CN102036242A - Access authentication method and system in mobile communication network - Google Patents
Access authentication method and system in mobile communication network Download PDFInfo
- Publication number
- CN102036242A CN102036242A CN2009101763930A CN200910176393A CN102036242A CN 102036242 A CN102036242 A CN 102036242A CN 2009101763930 A CN2009101763930 A CN 2009101763930A CN 200910176393 A CN200910176393 A CN 200910176393A CN 102036242 A CN102036242 A CN 102036242A
- Authority
- CN
- China
- Prior art keywords
- ilr
- authentication
- access server
- asn
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an access authentication method in a mobile communication network. The method comprises the following steps that: a user terminal generates a random number RANDUE, and acquires a random number RANDILR generated by route identification (RID) and an identity location register (ILR) of an access service node (ASN) in a network when needing to perform authentication; the user terminal calculates to obtain an authentication result RES2ILR by using a pre-shared key K1 and sends the RES2ILR to the ASN; the ASN generates a random number RANDASN and sends the RES2ILR and the random number RANDASN to the ILR; and the ILR calculates to obtain an authentication result XRES2ILR by using the pre-shared key K1 and compares the XRES2ILR with the received RES2ILR; and if the XRES2ILR is consistent with the RES2ILR, the access authentication is successful. Correspondingly, the invention also provides a system for implementing the method. Through the method and the system, Man-in-the-Middle attacks caused by an unreliable network can be effectively avoided.
Description
Technical field
The present invention relates to field of mobile communication, relate in particular to the method and system of the access authentication in a kind of mobile communication network.
Background technology
Access authentication is the primary demand of the normal operation of safety of a communication network, utilizes access authentication, the discriminating user identity that network can be correct, and give the professional ability that validated user is contracted, and prevent that other users from usurping business, guarantee the correctness of chargeing.
Present WCDMA (Wideband Code Division Multiple Access; Wideband Code Division Multiple Access (WCDMA)) AKA that is adopted (Authentication and Key Agreement; authentication and key agreement) authentication method is one of more perfect authentication method; shared key mode has been adopted in the WCDMA authentication; the USIM of user terminal (Universal Subscriber Identity Module; whole world Subscriber Identity Module) card and HLR (Home Location Register; attaching position register) there is a shared key K between; simultaneously; generate random number RA ND by HLR; then by several proprietary algorithms; generate AUTN (authentication token); XRES (Expected Response value); CK (encryption key) and IK (integrity protection key); these four parameters are together with random number RA ND; generate authentication five-tuple vector; HLR is with XRES then; AUTN; RAND is delivered to SGSN (Serving GPRS Support Node; Serving GPRS Support Node); SGSN preserves XRES; and random number RA ND and AUTN be delivered to UE (User Equipment; user terminal); UE utilizes RAND and shared key K to calculate AUTN; whether the AUTN that calculates of comparison is consistent with the AUTN that biography is come then; if consistent then what show that terminal inserts is legal network, if inconsistent explanation would be the network of personation.
After UE determines that the network that is inserted is legitimate network, it will calculate RES (authentication response) according to random number RA ND and key K, UE turns back to SGSN with RES then, SGSN judges whether the RES of UE transmission is consistent with the XRES that HLR sends, if consistent the explanation is that terminal UE is a validated user, if inconsistent, think that then UE is illegal user.As can be seen, this AKA algorithm has adopted two-way authentication, has solved problems such as access authentication, encryption and completeness check well, becomes a kind of classical authentication method and by the 3G network extensive use.
This AKA authentication method of WCDMA is the parameters for authentication of transmitting by expressly between HLR and the SGSN, and this method is that to be based upon each SGSN node all credible, and SGSN is under the strict reliable situation to the message pathway of HLR.If but this authentication is used for the interconnected network based on IP, because having mulitpath between two networks of IP network links to each other, if the intermediate node that a paths arranged is safety inadequately, revise the parameters for authentication of being transmitted as the middle forward node in the path, just may form man-in-the-middle attack, as shown in Figure 1.
In Fig. 1, if adopt the IP network transmission between SGSN and the HLR, in the process of transmission, if one of them middle node MN (as router) is a malicious node, after these middle node MN intercepting and capturing SGSN is dealt into the authentication message of HLR, with the SGSN routing information change in the UE registration message that mails to HLR of SGSN is the route of malicious node SGSN_mal, after revising through middle node MN like this, though user's registration still can be successful, but the user on-position of HLR record is SGSN_mal rather than SGSN, if other users send data to this UE like this, other user place access servers need be inquired about the current location of UE to HLR, but the UE access point routing iinformation that HLR returns is the information of malicious node SGSN_mal, formerly like this should be sent to the packet that SGSN is transmitted to UE, but be sent to SGSN_mal, thereby caused a kind of typical man-in-the-middle attack.
As can be seen from the above, under the authentication mechanism of WCDMA, because the AKA authentication time do not protect access point SGSN routing iinformation, thereby HLR and terminal even ASN do not know whether there is man-in-the-middle attack, therefore can't do rational strick precaution.
Summary of the invention
The technical problem to be solved in the present invention provides the method and system of the access authentication in a kind of mobile communication network, can take precautions against man-in-the-middle attack, is particularly useful for IP-based mobile communications network.
In order to address the above problem, the invention provides the method for the access authentication in a kind of mobile communication network, comprising: identity location register (ILR) specifically comprises the steps: the access authentication procedure of user terminal
When described user terminal need authenticate, produce random number RA ND
UE, and obtain the Route Distinguisher (RID) of access server in network and the random number RA ND of described ILR generation
ILR
Described user terminal utilizes wildcard K1, by the second message integrity check algorithm second parameters for authentication is calculated authentication result RES
2ILR, and with this authentication result RES
2ILRSend to described access server;
Described access server is received described authentication result RES
2ILRAfter, produce random number RA ND
ASN, and with described authentication result RES
2ILRWith described random number RA ND
ASNSend to described ILR;
Described ILR utilizes described wildcard K1, by the second message integrity check algorithm second parameters for authentication is calculated authentication result XRES
2ILR, and with this authentication result XRES
2ILRWith the authentication result RES that receives
2ILRCompare, if described authentication result XRES
2ILRWith described authentication result RES
2ILRUnanimity, described access authentication passes through; Otherwise, described access authentication failure;
Wherein, the described wildcard K1 wildcard that is described user terminal and described ILR; Described second parameters for authentication comprises described random number RA ND
UE, described random number RA ND
ILR, User Identity symbol (SID) and described RID be parameter.
