Key distribution method
First Claim
1. A key distribution method applied in the Next Generation Network comprising a terminal, a soft switch and an authentication center, comprising:
- the terminal sending a registration request message to the soft switch for a registration;
the soft switch sending an authentication request message to the authentication center for the authentication for the terminal; and
the authentication center authenticating the terminal, generating a session key for the terminal and the soft switch, and sending the session key to the soft switch, so as to be distributed to the terminal upon a successful authentication;
wherein the step of the authentication center authenticating the terminal comprises;
the authentication center generating a first verification word for the terminal according to a key Kc shared with the terminal, encrypting the session key with the shared key Kc, and returning the encrypted session key and the first verification word to the soft switch;
the soft switch returning a registration failure response message to the terminal to notify the terminal of a registration failure;
the terminal generating a second verification word according to the key Kc shared with the authentication center, and sending a registration message containing the second verification word to the soft switch for a registration again; and
the soft switch authenticating the terminal according to the first verification word and the second verification word;
wherein the step of the soft switch distributing the session key to the terminal comprises;
the soft switch returning to the terminal a registration success response message containing the session key encrypted with the shared key Kc, and sending a terminal authentication success message to the authentication center; and
the terminal decrypting the session key encrypted by the authentication center according to the shared key Kc.
2 Assignments
0 Petitions
Accused Products
Abstract
A key distribution method for the next generation network (NGN), includes steps of: (a) a terminal sending a registration request message to a soft switch; (b) the soft switch sending an authentication request message to an authentication center; (c) the authentication center authenticating the terminal, then the soft switch distributing the session key to the terminal after the registration authentication being passed. The invention implements the key distribution during the registration authentication, thus the traffic is smaller, and it could be associated with the specialties of the NGN, and improve the efficiency of solving the security problem, the registration authentication of the terminal and the distribution of the key are more suitable specifically for the NGN.
-
Citations
10 Claims
-
1. A key distribution method applied in the Next Generation Network comprising a terminal, a soft switch and an authentication center, comprising:
-
the terminal sending a registration request message to the soft switch for a registration; the soft switch sending an authentication request message to the authentication center for the authentication for the terminal; and the authentication center authenticating the terminal, generating a session key for the terminal and the soft switch, and sending the session key to the soft switch, so as to be distributed to the terminal upon a successful authentication; wherein the step of the authentication center authenticating the terminal comprises; the authentication center generating a first verification word for the terminal according to a key Kc shared with the terminal, encrypting the session key with the shared key Kc, and returning the encrypted session key and the first verification word to the soft switch; the soft switch returning a registration failure response message to the terminal to notify the terminal of a registration failure; the terminal generating a second verification word according to the key Kc shared with the authentication center, and sending a registration message containing the second verification word to the soft switch for a registration again; and the soft switch authenticating the terminal according to the first verification word and the second verification word; wherein the step of the soft switch distributing the session key to the terminal comprises; the soft switch returning to the terminal a registration success response message containing the session key encrypted with the shared key Kc, and sending a terminal authentication success message to the authentication center; and the terminal decrypting the session key encrypted by the authentication center according to the shared key Kc. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A key distribution method applied in the Next Generation Network comprising a terminal, a signaling proxy, a soft switch and an authentication center, comprising:
-
the terminal sending a registration request message through the signaling proxy to the soft switch for a registration; the soft switch sending an authentication request message to the authentication center for the authentication for the terminal; and the authentication center authenticating the terminal, generating a session key for the terminal and the signaling proxy, and sending the session key to the soft switch, so as to be distributed through the signaling proxy to the terminal upon a successful authentication; wherein the step of the authentication center authenticating the terminal comprises; the authentication center generating a first verification word for the terminal according to a key Kc shared with the terminal and a key Ksp shared with the signaling proxy, encrypting the session key respectively with the shared key Kc and the shared key Ksp, and returning the encrypted session key and the first verification word to the soft switch; the soft switch returning a registration failure response message through the signaling proxy to the terminal to notify the terminal of a registration failure; the terminal generating a second verification word according to the key Kc shared with the authentication center, and sending a registration message containing the second verification word to the signaling proxy to be forwarded to the soft switch for a registration again; and the soft switch authenticating the terminal according to the first verification word and the second verification word; wherein the step of the soft switch distributing the session key to the terminal comprises; the soft switch forwarding to the signaling proxy a terminal registration success response message containing the session key encrypted by the authentication center respectively with the shared keys Kc and Ksp, and the signaling proxy decrypting with the shared key Ksp the session key encrypted by the authentication center with the shared key Ksp, calculating a message verification word for the registration success response message with the decrypted session key, and forwarding to the terminal the registration success response message containing the message verification word and the session key encrypted with the shared key Kc; and the terminal decrypting the session key encrypted by the authentication center according to the shared key Kc, and authenticating with the decrypted session key the message authentication word of the message returned from the signaling proxy so as to authenticate an identity of the signaling proxy, an integrity of the message and whether security mechanism parameters of the terminal returned from the signaling proxy are correct. - View Dependent Claims (7, 8, 9, 10)
-
Specification