An access authentication method, communication device and storage medium
By employing a pre-negotiation mechanism and a shared domain key mechanism between satellites and ground stations in the integrated space-ground network, efficient and secure access authentication for user equipment is achieved, solving the problem of low access authentication efficiency in the integrated space-ground network and enhancing network security and reliability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA TELECOM CORP LTD
- Filing Date
- 2024-09-19
- Publication Date
- 2026-06-30
AI Technical Summary
In an integrated space-ground network, when user equipment accesses a ground station, the complex authentication process and high latency lead to low access authentication efficiency and pose security risks.
By establishing a secure channel through a pre-negotiation mechanism between the satellite and the ground station, using shared domain keys and session keys, the system enables mutual authentication among user equipment, the satellite, and the ground station. It also employs a pseudo-identity and shared domain key strategy to enhance anonymity and privacy protection, and ensures security through a domain key update mechanism.
It significantly reduces the time delay of the access authentication process, improves the efficiency and security of access authentication, prevents the leakage of users' real identities, ensures the security of data interaction, adapts to dynamic changes in nodes, and enhances the overall security and reliability of the integrated space-ground network.
Smart Images

Figure CN119211933B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communication technology, and in particular to an access authentication method, a communication device, and a storage medium. Background Technology
[0002] A space-ground integrated network refers to the integration of space-based and ground-based networks to achieve extensive network coverage and data exchange, thus forming a crucial infrastructure for efficient global communication. For example, a space-ground integrated network combines satellite communication systems in space with ground-based network infrastructure to create a large-scale, highly integrated, globally seamless heterogeneous communication network. This provides users with broader communication coverage, enabling low-overhead services such as communication, navigation, and positioning, as well as high-overhead services such as cloud computing and big data from ground stations.
[0003] Currently, in integrated space-ground networks, when user equipment needs to access a ground station via satellite to obtain its services, the entire access authentication process is often inefficient due to the involvement of multiple types of nodes, including the ground station, satellite, and user, caused by complex authentication processes and high-latency communication environments.
[0004] Therefore, how to improve the efficiency of the entire access authentication process while ensuring its security is an urgent problem to be solved. Summary of the Invention
[0005] This application provides an access authentication method, a communication device, and a storage medium to ensure the security of the entire access authentication process while also improving the efficiency of the entire access authentication process.
[0006] Firstly, an access authentication method is provided for satellite applications, the method comprising:
[0007] Receive an access authentication request from a user equipment; wherein the access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station;
[0008] After verifying the legitimacy of the user equipment based on the access authentication request, a first access response message is sent to the user equipment, and a second access response message is sent to the ground station based on the first security channel;
[0009] The first access response message and the second access response message are used by the user equipment and the ground station to generate a first session key. The first session key is used to construct a second secure channel shared by the ground station and the user equipment. The first secure channel is a secure channel shared by the satellite and the ground station.
[0010] In some embodiments, before receiving the access authentication request from the user equipment, the method further includes:
[0011] A pre-negotiation request is sent to the ground station; wherein the pre-negotiation request includes the satellite authentication information of the satellite, and a first timestamp used to characterize when the satellite generated the pre-negotiation request;
[0012] Receive a pre-negotiation request response sent by the ground station; wherein the pre-negotiation request response is sent by the ground station after verifying the satellite's legitimacy based on the satellite authentication information and the first timestamp, and the pre-negotiation request response includes the ground station's ground authentication information, a second timestamp used to characterize the generation of the pre-negotiation request response by the ground station, and a valid timestamp used to characterize the permission to access the ground station;
[0013] Once the ground station is verified to be legitimate based on the ground authentication information, the second timestamp, and the valid timestamp, a second session key is generated based on at least the ground authentication information, the second timestamp, and the shared domain key obtained from the NCC; wherein the shared domain key is generated using CRT, and the second session key is used to construct the first secure channel.
[0014] The pre-negotiation mechanism between the satellite and the ground station allows for mutual authentication and session key negotiation between the ground station and the satellite before the user equipment actually accesses the network. Based on the negotiated session key, a secure channel is established for secure data exchange between the satellite and the ground station. Compared to the existing one-way authentication path, this not only reduces the authentication burden on the user equipment during subsequent access but also significantly reduces the time delay in the access authentication process.
[0015] In some embodiments, the user authentication information is generated by the user equipment based on user registration information and publicly available system parameters provided by the NCC. The user authentication information includes at least: a third timestamp representing the user equipment's generation of the access authentication request, a temporary identity associated with the user equipment, a first temporary public key, a first authentication factor, and a first authentication hash value between the user equipment and the ground station. The first authentication hash value is calculated based at least on the user registration information and the ground identity. Verifying the legitimacy of the user equipment based on the access authentication request includes:
[0016] When the third timestamp is verified to be valid, the pseudo identity of the user equipment is calculated based on at least the temporary identity, the third timestamp, and the shared domain key.
[0017] At least the second authentication hash value of the user equipment is calculated based on the pseudo-identity;
[0018] The first authentication hash factor of the user equipment is calculated based at least on the pseudo identity, the ground identity, the third timestamp, the shared domain key, and the system public parameters.
[0019] If the first verification value calculated based on the second authentication hash value and the first authentication hash factor is equal to the second verification value calculated based on the first authentication factor, then the user equipment is verified as legitimate.
[0020] By employing the strategy of combining pseudo-identity and shared domain key, the anonymity and privacy protection of user equipment are enhanced. Therefore, this mechanism not only prevents the leakage of the user's real identity, but also ensures that the access authentication requests sent by the user equipment are not stolen by unauthorized nodes.
[0021] In some embodiments, the first access response message includes at least a second authentication factor, a second timestamp, the valid timestamp, a satellite identity associated with the satellite and a second temporary public key, a third temporary public key associated with the ground station in the ground authentication information, and a fourth timestamp for characterizing the simultaneous sending of the first access response message and the second access response message; wherein, the second authentication factor is generated at least based on the third authentication factor associated with the ground station in the ground authentication information;
[0022] The second access response message includes at least a fourth authentication factor, the pseudo identity, the first temporary public key, the third timestamp, and the fourth timestamp; wherein the fourth authentication factor is generated based at least on the first authentication hash value and the shared domain key.
[0023] In some embodiments, a first domain key update message is received from the NCC; wherein the first domain key update message includes at least a fifth timestamp representing when the NCC generated the first domain key update message, a domain key update signature, the NCC identity associated with the NCC, and a fourth temporary public key, the domain key update signature being generated by the NCC based on a new shared domain key and a secret reconstruction value, the secret reconstruction value being calculated based on the CRT;
[0024] When the fifth timestamp is verified to be valid, the new shared domain key is determined based on the domain key update signature.
[0025] If the third verification value calculated based on the new shared key is equal to the fourth verification value calculated based on the NCC identity, the fourth temporary public key, and the fifth timestamp, then a second domain key update message is sent to the ground station and the user equipment respectively; wherein, the second domain key update message includes at least the first domain key update message, the sixth timestamp of the satellite generating the second domain key update message, the new temporary public key associated with the satellite, and the new authentication factor.
[0026] By employing the above methods, the secure and effective updating of the shared domain key can be guaranteed even when nodes change dynamically. Furthermore, based on the domain key update signature and verification protocol, it is ensured that all authorized nodes can receive the new and verifiable shared domain key, preventing the unauthorized use of the old shared domain key and thus enhancing the overall security and reliability of the integrated space-ground network.
[0027] In some embodiments, the method further includes:
[0028] During a set time period, N access authentication requests are received from the user equipment; wherein, the N access authentication requests are used to request access to the ground station, and N is an integer greater than 1;
[0029] When all N access authentication requests are verified to be valid based on their respective timestamps, N authentication hash values and N authentication hash factors related to the user equipment are calculated for each of the N access authentication requests.
[0030] The N access authentication requests are validated for validity based on the N authentication hash values and the N authentication hash factors.
[0031] If all N access authentication requests are verified to be valid, the first access response message is sent to the user equipment, and the second access response message is sent to the ground station based on the first security channel.
[0032] The above methods enable a multi-level, efficient batch verification mechanism, allowing the satellite to efficiently process a large number of access authentication requests from user equipment, thereby reducing the satellite resources required to verify a large number of access authentication requests.
[0033] Secondly, an access authentication method is provided, applied to a user equipment, the method comprising:
[0034] Send an access authentication request to the satellite; wherein, the access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station;
[0035] The system receives a first access response message from the satellite; wherein the first access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request; after verifying the validity of the first access response message, the system calculates a first session key based at least on the first access response message; wherein the first session key is used to construct a second secure channel shared by the ground station and the user equipment.
[0036] In some embodiments, the user authentication information is generated by the user equipment based on user registration information and publicly available system parameters provided by the NCC. The user authentication information includes at least: a third timestamp representing the user equipment generating the access authentication request, the user equipment's temporary identity, a first temporary public key, a first authentication factor, and a first authentication hash value between the user equipment and the ground station. The first authentication hash value is calculated based at least on the user registration information and the ground identity.
[0037] The first access response message includes at least a second authentication factor, a second timestamp, a valid timestamp, a satellite identity associated with the satellite and a second temporary public key, a third temporary public key associated with the ground station in the ground authentication information, and a fourth timestamp used to characterize the sending of the first access response message; wherein the ground authentication information, the second timestamp, and the valid timestamp are obtained by the satellite from the ground station, the second authentication factor is generated at least based on the third authentication factor associated with the ground station in the ground authentication information, and the valid timestamp is used to characterize the timestamp that allows access to the ground station.
[0038] In some embodiments, verifying that the first access response message is valid includes:
[0039] When it is verified that both the fourth timestamp and the valid timestamp are valid, the authentication hash value and authentication hash factor associated with the ground station are calculated, as well as the authentication hash value and authentication hash factor associated with the satellite are calculated.
[0040] If the fifth verification value, calculated based on the authentication hash value and authentication hash factor associated with the ground station and the authentication hash value and authentication hash factor associated with the satellite, is equal to the sixth verification value calculated based on the second authentication factor, then the first access response message is verified to be valid.
[0041] In some embodiments, the method further includes:
[0042] The system receives a second domain key update message from the satellite. The second domain key update message includes at least a first domain key update message, a sixth timestamp indicating when the satellite sent the second domain key update message, a new temporary public key associated with the satellite, and a new authentication factor. The first domain key update message is sent by the NCC to the satellite and includes at least: a fifth timestamp representing when the NCC sent the first domain key update message, a domain key update signature, the NCC identity associated with the NCC, and a fourth temporary public key. The domain key update signature is generated by the NCC based on a new shared domain key and a secret reconstruction value, where the secret reconstruction value is calculated based on the CRT.
[0043] When the second domain key update message is verified to be valid, the new shared domain key is determined based on the domain key update signature.
[0044] Thirdly, an access authentication method is provided for use at a ground station, the method comprising:
[0045] The satellite receives a second access response message from the satellite via a first secure channel; wherein the first secure channel is a secure channel shared by the satellite and the ground station; and the second access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request sent by the user equipment.
[0046] Once the second access response message is verified to be valid, a first session key is calculated based on at least the second access response message; wherein the first session key is used to construct a second secure channel shared by the ground station and the user equipment.
