Method and apparatus for authenticating communication device

US 8,706,085 B2
Filed: 10/11/2012
Issued: 04/22/2014
Est. Priority Date: 04/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a machine type communication MTC device, comprising:

receiving an attach request comprising a group identifier and sent by an MTC device to be authenticated, wherein the group identifier is a group identifier of an MTC group where the MTC device to be authenticated is located;

determining whether a first group authentication vector bound to the group identifier exists locally, wherein the first group authentication vector is an authentication vector used for authenticating MTC devices in the MTC group;

if the first group authentication vector bound to the group identifier exists, according to the first group authentication vector, authenticating the MTC device to be authenticated, and generating a system key for the MTC device to be authenticated;

wherein each MTC device in the MTC group has a device characteristic, and the device characteristic is used to uniquely identify the MTC device in the MTC group;

the attach request further comprises a second device characteristic used for identifying the MTC device to be authenticated;

after the determining that the first group authentication vector bound to the group identifier exists locally, the method further comprises;

determining whether the second device characteristic is the same as a locally stored first device characteristic, wherein the first device characteristic is a device characteristic bound to both the group identifier and the first group authentication vector; and

if the second device characteristic is different from the locally stored first device characteristic, executing the step of according to the first group authentication vector, authenticating the MTC device to be authenticated, and generating the system key of the MTC device to be authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention disclose a method and an apparatus for authenticating a communication device, where the method includes: receiving an attach request including a group identifier and sent by an MTC device to be authenticated, where the group identifier is a group identifier of an MTC group where the MTC device to be authenticated is located; determining whether a first group authentication vector bound to the group identifier exists locally, where the first group authentication vector is an authentication vector used for authenticating MTC devices in the MTC group; and if existing, according to the first group authentication vector, authenticating the MTC device to be authenticated, and generating a system key of the MTC device to be authenticated. The technical solutions provided in the present invention can be applied to the technical field of authenticating the MTC device.

Citations

16 Claims

1. A method for authenticating a machine type communication MTC device, comprising:
- receiving an attach request comprising a group identifier and sent by an MTC device to be authenticated, wherein the group identifier is a group identifier of an MTC group where the MTC device to be authenticated is located;
  
  determining whether a first group authentication vector bound to the group identifier exists locally, wherein the first group authentication vector is an authentication vector used for authenticating MTC devices in the MTC group;
  
  if the first group authentication vector bound to the group identifier exists, according to the first group authentication vector, authenticating the MTC device to be authenticated, and generating a system key for the MTC device to be authenticated;
  
  wherein each MTC device in the MTC group has a device characteristic, and the device characteristic is used to uniquely identify the MTC device in the MTC group;
  
  the attach request further comprises a second device characteristic used for identifying the MTC device to be authenticated;
  
  after the determining that the first group authentication vector bound to the group identifier exists locally, the method further comprises;
  
  determining whether the second device characteristic is the same as a locally stored first device characteristic, wherein the first device characteristic is a device characteristic bound to both the group identifier and the first group authentication vector; and
  
  if the second device characteristic is different from the locally stored first device characteristic, executing the step of according to the first group authentication vector, authenticating the MTC device to be authenticated, and generating the system key of the MTC device to be authenticated.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, further comprising:
    - if the first group authentication vector does not exist, acquiring the first group authentication vector from a server according to the group identifier;
      
      establishing a binding relationship between the group identifier and the acquired first group authentication vector; and
      
      according to the first group authentication vector, authenticating the MTC device to be authenticated, and generating a system key for the MTC device to be authenticated.
  - 3. The method according to claim 2, whereinthe method is applied in a universal mobile telecommunication system UMTS network and the method is executed by a visited location register VLR in the UMTS network;
    - andthe server is a home location register HLR in the UMTS network;
      
      orthe method is applied in a long term evolution LTE network and the method is executed by a mobility management entity MME in the LTE network; and
      
      the server is a home subscriber system HSS in the LTE network.
  - 4. The method according to claim 1, further comprising:
    - if the second device characteristic of the MTC device to be authenticated is the same as the locally stored first device characteristic,acquiring, according to the group identifier, a second group authentication vector used for authenticating the MTC devices in the MTC group;
      
      establishing a binding relationship among the group identifier, the second device characteristic, and the acquired second group authentication vector; and
      
