF is at least the AUSF ID (ID_AUSF) and the PVT (PVT_AUSF) corresponding to the IBS private key SSK, and the expiration date information of the AUSF corresponding private key (KeyExpireTime_AUSF) composition.

S404: After receiving the first message of the EAP-PSK authentication protocol sent by the AUSF, the UE parses the corresponding parameters, including RAND_S, ID_AUSF, and PVT_AUSF and KeyExpireTime_AUSF. The UE generates the symmetric key of the UE by using the IBS private key SSK_UE, the elliptic curve generating element G, KPAK, and the received AUSF parameters ID_AUSF, PVT_AUSF, and the symmetric key of the UE can satisfy the following formula:

K_UE=(SSK_UE)([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF).

The K_UE is the UE symmetric key, the SSK_UE is the private key of the UE, the KPAK is the global public key, the ID_AUSF is the identifier of the AUSF, the PVT_AUSF is the PVT of the AUSF, the G is the elliptic curve generating element, and the [x]P is represented on the elliptic curve. Point multiplication of point P, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and || symbolizes a character connection.

In this embodiment of the present application, the UE may acquire the key K' using K_UE, KeyExpireTime_UE, and KeyExpireTime_AUSF, where K'=KDF(K_UE, KeyExpireTime_AUSF||KeyExpireTime_UE). KDF is a key derivation function, and one implementation is a cryptographic hash. The UE further generates the AK and KDK required by the EAP-PSK using K'.

S405: The UE sends a second message of the EAP-PSK authentication protocol to the AUSF, where the second message includes RAND_S, and the random number RAND_P generated by the UE, in the ID field of the EAP-PSK, includes ID_UE and PVT_UE, KeyExpireTime_UE, UE According to the EAP-PSK, the AK is used as the message verification code MAC_P generated by the above message, wherein the MAC_P satisfies the following formula:

MAC_P=CMAC-AES-128 (AK, ID_P||ID_S||RAND_S||RAND_P).

S406: After receiving the second message of the EAP-PSK authentication protocol, the AUSF first parses out RAND_S, RAND_UE, ID_UE, PVT_UE, and KeyExpireTime_UE, and then generates the AUSF by using its own private key SSK_AUSF and its received parameters ID_UE and PVT_UE of the UE. Symmetric key symmetric key K_AUSF, where K_AUSF satisfies the following formula:

K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE);

The K_AUSF is the AUSF symmetric key, the SSK_AUSF is the private key of the AUSF, the KPAK is the global public key, the ID_UE is the identifier of the UE, the PVT_UE is the PVT of the UE, the G is the elliptic curve generating element, and the [x]P is represented on the elliptic curve. Point multiplication of point P, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and || symbolizes a character connection.

Further, the AUSF acquires the key K'=KDF (K_AUSF, KeyExpireTime_AUSF||KeyExpireTime_UE) using K_AUSF, KeyExpireTime_AUSF, and KeyExpireTime_UE, and further generates AK and KDK using the above K', and generates MAC_P' using the AK and the received information, wherein, MAC_P '=CMAC-AES-128(A, ID_P||ID_S||RAND_S||RAND_P). AUSF can verify MAC_P by MAC_P'.

Further, AUSF uses KDK and RAND_P to generate a session key.

In this embodiment, the KeyExpireTime_UE sent by the AUSF to the UE and the KeyExpireTime_UE sent by the UE to the AUSF may be different. Therefore, when the UE and the AUSF derive the key, at least one KeyExpireTime may be used, but the KeyExpireTime used on both sides is the same, or It is UE or AUSF. If two are used at the same time, the joint method can be used, and KeyExpireTime=(KeyExpireTime_AUSF||KeyExpireTime_UE).

In the second embodiment of the present application, the authentication type indication information is an authentication request that includes an EAP-PSK flag bit and is used to generate a symmetric key based on the identity signature, and is sent by using the access request information. The UE is also used to send the private key of the UE. The date information is sent, and the authentication type indication information, the ID of the UE, the PVT of the UE, and the private key expiration date information of the UE are sent by using a second message of the EAP-PSK authentication protocol. The AUSF is further configured to send the private key expiration date information of the AUSF, and send the ID of the AUSF, the PVT of the AUSF, and the private key expiration date information of the AUSF by using a first message of the EAP-PSK authentication protocol.