[0047] In some embodiments, before receiving the second access response message sent by the satellite from the first secure channel, the method further includes:
[0048] Receive a pre-negotiation request sent by the satellite; wherein the pre-negotiation request includes the satellite authentication information of the satellite, and a first timestamp used to characterize when the satellite generated the pre-negotiation request;
[0049] If the satellite is found to be legitimate based on the satellite authentication information and the first timestamp, a pre-negotiation request response is sent to the satellite; wherein the pre-negotiation request response includes the ground authentication information of the ground station, a second timestamp indicating that the ground station generated the pre-negotiation request response, and a valid timestamp indicating that access to the ground station is permitted.
[0050] In some embodiments, the method further includes:
[0051] The system receives a second domain key update message from the satellite. The second domain key update message includes at least a first domain key update message, a sixth timestamp indicating when the satellite sent the second domain key update message, a new temporary public key associated with the satellite, and a new authentication factor. The first domain key update message is sent to the satellite by the Network Control Center (NCC) and includes at least: a fifth timestamp representing when the NCC sent the first domain key update message, a domain key update signature, the NCC identity associated with the NCC, and a fourth temporary public key. The domain key update signature is generated by the NCC based on a new shared domain key and a secret reconstruction value, and the secret reconstruction value is calculated based on the Chinese Remainder Theorem (CRT).
[0052] When the second domain key update message is verified to be valid, the new shared domain key is determined based on the domain key update signature.
[0053] Fourthly, a satellite is provided, comprising:
[0054] The receiving module is used to receive an access authentication request from a user equipment; wherein the access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station.
[0055] The sending module is configured to send a first access response message to the user equipment after the verification module verifies the legitimacy of the user equipment based on the access authentication request, and to send a second access response message to the ground station based on a first secure channel; wherein the first access response message and the second access response message are used by the user equipment and the ground station to generate a first session key, the first session key being used to construct a second secure channel shared by the ground station and the user equipment; the first secure channel is a secure channel shared by the satellite and the ground station.
[0056] Fifthly, a user equipment is provided, comprising:
[0057] The sending module is used to send an access authentication request to the satellite; wherein, the access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station;
[0058] A receiving module is configured to receive a first access response message from the satellite; wherein the first access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request;
[0059] The session key calculation module is used to calculate a first session key based on at least the first access response message after verifying that the first access response message is valid; wherein the first session key is used to construct a second secure channel shared by the ground station and the user equipment.
[0060] Sixthly, a ground station is provided, comprising:
[0061] The receiving module is configured to receive a second access response message sent by the satellite from a first secure channel; wherein the first secure channel is a secure channel shared by the satellite and the ground station; and the second access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request sent by the user equipment.
[0062] The session key calculation module is used to calculate a first session key based on at least the second access response message after verifying that the second access response message is valid; wherein the first session key is used to construct a second secure channel shared by the ground station and the user equipment.
[0063] Seventhly, an access authentication system is provided, including satellite, user equipment, and ground station;
[0064] The satellite is used to perform the method as described in any one of the first aspects;
[0065] The user equipment is used to perform the method as described in any one of the second aspects;
[0066] The ground station is used to perform the method as described in any one of the third aspects.
[0067] Eighthly, a communication device is provided, comprising:
[0068] A memory for storing computer programs; a processor for executing the computer programs stored in the memory to implement the method steps described in any one of the first aspects.
[0069] Ninth aspect, a computer-readable storage medium is provided, wherein a computer program is stored therein, and when executed by a processor, the computer program implements the method steps described in any one of the first aspects.
[0070] In this embodiment of the application, the beneficial effects during the entire process of user equipment accessing the ground station via satellite are as follows:
[0071] When the satellite receives an access authentication request from a user equipment (UE), it first verifies the UE's legitimacy based on the request. If the UE is verified as legitimate, it simultaneously sends a first access response message and a second access response message to the ground station via a first secure channel. Compared to existing technologies, this eliminates the need for one-to-one authentication via a unidirectional path and enables three-way mutual authentication between the UE, the satellite, and the ground station, improving the overall efficiency of the access authentication process. Secondly, the first secure channel is shared by the satellite and the ground station to ensure the security of the second access response message during transmission. The first and second access response messages are used by the UE and the ground station to generate a first session key. This first session key is used to construct a second secure channel shared by the ground station and the UE, ensuring that data interaction between the ground station and the UE is not tampered with or detected by the satellite, thus guaranteeing the security of the entire access authentication process.
[0072] For the various aspects from the second to the eighth aspects mentioned above, and the technical effects that each aspect may achieve, please refer to the above description of the technical effects that can be achieved for the first aspect or the various possible solutions in the first aspect, which will not be repeated here. Attached Figure Description
[0073] Figure 1 An exemplary diagram illustrates an application scenario applicable to the embodiments of this application;
[0074] Figure 2 An exemplary illustration shows a signaling interaction diagram of an NCC registering a user equipment, provided in an embodiment of this application.
[0075] Figure 3 An exemplary illustration shows a signaling interaction diagram of NCC during satellite registration, provided in an embodiment of this application.
[0076] Figure 4 An exemplary illustration shows a signaling interaction diagram of an NCC registering a ground station, provided in an embodiment of this application.
[0077] Figure 5 An exemplary diagram illustrates a signaling interaction diagram for establishing a secure channel between a satellite and a ground station, provided in an embodiment of this application.
[0078] Figure 6 An exemplary flowchart illustrates an access authentication method on the satellite side provided in an embodiment of this application;
[0079] Figure 7 An exemplary flowchart illustrates an access authentication method on the user equipment side provided in an embodiment of this application;
[0080] Figure 8An exemplary flowchart illustrates an access authentication method on the ground station side provided in an embodiment of this application;
[0081] Figure 9 An exemplary diagram illustrating the signaling interaction of a complete access authentication method provided in an embodiment of this application is shown.
[0082] Figure 10 An exemplary schematic diagram of a satellite structure provided in an embodiment of this application is shown;
[0083] Figure 11 An exemplary schematic diagram of a user equipment provided in an embodiment of this application is shown;
[0084] Figure 12 An exemplary schematic diagram of a ground station provided in an embodiment of this application is shown;
[0085] Figure 13 An exemplary schematic diagram of a communication device provided in an embodiment of this application is shown. Detailed Implementation
[0086] To make the objectives, technical solutions, and advantages of this application clearer, the technical solutions in the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not all of them. Based on the embodiments of this application, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this application. Unless otherwise specified, the embodiments and features in the embodiments of this application can be arbitrarily combined with each other. Furthermore, although a logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than that shown here.
[0087] The terms "first" and "second" in the specification, claims, and accompanying drawings of this application are used to distinguish different objects, not to describe a specific order. Furthermore, the term "comprising" and any variations thereof are intended to cover non-exclusive protection. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the listed steps or units, but may optionally include steps or units not listed, or may optionally include other steps or units inherent to these processes, methods, products, or devices. The term "multiple" in this application can mean at least two, for example, two, three, or more, and the embodiments of this application do not impose limitations.
[0088] The following description, in conjunction with the accompanying drawings, illustrates exemplary embodiments of this application, including various details to aid understanding. These embodiments should be considered merely exemplary. Therefore, those skilled in the art should recognize that various changes and modifications can be made to the embodiments described herein without departing from the scope of this application. Similarly, for clarity and brevity, descriptions of well-known functions and structures are omitted in the following description. It should be noted that in the embodiments of this application, certain existing industry solutions such as software, components, and models may be mentioned. These should be considered exemplary, intended only to illustrate the feasibility of implementing the technical solutions of this application, and do not imply that the applicant has already used or necessarily used such solutions.
[0089] To better understand the embodiments of this application, the technical terms involved in the embodiments of this application will be explained below.
[0090] (1) Elliptic curve E p (a,b): Elliptic curve E p (a,b) represents the finite prime field F. p Above, from equation y 2 =x 3 +ax+b defines a class of curves, which are used in elliptic curve cryptography (ECC). These elliptic curves provide a high level of security while using a smaller key length compared to other key types.
[0091] (2) The Chinese Remainder Theorem (CRT) is a number theory theorem, also known as the modulo theorem. In this application embodiment, CRT can be used to select a set of coprime secret values for the distribution and updating of the domain key.
[0092] (3) Biometric feature fuzzy extraction functions Gen(·) / Rep(·): Gen(·) is the biometric key probability generation function, used to input biometric features and output biometric key and public auxiliary string; Rep(·) is the biometric key reconstruction function, used to re-input biometric features and public auxiliary string and output biometric key. When the error between the re-input biometric features and the original biometric features is less than a threshold, it can output a biometric key that is the same as the original biometric key.
[0093] (4) User Equipment (UE) is a device that can provide voice and / or data connectivity to users, including: handheld terminal devices with wireless connectivity, vehicle-mounted terminal devices, etc. For example, terminals include, but are not limited to: mobile phones, tablets, laptops, PDAs, mobile internet devices (MIDs), wearable devices, virtual reality (VR) devices, augmented reality (AR) devices, wireless terminal devices in industrial control, wireless terminal devices in autonomous driving, wireless terminal devices in smart grids, wireless terminal devices in transportation safety, wireless terminal devices in smart cities, or wireless terminal devices in smart homes, etc.
[0094] (5) A domain key is a key shared within a specific range of nodes. In this application embodiment, the domain key is used to ensure that each node can be dynamically added and removed.
[0095] The following is a brief introduction to the application scenarios to which the technical solutions of the embodiments of this application are applicable. It should be noted that the application scenarios described below are only for illustrating the embodiments of this application and are not intended to limit the scope. In specific implementation, the technical solutions provided by the embodiments of this application can be flexibly applied according to actual needs.
[0096] Figure 1 The illustration shows an application scenario applicable to the embodiments of this application. Figure 1 As shown, this scenario includes user equipment 101, satellite 102, and ground station (GS) 103, all connected to the network control center (NCC) 100. It should be noted that in real-world applications, the number of user equipment, satellites, and ground stations can be greater. Figure 1 The relevant description will be based solely on user equipment 101, satellite 102, and ground station 103.
[0097] As a trusted manager in the integrated space-ground network, NCC 100 can undertake the operation, maintenance, control, and management of the network. For example, NCC 100 can be responsible for key tasks such as generating system key parameters, public system parameters, key updates, and management. It can also register user equipment 101, satellite 102, and ground station 103, thereby assigning them corresponding key parameters and other information to provide the basis for secure authentication of each node in the integrated space-ground network.
[0098] User equipment 101 has the ability to establish communication and bandwidth channels with satellite 102, and can request access to ground station 103 through satellite 102 to obtain corresponding services (such as ground bandwidth, entertainment and augmented reality).
[0099] Satellite 102 can establish a connection between user equipment 101 and ground station 102 via a space segment access point operating in a predetermined satellite orbit through a satellite-to-ground link.
[0100] Ground station 103, as a node providing terrestrial network services to users, can provide broadband, communication, augmented reality (AR) and other services to users through the satellite-to-ground link.
[0101] In some embodiments, during the initialization phase, the NCC 100 is responsible for creating and allocating the necessary key parameters and configurations to ensure the foundation for secure authentication of each node in the integrated space-ground network. Specifically, this may include the following processes:
[0102] First, an elliptic cryptography algorithm is used to select the secure elliptic curve for the system. For example, E p (a,b):y 2 =x 3 +ax+bmod p; where a,b∈F p (F p (representing the range of private keys), and 4a 3 +27b 2 mod P≠0, where P is based on E p (a,b) represents a chosen base point for generating the public and private keys, and the selection of a secure hash function h(·) and a biometric fuzzy extraction function (Gen(·)\Rep(·)).