      according to an expected response number generated by the acquired second group authentication vector and the second device characteristic, authenticating the MTC device to be authenticated, and generating a system key of the MTC device to be authenticated.
  - 5. The method according to claim 1, wherein according to the first group authentication vector, the authenticating the MTC device to be authenticated, and generating the system key of the MTC device to be authenticated comprises:
    - generating an expected response number according to the first group authentication vector and the second device characteristic;
      
      sending group authentication information to the MTC device to be authenticated, so that the MTC device to be authenticated authenticates a network according to the group authentication information, and generates a device side key according to the second device characteristic, wherein the group authentication information is information in the first group authentication vector;
      
      receiving a response number generated according to the second device characteristic by the MTC device to be authenticated;
      
      according to the response number and the expected response number, authenticating the MTC device to be authenticated; and
      
      generating a network side key according to the first group authentication vector and the second device characteristic.

6. A method for authenticating an MTC device, comprising:
- after authentication between a primary MTC device in an MTC group and a network side succeeds, receiving an attach request sent by a second MTC device in the MTC group, wherein an authentication vector generated in the process of authentication between the primary MTC device and the network side is taken as a group authentication vector of the MTC group;
  
  authenticating, by the primary MTC device, the second MTC device, and generating a system key for the second MTC device by using the group authentication vector;
  
  sending, by the primary MTC device, the system key to the second MTC device;
  
  establishing a binding relationship between the group authentication vector and a group identifier of the MTC group;
  
  the receiving the attach request sent by the second MTC device comprises;
  
  receiving the attach request comprising the group identifier and a device characteristic of the second MTC device and sent by the second MTC device;
  
  the generating the system key for the second MTC device by using the group authentication vector generated in the process of authentication between the primary MTC device and the network side comprises;
  
  acquiring the group authentication vector bound to the group identifier carried in the attach request; and
  
  generating the system key for the second MTC device by using the group authentication vector and the device characteristic which is of the second MTC device.
- View Dependent Claims (7)
- - 7. The method according to claim 6, after the receiving the attach request comprising the group identifier and the device characteristic of the second MTC device and sent by the second MTC device, further comprising:
    - forwarding the attach request to the network side, so that the network side generates the system key for the second MTC device by using the group authentication vector and the device characteristic which is of the second MTC device.

8. A method for authenticating an MTC device, comprising:
- sending, by a primary MTC device in an MTC group, an attach request to a network side, wherein the attach request comprises a group identifier of the MTC group, device characteristics of the primary MTC and device characteristics of the other MTC devices to be authenticated in the MTC group;
  
  performing authentication between the primary MTC device and the network side, and by using a group authentication vector generated in the authentication process and the device characteristics of the other MTC devices to be authenticated, generating system keys for the other MTC devices to be authenticated;
  
  after the primary MTC device successfully authenticates the other MTC devices to be authenticated, sending, by the primary MTC device, the system keys to the other MTC devices to be authenticated;
  
  the performing the authentication between the primary MTC device and the network side comprises;
  
  performing authentication between the primary MTC device and the network side according to the device characteristic of the primary MTC device, and generating a system key of the primary MTC device.

9. A network side entity, comprising:
- a first receiving unit, configured to receive an attach request comprising a group identifier and sent by an MTC device to be authenticated, wherein the group identifier is a group identifier of an MTC group where the MTC device to be authenticated is located;
  
  a first authentication unit, configured to, when a first group authentication vector bound to the group identifier received by the first receiving unit exists, according to the first group authentication vector, authenticate the MTC device to be authenticated, and generate a system key of the MTC device to be authenticated;
  
  a second acquisition unit, configured to, when the second device characteristic of the MTC device to be authenticated is the same as the locally stored first device characteristic, according to the group identifier received by the first receiving unit, acquire a second group authentication vector used for authenticating MTC devices in the MTC group;
  
  a second establishment unit, configured to establish a binding relationship among the group identifier received by the first receiving unit, the second device characteristic, and the second group authentication vector acquired by the second acquisition unit; and
  
  a third authentication unit, configured to;
  
  according to an expected response number generated by the second group authentication vector acquired by the second acquisition unit and the second device characteristic received by the first receiving unit, authenticate the MTC device to be authenticated, and generate a system key of the MTC device to be authenticated.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The network side entity according to claim 9, further comprising:
    - a first acquisition unit, configured to, when the first group authentication vector does not exist, acquire the first group authentication vector from a server according to the group identifier received by the first receiving unit;
      
      a first establishment unit, configured to establish a binding relationship between the group identifier received by the first receiving unit and the first group authentication vector acquired by the first acquisition unit; and
      
