CN103997728A - Bidirectional authentication method and system of phone card - Google Patents
Bidirectional authentication method and system of phone card Download PDFInfo
- Publication number
- CN103997728A CN103997728A CN201310053267.2A CN201310053267A CN103997728A CN 103997728 A CN103997728 A CN 103997728A CN 201310053267 A CN201310053267 A CN 201310053267A CN 103997728 A CN103997728 A CN 103997728A
- Authority
- CN
- China
- Prior art keywords
- uicc
- mtc
- random number
- hss
- self
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides a bidirectional authentication method and system of a phone card. The method comprises the following steps that: a home subscriber server (HSS) and a universal integrated circuit card (UICC) respectively preset an identity identifier and a serial number and an initial random number of a machine-type communications (MTC) unit is generated; the MTC generates a random number 1 and sends the random number 1 to the UICC; the UICC calculates an intermediate value 1 and sends the identity identifier of the UICC, the intermediate value 1, and a random number 2 to the MTC; the MTC calculates an intermediate value 2 and sends the identity identifier of the MTC, the UICC identity identifier, the random number 1, the random number 2, the intermediate value 1, and the intermediate value 2 to the HSS; the HSS determines whether the MTC and the UICC are valid and returns the result to the MTC; and the MTC and the UICC complete serial number updating. Compared with the prior art, the provided method and system has the following beneficial effects: a problem of bidirectional authentication during the terminal and card bonding process can be solved under the circumstances that secrete information sharing by the phone card is not required; and validity of the bonded terminal and card is ensured.
Description
Technical field
The present invention relates to machine card authentication techniques field, relate in particular to a kind of machine card mutual authentication method and system.
Background technology
In binding machine and card process of the prior art, some binding machine and card methods are only supported the unilateral authentication of condition receiving card to terminal.For example, give the preset numbering of terminal, directly by man-machine interface, point out user that the numbering of terminal and condition reception card number are sent to conditional access system execution binding machine and card, and then send or utilize function to generate user key, with verification condition, receive information or numbering etc., reach the checking of condition receiving card to terminal.
Although the two-way authentication of more improved binding machine and card method support cards and terminal, requires card to grasp in advance the other side's secret information with terminal before communicating by letter, and carries out authentication according to this secret information.In a kind of scheme, Subscriber Identity Module and terminal are grasped the other side's key indication information in advance mutually, determine that the authentication of machine card passes through when identical comparing described key information.In another scheme, between subscriber identification card (Subscriber Identity Module, SIM) and terminal, utilize identical cryptographic algorithm and authenticate key mutually to authenticate.In another scheme, card is preserved authenticate key in advance with terminal interaction, according to interaction flow and the agreement of both sides' definition, uses authenticate key to carry out two-way authentication.
In realizing process of the present invention, inventor finds in existing binding machine and card scheme, and some scheme is not set up authentication system between machine card, or only set up the unilateral authentication mechanism of card to terminal, cannot guarantee that terminal and card are all legal, may cause the use of illegal card or illegal terminal.For fear of the problem of card abuse or machine abuse, need between legal card and legal equipment, set up incidence relation.Some scheme has been set up the bidirectional authentication mechanism between machine card, but requires the front machine of communication, card mutually to grasp the other side's authenticate key or key indication information, utilizes this key or key indication information to reach the object of checking.These require card and the preset secret information of terminal to need binding based on the shared scheme of secret information, and flexibility is poor, once and secret information be cracked and will cause the inefficacy of whole authentication mechanism.
Summary of the invention
The object of the invention is to overcome the shortcoming and defect of prior art, a kind of machine card mutual authentication method and system are provided.
A machine card mutual authentication method, described method comprises:
A, user's subscribed services device HSS distinguish preset identify label and sequence number to internet-of-things terminal equipment MTC and Universal Integrated Circuit Card UICC, and MTC generation initial random number is stored on MTC;
The random number 1 that B, MTC generation is different from described initial random number sends to UICC; UICC calculates median 1 according to described random number 1, and self identify label, median 1, the random number 2 chosen are at random sent to MTC; MTC calculates median 2 according to described random number 1 and self sequence number, and self identify label, UICC identify label, random number 1, random number 2, median 1, median 2 are sent to HSS;
C, HSS according to the information that receives judge MTC and UICC whether legal, and result is returned to MTC;
D, MTC and UICC complete respectively the sequence number update of self.