Further, said method also has following specific:
Described access server produces random number RA ND
ASNAfter, and with described authentication result RES
2ILRWith described random number RA ND
ASNSending to described ILR further comprises the steps:
Described access server is with described authentication result RES
2ILRWith random number RA ND
ASNPKI with described ILR adopts rivest, shamir, adelman to encrypt back generation enciphered data E2; Described access server sends to described ILR with this enciphered data E2;
Described ILR calculates described authentication result XRES
2ILRAlso comprise before:
Described ILR is with the private key K of described ILR
iTo described enciphered data E2 deciphering, obtain described authentication result RES
2ILRWith described random number RA ND
ASN
Further, said method also has following specific:
Described access server sends to described ILR with described enciphered data E2 and further comprises the steps:
Described access server is with the private key K of described access server
aDescribed enciphered data E2 is carried out digital signature SIGN
ASNDescribed access server is with described enciphered data E2 and described digital signature SIGN
ASNSend to described ILR;
Described ILR also comprises before described enciphered data E2 is deciphered:
Described ILR is with the PKI K of described access server
ASNCheck digit signature SIGN
ASNCorrectness, if correct, continue to carry out the private key K of described ILR with described ILR
iStep to described enciphered data E2 deciphering.
Further, said method also has following specific:
Before the access authentication procedure of described ILR to described user terminal, also comprise of the authentication of described user terminal, specifically comprise the steps: described ILR
When user terminal needs access authentication, with described SID and described random number RA ND
UESend to described access server;
Described SID that described access server will receive and random number RA ND
UE, together with the PKI K of described access server
ASNAnd described RID sends to described ILR;
Described ILR utilizes described wildcard K1 by the first message integrity check algorithm first parameters for authentication to be calculated authentication result RES
2UE, and use described K
ASNAfter adopting rivest, shamir, adelman that first encryption parameter is encrypted, enciphered data E1 is sent to described access server; Wherein, described first parameters for authentication comprises described random number RA ND
UEWith random number RA ND
ILRDescribed first encryption parameter comprises described authentication result RES
2UEWith random number RA ND
ILR
Described access server utilizes the private key K of access server
aAfter described enciphered data E1 deciphering, with the authentication result RES that obtains
2UEWith random number RA ND
ILRSend to described user terminal;
Described user terminal is received described authentication result RES
2UEWith random number RA ND
ILRAfter, utilize described wildcard K1 first parameters for authentication to be calculated authentication result XRES by the first message integrity check algorithm
2UEBack and described authentication result RES
2UECompare, if consistent, described user terminal passes through the authentication of described certificate server, otherwise described user terminal is to the authentification failure of described certificate server.
Further, said method also has following specific:
Described ILR also comprises the authentication of described access server to described ILR after the authentication of described user terminal is passed through, and specifically comprises the steps:
The authenticate key K that described ILR utilizes described ILR and described access server to share
AI, the 3rd parameters for authentication is calculated authentication result RES by the 3rd message integrity check algorithm
2ASN, and with the PKI K of described access server
ASNTo obtaining enciphered data E3 after the encryption of second encryption parameter, E3 sends to described access server with this enciphered data; Wherein, described the 3rd parameters for authentication comprises RAND
ASN, RAND
UE, RAND
ILR, RID, the network identifier of ILR (IID) and SID; Described second encryption parameter comprises described authentication result RES
2ASN
After described access server receives described enciphered data E3, with the private key K of described access server
aWith described enciphered data E3 deciphering, extract described RES
2ASN, and with described authenticate key K
AIBy the 3rd message integrity check algorithm the 3rd parameters for authentication is calculated authentication result RES
2ASN
Described access server is with described XRES
2ASNWith described RES
2ASNCompare, if consistent, then described access server passes through the authentication of described ILR; If inconsistent, described access server is to the authentification failure of described ILR.
Further, said method also has following specific:
Described first encryption parameter also comprises the PKI K of described ILR
ILRAnd IID;
Described second encryption parameter also comprises access data encryption key K
ENC, insert the data integrity verifying key K
INT, and in other keys and the parameter one or more;
Wherein, described access data encryption key K
ENCBe that described certificate server utilizes the encryption root key K2 that shares between described user terminal and the described certificate server, with described RAND
UE, RAND
ILR, SID and RID are parameter, adopt the encryption key generating algorithm to calculate;
Described access data integrity verifying key K
INTBe that described certificate server utilizes the Integrity Key K3 that shares between described user terminal and the described certificate server, with described RAND
UE, RAND
ILR, SID and RID are parameter, adopt the completeness check key schedule to calculate.
Further, said method also has following specific:
Described ILR sends to described access server with described enciphered data E3 and further comprises:
Described ILR is with the private key K of described ILR
iGenerate the digital signature SIGN of described enciphered data E3
ILR, and with this digital signature SIGN
ILRSend to described access server with described enciphered data E3;
Described access server also comprises before the described enciphered data E3 deciphering:
Described access server is used earlier described K
ILRCheck digit signature SIGN
ILRCorrectness, if correct, then continue to carry out the private key K that described access server utilizes access server
aStep to described enciphered data E3 deciphering.
Further, said method also has following specific:
Described access server is Serving GPRS Support Node, Gateway GPRS Support Node, packet data support node, gateway packet data gateway or external agent.
Further, said method also has following specific:
Described mobile communication network is IP-based mobile communication network.
Further, said method also has following specific:
Described ILR is attaching position register, home subscriber server, mandate/authentication/accounting server or other certificate servers.
