TW200915814A - Method, apparatus, system and computer program for key parameter provisioning - Google Patents

Method, apparatus, system and computer program for key parameter provisioning Download PDF

Info

Publication number
TW200915814A
TW200915814A TW097125032A TW97125032A TW200915814A TW 200915814 A TW200915814 A TW 200915814A TW 097125032 A TW097125032 A TW 097125032A TW 97125032 A TW97125032 A TW 97125032A TW 200915814 A TW200915814 A TW 200915814A
Authority
TW
Taiwan
Prior art keywords
information
key
naf
gpi
processing instruction
Prior art date
Application number
TW097125032A
Other languages
Chinese (zh)
Inventor
Marc Blommaert
Silke Holtmanns
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Publication of TW200915814A publication Critical patent/TW200915814A/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

A method includes receiving, for a specific user equipment, an inquiry for key generation-related information, and user equipment processing instruction information, generating first key information on the received user equipment processing instruction information, encrypting at least core-network related dynamic identity information based on the generated key information, and sending the key generation-related information comprising at least the encrypted core-network related dynamic identity information and the received user equipment processing instruction information. Also described is a method that includes receiving key generation-related information that has at least encrypted core-network related dynamic identity information and user equipment processing instruction information, generating first key information on the received user equipment processing instruction information, decrypting the received encrypted core-network related dynamic identity information based on the generated first key information, and deriving second key information based on the decrypted core-network related dynamic identity information.

Description

200915814 九、發明說明:200915814 IX. Invention Description:

【發明所屬之技術領域:J 發明領域 本發明之示範性實施例一般是關於鑑別及安全性技 5 術,本發明尤其是關於使用利用一通用自舉架構(GBA)服務 的任何網路應用功能(NAF)及使用者設備(UE)之金鑰參數 供應。特別地,多媒體廣播/多播服務(MBMS)、行動TV(電 視)及裝置管理是依據本發明之示範性實施例的金鑰參數 供應可在其内被部署的示範性服務。 10 【先前技術】 發明背景 現在行動經營者要求提供行動TV服務的第三世代合 作計畫(3GPP)MBMS系統。出於安全目的,一MBMS可使 用3GPP通用自舉架構(GBA)或廣播方案,其等一般包含網 15 際網路協定(IP)TV及應用(例如,機上盒),其等也可使用 GBA之衍生物,例如擴充細節以支持核心或其他特定網路。 3GPP通用鑑別架構(GAA)是基於3GPP之行動演算法 AKA(鑑別及金錄同意協定)以及3(Jpp2之詢問-握手鑑別協 定(CHAP)以及蜂巢鑑別及語音加密(CAVE)。gba也適用於 20 (例如)纜線網路經營者之特定需求且考慮他們的安全協定 喜好。開放式行動聯盟(OMA)廣播内容保護及多媒體廣播 多播服務之GBA的使用導致產生一新的3gpp GBA規格(技 術規格(TS)33.223 GBA推入)。GBA是基於一網路與一裝置 的安全特徵。 200915814 在3GPP TS 33.220中(例如,自舉伺服器功能(BSF)、 GBA)章節4.4.11中,以下定義被給出: “當提到GBA金鑰時,以下金鑰被指定:Ks自該Ks導出 的NAF特定金鑰。 5 當提到NAF特定金鑰時,以下金錄被指定:TECHNICAL FIELD OF THE INVENTION: 1. Field of the Invention Exemplary embodiments of the present invention generally relate to authentication and security techniques, and more particularly to the use of any network application function utilizing a Generic Bootstrapping Architecture (GBA) service (NAF) and User Equipment (UE) key parameter provisioning. In particular, Multimedia Broadcast/Multicast Service (MBMS), Mobile TV (TV), and device management are exemplary services in which a keying parameter provisioning can be deployed in accordance with an exemplary embodiment of the present invention. 10 [Prior Art] Background of the Invention Operators are now required to provide a Third Generation Partnership Project (3GPP) MBMS system for Mobile TV services. For security purposes, an MBMS may use the 3GPP Universal Bootstrapping Architecture (GBA) or broadcast scheme, which typically includes Internet Protocol (IP) TVs and applications (eg, set-top boxes), which may also be used. Derivatives of GBA, such as extensions to support core or other specific networks. The 3GPP Universal Authentication Architecture (GAA) is based on 3GPP's Action Algorithms AKA (Identification and Gold Acceptance Agreement) and 3 (Jpp2's Interrogation-Handshake Authentication Protocol (CHAP) and Honeycomb Authentication and Voice Encryption (CAVE). gba also applies to 20 (for example) the specific needs of cable network operators and considering their security agreement preferences. The use of GBA for Open Actors (OMA) broadcast content protection and multimedia broadcast multicast services has resulted in a new 3gpp GBA specification ( Technical Specification (TS) 33.223 GBA Push.) GBA is based on the security features of a network and a device. 200915814 In 3GPP TS 33.220 (for example, Bootstrap Server Function (BSF), GBA), Section 4.4.11, The following definitions are given: "When referring to the GBA key, the following key is specified: Ks specific NAF derived from this Ks. 5 When referring to a NAF-specific key, the following record is specified:

Ks_ext/int_NAF(在GBA—U(具有基於通用積體電路卡 (UICC)增強的GBA)脈絡中)(…)’以及自該等金鑰導出的任 何金錄。 符號Ks_(ext/int)_NAF表示GBA_U(…)脈絡中的 10 Ks_ext/int_NAF 〇 符號Ks_(eXt)_NAF表示GBAJJ(...)脈絡中的 Ks_ext—NAF。 依據3GPP TS 33.223章節3.1及4.3.9,詞語 GBA-PUSH-INFO可包含用於GBA推入中的金錄導出之相 15 關資料,如 AUTN(*)、RAND、NAF ID、B-TID。 GBA-PUSH-INFO可經由如Upa-參考點從NAF發送到UE。 此外,自舉異動識別符(B-TID)可被包含(例如)在該推入訊 息内以校正GBA-PUSH-INFO與被自GBA-PUSH-INFO產生 的安全結合保護的推入訊息之可能的反向順序情形(在該 20 GBA-PUSH-INFO及推入訊息被個別發送之情形下)。即, B-TID可使用,例如作為被用於參考點Upa及Ua(將在以下 被描述)的協定中的金鑰識別符。 在3GPP TS 33.233内,目前假設識別密碼金鑰的自舉異 動識別符(B-TID)被用於Ua-訊息識別(例如,參看SA3#47 6 200915814 S遍456之朦會議文件)且另外以咖訊息被傳輸。 3GPP TS 33.233不包括Upa内的任何使用者識別。此外,可 假設- UE身分與該Upa訊息-起被傳輸,該Upa訊息是用以 遞送至少該GBA-PUSH-INFO的訊息。 5 【發明内容】 發明概要 在一第一層面中,本發明之示範性實施例提供一種方 法’該方法包括以下步驟:接收使用者設備處理指令資訊 以及金鑰產生相關資訊之一查詢;產生與該被接收的使用 10 者設備處理指令資訊有關的第一金鑰資訊;加密至少核心 網路相關動態身分資訊;以及以該金鑰產生相關資訊回復 該查詢,該金鑰產生相關資訊包含至少該已加密核心網路 相關動態身分資訊及被接收的使用者設備處理指令資訊。 在另一層面中,本發明之示範性實施例提供一種被組 15配以儲存程式指令的記憶體媒體。該等程式指令之執行導 致執行包含以下步驟的操作:接收使用者設備處理指令資 訊以及金鑰產生相關資訊之一查詢;產生與該被接收的使 用者設備處理指令資訊有關的第一金鑰資訊;加密至少核 心網路相關動態身分資訊;以及以該金鑰產生相關資訊回復 2〇該查詢,該金鑰產生相關資訊包含至少該已加密核心網路相 關動態身分資訊及被接收的使用者設備處理指令#訊° 在另一層面中,本發明之示範性實施例提供一種裝 置,包括:一接收器,被組配以接收使用者設備處理指令 資訊以及金鑰產生相關資訊之-請求;一產生器’被組配 200915814 以產生與該被接收的使用者設備處理指令資訊有關的第一 金鑰資訊;一加密器’被組配以加密至少核心網路相關動 態身分資訊;以及一發送器,被組配以以該金鑰產生相關 資訊回應該請求,該金鑰產生相關資訊包含至少該已加密 5核心網路相關動態身分資訊及被接收的使用者設備處理指 令資訊。 在又一層面中,本發明之示範性實施例提供一種裝 置,包括:用於接收使用者設備處理指令資訊以及金錄產 生相關資訊之一查詢的裝置;用於產生與該被接收的使用 10者設備處理指令資訊有關的第一金鑰資訊的裝置;用於加 岔至少核心網路相關動態身分資訊的裝置;以及用於以該 金鑰產生相關資訊回復該查詢的裝置,該金鑰產生相關資 訊包含至少該已加密核心網路相關動態身分資訊及被接收 的使用者設備處理指令資訊。 15 在另一層面中,本發明之示範性實施例提供一種方 法,包括以下步驟:接收使用者設備處理指令資訊以及包 含至少已加密核心網路相關動態身分資訊的金鑰產生相關 貝汛,產生與該被接收的使用者設備處理指令資訊有關的 第金鑰寅訊,解始、該被接收的已加密核心網路相關動態 20身分貝汛,以及基於該已解密核心網路相關動態身分資訊 導出第二金鑰資訊。 在另層面中,本發明之示範性實施例提供一種被組 配以儲存程式指令的記憶體媒體。該等程式指令之執行導 致執行包3以下步驟的操作:接收使用者設備處理指令資 200915814 成以及包含至少已加密核^網路相襲態身分資訊的金錄 產生相關資訊;產生與該被接收的使用者設備處理指令資 訊有關的第—金鍮資訊,·解龍被接收的已加密核心網路 5 10 相關動態身分資訊;以及基於該已解密核心網路相關動態 身分資訊導出第二金鑰資訊。 在又一層面中,本發明之示範性實施例提供一種裝 置,包括:一接收器,被組配以接收使用者設備處理指令 資訊以及包含至少已加密核心,路相襲態身分資訊的金 鑰產生相關資訊;—產生器,被組配以產生與該被接收的 使用者設備處理指令資訊有關的第—金鑰資訊;以及一解 捃器,被組配以解密該被接收的已加密核心網路相關動態 身分資訊以用於基於該已解密核心網路相關動態身分資訊 導出弟二金錄資訊。 在又一層面中,本發明之示範性實施例提供一種裝 15置,該裝置包含:用於接收使用者設備處理指令資訊以及 包含至少已加密核心網路相關動態身分資訊的金鑰產生相 關=貝sfl的裝置,用於產生與該被接收的使用者設備處理指 令資讯有關的第一金鑰資訊的裝置;用於解密該被接收的 已加密核心網路相關動態身分資訊的裝置;以及用於基於 20該已解密核心網路相關動態身分資訊導出第二金鑰資訊的 裝置。 在又一層面中’本發明之示範性實施例提供一種方 法’包括以下步驟:接收使用者設備處理指令資訊以及一 通用自舉架構推入資訊(GPI)之一查詢;產生與該被接收的 200915814 使用者設備處理指令資訊有關的第一金鑰資訊 (Ks」ext/int)_BSF);加密至少一網路應用功能域名伺服器 (NAF DNS)名稱,其中該GPI之一E_GPI部分包含該已加密 NAF DNS名稱;以及以該£_0?1及被接收的使用者設備處 5 理指令資訊答復該查詢。 在又一層面中,本發明之示範性實施例提供一種方 法,包括以下步驟:接收一訊息,該訊息包含由一網路應 用功能(NAF)推入的一通用自舉架構推入資訊(GPI)以及使 用者設備處理指令資訊,其中該GPI之一E_GPI部分包含一 10 已加密網路應用功能域名伺服器(NAF DNS)名稱;產生與 該被接收的使用者設備處理指令資訊有關的第一金鑰資訊 (Ks」ext/int)_BSF);解密該被接收的已加密NAF DNS名 稱;以及基於該已解密NAF DNS名稱導出第二金鑰資訊 (Ks—(ext/int)_NAF)。 15 圖式簡單說明 本發明之示範性實施例在以下參看附圖被描述,其中: 第1圖顯示了用於依據本發明之示範性實施例的金鑰 參數供應之個別方法;以及 第2圖顯示了用於依據本發明之示範性實施例的金鑰 20參數供應之個別裝置(例如,一使用者設備及NAF/BSF)。Ks_ext/int_NAF (in GBA-U (with GBA-based enhanced GBA) context) (...)' and any gold records derived from such keys. The symbol Ks_(ext/int)_NAF indicates 10 Ks_ext/int_NAF in the context of GBA_U(...) 〇 The symbol Ks_(eXt)_NAF represents Ks_ext_NAF in the context of GBAJJ(...). According to 3GPP TS 33.223 sections 3.1 and 4.3.9, the term GBA-PUSH-INFO may contain information about the export of the gold record in the GBA push, such as AUTN (*), RAND, NAF ID, B-TID. The GBA-PUSH-INFO can be sent from the NAF to the UE via, for example, an Upa-reference point. In addition, the Bootstrap Transaction Identifier (B-TID) may be included, for example, within the push message to correct the push information of the GBA-PUSH-INFO and the security combined protection generated by the GBA-PUSH-INFO. Reverse order case (in the case where the 20 GBA-PUSH-INFO and the push message are sent separately). That is, the B-TID can be used, for example, as a key identifier used in the agreement of the reference points Upa and Ua (which will be described below). In 3GPP TS 33.233, it is currently assumed that a bootstrap transaction identifier (B-TID) identifying a cryptographic key is used for Ua-message identification (for example, see SA3 #47 6 200915814 S 456 朦 conference file) and additionally The coffee message is transmitted. 3GPP TS 33.233 does not include any user identification within Upa. In addition, it can be assumed that the UE identity is transmitted with the Upa message, which is a message for delivering at least the GBA-PUSH-INFO. 5 SUMMARY OF THE INVENTION In a first level, an exemplary embodiment of the present invention provides a method that includes the steps of: receiving a user device processing instruction information and a key generation related information query; generating and Receiving, by the received device, the first key information related to the instruction information; encrypting at least the core network related dynamic identity information; and responsive to the key to generate the related information, the key generation related information includes at least the The core network related dynamic identity information and the received user equipment processing instruction information are encrypted. In another aspect, an exemplary embodiment of the present invention provides a memory medium that is grouped 15 to store program instructions. Execution of the program instructions results in performing an operation including: receiving a user device processing instruction information and a key generation related information query; generating a first key information related to the received user equipment processing instruction information Encrypting at least the core network related dynamic identity information; and generating the relevant information by the key to reply to the query, the key generation related information including at least the encrypted core network related dynamic identity information and the received user equipment Processing Instruction # In another aspect, an exemplary embodiment of the present invention provides an apparatus, including: a receiver configured to receive a user equipment processing instruction information and a key generation related information-request; The generator 'is configured to 200915814 to generate first key information related to the received user equipment processing instruction information; an encrypter' is configured to encrypt at least core network related dynamic identity information; and a transmitter Is configured to generate a related information with the key, and the key generates a related information packet. Containing at least the encrypted 5 core network related dynamic identity information and the received user equipment processing instruction information. In still another aspect, an exemplary embodiment of the present invention provides an apparatus, including: means for receiving a user equipment processing instruction information and a query for a related information generated by a golden record; for generating and receiving the received use 10 Means for processing first key information related to the instruction information; means for adding at least core network related dynamic identity information; and means for replying the query with the key to generate related information, the key generation The related information includes at least the encrypted core network related dynamic identity information and the received user equipment processing instruction information. In another aspect, an exemplary embodiment of the present invention provides a method comprising the steps of: receiving user equipment processing instruction information and generating key related information including at least encrypted core network related dynamic identity information, generating a key message related to the received user equipment processing instruction information, a solution, a received encrypted core network related dynamics, and a dynamic identity information based on the decrypted core network Export the second key information. In another aspect, an exemplary embodiment of the present invention provides a memory medium that is configured to store program instructions. The execution of the program instructions causes the following steps of the execution of the package 3: receiving the user equipment processing instruction information and the information about the gold record containing at least the encrypted core network status information; generating and receiving the information The user equipment processes the information related to the first information, the encrypted core network 5 10 related dynamic identity information received by the solution; and the second key is derived based on the decrypted core network related dynamic identity information News. In another aspect, an exemplary embodiment of the present invention provides an apparatus, including: a receiver configured to receive user equipment processing instruction information and a key including at least an encrypted core, road phase identity information Generating relevant information; a generator configured to generate first key information related to the received user equipment processing instruction information; and a decoder configured to decrypt the received encrypted core The network-related dynamic identity information is used to derive the second-level information based on the dynamic identity information of the decrypted core network. In another aspect, an exemplary embodiment of the present invention provides a device, the device comprising: receiving a user equipment processing instruction information and a key generation related information including at least an encrypted core network related dynamic identity information. Means for generating a first key information related to the received user equipment processing instruction information; means for decrypting the received encrypted core network related dynamic identity information; Means for deriving second key information based on 20 the decrypted core network related dynamic identity information. In yet another aspect, an exemplary embodiment of the present invention provides a method of: receiving user device processing instruction information and a general bootstrap architecture push information (GPI) query; generating and receiving the received 200915814 The user equipment processes the first key information related to the instruction information (Ks "ext/int)_BSF); encrypts at least one network application function domain name server (NAF DNS) name, wherein one of the GPI E_GPI parts contains the already The NAF DNS name is encrypted; and the query is replied to with the received message information of the user device. In yet another aspect, an exemplary embodiment of the present invention provides a method comprising the steps of: receiving a message including a generic bootstrap architecture push information (GPI) pushed by a network application function (NAF) And the user equipment processing instruction information, wherein the E_GPI portion of the GPI includes a 10 encrypted network application function domain name server (NAF DNS) name; generating a first information related to the received user equipment processing instruction information Key information (Ks "ext/int)_BSF); decrypts the received encrypted NAF DNS name; and derives second key information (Ks_(ext/int)_NAF) based on the decrypted NAF DNS name. BRIEF DESCRIPTION OF THE DRAWINGS Exemplary embodiments of the present invention are described below with reference to the accompanying drawings in which: FIG. 1 shows an individual method for the supply of key parameters in accordance with an exemplary embodiment of the present invention; and FIG. Individual devices (e.g., a user device and NAF/BSF) for the provisioning of key 20 parameters in accordance with an exemplary embodiment of the present invention are shown.