Described method also comprises initialized process, specific as follows:
HSS generates two large prime number p and q, and meets q| (p-1);
be a generator, choose at random
and calculate y=g
x;
Set H
i, (i=1,2,3,4) are collisionless Hash function, and
H
4: { 0,1}
m→ { 0,1}
m; Obtain system parameters { p, q, g, y, H
1, H
2, H
3, H
4;
HSS chooses at random
and calculate ω=g
aand t=a+xH
1(ID
u, ω), and will
the preset UICC that gives of part private key secret as UICC;
When UICC is inserted into after MTC, UICC chooses at random
and will
secret value as UICC self;
The key that UICC calculates oneself is
UICC calculates μ=g
z, the PKI that obtains oneself is
and externally announce.
Described step B specifically comprises:
MTC equipment sends and is different from initial random number N
m, oldrandom number 1N
m∈ { 0,1}
mgive UICC;
UICC chooses random number 2N at random
u∈ { 0,1}
mand calculate r=H
2(ID
u, S
u), generate median 1M
u=H
4(H
3(g
rz, g
rt) ⊕ N
m⊕ N
u); Send { ID
u, M
u, N
uto MTC; Described ID
ufor the identify label of UICC, S
usequence number for UICC;
MTC calculates median 2M
m=H
4(S
m⊕ N
m), send { ID
u, ID
m, M
u, M
m, N
u, N
mto HSS; Described ID
mfor the identify label of MTC, S
msequence number for MTC.
Described step C specifically comprises:
HSS receives the array { ID that MTC sends
u, ID
m, M
u, M
m, N
u, N
mafter:
Compare N
mwith N
m, oldwhether equate, if equate, MTC equipment, and refusal authentication if being personation equipment; Otherwise, by N
min storage deposit data storehouse;
Calculate
Judgement M
u' with M
uwhether equate, if equate, UICC is legal; Otherwise, refusal authentication;
Calculate M
m'=H
4(S
m⊕ N
m), judgement M
m' with M
mwhether equate, if equate, MTC is legal; Otherwise, refusal authentication;
HSS generates random number 3N
h∈ { 0,1}
m, and the sequence number of MTC and UICC is upgraded; S
m, new=H
4(S
m⊕ N
h⊕ ID
m⊕ N
m); S
u, new=H
4(S
u⊕ N
h⊕ ID
u⊕ N
u);
HSS sends N
hgive MTC equipment.
Described step D specifically comprises:
MTC receives random number 3N
hafter, upgrade the sequence number S oneself selecting
m, new=H
4(S
m⊕ N
h⊕ ID
m⊕ N
m), and by N
hsend to UICC;
UICC utilizes N
h, complete the renewal S of own sequence number
u, new=H
4(S
u⊕ N
h⊕ ID
u⊕ N
u).
The sequence number of described MTC and UICC is underground, is secret information.
Described HSS safeguards the initial random value list of MTC; Safeguard the list of sequence numbers of MTC and UICC; And only distribution portion private key is to UICC.
A machine card two-way authentication system, described system comprises user's subscribed services device HSS, internet-of-things terminal equipment MTC and Universal Integrated Circuit Card UICC, wherein,
Described HSS, for distinguishing preset identify label and sequence number to MTC and UICC, and generates initial random number to MTC; Judge that whether MTC and UICC be legal, and result is returned to MTC;
Described MTC, the random number 1 that is different from described initial random number for generating sends to UICC; According to described random number 1 and self sequence number, calculate median 2, self identify label, UICC identify label, random number 1, random number 2, median 1, median 2 are sent to HSS; According to HSS authentication result, upgrade self sequence number;
Described UICC, for calculating median 1 according to described random number 1, and sends to MTC by self identify label, median 1, the random number 2 chosen at random; According to HSS authentication result, upgrade self sequence number.
Described UICC is also for preserving the part private key of self, and calculates self secret value and key; Calculate the PKI of self and externally announce.
Described HSS is also for safeguarding the initial random value list of MTC; Safeguard the list of sequence numbers of MTC and UICC; Distribution portion private key is to UICC.