In order to address the above problem, the present invention also provides the system of the access authentication in a kind of mobile communication network, comprises user terminal, access server and identity location register (ILR), wherein:
Described user terminal is used for producing described random number RA ND when needs authenticate
UE, obtain the Route Distinguisher (RID) of described access server in network and the random number RA ND of described ILR generation
ILR, and utilize wildcard K1, by the second message integrity check algorithm second parameters for authentication is calculated authentication result RES
2ILR, with this authentication result RES
2ILRSend to described access server;
Described access server is used to receive described authentication result RES
2ILRAfter, produce random number RA ND
ASN, and with described authentication result RES
2ILRWith described random number RA ND
ASNSend to described ILR;
Described ILR is used to the described authentication result RES that receives that described access server sends
2ILRWith described random number RA ND
ASNAfter, utilize described wildcard K1, by the second message integrity check algorithm second parameters for authentication is calculated authentication result XRES
2ILR, and with this authentication result XRES
2ILRWith the authentication result RES that receives
2ILRCompare, if described authentication result XRES
2ILRWith described authentication result RES
2ILRUnanimity, described access authentication passes through; Otherwise, described access authentication failure;
Wherein, the described wildcard K1 wildcard that is described user terminal and described ILR; Described second parameters for authentication comprises described random number RA ND
UE, described random number RA ND
ILR, User Identity symbol (SID) and described RID be parameter.
Further, said system also has following specific:
Described user also is used for when the needs access authentication described SID and described random number RA ND
UESend to described access server; And receive the random number R ES that described access server sends
2UEWith random number RA ND
ILRAfter, utilize described wildcard K1 first parameters for authentication to be calculated authentication result XRES by the first message integrity check algorithm
2UEBack and described authentication result RES
2UECompare, if consistent, described user terminal passes through the authentication of described certificate server, otherwise described user terminal is to the authentification failure of described certificate server;
Described access server also is used for described SID and the random number RA ND that will receive
UE, together with the PKI K of described access server
ASNAnd described RID sends to described ILR;
Described ILR also is used to utilize described wildcard K1 by the first message integrity check algorithm first parameters for authentication to be calculated authentication result RES
2UE, and use described K
ASNAfter adopting rivest, shamir, adelman that first encryption parameter is encrypted, enciphered data E1 is sent to described access server; Wherein, described first parameters for authentication comprises described authentication result RAND
UEWith random number RA ND
ILRDescribed first encryption parameter comprises described authentication result RES
2UEWith random number RA ND
ILR
Described access server also is used to utilize the private key K of access server
aAfter described enciphered data E1 deciphering, with the authentication result RES that obtains
2UEWith random number RA ND
ILRSend to described user terminal.
Further, said system also has following specific:
Described ILR also is used to the authenticate key K that utilizes described ILR and described access server to share
AI, the 3rd parameters for authentication is calculated authentication result RES by the 3rd message integrity check algorithm
2ASN, and with the PKI K of described access server
ASNTo obtaining enciphered data E3 after the encryption of second encryption parameter, E3 sends to described access server with this enciphered data; Wherein, described the 3rd parameters for authentication comprises RAND
ASN, RAND
UE, RAND
ILR, RID, the network identifier of ILR (IID) and SID; Described second encryption parameter comprises described authentication result RES
2ASN
Described access server also is used for after receiving described enciphered data E3, with the private key K of described access server
aWith described enciphered data E3 deciphering, extract described RES
2ASN, and with described authenticate key K
AIBy the 3rd message integrity check algorithm the 3rd parameters for authentication is calculated authentication result RES
2ASN, and with described authentication result XRES
2ASNWith described authentication result RES
2ASNCompare, if consistent, then described access server passes through the authentication of described ILR; If inconsistent, described access server is to the authentification failure of described ILR.
Said method and system have avoided the man-in-the-middle attack that causes via unreliable network effectively, by with access point routing iinformation and authentication result binding, guarantee that access point is exactly the real access point of user.In one embodiment, can also obtain following advantage:
First: said method and system have all adopted the random number RA ND of node oneself generation separately when ILR or UE calculating authentication result
ILR, RAND
ASN, RAND
UE, this can be avoided the go-between to change random number into non-random numbers, allows UE or ILR generate authentication result and cracks shared key.
Second: said method and system are with the PKI K of ASN and ILR
ASNAnd K
ILRProcess to the other side's distribution is punctured in the authentication and the authentication of ILR to UE of UE to ILR, has guaranteed PKI K
ASNAnd K
ILRCan accurate arrival destination server, avoid the go-between to PKI K
ASNAnd K
ILRIntercepting or replacement have guaranteed the fail safe that follow-up data transmits.
The the 3rd: by three verification process, guaranteed that well network each side all can not be palmed off, guaranteed the fail safe of whole network authentication system.
The the 4th:, guaranteed the key K that produces among the ILR by digital signature
ENCAnd K
INTCan correctly arrive ASN by insecure network, guarantee the access side data safety of transmission from UE to ASN.
Description of drawings
Figure 1 shows that man-in-the-middle attack scene in the authentication mechanism that WCDMA adopted of prior art;
Figure 2 shows that the schematic diagram of the authentication mechanism that the embodiment of the invention adopts.
Embodiment
Describe the specific embodiment of the present invention in detail below in conjunction with accompanying drawing.
UE is when access network, at first must be by the authentication of access service node (ASN:Access Service Node), because mobile subscriber UE often roams into another access point from an access point, identity location register (the ILR Identity Location Register of the ASN that therefore user inserted and storage subscriber identity information and positional information, ILR) often not on same ground, when interconnected, the man-in-the-middle attack of describing among background technology Fig. 1 may appear by IP network or other data networks when both are positioned at zones of different.
Authentication method described in the present embodiment comprises the authentication of ILR to UE at least, can further include UE to the authentication of ILR and the ASN authentication to ILR.