C實施方式;J 較佳實施例之詳細說明 需注意到的是’對於本說明書,縮寫詞GPI(GBA推入 育訊)、Ks_(ext/int)_BSF、Ks—(ext)NAF、NAF DNS名稱等 10 200915814 是儲存在—資料庫内的錢產生相關資訊、第-金鑰資 第金綠資讯、核心網路相關動態身分資訊以及獨特 使用者身分資訊以供進-步的安全目的(如分洲於鐘別 或應用安全等),未將後面的詞語限於施加給該等縮寫詞或 者被用於服務特疋金鑰導出(即KS」ext/int)_NAF)之基線憑 證之特定技術或實施態樣細節。 本發明之示範性實施例現在參考第丨及2圖被描述。 首先,然而,需注意到的是,GBA推入之一主要特徵 以及與3GPP TS 33.220概述的GBA之差異可被考量以涵蓋 10 3GppTS 33.223可自舉用於廣播網路之金鑰的事實,即單方 向使用,例如至少一網路節點與一UE或終端機之間的—安 全結合之網路初始化建立,作為一例子。然而,一廣播網 路内的GBA推入之使用需要與被用於3GPP TS 33.220中的 金鑰導出技術有關的特別考量。此等層面中的一者可以是 15被用於密碼金鑰導出的NAF名稱。無法假設所有廣播網路 都對所謂的頭端使用基於領域名稱伺服器(D N S)名稱,在它 們作為一發送GBA推入訊息的NAF之情況下。單向模式的 GBA推入之使用沒有排除可能具有該UE可使用的—可能 的後頻道之情形,例如若金鑰遞送不成功。 20 例如,當在一網際網路協定(IP)網路(例如數位視訊廣 播-手持(DVB-Η))上執行廣播時,沒有使用DNS名稱。此 外’可假設一使用者無法執行一上行鏈路反向DNS查詢以 解出與源IP位址相關的DNS名稱。而且,DVB-Η中使用的 EPG(電子節目指南)不包含一IP位址對DNS名稱之映射資訊。 200915814 因此’明確的DNS名稱傳輸(與Ua安全協定識別符一 起’當其無法藉由其他方式被導出時)可被認為是此問題之 一解決方法,且可維持GBA推入解決方法與UE初始化GBA 概念之一些相容性。 5 然而’若當使用者身分與NAFID在廣播網路上傳播時C embodiment; J. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT Note that 'for this specification, the acronym GPI (GBA pushes into the education), Ks_(ext/int)_BSF, Ks-(ext)NAF, NAF DNS Name, etc. 10 200915814 is the security-related information stored in the database, the information of the first-key money, the dynamic information of the core network, and the unique user identity information for the security purpose of the step-by-step ( The specific technique of not applying the following words to the baseline vouchers applied to the acronyms or used for service traits derivation (ie KS "ext/int)_NAF), such as in the case of security or application security, etc.) Or implement the details of the situation. Exemplary embodiments of the present invention are now described with reference to Figures 2 and 2. First, however, it should be noted that one of the main features of GBA push and the difference from the GBA outlined in 3GPP TS 33.220 can be considered to cover the fact that 10 3GppTS 33.223 can be bootstrapped for the key of the broadcast network, ie One-way use, such as network initialization of a secure connection between at least one network node and a UE or terminal, as an example. However, the use of GBA push within a broadcast network requires special considerations associated with the key derivation techniques used in 3GPP TS 33.220. One of these levels may be the name of the NAF that was used for the cryptographic key export. It is not possible to assume that all broadcast networks use domain name server (D N S) names for so-called headends, in the case of them as a NAF that sends GBA push messages. The use of GBA push in one-way mode does not preclude the possibility of having a possible back channel for the UE, for example if the key delivery is unsuccessful. 20 For example, when performing a broadcast on an Internet Protocol (IP) network (such as Digital Video Broadcasting - Handheld (DVB-Η)), the DNS name is not used. In addition, it can be assumed that a user cannot perform an uplink reverse DNS query to resolve the DNS name associated with the source IP address. Moreover, the EPG (Electronic Program Guide) used in DVB-Η does not contain information on the mapping of IP addresses to DNS names. 200915814 So 'clear DNS name transfer (along with the Ua security protocol identifier 'when it cannot be exported by other means) can be considered as one of the solutions to this problem, and can maintain the GBA push solution and UE initialization Some compatibility with the GBA concept. 5 However, if the user identity and NAFID are transmitted on the broadcast network

都清楚可見時,則傳輸該NAF識別符(簡而言之,NAF-ID、 NAF DNS名稱以及Ua協定ID)可能造成一隱私問題。此操作 之類型可使追蹤使用者行為成為可能,因此可能讓人討厭Q 鑑於上述’本發明之示範性實施例提供增強金鑰參數 10 供應。 例如,一第一方法可包括: 對一特定使用者設備,接收金鑰產生相關資訊之一查 詢及使用者設備處理指令資訊; 產生與該被接收的使用者設備處理指令資訊有關的第 15 一金鑰資訊; 基於該產生的金鑰資訊加密至少核心網路相關動態身 分資訊;以及 發送包含至少該已加密核心網路相關動態身分資訊及 該被接收的使用者設備處理指令資訊的金鑰產生相關資訊。 20 該方法可進一步包括以下步驟:獲得一鑑別向量,該 鑑別向量包含一隨機數及密碼金鑰内容中的一者;以及導 出接著用於該金鑰資訊之產生的通用金鑰資訊。該方法可 進一步包括以下步驟:自一使用者資料庫獲得一使用者身 分符記;以及導出接著用於該第一金鑰資訊之產生的通用 12 200915814 金鑰資訊。該被接收的使用者設備處理指令資訊可進一步 包含一行動應用識別符,以及該方法可進一步包含基於該 被接收的使用者設備處理指令資訊產生第二金鑰資訊。 進一步依據本發明之示範性實施例,一第二方法包含 5 以下步驟: 接收包含至少已加密核心網路相關動態身分資訊及使 用者設備處理指令資訊的金鑰產生相關資訊; 產生與該被接收的使用者設備處理指令資訊有關的第 一金錄資訊; 10 基於該產生的第一金鑰資訊解密該被接收的已加密核 心網路相關動態身分資訊;以及 基於該已解密核心網路相關動態身分資訊導出第二金 錄資訊。 該方法可進一步包括以下步驟:當接收時接收一第一 15 金鑰產生識別符,以及當產生時產生也與被接收的金鑰產 生識別符有關的該第一金鑰資訊。一第一金鑰產生識別符 可被預先組配,且當產生時,與該被預先組配的金鑰產生 識別符有關的第一金鑰資訊也可被產生。當接收時,一Ua 訊息被接收,且該方法進一步包含基於該導出的第二金鑰 20 資訊處理被接受的訊息,且該Ua訊息利用該金鑰產生相關 資訊被保護且封裝。 進一步依據以上方法,核心網路相關動態身分資訊包 含一網路應用功能領域名稱伺服器名稱以及一 U a介面協定 識別符中的至少一者。該金鑰產生相關資訊可包含以下中 13 200915814 的至少-者…獨特使用者識別符;—隨機數及一 結果中的至少一者.宓版人从 在碼金鑰内容;通用自舉架構推入資 訊之-已加密部分;該通用自舉架構推人資訊之—完整性 保護部分;導出的第_及第二金鑰;—金鑰壽命;以及至 5 10 V通用自舉架構使用者設定。該使用者設備處理指令資 訊包含指示行動性選擇的至少-未加密資訊元件。 進一步依據該等示範性實施例,可具有基於該鑑別符 記產生通用金鍮資訊之_步驟,以及該方法可進一步包括 基於該第-錢資訊朗該通用自舉架構推人資訊之完整 性保護部分。 以上方法可被執行為被儲存在任何適合類型的電腦可 讀記憶體媒體内的電腦程式指令之執行的一結果。 該等示範性實施例進一步包括一第一裝置,該第一裝 置包括一接收器,該接收器被組配以對一特定使用者設備 15接收金鑰產生相關資訊之一查詢及使用者設備處理指令資 訊;一產生器,被組配以產生與被該接收器接收的該使用 者'又備處理指令負§礼有關的第一金錄資訊;一加密器,被 組配以基於該產生器產生的該金鑰資訊加密至少核心網路 相關動態身分資訊;以及一發送器,被組配以發送該金鑰 20 產生相關資訊,該金鑰產生相關資訊包含被該加密器加密 的至少該核心網路相關動態身分資訊以及被該接收器接收 的該使用者設備處理指令資訊。 該裝置可進一步包括一獲得器及一導出器,該獲得器 被組配以獲得一包含一隨機數以及密碼金鑰内容的鑑別向 200915814 量,該導出器被組配以導出接著用於被組配以產生該金餘 資訊的產生器之通用金鑰資訊。 該裝置可進-步包含-獲得器,該獲得器被組配以自 一使用者資料庫獲得一使用者身分符記;以及一導出器, 5被組配以導出接著用於被組配以產生該第一金矯資訊的產 生器之通用金鑰資訊。 被該接收器接收的使用者設備處理指令資訊可進一步 包含-行動應用識別符,以及其中該產生器被進—步組配 以產生與被該接收器接收的該使用者設備處理指令資訊有 10關的第二金鑰資訊。 該等示範性實施例進一步包括一第二裝置,該第二裝 置包括一接收器,該接收器被組配以接收包含至少已加密 核心網路相關動態身分資訊及使用者設備處理指令資訊的 金鐘產生相關負sil,以及一產生器,被組配以產生與被該 15接收器接收的該使用者設備處理指令資訊有關的第一金鑰 資訊;一解密器,被組配以基於該產生器產生的該第一金 錄資讯解後、被該接收器接收的該已加密核心網路相關動態 身分資訊;以及一導出器,被組配以基於被該解密器解密 的該核心網路相關動態身分資訊導出該第二金鑰資訊。 20 進一步依據此層面,該接收器被進一步組配以接收一 第一金鑰產生識別符,以及該產生器被進一步組配以產生 也與該接收器接收的該金鑰產生識別符有關的第一金鑰資 訊。一第一金鑰產生識別符被預先組配,以及該產生器被 進一步組配以產生也與該被預先組配的金鑰產生識別符有 15 200915814 關的第一金鑰資訊。 该接收器被進一步組配以接收一Ua訊息,以及該裝置 另外包含一處理器,該處理器被組配以基於導出的第二金 鑰資§fl處理被該接收器接收的訊息。 5 該裝置可包含一通用積體電路卡及一安全記憶體中的 一者,以及一介面,該介面被組配以提供該金鑰產生相關資 讯中的至少一部分給該通用積體電路卡或該安全記憶體。 與以上裝置相關,該核心網路相關動態身分資訊包含 一網路應用功能領域名稱伺服器名稱以及一Ua介面協定識 1〇別符中的至少一者;以及該金鑰產生相關資訊包含以下中 的至少一者:一獨特使用者識別符;至少一隨機數及一正 負號結果中的一者;密碼金鑰内容;通用自舉架構推入資 讯之一已加密部分;該通用自舉架構推入資訊之一完整性 保邊部分’被導出的第—及第二金鑰;—金鑰壽命;以及至 I5少-通用自舉架構使用者設定(〇聰)。該使用者設備處理 指令資訊包含指示行動性選擇的至少一未加密資訊元件。 4第-裝置可進-步包含—創建器,該創建器被組配 以基於4鑑別符s己產生通用金餘資訊;以及一鑑別器,該 4α別器被組配以基於該第—金鍮資訊鑑別該通用自舉架構 20推入資訊之該完整性保護部分。 «亥第一裝置可由一自舉伺服器功能及一網路應用功能 中的-者組成,同時該第二裝置可由一使用者設備、一行 動設備及-通用積體電路卡中的一者組成。 進一步依據該等示範性實施例,另一裝置包括用於對 16 200915814 -特疋使用者設備接收金餘產生相關資訊之—查詢及使用 =設備處理指令資訊的裝置;用於產生與被該用於接收的 裝置接收的該使用者設備處理指令資訊有關的第一金錄資 广置’用於基於,亥用於產生的裝置產生的該金錐資訊 5加密上至少核心網路相關動態身分資訊的裝置;以及用於以 ^达该金鑰產生相„訊的裝置,該金鑰產生相關資訊包 八次Γ用於加^的裝置加⑧、的至少該核心網路相關動態身 m乂及被該用於接收的裝置接收的該使用者設備處理 指令資訊。 ία ^步㈣該等示範性實施例,又—裝置包括用於接 i =至少已加密核心網路相關動態身分資訊以及使用者 =处理指令資訊的裝置;用於產生與被制於接收的裝 收的錢用者設備處理指令f訊有_第—金錄資訊 ^置’用於基於制於產生的裝置產生的該金 鑰資訊解 15 t ^ ^於接收的裝置接收_已加密H路相關動態 訊的I置;以及用於基於該驗解密的裝置解密的 _心網路相關動態身分資訊導出第二金鑰資訊的裝置。 料不範性實施例之使用提供-些優點。例如,不需 要將源IP位址從該1P層傳遞到-GBA客戶端,因此不需要 20具有層間通訊。 進步舉例’該等示範性實施例之使用提供對NAF之 課址的變化之不敏感性,因此可應用於(例如)其IP位址可 能經常變化之具有不好的連接性的網路。 進一步舉例’該等示範性實施例之使用提供NAF之位 17 200915814 置的不變性。例如,若(例如)該naf在一防火牆後或一網路 位址解譯遍歷伺服器被使用,則鄰近伺服器及防火牆沒有 引起一額外的問題。 進一步舉例,該等示範性實施例之使用提供DoS(服務 5 拒絕)攻擊之減輕(因為核心IP位址容易受到此等DoS攻擊 之危害)。 進一步舉例,該等示範性實施例之使用去除了兩個Ua 端點都實施一額外金鑰導出機制以及基於使用情形在它們 之間選擇的需要。 10 進一步舉例,該等示範性實施例去除了(例如)對一終端 機内的一智慧卡(例如,UICC)進行改變之需要。 第1圖顯示了依據本發明之示範性實施例的金錄參數供 應之個別方法。元件之間的發訊在水平方向被指出,而發訊 之間的時間層面以發訊順序之垂直配置以及序號被反映。 15 如第1圖所示,一通訊系統100可包含一接取網路104 及使用者設備UE 102。該接取網路104接著可包含一網路應 用功能NAF 101、一自舉伺服器功能bSf 1〇3以及一用於提 供一接取技術給該UE 102的可取捨基地台BS 104 ’如本文 以下所描述的。需注意到的是’該NAf ι〇1及該bsf 103可 20以是經由Zpn介面點通訊的獨立功能,例如在該接取網路 104内。可選擇的方式是,該NAF 1〇1及該BSF 1〇3也可以是 包含在(例如)一個單一伺服器内的功能(由該NAf ι〇1及該 BSF 103之符號周圍的一虛線方塊指出)。作為又一選擇, 該BSF 103可被組配以作為一 NAF 1〇1。若該BSF 1〇3及該 18 200915814When clearly visible, transmitting the NAF identifier (in short, NAF-ID, NAF DNS name, and Ua protocol ID) may cause a privacy issue. This type of operation makes it possible to track user behavior and may therefore be annoying. Q In view of the above, an exemplary embodiment of the present invention provides enhanced keying parameter 10 provisioning. For example, a first method may include: receiving, by a specific user equipment, one of the information related to the key generation and the user equipment processing instruction information; generating a fifteenth item related to the received user equipment processing instruction information Key information; encrypting at least core network related dynamic identity information based on the generated key information; and transmitting a key generation information including at least the encrypted core network related dynamic identity information and the received user equipment processing instruction information relevant information. The method may further comprise the steps of: obtaining an authentication vector comprising one of a random number and a cryptographic key content; and deriving the generic key information for subsequent generation of the key information. The method can further include the steps of: obtaining a user identity token from a user database; and deriving generic 12 200915814 key information for subsequent generation of the first key information. The received user equipment processing instruction information can further include a mobile application identifier, and the method can further include generating second key information based on the received user equipment processing instruction information. Further in accordance with an exemplary embodiment of the present invention, a second method includes the following steps: receiving key generation related information including at least encrypted core network related dynamic identity information and user equipment processing instruction information; generating and receiving The user equipment processes the first record information related to the instruction information; 10 decrypts the received encrypted core network related dynamic identity information based on the generated first key information; and based on the decrypted core network related dynamics Identity information exports the second record information. The method can further include the steps of: receiving a first 15 key generation identifier when received, and generating, when generated, the first key information also associated with the received key generation identifier. A first key generation identifier can be pre-assigned, and when generated, first key information associated with the pre-assigned key generation identifier can also be generated. Upon receipt, a Ua message is received, and the method further includes processing the accepted message based on the derived second key 20 information, and the Ua message is protected and encapsulated using the key generation related information. Further, according to the above method, the core network related dynamic identity information includes at least one of a network application function domain name server name and a U a interface protocol identifier. The key generation related information may include at least the following: ... unique user identifier of 13 200915814; - at least one of a random number and a result. The version is pushed from the code key content; the general bootstrapping architecture Incoming information - the encrypted part; the universal bootstrap architecture pushes the information - the integrity protection part; the derived _ and second keys; - the key lifetime; and the 5 10 V universal bootstrapping user setting . The user equipment processing command information includes at least an unencrypted information element indicating an action selection. Further in accordance with the exemplary embodiments, there may be a step of generating generic information based on the authenticator, and the method may further include integrity protection based on the general bootstrapping framework of the first information section. The above method can be implemented as a result of execution of computer program instructions stored in any suitable type of computer readable memory medium. The exemplary embodiments further include a first device, the first device including a receiver, the receiver being configured to receive a key to generate information related information for a particular user device 15 and to process the user device Command information; a generator configured to generate first record information related to the user's processing instruction received by the receiver; an encryptor configured to be based on the generator Generating the key information to encrypt at least core network related dynamic identity information; and a transmitter configured to send the key 20 to generate related information, the key generation related information including at least the core encrypted by the encryptor The network related dynamic identity information and the user equipment processing instruction information received by the receiver. The apparatus can further include an obtainer and an exporter configured to obtain an authentication to 200915814 containing a random number and cryptographic key content, the exporter being configured to be derived for subsequent use by the group Coordinated with the generic key information of the generator that generated the information. The apparatus may further include an acquirer configured to obtain a user identity token from a user database; and an exporter, 5 being configured to derive and then used to be configured Generating the universal key information of the generator of the first gold correction information. The user equipment processing instruction information received by the receiver may further include a mobile application identifier, and wherein the generator is further configured to generate and output the user equipment processing instruction information received by the receiver. The second key information of the off. The exemplary embodiments further include a second device, the second device including a receiver configured to receive gold including at least encrypted core network related dynamic identity information and user device processing instruction information The clock generates a correlation negative sil, and a generator is configured to generate first key information related to the user equipment processing instruction information received by the 15 receiver; a decryptor configured to generate based on the generation The encrypted core network related dynamic identity information received by the receiver after the first golden record information is solved, and an exporter configured to be based on the core network decrypted by the decryptor The relevant dynamic identity information is used to derive the second key information. Further in accordance with this aspect, the receiver is further configured to receive a first key generation identifier, and the generator is further configured to generate a number associated with the key generation identifier received by the receiver A key information. A first key generation identifier is pre-assigned, and the generator is further configured to generate first key information that is also associated with the pre-assigned key generation identifier. The receiver is further configured to receive a Ua message, and the apparatus further includes a processor configured to process the message received by the receiver based on the derived second key §fl. 5 The device may comprise a universal integrated circuit card and a secure memory, and an interface, the interface being configured to provide at least a portion of the key generation related information to the universal integrated circuit card Or the secure memory. Corresponding to the above apparatus, the core network related dynamic identity information includes at least one of a network application function domain name server name and a Ua interface agreement identifier; and the key generation related information includes the following At least one of: a unique user identifier; at least one of a random number and a sign result; a cryptographic key content; an encrypted portion of a generic bootstrapping push information; the generic bootstrapping architecture One of the push information integrity margins is 'exported first and second keys; - key lifetime; and to I5 less - universal bootstrapping user settings (〇聪). The user device processing instruction information includes at least one unencrypted information element indicating an action selection. 4 - the device may further include a creator configured to generate a universal information based on the 4 discriminator s; and a discriminator, the 4α device being configured to be based on the first gold The information identifies the integrity protection portion of the generic bootstrapping architecture 20 push information. The first device can be composed of a bootstrap server function and a network application function, and the second device can be composed of one of a user device, a mobile device and a universal integrated circuit card. . Further in accordance with the exemplary embodiments, another apparatus includes means for invoking 16 200915814 - special user equipment to receive information related to the generation of information - query and use = device processing instruction information; for generating and using The first gold record accommodating information related to the user equipment processing instruction information received by the receiving device is used to encrypt at least the core network related dynamic identity information generated by the device for generating the device And a device for generating a signal by the key, the key generating the relevant information packet eight times, the device for adding the device, and at least the core network related dynamic body and The user equipment processing instruction information received by the apparatus for receiving. ία (4) The exemplary embodiments, and the apparatus comprise: i=at least the encrypted core network related dynamic identity information and the user = means for processing the instruction information; for generating and processing the received money, the user equipment processing instruction, the message has been used for the production of the device based on the production The key information solution 15 t ^ ^ is received by the receiving device _ the encrypted H-channel related dynamic information I set; and the _ heart network related dynamic identity information for decrypting based on the device for decryption and derivation derives the second gold The device of the key information provides some advantages. For example, there is no need to pass the source IP address from the 1P layer to the -GBA client, so there is no need for 20 to have inter-layer communication. The use of exemplary embodiments, for example, provides insensitivity to changes in the course of the NAF and is therefore applicable, for example, to networks with poor connectivity whose IP addresses may change frequently. Further examples of such The use of the exemplary embodiment provides the invariance of the NAF bit 17 200915814. For example, if, for example, the naf is used behind a firewall or a network address interpretation traversal server, then the proximity server and firewall are not A further problem arises. Further examples, the use of such exemplary embodiments provides a mitigation of DoS (Service 5 Rejection) attacks (because core IP addresses are vulnerable to such DoS attacks). By way of example, the use of the exemplary embodiments removes the need for both Ua endpoints to implement an additional key derivation mechanism and to choose between them based on usage scenarios. 10 Further example, the exemplary embodiments are removed (for example) the need to make changes to a smart card (eg, UICC) within a terminal. Figure 1 shows an individual method of supplying gold record parameters in accordance with an exemplary embodiment of the present invention. The horizontal direction is indicated, and the time plane between the transmissions is reflected in the vertical arrangement of the transmission sequence and the serial number. 15 As shown in FIG. 1, a communication system 100 can include an access network 104 and a user equipment UE. 102. The access network 104 can then include a network application function NAF 101, a bootstrap server function bSf 1〇3, and a retrievable base station BS 104' for providing an access technology to the UE 102. As described herein below. It should be noted that the NAf ι〇1 and the bsf 103 can be independent functions of communication via the Zpn interface point, for example, within the access network 104. Alternatively, the NAF 1〇1 and the BSF 1〇3 may also be functions included in, for example, a single server (a dotted square around the symbol of the NAf ι〇1 and the BSF 103) Point out). As a further alternative, the BSF 103 can be combined to function as a NAF 1〇1. If the BSF 1〇3 and the 18 200915814