Embodiment 3

FIG. 9 is a flowchart of an implementation of a third embodiment provided by the present application. Referring to FIG. 9, the method includes:

In FIG. 9, S501, S502, S503, S505, S507, S508, and S509 are the same as S301, S302, S303, S305, S307, S308, and S309 in the first embodiment, and are not described herein again. Instructions are given.

The process of receiving and parsing the message in S504 and generating the symmetric key of the UE is the same as the process involved in the first embodiment, except that the derivation of three different keys K' is added in this step.

In this embodiment, the UE may acquire the secret according to at least one of the random number RAND_P allocated by the key center for the UE and the random number RAND_S allocated by the key center to the AUSF, and the symmetric key K_UE of the UE. Key K'. Among them, K' satisfies the following formula:

K' = KDF (K_UE, RAND_S, RAND_P), or K' = KDF (K_UE, RAND_S), or K' = KDF (K_UE, RNAD_P).

The UE further generates AK and KDK using the above K'.

The process of receiving and parsing the message in S506 and generating the symmetric key of the AUSF is the same as the process involved in the first embodiment, except that the derivation of three different keys K' is added in this step.

In the present application, the AUSF may also acquire a key according to at least one of a random number RAND_P allocated by the key center for the UE and a random number RAND_S allocated by the key center to the AUSF, and the AUSF symmetric key K_AUSF. K'. Among them, K' satisfies the following formula:

K' = KDF (K_AUSF, RAND_S, RAND_P), or K' = KDF (K_AUSF, RAND_S), or K' = KDF (K_AUSF, RNAD_P).

AUSF further produces AK and KDK using K' above.

In the third embodiment of the present application, the UE may perform at least one of a random number RAND_P allocated to the UE by the key center and a random number RAND_S allocated by the key center to the AUSF, and a symmetric key K_UE of the UE. Obtaining a key K', at least one of the random number RAND_P allocated by the UE and the random number RAND_S assigned by the key center to the AUSF, and the AUSF symmetric key K_AUSF, acquiring the key K'. The UE and the AUSF further generate AK and KDK with K'.

Embodiment 4

FIG. 10 is a flowchart of an implementation of a fourth embodiment provided by the present application. Referring to FIG. 10, the method includes:

In FIG. 10, S603, S605, S607, S608, and S609 are the same as S303, S305, S307, S308, and S309 in the first embodiment, and are not described herein again. Hereinafter, only differences will be described.

S601: The UE sends an access request message (Attach) to the AUSF, where the access request message includes information such as the authentication type indication information, the ID_UE, the PVT_UE, and the UE private key expiration time KeyExpireTime_UE.

S602: After receiving the access request information sent by the UE, the AUSF parses and acquires the ID_UE, the PVT_UE, the KeyExpireTime_UE, and the like. The AUSF generates a symmetric key symmetric key K_AUSF of the AUSF according to the information provided by the UE.

Further, AUFS generates K'=KDF (K_AUSF, KeyExpireTime_UE), and this step can be set to be optional.

AUSF acquires AK and KDK according to K or K' and EAP-PSK standard RFC 4764.

S604: After receiving the first message of the EAP-PSK authentication protocol sent by the AUSF, the UE parses the corresponding parameters, including RAND_S, ID_AUSF, and PVT_AUSF and KeyExpireTime_AUSF. The UE generates the symmetric key K_UE of the UE using the IBS private key SSK_UE, the elliptic curve generating element G, KPAK, and the received AUSF parameters ID_AUSF, PVT_AUSF.

Further, the UE may acquire the key K'=KDF(K, KeyExpireTime_AUSF||KeyExpireTime_UE) using the above K_UE, KeyExpireTime_UE, and KeyExpireTime_AUSF. The UE may generate K'=KDF (K_UE, KeyExpireTime_AUSF||KeyExpireTime_UE, this step may be set to be optional. The UE may further generate the AK and KDK required by the EAP-PSK using K'.

S606: The AUSF determines, according to the ID_UE, PVT_UE, and the like information provided by the UE, that the UE needs to perform identity-based cryptography and EAP-PSK authentication.

In the fourth embodiment of the present application, the UE sends the authentication type indication information, the ID of the UE, the PVT of the UE, and the private key expiration date information of the UE by using the access request information. The AUSF sends the ID of the AUSF, the PVT of the AUSF, and the private key expiration date information of the AUSF through the first message of the EAP-PSK authentication protocol.

