Method and secure system for authenticating the radio evolution network

Abstract

The invention discloses a method for realizing identification in a wireless evolutionary network, comprising: establishing a connection between a mobile station and a wireless evolutionary accessing network, performing two-way identification between the mobile station and a wireless evolutionary network via a wireless evolutionary core network signaling entity, and generating a shared secret key; establishing a safe alliance between the mobile station and the wireless evolutionary core network signaling entity by means of the generated shared secret key. The invention also discloses a wireless evolutionary network safety system in which a safe alliance between the mobile station and the wireless evolutionary core network signaling entity is established for protecting interaction signaling and user data. The invention is based on a developping trend of the wireless evolutionary network, realizes two-way identification between a mobile terminal and the network, the identification is performed in a network layer independent of link layer technic, thereby the identification has general-utility.

Description

technical field [0001] The invention relates to the safety technology of a wireless communication system, in particular to a method and a safety system for realizing authentication of a wireless evolution network. Background technique [0002] The current third generation (3G) communication system such as Code Division Multiple Access 2000 (CDMA2000) network has its own security system and mechanism. The early version of the CDMA2000 1x system, or 1x system for short, uses an authentication method based on CAVE (Cellular Authentication and Voice Encryption) in the circuit domain. When a user requests circuit domain services and location updates, the mobile switching center ( MSC) will initiate user authentication, which is only a one-way authentication of the user by the network; after the authentication is successful, the MSC will send the negotiated key to the base station (BS) to protect the mobile station (MS) and BS This protection only protects the integrity and confi...

AI Technical Summary

Problems solved by technology

[0010] 3) The protection of signaling and user data is more complicated, requiring the protection of certain fields of certain signaling rather than protecting the entire message, which brings difficulties to the judgment and processing of the system;

[0011] 4) The above security mechanism cannot meet the requirements of roaming across access systems

[0025] In the authentication scheme of the existing evolved network shown in Figure 2, two ways of carrying EAP are proposed. The first authentication method is to directly carry EAP on the CDMA2000 link layer. The disadvantage of this method is that there is no existing The standard encapsulation standard of EAP bears the weight of EAP on the CDMA2000 link layer, and a new protocol must be redeveloped. In this way, a long development time is required, and the workload is relatively large; and the use of the first authentication method will make the access authentication and The link layer is coupled, so that the first authentication mechanism is only applicable to the CDMA2000 evolution network, which is very unfavorable for the need to roam between different access systems in the network evolution

[0026] The second authentication method is to use PANA to encapsulate EAP. In the conference data recording scheme, the functions of EP and PAA are realized by CAP. In this way, the CAP must control the data packets of MS before authentication to prevent unauthorized data. Packet access to the network increases the load on the CAP

However, there are many other signaling and user data, such as resource management signaling between MS and BTS, which need to be protected, which are not solved in the existing solutions

[0027] In addition, this existing solution cannot solve the problem of how the MS completes authentication and how to protect signaling and user data in the case of cross-access system roaming

Images