[0103] Then, based on the Chinese Remainder Theorem (CRT), n coprime secret values CRTS = {x1, x2, x3, ..., x n}; where x i ∈F q Given q≥4p, the secret reconstruction value is calculated based on these n coprime secret values. This secret reconstruction value satisfies the following expression:
[0104]
[0105] in, var i =xm i ×ym i , xm i ×ym i ≡1modx i ; var represents the product of n coprime secret values. i The share coefficient representing the i-th coprime secret value, ym i ,xm i An auxiliary modulus representing the i-th coprime secret value.
[0106] Secondly, in F p Randomly select a system private key (s) ncc ), and based on this s ncc Calculate the system public key (e.g., PK) of the NCC100. ncc =s ncc ·P); in F p Select a satellite private key (s) for satellite 102. sat ), and based on this s sat Calculate the satellite public key (e.g., PK) for satellite 102. sat =s sat ·P); in F p In the middle, select a ground private key (s) for ground station 103. gs ), and based on this s gs Calculate the ground public key (e.g., PK) of ground station 103. gs =s gs ·P); in F p In the middle, select a user private key (s) for user equipment 101. u ), and based on this s u Calculate the user public key (e.g., PK) of user equipment 101. u =s u ·P).
[0107] Then, an initial shared domain key (k) is set for sharing by the user equipment 102 and the ground station 103. d And securely store the above parameters. And publish the system's public parameters pubparams = {ID} ncc E p (a,b),P,PK ncc PK sat PK gs PK u ,h}.
[0108] In this embodiment of the application, k d As a domain key shared by all legitimate and authorized nodes within the system, it prevents unauthorized nodes from obtaining false identities and prevents unauthorized nodes from verifying the validity of user equipment access authentication requests. Furthermore, k d It can also be used to verify whether a node is currently valid. Invalid nodes will have their validity revoked by the NCC and will not be able to obtain the updated k. d.
[0109] In other embodiments, in order to ensure k d It ensures the freshness, validity, and completeness of domain keys, and can also generate and update domain keys in real time, specifically including the following processes:
[0110] Assuming the legality of the user equipment (U1), satellite (L2), and ground station (GS3) is revoked by the NCC, and the user equipment (U1) n+1 ), satellite (L n+2 ), and ground stations (GS) n+3 (The example shown is a newly registered node.)
[0111] First, regarding the newly registered node U n+1 L n+2 GS n+3 The NCC randomly selects coprime secret values {x1,x2,x3,…,x}. n coprime x n+1 x n+2 x n+3 , where x n+1 x n+2 x n+3 They are also coprime.
[0112] Secondly, NCC calculation xm i ×ym i ≡1 modx i var i =xm i ×ym i ;where,i=n+1,n+2,n+3, var represents the product of coprime secret values. i The share coefficient representing the i-th coprime secret value, ym i ,xm i An auxiliary modulus representing the i-th coprime secret value.
[0113] Then, the NCC calculates the new secret reconstruction value (e.g., μ' = μ' + var). n+1 +var n+2 +var n+3 ).
[0114] Furthermore, for the revoked nodes U1, L2, and GS3, the NCC obtains the secret share coefficients var1, var2, and var3 calculated for U1, L2, and GS3 during the registration phase, and then calculates the secret reconstruction value μ' = μ' - var1 - var2 - var3;
[0115] Finally, the NCC in F pRandomly select an NCC temporary private key (r) ncc ), and based on that r ncc Calculate the NCC's temporary public key (e.g., P). ncc =r ncc •P), new shared domain key (e.g., And based on the new shared domain key and the secret reconstructed value, a domain key update signature is generated (e.g., (This is for subsequent distribution and use.)
[0116] In this embodiment, a dynamic key management mechanism based on CRT is introduced, which enables the shared domain key to be updated in real time when nodes are dynamically added and removed, thus ensuring the flexibility and security of the integrated space-ground network.
[0117] In some embodiments, during the registration phase, NCC100 can register user equipment 101, satellite 102, and ground station 103 separately, thereby facilitating the deployment of each node in the space-air integrated network. The following example illustrates this. Figure 2 , Figure 3 , Figure 4 Each will be explained separately.
[0118] Figure 2 An exemplary illustration is shown in the signaling interaction diagram of an NCC registering a user equipment, provided in an embodiment of this application.
[0119] 201: User equipment sends a message to the NCC carrying the user identifier (ID) i ) and ground station identification (ID) k User registration request.
[0120] In this step, the user equipment can be Figure 1 The user equipment 101 and NCC shown can be Figure 1 The NCC100 shown indicates that the user registration request is used to instruct the NCC based on this ID. i and ID k Register user equipment.
[0121] 202: After receiving the above user registration request, the NCC randomly assigns n1 pseudo-identities to the user equipment to form a pseudo-identity group.
[0122] In other embodiments, the NCC may also search the database based on the user identifier to determine whether the user equipment has been registered before. If not, the 202 procedure is executed; if so, other operations may be performed based on the user equipment's historical registration records.
[0123] 203: NCC calculates the authentication hash value (d) for each pseudo-identity. i,m), certification factor (s i,m ), and the authentication hash value between each pseudo-identity and the ground station (a i,m And randomly select an unused user coprime secret value (x) from CRTS. i ), calculate the authentication hash factor (rc) of the user equipment. i ).
[0124] In some embodiments, the d i,m s i,m a i,m rc i They respectively satisfy the following expressions:
[0125] d i,m =h(PID) i,m ID ncc PK u );
[0126] s i,m =s u +d i,m s ncc ;
[0127] a i,m =h(PID) i,m ,a u-k PK u ), a u-k =h(ID) k ,s k ,P K u);
[0128]
[0129] Among them, the ID ncc As the identifier for the NCC, a u-k This represents the secret hash value between the ground station and the user equipment calculated by the NCC. The meanings of other parameters can be found in the previous text and will not be repeated here.
[0130] 204: NCC stores user identifiers and pseudo-identity groups ({ID) i ,PIDS i}), and send a user registration response message to the user equipment.
[0131] In this step, the user registration response message may include at least the following: (This can be collectively referred to as the user registration information for this user device)
[0132] 205: After receiving the above user registration response message, the user equipment performs a valid verification of the user registration response message. If the user registration response message is found to be valid, the corresponding user login operation is executed.
[0133] In some embodiments, the satellite registration response message is verified to be valid when the following equation is satisfied.
[0134]
[0135] in, The authentication hash factor d' is the one parsed from the user equipment. i,m =h(PID) i,m ID ncc PK u ), for each pseudo-identity PID i,m ∈PIDS i The parsed authentication hash value.
[0136] In some embodiments, performing a user login operation may include the following procedures:
[0137] In response to the user registration interface requiring the user to enter a login password (PW) i ) and biological characteristics (BIO) i User operations, calculating biometric keys and biometric key public strings (e.g., (σ) i ,v i = Gen(BIO) i )), password biometric verification factor (e.g., RPW) i =h(PW i ,σ i )), User mutual element secret value derived value (e.g., ), user shared domain key derived value (e.g., ), user login verification code (e.g., ver) i =h(DX) i DK i ,x i ,k d )); and for each pseudo-identity PID im ∈PIDS i False derived values (e.g., ), login authentication factors (e.g., ), login authentication hash value (e.g., ), fake user login verification code (e.g., ver i,m =h(DPID) i,m DS i,m ,DA i,m ,PID i,m ,x i ,s i,m ,a i,m ,vi )), σ i For biometric keys, RPW i This is a biometric verification factor for the password. Finally, the parameters are... Stored within the device for later use.
[0138] In this embodiment of the application, the above-mentioned Figure 2 The user equipment registration process shown employs elliptic curve cryptography and combines biometrics and pseudo-identity dual verification methods, which greatly enhances the security and privacy of user equipment in the integrated space-ground network. Furthermore, through innovations in key management and user verification methods, the security of device login, data transmission, and node authentication in the integrated space-ground network is ensured.
[0139] Figure 3 An exemplary diagram illustrating the signaling interaction during NCC satellite registration provided in this application is shown.
[0140] 301: The satellite sends a satellite identifier (ID) to the NCC. j ( ) satellite registration request.
[0141] In this step, the satellite can be Figure 1 Satellite 102 shown, NCC could be Figure 1 The NCC100 shown is used to instruct the NCC to register satellites based on this ID. j Register the satellite.
[0142] In other embodiments, the NCC may also search the database based on the satellite identifier to determine whether the satellite has been registered before. If not, the 302 procedure is executed; if so, other operations may be performed based on the satellite's historical registration records.
[0143] 302: After receiving the satellite registration request, the NCC calculates the satellite's authentication hash value (d). j ), certification factor (s j ), and randomly select an unused satellite coprime secret value (x) from CRTS. j ), calculate the satellite's authentication hash factor (rc) j ).
[0144] In some embodiments, the d j s j rc j They respectively satisfy the following expressions:
[0145] d j =h(ID) j ID ncc PK sat );
[0146] s j =s sat +d j ·s ncc ;
[0147] rc j =h(pubparams,k d ,s j ,x j )…….(3)
[0148] It should be noted that the meaning of the above parameters can be found in the previous text, and will not be repeated here.
[0149] 303: The NCC sends a message to the satellite carrying {pubparams,k} d ,s j ,x j ,rc j The satellite registration response message.
[0150] 304: After receiving the above satellite registration response message, the satellite performs a valid verification of the satellite registration response message. If the verification shows that the satellite registration response message is valid, then it stores {pubparams,k d ,s j ,x j ,rc j}
[0151] In some embodiments, the satellite registration response message is verified to be valid when the following equation is satisfied.
[0152] s j ·P = PK sat +d j '·PK ncc , and rc j '=rc j ……(4)
[0153] Where, d j '=h(ID j ID ncc PK sat ) represents the authentication hash value parsed from the satellite, rc j =h(pubparams,k d ,s j ,x j ), which is the authentication hash factor resolved from the satellite.
[0154] Figure 4 An exemplary diagram illustrates a signaling interaction diagram of an NCC registering a ground station, as provided in this application.
[0155] 401: The ground station sends a message to the NCC carrying the ground station identifier (ID). k ) ground station registration request.
[0156] In this step, the ground station can be Figure 1 The ground station 103 shown can be an NCC. Figure 1 The NCC100 shown is a ground station registration request used to instruct the NCC to register the ground station based on the ground station identifier.
[0157] 402: After receiving the ground station registration request, the NCC calculates the authentication hash value (d) of the ground station. k ), certification factor (s k ), and randomly select an unused ground station coprime secret value (x) from CRTS. k ), calculate the authentication hash factor (rc) of the ground station. k ).
[0158] In some embodiments, the d k s k rc k They respectively satisfy the following expressions:
[0159] d k =h(ID) k ID ncc PK gs );
[0160] s k =s gs +d k ·s ncc ;
[0161] rc k =h(pubparams,k d ,s k ,x k )…….(5)
[0162] In other embodiments, the NCC may also search the database based on the ground station identifier to determine whether the ground station has been registered before. If not, the 402 error is executed; if so, other operations can be performed based on the ground station's historical registration records.
[0163] 403: The NCC sends a message to the ground station carrying {pubparams,k} d ,s k ,x k ,rc k The ground registration response message.