In this embodiment, the KeyExpireTime_UE sent by the AUSF to the UE and the KeyExpireTime_AUSF sent by the UE to the AUSF may be different. Therefore, when the UE and the AUSF derive the key, at least one KeyExpireTime may be used, but the KeyExpireTime used on both sides is the same, or It is UE or AUSF. If two are used at the same time, the joint method can be used, and KeyExpireTime=(KeyExpireTime_AUSF||KeyExpireTime_UE).

Embodiment 5

FIG. 11 is a flowchart of an implementation of a fifth embodiment provided by the present application. Referring to FIG. 11, the method includes:

In FIG. 11, S703, S704, S705, S707, S708, and S709 are the same as S303, S304, S305, S307, S308, and S309 in the first embodiment, and are not described herein again. Hereinafter, only differences will be described.

S701: The UE sends an access request message (Attach) to the AUSF, where the access request message includes information such as ID_UE and PVT_UE.

S702: After receiving the access request information sent by the UE, the AUSF parses and acquires the ID_UE and the PVT_UE, and generates a symmetric key K_AUSF of the AUSF. Further, AUSF acquires AK and KDK according to K_AUSF and EAP-PSK standard RFC4764.

S706: The AUSF determines, according to the ID_UE, PVT_UE, and the like information provided by the UE, that the UE needs to perform identity-based cryptography and EAP-PSK authentication.

In the fifth embodiment of the present application, the AUSF determines that the UE needs to perform identity-based cryptography and EAP-PSK authentication by using information such as ID_UE, PVT_UE, and the like sent by the UE.

The solution provided by the embodiment of the present application is introduced from the perspective of interaction between the network authentication node and the user equipment. It can be understood that the network authentication node and the user equipment include corresponding hardware structures and/or software modules for performing the respective functions in order to implement the above functions. The embodiments of the present application can be implemented in a combination of hardware or hardware and computer software in combination with the elements of the examples and algorithm steps described in the embodiments disclosed in the application. Whether a function is implemented in hardware or computer software to drive hardware depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered to be beyond the scope of the technical solutions of the embodiments of the present application.

The embodiments of the present application may perform a function unit mapping on a network authentication node and a user equipment according to the foregoing method example. For example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logical function division. In actual implementation, there may be another division manner.

When implemented in hardware form, the network authentication node and the user equipment may adopt the structure of the communication apparatus shown in FIG. 5.

When implemented in the form of a software functional unit, the network authentication node and the user equipment may adopt the structure shown in FIG.

Referring to FIG. 12, the user equipment 1000 includes a transmitting unit 1001, a receiving unit 1002, and an authentication unit 1003. The network authentication node 2000 includes a receiving unit 2001, a transmitting unit 2002, and an authentication unit 2003. among them:

The sending unit 1001 is configured to send the authentication type indication information, the ID of the user equipment 1000, and the PVT of the user equipment 1000 to the network authentication node 2000, where the authentication type indication information is used to indicate that the user equipment 1000 needs to be based on Identity cryptography and EAP-PSK certification. The receiving unit 2001 is configured to receive the authentication type indication information sent by the user equipment 1000, the ID information of the user equipment 1000, and the PVT of the user equipment 1000. a sending unit, configured to send, according to the authentication type indication information, that the user equipment 1000 needs to perform identity-based signature and EAP-PSK authentication, send the ID of the network authentication node 2000 to the user equipment 1000, and The PVT of the network authentication node 2000. The receiving unit 1002 is configured to receive an ID of the network authentication node 2000 and a PVT of the network authentication node 2000 sent by the network authentication node 2000. The authentication unit 1003 is configured to generate a symmetric key of the user equipment 1000 according to the ID of the network authentication node 2000, the PVT of the network authentication node 2000, and the private key and the global public key based on the identity of the user equipment 1000. The symmetric key of the user equipment 1000 generates a first authentication key and a first key derivation key, and performs EAP-PSK authentication with the network authentication node 2000 using the first authentication key and the first key derivation key. . The authentication unit 2003 is configured to generate a symmetric key of the network authentication node 2000 according to the ID of the user equipment 1000, the PVT of the user equipment 1000, and the private key and the global public key based on the identity of the network authentication node 2000. The symmetric key of the network authentication node 2000 generates a second authentication key and a second key deduction key, and performs EAP-PSK authentication with the user equipment 1000 using the second authentication key and the second key derivation key. .

