(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2010/0064344 A1
`Wang
`(43) Pub. Date:
`Mar. 11, 2010
`
`US 20100064.344A1
`
`(54) METHOD AND DEVICE FOR UPDATINGA
`KEY
`
`(76) Inventor:
`
`Zhengwei Wang, Shenzhen (CN)
`
`Correspondence Address:
`LADAS & PARRY LLP
`26 WEST 61ST STREET
`NEW YORK, NY 10023 (US)
`
`(21) Appl. No.:
`
`11/921,203
`
`(22) PCT Filed:
`
`May 26, 2006
`
`(86). PCT No.:
`
`PCTPCN2OO6/OO1113
`
`S371 (c)(1),
`(2), (4) Date:
`
`Nov. 28, 2007
`
`(30)
`
`Foreign Application Priority Data
`
`May 28, 2005 (CN) ......................... 200510O34969.1
`
`Publication Classification
`
`(51) Int. Cl.
`(2006.01)
`G06F2L/00
`(2006.01)
`H04L 9/00
`(52) U.S. Cl. ............................................... 726/3: 380/44
`(57)
`ABSTRACT
`A method for updating a key includes: assigning, by a net
`work, a stipulated specific value to an authentication manage
`ment field AMF and generating a corresponding authentica
`tion tuple, and sending corresponding parameters in the
`authentication tuple to the terminal when an authentication
`request is initiated to the terminal, and generating a new
`authentication key for use in the next authentication; gener
`ating, by the terminal, a new authentication key correspond
`ing to the network for use in the next authentication, when the
`corresponding parameters are received and it is determined
`that the authentication for the network is passed and the
`authentication management field in the corresponding param
`eters is with the predetermined value. According to the
`method for updating the key according to the invention, the
`key may be updated conveniently without adding to or modi
`fying the existing signaling resources or the authentication
`parameters, so that network security may be improved.
`
`801
`
`HLRAUC assigns a specific value TmpAMF to AMF to
`generate an authentication quintuplet, and generates a new key
`with random challenge RAND and K1 and sends the generated
`quintuplet to MSC/VLR or SGSN
`
`802
`
`MSCWR or SGSN extracts the RAND and
`the AUTN from the corresponding quintuplet
`and sends them to the mobile termina:
`
`803
`
`computes the value of MAC-A, and
`determines whether the value of the MACA
`omputed is consistent with the valueg
`MAC-A in the AUTN
`
`consistent
`
`805
`The nobile
`erminal determines whether
`the AUTN is
`acceptable
`
`806
`
`The authentication for the
`network is passed, and the
`SQNMS is updated according to
`the SQNE in the AUT
`
`The mobile terminal
`generates an XRES, a CK
`and an K with K and
`RAND received, and sends
`the generated XRES to
`
`After HLRAUC receives
`the AUTS and werifies the
`validity of the AUTS, it
`updates the corresponding
`SS stored according to
`the SQNMS in the AUTS
`
`MSCFWLR determines whether the XRES
`received from the mobile terminal is consistent
`with the XRES in the corresponding quintuplet
`of the mobile terminal received from HL
`AUC so as to determine whether the
`authentication for the mobile terminal is
`passed, and sends a message indicating the
`authentication result to the termina
`
`
`
`83
`
`HRFAUC
`generates a new
`authentication tuple
`and sends it to
`MSCWLR
`
`istent
`804.
`OSS
`The mobile terminal
`determines that he
`authentication for the
`network is failed and sends
`an authentication failure
`message to MSC/VLR
`
`The mobile terminal generates a
`resynchronization token AUTS,
`initiates a resynchronization
`request to MSCVLR, and submits
`the AUS
`
`The mobile
`terminal determines
`whether the AMF in the AUT
`is the specific value
`TmpAMF
`
`The mobile terminal
`generates a new
`autheritication ke
`with K and RAN
`
`After MSCWLR receives the
`resynchronization request
`initiated by the terminal, it
`deletes the authentication tuple
`corresponding to the terminal,
`requests a new authentication set
`from HLRfAUC. and submits the
`
`No
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`APPLE 1011
`
`1
`
`