[0164] 404: After receiving the above ground registration response message, the ground station performs a valid verification on the message. If the message is found to be valid, it stores {pubparams,k d ,s k ,x k ,rc k}
[0165] In some embodiments, the ground registration response message is verified to be valid when the following equation is satisfied.
[0166] s k ·P = PK gs +d' k ·PK ncc , and rc' k =rc k ……(6)
[0167] Among them, d' k =h(ID) k ID ncc PK gs ) represents the authentication hash value parsed from the ground station, rc' k =h(pubparams,k d ,s k ,x k ), which is the authentication hash factor parsed from the ground station.
[0168] During the registration phase described above, when the NCC registers user equipment, satellites, and ground stations separately, it can conduct registration interactions through a secure channel, thereby avoiding malicious attacks.
[0169] In other embodiments, based on the above... Figure 1 In the scenario shown, when the signal from satellite 102 covers ground station 103, a secure channel between the satellite and ground station can be established before user equipment 101 requests access to ground station 103, thereby reducing authentication overhead and latency when the user accesses the ground station. For example... Figure 5 As shown, an exemplary signaling interaction diagram for establishing a secure channel between a satellite and a ground station is illustrated in an embodiment of this application. The process includes the following steps:
[0170] 501: Satellite in F p Randomly select a satellite temporary private key (r) j Based on this r j Compute the satellite's temporary public key (R j ), authentication hash factor (d1), authentication factor (a1), and send to the ground station carrying {ID j ,R jThe pre-negotiation request for ,a1,t1}.
[0171] In some embodiments, the R j d1 and a1 respectively satisfy the following expressions:
[0172] R j =r j ·P;
[0173] d1 = h(ID) j ID k PK ncc PK sat ,R j ,k d ,t1);
[0174] a1 = s j +d1r j …(7)
[0175] Where t1 represents the first timestamp when the satellite generated the pre-negotiation request; s j This represents the certification factor obtained from the NCC during the satellite registration process; the meanings of other parameters can be found in the previous text and will not be repeated here.
[0176] 502: After receiving the above pre-negotiation request, the ground station can perform a valid verification of the pre-negotiation request. If the verification shows that the pre-negotiation request is valid, it will send a pre-negotiation request response to the satellite.
[0177] In some embodiments, validating the pre-negotiation request may include the following process:
[0178] When the first timestamp is verified to be valid, check whether the equation a1·P=PK is satisfied. sat +d j '·PK ncc +d'1·R j If yes, it indicates that the satellite is a legitimate node and is not a node revoked by the NCC (this can be confirmed through the initial shared domain key). If no, it indicates that the satellite is an unauthorized node or that the content in the pre-negotiation request was tampered with during the satellite-to-ground link transmission, and subsequent operations will be terminated.
[0179] In some implementations, d j '、d'1 can satisfy the following expression:
[0180] d j '=h(ID j ID ncc PK sat ), d'1 = h(ID) j ID k PK nccPK sat ,R j ,k d ,t1)….(8)
[0181] Where, d j ' represents the authentication hash value calculated by the ground station for the satellite, d'1 represents the authentication hash factor calculated by the ground station for the satellite, and the meanings of other parameters can be found in the previous text, which will not be repeated here.
[0182] In other embodiments, determining whether the first timestamp is valid can be done by: if the difference between the first timestamp and the current timestamp is less than or equal to an acceptable time difference range, then the first timestamp is considered active and valid; otherwise, the first timestamp is considered invalid and subsequent access authentication is terminated.
[0183] In some embodiments, sending a pre-negotiation request response to a satellite may include the following process:
[0184] Ground station F p Randomly select a temporary ground private key (r) k ), and based on that r k Calculate the temporary public key (R) of the ground station k The authentication hash factor (d2), authentication factor (a2), and the session key shared between the ground station and the satellite are also included. k-j Then send a message to the satellite containing at least {ID} k ,R k ,a2,t exp The pre-negotiation request response for t2}.
[0185] In some embodiments, the R k d2, a2, Key k-j They respectively satisfy the following expressions:
[0186] R k =r k ·P;
[0187] d2 = h(ID) j ID k PK ncc PK gs ,R k ,R j ,k d ,t exp ,t2);
[0188] a2=s k +d2r k ;
[0189] Key k-j=h(ID) j ID k PK sat PK gs ,r k ·R j ,k d ,t1,t2)….(9)
[0190] Where t2 represents the second timestamp of the ground station generating the pre-negotiation request response; s k The certification factor representing the ground station's acquisition from the NCC during the registration phase; t exp The valid timestamp that represents the allowed access to the ground station, i.e., the ground station is only authorized to access the ground station within t. exp The satellite is currently authorized to perform two-way authentication with future user equipment via a2. k-j This is used to establish a secure channel shared between the ground station and the satellite (i.e., the first secure channel below); the meanings of other parameters can be found in the previous description and will not be repeated here.
[0191] 503: After receiving the aforementioned pre-negotiation request response, the satellite verifies its validity. If the pre-negotiation request response is found to be valid, the satellite calculates the shared session key between the satellite and the ground. j-k ).
[0192] In some embodiments, validating the pre-negotiation request response may include the following process:
[0193] When both the second timestamp and the valid timestamp are verified to be valid, check whether the equation a2·P=PK is satisfied. gs +d' k ·PK ncc +d'2·R k If yes, it indicates that the ground station is a legitimate node and has not been revoked by the NCC; if no, it indicates that the ground station is an unauthorized node or that the pre-negotiation request response was tampered with during the satellite-to-ground link transmission, terminating subsequent operations.
[0194] In some implementations, d' k d'2 can satisfy the following expression:
[0195] d' k =h(ID) k ID ncc PK gs );
[0196] d'2=h(ID j ID k PK ncc PK gs ,R k,R j ,k d ,t exp ,t1);
[0197] Key j-k =h(ID) j ID k PK sat PK gs ,r j ·R k ,k d ,t1,t2)....(10)
[0198] Among them, d' k d'2 represents the authentication hash value calculated by the satellite with respect to the ground station; d'2 represents the authentication hash factor calculated by the satellite with respect to the ground station; Key j-k The key represents the session key shared with the ground station, calculated by the satellite. j-k With Key k-j This is used to establish a secure channel shared between the ground station and the satellite (i.e., the first secure channel below). The meanings of other parameters can be found in the previous text and will not be repeated here.
[0199] In other embodiments, determining whether the second timestamp is valid can be done by: if the difference between the second timestamp and the current timestamp is less than or equal to an acceptable time difference range, then the second timestamp is considered active and valid; otherwise, the second timestamp is considered invalid, and subsequent access authentication is terminated. It is then determined whether the valid timestamp can determine whether the current timestamp is before the valid timestamp.
[0200] In this embodiment, the pre-negotiation mechanism between the satellite and the ground station allows the ground station and the satellite to complete mutual authentication and session key negotiation before the user equipment actually accesses the network. Based on the negotiated session key, a corresponding secure channel is established for secure data interaction between the satellite and the ground station. Compared with the one-way authentication path of the prior art, this not only reduces the authentication burden when the user equipment accesses the network, but also significantly reduces the time delay of the access authentication process.
[0201] In this embodiment of the application, based on the above... Figure 1 In the scenario shown, when a user requests access to a ground station via satellite and obtains corresponding services, a domain negotiation mechanism is proposed. The satellite and the ground station pre-authenticate each other, negotiate a shared session key, establish a corresponding secure channel, and exchange an authentication parameter with a valid timestamp. This ensures the security of the entire access process, effectively integrates and simplifies the access authentication steps, and also reduces authentication overhead and latency.
[0202] To further illustrate the technical solutions provided in the embodiments of this application, a detailed description is provided below in conjunction with the accompanying drawings and specific implementation methods. Although the embodiments of this application provide method operation steps as shown in the following embodiments or drawings, the method may include more or fewer operation steps based on conventional or non-inventive methods. In steps where there is no logically necessary causal relationship, the execution order of these steps is not limited to the execution order provided in the embodiments of this application. In actual processing or when the device executes the method, it may be executed in the order shown in the embodiments or drawings, or in combination.
[0203] Figure 6 A flowchart illustrating an access authentication method on the satellite side provided in an embodiment of this application is shown as an example. This process can be performed by... Figure 1 The satellite 102 shown is designed to improve the efficiency of the entire access authentication process while ensuring its security. Figure 6 As shown, the process includes the following steps:
[0204] 601: Received an access authentication request from a user equipment, which includes the user equipment's user authentication information and the user equipment's ground identity requesting access to the ground station.
[0205] In this step, ground identity can refer to the ground station identifier (ID) mentioned earlier. k ).
[0206] In some embodiments, the user authentication information is generated by the user equipment based on user registration information provided by the NCC and publicly available system parameters. This user authentication information includes at least a third timestamp (t3) representing the time the user equipment generates the access authentication request, and a temporary identity (TID) associated with the user equipment. i ), first temporary public key (R) i The first authentication factor (a3) and the first authentication hash value (a) between the user equipment and the ground station. i-k The first authentication hash value is calculated based at least on the user's registration information and ground identity.
[0207] In some embodiments, the TID calculated by the user equipment i R i a i-k a3 and a3 satisfy the following expressions respectively:
[0208]
[0209] R i =r i ·P,r i ∈F p ;
[0210] a i-k =h(PID) i,m ID j ID k ,R i ,a i,m ,t3);
[0211] a3 = s i,m +d3r i ;
[0212] d3 = h(PID) i,m ID j ID k PK ncc PK sat PK gs ,R i ,a i-k ,k d ,t3)…..(11)
[0213] Wherein, d3 is the authentication hash factor calculated by the user equipment during the access authentication process. The meanings of other parameters can be found in the previous description and will not be repeated here.
[0214] In this embodiment, the user equipment uses a strategy that combines pseudo-identity and shared domain key to enhance the anonymity and privacy protection of the user equipment. This mechanism not only prevents the leakage of the user's real identity, but also ensures that the access authentication request sent by the user equipment is not stolen by unauthorized nodes.
[0215] In some embodiments, before receiving an access authentication request from a user equipment, the method further includes: sending a pre-negotiation request to a ground station; wherein the pre-negotiation request includes satellite authentication information of the satellite (e.g., the aforementioned...). Figure 5 ID in j ,R j The system receives a pre-negotiation request response from the ground station, and a first timestamp used to characterize when the satellite generates the pre-negotiation request. The pre-negotiation request response is sent by the ground station after verifying the satellite's legitimacy based on the satellite authentication information and the first timestamp (t1). The pre-negotiation request response includes the ground station's ground authentication information (e.g., the aforementioned...). Figure 5 ID in k ,R k a2), a second timestamp (t2) used to characterize the ground station's generation of the pre-negotiation request response, and a valid timestamp (t) used to characterize the permission granted to access the ground station. exp Once the ground station is verified as legitimate based on ground authentication information, the second timestamp, and the valid timestamp, at least based on the ground authentication information, the second timestamp, and the information from the NCC (such as...) Figure 1The shared domain key obtained from the NCC100 (as shown above) (i.e., the initial shared domain key mentioned above) is used to generate the second session key (i.e., the Key mentioned above). j-k With Key k-j The shared domain key is generated using CRT, and the second session key is used to establish a first secure channel shared by the satellite and the ground station. This allows the satellite and ground station to pre-authenticate each other before user equipment access, reducing authentication overhead and latency during user equipment access. The specific interaction process can be found in [reference needed]. Figure 5 This will not be described again here.