The authentication unit 1003 generates a first authentication key and a first key deduction key according to the symmetric key of the user equipment 1000 in the following manner:

The first authentication key and the first key deduction key are generated according to the private key expiration date information of the network authentication node 2000 and the symmetric key of the user equipment 1000 received by the receiving unit 1002. Or the user equipment 1000 generates a first authentication according to at least one of a random number generated by the user equipment 1000 and a received random number generated by the network authentication node 2000, and a symmetric key of the user equipment 1000. The key and the first key derivation key.

The authentication unit 2003 generates a second authentication key and a second key deduction key according to the network authentication node symmetric key in the following manner:

Generating a second authentication key and a second key derivation key according to the received private key expiration date information of the user equipment 1000 and the symmetric key of the network authentication node 2000; or according to the received network At least one of the random number generated by the authentication node 2000 and the random number generated by the user equipment 1000, and the symmetric key of the network authentication node 2000, generates a second authentication key and a second key derivation key.

The authentication type indication information is an authentication request that includes an EAP-PSK flag bit and is used to generate a symmetric key based on the identity signature; or the authentication type indication information is an ID of the user equipment 1000 and the use PVT of the device 1000.

The sending unit 1001 is further configured to send private key expiration date information of the user equipment 1000. The sending unit 1001 sends the authentication type indication information, the ID of the user equipment 1000, the PVT of the user equipment 1000, and the private key expiration date information of the user equipment 1000 by using the access request information; or The request information sends the authentication type indication information, and the ID of the user equipment 1000, the PVT of the user equipment 1000, and the private key expiration date information of the user equipment 1000 are sent by the second message of the EAP-PSK authentication protocol.

The sending unit 2002 is further configured to send the private key expiration date information of the network authentication node 2000; the sending unit 2002 sends the network authentication node 2000 by using the first message of the EAP-PSK authentication protocol. ID, PVT of the network authentication node 2000, and private key expiration date information of the network authentication node 2000.

The symmetric key of the user equipment 1000 satisfies the formula K_UE=(SSK_UE) ([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF); wherein K_UE is a symmetric key of the user equipment 1000 SSK_UE is the private key of the user equipment 1000, KPAK is the global public key, ID_AUSF is the identifier of the network authentication node 2000, PVT_AUSF is the PVT of the network authentication node 2000, G is the elliptic curve generation element, and [x]P is represented on the elliptic curve. Point multiplication of point P, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and || symbolizes a character connection.

The symmetric key of the network authentication node 2000 satisfies the formula K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE); wherein K_AUSF is the symmetric key of the network authentication node 2000 SSK_AUSF is the private key of the network authentication node 2000, KPAK is the global public key, ID_UE is the identifier of the user equipment 1000, PVT_UE is the PVT of the user equipment 1000, G is the elliptic curve generation element, and [x]P represents the point on the elliptic curve. The dot multiplication of P, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character concatenation.

It should be noted that the specific implementations of the user equipments 1000 and the network authentication nodes 2000 may refer to the functions of the user equipment 10 and the network authentication node 20 in the foregoing embodiments, and details are not described herein again.

In summary, the implementation of the embodiment of the present application can implement the mutual authentication by using the EAP-PSK-based authentication method without changing the EAP-PSK authentication protocol interaction and its format, so as to support the existing work in 3GPP and its support. IBC-based interactive authentication on the EAP authentication framework enables IBC public key technology to match EAP's existing protocols.

Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Therefore, the embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, embodiments of the present application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.

Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, devices (systems), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.

The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory include instructions. In the case of an article of manufacture, the instruction means implements the functions specified in a block or blocks of a flow or a flow and/or a block diagram of the flowchart.

These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

It is apparent that those skilled in the art can make various modifications and variations to the embodiments of the present application without departing from the spirit and scope of the application. Thus, it is intended that the present invention cover the modifications and variations of the embodiments of the present invention.