Wherein, ILR can guarantee that to the authentication of UE UE is the validated user of present networks; Authentication can guarantee that the network that inserts is legal network, prevents to palm off network cheating UE to UE to ILR; Authentication can guarantee that ILR is legal certificate server to ASN to ILR, prevents to palm off ILR and joins together to cheat ASN with personation UE, usurps the Radio Resource of ASN preciousness.Utilize these three authentications of mutually merging, avoided the dangerous path that exists between ASN and the ILR fully and by man-in-the-middle attack may, make mobile network's verification process more safe and reliable.
Wherein, ASN can be SGSN, GGSN (Gateway GPRS Support Node, Gateway GPRS Support Node), PDSN (Packet Data Support Node, packet data support node), SGW (Serving Gateway, gateway) or PGW (PDN Gateway, packet data gateway), FA (Foreign Agency, external agent) etc.;
ILR is a logical identifier, in concrete application scenarios can be HLR, home subscriber server (Home Subscriber Server, HSS), mandate/authentication/accounting server (Authorization, Authentication, Accounting, AAA) or other certificate servers.
Simultaneously, the identifier of definition UE, ASN and ILR is respectively SID (Subscriber Identification, User Identity symbol), RID (Route Identification, Route Distinguisher) and IID (Route Distinguisher of ILR in network); Exist between UE and the ILR and share key K 1, K2 and K3; Wherein, K1 is UE and ILR wildcard, the main UE that is responsible for authenticates UE ILR authentication and ILR, K2 is for generating the root key of encryption key, K3 is the root key that is used to generate the completeness check key, K2 and K3 can be made an appointment by UE and ILR, also can be derived by K1, and UE and ILR also possess identifying algorithm f1, f2, f4, f5 respectively.Between ASN and ILR, exist in addition and share key K
AI, and all possess identifying algorithm f3 respectively.
Specifically describe the implementation procedure of present embodiment below:
Step 201: when UE roams into a new access point, will send SID to the ASN of this new access point;
Wherein SID can " insert request information and send, also can directly initiate packet, wherein carry the identification identifier SID of UE by sending.
Whether step 202:ASN checks this SID by authentication after receiving this SID, if not by authentication, then send RID to UE, and indication UE authenticates;
Wherein, ASN can send RID and indicate UE to authenticate by send " needing access authentication " message to UE, also can SID be passed to UE by broadcast mode.
Step 203:UE generates a random number RA ND after receiving the indication that needs authentication
UE, and by " the authenticating network request information is with this RAND
UESend to ASN with SID;
In addition, receive that in order to simplify ASN " processing after the authenticating network request information also can be by UE directly with RAND
UE, SID together and RID send to ASN;
Number average at random herein can be generated by the pseudo random number algorithm in the computer programming language;
Step 204:ASN is with the RAND that receives
UEAnd SID, together with the PKI K of RID and ASN
ASNFour parameter " RAND
UE, SID, RID, K
ASN" by " the authenticating network request information sends to ILR together;
Wherein, if " the needing access authentication " of sending in the step 203 comprises RID, ASN only need add the PKI K of ASN
ASNGet final product;
The PKI K of ASN
ASNMany groups can be arranged, also can generate temporarily, as long as it is just passable to remain unchanged in a user's verification process.
Step 205:ILR receives " authenticating network request information, random number RA ND of generation earlier that ASN sends
ILR, and utilize the shared authenticate key K1 of SID correspondence, with RAND
UE, RAND
ILR, SID, RID be parameter, obtains RES by the f1 algorithm computation
2UE, i.e. RES
2UE=f1
K1(RAND
UE, RAND
ILR, SID, RID), and with the PKI K of ASN
ASNRES
2UE, RAND
ILR, ILR PKI K
ILR, ILR network identifier IID encrypt and to obtain E1, by " authenticating network response " message enciphered data E1 is sent to ASN then;
Preferably, can be with RES
2UE, RAND
ILR, ILR PKI K
ILR, ILR network identifier IID and become a long data string (RES
2UE| RAND
ILR| K
ILR| IID), ILR is to this long data string (RES then
2UE| RAND
ILR| K
ILR| IID) the PKI K of usefulness ASN
ASNEncrypt, obtain
The back sends to ASN by " authenticating network response " message; Wherein, with RES
2UE, RAND
ILR, K
ILRASN can merge with any order with IID and when growing up serial data, as long as can correctly identify this four parameters; As, RES
2UE, RAND
ILR, K
ILR, IID can adopt the length of agreement, the order of agreement is convenient to separate this four parameters according to the order of sequence after ASN receives;
Wherein,
The expression PKI K of ASN
ASNTo the data encryption in the square brackets [], cryptographic algorithm herein can be RSA or Digital Signature Algorithm (Digital Signature Algorithm, any rivest, shamir, adelman such as DSA);
RES
2UEExpression is sent to the authentication calculations result of UE;
F1 is a kind of message integrity identifying algorithm, specific algorithm can adopt MD5 or SHA-1 and other self-defined message digest algorithms etc., the present invention does not specify the specific algorithm of f1, concrete which kind of algorithm that adopts can be determined according to the demand for security of reality operation by operator, be used for UE to the authentication of ILR (network) and ILR to the authentication of UE, in ILR and UE, calculate RES
2UEAnd XRES
2UE, be present among UE and the ILR f1 simultaneously
K1(RAND
UE, RAND
ILR, SID, RID) expression RAND
UE, RAND
ILR, SID and RID be as input parameter, adopts the result of wildcard K1 through the computing of f1 algorithm;
After step 206:ASN receives " authenticating network response " message that ILR sends, utilize the private key K of ASN
aRight
Deciphering obtains RES
2UEAnd RAND
ILR, and send to UE;
At this moment, ASN can also further write down K
ILRAnd IID, be used for receiving ILR has transmitted data encryption key K from UE to ASN as ASN
ENCIntegrity Key K
INTAfter, when need encrypting with completeness check, the data flow between UE and ASN uses; When not needing to encrypt the shared safe key with service needed such as data integrity verifyings between UE and the ASN iff being used to authenticate, also can not comprise K in step 205 and the step 206
ILRAnd IID.