The present invention includes user's subscribed services device (Home Subscriber Server, HSS), Internet of Things (Machine-Type Communications, MTC) terminal equipment, Universal Integrated Circuit Card (Universal Integrated Circuit Card, UICC).By HSS, preserve the sequence number of MTC equipment and UICC; The sequence number of MTC equipment and UICC is underground, is secret information; HSS safeguards the list of sequence numbers of initial random value list and MTC equipment and the UICC of MTC equipment; To UICC, there is not key escrow in HSS distribution portion private key.Compared with prior art, do not requiring under the condition of machine card shared secret information, solving the two-way authentication problem in the process of terminal and card binding, guaranteeing that bound terminal and card are all legal.
Accompanying drawing explanation
The machine card mutual authentication method principle flow chart that Fig. 1 provides for the embodiment of the present invention 1;
The machine card two-way authentication schematic flow sheet that Fig. 2 provides for the embodiment of the present invention 1;
The machine card two-way authentication system structural representation that Fig. 3 provides for the embodiment of the present invention 2.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described in detail.But embodiments of the present invention are not limited to this.
The inventive method embodiment is based on calculation type Diffie-Hellman problem, and in carrying out the process of two-way authentication, network side can upgrade timely to secret information preset in equipment and card, resisted assailant's the attack such as eavesdropping, playback, made this programme there is higher fail safe.By HSS, preserve the sequence number of MTC equipment and UICC; The sequence number of MTC equipment and UICC is underground, is secret information; HSS safeguards the list of sequence numbers of initial random value list and MTC equipment and the UICC of MTC equipment; To UICC, there is not key escrow in HSS distribution portion private key.
As shown in Figure 1, be the machine card mutual authentication method principle flow chart that the embodiment of the present invention 1 provides, specific as follows:
Step 10, HSS distinguishes preset identify label and sequence number to MTC and UICC, and MTC generation initial random number is stored on MTC.
Before MTC equipment and UICC apply, by HSS, to them preset identity and sequence number respectively, wherein the identity of MTC equipment and sequence number are { ID
m, S
m, the identity of UICC and sequence number are { ID
u, S
u, and by the secret preservation of their sequence number.In addition, HSS generates initial random number N to MTC equipment
m, old∈ { 0,1}
m, and by N
m, oldbe stored on MTC equipment.HSS completes the two-way authentication to MTC equipment and UICC by preset sequence number.
Step 20, the random number 1 that MTC generation is different from initial random number sends to UICC; UICC calculates median 1 according to random number 1, and self identify label, median 1, the random number 2 chosen are at random sent to MTC; MTC calculates median 2 according to random number 1 and self sequence number, and self identify label, UICC identify label, random number 1, random number 2, median 1, median 2 are sent to HSS.
This step is the processing procedure of MTC and UICC side in concrete mutual authentication process.Specifically, be exactly that the transmission of MTC equipment is different from N
m, oldrandom number 1N
m∈ { 0,1}
mgive UICC;
UICC chooses random number 2N at random
u∈ { 0,1}
mand calculate r=H
2(ID
u, S
u) and median 1:M
u=H
4(H
3(g
rz, g
rt) ⊕ N
m⊕ N
u), send { ID
u, M
u, N
uto MTC equipment;
MTC equipment calculates median 2M
m=H
4(S
m⊕ N
m), send { ID
u, ID
m, M
u, M
m, N
u, N
mto HSS.
Before this step 20, also have an initialized process, be exactly specifically:
HSS generates two large prime number p and q, meets q| (p-1), order
be a generator, choose at random
and calculate y=g
x.If H
i, (i=1,2,3,4) are collisionless Hash function, and
H
4:{0,1}
m→{0,1}
m。Can obtain thus system parameters for { p, q, g, y, H
1, H
2, H
3, H
4, the master key of system is that x preserves by HSS is secret.
Part private key distributes: HSS chooses at random
and calculate ω=g
aand t=a+xH
1(ID
u, ω), and will
the preset UICC that gives of part private key secret as UICC;
Secret value is set: when UICC is inserted into after MTC equipment, UICC chooses at random
and will
secret value as UICC oneself;
Private key is set: the key that UICC obtains oneself is
PKI is set: UICC calculates μ=g
z, the PKI that obtains self is
and to external world's announcement PKI
Step 30, HSS according to the information that receives judge MTC and UICC whether legal, and result is returned to MTC.