Claims (26)

A network authentication system, comprising: a user equipment and a network authentication node, wherein: The user equipment is configured to send the authentication type indication information, the identity identifier ID of the user equipment, and the public key authentication token PVT of the user equipment to the network authentication node, where the authentication type indication information is used to indicate the location The user equipment needs to perform identity-based cryptography and shared key EAP-PSK authentication of the scalable authentication protocol, and receives the ID of the network authentication node sent by the network authentication node and the PVT of the network authentication node, according to Generating a user equipment symmetric key according to the ID of the network authentication node, the PVT of the network authentication node, and the private key and the global public key based on the identity of the user equipment, and generating a first authentication key according to the symmetric key of the user equipment And deriving a key with the first key, and performing EAP-PSK authentication with the network authentication node by using the first authentication key and the first key derivation key; The network authentication node is configured to receive the authentication type indication information, the ID information of the user equipment, and the PVT of the user equipment, where the user equipment is determined according to the authentication type indication information. And performing the identity-based cryptography and the EAP-PSK authentication, sending the ID of the network authentication node and the PVT of the network authentication node to the user equipment, and according to the ID of the user equipment, the user equipment Generating, by the PVT, a private key and a global public key based on the identity of the network authentication node, a network authentication node symmetric key, and generating a second authentication key and a second key derivation key according to the network authentication node symmetric key, and using The second authentication key and the second key deduction key perform EAP-PSK authentication with the user equipment. The network authentication system according to claim 1, wherein the network authentication node is further configured to send private key expiration date information of the network authentication node, and the user equipment is further configured to send a private key of the user equipment to expire. Date information When the user equipment generates the first authentication key and the first key deduction key according to the user equipment symmetric key, the user equipment is specifically configured to: Receiving, by the network authentication node, the private key expiration date information of the network authentication node, according to the private key expiration date information of the user equipment, the private key expiration date information of the network authentication node, and the user equipment symmetric key, Generating a first authentication key and a first key derivation key; or Generating, by the user equipment, the first authentication key and the first secret according to at least one of a random number generated by the user equipment and a received random number generated by the network authentication node, and the user equipment symmetric key Key deduction key; The network authentication node generates a second authentication key and a second key deduction key according to the network authentication node symmetric key, including: Receiving, by the network authentication node, the private key expiration date information of the user equipment sent by the user equipment, according to the private key expiration date information of the network authentication node, the private key expiration date information of the user equipment, and the network authentication node a symmetric key, generating a second authentication key and a second key derivation key; or Generating, by the network authentication node, a second authentication key according to at least one of a random number generated by the network authentication node and a received random number generated by the user equipment, and the network authentication node symmetric key Two key deduction key. The network authentication system according to claim 1 or 2, wherein the authentication type indication information is an authentication request including an EAP-PSK flag bit and an identity-based cryptographic technique for generating a symmetric key; or The authentication type indication information is an ID of the user equipment and a PVT of the user equipment. The network authentication system according to any one of claims 1 to 3, wherein the user equipment sends the authentication type indication information, the ID of the user equipment, and the PVT of the user equipment by using an access request information. ;or The user equipment sends the authentication type indication information by using the access request information, and sends the ID of the user equipment and the PVT of the user equipment by using a second message of the EAP-PSK authentication protocol. The network authentication system according to any one of claims 1 to 4, wherein the network authentication node sends the ID of the network authentication node and the network authentication through a first message of the EAP-PSK authentication protocol. The PVT of the node. The network authentication system according to any one of claims 1 to 5, wherein the user equipment symmetric key satisfies a formula: K_UE=(SSK_UE)([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF); The network authentication node symmetric key satisfies the formula: K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE); The K_UE is the user equipment symmetric key, the SSK_UE is the private key of the user equipment, the KPAK is the global public key, the ID_AUSF is the identifier of the network authentication node, the PVT_AUSF is the PVT of the network authentication node, and the K_AUSF is the network authentication node symmetric key, SSK_AUSF For the private key of the network authentication node, KPAK is the global public key, ID_UE is the identifier of the user equipment, PVT_UE is the PVT of the user equipment, G is the elliptic curve generator, and [x]P is the point multiplication of the point P on the elliptic curve. Where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection. A user equipment, comprising: a sending unit, configured to send, to the network authentication node, the authentication type indication information, the identity identifier ID of the user equipment, and the public key