`

`Patent Application Publication
`
`Mar. 11, 2010 Sheet 1 of 5
`
`US 2010/0064.344 A1
`
`HLR/AUC assigns a specific value to AMF to generate an
`authentication tuple, and the authentication tuple generated is
`sent to MSC/VLR or SGSN, and a new key NewKI is generated
`with random challenge RAND and Kl
`
`101
`
`
`
`MSC/VLR or SGSN transmits part of the parameters in the - 103
`quintuplet to MS via an authentication request message
`
`No
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`S determines
`whether the authentication
`for the network is
`passed
`
`105
`
`Determine
`Whether the AMF received is the
`specific value
`
`NO
`
`generates a new key
`New KI
`
`Fig. 1
`
`2
`
`

`

`Patent Application Publication
`
`Mar. 11, 2010 Sheet 2 of 5
`
`US 2010/0064.344 A1
`
`
`
`801
`
`HLR/AUC assigns a specific value TmpAMF to AMF to
`generate an authentication quintuplet, and generates a new key
`with random challenge RAND and KI, and sends the generated
`quintuplet to MSC/VLR or SGSN
`
`
`
`802
`
`consistent
`
`MSC/VLR or SGSN extracts the RAND and
`the AUTN from the corresponding quintuplet
`and sends them to the mobile terminal
`
`803
`
`he mobile termina
`computes the value of MAC-A, and
`determines whether the value of the MAC-A
`ormputed is consistent with the value 9
`MAC-A in the AUTN
`
`805
`
`The mobile
`erminal determines whether
`the AUTN is
`acceptable
`
`
`
`
`
`806
`
`804
`
`nCOnSStent
`V
`The mobile terminal
`determines that the
`authentication for the
`network is failed and sends
`an authentication failure
`message to MSC/VLR
`
`The mobile terminal generates a
`resynchronization token AUTS,
`initiates a resynchronization
`request to MSC/VLR, and Submits
`the AUTS
`
`The authentication for the
`network is passed, and the
`SQNMS is updated sing tO
`the SQNHE in the AUT
`
`The mobile
`terminal determines
`Whether the AMF in the AUT
`is the specific value
`TmpAMF
`
`No
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`After MSC/VLR receives the
`resynchronization request
`initiated by the terminal, it
`deletes the authentication tuple
`corresponding to the terminal,
`requests a new authentication set
`from HLR/AUC, and Submits the
`
`The mobile terminal
`generates a new
`authentication ke
`with K and RAN
`
`The mobile terminal
`generates an XRES, a CK
`and an IK with K and
`RAND received, and sends
`the generated XRES to
`MSC/VLR
`
`After HLR/AUC receives
`the AUTS and verifies the
`validity of the AUTS, it
`updates the corresponding
`SONHE stored according to
`the SQNMS in the AUTS
`
`
`
`
`
`MSC/VLR determines whether the XRES
`received from the mobile terminal is consistent
`with the XRES in the corresponding quintuplet
`of the mobile terminal received from
`E.
`AUC so as to determine whether the
`authentication for the mobile terminal is
`passed, and sends a message indicating the
`authentication result to the termina
`
`HLR/AUC
`generates a new
`authentication tuple
`and sends it to
`MSC/VLR
`
`813
`
`Fig. 2
`
`3
`
`