HSS receives the array { ID that MTC equipment is sent
u, ID
m, M
u, M
m, N
u, N
mafter:
Compare N
mwith N
m, oldwhether equate, if equate, MTC equipment, and refusal authentication if being personation equipment; Otherwise, by N
mbe stored in database;
Calculate
Judgement M
u' with M
uwhether equate, if equate, UICC is legal; Otherwise, refusal authentication;
Calculate M
m'=H
4(S
m⊕ N
m), judgement M
m' with M
mwhether equate, if equate, MTC equipment is legal; Otherwise, refusal authentication;
HSS generates random number 3N
h∈ { 0,1}
m, and the sequence number of MTC equipment and UICC is upgraded;
S
M,new=H
4(S
M⊕N
H⊕ID
M⊕N
M)
S
U,new=H
4(S
U⊕N
H⊕ID
U⊕N
U)。
HSS sends N
hgive MTC equipment.
Step 40, MTC and UICC complete respectively the sequence number update of self.
MTC equipment receives N
hafter, upgrade the sequence number S oneself selecting
m, new=H
4(S
m⊕ N
h⊕ ID
m⊕ N
m), and by N
hsend to UICC;
UICC utilizes N
h, complete the renewal S of own sequence number
u, new=H
4(S
u⊕ N
h⊕ ID
u⊕ N
u).So far, completed the process of machine card two-way authentication.
The present embodiment specific implementation flow process as shown in Figure 2.
In fact, in the embodiment of the present invention, HSS is in order to preserve the sequence number of MTC equipment and UICC; The sequence number of MTC equipment and UICC is underground, is secret information; The list of sequence numbers that HSS also needs to safeguard the initial random value list of MTC equipment and safeguards MTC equipment and UICC; To UICC, there is not key escrow in HSS distribution portion private key.
With respect to scheme of the prior art, the embodiment of the present invention does not need machine card both sides to share in advance the secret information for authenticating.In some versions, it authenticates based on DSE arithmetic, requires machine card both sides shared secret information in advance, and extrapolates identical result of calculation according to this secret information, thereby realize two-way authentication.The embodiment of the present invention is the mutual authentication schemes proposing on the basis of public-key cryptosystem, and machine card both sides do not need shared secret information in advance, greatly improves flexibility and the robustness of system.
The embodiment of the present invention does not need public key certificate to manage.In some versions, need to use public key certificate key is managed, set up safe lane, will take like this memory space of equipment, add the consumption of the large equipment energy.The embodiment of the present invention is the mutual authentication schemes proposing on the basis without certificate public-key cryptosystem, makes the member in system not need certificate to safeguard, is guaranteeing, under the prerequisite of security of system, greatly to improve the efficiency of system.
In some versions, HSS has all information that MTC equipment is relevant to UICC, and HSS is in absolute leading position in system, and the easy like this leakage that causes user profile, produces certain threat to privacy of user.Owing to using in embodiments of the present invention without certificate two-way authentication algorithm, avoided key escrow total in the mutual authentication schemes based on identity.The private key of UICC communication is that the part private key by the own secret value producing and HSS distribution produces jointly, the key using while making HSS cannot obtain UICC communication, prevent that HSS from utilizing the private key of UICC to forge validated user, user is caused damage, this has not only been avoided key escrow, has guaranteed that to a certain extent user's privacy information is not revealed.
In some versions, verification process between MTC equipment and UICC is to carry out between the two at it, this just causes HSS cannot obtain correct the result, thereby can not make correctly processing timely to MTC equipment and whole system, and system is caused to huge loss.Meanwhile, just because of verification process, between MTC equipment and UICC, carry out, this has increased the energy resource consumption of equipment.And in embodiments of the present invention, the legitimacy authentication of MTC equipment and UICC is undertaken by HSS, so just make HSS can grasp the result of authentication, and according to the result of authentication, make and processing timely, avoid causing huge loss to system.It is all to be completed by HSS that data in verification process are calculated major part, and the energy resource consumption that this has just reduced devices in system is conducive to that equipment is long-term, continuable use.
