CN100574511C - The method and system of opposite end identity validation in a kind of mobile terminal communication - Google Patents

The method and system of opposite end identity validation in a kind of mobile terminal communication Download PDF

Info

Publication number
CN100574511C
CN100574511C CNB2007101302899A CN200710130289A CN100574511C CN 100574511 C CN100574511 C CN 100574511C CN B2007101302899 A CNB2007101302899 A CN B2007101302899A CN 200710130289 A CN200710130289 A CN 200710130289A CN 100574511 C CN100574511 C CN 100574511C
Authority
CN
China
Prior art keywords
evaluation
identity
key
authentication
portable terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2007101302899A
Other languages
Chinese (zh)
Other versions
CN101083843A (en
Inventor
张明昊
刘二鹏
李琛珲
徐发国
李广峰
苏剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CNB2007101302899A priority Critical patent/CN100574511C/en
Publication of CN101083843A publication Critical patent/CN101083843A/en
Application granted granted Critical
Publication of CN100574511C publication Critical patent/CN100574511C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses the method for opposite end identity validation in a kind of mobile terminal communication, comprise: (1) portable terminal adopts asymmetric key algorithm, the requesting party who proposes identity validation obtains by the public-key cryptography of the side of evaluationing to authentication center's server, and the generation random string sends to by evaluation side and requires it that character string is encrypted; (2) random string of receiving is encrypted with private cipher key by the side of evaluation, the result is sent to described request side; (3) requesting party deciphers it with the public-key cryptography that obtains the result after receiving the result who is returned by evaluation side, if the result is identical with random string, then explanation can be trusted by the identity of evaluation side; If it is inequality then classified as object of suspicion by the identity of evaluation side.The invention solves and how to be implemented in portable terminal and to be established in the overall process that communication finishes, require the other side to confirm the problem of identity at any time in communication.