[0216] In other embodiments, before receiving an access authentication request from a user equipment, the satellite may first register with the NCC to enable subsequent access authentication with the user equipment and ground station without the NCC's involvement. The specific registration process can be referred to the above. Figure 2 The relevant descriptions will not be repeated here.
[0217] 602: After verifying the legitimacy of the user equipment based on the above access authentication request, a first access response message is sent to the user equipment, and a second access response message is sent to the ground station based on the first security channel.
[0218] In this step, the first access response message and the second access response message are used by the user equipment and the ground station to generate a first session key, and the first session key is used to build a second secure channel shared by the ground station and the user equipment.
[0219] In some embodiments, verifying the legitimacy of a user equipment based on an access authentication request may include the following process:
[0220] First, when the third timestamp is verified to be valid, the pseudo identity of the user equipment is calculated based on at least the temporary identity, the third timestamp, and the shared domain key;
[0221] Furthermore, satellite-computed pseudo-identities (PIDs) i,m It can satisfy the following expression:
[0222] PID i,m =TID i ⊕h(ID j ,k d ,t3)…(12)
[0223] In other embodiments, determining whether the third timestamp is valid can be done by considering that if the difference between the third timestamp and the current timestamp is less than or equal to an acceptable time difference range, then the third timestamp is considered active and thus valid.
[0224] Secondly, at least the second authentication hash value of the user equipment is calculated based on the pseudo-identity;
[0225] Furthermore, the satellite calculates a second authentication hash value (d') associated with the user equipment. i,m It can satisfy the following expression:
[0226] d' i,m =h(PID') i,m ID ncc PK u (13)
[0227] Then, based at least on the pseudo-identity, ground identity, third-party timestamp, shared domain key, system public parameters, the first authentication hash factor of the user equipment is calculated;
[0228] Furthermore, the first authentication hash factor (d'3) calculated by the satellite and associated with the user equipment satisfies the following expression:
[0229] d'3=h(PID' i,m ID j ID k PK ncc PK sat PK gs ,R i ,k d ,t3)…..(14)
[0230] Finally, if the first verification value calculated based on the second authentication hash value and the first authentication hash factor is equal to the second verification value calculated based on the first authentication factor, then the user device is verified as legitimate.
[0231] Furthermore, if a3·P = PK u +d' i,m ·PK ncc +d'3·R i If true, the user equipment is verified as legitimate. Here, the calculation result of a3·P represents the first verification value, and PK... u +d' i,m ·PK ncc +d'3·R i The calculation result represents the second verification value.
[0232] In some embodiments, the first access response message includes at least a second authentication factor (a4), a second timestamp (t2), and a valid timestamp (t). exp Satellite-related identity (i.e., the ID mentioned above) j ) and the second temporary public key (i.e., R mentioned above) k The third temporary public key (R) associated with the ground station in the ground authentication information. k), and a fourth timestamp used to characterize the simultaneous sending of the first access response message and the second access response message; wherein, the second authentication factor is generated at least based on the third authentication factor related to the ground station in the ground authentication information (i.e., a2 negotiated in the pre-negotiation mechanism above).
[0233] Furthermore, the second authentication factor (a4) satisfies the following expression:
[0234] a4 = a2 + s j +d4r j ;
[0235] d4 = h(PID') i,m ID j ID k PK ncc PK sat PK gs ,R k ,R j ,k d ,t4)….(15)
[0236] Among them, d4 represents the authentication hash factor calculated by the satellite for the user equipment during the transmission of the first access response message. The meanings of other parameters can be referred to the previous description and will not be repeated here.
[0237] In some embodiments, the second access response message includes at least a fourth authentication factor (a5) and a pseudo-identity (i.e., the PID mentioned above). i,m ), the first temporary public key (i.e., R mentioned above) i The fourth authentication factor is generated based on the first authentication hash value and the shared domain key.
[0238] Furthermore, the fourth authentication factor (a5) must at least satisfy the following expression:
[0239] a5 = h(ID) j ID k ,R k ,R i ,a i-k ,k d ,t4)…(16)
[0240] The meaning of each parameter can be found in the previous description, and will not be repeated here.
[0241] In other embodiments, when the satellite receives N access authentication requests from user equipment within a set time period, it can also implement a multi-level efficient batch verification mechanism, enabling the satellite to efficiently process a large number of access authentication requests from user equipment and reducing the satellite resources required to verify a large number of access authentication requests. The specific process is as follows:
[0242] First, within a set time period, N access authentication requests are received from the user equipment; among them, N access authentication requests are used to request access to the ground station, and N is an integer greater than 1.
[0243] Secondly, after verifying that all N access authentication requests are valid based on their respective timestamps, calculate the N authentication hash values and N authentication hash factors associated with the user equipment for each of the N access authentication requests.
[0244] Then, the validity of the N access authentication requests is verified based on the N authentication hash values and N authentication hash factors;
[0245] Finally, if all N access authentication requests are verified to be valid, a first access response message is sent to the user equipment, and a second access response message is sent to the ground station based on the first security channel.
[0246] For example, suppose there are N access authentication requests, ARs = [AR1, AR2, ..., AR2]. n1 ]; among them, AR i = <TID i ID k PK i ,a i-k ,a i,3 ,t i,3 First, for each access authentication request, check the timestamp t. i,3 Validity; then, for each access authentication request, calculate the respective pseudo-identity (e.g., ), and calculate their respective authentication hash values (e.g., d') based on their respective pseudo-identities. i,m =h(PID') i,m ID ncc PK u ), and their respective authentication hash factors (d'3 = h(PID') i,m ID j ID k PK ncc PK sat PK gs PK i ,k d ,t3)), if (Σa i,3)·P=n·PK u +(Σd' i,m )·PK ncc +Σd'3·PK i If all N access authentication requests are verified to be valid, it indicates that the user equipment sending the ARs is legitimate and that the ARs have not been tampered with during transmission. The user equipment can then send a first access response message to the user equipment and a second access response message to the ground station based on the first security channel.
[0247] In other embodiments, when the NCC needs to update the initial shared domain key to ensure the freshness, integrity, and legitimacy of the domain key in real time, when the satellite receives the first domain key update message from the NCC, it can use its own key to generate a second domain key update message and send it to ground stations and user equipment within the satellite's signal coverage area. Specifically, this may include the following process:
[0248] First, a first domain key update message is received from the NCC. This first domain key update message includes at least a fifth timestamp (t5) representing when the NCC generated the first domain key update message, a domain key update signature (γ), and the NCC identity associated with the NCC (i.e., the ID mentioned earlier). ncc ) and the fourth temporary public key (i.e., P mentioned above) ncc The domain key update signature is generated by the NCC based on the new shared domain key and the secret reconstruction value (CRT). The secret reconstruction value is calculated using the CRT. For details on the generation process of this domain key update signature, please refer to [link to relevant documentation]. Figure 1 The relevant descriptions in the text will not be repeated here.
[0249] Secondly, when the fifth timestamp is verified to be valid, the new shared domain key is determined based on the domain key update signature (e.g., ).
[0250] Then, if the third verification value is calculated based on the new shared key (e.g., This is equal to the fourth verification value (e.g., PK) calculated based on the NCC identity, the fourth temporary public key, and the fifth timestamp. ncc +h(ID ncc PK ncc PK u PK sat PK gs ,P ncc ,t5)·P ncc If the first domain key update message is sent, then a second domain key update message is sent to both the ground station and the user equipment; wherein the second domain key update message includes at least the first domain key update message ({ID)). ncc ,γ,P ncc,t5}), the sixth timestamp (t6) of the satellite-generated second-domain key update message, and the new temporary public key (PP) associated with the satellite. j ) and the new certification factor (a6).
[0251] Furthermore, the PP j a6 and a6 respectively satisfy the following expressions:
[0252] PP j =rr j ·P,rr j ∈F p ;
[0253] a6 = s j +d5·rr j d5 = h(ID) ncc ,γ,PK ds PP j ,t5,t6)…..(17)
[0254] Here, d5 represents the authentication hash factor that the satellite recalculates in the domain key update mechanism.
[0255] In this embodiment of the application, the aforementioned domain name update mechanism ensures the secure and effective updating of the shared domain key even when nodes change dynamically. Furthermore, based on the domain key update signature and verification protocol, it ensures that all authorized nodes can receive the new and verifiable shared domain key, preventing the unauthorized use of the old shared domain key and thus enhancing the overall security and reliability of the integrated space-ground network.
[0256] In this embodiment of the application, based on the above... Figure 6 The method shown involves the satellite receiving an access authentication request from a user equipment (UE). First, the UE is validated based on the access authentication request. If the UE is validated, it can simultaneously send a first access response message and a second access response message to the ground station via a first secure channel. Compared to existing technologies, this eliminates the need for one-to-one authentication via a unidirectional path and enables three-way mutual authentication between the UE, the satellite, and the ground station, improving the overall access authentication efficiency. Second, the first secure channel is a shared secure channel between the satellite and the ground station to ensure the security of the second access response message during transmission. The first and second access response messages are used by the UE and the ground station to generate a first session key. This first session key is used to construct a second secure channel shared by the ground station and the UE, ensuring that data interaction between the ground station and the UE is not tampered with or detected by the satellite, thus guaranteeing the security of the entire access authentication process.
[0257] Figure 7A flowchart illustrating an access method on the user equipment side according to an embodiment of this application is provided. This process can be... Figure 1 The user equipment 101 shown performs this function to improve the efficiency of the entire access authentication process while ensuring its security. Figure 7 As shown, the process includes the following steps:
[0258] 701: Send an access authentication request to the satellite.
[0259] In this step, the satellite can be Figure 1 The satellite 102 shown in the diagram requests user authentication information from the user equipment, as well as the ground identity of the user equipment requesting access to the ground station.
[0260] In some embodiments, the user authentication information is generated by the user equipment based on user registration information provided by the NCC and publicly available system parameters. This user authentication information includes at least a third timestamp (t3) representing the time the user equipment generates the access authentication request, and a temporary identity (TID) associated with the user equipment. i ), first temporary public key (R) i The first authentication factor (a3) and the first authentication hash value (a) between the user equipment and the ground station. i-k The first authentication hash value is calculated based at least on the user's registration information and ground identity.
[0261] It should be noted that the specific calculation process for each parameter included in the above user authentication information can be found in the description of Section 601 above, and will not be repeated here.
[0262] In other embodiments, before sending an access authentication request to the satellite, the user equipment may first register with the NCC to enable subsequent access authentication with the satellite and ground station without the NCC's involvement. The specific process can be referred to the above. Figure 3 The relevant descriptions will not be repeated here.
[0263] In other embodiments, login verification can also be performed when sending an access authentication request to the satellite, specifically:
[0264] In response to entering a new login password (PW') on the login screen i ) and biological characteristics (BIO' i The system verifies login based on the new login password, biometrics, and login authentication information. When the user device successfully logs in, it sends an access authentication request to the satellite to ensure that the user is a legitimate user holding the user device and that the device's login authentication parameters are complete, tamper-proof, and valid.
