Method and device for key negotiation when terminal equipment is switched

Abstract

Embodiments of the present invention provide a method and device for key negotiation when terminal devices are switched, which relate to the communication field and can improve the security of communication between devices in a user identity protocol network architecture. The method is: receive an access request message sent by the router, the access request message includes a user identifier and a terminal device identifier, and send a first authentication request message to the router, so that after the router receives the first authentication request message, it sends The terminal device sends a second authentication request message. Both the first authentication request message and the second authentication request message include a random value generated by the location server, and a device key is generated according to the random value, the shared key, and the terminal device identifier, and the shared key Corresponding to the user identifier, and then sending an access response message to the router, wherein the access response message includes the device key, so that the router generates a session key according to the device key. The embodiment of the present invention is used for key negotiation when terminal equipment is switched.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method and device for negotiating keys when terminal equipment is switched. Background technique [0002] For a long time, the Internet Protocol (IP) address is not only an identifier, that is, the identity of the host, but also a locator, that is, the location of the network, so that the separation between the transport layer and the network layer is not complete enough, and multiple network cards of the same host are connected simultaneously. In the mobile network, IP address reassignment may be caused when the terminal moves, resulting in connection interruption and re-establishment. For the scenario where one user has multiple devices in the future, it is required that the service When traffic is seamlessly switched between multiple devices, the traditional Transmission Control Protocol / Internet Protocol (TCP / IP) network cannot support it. Therefore, it is necessary to str...

AI Technical Summary

Problems solved by technology

[0002] For a long time, the Internet Protocol (IP) address is not only an identifier, that is, the identity of the host, but also a locator, that is, the location of the network, so that the separation between the transport layer and the network layer is not complete enough, and multiple network cards of the same host are connected simultaneously. In the mobile network, IP address reassignment may be caused when the terminal moves, resulting in connection interruption and re-establishment. For the scenario where one user has multiple devices in the future, it is required that the service When traffic is seamlessly switched between multiple devices, the traditional Transmission Control Protocol / Internet Protocol (TCP / IP) network cannot support it. Therefore, it is necessary to strip the host identity identification function of the IP address and introduce The new identifier assumes the function of host identity identification, and the user identifier (User ID) introduced in the User Identity Protocol (User Identity Protocol, UIP) can assume the function of host identity identification

[0003] Among them, a UIP network consists of one or more UIP domains, and a UIP domain consists of a location server (Subscriber Location Server, SLS), one or more routers (Domain Router, DR) and one or more gateways (Gateway, GW) For a user with multiple devices, the UserID is assigned by the operator and remains unchanged. One UserID can be associated with multiple device identifiers (DeviceID). However, in this network architecture, the attacker breaks the same user After the key of a certain device is obtained, the key of this device can be used to attack other devices of the user; if the current session key between the user and DR is compromised, the switched terminal device may be attacked, making Reduced security for UIP domains

Images