Description

The method and system of opposite end identity validation in a kind of mobile terminal communication
Technical field
The present invention relates to the mobile communication technology field, relate in particular to a kind of under wireless network environment, portable terminal in communication process, the method and system that requesting party's identity is confirmed.
Background technology
In today of mobile communication high development, the user basically can be anywhere, whenever enjoyed voice service.But under prior art, when the user in when conversation, can not confirm and whether people that oneself is conversed is being exactly people's (particularly can both contact and use under the situation of same terminal a more than people) of our required conversation.And, confirm that the other side's identity is very important, otherwise can't determine information have been told the people that this is told really that the people who perhaps tells your this information is exactly the people that you trust in current society.So necessary have a kind of method or a system, allows the user can in time confirm the other side's identity.
Summary of the invention
Technical problem solved by the invention is to provide the method for opposite end identity validation in a kind of mobile terminal communication, how to be implemented in portable terminal with solution and to be established in the overall process of communication end in communication, requires the other side to confirm the problem of identity at any time.
In order to address the above problem, the invention provides the method for opposite end identity validation in a kind of mobile terminal communication, wherein, may further comprise the steps:
(1) described portable terminal adopts asymmetric key algorithm, and the requesting party who proposes identity validation obtains by the public-key cryptography of the side of evaluationing to authentication center's server, and the generation random string sends to by evaluation side and requires it that character string is encrypted;
(2) random string of receiving is encrypted with private cipher key by the side of evaluation, the result is sent to described request side;
(3) decipher it with the public-key cryptography that obtains the result after receiving the result who is returned by evaluation side described request side, if the result is identical with random string, then explanation can be trusted by the identity of evaluation side; If it is inequality then classified as object of suspicion by the identity of evaluation side.
Method of the present invention, wherein, described step (3) further comprises: described request side does not receive the result who is returned by evaluation side within a certain period of time, is then classified as object of suspicion by evaluation side's identity.
Method of the present invention, wherein, described asymmetric key algorithm is RSA Algorithm.
Method of the present invention, wherein, described private cipher key is stored in the described portable terminal with the ciphertext form, and the ciphertext of described private cipher key in described portable terminal used the des encryption algorithm and generated.
Method of the present invention, wherein, described authentication center server is the public-key cryptography of storing the portable terminal that passes through authentication and the database that any visitor is provided inquiry service.
In order to address the above problem, the present invention also provides the system of opposite end identity validation in a kind of mobile terminal communication, wherein, comprising:
Authentication center's server is used for the public-key cryptography of memory mobile terminal, and provides inquiry by the service of the public-key cryptography of evaluation side to the requesting party of any proposition identity validation;
Opposite end authentication module in the portable terminal, be used for when proposing identity validation, proposing to obtain by the public-key cryptography of evaluation side to described authentication center server, and generate random string and send to by evaluation side and require it that character string is encrypted, after receiving the result who is returned by evaluation side, the result is decrypted it with the public-key cryptography that obtains, and explanation can be trusted by the identity of evaluation side if the result is identical with random string; If it is inequality then be listed in object of suspicion by the identity of evaluation side; Also be used to utilize the private cipher key of module itself that the random string of receiving is encrypted, and return results is given the mobile terminal request side that proposes identity validation.
System of the present invention, wherein, the opposite end authentication module in the described portable terminal is further used for not receiving the result who is returned by evaluation side within a certain period of time, then to being classified as object of suspicion by evaluation side's identity.
System of the present invention, wherein, the opposite end authentication module in the described portable terminal comprises:
Random string generation module, the random number that is used for the to generate formation random string that is stitched together;
Authentication center's server access module is used for the address of storage inside authentication center server, makes described portable terminal by calling network interface access authentication center server;
The asymmetric key algorithm processing module is used to store asymmetric key algorithm, comprising public-key cryptography and private cipher key;
To the character string encrypting module, be used to utilize the asymmetric key algorithm of described asymmetric key algorithm processing module storage that character string is encrypted;
Subscriber Interface Module SIM is used to provide the interface to sent the identity validation request by evaluation side, finishes back prompting mobile phone users authentication result in authentication, receives that the authentication request prompting is authenticated by evaluation side, also is used for the interface of described user management private cipher key;
Message processing module, the random string that is used for described random string generation module is produced sends to quilt evaluation side at the identity validation request message, and the access registrar central server obtains the public-key cryptography by evaluation side; When the request message of receiving the requesting party, notify the user to authenticate, with described character string after the encryption of character string encrypting module is sent to the requesting party by Subscriber Interface Module SIM; When receiving by evaluation side response, the data of receiving with the asymmetric key algorithm deciphering of described asymmetric key algorithm processing module storage, if identical with the random string of previous transmission then by authentication, otherwise the quilt identity of evaluation side is listed in object of suspicion;
Wherein, described message processing module is provided with timer, is used for portable terminal judgement described request side and does not receive the result who is returned by evaluation side within a certain period of time, is then classified as object of suspicion by evaluation side's identity;
Wherein, described random string generation module is pseudorandom number generator;
Wherein, the algorithm of the unsymmetrical key in the described asymmetric key algorithm processing module is RSA Algorithm.
System of the present invention, wherein,, described private cipher key is stored in the described portable terminal with the ciphertext form, and the ciphertext of described private cipher key in described portable terminal used the des encryption algorithm and generated.
System of the present invention, wherein, the authentication center's server in the described system is the public-key cryptography of storing the portable terminal that passes through authentication and the database that any visitor is provided inquiry service.
Method and system of the present invention has been realized under wireless network environment, is established in the overall process of communication end in communication at portable terminal, requires the other side to confirm the purpose of identity at any time.
Description of drawings
Fig. 1 is the method flow diagram of opposite end identity validation in the described a kind of mobile terminal communication of the embodiment of the invention;
Fig. 2 is the method system construction drawing of opposite end identity validation in the described a kind of mobile terminal communication of the embodiment of the invention;
Fig. 3 is concrete message structure figure in the described content of the embodiment of the invention;
Fig. 4 is an authentication interaction protocol schematic flow sheet in the described content of the embodiment of the invention.
Embodiment
The objective of the invention is to introduce the method and system of opposite end identity validation in a kind of mobile terminal communication, the present invention is based on asymmetric key algorithm and reaches the purpose of identity validation.Below embodiment is described in detail, but not as a limitation of the invention.
For achieving the above object, simultaneously for convenience of description, be example with a fixed station of designing and developing based on high-pass platform (a kind of cdma wireless terminal), the business that how to realize the opposite end identity validation in the portable terminal with opposite end identity validation is described.
Embodiment of the present invention adopts following technical scheme:
The invention provides a kind of portable terminal and be established in the overall process of communication end in communication, can require the other side to confirm the method and system of identity at any time, system mainly forms is: authentication center's server and communication terminal.Authentication center's server is served as by the third-party institution.
The reliability of authentication center's server is most important, and it provides following function:
1, the user for registration Generates Certificate, and preserves these certificates;
2, send certificate to the requestor.
The user of application adding system need generate a pair of unsymmetrical key (public-key cryptography, private cipher key), and my identity unique identification (as identification card number, passport No. or the like).The user takes authentication center's server registration with above information, and authentication center's server will generate this user's certificate.Certificate mainly comprises: identity unique identification, public-key cryptography and the term of validity.
As shown in Figure 1, the main performing step of technical scheme is as follows:
Step 101 when a side of conversation needs by evaluation side's affirmation identity, is obtained by the public-key cryptography of evaluation side to certificate server;
Step 102, the generation random string sends to by evaluation side and requires it that character string is encrypted;
Step 103, the quilt side of evaluation sends to the result requesting party who proposes identity validation after with private cipher key the random string of receiving being encrypted;
Step 104, the requesting party who proposes identity validation is after receiving the result who is returned by evaluation side, the result is deciphered it with public-key cryptography, and explanation can be trusted by the identity of evaluation side if the result is identical with random string, otherwise the other side's identity is classified object of suspicion as; , the other side thinks that the other side's identity also classifies object of suspicion as if not responding within a certain period of time.
As shown in Figure 2, can on the fixed station software of portable terminal, introduce system of the present invention in such a way:
1) mode of increase opposite end authentication module on the fixed station of portable terminal: the opposite end authentication module can download to this machine (portable terminal) by BREW (binary runtime environment for wireless) application download server.The authentication service is based on binary runtime environment for wireless in this system third party uses.
2) design of opposite end authentication module: the opposite end authentication module comprises the random string generation module, authentication center's server access module, and the asymmetric key algorithm processing module, to the character string encrypting module, message processing module and Subscriber Interface Module SIM.
Random string generation module, inside are exactly a pseudorandom number generator, the random number that is used for the generating formation random string that is stitched together.
Authentication center's server access module, storage inside the address of certificate server, by calling the network interface access certificate server.
The asymmetric key algorithm processing module has a lot of asymmetric key algorithms now, and the present invention to using asymmetric key algorithm to do specific requirement, also is not described in detail asymmetric key algorithm itself.The asymmetric key algorithm that uses in the native system is RSA.
To the word string encrypting module, be used to utilize the public key algorithm processing module that word string is encrypted, the safety that this module is mainly used in private key obtains, method has a lot (such as utilizing the memory device, stores private cipher key to insert mobile phone when needs authenticate, perhaps utilize third party's mechanism to carry out key escrow), the embodiment of the invention does not claim to the safe storage mode of private cipher key.In this example, private cipher key is stored in this machine with ciphertext.The user need import clear crytpographic key and obtain private cipher key when the needs identity validation, and the local ciphertext of private cipher key is used the des encryption algorithm and generated.
Subscriber Interface Module SIM is used to provide user interface that following function is provided: the interface of sending the identity validation request to the other side; Finish back prompting authentification of user result in authentication; Receive that authentication request prompting user authenticates; The interface (deletion is revised) that is used for the user management private cipher key.
Message processing module, mainly do following Message Processing (in conjunction with Fig. 3 and shown in Figure 4):
Identity validation request (transmit leg) is used random words to concatenate into module and is produced at random that word string sends identity validation request message bag to the other side.The access registrar server obtains the publicly-owned key of the other side.Start timer (authenticated time of time rule is not if obtain corresponding then think the authentication failure at this moment);
Identity validation request (recipient) when receiving the other side's request message, notifies the user to authenticate, and uses the word string encrypting module is encrypted data, sends to the other side by network interface then;
Identity validation response, when receiving that the other side responds, the data of receiving with the deciphering of asymmetric key algorithm processing module, if identical with the word string at random of previous transmission then by authentication, otherwise would illustrate that the other side's identity is suspicious; Time exceeded message:, notify user the other side's identity suspicious because the other side is corresponding carrying out in official hour.
3) authentication center's server: storage provides the inquiry cert services through the certificate of authentication to any visitor, can use any database of above-mentioned 2 services that can provide as authentication center's server.
The described method and system of the embodiment of the invention has been realized under wireless network environment, is established in the overall process of communication end in communication at portable terminal, requires the other side to confirm the purpose of identity at any time.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.

Claims (13)

1, the method for opposite end identity validation in a kind of mobile terminal communication is characterized in that, may further comprise the steps:
(1) described portable terminal adopts asymmetric key algorithm, and the requesting party who proposes identity validation obtains by the public-key cryptography of the side of evaluationing to authentication center's server, and the generation random string sends to by evaluation side and requires it that character string is encrypted;
(2) random string of receiving is encrypted with private cipher key by the side of evaluation, the result is sent to described request side;
(3) decipher it with the public-key cryptography that obtains the result after receiving the result who is returned by evaluation side described request side, if the result is identical with random string, then explanation can be trusted by the identity of evaluation side; If it is inequality then classified as object of suspicion by the identity of evaluation side.
2, the method for claim 1 is characterized in that, described step (3) further comprises: described request side does not receive the result who is returned by evaluation side within a certain period of time, is then classified as object of suspicion by evaluation side's identity.
3, the method for claim 1 is characterized in that, described asymmetric key algorithm is RSA Algorithm.
4, the method for claim 1 is characterized in that, described private cipher key is stored in the described portable terminal with the ciphertext form, and the ciphertext of described private cipher key in described portable terminal used the des encryption algorithm and generated.
5, the method for claim 1 is characterized in that, described authentication center server is the public-key cryptography of storing the portable terminal that passes through authentication and the database that any visitor is provided inquiry service.
6, the system of opposite end identity validation in a kind of mobile terminal communication is characterized in that, comprising:
Authentication center's server is used for the public-key cryptography of memory mobile terminal, and provides inquiry by the service of the public-key cryptography of evaluation side to the requesting party of any proposition identity validation;
Opposite end authentication module in the portable terminal, be used for when proposing identity validation, proposing to obtain by the public-key cryptography of evaluation side to described authentication center server, and generate random string and send to by evaluation side and require it that character string is encrypted, after receiving the result who is returned by evaluation side, the result is decrypted it with the public-key cryptography that obtains, and explanation can be trusted by the identity of evaluation side if the result is identical with random string; If it is inequality then be listed in object of suspicion by the identity of evaluation side; Also be used to utilize the private cipher key of module itself that the random string of receiving is encrypted, and return results is given the mobile terminal request side that proposes identity validation.
7, system as claimed in claim 6 is characterized in that, the opposite end authentication module in the described portable terminal is further used for not receiving the result who is returned by evaluation side within a certain period of time, then to being classified as object of suspicion by evaluation side's identity.
8, system as claimed in claim 7 is characterized in that, the opposite end authentication module in the described portable terminal comprises:
Random string generation module, the random number that is used for the to generate formation random string that is stitched together;
Authentication center's server access module is used for the address of storage inside authentication center server, makes described portable terminal by calling network interface access authentication center server;
The asymmetric key algorithm processing module is used to store asymmetric key algorithm, comprising public-key cryptography and private cipher key;
To the character string encrypting module, be used to utilize the asymmetric key algorithm of described asymmetric key algorithm processing module storage that character string is encrypted;
Subscriber Interface Module SIM is used to provide the interface to sent the identity validation request by evaluation side, finishes back prompting mobile phone users authentication result in authentication, receives that the authentication request prompting is authenticated by evaluation side, also is used for the interface of described user management private cipher key;
Message processing module, the random string that is used for described random string generation module is produced sends to quilt evaluation side at the identity validation request message, and the access registrar central server obtains the public-key cryptography by evaluation side; When the request message of receiving the requesting party, notify the user to authenticate, with described character string after the encryption of character string encrypting module is sent to the requesting party by Subscriber Interface Module SIM; When receiving by evaluation side response, the data of receiving with the asymmetric key algorithm deciphering of described asymmetric key algorithm processing module storage, if identical with the random string of previous transmission then by authentication, otherwise the quilt identity of evaluation side is listed in object of suspicion.
9, system as claimed in claim 7 is characterized in that, described message processing module is provided with timer, is used for portable terminal judgement described request side and does not receive the result who is returned by evaluation side within a certain period of time, is then classified as object of suspicion by evaluation side's identity.
10, system as claimed in claim 7 is characterized in that, described random string generation module is pseudorandom number generator.
11, system as claimed in claim 7 is characterized in that, the algorithm of the unsymmetrical key in the described asymmetric key algorithm processing module is RSA Algorithm.
12, system as claimed in claim 6 is characterized in that, described private cipher key is stored in the described portable terminal with the ciphertext form, and the ciphertext of described private cipher key in described portable terminal used the des encryption algorithm and generated.
13, system as claimed in claim 6 is characterized in that, the authentication center's server in the described system is the public-key cryptography of storing the portable terminal that passes through authentication and the database that any visitor is provided inquiry service.
CNB2007101302899A 2007-07-17 2007-07-17 The method and system of opposite end identity validation in a kind of mobile terminal communication Expired - Fee Related CN100574511C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2007101302899A CN100574511C (en) 2007-07-17 2007-07-17 The method and system of opposite end identity validation in a kind of mobile terminal communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2007101302899A CN100574511C (en) 2007-07-17 2007-07-17 The method and system of opposite end identity validation in a kind of mobile terminal communication

Publications (2)

Publication Number Publication Date
CN101083843A CN101083843A (en) 2007-12-05
CN100574511C true CN100574511C (en) 2009-12-23

Family

ID=38913057

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2007101302899A Expired - Fee Related CN100574511C (en) 2007-07-17 2007-07-17 The method and system of opposite end identity validation in a kind of mobile terminal communication

Country Status (1)

Country Link
CN (1) CN100574511C (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101325494B (en) * 2008-07-28 2011-08-03 华为终端有限公司 Method and device for protecting private information
CN101771535B (en) * 2008-12-30 2012-07-11 上海茂碧信息科技有限公司 Mutual authentication method between terminal and server
CN102651784A (en) * 2011-02-28 2012-08-29 深圳富泰宏精密工业有限公司 Contact person authentication system and method
CN102547688B (en) * 2012-02-13 2014-04-09 江苏博智软件科技有限公司 Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel
CN102869009B (en) * 2012-09-28 2015-09-30 东莞宇龙通信科技有限公司 Communication encryption application process and communication system
CN103440462A (en) * 2013-08-28 2013-12-11 成都卫士通信息产业股份有限公司 Embedded control method for improving security and secrecy performance of security microprocessor
KR20150064647A (en) * 2013-12-03 2015-06-11 삼성전자주식회사 Method for protecting contents and terminal for providing contents protection function
CN103763631B (en) * 2014-01-07 2018-06-01 青岛海信电器股份有限公司 Authentication method, server and television set
CN105025009B (en) * 2015-06-10 2018-02-16 深圳奥联信息安全技术有限公司 A kind of method for strengthening mailing system access security and mail security access system
CN104936176B (en) * 2015-06-11 2019-08-20 惠州Tcl移动通信有限公司 A kind of mobile terminal, which networks, verifying implementation method and realizes system
CN105610772A (en) * 2015-09-15 2016-05-25 宇龙计算机通信科技(深圳)有限公司 Communication method, communication apparatus, terminal and communication system
CN105657702A (en) * 2016-04-07 2016-06-08 中国联合网络通信集团有限公司 Authentication method, authentication system, authentication method of mobile terminal and mobile terminal
CN105792194B (en) * 2016-04-25 2019-06-28 中国联合网络通信集团有限公司 Authentication method, authentication device, the network equipment, the Verification System of base station legitimacy
CN105873036A (en) * 2016-05-19 2016-08-17 郑建钦 Safe AP (access point) information processing method
CN108616540B (en) * 2018-05-09 2020-09-01 聚龙股份有限公司 Platform authentication method and system based on cross-platform encryption algorithm and declarative filtering authentication

Also Published As

Publication number Publication date
CN101083843A (en) 2007-12-05

Similar Documents

Publication Publication Date Title
CN100574511C (en) The method and system of opposite end identity validation in a kind of mobile terminal communication
CN108270571A (en) Internet of Things identity authorization system and its method based on block chain
KR101508360B1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
JP4866863B2 (en) Security code generation method and user device
CN102144381B (en) Verifying authenticity of voice mail participants in telephony networks
CN102625294B (en) Method for managing mobile service by taking universal serial bus (USB) as virtual subscriber identity module (SIM) card
CN101720071B (en) Short message two-stage encryption transmission and secure storage method based on safety SIM card
US8302175B2 (en) Method and system for electronic reauthentication of a communication party
CA2457493A1 (en) Data certification method and apparatus
JP2005122567A (en) Information processing method and system delegating authentication information between devices
CN101917710A (en) Method, system and related device for mobile internet encryption communication
WO2017201809A1 (en) Communication method and system for terminal
KR20090089394A (en) Secure password distribution to a client device of a network
CN104683107B (en) Digital certificate keeping method and device, digital signature method and device
WO2008030184A1 (en) Improved authentication system
CN101621794A (en) Method for realizing safe authentication of wireless application service system
CN104247481A (en) Secure communication system and method
CN103401686A (en) User Internet identity authentication system and application method thereof
CN107483430A (en) A kind of testimony of a witness unification authentication method and device of the cloud identification of identity-based card
CN105743859B (en) A kind of method, apparatus and system of light application certification
US10044684B2 (en) Server for authenticating smart chip and method thereof
Go et al. Wireless authentication protocol preserving user anonymity
Weerasinghe et al. Security framework for mobile banking
TWI640189B (en) System for verifying a user's identity of telecommunication certification and method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20091223

Termination date: 20160717