[0265] Furthermore, the new login password, biometrics, and login authentication information are used for login verification, which can be achieved by calculating σ'. i =Rep(BIO' i ,v i ), RPW' i =h(PW' i ,σ' i ), Where, σ' i For the recalculated biometric key, RPW' i To recalculate the password biometric verification factor, a reconstruction function (e.g., Rep(BIO') is extracted based on biometric fuzzing techniques. i ,v i )=σ' i ), x' i For the parsed user coprime key value, k' d The parsed user shared domain key; then verify the equation (ver i =h(DX) i DK i ,x' i ,k' d If the condition is met, then confirm the user's input command PW'. i and BIO' i Correct, and the parsed k' d and x' i That's correct; next, randomly select an unused pseudo-identity login group from the database; for example, And calculate the relevant
[0266] And verify the equation (ver) i,m =h(DPID') i,m DS i,m ,DA i,m ,PID' i,m ,s' i,m ,a' i,m ,v i If the condition is met, then confirm the relevant login authentication parameters (e.g., DPID). i,m DS i,m ,ver i,m The data is complete and has not been tampered with, and the PID is intact. i,m ,s' i,m ,a' i,m correct.
[0267] 702: Received the first access response message from the satellite.
[0268] In this step, the first access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request.
[0269] In some embodiments, the first access response message includes at least a second authentication factor (a4), a second timestamp (t2), and a valid timestamp (t). exp Satellite-related identity (i.e., the ID mentioned above) j ) and the second temporary public key (i.e., R mentioned above) k The third temporary public key (R) associated with the ground station in the ground authentication information. k ), and a fourth timestamp used to characterize the simultaneous sending of the first access response message and the second access response message; wherein, the second authentication factor is generated at least based on the third authentication factor related to the ground station in the ground authentication information (i.e., a2 negotiated in the pre-negotiation mechanism above).
[0270] It should be noted that the specific calculation process for each parameter included in the first access response message can be found in the description related to 602 above, and will not be repeated here.
[0271] 703: After verifying the first access response message, calculate the first session key based at least on the first access response message.
[0272] In this step, the first session key can be used to establish a second secure channel shared between the ground station and the user equipment.
[0273] In some embodiments, verifying the validity of the first access response message may include the following process:
[0274] After verifying the fourth timestamp (t4) and the valid timestamp (t... exp When all are valid, calculate the authentication hash value (d') associated with the ground station. k ) and authentication hash factor (d'2), and calculate the authentication hash value associated with the satellite (d j The authentication hash value (d'2) and the authentication hash factor (d'2); if the fifth verification value calculated based on the authentication hash value and authentication hash factor associated with the ground station and the authentication hash value and authentication hash factor associated with the satellite is equal to the sixth verification value calculated based on the second authentication factor, then the first access response message is verified, which also indicates that both the satellite and the ground station are legitimate.
[0275] For example, when it is determined that the current timestamp has not reached a valid timestamp, and the difference between the current timestamp and the fourth timestamp is less than or equal to the acceptable time difference range, the following calculations are performed:
[0276] d′k =h(ID) k ID ncc PK gs );
[0277] d′ j =h(ID) j ID ncc PK sat );
[0278] d′2=h(ID j ID k PK ncc PK gs ,R k ,R j ,k d ,t exp ,t2);
[0279] d'4 = h(PID) i,m ID j ID k PK ncc PK sat PK gs ,R k ,R j ,k d ,t4).....(17)
[0280] If it is found that a4·P=PK gs +PK sat +(d' k +d j ')·PK ncc +d'2·R k +d'4·R j This indicates that both the satellite and the ground station are legitimate, and that the content of the first access response message is complete; among them, the calculation result of a4·P represents the fifth verification value, PK gs +PK sat +(d' k +d j ')·PK ncc +d'2·R k +d'4·R j The calculation result represents the sixth verification value.
[0281] In some embodiments, the first session key calculated by the user equipment may satisfy the following expression:
[0282] Key i-k =h(PID) i,m ID j ID k PKsat PK gs PK u ,r i ·R k ,k d ,t2,t3,t4)….(18)
[0283] It should be noted that the meaning of each parameter can be found in the previous text, and will not be repeated here.
[0284] In other embodiments, when the satellite updates its shared domain key, the user equipment can be promptly notified so that the user equipment can also update its shared domain key. This process may include the following steps:
[0285] Receive a second-domain key update message from the satellite; wherein the second-domain key update message includes at least the first-domain key update message (i.e., the ID mentioned above). ncc ,γ,P ncc ,t5), the sixth timestamp (t6) of the satellite sending the second domain key update message, and the new temporary public key (PP) associated with the satellite. j The first domain key update message is sent by the NCC to the satellite and includes at least: a fifth timestamp representing when the NCC sends the first domain key update message, a domain key update signature, the NCC identity associated with the NCC, and a fourth temporary public key. The domain key update signature is generated by the NCC based on the new shared domain key and the secret reconstruction value, which is calculated based on the CRT. When the second domain key update message is verified to be valid, the new shared domain key is determined based on the domain key update signature.
[0286] In some embodiments, the second domain key update message is verified to be valid if the following equation is satisfied:
[0287] a6·P=PK sat +d j ·PK ncc +d′5·PP j ;
[0288]
[0289] in; d′5=h(ID ncc ,γ,PK ds PP j ,t5,t6),d j =h(ID) j ID ncc PK satThis ensures that the received second domain key update message has not been tampered with and that the new shared domain key obtained by the user equipment is correct. In addition, the meaning of the above parameters can be referred to the previous description, and will not be repeated here.
[0290] It should be noted that the specific calculation process for each parameter in the second domain key update message mentioned above can be found in the relevant description in section 602 above, and will not be repeated here.
[0291] In this embodiment of the application, the beneficial effects during the entire process of user equipment accessing the ground station via satellite are as follows:
[0292] First, the user equipment sends an access authentication request to the satellite. After the satellite verifies the legitimacy of the user equipment based on the access authentication request, it no longer needs to wait for mutual authentication interaction between the satellite and the ground station. The satellite can directly send a first access response message back to the user equipment. Compared with the existing technology, it can achieve three-way mutual authentication between the user equipment, the satellite, and the ground station without the need for one-to-one authentication of a one-way path, thus improving the authentication efficiency of the entire access authentication process. Second, a first session key can be calculated based at least on the first access response message. This facilitates the construction of a shared second secure channel between the ground station and the user equipment based on the first session key. This ensures that the data interaction between the ground station and the user equipment is not tampered with or known by the satellite, and also ensures the security of the entire access authentication process.
[0293] Figure 8 An exemplary flowchart illustrates an access authentication method at a ground station side provided in an embodiment of this application. This process can be performed by... Figure 1 The ground station 103 shown is used to improve the efficiency of the entire access authentication process while ensuring its security. Figure 8 As shown, the process includes the following steps:
[0294] 801: Receive the second access response message sent by the satellite from the first secure channel, which is a secure channel shared by the satellite and the ground station.
[0295] In some embodiments, the second access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request sent by the user equipment.
[0296] In some embodiments, the second access response message includes at least a fourth authentication factor (a5) and a pseudo-identity (i.e., the PID mentioned above). i,m ), the first temporary public key (i.e., R mentioned above) i The third timestamp (t3), the fourth timestamp (t4); wherein, the fourth authentication factor is at least based on the first authentication hash value (a i-kThe shared domain key is generated, and the specific details can be found in the above expression (16), which will not be described again here.
[0297] In other embodiments, before receiving the second access response message sent by the satellite from the first secure channel, the method further includes:
[0298] The system receives a pre-negotiation request from a satellite, which includes the satellite's authentication information and a first timestamp indicating when the satellite generated the pre-negotiation request. If the satellite is deemed legitimate based on the satellite authentication information and the first timestamp, a pre-negotiation request response is sent to the satellite. This response includes the ground station's authentication information, a second timestamp indicating when the ground station generated the response, and a valid timestamp indicating that access to the ground station is permitted. This allows the satellite to verify the ground station's legitimacy based on the authentication information, the second timestamp, and the valid timestamp, and then, at least based on the authentication information, the second timestamp, and the timestamp from the NCC (such as...). Figure 1 The shared domain key (i.e., the initial shared domain key mentioned above) obtained by the NCC100 shown is used to generate a second session key for constructing a first secure channel shared by the satellite and the ground station. This allows the satellite and the ground station to pre-authenticate each other before the user equipment accesses the network, reducing authentication overhead and latency during user equipment access. The specific interaction process can be found in [reference needed]. Figure 5 This will not be described again here.
[0299] In other embodiments, after the satellite updates its shared domain key, it can promptly notify the ground station so that the ground station can also update its shared domain key. This process may include the following steps:
[0300] Receive a second-domain key update message from the satellite; wherein the second-domain key update message includes at least the first-domain key update message (i.e., the ID mentioned above). ncc ,γ,P ncc ,t5), the sixth timestamp (t6) of the satellite sending the second domain key update message, and the new temporary public key (PP) associated with the satellite. j The first domain key update message is sent by the NCC to the satellite and includes at least: a fifth timestamp representing when the NCC sends the first domain key update message, a domain key update signature, the NCC identity associated with the NCC, and a fourth temporary public key. The domain key update signature is generated by the NCC based on the new shared domain key and the secret reconstruction value, which is calculated by the CRT. When the second domain key update message is verified to be valid, the new shared domain key is determined based on the domain key update signature.
[0301] In some embodiments, the second domain key update message is verified to be valid if the following equation is satisfied:
[0302] a6·P=PK sat +d j ·PK ncc +d′5·PP j ;
[0303]
[0304] in; d′5=h(ID ncc ,γ,PK ds PP j ,t5,t6),d j =h(ID) j ID ncc PK sat This ensures that the received second domain key update message has not been tampered with and that the new shared domain key obtained by the ground station is correct. In addition, the meaning of the above parameters can be referred to the previous description, and will not be repeated here.
[0305] In other embodiments, before receiving the second access response message from the satellite, the ground station may first register with the NCC to enable subsequent access authentication with the user equipment and the ground station without the NCC's involvement. The specific registration process can be referred to the above. Figure 4 The relevant descriptions will not be repeated here.
[0306] 802: After verifying that the second access response message is valid, calculate the first session key based at least on the second access response message.
[0307] The first session key is used to establish a second secure channel shared between the ground station and the user equipment.
[0308] In some embodiments, verifying the validity of the second access response message may include the following process:
[0309] If both the third and fourth timestamps are verified to be valid, and the following equation is satisfied, then the second access response message is considered valid, indicating that the user equipment is legitimate:
[0310] a5 = h(ID) j ID k PK k PK i ,a' i-k ,k d ,t4)……(21)
[0311] Among them, a' i-k =h(PID) i,m ID j ID k PK i,a' i, ' m ,t3), used to characterize the authentication hash value related to the ground station and satellite calculated by the user equipment, a' i, ' m =h(PID) i,m ID k ,a u-k PK u ), which is used to characterize the authentication hash value related to the ground station calculated by the user equipment. The meanings of other parameters can be referred to the previous description, and will not be repeated here.
[0312] In some embodiments, if the above equation (21) holds, it indicates that the ground station has confirmed that the user equipment is a legitimate device based on the secret hash value and the shared domain key, and that the parameters related to the user equipment have not been tampered with or replaced by the satellite or other devices during transmission.
[0313] In some embodiments, the first session key calculated by the ground station may satisfy the following expression:
[0314] Key k-i =h(PID) i,m ID j ID k PK sat PK gs PK u ,r i ·R k ,k d ,t2,t3,t4)….(22)
[0315] It should be noted that the meanings of the above parameters can be found in the previous description, and will not be repeated here.