`

`Patent Application Publication
`
`Mar. 11, 2010 Sheet 3 of 5
`
`US 2010/0064344 A1
`
`
`
`90
`
`HLR/AUC assigns a specific value TmpAMF to AMF to
`generate an authentication quintuplet, and generates a new key
`with random challenge RAND and KI, and sends the generated
`quintuplet to MSC/VLR or SGSN
`
`
`
`902
`
`consistent
`
`MSC/VLR or SGSN extracts the RAND and
`the AUTN from the corresponding quintuplet
`and sends them to the mobile terminal
`
`903
`
`he mobile termina
`computes the value of MAC-A, and
`determines whether the value of the MAC-A
`omputed is consistent with the value Q
`MAC-A in the AUTN
`
`inconsistent
`
`904
`The mobile terminal
`determines that the
`authentication for the
`network is failed and sends
`an authentication failure
`message to MSC/VLR
`
`The mobile terminal generates a
`resynchronization token AUTS,
`initiates a resynchronization
`request to MSC/VLR, and submits
`the AUTS
`
`After MSC/VLR receives the
`resynchronization request
`initiated by the terminal, it
`deletes the authentication tuple 909
`corresponding to the terminal,
`requests a new authentication set
`from HLR/AUC, and submits the
`AUT
`
`905
`The mobile
`erminal determines whether
`the AUTN is
`acceptable
`
`
`
`
`
`
`
`906
`
`Yes
`The authentication for the
`network is passed, and the
`SQNMS is updated assing tO
`the SQNHE in the AUT
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`908
`
`
`
`terminal determines
`whether the AMF is the
`specific value
`TmpAME
`
`The mobile terminal generates a
`new authentication key with the
`KI and the RAND, generates an
`AUTS with a specific value in
`place of the SQNMS, and
`initiates areSynchronization
`request to MSC/VLR, and submit
`the AUTS
`The mobile terminal generates an
`XRES, a CK and an IK with the Kl
`and RAND received, and sends the
`generated XRES to MSC/VLR
`
`
`
`
`
`
`
`
`
`MSC/WLR determines whether the XRES
`received from the mobile terminal is consistent
`with the XRES in the corresponding quintuplet
`of the mobile terminal received from HL
`AUC so as to determine whether the
`authentication for the mobile terminal is
`passed, and sends a message indicating the
`authentication result to the terminal
`
`
`
`913
`
`
`
`
`
`After
`HLR/AUC
`verifies the validity of
`AUTS, it determines
`whether the SQNMS is the
`stipulated
`specific
`value
`
`
`
`The corresponding
`SQNHE stored is
`updated according to the
`SQNMS in the AUTS
`HLR/AUC generates a new
`authentication tuple and
`sends it to MSC/VLR
`
`Fig. 3
`
`
`
`The network
`determines that the
`terminal has
`generated a new
`authentication key,
`and HLR/AUC will
`use the new
`authentication key
`to generate the
`authentication tuple
`next time
`
`4
`
`

`

`Patent Application Publication
`
`Mar. 11, 2010 Sheet 4 of 5
`
`US 2010/0064.344 A1
`
`HLR/AUC assigns a specific value to AMF so as to generate
`an authentication quintuplet, and sends the authentication
`quintuplet generated to MSC/VLR or SGSN
`
`20
`
`SC/VLR or SGSN transmits part of the parameters in the 203
`M
`quintuplet to MS via an authentication request message