authentication token PVT of the user equipment, where the authentication type indication information is used to indicate that the user equipment needs Perform shared key EAP-PSK authentication based on identity-based cryptography and extensible authentication protocols; a receiving unit, configured to receive an ID of the network authentication node sent by the network authentication node, and a PVT of the network authentication node; An authentication unit, configured to generate a user equipment symmetric key according to an ID of the network authentication node, a PVT of the network authentication node, and a private key and a global public key based on the identity of the user equipment, according to the symmetric key of the user equipment Generating a first authentication key and a first key derivation key, and performing EAP-PSK authentication with the network authentication node using the first authentication key and the first key derivation key. The user equipment according to claim 7, wherein the authentication unit generates the first authentication key and the first key deduction key according to the user equipment symmetric key in the following manner: Generating a first authentication key and a first key deduction secret according to the private key expiration date information of the user equipment, the private key expiration date information of the network authentication node received by the receiving unit, and the user equipment symmetric key Key; or Generating a first authentication key and a first key deduction key according to at least one of a random number generated by the user equipment and a received random number generated by the network authentication node, and the user equipment symmetric key . The user equipment according to claim 7 or 8, wherein the authentication type indication information is an authentication request including an EAP-PSK flag bit and an indication of an identity-based cryptographic technique to generate a symmetric key; or The authentication type indication information is an ID of the user equipment and a PVT of the user equipment. The user equipment according to any one of claims 7 to 9, wherein the transmitting unit is accessed by Requesting information to send the authentication type indication information, an ID of the user equipment, and a PVT of the user equipment; or Sending the authentication type indication information by using the access request information, and sending the ID of the user equipment, the PVT of the user equipment, and the private key expiration date information of the user equipment by using a second message of the EAP-PSK authentication protocol. The user equipment according to any one of claims 7 to 10, wherein the user equipment symmetric key satisfies a formula: K_UE=(SSK_UE)([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF); The K_UE is the user equipment symmetric key, the SSK_UE is the private key of the user equipment, the KPAK is the global public key, the ID_AUSF is the identifier of the network authentication node, the PVT_AUSF is the PVT of the network authentication node, and the G is the elliptic curve generation element, [x] P represents the point multiplication for the point P on the elliptic curve, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection. A network authentication node, comprising: a receiving unit, configured to receive the authentication type indication information sent by the user equipment, the identity identifier ID information of the user equipment, and the public key authentication token PVT of the user equipment; a sending unit, configured to send, according to the authentication type indication information, that the user equipment needs to perform identity-based key technology and EAP-PSK authentication, send the ID of the network authentication node to the user equipment, and Describe the PVT of the network authentication node; An authentication unit, configured to generate a network authentication node symmetric key according to an ID of the user equipment, a PVT of the user equipment, and a private key and a global public key based on the identity of the network authentication node, according to the network authentication node symmetrically The key generates a second authentication key and a second key deduction key, and performs EAP-PSK authentication with the user equipment by using the second authentication key and the second key derivation key. The network authentication node according to claim 12, wherein the authentication unit generates the second authentication key and the second key deduction key according to the network authentication node symmetric key in the following manner: Generating a second authentication key and a second key deduction key according to the private key expiration date information of the network authentication node, the received private key expiration date information of the user equipment, and the network authentication node symmetric key; or Generating a second authentication key and a second key deduction secret according to at least one of a random number generated by the network authentication node and the received random number generated by the user equipment, and the network authentication node symmetric key key. The network authentication node according to claim 12 or 13, wherein the authentication type indication information is an authentication request including an EAP-PSK flag bit and an identity-based cryptographic technique for generating a symmetric key; or The authentication type indication information is an ID of the user equipment and a PVT of the user equipment. The network authentication node according to any one of claims 12 to 14, wherein the sending unit sends the ID of the network authentication node and the network authentication node by using a first message of the EAP-PSK authentication protocol. PVT. The network authentication node according to any one of claims 12 to 15, wherein the network authentication node symmetric key satisfies a formula: K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE); The K_AUSF is the network authentication node symmetric key, the SSK_AUSF is the private key of the network authentication node, the KPAK is the global public key, the ID_UE is the identifier of the user equipment, the PVT_UE is the PVT of the user equipment, and the G is the elliptic curve generation element, [x] P represents the point multiplication for the point P on the elliptic curve, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection. A network authentication method, comprising: The user equipment sends the authentication type indication information, the identity identifier ID of the user equipment, and the public key authentication