[0316] In this embodiment of the application, the beneficial effects during the entire process of user equipment accessing the ground station via satellite are as follows:
[0317] First, the system receives a second access response message from the satellite via a first secure channel. This first secure channel is a shared secure channel between the satellite and the ground station. Compared to existing technologies, this eliminates the need for the ground station and satellite to perform mutual authentication again, improving the efficiency of the entire access authentication process and ensuring the security and integrity of data transmission between the ground station and the satellite. Second, after verifying the validity of the second access response message, the system calculates a first session key based on at least the second access response message. This first session key is used to construct the second secure channel shared by the user equipment and the ground station, ensuring that data interaction between the ground station and the user equipment is not tampered with or detected by the satellite, and also ensuring the security of the entire access authentication process.
[0318] Based on the above Figure 6 , Figure 7 , Figure 8 , Figure 9 This illustration shows a signaling interaction diagram of a complete access authentication method provided in an embodiment of this application. It should be noted that the user equipment described below can be... Figure 1 The user equipment 101 shown can be a satellite. Figure 1 The ground station for satellite 102 shown can be... Figure 1 Ground station 103 is shown. (As shown) Figure 9 As shown, the steps may include the following:
[0319] 901: User equipment sends a message to the satellite carrying {TID} i ID k ,R i ,a i-k Access authentication request for ,a3,t3}.
[0320] 902: After receiving the access authentication request, the satellite performs a valid verification of the user equipment based on the access authentication request.
[0321] 903: After the satellite verifies that the user equipment is legitimate, it sends a message to the user equipment carrying {ID} j ,R k ,R j ,a4,t exp The first access response message of {t2,t4}, and the message carrying {PID} sent to the ground station through the first security channel. i,m ,R i The second access response message of ,a5,t3,t4}.
[0322] 904a: The user equipment performs a valid verification of the first access response message, and after verifying that the first access response message is valid, calculates the Key shared with the ground station. i-k .
[0323] 904b: The ground station verifies the validity of the second access response message, and after verifying its validity, calculates the Key shared with the user equipment. k-i .
[0324] 905: Ground stations and user equipment are based on this key k-i =Key i-k Establish a shared second secure channel so that user equipment can obtain services and data from the ground station through this second secure channel.
[0325] It should be noted that the meaning and calculation process of the above parameters can be referred to the previous text, and will not be repeated here.
[0326] In this embodiment, during the mutual authentication process among the user equipment, satellite, and ground station, when the satellite receives the user equipment's access authentication request and verifies the user equipment's legitimacy, it can send its own access response messages to the ground station and the user equipment respectively. Based on the first secure channel shared by the ground station and the satellite, and the second secure channel shared by the ground station and the user equipment, the entire access authentication process can be effectively integrated without one-to-one authentication of the unidirectional path, simplifying the authentication steps and reducing communication overhead and processing time. Furthermore, the established secure channel is only for the use of the two parties and does not involve any third party, thus ensuring the security of the entire access authentication process.
[0327] Based on the same technical concept, this application also provides a satellite that can implement the access authentication method described above in this application.
[0328] Figure 10 An exemplary schematic diagram of a satellite structure provided in an embodiment of this application is shown. Figure 10 As shown, the satellite includes a receiving module 1001, a verification module 1002, and a transmitting module 1003.
[0329] The receiving module 1001 is used to receive an access authentication request from a user equipment; wherein the access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station.
[0330] The sending module 1003 is configured to send a first access response message to the user equipment and a second access response message to the ground station based on a first secure channel after the verification module 1002 verifies the legitimacy of the user equipment according to the access authentication request; wherein the first access response message and the second access response message are used by the user equipment and the ground station to generate a first session key, the first session key being used to construct a second secure channel shared by the ground station and the user equipment; the first secure channel is a secure channel shared by the satellite and the ground station.
[0331] Based on the same technical concept, this application embodiment also provides a user equipment that can implement the access authentication method described above on the user equipment side in this application embodiment.
[0332] Figure 11 An exemplary schematic diagram of a user equipment provided in an embodiment of this application is shown. Figure 11 As shown, the user equipment includes a sending module 1101, a receiving module 1102, and a session key calculation module 1103.
[0333] The sending module 1101 is used to send an access authentication request to the satellite; wherein, the access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station.
[0334] The receiving module 1102 is used to receive a first access response message from the satellite; wherein the first access response message is sent by the satellite after verifying that the user equipment is legitimate based on the access authentication request.
[0335] The session key calculation module 1103 is used to calculate a first session key shared with the ground station, based at least on the first access response message, after verifying that the first access response message is valid; wherein the first session key is used to construct a second secure channel shared between the ground station and the user equipment.
[0336] Based on the same technical concept, this application embodiment also provides a ground station, which can implement the method flow of the access method on the ground station side described above in this application embodiment.
[0337] Figure 12 An exemplary schematic diagram of a ground station provided in an embodiment of this application is shown. Figure 12 As shown, the ground station includes a receiving module 1201 and a session key calculation module 1202.
[0338] The receiving module 1201 is used to receive a second access response message sent by the satellite from the first secure channel; wherein the first secure channel is a secure channel shared by the satellite and the ground station; and the second access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request sent by the user equipment.
[0339] The session key calculation module 1202 is used to calculate a first session key based on at least the second access response message after verifying that the second access response message is valid; wherein the first session key is used to construct a second secure channel shared by the ground station and the user equipment.
[0340] It should be noted that the apparatus provided in this application embodiment can implement all the method steps in the above method embodiment and achieve the same technical effect. Therefore, the parts and beneficial effects that are the same as those in the method embodiment will not be described in detail here.
[0341] Based on the same technical concept, this application also provides a communication device, which can realize the functions of the aforementioned satellite, user equipment, and ground station.
[0342] Figure 13An exemplary schematic diagram of a communication device provided in an embodiment of this application is shown.
[0343] At least one processor 1301 and a memory 1302 connected to at least one processor 1301. In this embodiment, the specific connection medium between the processor 1301 and the memory 1302 is not limited. Figure 13 The example shown is the connection between processor 1301 and memory 1302 via bus 1300. Bus 1300 is... Figure 13 The connections between other components are shown in bold lines only and are not intended to be limiting. The Bus 1300 can be divided into address bus, data bus, control bus, etc., for ease of representation. Figure 13 The term is represented by a single thick line, but this does not imply that there is only one bus or one type of bus. Alternatively, the processor 1301 can also be called a controller; there is no restriction on the name.
[0344] In this embodiment, memory 1302 stores instructions executable by at least one processor 1301. By executing the instructions stored in memory 1302, at least one processor 1301 can perform a data processing method described above. Processor 1301 can implement... Figure 10 , Figure 11 , Figure 12 The functions of each module in the device shown.
[0345] The processor 1301 is the control center of the device. It can connect to various parts of the control device through various interfaces and lines. By running or executing instructions stored in memory 1302 and calling data stored in memory 1302, the processor can perform various functions and process data, thereby monitoring the device as a whole.
[0346] In this embodiment, processor 1301 may include one or more processing units. Processor 1301 may integrate an application processor and a modem processor. The application processor mainly handles the operating system, user interface, and applications, while the modem processor mainly handles wireless communication. It is understood that the modem processor may not be integrated into processor 1301. In some embodiments, processor 1301 and memory 1302 may be implemented on the same chip; in other embodiments, they may be implemented on separate chips.
[0347] Processor 1301 can be a general-purpose processor, such as a central processing unit (CPU), digital signal processor, application-specific integrated circuit, field-programmable gate array or other programmable logic device, discrete gate or transistor logic device, or discrete hardware component, capable of implementing or executing the methods, steps, and logic block diagrams disclosed in the embodiments of this application. The general-purpose processor can be a microprocessor or any conventional processor. The steps of an access authentication method disclosed in the embodiments of this application can be directly manifested as execution by a hardware processor, or execution by a combination of hardware and software modules within the processor.
[0348] Memory 1302, as a non-volatile computer-readable storage medium, can be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. Memory 1302 may include at least one type of storage medium, such as flash memory, hard disk, multimedia card, card-type memory, random access memory (RAM), static random access memory (SRAM), programmable read-only memory (PROM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), magnetic storage, magnetic disk, optical disk, etc. Memory 1302 can be any other medium capable of carrying or storing desired program code in the form of instructions or data structures that can be accessed by a computer, but is not limited thereto. In the embodiments of this application, memory 1302 may also be a circuit or any other device capable of implementing storage functions for storing program instructions and / or data.
[0349] By designing and programming the processor 1301, the code corresponding to one of the access authentication methods described in the foregoing embodiments can be embedded into the chip, enabling the chip to execute it during operation. Figure 6 , Figure 7 , Figure 8 The illustrated embodiment presents an access authentication method. How to design and program the processor 1301 is a technique well-known to those skilled in the art and will not be described further here.
[0350] It should be noted that the communication device provided in this application embodiment can implement all the method steps implemented in the above method embodiment and can achieve the same technical effect. Here, the parts that are the same as those in the method embodiment and the beneficial effects will not be described in detail.
[0351] Based on the same technical concept, embodiments of this application provide a computer storage medium, which includes computer program code. When the computer program code is executed on a computer, it causes the computer to perform any of the access authentication methods discussed above. Since the principle by which the above-described computer storage medium solves the problem is similar to that of an access authentication method, the implementation of the above-described computer storage medium can be referred to the implementation of the method, and repeated details will not be elaborated further.
[0352] In specific implementation, computer storage media can include: Universal Serial Bus Flash Drive (USB), portable hard drive, Read-Only Memory (ROM), Random Access Memory (RAM), magnetic disk or optical disk, and other storage media that can store program code.
[0353] Based on the same technical concept, this application also provides a computer program product, which includes computer program code. When the computer program code is run on a computer, it causes the computer to execute any of the access authentication methods discussed above. Since the principle by which the above computer program product solves the problem is similar to that of an access authentication method, the implementation of the above computer program product can refer to the implementation of the method, and repeated details will not be described again.
[0354] Computer program products may employ any combination of one or more readable media. A readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of readable storage media include: electrical connections having one or more wires, portable disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof.
[0355] The methods in this application can be implemented, in whole or in part, by software, hardware, firmware, or any combination thereof. When implemented in software, they can be implemented, in whole or in part, as a computer program product. The computer program product includes one or more computer programs or instructions. When the computer program or instructions are loaded and executed on a computer, the processes or functions described in this application are performed, in whole or in part. The computer can be a general-purpose computer, a special-purpose computer, a computer network, network equipment, user equipment, core network equipment, OAM, or other programmable devices.
[0356] The computer program or instructions may be stored in a computer-readable storage medium or transferred from one computer-readable storage medium to another. For example, the computer program or instructions may be transferred from one website, computer, server, or data center to another website, computer, server, or data center via wired or wireless means. The computer-readable storage medium may be any available medium that a computer can access, or a data storage device such as a server or data center that integrates one or more available media. The available medium may be a magnetic medium, such as a floppy disk, hard disk, or magnetic tape; or an optical medium, such as a digital video optical disc; or a semiconductor medium, such as a solid-state drive. The computer-readable storage medium may be a volatile or non-volatile storage medium, or may include both volatile and non-volatile types of storage media.
[0357] Those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, this application can take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage and optical storage) containing computer-usable program code.
[0358] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 Devices that specify the functions in one or more boxes.
[0359] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including an instruction device, which is implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.
[0360] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.