In embodiments of the present invention, the fail safe of system is to be based upon to calculate Diffie-Hellman mathematical difficulties problem hypothesis above, has higher fail safe.Can also resist impersonation attack, Replay Attack and there is forward security:
For impersonation attack: assailant wants to palm off MTC equipment and UICC, just must generate corresponding { M
m, M
u.In conversation procedure each time, { M
m, M
uin comprise MTC equipment and UICC sequence number { S
m, S
u, these are secret preservation in equipment, and assailant cannot obtain.Therefore assailant cannot palm off legal MTC equipment and the correct { M of UICC generation
m, M
u;
For Replay Attack: in data transfer, even if assailant obtains the data { M that last session is transmitted
m, M
u, and palm off legal MTC equipment and UICC by { M
m, M
uagain pass to HSS.Because sequence number after upper once conversation end all upgrades, generate new sequence number
and corresponding legal authentication information is
therefore, assailant utilizes last { M
m, M
ucannot pass through the checking of this HSS;
For forward security: the sequence number { S storing due to MTC equipment and UICC and HSS
m, S
uafter conversation end, all can upgrade each time, therefore, the sequence number that session is each time used and the sequence number using before do not have inevitable contact, and the system that guaranteed has forward security.
And aspect efficiency, MTC equipment and UICC only need store identity and sequence number separately, reduced device memory; And in the process of authentication, only there is simple Hash function and exponent arithmetic, do not have the bilinear map of often using without in certificate public-key cryptosystem, reduced the energy resource consumption of equipment; And in whole process, only transmit seven arrays, make the communication cost of system maintain a lower level.
As shown in Figure 3, be the machine card two-way authentication system structural representation that the embodiment of the present invention 2 provides, this system comprises user's subscribed services device HSS100, internet-of-things terminal equipment MTC200 and Universal Integrated Circuit Card UICC300, wherein,
HSS100, for distinguishing preset identify label and sequence number to MTC200 and UICC300, and generates initial random number to MTC200; Judge that whether MTC200 and UICC300 be legal, and result is returned to MTC200;
MTC200, the random number 1 that is different from initial random number for generating sends to UICC300; According to random number 1 and self sequence number, calculate median 2, self identify label, UICC identify label, random number 1, random number 2, median 1, median 2 are sent to HSS100; According to HSS100 authentication result, upgrade self sequence number;
UICC300, for calculating median 1 according to random number 1, and sends to MTC200 by self identify label, median 1, the random number 2 chosen at random; According to HSS100 authentication result, upgrade self sequence number.
Further, UICC300 is also for preserving the part private key of self, and calculates self secret value and key; Calculate the PKI of self and externally announce.
Further, HSS100 is also for safeguarding the initial random value list of MTC200; Safeguard the list of sequence numbers of MTC200 and UICC300; Distribution portion private key is to UICC300.
To sum up, the present invention preserves the sequence number of MTC equipment and UICC by HSS; The sequence number of MTC equipment and UICC is underground, is secret information; HSS safeguards the list of sequence numbers of initial random value list and MTC equipment and the UICC of MTC equipment; To UICC, there is not key escrow in HSS distribution portion private key.Compared with prior art, do not requiring under the condition of machine card shared secret information, solving the two-way authentication problem in the process of terminal and card binding, guaranteeing that bound terminal and card are all legal.
Above-described embodiment is preferably execution mode of the present invention; but embodiments of the present invention are not restricted to the described embodiments; other any do not deviate from change, the modification done under Spirit Essence of the present invention and principle, substitutes, combination, simplify; all should be equivalent substitute mode, within being included in protection scope of the present invention.
Claims (10)
1. a machine card mutual authentication method, is characterized in that, described method comprises:
A, user's subscribed services device HSS distinguish preset identify label and sequence number to internet-of-things terminal equipment MTC and Universal Integrated Circuit Card UICC, and MTC generation initial random number is stored on MTC;
The random number 1 that B, MTC generation is different from described initial random number sends to UICC; UICC calculates median 1 according to described random number 1, and self identify label, median 1, the random number 2 chosen are at random sent to MTC; MTC calculates median 2 according to described random number 1 and self sequence number, and self identify label, UICC identify label, random number 1, random number 2, median 1, median 2 are sent to HSS;
C, HSS according to the information that receives judge MTC and UICC whether legal, and result is returned to MTC;
D, MTC and UICC complete respectively the sequence number update of self.
2. the method for claim 1, is characterized in that, described method also comprises initialized process, specific as follows:
HSS generates two large prime number p and q, and meets q| (p-1);
be a generator, choose at random
and calculate y=g
x;
Set H
i, (i=1,2,3,4) are collisionless Hash function, and
H
4: { 0,1}
m→ { 0,1}
m; Obtain system parameters { p, q, g, y, H
1, H
2, H
3, H
4;
HSS chooses at random
and calculate ω=g
aand t=a+xH
1(ID
u, ω), and will
the preset UICC that gives of part private key secret as UICC;
When UICC is inserted into after MTC, UICC chooses at random
and will
secret value as UICC self;
The key that UICC calculates oneself is
UICC calculates μ=g
z, the PKI that obtains oneself is
and externally announce.