Step 207:UE receives RES
2UEAnd RAND
ILRAfter, utilize the f1 algorithm to obtain XRES
2UE, i.e. XRES
2UE=f1
K1(RAND
UE, RAND
ILR, SID, RID) back and RES
2UECompare, ILR authenticated:
If inconsistent, then notify the ASN authentification failure; If consistent, UE passes through the authentication of ILR;
If UE is to XRES
2UEAnd RES
2UEComparative result be consistent, can continue the authentication of ILR to UE, at this moment, UE further sends " authentication terminal request " message to ASN, wherein carries with RAND
UE, RAND
ILR, SID, RID be parameter, with wildcard K1 and the authentication result RES that returns to ILR that adopts the f2 algorithm computation to go out
2ILR, that is: RES
2ILR=f2
K1(RAND
UE, RAND
ILR, SID, RID);
Wherein, if UE passes through XRES
2UEAnd RES
2UECompare, the result is that the two is inconsistent, illustrates that then network is illegal, has perhaps suffered man-in-the-middle attack;
The f1 algorithm of terminal is identical with f1 algorithm on the ILR;
RES
2ILRExpression is sent to the authentication calculations result of ILR;
F2
KI(RAND
UE, RAND
ILR, SID, RID) expression RAND
UE, RAND
ILR, SID, RID be as input parameter, adopt and share the result of authenticate key K1 through the computing of f2 algorithm;
It is pointed out that this paper does not specify the specific algorithm of f2, use RAND as long as satisfy
UE, RAND
ILR, SID, RID be as input parameter, adopt to share authenticate key K1 and get final product, as being canonical algorithms such as MD5 or SHA-1, perhaps other self-defined algorithms through the f2 algorithm;
Step 208:ASN generates a random number RA ND after receiving " authentication terminal request " message that terminal sends
ASN, and use PKI K
ILRTo RES
2ILRAnd RAND
ASNEncrypt, obtain E2, use the private key K of ASN again
aEnciphered data E2 is carried out digital signature SIGN
ASN, then with enciphered data E2 and digital signature SIGN
ASNSend to certificate server ILR by " authentication terminal request ";
Wherein, ASN can be with the random number RA ND that generates
ASNWith RES
2ILROrder by appointment and length are merged into a serial data RES
2ILR| RAND
ASN, that is to say, also can adopt serial data RAND
ASN| RES
2ILRAs long as just passable by about definite sequence and length, hereinafter the order of the parameter in the serial data also is to get final product by about definite sequence and length.ASN uses the PKI K of ILR then
ILRThis string is encrypted, formed data encrypted E2, as
The expression PKI K of certificate server ILR
ILRTo the result that the data encryption in the square brackets [] obtains, cryptographic algorithm herein equally also can be rivest, shamir, adelmans such as RSA or DSA;
After step 209:ILR receives " authentication terminal request " message that ASN sends, with the PKI K of ASN
ASNCheck digit signature SIGN
ASNCorrectness, if correct, then use the private key K of ILR
iTo enciphered data E2 (as
) be decrypted, obtain RES
2ILRAnd RAND
ASN, use f2 algorithm computation XRES then
2ILR=f2
K1(RAND
UE, RAND
ILR, SID, RID), and with this XRES
2ILRThe RES that obtains with deciphering
2ILR(be the RES that UE sends
2ILR) compare, if inconsistent, then notify the ASN authentification failure; If consistent, then authentication is passed through;
After ILR passes through the authentication of UE, can also further begin the verification process of ASN to ILR, at this moment, ILR utilizes the shared key K of itself and ASN
AI, adopt the f3 algorithm computation
Adopt the encryption root key K2 that shares between f4 algorithm and UE and the ILR to calculate access data encryption key K between UE and the ASN simultaneously
ENC=f4
K2(RAND
UE, RAND
ILR, SID, RID); And by the completeness check root key K3 that shares calculating UE between f5 algorithm and UE and the ILR and the access data integrity verifying key K between the ASN
INT=f5
K3(RAND
UE, RAND
ILR, SID, RID), the calculation of integrity key K
INTDeng; Use the PKI K of ASN then
ASNTo RES
2ASN, K
ENCAnd K
INTObtain an enciphered data after the encryption, and with the private key K of ILR
iGenerate the digital signature SIGN of this enciphered data
ILR, and pass through " authentication is passed through " message with enciphered data and SIGN
ILRSend to ASN.
Wherein, if XRES
2ILRWith RES
2ILRResult relatively is inconsistent, illustrates that then terminal UE palms off, and man-in-the-middle attack is perhaps arranged;
This paper does not specifically define the f3 algorithm equally;
This paper does not define the specific algorithm of f4, f5 equally.
Can be with RES
2ASN, K
ENCAnd K
INT(with the order and the length of arbitary convention) also is connected into a long data string, as being RES
2ASN| K
ENC| K
INT, use the PKI K of ASN then
ASNTo this and the long data after connecing serially add the close E3 of obtaining, promptly
And with the private key K of ILR
iData encrypted E3 is carried out digital signature.
In addition, " authentication by " of this step can further include key or parameter that other need send to ASN from ILR, is delivered to ASN etc. as also the handover key of UE being included.
F1, f2, f3 is the message integrity check algorithm, can can be identical or different message integrity check algorithms for MD5 or SHA-1 or other self-defining Message Digest 5s etc., f4 be the encryption key generating algorithm, f5 is the completeness check key schedule, general different with the front of these two kinds of algorithms, above-mentioned algorithm can be by operator oneself setting, and the present invention does not specify specific algorithm.Distribution and storage place about these algorithms, for terminal, generally fire in the SIM/USIM/UIM card or be integrated in the terminal software, for certificate server, generally be stored in the database of ILR with cipher mode, to all user f1~f5 algorithms all is identical, different just shared key K 1, K2, K3.In the reality operation, operator generally also maintains secrecy f1~f5 to external world, to guarantee better fail safe.