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`205
`
`
`
`S determines
`whether the authentication
`for the network is
`Dassed
`
`207
`
`Determine
`Whether the AMF received is
`the specific value
`
`
`
`MS generates a new key
`New K, and sends a message
`about successful update of the
`key to the network
`
`After the network receives
`the message, it generates a
`new key Newk With the
`random challenge RAND
`and the KI
`
`Fig. 4
`
`5
`
`

`

`Patent Application Publication
`
`Mar. 11, 2010 Sheet 5 of 5
`
`US 2010/0064.344 A1
`
`29O.
`
`HLR/AUC assigns a specific value TmpAMF to AMF to
`R and sends the quintuplet
`generate an authentication quintu
`generated to
`SC/VLR or SGSN
`
`2902
`
`MSC/WLR or SCSN extracts the RAND and
`the AUTN from the corresponding quintuplet
`and sends them to the mobile terminal
`
`2903
`
`he mobile termina
`computes the value of MAC-A, and
`determines whether the value of the MAC-A
`Qmputed is consistent with the value g
`MAC-A in the AUTN
`
`consistent
`
`
`
`2.905
`The nobile
`erminal determines whethe
`the AUTN is
`acceptable
`
`2906
`
`Yes
`The authentication for the
`network is passed, and the
`SQNMS is updated according to
`the SONE in the AUTN
`
`2908
`
`2907
`terminal determines
`whether the AMF is the
`specific value
`TmpAME
`Yes
`The mobile terminal generates a
`new authentication key with the
`Kland the RAND, generates an
`AUTSWith a specific value in
`place of the SQNMS, and
`initiates a resynchronization
`request to MSC/VLR, and submit
`the AUTS
`
`The mobile terminal
`elerates a
`bXRES, a CK and an EK by using KI
`and RAND received, an
`Selds the
`enerated XRES to MSCWLR
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`istent
`COSS
`
`2904
`
`The mobile terminal
`determines that the
`authentication for the
`network is failed and sends
`an authentication failure
`message to MSC/VLR
`
`No
`The mobile terminal generates a
`resynchronization token AUTS,
`initiates a resynchronization
`request to MSC/VLR, and submits
`the AUTS
`
`After MSC/WLR receives the
`resynchronization request
`initiated by the terminal, it
`deletes the authentication tuple
`corresponding to the terminal,
`requests a new authentication set
`from HLR/AUC, and submits the
`
`2909
`
`
`
`After
`HLRAAUC
`verifies the validity of
`AUTS, it determines
`hether the SQNMS is the
`stipulated
`specific
`alue
`
`The corresponding
`SQNHE stored is
`updated according to the
`SQNMS in the AUTS
`C generates a new
`t
`HLRfAU
`authentication tuple and
`sends it to MSC/VLR
`
`
`
`Yes
`
`296
`
`The network
`determines that the
`termina has
`generated a new
`authentication key,
`and generates a
`new authentication
`tuple with the
`random challenge
`RAND and the R
`
`Fig. 5
`
`MSC/WLR determines whether the XRES
`received from the mobile terminal is consistent
`with the XRES in the corresponding quintuplet
`of the mobile terminal received from HL
`AUC so as to determine whether the
`authentication for the mobile terminal is
`passed, and sends a message indicating the
`authentication result to the termina
`
`6
`
`