NAF 101被設置在一起,則該Zpn參考點可被刪除。並不限 於此,為了簡化描述,以下描述只闡述了後一選擇’且參 考符號“NAF/BSF 101”被用於描述作為NAF 101的BSF 103 ° 5 除此之外,該NAF 101及該UE 102可被組配以經由Ua 參考點傳遞(例如)一應用協定,以及經由Upa參考點傳遞一 AKA協定。該BS 104可設於該NAF 101與該UE 102之間的 信號路徑内以提供與感興趣的接取技術之符合性。 如第1圖中所示,依據一第一方法,在步驟S1-1中,該 10 NAF 101(或NAF/BSF 101)可對一特定使用者設備執行金鑰 產生相關資訊(例如,一GBA-PUSH-INFO GH)之一查詢以 及使用者設備處理(安全)指令資訊(例如,Upa使用之一指 示)。The NAF 101 is set together and the Zpn reference point can be deleted. Without being limited thereto, in order to simplify the description, the following description only describes the latter option 'and the reference symbol "NAF/BSF 101" is used to describe the BSF 103 ° 5 as the NAF 101, in addition to the NAF 101 and the UE. 102 can be configured to pass, for example, an application agreement via the Ua reference point, and pass an AKA agreement via the Upa reference point. The BS 104 can be located within the signal path between the NAF 101 and the UE 102 to provide compliance with the access technology of interest. As shown in FIG. 1, according to a first method, in step S1-1, the 10 NAF 101 (or NAF/BSF 101) can perform key generation related information on a specific user equipment (for example, a GBA). One of the -PUSH-INFO GH) queries and user device processing (security) command information (eg, one of the instructions used by Upa).