[0361] Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. Therefore, if these modifications and variations of the present invention fall within the scope of the claims of this application and their equivalents, this application also intends to include these modifications and variations.
Claims
1. An access authentication method, characterized in that, Applied to satellites, the method includes: Receive an access authentication request from a user equipment; wherein the access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station; After verifying the legitimacy of the user equipment based on the access authentication request, a first access response message is sent to the user equipment, and a second access response message is sent to the ground station based on the first security channel; Wherein, the first access response message and the second access response message are used by the user equipment and the ground station to generate a first session key, the first session key being used to construct a second secure channel shared by the ground station and the user equipment; the first secure channel is a secure channel shared by the satellite and the ground station; The user authentication information is generated by the user equipment based on user registration information and publicly available system parameters provided by the Network Control Center (NCC). The user authentication information includes at least: a third timestamp representing when the user equipment generates the access authentication request, a temporary identity associated with the user equipment, a first temporary public key, a first authentication factor, and a first authentication hash value between the user equipment and the ground station. The first authentication hash value is calculated based at least on the user registration information and the ground identity. The step of verifying the legitimacy of the user equipment based on the access authentication request includes: When the third timestamp is verified to be valid, the pseudo identity of the user equipment is calculated based on at least the temporary identity, the third timestamp, and the shared domain key. At least the second authentication hash value of the user equipment is calculated based on the pseudo-identity; The first authentication hash factor of the user equipment is calculated based at least on the pseudo identity, the ground identity, the third timestamp, the shared domain key obtained from the NCC, and the system public parameters. If the first verification value calculated based on the second authentication hash value and the first authentication hash factor is equal to the second verification value calculated based on the first authentication factor, then the user equipment is verified as legitimate.
2. The method as described in claim 1, characterized in that, Before receiving the access authentication request from the user equipment, the method further includes: A pre-negotiation request is sent to the ground station; wherein the pre-negotiation request includes the satellite authentication information of the satellite, and a first timestamp used to characterize when the satellite generated the pre-negotiation request; Receive a pre-negotiation request response sent by the ground station; wherein the pre-negotiation request response is sent by the ground station after verifying the satellite's legitimacy based on the satellite authentication information and the first timestamp, and the pre-negotiation request response includes the ground station's ground authentication information, a second timestamp used to characterize the generation of the pre-negotiation request response by the ground station, and a valid timestamp used to characterize the permission to access the ground station; Once the ground station is verified to be legitimate based on the ground authentication information, the second timestamp, and the valid timestamp, a second session key is generated based on at least the ground authentication information, the second timestamp, and the shared domain key; wherein the shared domain key is generated using the Chinese Remainder Theorem (CRT), and the second session key is used to construct the first secure channel.
3. The method as described in claim 2, characterized in that, The first access response message includes at least a second authentication factor, a second timestamp, the valid timestamp, a satellite identity associated with the satellite and a second temporary public key, a third temporary public key associated with the ground station in the ground authentication information, and a fourth timestamp used to characterize the simultaneous sending of the first access response message and the second access response message; wherein, the second authentication factor is generated at least based on the third authentication factor associated with the ground station in the ground authentication information; The second access response message includes at least a fourth authentication factor, the pseudo identity, the first temporary public key, the third timestamp, and the fourth timestamp; wherein the fourth authentication factor is generated based at least on the first authentication hash value and the shared domain key.
4. The method as described in claim 2 or 3, characterized in that, The method further includes: Receive a first domain key update message from the NCC; wherein the first domain key update message includes at least a fifth timestamp representing when the NCC generated the first domain key update message, a domain key update signature, the NCC identity associated with the NCC, and a fourth temporary public key, the domain key update signature being generated by the NCC based on a new shared domain key and a secret reconstruction value, the secret reconstruction value being calculated based on the CRT; When the fifth timestamp is verified to be valid, the new shared domain key is determined based on the domain key update signature. If the third verification value calculated based on the new shared domain key is equal to the fourth verification value calculated based on the NCC identity, the fourth temporary public key, and the fifth timestamp, then a second domain key update message is sent to the ground station and the user equipment respectively; wherein, the second domain key update message includes at least the first domain key update message, the sixth timestamp of the satellite generating the second domain key update message, the new temporary public key associated with the satellite, and the new authentication factor.
5. The method according to any one of claims 1-3, characterized in that, The method further includes: During a set time period, N access authentication requests are received from the user equipment; wherein, the N access authentication requests are used to request access to the ground station, and N is an integer greater than 1; When all N access authentication requests are verified to be valid based on their respective timestamps, N authentication hash values and N authentication hash factors related to the user equipment are calculated for each of the N access authentication requests. The N access authentication requests are validated for validity based on the N authentication hash values and the N authentication hash factors. If all N access authentication requests are verified to be valid, the first access response message is sent to the user equipment, and the second access response message is sent to the ground station based on the first security channel.
6. An access authentication method, characterized in that, Applied to user equipment, the method includes: Send an access authentication request to the satellite; wherein, the access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station; Receive a first access response message from the satellite; wherein the first access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request; Once the first access response message is verified to be valid, a first session key is calculated based on the first access response message; wherein, the first session key is used to construct a second secure channel shared between the ground station and the user equipment; The user authentication information is generated by the user equipment based on user registration information and publicly available system parameters provided by the Network Control Center (NCC). The user authentication information includes at least: a third timestamp representing the user equipment's generation of the access authentication request, the user equipment's temporary identity, a first temporary public key, a first authentication factor, and a first authentication hash value between the user equipment and the ground station. The first authentication hash value is calculated based at least on the user registration information and the ground identity. Wherein, the satellite verifies the legitimacy of the user equipment based on the access authentication request, including: When the third timestamp is verified to be valid, the pseudo identity of the user equipment is calculated based on at least the temporary identity, the third timestamp, and the shared domain key. At least the second authentication hash value of the user equipment is calculated based on the pseudo-identity; The first authentication hash factor of the user equipment is calculated based at least on the pseudo identity, the ground identity, the third timestamp, the shared domain key obtained from the NCC, and the system public parameters. If the first verification value calculated based on the second authentication hash value and the first authentication hash factor is equal to the second verification value calculated based on the first authentication factor, then the user equipment is verified as legitimate.
7. The method as described in claim 6, characterized in that, The first access response message includes at least a second authentication factor, a second timestamp, a valid timestamp, a satellite identity associated with the satellite and a second temporary public key, a third temporary public key associated with the ground station in the ground authentication information, and a fourth timestamp used to characterize the sending of the first access response message; wherein the ground authentication information, the second timestamp, and the valid timestamp are obtained by the satellite from the ground station, the second authentication factor is generated at least based on the third authentication factor associated with the ground station in the ground authentication information, and the valid timestamp is used to characterize the timestamp that allows access to the ground station.
8. The method as described in claim 7, characterized in that, The verification that the first access response message is valid includes: When it is verified that both the fourth timestamp and the valid timestamp are valid, the authentication hash value and authentication hash factor associated with the ground station are calculated, as well as the authentication hash value and authentication hash factor associated with the satellite are calculated. If the fifth verification value, calculated based on the authentication hash value and authentication hash factor associated with the ground station and the authentication hash value and authentication hash factor associated with the satellite, is equal to the sixth verification value calculated based on the second authentication factor, then the first access response message is verified to be valid.
9. The method as described in claim 6, characterized in that, The method further includes: The system receives a second domain key update message from the satellite. The second domain key update message includes at least a first domain key update message, a sixth timestamp indicating when the satellite sent the second domain key update message, a new temporary public key associated with the satellite, and a new authentication factor. The first domain key update message is sent to the satellite by the Network Control Center (NCC) and includes at least: a fifth timestamp representing when the NCC sent the first domain key update message, a domain key update signature, the NCC identity associated with the NCC, and a fourth temporary public key. The domain key update signature is generated by the NCC based on a new shared domain key and a secret reconstruction value, and the secret reconstruction value is calculated based on the Chinese Remainder Theorem (CRT). When the second domain key update message is verified to be valid, the new shared domain key is determined based on the domain key update signature.
10. An access authentication method, characterized in that, Applied to ground stations, the method includes: The satellite receives a second access response message from a satellite via a first secure channel; wherein the first secure channel is a secure channel shared by the satellite and the ground station; and the second access response message is sent by the satellite after verifying the legitimacy of the user equipment based on the access authentication request sent by the user equipment. Once the second access response message is verified to be valid, a first session key is calculated based on at least the second access response message; wherein, the first session key is used to construct a second secure channel shared by the ground station and the user equipment; The access authentication request includes the user authentication information of the user equipment and the ground identity of the user equipment requesting access to the ground station. The user authentication information is generated by the user equipment based on user registration information and publicly available system parameters provided by the Network Control Center (NCC). The user authentication information includes at least: a third timestamp representing the user equipment when it generates the access authentication request, a temporary identity associated with the user equipment, a first temporary public key, a first authentication factor, and a first authentication hash value between the user equipment and the ground station. The first authentication hash value is calculated based at least on the user registration information and the ground identity. The satellite verifies the legitimacy of the user equipment based on the access authentication request sent by the user equipment, including: When the third timestamp is verified to be valid, the pseudo identity of the user equipment is calculated based at least on the temporary identity, the third timestamp, and the shared domain key obtained from the NCC; At least the second authentication hash value of the user equipment is calculated based on the pseudo-identity; The first authentication hash factor of the user equipment is calculated based at least on the pseudo identity, the ground identity, the third timestamp, the shared domain key, and the system public parameters. If the first verification value calculated based on the second authentication hash value and the first authentication hash factor is equal to the second verification value calculated based on the first authentication factor, then the user equipment is verified as legitimate.
11. The method as described in claim 10, characterized in that, Before receiving the second access response message sent by the satellite from the first secure channel, the method further includes: Receive a pre-negotiation request sent by the satellite; wherein the pre-negotiation request includes the satellite authentication information of the satellite, and a first timestamp used to characterize when the satellite generated the pre-negotiation request; If the satellite is found to be legitimate based on the satellite authentication information and the first timestamp, a pre-negotiation request response is sent to the satellite; wherein the pre-negotiation request response includes the ground authentication information of the ground station, a second timestamp indicating that the ground station generated the pre-negotiation request response, and a valid timestamp indicating that access to the ground station is permitted.
12. The method as described in claim 11, characterized in that, The method further includes: The system receives a second domain key update message from the satellite. The second domain key update message includes at least a first domain key update message, a sixth timestamp indicating when the satellite sent the second domain key update message, a new temporary public key associated with the satellite, and a new authentication factor. The first domain key update message is sent to the satellite by the Network Control Center (NCC) and includes at least: a fifth timestamp representing when the NCC sent the first domain key update message, a domain key update signature, the NCC identity associated with the NCC, and a fourth temporary public key. The domain key update signature is generated by the NCC based on a new shared domain key and a secret reconstruction value, and the secret reconstruction value is calculated based on the Chinese Remainder Theorem (CRT). When the second domain key update message is verified to be valid, the new shared domain key is determined based on the domain key update signature.
13. A communication device, characterized in that, include: Memory, used to store computer programs; A processor, when executing a computer program stored in the memory, implements the method of any one of claims 1-5, or performs the method of any one of claims 6-9, or performs the method of any one of claims 10-12.
14. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the method of any one of claims 1-5, or performs the method of any one of claims 6-9, or performs the method of any one of claims 10-12.