`

`US 2010/0064344 A1
`
`Mar. 11, 2010
`
`METHOD AND DEVICE FOR UPDATING A
`KEY
`
`FIELD OF THE INVENTION
`0001. The present invention relates to communication
`security technology, in particular, to a method and device for
`updating a key.
`
`BACKGROUND OF THE INVENTION
`0002. In Global System for Mobile Communications
`(GSM) network and Wideband Code Division Multiple
`Access (WCDMA) network, authentication is realized syn
`ergically by Mobile station (MS), Mobile Switching Center/
`Visit Location Register (MSC/VLR) or Serving GPRS Sup
`port Node (SGSN), and Home Location Register/
`Authentication center (HLR/AUC). An authentication key KI
`is stored in a Subscriber Identity Module (SIM) card or a
`UMTS Subscriber Identity Module (USIM) card. The HLR/
`AUC also contains an authentication key KI, the value of
`which is consistent with the value of the KI in the SIM card or
`the USIM card. An authentication parameter is computed by
`the MS and the AUC respectively, and compared by the MSC/
`VLR or the SGSN. Therefore, the validity of the MS may be
`verified by the network.
`I0003. In the authentication in a 3" Generation (3G) sys
`tem, such as Universal Mobile Telecommunication System
`(UMTS), an authentication quintuplet is used, and the mobile
`terminal and the network authenticate each other, and the
`mobile terminal and the network both store the authentication
`key KI.
`0004. The authentication quintuplet generated by the net
`work includes: a random challenge RAND, an expected
`response XRES, a cipher key CK, an integrity key IK and an
`authentication token AUTN. This quintuplet is used by the
`terminal subscriber card USIM and the network to authenti
`cate each other. The authentication token AUTN is 16 bytes in
`length and comprises: 1) SQNHEAK, in which the sequence
`number SQNHE and the anonymity key AK are 6 bytes in
`length respectively; the USIM will check whether the
`SQNHE generated by the AUC is up to date, which is an
`important part of the authentication process; 2) an authenti
`cation management field AMF, which is 2 bytes in length; 3)
`a message authentication code MAC-A, which is 8 bytes in
`length and used to verify the data integrity of the RAND, SQN
`HE and AMF, and is used by the USIM to authenticate the
`network.
`0005. In addition, to authenticate the USIM via the net
`work during resynchronization, the USIM sends a message
`authentication code MAC-S to the network.
`0006. By means of the aforementioned authentication
`method, the security of the network may be improved. But,
`similar to the 2" Generation (2G) communication network,
`the keys KI stored in the HLR/AUC and the USIM are usually
`constant, so it will bring about some hidden troubles to the
`security. For example, if a USIM is cloned, the subscriber
`cloned may suffer a loss due to free calls on the subscriber's
`expense through illegal means by a cloner, the service pro
`vider may also suffer a loss. For example, the call charge as a
`reward to one subscriber may be used by two individuals. In
`another example, in order to reduce operation cost, some
`service providers entrust a card manufacturer to manufacture
`a batch of USIM cards and write corresponding data includ
`ing KI into the subscriber card in advance. If the KI data of
`
`these USIM cards divulge from the card manufacturer, it may
`also cause hidden troubles to the security.
`0007. In addition, during the network-locked terminal
`lease process, handset manufacturers need to set an initial
`security key IKey in a User Equipment (UE) and store the
`IKey on the network; the mobile terminal authenticates the
`validity of the network according to this IKey, so as to ensure
`security of the mobile terminal. In Such a case, problems also
`exist. For example, IKey may divulge from handset manufac
`turers passively, Such as, being carried over and brought to
`light by Vicious employees, or being embezzled by hackers.
`In the aforementioned cases, if the key is not updated, the
`network may face a great threat to security.
`0008. Therefore, it has become an urgent problem that
`how the key can be updated conveniently so as to improve the
`network security without modifying the existing communi
`cation protocols, adding signaling or authentication param
`eters and increasing the operation cost.
`
`SUMMARY OF THE INVENTION
`0009. In view of the aforementioned technical problem, it
`is an object of the present invention to provide a method and
`a device for updating the key, by means of which the key can
`be conveniently updated and no additional communication
`protocol, signaling or authentication parameter is required.
`Therefore, the network security can be improved.
`0010. The invention provides a method for updating the
`key, which includes: a) assigning a predetermined value to the
`authentication management field AMF via the network and
`generating a corresponding authentication tuple, sending cor
`responding parameters in the authentication tuple to a termi
`nal, and generating a new authentication key; b) generating a
`new authentication key corresponding to the network when
`the terminal receives the corresponding authentication
`parameters and determines that the authentication for the
`network is passed and the authentication management field
`AMF in the corresponding parameters is with the predeter
`mined value.
`0011
`Preferably, the Step b further includes: sending a
`message about Successful update of the key to the network via
`the terminal after it generates the new authentication key.
`0012. In a preferred implementation, the process of send
`ing the message about Successful update of the key is realized
`by returning a synchronization request message to the net
`work and assigning a stipulated specific value to the sequence
`number SQNMS.
`0013 Preferably, the method further includes: sending a
`request for updating the key to the network via the terminal
`before the Step a.
`0014 Preferably, the authentication tuple includes a ran
`dom challenge RAND, an expected response XRES, a cipher
`key CK, an integrity key IK and an authentication token
`AUTN; during the generation of the corresponding authenti
`cation tuple, only the RAND and the AUTN may be gener
`ated, or the RAND, AUTN and only any one or more of the
`XRES, CK and IK may be generated.
`0015 The invention resolves the aforementioned techni
`cal problem with another solution as follows:
`0016 a method for updating the key, which includes at
`least the following steps: a) assigning a predetermined value
`to the authentication management field AMF via the network
`and generating a corresponding authentication tuple, sending
`corresponding parameters in the authentication tuple to a
`terminal; b) generating a new authentication key correspond
`
`7
`
`

`

`US 2010/0064344 A1
`
`Mar. 11, 2010
`
`ing to the network and returning a message about Successful
`update of the key via the terminal when the terminal receives
`the corresponding parameters and determines that the is
`authentication for the network is passed and the authentica
`tion management field AMF in the corresponding parameters
`is the predetermined value; c) generating a new authentica
`tion key via the network after it receives the message about
`successful update of the key returned by the terminal.
`0017 Preferably, the process of returning a message about
`successful update of the key in the Step b is realized by
`returning the sequence number SQNMS with the stipulated
`specific value when a synchronization request message is
`returned to the network.
`0018 Preferably, the method further includes sending a
`request for updating the key to the network by the terminal
`before the Step a.
`0019 Preferably, the authentication tuple includes a ran
`dom challenge RAND, an expected response XRES, a cipher
`key CK, an integrity key IK and an authentication token
`AUTN; during the generation of the corresponding authenti
`cation tuple, only the RAND and the AUTN may be gener
`ated, or the RAND, AUTN and only any one or more of the
`XRES, CK and IK may be generated.
`0020. The invention provides another method for updating
`the key, which includes:
`0021 sending parameters including at least a random
`challenge and an authentication token to a terminal via
`the network, wherein the authentication management
`field in the authentication token is a predetermined
`value;
`0022 generating a new authentication key via the ter
`minal according to the random challenge after the
`authentication for the network with the authentication
`token is passed; and
`0023 generating a new authentication key via the net
`work according to the random challenge.
`0024. The method further includes: sending a request for
`updating the key to the network via the terminal before send
`ing parameters including at least a random challenge and an
`authentication token to the terminal via the network.
`0025. Wherein, sending a request for updating the key is
`realized by initiating is a synchronization process to the net
`work; or, via short message or Unstructured Supplementary
`Data Service or Over-the-Air (OVA).
`0026. Wherein, the parameters including at least the ran
`dom challenge and the authentication token are sent when the
`network sends an authentication request to the terminal.
`0027. The method further includes sending a message
`indicating the execution result of key update to the terminal
`and the message indicating the execution result of key update
`includes message about Successful update of the key and
`message about failed update of the key.
`0028. Wherein, the sending of the message indicating the
`execution result of key update is performed when a synchro
`nization process is initiated to the network; or it is realized via
`short message, Unstructured Supplementary Data Service
`and/or Over-the-Air (OVA).
`0029 Wherein, the synchronization process is a process
`for synchronizing the sequence number; and the sequence
`number having a predetermined value is sent when the Syn
`chronization request message is sent.
`0030. Wherein, the process of generating a new authenti
`cation key via the network according to the random challenge
`is performed after the message about Successful update of the
`
`key returned by the terminal is received, or before the param
`eters including at least the random challenge and the authen
`tication token are sent to the terminal.
`0031. The method further includes generating an authen
`tication tuple with the new authentication key via the network
`after it receives the message about Successful update of the
`key returned by the terminal.
`0032. The method further includes: determining whether
`the location of the terminal is updated by the network before
`it receives the message about Successful update of the key
`returned by the terminal; if it is updated, the network gener
`ates the authentication tuple with the new authentication key:
`otherwise, the new authentication key is not used when an
`authentication tuple is generated.
`0033. The method further includes: determining whether
`an old authentication tuple still exists on the network when
`the network generates the authentication tuple with the new
`authentication key; if it still exists, the old authentication
`tuple will be deleted.
`0034. The method further includes generating an authen
`tication tuple with the new authentication key via the net
`work.
`0035. Wherein, the parameters further include any one or
`more of the expected response, the cipher key and the integ
`rity key.
`0036. The invention provides another method for updating
`the key, which includes:
`0037 sending parameters including at least a key gen
`eration reference and an authentication token to a termi
`nal via the network, the authentication token carries a
`key update identification;
`0038 generating a new authentication key according to
`the key generation reference via the terminal after the
`authentication for the network with the authentication
`token is passed; and
`0.039
`generating a new authentication key via the net
`work according to the key generation reference.
`0040. The invention further provides a device for updating
`the key, which includes:
`0041 a first unit, which is set on the network for assign
`ing a predetermined value to the authentication manage
`ment field when the key needs to be updated, generating
`a corresponding authentication tuple, and generating a
`new authentication key; and
`0042 a second unit, which is set on the network for
`sending corresponding parameters in the authentication
`tuple to the terminal.
`0043. The device further includes a third unit, set on the
`network for generating a new authentication tuple with the
`new authentication key.
`0044) The invention further provides a device for updating
`a key, the device is set on the terminal and includes:
`0.045 a first unit, for determining whether the authenti
`cation for the network is passed and determining
`whether the authentication management field in corre
`sponding parameters is with a predetermined value, after
`the corresponding parameters from the network are
`received; and
`0046 a second unit, for generating a new authentication
`key corresponding to the network when the authentica
`tion for the network is passed and the authentication
`management field in the corresponding parameters is
`with the predetermined value.
`
`8
`
`

`

`US 2010/0064344 A1
`
`Mar. 11, 2010
`
`0047. The device further includes: a third unit, for sending
`a message about Successful update of the key to the network
`after the new authentication key is generated.
`0.048.
`In Summary, according to the method for updating a
`key of the invention, the authentication management field
`takes a predetermined value, and the key will be updated
`when the authentication for the network by the terminal is
`passed and the authentication management field takes the
`predetermined value. Therefore, the existing signaling
`resources or the authentication parameters do not need to be
`added or modified, so that the key may be updated conve
`niently and network security may be improved.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`0049 FIG. 1 is a flow chart of the method for updating the
`key according to the first implementation of the invention;
`0050 FIG. 2 is a flow chart of the method for updating the
`key according to an embodiment of the first implementation
`of the invention;
`0051 FIG.3 is a flow chart of the method for updating the
`key according to another embodiment of the first implemen
`tation of the invention;
`0052 FIG. 4 is a flow chart of the method for updating the
`key according to the second implementation of the invention;
`and
`0053 FIG.5 is a flow chart of the method for updating the
`key according to an embodiment of the second implementa
`tion of the invention.
`
`DETAILED DESCRIPTION OF THE
`EMBODIMENTS
`0054 According to the method for updating the key
`according to the invention, when an authentication key KI
`needs to be updated, a stipulated specific value is assigned to
`the authentication management field AMF by the network
`and a corresponding authentication tuple is generated, and the
`corresponding parameters in the authentication tuple are sent
`to a terminal; and a new authentication key NewKI is gener
`ated by use of the random challenge RAND and the KI gen
`erated, and the NewKI is used in place of KI to generate an
`authentication tuple for the next time. After the terminal
`receives the authentication request and determines that the
`authentication at network is passed, it determines whether the
`AMF is the specific value. If No, proceed as in a normal
`process; otherwise, it determines that the key needs to be
`updated, and a new authentication key NewKI is generated by
`use of the received random challenge RAND and the stored
`authentication key KI, and the new authentication key NewKI
`is used in place of KI in the next authentication for authenti
`cating the validity of the network or responding to the authen
`tication request from the network.
`0055. After the key is updated by the terminal, it may
`further send a message indicating the execution result of key
`updating to the network, so that the network knows whether
`the key update operation is executed Successfully or not. The
`message indicating the execution result of key updating may
`be message about successful update of the key and/or mes
`sage about failed update of the key, etc. The message indicat
`ing the execution result of key updating may be obtained by a
`synchronization request message. For example, after the
`authentication for the network via the terminal is passed and
`the key update operations such as new key generation is
`executed, a synchronization request message may be sent,
`
`and in combination with the authentication key KI and the
`random challenge RAND, an stipulated specific value may be
`used in place of the sequence number SQNMS to generate a
`resynchronization token AUTS which is returned to the net
`work. When the network processes the synchronization
`request message, it determines whether the sequence number
`SQNMS received has the stipulated specific value. If No, the
`procedure is as in a normal process; otherwise, the network
`determines whether the key is updated successfully by the
`terminal.
`0056. The aforementioned authentication tuple may be
`generated by the network by use of a new authentication key
`NewKI after the message about successful update of the key
`returned by the terminal is received. After the message about
`failed update of the key returned by the terminal is received by
`the network, if a new authentication tuple is generated, the old
`authentication key KI is still used. Practically, in Such a case,
`the network may not generate a new authentication tuple
`before it receives a message indicating the update of the key
`in the terminal; when it times out in waiting for the message
`indicating the execution result of key update returned by the
`terminal, if a new authentication tuple is generated, the old
`authentication key KI is still used.
`0057 The network may generate a new authentication key
`NewKI with the generated random challenge RAND and key
`KI after it determines that the terminal key is updated suc
`cessfully. In such a case, the network needs to obtain the
`corresponding random challenge RAND after it receives a
`message about Successful update of the key returned by the
`terminal. In practice, during the authentication, the RAND is
`contained in the corresponding authentication tuple stored on
`the network. Therefore, after the network determines that the
`key on the terminal side is updated Successfully, it may gen
`erate a new authentication key NewKI with the random chal
`lenge RAND and key KI, and it may use the NewkI in place
`of the KI to generate the authentication tuple.
`0058 Referring to FIG. 1, a flow chart of the first imple
`mentation of the invention is illustrated.
`0059. When the authentication key KI stored on the net
`work and in the terminal MS needs to be updated:
`0060 First, in Step 101, when the HLR/AUC on the net
`work is to generate an authentication tuple, it assigns a stipu
`lated specific value to the authentication management field
`AMF. The authentication tuple may include a random chal
`lenge RAND, an expected response XRES, a cipher key CK,
`an integrity key IK and an authentication token AUTN. The
`specific value may be understood as follows: the AMF is 2
`bytes in length, and it is stipulated that the AMF takes hexa
`decimal
`number 'AAAA’ or
`binary
`number
`“1010101010101010 as its specific value to indicate that the
`key is updated. For convenience, the specific value is referred
`to as TmpAMF in the following.
`0061. In the existing Third Generation Partnership Project
`(3GP