      a second authentication unit, configured to;
      
      according to the first group authentication vector acquired by the first acquisition unit, authenticate the MTC device to be authenticated, and generate a system key of the MTC device to be authenticated.
  - 11. The network side entity according to claim 9, further comprising:
    - a judging unit, configured to, when the attach request received by the first receiving unit further comprises a second device characteristic used for identifying the MTC device to be authenticated, judge whether the second device characteristic is the same as a locally stored first device characteristic, wherein the first device characteristic is a device characteristic bound to both the group identifier and the first group authentication vector.
  - 12. The network side entity according to claim 11, wherein the first authentication unit comprises:
    - a first generating unit, configured to generate an expected response number according to the first group authentication vector and the second device characteristic received by the first receiving unit;
      
      a first sending unit, configured to send group authentication information to the MTC device to be authenticated, so that the MTC device to be authenticated authenticates a network according to the group authentication information, and generates a device side key according to the second device characteristic, wherein the group authentication information is information in the first group authentication vector;
      
      a second receiving unit, configured to receive a response number generated according to the second device characteristic by the MTC device to be authenticated;
      
      a first authentication sub-unit, configured to;
      
      according to the response number received by the second receiving unit and the expected response number generated by the first generating unit, authenticate the MTC device to be authenticated; and
      
      a second generating unit, configured to generate a network side key according to the first group authentication vector and the second device characteristic received by the first receiving unit.
  - 13. The network side entity according to claim 9, wherein the network side entity is a visited location register VLR in a universal mobile telecommunication system UMTS network, or a mobility management entity MME in a long term evolution LTE network.

14. A device for authenticating an MTC device, comprising:
- a third receiving unit, configured to, after authentication between the device and a network side succeeds, receive an attach request sent by a second MTC device in an MTC group where the device is located;
  
  a fourth authentication unit, configured to authenticate the second MTC device, and generate a system key for the second MTC device by using a group authentication vector generated in a process of authentication between the device and the network side;
  
  a second sending unit, configured to send the system key generated by the fourth authentication unit to the second MTC device;
  
  third establishment unit, configured to;
  
  after the authentication between the device and the network side succeeds, establish a binding relationship between the group authentication vector and a group identifier of the MTC group;
  
  wherein when the attach request received by the third receiving unit comprises the group identifier and a device characteristic of the second MTC device, the fourth authentication unit comprises;
  
  a third acquisition unit, configured to acquire the group authentication vector bound to the group identifier received by the third receiving unit; and
  
  a third generating unit, configured to generate a system key for the second MTC device by using the group authentication vector acquired by the third acquisition unit and the device characteristic which is of the second MTC device and is received by the third receiving unit.
- View Dependent Claims (15)
- - 15. The device according to claim 14, further comprising:
    - a forwarding unit, configured to forward the attach request received by the third receiving unit to the network side, so that the network side generates the system key for the second MTC device by using the group authentication vector and the device characteristic which is of the second MTC device.

16. A device for authenticating an MTC device, comprising:
- a third sending unit, configured to send an attach request to a network side, wherein the attach request comprises a group identifier of an MTC group where the device is located and a device characteristic of an MTC device to be authenticated in the MTC group;
  
  a fifth authentication unit, configured to perform two-way authentication between the device and the network side, and by using a group authentication vector and the device characteristic which is of the MTC device to be authenticated, generate a system key for the MTC device to be authenticated, wherein the group authentication vector is generated in the process of authentication between the device and the network side;
  
  a fourth sending unit, configured to, after the device successfully authenticates the MTC device to be authenticated, send the system key generated by the fifth authentication unit to the MTC device to be authenticated; and
  
  a fourth generating unit, configured to, when the attach request sent by the third sending unit comprises a device characteristic of the device, generate a system key of the device according to the device characteristic of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Zhang, Lijia, Xu, Yixian, Huang, Yingxin, Liu, Xiaohan, Laurence, Meriau
Primary Examiner(s)
Matharu, Manpreet

Application Number

US13/649,540
Publication Number

US 20130035067A1
Time in Patent Office

558 Days
Field of Search

455/411, 455/410, 455/432.1
US Class Current

455/411
CPC Class Codes

H04L 2463/061   applying further key deriva...

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/76   Group identity

H04W 4/08   User group management

H04W 4/70   Services for machine-to-mac...

H04W 8/186   Processing of subscriber gr...

Method and apparatus for authenticating communication device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authenticating communication device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links