After " authentication by " message that step 210:ASN receives that ILR sends, earlier with the PKI K of ILR
ILRThe correctness of check digit signature is used the private key K of ASN then
aWith enciphered data E3 deciphering, extract RES
2ASN, K
ENCAnd K
INT, ASN key K then
AIAnd f3 algorithm computation
And with XRES
2ASNAnd RES
2ASNCompare, if inconsistent, authentification failure; If consistent, then send " message is passed through in authentication " to UE;
Wherein, ASN can also preserve K further
ENCAnd K
INT, be respectively applied for follow-up encryption and completeness check to the data transmitted between UE and the ASN;
As ASN XRES
2ASNAnd RES
2ASNWhen comparing, if inconsistent, explanation is that user UE and two of ILR join together to cheat ASN.
Step 211: terminal UE calculates K respectively after receiving " authentication is passed through " message
ENCAnd K
INT, in the data interaction of follow-up and ASN, can utilize these two keys that the data between UE and the ASN are encrypted and completeness check according to system requirements.
Wherein, K
ENC=f4
K2(RAND
UE, RAND
ILR, SID, RID);
K
INT=f5
K3(RAND
UE,RAND
ILR,SID,RID)。
The present invention is by RID and PKI K with ASN
ASNAnd the PKI K of ILR
ILRParameter as UE and ILR two-way authentication, utilize the shared authenticate key K1 between UE and the ILR to calculate a plurality of parameters, and by drawing authentication result after a plurality of parameter hybrid operations, thereby realize that ILR to the ILR two-way authentication time, has also guaranteed RID and the PKI K of access server ASN to the authentication of UE and UE
ASNWhat energy was correct is sent to ILR from ASN, has also guaranteed the PKI K of ILR simultaneously
ILRCan correctly be sent to ASN, and in ILR, generate encryption key K from ILR
ENCWith completeness check key K INT can be correct be sent to ASN from ILR.
In addition, the present invention has also added the authentication of ASN to ILR, thereby the trust of having avoided UE and ILR to palm off simultaneously gaining ASN by cheating is used the situation of network.
In the above-described embodiments, there are several means to detect and whether produced man-in-the-middle attack:
At first, after UE receives the authenticating network response message that ILR sends, utilize and share key K 1 and access point identity RID, User Identity SID and correlation random number RAND
UEAnd RAND
ILRThe authentication result XRES that calculates
2UEThe RES that sends with ILR
2UEInconsistent, think to have produced man-in-the-middle attack.
Equally, if after ILR receives the authentication terminal request message that UE sends, utilize and share key K 1 and access point identity RID, User Identity SID and correlation random number RAND
UEAnd RAND
ILRThe authentication result XRES that calculates
2ILRThe RES that sends with ILR
2ILRInconsistent, think to have produced man-in-the-middle attack.
In addition, if ASN receives the RES that ILR sends
2ASNXRES with ASN oneself calculating
2ASNInconsistent, also think to have produced man-in-the-middle attack.
Two digital signature SIGN
ASNAnd SIGN
ILRAlso think man-in-the-middle attack has taken place if result who transmits and result of calculation is inconsistent.
By above-mentioned flow process, realized:
1, terminal UE has prevented the network attack of personation to the authentication of certificate server ILR.
2, certificate server ILR has prevented that to the authentication of terminal UE the terminal of personation from inserting.
3, access server ASN has prevented that to the authentication of certificate server ILR the terminal and the certificate server of personation from cheating ASN. simultaneously
4, RID and K have correctly been transmitted from ASN
ASNTo ILR, IID and K have correctly been transmitted from ILR
ILRTo ASN, between ASN and ILR, set up escape way, the shared key at UE of being convenient to follow-up other ILR generations is transferred to ASN by this escape way.
5, correctly transmitted K from ILR
ENCAnd K
INTTo ASN, the access side between UE and ASN has been set up the secure data transmission passage.
Correspondingly, present embodiment gives a kind of realization system for carrying out said process, comprises user terminal, access server and certificate server, wherein:
User terminal is used for when described user terminal needs access authentication, produces a random number RA ND
UE, and with User Identity symbol (SID) and random number RA ND
UESend to access server; And user terminal receives that access server sends RES
2UEAnd RAND
ILRAfter, utilize the f1 algorithm to obtain XRES
2UEBack and RES
2UECompare, if consistent, user terminal passes through the authentication of described certificate server, if inconsistent, user terminal is to the authentification failure of certificate server;
Access server is used for SID and the random number RA ND that will receive
UE, together with the PKI (K of access server
ASN) and the Route Distinguisher (RID) of access server in network send to certificate server; And utilize its private key K
aAfter the enciphered data E1 deciphering that certificate server is sent, with the RES that obtains
2UEAnd RAND
ILRSend to user terminal
Certificate server is used to utilize described RID and K
ASNGenerate RAND
ILR, and utilize the shared authenticate key K1 of SID correspondence, with RAND
UEAnd RAND
ILRBe parameter, obtain RES by the f1 algorithm computation
2UE, and use K
ASNRES
2UEAnd RAND
ILREncrypt, and the enciphered data E1 after will encrypting sends to access server;
Wherein, described f1 algorithm is a kind of identifying algorithm, is used for the authentication of user terminal to certificate server, is present in user terminal and the certificate server simultaneously.
Also comprise among the enciphered data E1 and use described K
ASNPKI (the K of the certificate server of encrypting
ILR) and the network identifier (IID) of certificate server;
User terminal utilizes the f1 algorithm to obtain XRES
2UEBack and RES
2UEAfter comparing, user terminal, access server and certificate server also are used for:
User terminal, if also be used for inconsistent, the failure of user terminal notice access server authentication; If consistent, user terminal sends authentication terminal request message to access server, wherein carries and utilizes K1, with RAND
UE, RAND
ILR, SID and RID be parameter, the authentication result RES that returns to certificate server that adopts the f2 algorithm computation to go out
2ILR
Access server, be used to receive authentication terminal request message after, generate random number RA ND
ASN, and use K
ILRTo RES
2ILRAnd RAND
ASNAfter the encryption enciphered data E2 is sent to certificate server;
Certificate server is used to utilize the private key K of certificate server
iThe enciphered data E2 deciphering that access server is sent obtains RES
2ILRAnd RAND
ASN, utilize K1 then, with RAND
UE, RAND
ILR, SID and RID be parameter, goes out XRES with the f2 algorithm computation
2ILR, and with this XRES
2ILRThe RES that obtains with deciphering
2ILRCompare, if consistent, certificate server passes through the authentication of user terminal; If inconsistent, certificate server is to the authentification failure of user terminal.