token PVT of the user equipment to the network authentication node, where the authentication type indication information is used to indicate that the user equipment needs to perform identity-based Password technology and shared key EAP-PSK authentication for scalable authentication protocols; The user equipment receives an ID of the network authentication node sent by the network authentication node and a PVT of the network authentication node; The user equipment generates a user equipment symmetric key according to the ID of the network authentication node, the PVT of the network authentication node, and the private key and the global public key based on the identity of the user equipment, and according to the symmetric key of the user equipment Generating a first authentication key and a first key derivation key, and performing EAP-PSK authentication with the network authentication node using the first authentication key and the first key derivation key. The method according to claim 17, wherein the generating the first authentication key and the first key derivation key according to the user equipment symmetric key comprises: Receiving, by the network authentication node, the private key expiration date information of the network authentication node, according to the private key expiration date information of the user equipment, the private key expiration date information of the network authentication node, and the user equipment symmetric key, Generating a first authentication key and a first key deduction key; or Generating a first authentication key and a first key deduction key according to at least one of a random number generated by the user equipment and a received random number generated by the network authentication node, and the user equipment symmetric key . The method according to claim 17 or 18, wherein the authentication type indication information is an authentication request including an EAP-PSK flag bit and used to indicate that a symmetric key is generated based on the identity signature; or The authentication type indication information is an ID of the user equipment and a PVT of the user equipment. The method according to any one of claims 17 to 19, wherein the user equipment sends the authentication type indication information, the ID of the user equipment, and the PVT of the user equipment by using access request information; or The user equipment sends the authentication type indication information by using the access request information, and sends the ID of the user equipment and the PVT of the user equipment by using a second message of the EAP-PSK authentication protocol. The method according to any one of claims 17 to 20, wherein the user equipment symmetric key satisfies a formula: K_UE=(SSK_UE)([KPAK+hash(G||KPAK||ID_AUSF||PVT_AUSF)] PVT_AUSF); The K_UE is the user equipment symmetric key, the SSK_UE is the private key of the user equipment, the KPAK is the global public key, the ID_AUSF is the identifier of the network authentication node, the PVT_AUSF is the PVT of the network authentication node, and the G is the elliptic curve generation element, [x] P represents the point multiplication for the point P on the elliptic curve, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection. A network authentication method, comprising: The network authentication node receives the authentication type indication information sent by the user equipment, the identity identification ID information of the user equipment, and the public key authentication token PVT of the user equipment; If the network authentication node determines that the user equipment needs to perform the shared key EAP-PSK authentication of the identity-based cryptography and the scalable authentication protocol according to the authentication type indication information, send the network authentication to the user equipment. The ID of the node and the PVT of the network authentication node; The network authentication node generates a network authentication node symmetric key according to the ID of the user equipment, the PVT of the user equipment, and a private key and a global public key based on the identity of the network authentication node, and is symmetric according to the network authentication node. The key generates a second authentication key and a second key deduction key, and performs EAP-PSK authentication with the user equipment using the second authentication key and the second key derivation key. The method of claim 22, wherein the generating the second authentication key and the second key derivation key according to the network authentication node symmetric key comprises: Receiving, by the user equipment, the private key expiration date information of the user equipment, generating, according to the private key expiration date information of the network authentication node, the private key expiration date information of the user equipment, and the network authentication node symmetric key, generating a second authentication key and a second key derivation key; or Generating a second authentication key and a second key deduction secret according to at least one of a random number generated by the network authentication node and the received random number generated by the user equipment, and the network authentication node symmetric key key. The method according to claim 22 or 23, wherein the authentication type indication information is an authentication request including an EAP-PSK flag bit and used to indicate that a symmetric key is generated based on the identity signature; or The authentication type indication information is an ID of the user equipment and a PVT of the user equipment. The method according to any one of claims 22 to 24, wherein the network authentication node sends the ID of the network authentication node and the network authentication node by using a first message of the EAP-PSK authentication protocol. PVT. The method according to any one of claims 22 to 25, wherein the network authentication node symmetric key satisfies a formula: K_AUSF=(SSK_AUSF)([KPAK+hash(G||KPAK||ID_UE||PVT_UE)] PVT_UE); The K_AUSF is the network authentication node symmetric key, the SSK_AUSF is the private key of the network authentication node, the KPAK is the global public key, the ID_UE is the identifier of the user equipment, the PVT_UE is the PVT of the user equipment, and the G is the elliptic curve generation element, [x] P represents the point multiplication for the point P on the elliptic curve, where x represents an integer, P represents a point on the elliptic curve, hash() represents a cryptographically meaningful hash function, and the || symbol represents a character connection.

Images