在步驟S1-2中,該NAF 101可執行產生與該被接收的使 15用者設備處理指令資訊(例如,Upa用途之指示)有關的第— 金鑰資訊(例如,Ks—(ext/int)_BSF)之步驟。作為此第—金 鑰導出程序之一可取捨的輸入,具有幾個不同的可能性。 例如,該BSF 103名稱(以及指定的特定Ua協定身分),或任 20 何其他一般已知(非私密資訊破解)資訊(或預先組配的資訊) 可被使用,只要其符合NAF-ID格式(因此不需要改變(例如) 在3GPP Release 6或3GPP Release 7下發證的智慧卡,戍者 若以如2G GBA TR 33.920類似的方式被使用,則不需改變用 戶身分模組SIM卡)。該金鑰導出可在該BSF 103中被執行 在步驟S1-3中’該NAF 101可執行加密至少核心網路相 19 200915814 關動態身分資訊(例如,加密該NAF DNS名稱,導致GPI之 一加密部分’之後被稱為“E_GPI”)。該£_0?1也可包含(例 如)未加密資訊。例如,關於選擇自舉ME或UICC(Upa-使用) 之端點的資訊,或者(例如)關於基於產生的金鑰資訊(例 5 如,Ks_(ext/int)_BSF)的端點(例如,永久性或短期金鑰)之 自舉類型的資訊。 在步驟S1-4,該NAF 101可執行將包含至少該已加密核 心網路相關動態身分資訊(例如,已加密NAF DNS名稱)及 該被接收的使用者設備處理指令資訊)的金鑰產生相關資 10 訊(例如,推入GPI)發送給該UE 102。 依據一第二方法,該UE 102在步驟S2-1中可執行接收 至少包含該已加密核心網路相關動態身分資訊(例如,包含 該已加密NAF DNS名稱的E_GPI)及該使用者設備處理指令 資訊(例如,Upa使用之指示)的金鑰產生相關資訊(例如,由 15 該NAF/BSF 101 推入的GPI)。 在步驟S2-2中,該UE 102可執行產生與該被接收的使 用者設備處理指令資訊有關的(例如,與Upa使用之指示有 關的)第一金鑰資訊(例如,存在該UE 102内的一UICC上的 Ks_(ext)_BSF)。作為此第一金錄導出之可取捨的輸入,可 20 能具有不同的可能性。例如,該BSF名稱(以及指定的特定 Ua協定身分)或任何其他一般已知(非私密資訊破解)資訊, 或預先組配的資訊可被使用,只要其符合NAF-ID格式(因此 不需要改變(例如)在3GPP Release 6或3GPP Release 7下發 證的智慧卡,或者以如2GGBATR 33.920類似的方式被使 20 200915814 用)。應該注意到的是,該BSF名稱作為一非限制性例子被 使用。 在步驟S2-3中,該UE 102可基於該產生的第一金錄資 訊(如Ks_(ext)_BSF)執行解密該被接收的已加密核心網路 5相關動態身分資訊(例如,解密E_GPI,導致該NAF/BSF 1 〇 1 之DNS名稱)。 在步驟S2-4中,該UE 102可基於該已解密核心網路相 關動態身兮資訊(例如該NAF/BSF 101之DNS名稱)執行導 出第二金鑰資訊。 10 依據以上第一方法之進一步的實施例以及細化,在步 驟S1-1-1中,該NAF/BSF 101可進一步執行獲得一鑑別向量 (AV),該AV包含(例如)被用於進一步應用特定憑證之主金 鑰資料(之後也被稱為密碼金鑰内容),包含至少一隨機數 (RAND)、一鑑別符記(AUTN)、一被期望的回應(XREs)、 15 一密鑰(CK)以及一完整性金鑰(DQ,且導出通用金鑰資訊 (例如’ Ks)以供接著用於產生金鑰資訊(例如, Ks_(ext/int)_BSF)可被執行。可選擇的方式是,一使用者身 分符記可在以上描述的獲得期間被獲得。除此之外,該被 接收的使用者設備處理指令資訊可進一步包含一行動應用 20識別符(例如,Ua-appli-id),使得在步驟S1-2-1中,該 NAF/BSF 101可基於該被接收的使用者設備處理指令資訊 執行產生第二金鑰資訊(例如,Ks_(ext/int)_NAF)。 除此之外,在該第一及第二方法中,該核心網路相關 動態身分資訊可包含一網路應用功能領域名稱伺服器 21 200915814 5 10 (NAF DNS)名稱及/或一Ua介面協定識別符。此外,1金鑰 產生相關資訊(例如’ GPD可包含—獨特使用者識別^例 如網際網路協定多媒體子系統私人使用者身分(ΐΜρι)、網 際網路協定多媒體子系統公共使用者身分(IMpu)或其他使 用者識別符、至少一隨機數(RAND)或—正負號結果 (SRES)、密碼金鑰内容、通用自舉架構推入資訊之以1提 到的已加密部分(E_GPI)、該通用自舉架構推入資訊之一完 整性保護部分(之後稱為I_GPI)、導出的第—及第二金2 (Ks_(ext/int)_NAF)、一金鑰壽命及/或至少—通用自舉架構 使用者設定(GUSS)。而且,該使用者設備處理指令資訊可 包含指示Upa使用的至少一未加密資訊元件(例如,一位 元)。 除此之外’依據以上第二方法之進一步的實施例以及 細化,在步驟S2-1-1中,該UE 102可進一步基於該隨機數 15 及該鑑別符記執行產生通用金鑰資訊(Ks)。此外,在步驟 S2-2-1中,該UE 102可基於該第一金鑰資訊執行鑑別該通 用自舉架構推入資訊之完整性保護部分(I_GPI)。可選擇的 方式是,當接收時(步驟S1-1) ’ 一第一金鑰產生識別符可被 接收’且在產生步驟中,與該被接收的金鑰產生識別符有 20關的第一金鑰資訊也可被產生。可選擇的方式是,該第一 金鑰產生識別符可被預先組配,以及在產生(步驟S1_2)中, 與該被預先組配的金鑰產生識別符有關的第一金餘資訊也 可產生。作為另一選擇,例如該UE 102可進一步執行一Ua 訊息之接收,以及在步驟S2-5中,該UE 102可進一步基於 22 200915814 導出的第二金鑰資訊(Ks_(ext)_N AF)執行處理該被接收的 訊息(例如,Ua訊息)。 第2圖顯示了依據本發明之示範性實施例的用於金鑰 參數供應之個別裝置(例如,NAF/BSF 101及使用者設備UE 5 1〇2)。作為一例子,該UE 102可以是一可接取該接取網路 104之IP能力的終端機,其中該ue 102可進一步包含一給定 形式的安全模組,例如一智慧卡、一獨立晶片或一安全軟 體模組。 如第2圖中所示,該NAF 101(或者作為該NAF 101的 10 BSF 103)可包含一中央處理單元CPU 1011、一記憶體 1012、一發送器(Tx)1013、一接收器(Rx)i〇i4、一產生器 1015、一加密器1〇16、一可取捨的導出器ion以及至少一 可取捨的額外CPU 1011a。需注意到的是,之後為了描述簡 潔起見,對該NAF/BSF之CPU 1011的每個參考也可指該至 15 少一可取捨的額外CPU 1011a中的至少一者。 如該CPU 1011之功能方塊的虛線範圍所指示,該產生 器1015、該加密器1016及該可取捨的導出器ion可被實施 (例如)為在該CPU 1011上執行的軟體或個別實體。需注意 到的是’該發送器1013及該接收器1014之功能可以是如第2 20 圖中所示的個別實體,或者可選擇地由一積體收發器(圖未 示)執行。 該C P U 1011可被組配以處理各種資料輸入以及控制該 記憶體1012、該發送器1013、該接收器1014、該產生器 1015、該加密器1016、該可取捨的導出器ion以及該至少 23 200915814 一額外可取捨CPU 1011a之功能。該記憶體1〇丨2可用以儲存 當在該CPU 1011上執行時,用於執行依據本發明之示範性 實施例的個別方法之程式指令碼(較一般的是程式碼裝置)。 如結合依據本發明之實施例的個別方法所描述的,該 5 NAF/BSF 101之接收器丨〇13可被組配以接收金鑰產生相關 資訊(例如,GPI)之一查詢以及使用者設備處理指令資訊(例 如,Upa使用之指示)。 需注意的是,該查詢可源於該接取網路104内的另一網 路元件(圖未示)。 10 該NAF/BSF 101之產生器1015可被組配以產生與該接 收器1013接收的使用者設備處理指令資訊有關的第一金鑰 資訊A1 (例如,Ks_(ext/int)_BSF)。 該NAF/BSF 101之加密器1016接著可被組配以基於該 產生器1015產生的該金鑰資訊A1加密至少核心網路相關動 15 態身分資訊(動態ID資訊,例如加密該NAF/BSF 101之DNS 名稱,導致E_GPI)。 該NAF/BSF 101之發送器1014可被組配以發送包含被 該加密器1015加密的至少該核心網路相關動態身分資訊 (已加密動態ID資訊)以及被該接收器1013接收的該使用者 20 設備處理指令資訊(例如,Upa使用之指示符)的金鑰產生相 關資訊(例如,GPI)。 也如第2圖中所示,該UE 102可包含一CPU 1021、一 記憶體1022、一發送器(Tx)1023、一接收器(rx)i〇24、一產 生器1025、一解密器1026、一導出器1〇27、一可取捨創建 24 200915814 器1028、一可取捨鑑別器1029以及一可取捨介面 (I/F)10210。 如該CPU 1021之功能方塊之虛線範圍所指示,該產生 器1025、該解密器1026、該導出器1〇27、該可取捨創建器 5 1028、该可取捨鑑別器1〇29以及該可取捨介面1〇21〇可被實 施為在該CPU 1021上執行的軟體或者作為個別實體。需注 意到的是,該發送器1023及該接收器1〇24之功能可以是如 第2圖中所示的獨立實體,或者可選擇地由一積體收發器 (圖未示)執行。 10 該CPU 1021可被組配以處理各種資料輸入以及控制該 s己憶體1022、該發送器1〇23、該接收器1〇24、該產生器 1025、該解密器1〇26、該導出器1〇27、該可取捨創建器 1028、該可取捨鑑別器1〇29以及該可取捨介面1〇21〇之功 能。該記憶體1022可用以儲存當在該cpu 1〇21上執行時, 15用於執行(例如)依據本發明的個別方法之程式裝置。 如結合依據本發明之示範性實施例的個別方法所描述 的’該UE 102之接收器1〇23可被組配以用於一特定使用者 設備接收包含至少已加密核心網路相關動態身分資訊(例 如’ E—GPI ’已加密NAF/BSFDNS名稱)及使用者設備處理 20指令資訊(例如,Upa使用之指示)的金鑰產生相關資訊(例 如’ GPI)。作為一選擇,該uE 1〇2之接收器1〇23可進一步 被組配以接收一Ua訊息。 需注意到的是,此可取捨訊息(msg)可源於該NAF/BSF 101 °在此情況下,產生、解密、導出以及處理之後續操作 25 200915814 可月b產生該sfl息(msg)之一成功的整體處理。可選擇的方式 疋’ s亥§fl息(msg)可源於該通訊系統1 〇〇内的另一 naf/bsf 101。在此情況下,產生、解密、導出以及處理之後續操作 可能部分或完全失敗’因此導致該可取捨訊息(msg)之一不 5 成功的整體處理。 該UE 102之產生器1025可被組配以產生與該接收器 1023接收的使用者設備處理指令資訊(例如,处3使用之指 示)有關的第一金鑰資訊A2(例如,Ks_(ext) BSF)。 該UE 102之解密器1026可被組配以接著基於該產生器 10 1025產生的該第一金鑰資訊A2解密被該接收器1023接收的 該已加密核心網路相關動態身分資訊(例如,解密E_GPI, 導致NAF DNS名稱)。 該UE 102之導出器1027可被組配以基於被該解密器 1026解密的核心網路相關動態身分資訊(例如,NAF DNSS 15 稱)導出第二金鑰資訊B2(例如,Ks」ext)_NAF)。 依據以上NAF/BSF 101之進一步的實施例,例如,該 CPU 1011結合該NAF/BSF 101之記憶體1012(組成可被認 為是一獲得器的東西)一起可進一步被組配以獲得一鑑別 向量(AV),該AV包含被用於進一步的特定應用憑證的主金 20 鑰資料(也被稱為密碼金鑰内容),包含至少一隨機數 (RAND)、一鑑別符記(AUTN)、一被期望的回應(XRES)、 一密鑰(CK)及一完整性金鑰(IK)中的至少一者。該可取捨 導出器1017可被組配以導出通用金鑰資訊(例如’ Ks,由虛 線鑰匙符號指示)以接著用於被組配以產生金鑰資訊A1(例 26 200915814 如’ Ks—(ext/int)一BSF)的產生器1015。可選擇的方式是,該 獲得器可被組配以獲得一使用者身分符記。除此之外,該 被接收的使用者設備處理指令資訊可進一步包含一行動應 用識別符(例如,Ua-appli-id),使得該產生器1〇15可進一步 5被組配以基於該被接收的使用者設備處理指令資訊產生第 一金鑰資訊B1 (例如,Ks_(ext/int)_NAF)。作為一選擇,該 通用金鑰資訊(Ks)也可以基於2G鑑別向量(2G鑑別向量 (AV=RAND、SRES(正負號回應)、Kc(密餘)))。 除此之外,在依據本發明的NAF/BSF 101及UE 102 10中,該核心網路相關動態身分資訊(動態ID資訊)可包含一網 路應用功能領域名稱伺服器(例如,NAF DNS)名稱以及/或 一Ua介面協定識別符。此外,該金鑰產生相關資訊(例如, GPI)可包含一獨特使用者識別符,例如ΙΜρι、IMpu或其他 使用者識別符、至少一隨機數(RAND)或一正負號結果 15 (SRES)、密碼金鑰内容、通用自舉架構推入資訊之以上提 到的已加密部分(E_GPI)、該通用自舉架構推入資訊之一完 整性保護部分(I_GI>I)、導出的第一及第二金鑰、一金鑰壽 命及/或至少一通用自舉架構使用者設定(GUSS)。該使用者 設備處理指令資訊可包含指示(例如)Up a使用的至少一未 2〇 加密資訊元件(例如,一位元)。 除此之外,依據該UE 102之進一步的實施例及細化, 該UE 102之可取捨的創建器1〇28可被組配以基於該隨機數 (RAND)及該鑑別符記(AUTN)產生通用金鑰資訊(Ks,如以 虛線鑰匙符號所指示的)。此外,該UE 102之可取捨鑑別器 27 200915814 1029可被組配以基於該第一金鑰資訊ΑΓ鑑別該通用自舉 架構推入資訊(I_GPI)之完整性保護部分。該第一金鑰資訊 A1’可以是對應由該NAF/BSF 101之產生器1015產生的金 鑰資訊A1之金鑰資訊。可選擇的方式是,該接收器1023可 5 被組配以接收一第一金鑰產生識別符,以及該產生器1025 可被組配以產生也與該接收器1 〇 2 3接收的該金鑰產生識別 符有關的第一金鑰資訊。可選擇的方式是,該第一金鑰產 生識別符可被預先組配,以及該產生器1025可被進一步組 配以產生也與該預先組配的金鑰產生識別符有關的第一金 10 鑰資訊。作為一額外選擇,(例如)該UE 102之CPU 1021可 被進一步組配以基於由該導出器1027導出的第二金鑰資訊 B2(例如,Ks_(ext)_NAF)處理被該接收器1〇23接收的以上 所描述的可取捨訊息(例如,Ua訊息)。 除此之外,該UE 102可選擇地由一行動設備或一通用 15 積體電路卡組成。而且’該可取捨創建器1028也可由一可以 晶片組插入該UE 102的通用積體電路卡組成(由延伸到該 UE 102之功能方塊的可取捨創建器1028之功能方塊指示)。 該UE 102可進一步包含該通用積體電路卡(1028)或一 安全記憶體(圖未示)以及該可取捨介面(10210),該可取捨 20 介面(10210)可被組配以提供該金鑰產生相關資訊中的至少 一部分(例如,GPI或GPI之部分)給該通用積體電路卡或該 安全記憶體。 該UE 102也可被實施為一晶片或模組。 本發明之示範性實施例也提供一系統,該系統包含依 28 200915814 據本發明的該NAF/BSF 101及該UE 102中的至少一者。 本發明之示範性實施例可依據以下被總結,不限於給 出的技術及實施態樣細節。 對於該UE102的NAF金鑰導出,該NAFID需要在該等 5 金鑰Ks—ext/int_NAF可自Ks導出之前可得。因此,後面的 金鑰對於機密地保護該NAF ID並沒有用。一種用以提供該 NAF ID傳輸之機密保護之可能的解決方法是使用一額外 金錄。一額外(中間)金鑰導出可被用於此目的。作為此金鑰 導出之輸入,具有不同的可能性。該BSF名稱(以及指定的 10特疋Ua-協定身分)或任何其他一般已知的(非私密資訊破解) 資訊可被使用,只要其符合該N A F D格式(因此不需要附加 至先前發出的UICC)。這表示此NAF ID符合資訊可在該 UE(智慧卡或GBA-ME及GBA_U之ME)内被預先組配或者 在自舉之前被傳輸/廣播,作為兩個例子。因為此金鑰導出 15需在BSF内被執行’所以一BSF名稱可被使用。否則,一名 稱被加到該Zpn-請求訊息内。除此之外,在使用 NAF-ID=BSF名稱的BSF導出的金鑰沒有被傳給該請求 NAF。這提供不能夠修改(對於該Qpi之完整性保護) 且讀取該GPI之受保護部分的特性。在此情形下,該BSF作 20為一可信賴伺服器,加密需要被傳給該UE的NAF ID。該 NAF無法修改此資料。具有自一ιρ位址解析1^八1: ID之能力 的UE能夠檢查且匹配此資料。同時,該已加密值作為一授 權符記(類似但不等於一鑑別8_丁1〇方法,其中此形式的 B-TID作為用以檢查是否涉及該UE的裝置),該已加密值可 29 200915814 被UE驗證以證明該發送NAF被授權以將資訊推入給該 UE。若自舉壽命在被明文包括在GPI中且被Ks_(ext)_BSF 完整性保護,則當一NAF將該GPI儲存在該網路内太久(藉 由在自舉之前使壽命有效)時,其允許拒絕一UE之自舉。一 5 發送具有無效RAND AUTN的篡改GPI之NAF無法被阻止, 但是自舉嘗試將失敗。一發送具有一有效(但是未被使用 的)RAND AUTN的篡改GPI之NAF無法被阻止,且若該NAF 不被允許作為一推入NAF,其將也不能夠完整性保護GPI, 因此被該UE檢測出(該NAF將使用Zn介面請求如3GPP規格 10 TS 33.220指定的NAF金鑰),則這可能導致一成功的自舉。 對於正確的金鑰導出,DNS名稱及其他金鑰導出資料 可能需要被安全地傳遞給使用者且在終端機及網路端被整 合到金鑰導出程序内。此機制可確保被傳遞的Dns名稱之 完整性保護以及確保機密性保護(隱私)。一DNS名稱之安全 15性對於阻止一可能的所謂網路釣魚式攻擊是重要的。此機 密保護對於避免一使用者可能經由該]^八1;主機名稱鏈結到 某一内容可能是重要的。該機制也具有以下特性:該廣播 伺服态(N A F,可能在—被造訪的網路内)不能夠修改需被發 送給該UE的自舉相關資料。這允許在其他國家的漫遊使用 20者能夠像平常-樣純“未聽,,資訊。 依據本發明之示範性實施例的解決方法提供一種用以 保護-網路初始化GBA自舉㈣―些資料免於受到篡改及 觀察的機制。特別是當不具有任何基本載送器網路安全(例 如,在廣播模式網路中)時,料實施例是需要的且重要的。 30 200915814 本發明之其他實施例也可被提供。 出於本文以上所描述的本發明之目的,應該注意到的 是’一接取技術可以是一使用者可藉以接取一接取網路的 任何技術。任何現在或將來的技術,例如無線區域接取網 5路(WLAN)、纜線網路、微波接取之世界協作(WiMAX)、藍 牙、紅外線以及類似者可被使用。應進一步注意到的是, 一接取網路可以是一行動台實體或其他使用者設備可連接 到及/或使用由該接取網路提供的服務之任何設備、單元或 裝置。此等服務尤其包括資料及/或(音訊_)可視通訊、資料 10 下載等。 一般而言,本發明之示範性實施例也可應用於依靠一 基於資料封包的傳輸方案之該等網路/終端機環境,資料可 依據該基於資料封包的傳輸方案以資料封包被發送,且其 等(例如)可基於網際網路協定Ip。然而,該等示範性實施例 is不限於此,m任何其他現在或將來㈣或行紐(Μιρ)版 本,或者較一般地,遵循與(M)IPv4/6類似的原理之協定也 可被應用。 -使用者設備實體可以是—系統使用者可藉以自—接 取網路體驗服務的任何設備、單元或裝置。 20 彳指出’可能實施為軟體程式碼部分且使用—處理器 被執行的方法步驟是軟體程式碼獨立的,且可利用任何已 知或將來發展的程式語言被指定,只要由該等方法步驟定 義的整體功能被保留。 -般而言’任何方法步驟勒於實施為敕體或由硬體 31 200915814 實施,按照所實施的功能而沒有改變本發明之示範性實施 例之本質。 可能實施為一行動台内的硬體元件或網路元件或其模 組的方法步驟及/或設備、單元或裝置是硬體獨立的,且可 5利用任何已知或將來發展的硬體技術或其等之任何混合被 實施,例如金屬氧化半導體(MOS)、互補MOS(CMOS)、雙 極MOS(BiMOS)、雙極CMOS(BiCMOS)、射極耦合邏輯 (ECL) '電晶體-電晶體邏輯(TTL)等,利用(例如)特定應用 積體電路(1C)元件(ASIC)、可現場規劃閘極陣列(FPGA)元 10 件、複雜可規劃邏輯裝置(CPLD)元件或數位信號處理器 (DSP)元件。 除此之外,可能實施為軟體元件的任何方法步驟及/或 设備、單元或裝置可(例如)基於多媒體廣播多播服務 (MBMS);特別地,MBMS安全符合軟體模組可被使用。雖 I5然安全MBMS在本文作為一例子被用於一安全服務以供描 述目的,但是能夠(例如)鑑別、授權、金鑰保護及/或保護 訊務的任何安全架構可被應用。 °又備、單元或裝置(例如,使用者設備、BSF及NAF)可 被實施為個別設備、單元或裝置,但是這並不排除它們以 2〇刀散方式實施在該系統中,只要該設備、單元或裝置之 功能被保持。 卜被用於所描述的參數、功能、訊息類型、介面 及類⑽(例如’ BSF、Gpi、勝等)的各種名 稱:U日限於任何層面,因為該等參數、功能、訊息類 32 200915814 型、介面及類似者可由任何適合的名稱被識別。In step S1-2, the NAF 101 may perform to generate a first key information related to the received user device processing instruction information (eg, an indication of Upa usage) (eg, Ks-(ext/int) ) _BSF) steps. As an alternative to this first-key export procedure, there are several different possibilities. For example, the BSF 103 name (and the specified specific Ua agreement identity), or any other generally known (non-private information cracking) information (or pre-formed information) can be used as long as it conforms to the NAF-ID format. (Therefore, there is no need to change (for example) a smart card issued under 3GPP Release 6 or 3GPP Release 7, and if it is used in a similar manner as 2G GBA TR 33.920, there is no need to change the user identity module SIM card). The key derivation can be performed in the BSF 103. In step S1-3, the NAF 101 can perform encryption to at least the core network phase 19 200915814. The dynamic identity information (eg, encrypting the NAF DNS name, resulting in encryption of one of the GPIs) The part 'below is called 'E_GPI'). The £_0?1 can also contain (for example) unencrypted information. For example, information about selecting an endpoint of a bootstrap ME or UICC (Upa-Use), or (for example, an endpoint based on generated key information (eg, Ks_(ext/int)_BSF) (eg, Information about the type of bootstrapping of a permanent or short-term key. In step S1-4, the NAF 101 may perform a key generation related to the at least the encrypted core network related dynamic identity information (eg, the encrypted NAF DNS name) and the received user equipment processing instruction information. A 10 message (e.g., push GPI) is sent to the UE 102. According to a second method, the UE 102 can perform receiving, in step S2-1, at least the encrypted core network related dynamic identity information (eg, E_GPI including the encrypted NAF DNS name) and the user equipment processing instruction. The key to the information (for example, the instructions used by Upa) generates information (for example, the GPI pushed by 15 of the NAF/BSF 101). In step S2-2, the UE 102 may perform to generate first key information related to the received user equipment processing instruction information (eg, related to the indication used by Upa) (eg, presence in the UE 102) Ks_(ext)_BSF on a UICC. As an alternative to the export of this first gold record, it can have different possibilities. For example, the BSF name (and the specified specific Ua agreement identity) or any other generally known (non-private information cracking) information, or pre-formed information, can be used as long as it conforms to the NAF-ID format (and therefore does not need to be changed) (For example) a smart card issued under 3GPP Release 6 or 3GPP Release 7, or 20 200915814 in a similar manner as 2GGBATR 33.920). It should be noted that the BSF name is used as a non-limiting example. In step S2-3, the UE 102 may perform decryption of the received encrypted core network 5 related dynamic identity information (eg, decrypt E_GPI, based on the generated first record information (eg, Ks_(ext)_BSF), The DNS name that caused the NAF/BSF 1 〇1). In step S2-4, the UE 102 may perform the export of the second key information based on the decrypted core network related dynamic body information (e.g., the DNS name of the NAF/BSF 101). 10 In accordance with a further embodiment of the first method above and refinement, in step S1-1-1, the NAF/BSF 101 may further perform obtaining an authentication vector (AV) that is included, for example, for further use. The master key data of the application specific certificate (hereinafter also referred to as cryptographic key content), including at least one random number (RAND), one authentication token (AUTN), one expected response (XREs), 15 a key (CK) and an integrity key (DQ, and exporting generic key information (eg, 'Ks) for subsequent generation of key information (eg, Ks_(ext/int)_BSF) may be performed. Alternatively, a user identity token can be obtained during the acquisition described above. In addition, the received user device processing instruction information can further include a mobile application 20 identifier (eg, Ua-appli- Id), such that in step S1-2-1, the NAF/BSF 101 can generate second key information (eg, Ks_(ext/int)_NAF) based on the received user equipment processing instruction information. In addition, in the first and second methods, the core network related dynamic body The information may include a web application functional domain name server 21 200915814 5 10 (NAF DNS) name and/or a Ua interface protocol identifier. In addition, the 1 key generates relevant information (eg 'GPD may include - unique user identification ^ For example, Internet Protocol Multimedia Subsystem Private User Identity (ΐΜρι), Internet Protocol Multimedia Subsystem Public User Identity (IMpu) or other user identifier, at least one random number (RAND) or - sign result (SRES), cryptographic key content, the encrypted portion (E_GPI) mentioned in 1 for the general bootstrapping structure, and the integrity protection part (hereinafter referred to as I_GPI) of the general bootstrap architecture push information, The exported first and second gold 2 (Ks_(ext/int)_NAF), one key lifetime and/or at least the general bootstrapping user setting (GUSS). Moreover, the user equipment processing instruction information may include Instructing at least one unencrypted information element (eg, one bit) used by Upa. In addition to the further embodiment and refinement of the second method above, in step S2-1-1, the UE 102 may Further basis The random number 15 and the discriminator are executed to generate general key information (Ks). Further, in step S2-2-1, the UE 102 may perform discriminating the universal bootstrapping architecture based on the first key information. Information integrity protection part (I_GPI). Alternatively, when receiving (step S1-1) 'a first key generation identifier can be received' and in the generating step, with the received gold The first key information of the key generation identifier having 20 levels can also be generated. Alternatively, the first key generation identifier may be pre-assigned, and in the generating (step S1_2), the first information about the pre-assigned key generation identifier may also be produce. Alternatively, for example, the UE 102 may further perform reception of a Ua message, and in step S2-5, the UE 102 may perform further based on the second key information (Ks_(ext)_N AF) derived from 22 200915814. The received message (eg, a Ua message) is processed. Figure 2 shows individual devices (e.g., NAF/BSF 101 and user equipment UE 5 1〇2) for the provisioning of key parameters in accordance with an exemplary embodiment of the present invention. As an example, the UE 102 can be a terminal that can access the IP capability of the access network 104. The ue 102 can further include a security module in a given form, such as a smart card, a separate chip. Or a security software module. As shown in FIG. 2, the NAF 101 (or 10 BSF 103 as the NAF 101) may include a central processing unit CPU 1011, a memory 1012, a transmitter (Tx) 1013, and a receiver (Rx). I〇i4, a generator 1015, an encryptor 1〇16, a deductible exporter ion, and at least one optional additional CPU 1011a. It is to be noted that, for the sake of simplicity of description, each reference to the CPU 1011 of the NAF/BSF may also refer to at least one of the additional CPUs 1011a that are less than one alternative. The generator 1015, the encryptor 1016, and the optional exporter ion can be implemented, for example, as software or individual entities executing on the CPU 1011 as indicated by the dashed line of the functional blocks of the CPU 1011. It should be noted that the functions of the transmitter 1013 and the receiver 1014 may be individual entities as shown in FIG. 20 or alternatively may be performed by an integrated transceiver (not shown). The CPU 1011 can be configured to process various data inputs and to control the memory 1012, the transmitter 1013, the receiver 1014, the generator 1015, the encryptor 1016, the optional exporter ion, and the at least 23 200915814 An additional option to CPU 1011a. The memory 1 可用 2 can be used to store program instruction code (more generally, a code device) for performing an individual method in accordance with an exemplary embodiment of the present invention when executed on the CPU 1011. The receiver 丨〇13 of the 5 NAF/BSF 101 can be configured to receive one of the key generation related information (eg, GPI) queries and user equipment as described in connection with an individual method in accordance with an embodiment of the present invention. Process instruction information (for example, instructions for use by Upa). It should be noted that the query may originate from another network element (not shown) in the access network 104. The generator 1015 of the NAF/BSF 101 can be configured to generate first key information A1 (e.g., Ks_(ext/int)_BSF) related to user equipment processing instruction information received by the receiver 1013. The NAF/BSF 101 cipher 1016 can then be configured to encrypt at least the core network related dynamics information (dynamic ID information, such as encrypting the NAF/BSF 101) based on the key information A1 generated by the generator 1015. The DNS name, resulting in E_GPI). The transmitter 1014 of the NAF/BSF 101 can be configured to transmit at least the core network related dynamic identity information (encrypted dynamic ID information) encrypted by the encryptor 1015 and the user received by the receiver 1013. 