3. ten thousand methods as claimed in claim 1, is characterized in that, described step B specifically comprises:
MTC equipment sends and is different from initial random number N
m, oldrandom number 1N
m∈ { 0,1}
mgive UICC;
UICC chooses random number 2N at random
u∈ { 0,1}
mand calculate r=H
2(ID
u, S
u), generate median 1M
u=H
4(H
3(g
rz, g
rt) ⊕ N
m⊕ N
u); Send { ID
u, M
u, N
uto MTC; Described ID
ufor the identify label of UICC, S
usequence number for UICC;
MTC calculates median 2M
m=H
4(S
m⊕ N
m), send { ID
u, ID
m, M
u, M
m, N
u, N
mto HSS; Described ID
mfor the identify label of MTC, S
msequence number for MTC.
4. method as claimed in claim 3, is characterized in that, described step C specifically comprises:
HSS receives the array { ID that MTC sends
u, ID
m, M
u, M
m, N
u, N
mafter:
Compare N
mwith N
m, oldwhether equate, if equate, MTC equipment, and refusal authentication if being personation equipment; Otherwise, by N
mbe stored in database;
Calculate
Judgement M
u' with M
uwhether equate, if equate, UICC is legal; Otherwise, refusal authentication;
Calculate M
m'=H
4(S
m⊕ N
m), judgement M
m' with M
mwhether equate, if equate, MTC is legal; Otherwise, refusal authentication;
HSS generates random number 3N
h∈ { 0,1}
m, and the sequence number of MTC and UICC is upgraded; S
m, new=H
4(S
m⊕ N
h⊕ ID
m⊕ N
m); S
u, new=H
4(S
u⊕ N
h⊕ ID
u⊕ N
u);
HSS sends N
hgive MTC equipment.
5. method as claimed in claim 4, is characterized in that, described step D specifically comprises:
MTC receives random number 3N
hafter, upgrade the sequence number S oneself selecting
m, new=H
4(S
m⊕ N
h⊕ ID
m⊕ N
m), and by N
hsend to UICC;
UICC utilizes N
h, complete the renewal S of own sequence number
u, new=H
4(S
u⊕ N
h⊕ ID
u⊕ N
u).
6. the method as described in as arbitrary in claim 1~5, is characterized in that, the sequence number of described MTC and UICC is underground, is secret information.
7. the method as described in as arbitrary in claim 1~5, is characterized in that, described HSS safeguards the initial random value list of MTC; Safeguard the list of sequence numbers of MTC and UICC; And only distribution portion private key is to UICC.
8. a machine card two-way authentication system, is characterized in that, described system comprises user's subscribed services device HSS, internet-of-things terminal equipment MTC and Universal Integrated Circuit Card UICC, wherein,
Described HSS, for distinguishing preset identify label and sequence number to MTC and UICC, and generates initial random number to MTC; Judge that whether MTC and UICC be legal, and result is returned to MTC;
Described MTC, the random number 1 that is different from described initial random number for generating sends to UICC; According to described random number 1 and self sequence number, calculate median 2, self identify label, UICC identify label, random number 1, random number 2, median 1, median 2 are sent to HSS; According to HSS authentication result, upgrade self sequence number;
Described UICC, for calculating median 1 according to described random number 1, and sends to MTC by self identify label, median 1, the random number 2 chosen at random; According to HSS authentication result, upgrade self sequence number.
9. system as claimed in claim 8, is characterized in that, described UICC is also for preserving the part private key of self, and calculates self secret value and key; Calculate the PKI of self and externally announce.