Described f2 is a kind of identifying algorithm, is present in simultaneously to be present in simultaneously in user terminal and the certificate server.
After certificate server passed through the authentication of described user terminal, access server and certificate server also were used for:
Certificate server is used to utilize the shared key K of itself and access server
AI, with RAND
ASN, RAND
UE, RAND
ILR, RID, IID and SID are as parameter, with f3 algorithm computation RES
2ASN, and with the PKI K of access server
ASNTo RES
2ASNObtain an enciphered data E3 after the encryption, E3 sends to access server with this enciphered data;
Access server, be used to receive enciphered data E3 after, with the private key K of access server
aWith enciphered data E3 deciphering, extract RES
2ASN, and with XRES
2ASNAnd RES
2ASNCompare, if inconsistent, access server is to the authentification failure of certificate server; If consistent, then access server passes through the authentication of certificate server;
Described f3 algorithm is a kind of identifying algorithm, is present in simultaneously between access server and the certificate server.
In sum, this method has following advantage:
First, because the present invention is when UE and ILR both sides calculate authentication result, the Route Distinguisher RID that has added access server calculates, the Route Distinguisher that makes the ASN that UE sees from mechanism is consistent with the Route Distinguisher of the ASN that ILR sees, guarantee RID and actual insert consistent that the user that registers among the ILR inserts, avoided the go-between to revise that access server identifies RID and the man-in-the-middle attack that produces;
The second, this programme has all adopted the random number RA ND of node oneself generation separately when certificate server ILR or terminal UE calculating authentication result
ILR, RAND
ASN, RAN
DUE, this can be avoided the go-between to change random number into non-random numbers, as complete 0 character string, allows UE or ILR generate authentication result and guesses shared key.
For instance, if random number is generated by the other side entirely, if signaling is intercepted by the go-between, the go-between just can be revised as random number not at random a numerical value, as 00000000, transfer to UE result of calculation then, parameter 00000000 and authentication response RES have so just been arranged
UEA results of comparison.The go-between changes random number into 00000001 more then, and then calculates results of comparison by UE.After repeatedly repeating, the go-between may just break through the shared key of UE.
In WCDMA, have only the HLR server to produce random number, UE does not produce random number, therefore in WCDMA, can not get rid of the possibility of above-mentioned attack UE.And in the solution of the present invention, because UE, ILR and ASN produce random number separately, therefore having stopped the go-between revises the possibility that random number forms attack, thereby has guaranteed to share in the access authentication fail safe of key.
The 3rd, this programme is cleverly with the PKI K of ASN and ILR
ASNAnd K
ILRProcess to the other side's distribution is punctured in the authentication and the authentication of ILR to UE of UE to ILR, has guaranteed PKI K
ASNAnd K
ILRCan accurate arrival destination server, avoid the go-between to PKI K
ASNAnd K
ILRIntercepting or replacement have guaranteed the fail safe that follow-up data transmits.
The 4th, three verification process used herein have guaranteed that well network each side all can not be palmed off, and have guaranteed the fail safe of whole network authentication system.
The 5th, by digital signature, guaranteed the key K that produces among the ILR
ENCAnd K
INTCan correctly arrive ASN by insecure network, guarantee the access side data safety of transmission from UE to ASN.
In addition, the noun that the present invention relates to is abridged as following table:
Claims (13)
1. the method for the access authentication in the mobile communication network is characterized in that described mobile communication network comprises the access authentication procedure of identity location register (ILR) to user terminal, and described method specifically comprises the steps:
When described user terminal need authenticate, produce random number RA ND
UE, and obtain the Route Distinguisher (RID) of access server in network and the random number RA ND of described ILR generation
ILR
Described user terminal utilizes wildcard K1, by the second message integrity check algorithm second parameters for authentication is calculated authentication result RES
2ILR, and with this authentication result RES
2ILRSend to described access server;
Described access server is received described authentication result RES
2ILRAfter, produce random number RA ND
ASN, and with described authentication result RES
2ILRWith described random number RA ND
ASNSend to described ILR;
Described ILR utilizes described wildcard K1, by the second message integrity check algorithm second parameters for authentication is calculated authentication result XRES
2ILR, and with this authentication result XRES
2ILRWith the authentication result RES that receives
2ILRCompare, if described authentication result XRES
2ILRWith described authentication result RES
2ILRUnanimity, described access authentication passes through; Otherwise, described access authentication failure;
Wherein, the described wildcard K1 wildcard that is described user terminal and described ILR; Described second parameters for authentication comprises described random number RA ND
UE, described random number RA ND
ILR, User Identity symbol (SID) and described RID be parameter.
2. the method for claim 1 is characterized in that,
Described access server produces random number RA ND
ASNAfter, and with described authentication result RES
2ILRWith described random number RA ND
ASNSending to described ILR further comprises the steps:
Described access server is with described authentication result RES
2ILRWith random number RA ND
ASNPKI with described ILR adopts rivest, shamir, adelman to encrypt back generation enciphered data E2; Described access server sends to described ILR with this enciphered data E2;
Described ILR calculates described authentication result XRES
2ILRAlso comprise before:
Described ILR is with the private key K of described ILR
iTo described enciphered data E2 deciphering, obtain described authentication result RES
2ILRWith described random number RA ND
ASN
3. method as claimed in claim 2 is characterized in that, described access server sends to described ILR with described enciphered data E2 and further comprises the steps:
Described access server is with the private key K of described access server
aDescribed enciphered data E2 is carried out digital signature SIGN
ASNDescribed access server is with described enciphered data E2 and described digital signature SIGN
ASNSend to described ILR;
Described ILR also comprises before described enciphered data E2 is deciphered:
Described ILR is with the PKI K of described access server
ASNCheck digit signature SIGN
ASNCorrectness, if correct, continue to carry out the private key K of described ILR with described ILR
iStep to described enciphered data E2 deciphering.