20 The key of the device processing instruction information (for example, the indicator used by Upa) generates relevant information (for example, GPI). As shown in FIG. 2, the UE 102 can include a CPU 1021, a memory 1022, a transmitter (Tx) 1023, a receiver (rx) i24, a generator 1025, and a decrypter 1026. An exporter 1 〇 27, a removable creation 24 200915814 1028, a tamper discriminator 1029, and a removable interface (I/F) 10210. As indicated by the dashed line range of the functional blocks of the CPU 1021, the generator 1025, the decryptor 1026, the exporter 〇27, the removable creator 5 1028, the evasive discriminator 1 〇 29, and the alternative The interface 1〇21〇 can be implemented as software executed on the CPU 1021 or as an individual entity. It should be noted that the functions of the transmitter 1023 and the receiver 1 24 may be separate entities as shown in FIG. 2, or alternatively may be performed by an integrated transceiver (not shown). 10 The CPU 1021 can be configured to process various data inputs and to control the suffix 1022, the transmitter 1 〇 23, the receiver 1 〇 24, the generator 1025, the decryptor 1 〇 26, the export The device 1 〇 27, the tamper creator 1028, the evaluable discriminator 1 〇 29, and the function of the removable interface 1 〇 21 。. The memory 1022 can be used to store program devices for performing, for example, individual methods in accordance with the present invention when executed on the cpu 1〇21. The receivers 〇23 of the UE 102, as described in connection with the individual methods in accordance with the exemplary embodiments of the present invention, can be configured for a particular user equipment to receive dynamic identity information including at least an encrypted core network. (eg 'E-GPI' encrypted NAF/BSFDNS name) and the key generated by the user device processing 20 command information (eg, instructions for use by Upa) to generate relevant information (eg 'GPI'). Alternatively, the receiver 1 〇 23 of the uE 1 〇 2 can be further configured to receive a Ua message. It should be noted that this trade-off message (msg) can be derived from the NAF/BSF 101 °. In this case, subsequent operations of generating, decrypting, exporting, and processing 25 200915814 may generate the sfl (msg) A successful overall treatment. The alternative way 疋's sfl (msg) can be derived from another naf/bsf 101 in the communication system 1 〇〇. In this case, subsequent operations of generating, decrypting, exporting, and processing may partially or completely fail' thus resulting in one of the selectable messages (msg) not being a successful overall processing. The generator 102 of the UE 102 can be configured to generate first key information A2 (eg, Ks_(ext) related to user equipment processing instruction information (eg, an indication of use at 3) received by the receiver 1023. BSF). The decryptor 1026 of the UE 102 can be configured to then decrypt the encrypted core network related dynamic identity information received by the receiver 1023 based on the first key information A2 generated by the generator 10 1025 (eg, decryption) E_GPI, which causes the NAF DNS name). The exporter 1027 of the UE 102 can be configured to derive a second key information B2 (eg, Ks "ext)_NAF based on core network related dynamic identity information (eg, NAF DNSS 15) decrypted by the decryptor 1026. ). According to a further embodiment of the above NAF/BSF 101, for example, the CPU 1011 may be further combined to obtain an authentication vector in conjunction with the memory 1012 of the NAF/BSF 101 (which may be considered an acquirer). (AV), the AV contains primary key 20 key data (also referred to as cryptographic key content) used for further specific application credentials, including at least one random number (RAND), one authentication token (AUTN), one At least one of a desired response (XRES), a key (CK), and an integrity key (IK). The retractable exporter 1017 can be configured to derive generic key information (e.g., 'Ks, indicated by a dashed key symbol) for subsequent use to be assembled to generate key information A1 (Example 26 200915814 as 'Ks-(ext /int) A generator 1015 of a BSF). Alternatively, the obtainer can be configured to obtain a user identity token. In addition, the received user equipment processing instruction information may further include a mobile application identifier (eg, Ua-appli-id) such that the generator 1 15 may be further configured to be based on the The received user equipment processing instruction information generates first key information B1 (eg, Ks_(ext/int)_NAF). Alternatively, the universal key information (Ks) may also be based on a 2G discrimination vector (2G discrimination vector (AV = RAND, SRES (signal response), Kc (secure)). In addition, in the NAF/BSF 101 and the UE 102 10 according to the present invention, the core network related dynamic identity information (Dynamic ID information) may include a network application function domain name server (for example, NAF DNS). Name and / or a Ua interface protocol identifier. In addition, the key generation related information (eg, GPI) may include a unique user identifier, such as ΙΜρι, IMpu or other user identifier, at least one random number (RAND) or a sign result 15 (SRES), The encrypted key content (E_GPI) mentioned above for the cryptographic key content, the general bootstrapping architecture push information, one integrity protection part of the general bootstrapping architecture push information (I_GI>I), the first and the first derived Two keys, one key lifetime and/or at least one universal bootstrap architecture user setting (GUSS). The user device processing instruction information may include at least one unencrypted information element (e.g., one bit) indicating, for example, Up a. In addition, in accordance with further embodiments and refinements of the UE 102, the removable creator 1 28 of the UE 102 can be configured to be based on the random number (RAND) and the authentication token (AUTN). Generic key information (Ks, as indicated by the dashed key symbol) is generated. In addition, the UE 102 retrievable authenticator 27 200915814 1029 can be configured to authenticate the integrity protection portion of the general bootstrapping architecture push information (I_GPI) based on the first key information. The first key information A1' may be key information corresponding to the key information A1 generated by the generator 1015 of the NAF/BSF 101. Alternatively, the receiver 1023 can be configured to receive a first key generation identifier, and the generator 1025 can be configured to generate the gold also received with the receiver 1 〇2 3 The key generates the first key information related to the identifier. Alternatively, the first key generation identifier can be pre-assigned, and the generator 1025 can be further configured to generate a first gold 10 that is also associated with the pre-assigned key generation identifier. Key information. As an additional option, for example, the CPU 1021 of the UE 102 can be further configured to be processed by the receiver 1 based on the second key information B2 (e.g., Ks_(ext)_NAF) derived by the exporter 1027. 23 receives the optional message (eg, Ua message) described above. In addition to this, the UE 102 can alternatively be comprised of a mobile device or a universal 15 integrated circuit card. Moreover, the removable creator 1028 can also be comprised of a universal integrated circuit card that can be inserted into the UE 102 by a chipset (indicated by functional blocks extending to the function splicer 1028 of the functional block of the UE 102). The UE 102 can further include the universal integrated circuit card (1028) or a secure memory (not shown) and the removable interface (10210), the selectable 20 interface (10210) can be configured to provide the gold The key generates at least a portion of the related information (eg, a portion of the GPI or GPI) to the universal integrated circuit card or the secure memory. The UE 102 can also be implemented as a chip or module. An exemplary embodiment of the present invention also provides a system comprising at least one of the NAF/BSF 101 and the UE 102 in accordance with the present invention in accordance with 28 200915814. Exemplary embodiments of the present invention can be summarized as follows, and are not limited to the given techniques and implementation details. For NAF key derivation of the UE 102, the NAFID needs to be available before the 5 keys Ks_ext/int_NAF can be derived from Ks. Therefore, the latter key is not useful for confidentially protecting the NAF ID. One possible solution to provide confidential protection for this NAF ID transmission is to use an additional record. An additional (intermediate) key export can be used for this purpose. As an input to this key export, there are different possibilities. The BSF name (and the specified 10 special Ua-contracted identity) or any other generally known (non-private information cracking) information can be used as long as it conforms to the NAFD format (and therefore does not need to be attached to a previously issued UICC) . This means that this NAF ID compliance information can be pre-allocated in the UE (Smart Card or GBA-ME and GBA_U ME) or transmitted/broadcast before bootstrapping, as two examples. Since this key export 15 needs to be executed within the BSF', a BSF name can be used. Otherwise, a claim is added to the Zpn-Request message. In addition, the key derived from the BSF using the NAF-ID=BSF name is not passed to the request NAF. This provides the ability to modify (for the integrity protection of the Qpi) and read the protected portion of the GPI. In this case, the BSF 20 is a trusted server, and the encryption needs to be passed to the NAF ID of the UE. This data cannot be modified by this NAF. A UE with the ability to resolve 1^8: ID from an ιρ address can check and match this data. At the same time, the encrypted value is used as an authorization token (similar but not equal to an authentication method, wherein the B-TID of this form is used as a device for checking whether the UE is involved), and the encrypted value is 29 200915814 is verified by the UE to prove that the sending NAF is authorized to push information to the UE. If the bootstrap lifetime is explicitly included in the GPI and is protected by Ks_(ext)_BSF integrity, then when a NAF stores the GPI in the network for too long (by validating the lifetime before bootstrapping), It allows to deny a UE's bootstrapping. A 5 NAF that sends a tampering GPI with an invalid RAND AUTN cannot be blocked, but the bootstrap attempt will fail. A NAF that sends a tampering GPI with a valid (but unused) RAND AUTN cannot be blocked, and if the NAF is not allowed as a push NAF, it will not be able to integrity protect the GPI, so it is It is detected (the NAF will use the Zn interface to request a NAF key as specified by 3GPP Specification 10 TS 33.220), which may result in a successful bootstrapping. For proper key export, the DNS name and other key export data may need to be securely passed to the user and integrated into the key exporter at the terminal and network. This mechanism ensures the integrity protection of the passed Dns name and ensures confidentiality protection (privacy). The security of a DNS name is important to prevent a possible so-called phishing attack. This confidentiality protection may be important to avoid a user being able to link to a certain content via the host name. The mechanism also has the following characteristics: The broadcast servo state (NAF, possibly in the visited network) cannot modify the bootstrapping related data to be sent to the UE. This allows the roaming use of 20 in other countries to be as normal-like "no listening, information. The solution according to an exemplary embodiment of the present invention provides a means for protection - network initialization GBA bootstrapping (4) - some information Protected from tampering and observation mechanisms, particularly when there is no basic carrier network security (eg, in a broadcast mode network), material embodiments are needed and important. 30 200915814 Others of the invention Embodiments may also be provided. For the purposes of the present invention as described herein above, it should be noted that 'an access technology may be any technology by which a user can access an access network. Any current or Future technologies such as Wireless Zone Access Network 5 (WLAN), Cable Networking, Microwave Access World Collaboration (WiMAX), Bluetooth, Infrared, and the like can be used. It should be further noted that The fetch network can be any device, unit or device that a mobile station entity or other user device can connect to and/or use for services provided by the access network. And/or (audio_) visual communication, data 10 download, etc. In general, the exemplary embodiments of the present invention are also applicable to such network/terminal environments relying on a data packet-based transmission scheme, data may be According to the data packet-based transmission scheme, the data packet is transmitted, and the like, for example, may be based on the Internet Protocol Ip. However, the exemplary embodiments are not limited thereto, m any other present or future (four) or line New (Μιρ) version, or more generally, an agreement that follows a similar principle to (M)IPv4/6 can also be applied. - User device entity can be - system user can borrow from - access network experience service Any device, unit or device. 20 彳 indicates that the method steps that may be implemented as part of the software code and are used by the processor are software code independent and may be specified using any known or future developed programming language. As long as the overall functionality defined by the method steps is preserved. - Generally, any method step is implemented as a corpus or by hardware 31 200915814, according to The functions implemented do not alter the nature of the exemplary embodiments of the present invention. The method steps and/or devices, units or devices that may be implemented as a hardware component or network component or a module thereof in a mobile station are hardware independent. And can be implemented using any known or future developed hardware technology or any combination thereof, such as metal oxide semiconductor (MOS), complementary MOS (CMOS), bipolar MOS (BiMOS), bipolar CMOS ( BiCMOS), emitter-coupled logic (ECL) 'Crystal-Crystal Logic (TTL), etc., utilizing, for example, a specific application integrated circuit (1C) component (ASIC), field programmable gate array (FPGA) element 10 Pieces, complex programmable logic device (CPLD) components or digital signal processor (DSP) components. In addition, any method steps and/or devices, units or devices that may be implemented as software components may, for example, be based on Multimedia Broadcast Multicast Service (MBMS); in particular, MBMS Security compliant software modules may be used. Although I5 security MBMS is used herein as an example for a security service for description purposes, any security architecture capable of, for example, authentication, authorization, key protection, and/or protection of traffic can be applied. A device, unit or device (eg, user equipment, BSF, and NAF) may be implemented as an individual device, unit, or device, but this does not preclude that they are implemented in the system in a two-knife manner, as long as the device The function of the unit, unit or device is maintained. Bu is used for the described parameters, functions, message types, interfaces and classes (10) (eg 'BSF, Gpi, Win, etc.) various names: U day is limited to any level, because these parameters, functions, messages class 32 200915814 type The interface, and the like, can be identified by any suitable name.