10. system as claimed in claim 8 or 9, is characterized in that, described HSS is also for safeguarding the initial random value list of MTC; Safeguard the list of sequence numbers of MTC and UICC; Distribution portion private key is to UICC.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310053267.2A CN103997728B (en) | 2013-02-19 | 2013-02-19 | A kind of machine card mutual authentication method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310053267.2A CN103997728B (en) | 2013-02-19 | 2013-02-19 | A kind of machine card mutual authentication method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103997728A true CN103997728A (en) | 2014-08-20 |
CN103997728B CN103997728B (en) | 2017-11-21 |
Family
ID=51311705
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310053267.2A Active CN103997728B (en) | 2013-02-19 | 2013-02-19 | A kind of machine card mutual authentication method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103997728B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112333705A (en) * | 2021-01-07 | 2021-02-05 | 北京电信易通信息技术股份有限公司 | Identity authentication method and system for 5G communication network |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1478196A2 (en) * | 2003-05-12 | 2004-11-17 | Vodafone Group PLC | Module and method for detecting at least one event in a cellular mobile telephony subscriber equipment, a computer program to carry out the method and a card and terminal with the module. |
CN101064606A (en) * | 2006-04-29 | 2007-10-31 | 华为技术有限公司 | System, apparatus and method for authentication |
CN101883357A (en) * | 2010-06-22 | 2010-11-10 | 北京握奇数据系统有限公司 | Method, device and system for mutual authentication between terminal and intelligent card |
CN102833068A (en) * | 2011-06-15 | 2012-12-19 | 中兴通讯股份有限公司 | Method for bidirectional authentication of terminal and smart card, protocol and smart card |
-
2013
- 2013-02-19 CN CN201310053267.2A patent/CN103997728B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1478196A2 (en) * | 2003-05-12 | 2004-11-17 | Vodafone Group PLC | Module and method for detecting at least one event in a cellular mobile telephony subscriber equipment, a computer program to carry out the method and a card and terminal with the module. |
CN101064606A (en) * | 2006-04-29 | 2007-10-31 | 华为技术有限公司 | System, apparatus and method for authentication |
CN101883357A (en) * | 2010-06-22 | 2010-11-10 | 北京握奇数据系统有限公司 | Method, device and system for mutual authentication between terminal and intelligent card |
CN102833068A (en) * | 2011-06-15 | 2012-12-19 | 中兴通讯股份有限公司 | Method for bidirectional authentication of terminal and smart card, protocol and smart card |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112333705A (en) * | 2021-01-07 | 2021-02-05 | 北京电信易通信息技术股份有限公司 | Identity authentication method and system for 5G communication network |
CN112333705B (en) * | 2021-01-07 | 2021-04-02 | 北京电信易通信息技术股份有限公司 | Identity authentication method and system for 5G communication network |
Also Published As
Publication number | Publication date |
---|---|
CN103997728B (en) | 2017-11-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103297403B (en) | A kind of method and system for realizing dynamic cipher verification | |
CN106936566B (en) | Outsourcing document signing method based on block chain technology | |
US8930704B2 (en) | Digital signature method and system | |
CN102098317B (en) | Data transmitting method and system applied to cloud system | |
CN103078744B (en) | Public key-based bidirectional radio frequency identification authorization method | |
CN109714167A (en) | Authentication and cryptographic key negotiation method and equipment suitable for mobile application signature | |
CN104901809B (en) | Remote authentication protocol method based on password and smart card | |
EP3005608A2 (en) | Authentication | |
CN102882685A (en) | Identity authentication system and identity authentication method | |
CN101873307A (en) | Digital signature method, device and system based on identity forward secrecy | |
CN104821933A (en) | Device and method certificate generation | |
CN107294725A (en) | A kind of three factor authentication methods under environment of multi-server | |
CN103347018A (en) | Long-distance identity authentication method based on intelligent card and under multiple-service environment | |
CN103346887A (en) | Low-complexity identity authentication method based on intelligent card and under multiserver environment | |
CN104767624A (en) | Remote protocol authentication method based on biological features | |
CN103338202A (en) | Remote user password dual-verification method based on intelligent card | |
CN103338201A (en) | Remote identity authentication method participated in by registration center under multi-sever environment | |
CN104468099A (en) | Dynamic password generating method and device based on CPK (Combined Public Key) and dynamic password authentication method and device based on CPK (Combined Public Key) | |
CN105450623A (en) | Access authentication method of electric automobile | |
CN104954137A (en) | Method of virtual machine security certification based on domestic password technique | |
US20190007218A1 (en) | Second dynamic authentication of an electronic signature using a secure hardware module | |
CN113055394A (en) | Multi-service double-factor authentication method and system suitable for V2G network | |
CN107248997A (en) | Authentication method based on smart card under environment of multi-server | |
CN101582761B (en) | Identity authentication method adopting password firewall | |
KR101509079B1 (en) | Smart Card and Dynamic ID Based Electric Vehicle User Authentication Scheme |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |