Authentication method and device based on generic bootstrapping architecture (GBA)

Abstract

The invention discloses an authentication method and device based on a generic bootstrapping architecture (GBA). The method comprises the steps of: receiving an initial request message which is sent from a user terminal through a bootstrapping server function (BSF), and obtaining and storing authentication parameters and guide authentication parameters from a user attribution server according to a user identification which is carried in the message; receiving and storing the guide authentication parameters which are sent from the BSF through utilizing the user terminal, transmitting the guide authentication parameters to a user card, and receiving the authentication parameters which are set back from the user card; obtaining the corresponding preset secret keys of user authentication module (UAM) product serial numbers through a UAM module, generating random parameters, and generating certification parameters according to the preset secret keys, the random parameters and the authentication parameters and the guide authentication parameters which are set by the user terminal; obtaining the corresponding preset secret key through the BSF according to the UAM product serial numbers carried in the initial request message, and authenticating the certification parameters according to the random parameters, the authentication parameters, the guide authentication parameters and the preset secret keys. Compared with the prior art, the safety of a GBA initial process can be improved.

Description

Technical field [0001] The present invention relates to mobile communication technology, in particular to a GBA-based authentication method and device. Background technique [0002] Generic Bootstrapping Architecture (GBA) is a general security mechanism that uses symmetric keys to complete authentication and key negotiation, and it is part of the Generic Authentication Architecture (GAA). GBA provides a general mechanism for establishing a shared key between a user equipment (User Equipment, UE) and a server based on the 3GPP mutual authentication and key agreement mechanism (Authentication and Key Agreement, AKA). [0003] The GBA related process is usually divided into the GBA initialization phase (this phase will generate the GBA root key Ks) and the GBA-based service access phase (that is, the use of Ks to generate the GBA shared key and use this for service communication). In the initialization process of GBA, through Bootstrapping Server Function (BSF), the UE and HSS / HLR u...

AI Technical Summary

Problems solved by technology

[0021] In the GBA initialization process of the existing mobile multimedia broadcasting service, the UAM protocol version number is only used to identify different UAM manufacturers. Since each UAM module manufacturer can only get one UAM protocol version number, if the UAM manufacturer If the key is leaked or the key is attacked, all UAM products produced by the UAM manufacturer will be compromised, so the security of the GBA initialization process cannot be guaranteed

Images