應該注意到的是,詞語“連接”、‘‘_,,或其任何變化 表示兩個或多個元件之間的任何連接或_,不管是直接 或間接的,且可包含被“連接,,或“減,,在—起的兩個元件 之間存在4多個中心件。_元件之_減或連接 可以是實體的、邏輯的或其等—組合。如本文所使用的, 兩個元件可被認為藉由使用-❹個導線、麟及/或印刷 電性連接被“連接”或“键,在—起,以及藉由使用電磁能 量,例如具有在射頻範圍、微波範圍及光學(可見及不可見) 10粑圍内的波長之電磁能量’作為幾個非限制性及非詳盡例子。 此外,本發明之各種非限制性及示範性實施例之一些 特徵可被用以提供優勢,而不需其他紐之對應使用。這 樣以上彳®述應被或為僅僅是本發明之原理、教示及示範 性實施例之說明,且不是其限制。 15 【圖式簡單說明】 第1圖顯示了用於依據本發明之示範性實施例的金鑰 參數供應之個別方法;以及 第2圖顯示了用於依據本發明之示範性實施例的金鑰 參數供應之個別裝置(例如,一使用者設備及]^八1?/8517)。 20 【主要元件符號說明】 100…通訊系統 101·.·網路應用功能 102…使用者設備 103···自舉伺服器功能 104…接取網路 1011…中央處理單元 1011a…中央處理單元 1012…記憶體 33 200915814 1013…發送器 1026···解密器 1014…接收器 1027…導出器 1015…產生器 1028…創建器 1016…加密器 1029…鑑別器 1017…導出器 10210…介面 1021---CPU S1-1 ' S1-1-1 * S1-2 > S1-2-1 ' 1022…記憶體 Sl-3、S1-4、 S2-1 > S2-1-1 ' 1023…發送器 S2-2 ' S2-2-1 、S2-3、S2-4、 1024···接收器 S2-5…步驟 1025…產生器 34It should be noted that the words "connected," "', or any change thereof mean any connection or _ between two or more elements, either directly or indirectly, and may include "connected," Or "minus," there are more than 4 centerpieces between the two components. The _subtraction or connection of the components may be physical, logical or the like-combination. As used herein, two elements may be considered to be "connected" or "bonded" by using - a wire, a rib, and/or a printed electrical connection, and by using electromagnetic energy, for example, Radio frequency range, microwave range, and optical (visible and invisible) electromagnetic energy of wavelengths within 10 turns' as a few non-limiting and non-exhaustive examples. Furthermore, some of the various non-limiting and exemplary embodiments of the present invention Features may be used to provide advantages without the corresponding use of the other features. Thus, the above descriptions are intended to be merely illustrative of the principles, teachings, and exemplary embodiments of the invention, and are not limiting. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 shows an individual method for the supply of a key parameter in accordance with an exemplary embodiment of the present invention; and FIG. 2 shows a supply of a key parameter for use in accordance with an exemplary embodiment of the present invention. Individual devices (for example, a user device and ]^8 1/8517). 20 [Description of main component symbols] 100...Communication system 101·.·Network application function 102...User device 103··· Bootstrap servo The function 104 is connected to the network 1011... the central processing unit 1011a... the central processing unit 1012...the memory 33 200915814 1013...the transmitter 1026···the decryptor 1014...the receiver 1027...the exporter 1015...the generator 1028...creator 1016... encryptor 1029... discriminator 1017... exporter 10210... interface 1021---CPU S1-1 'S1-1-1 * S1-2 > S1-2-1 ' 1022...memory Sl-3, S1 -4, S2-1 > S2-1-1 ' 1023... Transmitter S2-2 'S2-2-1, S2-3, S2-4, 1024··· Receiver S2-5...Step 1025...Generate 34

Claims (1)

200915814 十、申請專利範圍: 1· 一種方法’包含以下步驟: 接收使用者設備處理指令資訊以及金鑰產生相關 資訊之一查詢; 產生與該被接收的使用者設備處理指令資訊有關 的第一金鑰資訊; 加密至少核心網路相關動態身分資訊;以及 以該金鑰產生相關資訊回復該查詢,該金鑰產生相 關資訊包含至少該已加密核心網路相關動態身分資訊 及被接收的使用者設備處理指令資訊。 2.如申請專利範圍第丨項所述之方法,其中該金鑰產生相 關資訊之查詢包含一GBA-PUSH-INFO通用自舉架構推 入資訊(GPI)。 3·如申請專利範圍第1項所述之方法,其中該使用者設備 處理指令資訊包含一Upa使用之一指示。 4. 如申請專利範圍第1項所述之方法,其中產生該第一金 鑰資訊考量一自舉伺服器功能(BSF)名稱以及指定的特 定Ua協定身分。 5. 如申請專利範圍第1項所述之方法,其中該第一金鑰資 訊包含Ks」ext/int)_BSF,其中該核心網路相關動態身分 資訊包含一網路應用功能領域名稱伺服器(NAF DNS) 名稱,其中加密基於該產生的Ks」ext/int)_BSF加密該 NAF DNS名稱,導致一通用自舉架構推入資訊(GPI)之 一已加密部分(E_GPI)。 35 200915814 6. 如申請專利範圍第5項所述之方法,其中該E_GPI也包含 未加密資訊。 7. 如申請專利範圍第6項所述之方法,其中該未加密資訊 包含Upa使用。 8. 如申請專利範圍第6項所述之方法,其中該未加密資訊 包含通用積體電路卡(UICC)選擇資訊。 9. 如申請專利範圍第1項所述之方法,其中產生包含獲得 一鑑別向量(AV)。 10. 如申請專利範圍第9項所述之方法,其中該AV包含密碼 金鑰内容,該密碼金鑰内容包含用於產生該第一金鑰資 訊的一隨機數(RAND)、一鑑別符記(AUTN)、一被期望 的回應(XRES)、一密鑰(CK)以及一完整性金鑰(IK)中的 至少一者。 11. 如申請專利範圍第1項所述之方法,其中該被接收的使 用者設備處理指令資訊包含一行動應用識別符 Ua-appli-id。 12. 如申請專利範圍第1項所述之方法,其中該核心網路相關 動態身分資訊包含一網路應用功能領域名稱伺服器(NAF DNS)名稱以及一Ua介面協定識別符中的至少一者。 13. 如申請專利範圍第1項所述之方法,其中該金鑰產生相 關資訊包含一獨特使用者識別符。 14. 如申請專利範圍第1項所述之方法,其中該金鑰產生相 關資訊包含一網際網路協定多媒體子系統私人使用者 身分(IMPI)或一網際網路協定多媒體子系統公共使用 36 200915814 者身分(IMPU)。 &如申請專利範圍第!項所述之方法,其中該金输產生相 關貧訊包含-隨機數及_正負號結果中的至少一者;密 碼金矯内容;通用自舉架構推人資訊之-已加密部分; 該通用自舉架構推入資訊之—完整性保護部分;導出的 第及第一金錄,一金輪壽命;以及至少一通用自舉架 構使用者設定。 16.如申請專利範圍第i項所述之方法,其中該使用者設備 處理指令資訊包含指示行動性選擇的至少一未加密資 舌fli 7L件。 17·-種被組該儲存程式指令的記㈣制,該等程式指 令之執行導致執行包含以下步驟的操作: 接收使用者設備處理指令資訊以及金錄產生相關 資訊之一查詢; 產生與該被接收的使用者設備處理指令資訊有關 的第一金鍮資訊; 加密至少核心網路相關動態身分資訊;以及 以該金鑰產生相關資訊回復該查詢,該金鑰產生相 關資訊包含至少該已加密核心網路相關動態身分資訊 及被接收的使用者設備處理指令資訊。 18. 如申請專利範圍第17項所述之記憶體媒體,其中該金鑰 產生相關資訊之查詢包含一 GBA_PUSH_INF〇通用自舉 架構推入資訊(GPI)。 19. 如申請專利範圍第17項所述之記憶體媒體,其中該使用 37 200915814 者設備處理指令資訊包含一 Upa使用之一指示。 20. 如申請專利範圍第17項所述之記憶體媒體,其中產生該 第一金鑰資訊考量一自舉伺服器功能(BSF)名稱以及指 定的特定-Ua協定身分。 21. 如申請專利範圍第17項所述之記憶體媒體,其中該第一 金錄資訊包含反8_(6\1/丨11〇_:88?,其中該核心網路相關動 態身分資訊包含一網路應用功能領域名稱伺服器(NAF DNS)名稱,其中加密基於該產生的Ks_(ext/int)_BSF加 密該NAF DNS名稱,導致一通用自舉架構推入資訊(GPI) 之一已加密部分(E_GPI)。 22. 如申請專利範圍第21項所述之記憶體媒體,其中該 E+GM也包含未加密資訊。 23. 如申請專利範圍第22項所述之記憶體媒體,其中該未加 密資訊包含Upa使用。 24. 如申請專利範圍第22項所述之記憶體媒體,其中該未加 密資訊包含通用積體電路卡(UICC)選擇資訊。 25. 如申請專利範圍第17項所述之記憶體媒體,其中產生包 含獲得一鑑別向量(AV)。 26. 如申請專利範圍第25項所述之記憶體媒體,其中該AV 包含密碼金鑰内容,該密碼金鑰内容包含一隨機數 (RAND)、一鑑別符記(AUTN)、一被期望的回應 (XRES)、一密鑰(CK)以及一用於產生該第一金鑰資訊的 完整性金鑰(IK)中的至少一者。 27. 如申請專利範圍第17項所述之記憶體媒體,其中該被接 38 200915814 收的使用者設備處理指令資訊包含一行動應用識別符 Ua-appli-id。 28. 如申請專利範圍第17項所述之記憶體媒體,其中該核心 網路相關動態身分資訊包含一網路應用功能領域名稱 飼服器(NAF DNS)名稱以及一Ua介面協定識別符中的 至少一者。 29. 如申請專利範圍第17項所述之記憶體媒體,其中該金鑰 產生相關資訊包含一獨特使用者識別符。 30. 如申請專利範圍第17項所述之記憶體媒體,其中該金鑰 產生相關資訊包含一網際網路協定多媒體子系統私人 使用者身分(IMPI)或一網際網路協定多媒體子系統公 共使用者身分(IMPU)。 31. 如申請專利範圍第17項所述之記憶體媒體,其中該金鑰 產生相關資訊包含一隨機數及一正負號結果中的至少 一者;密碼金鑰内容;通用自舉架構推入資訊之一已加 密部分;該通用自舉架構推入資訊之一完整性保護部 刀,導出的第一及第二金鑰;一金鑰壽命;以及至少一 通用自舉架構使用者設定。 32. 如申請專利範圍第17項所述之記憶體媒體,其中該使用 者設備處理指令資訊包含指示行動性選擇的至少一未 加密資訊元件。 33. 如申請專·圍第17項所述之記紐媒體,以-自舉伺 服器功能(BSF)實施。 34·如申請專利範圍第17項所述之記憶體媒體,以—積體電 39 200915814 路晶片或模組實施。 35. —種裝置,包含: 一接收器,被組配以接收使用者設備處理指令資訊 以及金鑰產生相關資訊之一請求; 一產生器,被組配以產生與該被接收的使用者設備 處理指令資訊有關的第一金鑰資訊; 一加密器,被組配以加密至少核心網路相關動態身 分資訊;以及 一發送器,被組配以以該金鑰產生相關資訊回應該請 求,該金鑰產生相關資訊包含至少該已加密核心網路相關 動態身分資訊及被接收的使用者設備處理指令資訊。 36_如申請專利範圍第35項所述之裝置,其中該金鑰產生相 關資訊之請求包含一GBA-PUSH-INFO通用自舉架構推 入貢訊(GPI)。 37. 如申請專利範圍第35項所述之裝置’其中該使用者設備 處理指令資訊包含一 Upa使用之一指示。 38. 如申請專利範圍第35項所述之裝置,其中該產生器產生 該第一金鑰資訊時考量〆自舉伺服器功能(BSF)名稱以 及指定的特定-Ua協定身分。 39. 如申請專利範圍第35項户斤述之裝置’其中該第一金鍮資 訊包含Ks_(ext/int) BSF,其中該核心網路相關動態身分 資訊包含一網路應用功能域名伺服器(NAF DNS)名 稱,其中加密基於該產生的Ks—(ext/int)_BSF加密該NAF DNS名稱,導致一通用自舉架構推入資訊(GPI)之一已加 40 200915814 密部分(E_GPI)。 40. 如申請專利範圍第39項所述之裝置,其中也包 含未加密資訊。 41. 如申請專利範圍第39項所述之裝置,其中該未加密資訊 包含Upa使用。 42. 如申請專利範圍第39項所述之裝置,其中該未加密資訊 包含通用積體電路卡(UICC)選擇資訊。 43. 如申請專利範圍第35項所述之裝置,其中該產生器被進 一步組配以獲得一鑑別向量(AV)。 44. 如申請專利範圍第4 3項所述之裝置,其中該AV包含密碼 金鑰内容,該密碼金鑰内容包含一隨機數(RAND)、一 鑑別符記(AUTN)、一被期望的回應(XRES)、一密鑰(CK) 以及一用於產生該第一金鑰資訊的完整性金鑰(IK)中的 至少一者。 45. 如申請專利範圍第35項所述之裝置,其中該被接收的使 用者設備處理指令資訊包含一行動應用識別符 Ua-appli-id。 46. 如申請專利範圍第35項所述之裝置,其中該核心網路相關 動態身分資訊包含一網路應用功能領域名稱伺服器(NAF DNS)名稱以及一 Ua介面協定識別符中的至少一者。 47. 如申請專利範圍第35項所述之裝置,其中該金鑰產生相 關資訊包含一獨特使用者識別符。 48. 如申請專利範圍第35項所述之裝置,其中該金鑰產生相 關資訊包含一網際網路協定多媒體子系統私人使用者 41 200915814 身分(IMPI)或一網際網路協定多媒體子系統公共使用 者身分(IMPU)。 49.如申請專利範圍第35項所述之裝置,其中該金錄產生相 關資§孔包含一隨機數及一正負號結果中的至少一者;密 碼金鑰内容;通用自舉架構推入資訊之一已加密部分; 該通用自舉架構推入資訊之一完整性保護部分;導出的 第一及第一金鑰,一金鑰壽命;以及至少—通用自舉架 構使用者設定。 50·如申請專利範圍第35項所述之裝置,其中該使用者設備 處理指令資訊包含指示行動性選擇的至少一未加密資 訊元件。 5L如申請專利範圍第35項所述之裝置’以一自舉伺服器功 能(BSF)實施。 52·如申請專利範圍第35項所述之裝置,以一積體電路晶片 或模組實施。 53·—種裝置,包含: 用於接收使用者設備處理指令資訊以及金鑰產生 相關資訊之一查詢的裝置; 用於產生與該被接收的使用者設備處理指令資訊 有關的第一金鑰資訊的裝置; 用於加密至少核心網路相關動態身分資訊的裝 置;以及 用於以該金鑰產生相關資訊回復該查詢的裝置,該 金鑰產生相關資訊包含至少該已加密核心網路相關動 42 200915814 態身分資訊及被接收的使用者設備處理指令資訊。 54. 如申請專利範圍第53項所述之裝置’其中該金鑰產生相 關資訊之查詢包含一GBA-PUSH-INFO通用自舉架構推 入資訊(GPI),其中該使用者設備處理指令資訊包含一 Upa使用之一指示。 55. 如申請專利範圍第53項所述之裝置’其中該第一金鑰資 訊包含Ks_(ext/int)_BSF,其中該核心網路相關動態身分 資訊包含一網路應用功能領域名稱伺服器(NAF DNS) 名稱,其中該加密裝置基於該產生的Ks_(extAnt)_BSF 加密該NAF DNS名稱,導致一通用自舉架構推入資訊 (GPI)之一已加密部分(E J3PI) ’其中該E_GPI也包含未 加密資訊。 56. 如申請專利範圍第53項所述之裝置’其中該核心網路相 關動態身分資訊包含一網路應用功能領域名稱伺服器 (NAF DNS)名稱以及一 Ua介面協定識別符中的至少— 者。 57. 如申請專利範圍第53項所述之裝置,以與透過一基地台 與該使用者設備耦接的/接取網路實施。 58. 如申請專利範圍第53項所述之裝置’以一自舉伺服器功 能(BSF)實施。 59. 如申請專利範圍第53項所述之裝置’以一積體電路晶片 或模組實施。 60. —種方法,包含以下步驟: 接收使用者設備處癦指令貢訊以及包含至少已加 43 200915814 密核心網路相關動態身分資訊的金鑰產生相關資訊; 產生與該被接收的使用者設備處理指令資訊有關 的第一金鑰資訊; 解密該被接收的已加密核心網路相關動態身分資 訊;以及 基於該已解密核心網路相關動態身分資訊導出第 二金鑰資訊。 61. 如申請專利範圍第60項所述之方法,其中該被接收的金 输產生相關資訊包含由一網路應用功能(NAF)推入的一 通用自舉架構推入資訊(GPI)。 62. 如申請專利範圍第60項所述之方法,其中該已加密核心 網路相關動態身分資訊包括一通用自舉架構推入資訊 (GPI)之一已加密部分(E_GPI),該E_GPI包含一已加密 網路應用功能領域名稱伺服器(NAF DNS)名稱,以及其 中該使用者設備處理指令資訊包含Upa使用之一指示。 63. 如申請專利範圍第60項所述之方法,其中產生該第一金 鑰資訊使用存在該使用者設備内的一通用積體電路卡 (UICC)之Ks_(ext)_BSF。 64. 如申請專利範圍第60項所述之方法,其中產生該第一金 鑰資訊考量一自舉伺服器功能(BSF)名稱以及指定的特 定Ua-協定身分。 65. 如申請專利範圍第60項所述之方法,其中解密該被接收 的已加密核心網路相關動態身分資訊基於該產生的第 一金鑰資訊解密一已加密通用自舉架構推入資訊 44 200915814 (GPI),導致一網路應用功能(NAF)之一DNS名稱。 66_如申請專利範圍第60項所述之方法,其中導出第二金鑰 資訊導出 Ks_(ext)_NAF。 67. 如申請專利範圍第60項所述之方法,其中該核心網路相 關動態身分資訊包含一網路應用功能領域名稱伺服器 (NAF DNS)名稱及一Ua介面協定識別符中的至少一者。 68. 如申請專利範圍第60項所述之方法,其中該金鑰產生相 關資訊包含一獨特使用者識別符。 69. 如申請專利範圍第60項所述之方法,其中該金鑰產生相 關資訊包含一網際網路協定多媒體子系統私人使用者 身分(IMPI)或一網際網路多媒體子系統公共使用者身 分(IMPU)。 70. 如申請專利範圍第60項所述之方法,其中該金鑰產生相 關資訊包含一隨機數及一正負號結果中的至少一者;密 碼金鑰内容;通用自舉架構推入資訊之一已加密部分; 該通用自舉架構推入資訊之一完整性保護部分;導出的 第一及第二金鑰;一金鑰壽命;以及至少一通用自舉架 構使用者設定。 71. 如申請專利範圍第60項所述之方法,其中該使用者設備 處理指令資訊包含指示行動性選擇的至少一未加密資 訊元件。 72. —種被組配以儲存程式指令的記憶體媒體,其之執行導 致執行包含以下步驟的操作: 接收使用者設備處理指令資訊以及包含至少已加 45 200915814 密核心網路相關動態身分資訊的金鑰產生相關資訊; 產生與該被接收的使用者設備處理指令資訊有關 的第一金錄資訊; 解密該被接收的已加密核心網路相關動態身分資 訊;以及 基於該已解密核心網路相關動態身分資訊導出第 二金鑰資訊。 73. 如申請專利範圍第72項所述之記憶體媒體,其中該被接 收的金鑰產生相關資訊包含由一網路應用功能(NAF)推 入的一通用自舉架構推入資訊(GPI)。 74. 如申請專利範圍第72項所述之記憶體媒體,其中該已加 密核心網路相關動態身分資訊包括一通用自舉架構推 入資訊(GPI)之一已加密部分(E—GPI),包含一 已加密網路應用功能領域名稱伺服器(NAF DNS)名 稱,以及其中該使用者設備處理指令資訊包含Upa使用 之一指示。 75. 如申請專利範圍第72項所述之記憶體媒體,其中產生該 第一金鑰資訊使用存在該使用者設備内的一通用積體 電路卡(UICC)上的Ks_(ext)_BSF。 76. 如申請專利範圍第72項所述之記憶體媒體,其中產生該 第一金鑰資訊考量一自舉伺服器功能(BSF)名稱以及指 定的特定Ua-協定身分。 77. 如申請專利範圍第72項所述之記憶體媒體,其中解密該 被接收的已加密核心網路相關動態身分資訊基於該產 46 200915814 生的第一金鑰資訊解密一已加密通用自舉架構推入資 訊(GPI),導致一網路應用功能(NAF)之一DNS名稱。 78. 如申請專利範圍第72項所述之記憶體媒體,其中導出第 二金鑰資訊導出Ks_(ext)_NAF。 79. 如申請專利範圍第72項所述之記憶體媒體,其中該核心 網路相關動態身分資訊包含一網路應用功能領域名稱 伺服器(NAF DNS)名稱及一 Ua介面協定識別符中的至 少一者。 80. 如申請專利範圍第72項所述之記憶體媒體,其中該金鑰 產生相關資訊包含一獨特使用者識別符。 81. 如申請專利範圍第72項所述之記憶體媒體,其中該金鑰 產生相關資訊包含一網際網路協定多媒體子系統私人 使用者身分(IMPI)或一網際網路多媒體子系統公共使 用者身分(IMPU)。 82. 如申請專利範圍第72項所述之記憶體媒體,其中該金鑰 產生相關資訊包含一隨機數及一正負號結果中的至少 一者;密碼金鑰内容;通用自舉架構推入資訊之一已加 密部分;該通用自舉架構推入資訊之一完整性保護部 分;導出的第一及第二金鑰;一金鑰壽命;以及至少一 通用自舉架構使用者設定。 83. 如申請專利範圍第72項所述之記憶體媒體,其中該使用 者設備處理指令資訊包含指示行動性選擇的至少一未 加密資訊元件。 84. —種裝置,包含: 47 200915814 一接收器,被組配以接收使用者設備處理指令資訊 以及包含至少已加密核心網路相關動態身分資訊的金 鑰產生相關資訊; 一產生器,被組配以產生與該被接收的使用者設備 處理指令資訊有關的第一金鑰資訊;以及 一解密器,被組配以解密該被接收的已加密核心網 路相關動態身分資訊以用於基於該已解密核心網路相 關動態身分資訊導出第二金錄資訊。 85. 如申請專利範圍第84項所述之裝置,其中該被接收的金 鑰產生相關資訊包含由一網路應用功能(NAF)推入的一 通用自舉架構推入資訊(GPI)。 86. 如申請專利範圍第84項所述之裝置,其中該已加密核心 網路相關動態身分資訊包括一通用自舉架構推入資訊 (GPI)之一已加密部分(E_GPI),該E_GPI包含一已加密 網路應用功能領域名稱伺服器(NAFDNS)名稱,以及其 中該使用者設備處理指令資訊包含Upa使用之一指示。 87. 如申請專利範圍第84項所述之裝置,其中該產生器至少 部分依據存在一使用者設備内的一通用積體電路卡 (UICC)上的Ks_(ext)_BSF產生該第一金鑰資訊。 88. 如申請專利範圍第84項所述之裝置,其中該產生器至少 部分依據一自舉伺服器功能(BSF)名稱以及指定的特定 Ua-協定身分產生該第一金鑰資訊。 89. 如申請專利範圍第84項所述之裝置,其中該解密器基於 該產生的第一金鑰資訊解密一已加密通用自舉架構推入 48 200915814 資訊(GPI),導致一網路應用功能(NAF)之一DNS名稱。 90. 如申請專利範圍第84項所述之裝置,其中導出的第二金 鍮資訊包含Ks_(ext)_NAF。 91. 如申請專利範圍第84項所述之裝置,其中該核心網路相 關動態身分資訊包含一網路應用功能領域名稱伺服器 (NAF DNS)名稱及一 Ua介面協定識別符中的至少一者。 92. 如申請專利範圍第84項所述之裝置,其中該金鑰產生相 關資訊包含一獨特使用者識別符。 93. 如申請專利範圍第84項所述之裝置,其中該金鑰產生相 關資訊包含一隨機數及一正負號結果中的至少一者;密 碼金鑰内容;通用自舉架構推入資訊之一已加密部分; 該通用自舉架構推入資訊之一完整性保護部分;導出的 第一及第二金鑰;一金鑰壽命;以及至少一通用自舉架 構使用者設定。 94. 如申請專利範圍第84項所述之裝置,其中該使用者設備 處理指令資訊包含指示行動性選擇的至少一未加密資 訊元件。 95. 如申請專利範圍第84項所述之裝置,以一積體電路晶片 或模組實施。 —種裝置,包含: 用於接收使用者設備處理指令資訊以及包含至少 已加密核心網路相關動態身分資訊的金鑰產生相關資 訊的裝置; 用於產生與該被接收的使用者設備處理指令資訊 49 200915814 有關的第一金鑰資訊的裝置; 用於解密該被接收的已加密核心網路相關動態身 分資訊的裝置;以及 用於基於該已解密核心網路相關動態身分資訊導 出第二金鑰資訊的裝置。 97. 如申請專利範圍第96項所述之裝置,其中該被接收的金 鑰產生相關資訊包含由一網路應用功能(NAF)推入的一 通用自舉架構推入資訊(GPI)。 98. 如申請專利範圍第96項所述之裝置,其中該已加密核心 網路相關動態身分資訊包括一通用自舉架構推入資訊 (GPI)之一已加密部分(E—GPI),該E_GPI包令—已加密 網路應用功能域名伺服器(NAFDNS)名稱,以及其中該 使用者設備處理指令資訊包含Upa使用之一指示。 99. 如申請專利範圍第96項所述之裝置,其中該解密裝置解 密一已加密通用自舉架構推入資訊(GPI) 5導致一網路 應用功能(NAF)之一DNS名稱,以及其中該第二金鑰資 訊包含Ks_(ext)_NAF。 100. 如申請專利範圍第96項所述之裝置,其中該核心網路相 關動態身分資訊包含一網路應用功能域名伺服器(NAF DNS)名稱及一Ua介面協定識別符中的至少一者,以及 其中該金鑰產生相關資訊包含一獨特使用者識別符。 101. 如申請專利範圍第96項所述之裝置,以一積體電路晶片 或模組實施。 102. 如申請專利範圍第96項所述之裝置,其中該用於解密的 50 200915814 裳置進一步用於基於該產生的第一金鑰資訊解密該被 接收的已加密核心網路相關動態身分資訊。 103· —種方法,包含以下步驟: 接收使用者設備處理指令資訊以及一通用自舉架 構推入資訊(GH)之一查詢; 產生與該被接收的使用者設備處理指令資訊有關 的第一金鑰資訊(Ks_(ext/int)_BSF); 加密至少一網路應用功能域名伺服器(NAF DNS) 名稱,其中該GPI之一 E_GPI部分包含該已加密NAF DNS名稱;以及 以該E_ G PI及被接收的使用者設備處理指令資訊答 復該查詢。 104. —種方法,包含以下步驟: 接收一訊息,該訊息包含由一網路應用功能(NAF) 推入的一通用自舉架構推入資訊(GPI)以及使用者設備 處理指令資訊,其中該GPI之一E_GH部分包含一已加 密網路應用功能領域名稱伺服器(NAF DNS)名稱; 產生與該被接收的使用者設備處理指令資訊有關 的第一金鑰資訊(Ks_(ext/int)_BSF); 解密該被接收的已加密NAF DNS名稱;以及 基於該已解密NAF DNS名稱導出第二金鑰資訊 (Ks—(ext/int)—NAF)。 51200915814 X. Patent application scope: 1. A method includes the following steps: receiving a user equipment processing instruction information and a key generation related information query; generating a first gold related to the received user equipment processing instruction information Key information; encrypting at least core network related dynamic identity information; and replying the query with the key generating relevant information, the key generation related information including at least the encrypted core network related dynamic identity information and the received user equipment Process instruction information. 2. The method of claim 2, wherein the query for generating the relevant information comprises a GBA-PUSH-INFO General Bootstrapping Architecture Push Information (GPI). 3. The method of claim 1, wherein the user equipment processing instruction information includes an indication of an Upa use. 4. The method of claim 1, wherein the first key information is generated to consider a bootstrap server function (BSF) name and a specified specific Ua agreement identity. 5. The method of claim 1, wherein the first key information comprises Ks"ext/int)_BSF, wherein the core network related dynamic identity information comprises a network application function domain name server ( NAF DNS) name, where encryption is based on the generated Ks "ext/int"_BSF to encrypt the NAF DNS name, resulting in a universal bootstrapping architecture push information (GPI) encrypted portion (E_GPI). 35 200915814 6. The method of claim 5, wherein the E_GPI also includes unencrypted information. 7. The method of claim 6, wherein the unencrypted information comprises Upa use. 8. The method of claim 6, wherein the unencrypted information comprises a Universal Integrated Circuit Card (UICC) selection information. 9. The method of claim 1, wherein generating comprises obtaining an authentication vector (AV). 10. The method of claim 9, wherein the AV comprises a cryptographic key content, the cryptographic key content comprising a random number (RAND) for generating the first key information, a discriminator At least one of (AUTN), a desired response (XRES), a key (CK), and an integrity key (IK). 11. The method of claim 1, wherein the received user device processing instruction information comprises a mobile application identifier Ua-appli-id. 12. The method of claim 1, wherein the core network related dynamic identity information comprises at least one of a network application function domain name server (NAF DNS) name and a Ua interface protocol identifier. . 13. The method of claim 1, wherein the key generation related information comprises a unique user identifier. 14. The method of claim 1, wherein the key generation related information comprises an Internet Protocol Multimedia Subsystem Private User Identity (IMPI) or an Internet Protocol Multimedia Subsystem Public Use 36 200915814 Identity (IMPU). & such as the scope of patent application! The method of the item, wherein the gold output generates a correlation poverty comprising at least one of a random number and a _ sign result; a cryptographic gold correction content; a universal bootstrap architecture push information - an encrypted portion; The architecture pushes the information into the integrity protection part; the derived first and first gold records, one golden wheel life; and at least one universal bootstrap architecture user setting. 16. The method of claim i, wherein the user equipment processing instruction information comprises at least one unencrypted asset fli 7L indicating an action selection. 17-- is grouped into the memory (4) system of the program instructions, the execution of the program instructions causes the execution of the following steps: receiving the user equipment processing instruction information and the gold record generation related information query; generating and The received user equipment processes the first information related to the instruction information; encrypts at least the core network related dynamic identity information; and replies to the query by generating the related information, the key generation related information includes at least the encrypted core The network related dynamic identity information and the received user equipment processing instruction information. 18. The memory medium of claim 17, wherein the query for generating the relevant information includes a GBA_PUSH_INF〇General Bootstrapping Structure Push Information (GPI). 19. The memory medium of claim 17, wherein the device processing instruction information comprises an indication of an Upa usage. 20. The memory medium of claim 17, wherein the first key information is generated to consider a bootstrap server function (BSF) name and a specified specific-Ua agreement identity. 21. The memory medium according to claim 17, wherein the first record information comprises an inverse 8_(6\1/丨11〇_:88?, wherein the core network related dynamic identity information includes one The network application functional domain name server (NAF DNS) name, where the encryption encrypts the NAF DNS name based on the generated Ks_(ext/int)_BSF, resulting in an encrypted portion of one of the generic bootstrap architecture push information (GPI) (E_GPI) 22. The memory medium of claim 21, wherein the E+GM also includes unencrypted information. 23. The memory medium of claim 22, wherein the The encrypted information includes the use of the Upa 24. The memory medium of claim 22, wherein the unencrypted information comprises a Universal Integrated Circuit Card (UICC) selection information. 25. As described in claim 17 The memory medium, wherein the generating comprises obtaining an authentication vector (AV). 26. The memory medium of claim 25, wherein the AV comprises a cryptographic key content, the cryptographic key content comprising a random number (RAND), a discriminator At least one of (AUTN), a desired response (XRES), a key (CK), and an integrity key (IK) for generating the first key information. The memory medium of claim 17, wherein the user equipment processing instruction information received by the terminal 38 200915814 includes a mobile application identifier Ua-appli-id. 28. The memory according to claim 17 The medium, wherein the core network related dynamic identity information includes at least one of a network application functional domain name server (NAF DNS) name and a Ua interface protocol identifier. 29. The memory medium, wherein the key generation related information comprises a unique user identifier. 30. The memory medium of claim 17, wherein the key generation related information comprises an internet protocol Multimedia Subsystem Private User Identity (IMPI) or an Internet Protocol Multimedia Subsystem Public User Identity (IMPU). 31. The memory medium of claim 17 wherein the gold The key generation related information includes at least one of a random number and a positive sign result; the cryptographic key content; one of the universal bootstrap architecture push information encrypted portion; the universal bootstrapping architecture push information one integrity protection a knives, derived first and second keys; a key lifetime; and at least one universal bootstrapping user setting. 32. The memory medium of claim 17, wherein the user device The processing instruction information includes at least one unencrypted information element indicating an action selection. 33. If you apply for the New York media as described in Item 17, the Bootstrap Servo Function (BSF) is implemented. 34. The memory medium as described in claim 17 of the patent application is implemented as a chip or module. 35. A device, comprising: a receiver configured to receive a user device processing instruction information and a request for information related to a key generation; a generator configured to generate a user device with the received user device Processing first information related to the instruction information; an encryptor configured to encrypt at least core network related dynamic identity information; and a sender configured to generate a related information response request by the key, The key generation related information includes at least the encrypted core network related dynamic identity information and the received user equipment processing instruction information. 36. The device of claim 35, wherein the request for the key to generate the relevant information comprises a GBA-PUSH-INFO universal bootstrapping architecture push (GPI). 37. The device of claim 35, wherein the user device processing instruction information includes an indication of an Upa use. 38. The device of claim 35, wherein the generator generates the first key information to consider a bootstrap server function (BSF) name and a specified specific-Ua agreement identity. 39. The device of claim 35, wherein the first information includes Ks_(ext/int) BSF, wherein the core network related dynamic identity information includes a web application function domain name server ( NAF DNS) name, where encryption is based on the generated Ks-(ext/int)_BSF to encrypt the NAF DNS name, resulting in one of the generic bootstrap architecture push information (GPI) plus 40 200915814 secret portion (E_GPI). 40. The device of claim 39, which also contains unencrypted information. 41. The device of claim 39, wherein the unencrypted information comprises Upa use. 42. The device of claim 39, wherein the unencrypted information comprises a Universal Integrated Circuit Card (UICC) selection information. 43. The device of claim 35, wherein the generator is further assembled to obtain an authentication vector (AV). 44. The device of claim 4, wherein the AV comprises a cryptographic key content, the cryptographic key content comprising a random number (RAND), an authentication token (AUTN), and an expected response. (XRES), a key (CK), and at least one of an integrity key (IK) for generating the first key information. 45. The device of claim 35, wherein the received user device processing instruction information comprises a mobile application identifier Ua-appli-id. 46. The device of claim 35, wherein the core network related dynamic identity information comprises at least one of a network application function domain name server (NAF DNS) name and a Ua interface protocol identifier. . 47. The device of claim 35, wherein the key generation related information comprises a unique user identifier. 48. The device of claim 35, wherein the key generation related information comprises an internet protocol multimedia subsystem private user 41 200915814 identity (IMPI) or an internet protocol multimedia subsystem public use Identity (IMPU). 49. The device of claim 35, wherein the gold record generating related hole comprises at least one of a random number and a positive sign result; the password key content; the general bootstrapping structure push information One of the encrypted portions; the universal bootstrapping architecture pushes one of the integrity protection portions of the information; the derived first and first keys, a key lifetime; and at least - the general bootstrap architecture user settings. 50. The device of claim 35, wherein the user device processing instruction information comprises at least one unencrypted information element indicating an action selection. 5L is implemented as a bootstrap server function (BSF) as described in claim 35. 52. The device of claim 35, which is implemented as an integrated circuit chip or module. The device includes: means for receiving a query of the user equipment processing instruction information and one of the key generation related information; and generating the first key information related to the received user equipment processing instruction information Means for encrypting at least core network related dynamic identity information; and means for replying the query with the key to generate related information, the key generation related information including at least the encrypted core network related activity 42 200915814 Status information and received user equipment processing instruction information. 54. The device of claim 53, wherein the query for the key generation related information comprises a GBA-PUSH-INFO General Bootstrapping Structure Push Information (GPI), wherein the user equipment processing instruction information includes One of the Upa uses one indication. 55. The device of claim 53, wherein the first key information comprises Ks_(ext/int)_BSF, wherein the core network related dynamic identity information comprises a network application function domain name server ( NAF DNS) name, wherein the encryption device encrypts the NAF DNS name based on the generated Ks_(extAnt)_BSF, resulting in a general bootstrapping architecture push information (GPI) encrypted portion (E J3PI) 'where the E_GPI is also Contains unencrypted information. 56. The device of claim 53, wherein the core network related dynamic identity information comprises at least one of a network application functional domain name server (NAF DNS) name and a Ua interface protocol identifier. . 57. The device of claim 53 is implemented in an access network coupled to the user equipment through a base station. 58. The device described in claim 53 is implemented as a bootstrap server function (BSF). 59. The device described in claim 53 is implemented as an integrated circuit chip or module. 60. A method comprising the steps of: receiving a user device at a command message and generating a key containing at least 43 200915814 confidential core network related dynamic identity information; generating and receiving the user device Processing the first key information related to the instruction information; decrypting the received encrypted core network related dynamic identity information; and deriving the second key information based on the decrypted core network related dynamic identity information. 61. The method of claim 60, wherein the received gold generated related information comprises a generic bootstrap architecture push information (GPI) pushed by a network application function (NAF). 62. The method of claim 60, wherein the encrypted core network related dynamic identity information comprises an encrypted portion (E_GPI) of a generic bootstrap architecture push information (GPI), the E_GPI includes a The encrypted network application functional area name server (NAF DNS) name, and the user equipment processing instruction information includes an indication of the use of Upa. 63. The method of claim 60, wherein generating the first key information uses Ks_(ext)_BSF of a Universal Integral Circuit Card (UICC) present in the user equipment. 64. The method of claim 60, wherein the first key information consideration generates a bootstrap server function (BSF) name and a specified specific Ua-agree identity. 65. The method of claim 60, wherein decrypting the received encrypted core network related dynamic identity information is based on the generated first key information decrypting an encrypted universal bootstrap architecture push information 44 200915814 (GPI), which causes one of the Network Application Functions (NAF) DNS names. 66_ The method of claim 60, wherein the second key information is derived to derive Ks_(ext)_NAF. 67. The method of claim 60, wherein the core network related dynamic identity information comprises at least one of a network application function domain name server (NAF DNS) name and a Ua interface protocol identifier. . 68. The method of claim 60, wherein the key generation related information comprises a unique user identifier. 69. The method of claim 60, wherein the key generation related information comprises an Internet Protocol Multimedia Subsystem Private User Identity (IMPI) or an Internet Multimedia Subsystem public user identity ( IMPU). 70. The method of claim 60, wherein the key generation related information comprises at least one of a random number and a positive sign result; the cryptographic key content; one of the general bootstrapping push information The encrypted portion; the universal bootstrapping architecture pushes one of the information integrity protection portions; the derived first and second keys; a key lifetime; and at least one universal bootstrap architecture user setting. The method of claim 60, wherein the user equipment processing instruction information includes at least one unencrypted information element indicating an action selection. 72. A memory medium configured to store program instructions, the execution of which results in performing an operation comprising: receiving user equipment processing instruction information and including at least 45 200915814 confidential core network related dynamic identity information Generating relevant information; generating first record information related to the received user equipment processing instruction information; decrypting the received encrypted core network related dynamic identity information; and correlating based on the decrypted core network The dynamic identity information derives the second key information. 73. The memory medium of claim 72, wherein the received key generation related information comprises a universal bootstrap architecture push information (GPI) pushed by a network application function (NAF). . 74. The memory medium of claim 72, wherein the encrypted core network related dynamic identity information comprises an encrypted portion (E-GPI) of a general bootstrap architecture push information (GPI), Contains an encrypted network application functional area name server (NAF DNS) name, and an indication that the user equipment processing instruction information includes an Upa usage. 75. The memory medium of claim 72, wherein the first key information is generated using Ks_(ext)_BSF on a universal integrated circuit card (UICC) within the user equipment. 76. The memory medium of claim 72, wherein the first key information is generated to consider a bootstrap server function (BSF) name and a specified specific Ua-agreement identity. 77. The memory medium of claim 72, wherein decrypting the received encrypted core network related dynamic identity information is based on the first key information decrypted by the product. Architecture Push Information (GPI), which results in a DNS name for one of the Network Application Functions (NAF). 78. The memory medium of claim 72, wherein the second key information is derived to derive Ks_(ext)_NAF. 79. The memory medium of claim 72, wherein the core network related dynamic identity information comprises at least one of a network application function domain name server (NAF DNS) name and a Ua interface protocol identifier. One. 80. The memory medium of claim 72, wherein the key generation related information comprises a unique user identifier. 81. The memory medium of claim 72, wherein the key generation related information comprises an Internet Protocol Multimedia Subsystem Private User Identity (IMPI) or an Internet Multimedia Subsystem public user. Identity (IMPU). 82. The memory medium of claim 72, wherein the key generation related information comprises at least one of a random number and a positive sign result; the password key content; the general bootstrapping structure push information One of the encrypted portions; the universal bootstrapping architecture pushes one of the information integrity protection portions; the derived first and second keys; a key lifetime; and at least one universal bootstrap architecture user setting. 83. The memory medium of claim 72, wherein the user device processing instruction information comprises at least one unencrypted information element indicating an action selection. 84. A device, comprising: 47 200915814 a receiver configured to receive user equipment processing instruction information and a key generation information including at least an encrypted core network related dynamic identity information; a generator that is grouped Configuring to generate first key information related to the received user equipment processing instruction information; and a decryptor configured to decrypt the received encrypted core network related dynamic identity information for use based on the The core network related dynamic identity information has been decrypted to derive the second record information. 85. The device of claim 84, wherein the received key generation related information comprises a generic bootstrap architecture push information (GPI) pushed by a network application function (NAF). 86. The device of claim 84, wherein the encrypted core network related dynamic identity information comprises an encrypted portion (E_GPI) of a generic bootstrap architecture push information (GPI), the E_GPI includes a The encrypted network application functional area name server (NAFDNS) name, and the user equipment processing instruction information includes an indication of the use of Upa. 87. The device of claim 84, wherein the generator generates the first key based at least in part on a Ks_(ext)_BSF on a universal integrated circuit card (UICC) in a user equipment. News. 88. The device of claim 84, wherein the generator generates the first key information based at least in part on a bootstrap server function (BSF) name and a specified specific Ua-agree identity. 89. The device of claim 84, wherein the decryptor decrypts an encrypted universal bootstrapping architecture based on the generated first key information to push 48 200915814 information (GPI), resulting in a network application function. (NAF) One of the DNS names. 90. The device of claim 84, wherein the derived second information comprises Ks_(ext)_NAF. 91. The device of claim 84, wherein the core network related dynamic identity information comprises at least one of a network application function domain name server (NAF DNS) name and a Ua interface protocol identifier. . 92. The device of claim 84, wherein the key generation related information comprises a unique user identifier. 93. The device of claim 84, wherein the key generation related information comprises at least one of a random number and a positive sign result; the cryptographic key content; one of the general bootstrap architecture push information The encrypted portion; the universal bootstrapping architecture pushes one of the information integrity protection portions; the derived first and second keys; a key lifetime; and at least one universal bootstrap architecture user setting. 94. The device of claim 84, wherein the user device processing instruction information comprises at least one unencrypted information element indicating an action selection. 95. The device of claim 84, which is implemented as an integrated circuit chip or module. The device includes: means for receiving user equipment processing instruction information and key generation information including at least encrypted core network related dynamic identity information; and generating processing information with the received user equipment processing instruction 49 200915814 means for first key information; means for decrypting the received encrypted core network related dynamic identity information; and for deriving a second key based on the decrypted core network related dynamic identity information Information device. 97. The device of claim 96, wherein the received key generation related information comprises a generic bootstrap architecture push information (GPI) pushed by a network application function (NAF). 98. The device of claim 96, wherein the encrypted core network related dynamic identity information comprises an encrypted portion (E-GPI) of a generic bootstrap architecture push information (GPI), the E_GPI Encapsulation—The encrypted network application function domain name server (NAFDNS) name, and the user device processing instruction information includes an indication of the use of Upa. 99. The device of claim 96, wherein the decryption device decrypts an encrypted universal bootstrapping architecture push information (GPI) 5 resulting in a DNS function function (NAF), and wherein The second key information contains Ks_(ext)_NAF. 100. The device of claim 96, wherein the core network related dynamic identity information comprises at least one of a network application function domain name server (NAF DNS) name and a Ua interface protocol identifier, And wherein the key generation related information includes a unique user identifier. 101. The device of claim 96, which is implemented as an integrated circuit chip or module. 102. The device of claim 96, wherein the decrypting 50 200915814 is further configured to decrypt the received encrypted core network related dynamic identity information based on the generated first key information. . 103. A method comprising the steps of: receiving user equipment processing instruction information and one of a general bootstrap architecture push information (GH) query; generating a first gold related to the received user equipment processing instruction information Key information (Ks_(ext/int)_BSF); encrypting at least one network application function domain name server (NAF DNS) name, wherein one of the GPI E_GPI parts contains the encrypted NAF DNS name; and the E_G PI and The received user device processing instruction information replies to the query. 104. A method comprising the steps of: receiving a message comprising a generic bootstrap architecture push information (GPI) pushed by a network application function (NAF) and user device processing instruction information, wherein One of the GPI E_GH parts contains an encrypted network application function area name server (NAF DNS) name; generates first key information related to the received user equipment processing instruction information (Ks_(ext/int)_BSF Decrypting the received encrypted NAF DNS name; and deriving the second key information (Ks_(ext/int)-NAF) based on the decrypted NAF DNS name. 51
TW097125032A 2007-07-03 2008-07-03 Method, apparatus, system and computer program for key parameter provisioning TW200915814A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US92958907P 2007-07-03 2007-07-03

Publications (1)

Publication Number Publication Date
TW200915814A true TW200915814A (en) 2009-04-01

Family

ID=40094130

Family Applications (1)

Application Number Title Priority Date Filing Date
TW097125032A TW200915814A (en) 2007-07-03 2008-07-03 Method, apparatus, system and computer program for key parameter provisioning

Country Status (2)

Country Link
TW (1) TW200915814A (en)
WO (1) WO2009004590A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI556658B (en) * 2013-05-31 2016-11-01 英特爾智財公司 Proximity service explores capital

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5468623B2 (en) * 2009-02-05 2014-04-09 テレフオンアクチーボラゲット エル エム エリクソン(パブル) Apparatus and method for protecting bootstrap messages in a network
GB2518254B (en) 2013-09-13 2020-12-16 Vodafone Ip Licensing Ltd Communicating with a machine to machine device
CN106487501B (en) 2015-08-27 2020-12-08 华为技术有限公司 Key distribution and reception method, key management center, first and second network elements

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8260259B2 (en) * 2004-09-08 2012-09-04 Qualcomm Incorporated Mutual authentication with modified message authentication code
WO2007008120A1 (en) * 2005-07-07 2007-01-18 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for authentication and privacy
US8122240B2 (en) * 2005-10-13 2012-02-21 Telefonaktiebolaget Lm Ericsson (Publ) Method and apparatus for establishing a security association

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI556658B (en) * 2013-05-31 2016-11-01 英特爾智財公司 Proximity service explores capital

Also Published As

Publication number Publication date
WO2009004590A3 (en) 2009-02-26
WO2009004590A2 (en) 2009-01-08

Similar Documents

Publication Publication Date Title
Neuman et al. The Kerberos network authentication service (V5)
JP4741664B2 (en) Method and apparatus for authentication and privacy
EP3205048B1 (en) Generating a symmetric encryption key
EP2701362A1 (en) Communications device authentication
US20060291660A1 (en) SIM UICC based broadcast protection
WO2017185692A1 (en) Key distribution and authentication method, apparatus and system
GB2586549A (en) Communicating with a machine to machine device
AU2009234465B2 (en) Methods and apparatus for authentication and identity management using a Public Key Infrastructure (PKI) in an IP-based telephony environment
CN103314605A (en) Method and apparatus for authenticating a communication device
CN102379114A (en) Security key management in ims-based multimedia broadcast and multicast services (mbms)
JP7404540B2 (en) Privacy information transmission methods, devices, computer equipment and computer readable media
SE538304C2 (en) Improved installation of a terminal in a secure system
US11652646B2 (en) System and a method for securing and distributing keys in a 3GPP system
CN101895881B (en) Method for realizing GBA secret key and pluggable equipment of terminal
CN107094156B (en) Secure communication method and system based on P2P mode
US20240259358A1 (en) Communication method and apparatus, device, storage medium, and program product
CN111918289B (en) Terminal access method, device and server
TW200915814A (en) Method, apparatus, system and computer program for key parameter provisioning
CN102281303A (en) Data exchange method
WO2021236078A1 (en) Simplified method for onboarding and authentication of identities for network access
EP3125595A1 (en) Method to provide identification in privacy mode
CN114501591A (en) Intelligent equipment network access method and device and computer readable storage medium
US12549366B2 (en) IPCON MCData session establishment method
RU2358406C2 (en) Authentication and update of session key generation between service network node and at least one communication terminal device with identification card
CN110048843B (en) Session key transmission method, device and computer readable storage medium