4. the method for claim 1 is characterized in that, before the access authentication procedure of described ILR to described user terminal, also comprises the authentication of described user terminal to described ILR, specifically comprises the steps:
When user terminal needs access authentication, with described SID and described random number RA ND
UESend to described access server;
Described SID that described access server will receive and random number RA ND
UE, together with the PKI K of described access server
ASNAnd described RID sends to described ILR;
Described ILR utilizes described wildcard K1 by the first message integrity check algorithm first parameters for authentication to be calculated authentication result RES
2UE, and use described K
ASNAfter adopting rivest, shamir, adelman that first encryption parameter is encrypted, enciphered data E1 is sent to described access server; Wherein, described first parameters for authentication comprises described random number RA ND
UEWith random number RA ND
ILRDescribed first encryption parameter comprises described authentication result RES
2UEWith random number RA ND
ILR
Described access server utilizes the private key K of access server
aAfter described enciphered data E1 deciphering, with the authentication result RES that obtains
2UEWith random number RA ND
ILRSend to described user terminal;
Described user terminal is received described authentication result RES
2UEWith random number RA ND
ILRAfter, utilize described wildcard K1 first parameters for authentication to be calculated authentication result XRES by the first message integrity check algorithm
2UEBack and described authentication result RES
2UECompare, if consistent, described user terminal passes through the authentication of described certificate server, otherwise described user terminal is to the authentification failure of described certificate server.
5. method as claimed in claim 4 is characterized in that, described ILR also comprises the authentication of described access server to described ILR after the authentication of described user terminal is passed through, and specifically comprises the steps:
The authenticate key K that described ILR utilizes described ILR and described access server to share
AI, the 3rd parameters for authentication is calculated authentication result RES by the 3rd message integrity check algorithm
2ASN, and with the PKI K of described access server
ASNTo obtaining enciphered data E3 after the encryption of second encryption parameter, E3 sends to described access server with this enciphered data; Wherein, described the 3rd parameters for authentication comprises RAND
ASN, RAND
UE, RAND
ILR, RID, the network identifier of ILR (IID) and SID; Described second encryption parameter comprises described authentication result RES
2ASN
After described access server receives described enciphered data E3, with the private key K of described access server
aWith described enciphered data E3 deciphering, extract described RES
2ASN, and with described authenticate key K
AIBy the 3rd message integrity check algorithm the 3rd parameters for authentication is calculated authentication result RES
2ASN
Described access server is with described XRES
2ASNWith described RES
2ASNCompare, if consistent, then described access server passes through the authentication of described ILR; If inconsistent, described access server is to the authentification failure of described ILR.
6. method as claimed in claim 5 is characterized in that,
Described first encryption parameter also comprises the PKI K of described ILR
ILRAnd IID;
Described second encryption parameter also comprises access data encryption key K
ENC, insert the data integrity verifying key K
INT, and in other keys and the parameter one or more;
Wherein, described access data encryption key K
ENCBe that described certificate server utilizes the encryption root key K2 that shares between described user terminal and the described certificate server, with described RAND
UE, RAND
ILR, SID and RID are parameter, adopt the encryption key generating algorithm to calculate;
Described access data integrity verifying key K
INTBe that described certificate server utilizes the Integrity Key K3 that shares between described user terminal and the described certificate server, with described RAND
UE, RAND
ILR, SID and RID are parameter, adopt the completeness check key schedule to calculate.
7. as claim 5 or 6 described methods, it is characterized in that described ILR sends to described access server with described enciphered data E3 and further comprises:
Described ILR is with the private key K of described ILR
iGenerate the digital signature SIGN of described enciphered data E3
ILR, and with this digital signature SIGN
ILRSend to described access server with described enciphered data E3;
Described access server also comprises before the described enciphered data E3 deciphering:
Described access server is used earlier described K
ILRCheck digit signature SIGN
ILRCorrectness, if correct, then continue to carry out the private key K that described access server utilizes access server
aStep to described enciphered data E3 deciphering.
8. the method for claim 1 is characterized in that:
Described access server is Serving GPRS Support Node, Gateway GPRS Support Node, packet data support node, gateway packet data gateway or external agent.
9. the method for claim 1, it is characterized in that: described mobile communication network is IP-based mobile communication network.
10. the method for claim 1 is characterized in that:
Described ILR is attaching position register, home subscriber server, mandate/authentication/accounting server or other certificate servers.
11. the system of the access authentication in the mobile communication network is characterized in that described system comprises user terminal, access server and identity location register (ILR); Wherein,
Described user terminal is used for producing described random number RA ND when needs authenticate
UE, obtain the Route Distinguisher (RID) of described access server in network and the random number RA ND of described ILR generation
ILR, and utilize wildcard K1, by the second message integrity check algorithm second parameters for authentication is calculated authentication result RES
2ILR, with this authentication result RES
2ILRSend to described access server;
Described access server is used to receive described authentication result RES
2ILRAfter, produce random number RA ND
ASN, and with described authentication result RES
2ILRWith described random number RA ND
ASNSend to described ILR;
Described ILR is used to the described authentication result RES that receives that described access server sends
2ILRWith described random number RA ND
ASNAfter, utilize described wildcard K1, by the second message integrity check algorithm second parameters for authentication is calculated authentication result XRES
2ILR, and with this authentication result XRES
2ILRWith the authentication result RES that receives
2ILRCompare, if described authentication result XRES
2ILRWith described authentication result RES
2ILRUnanimity, described access authentication passes through; Otherwise, described access authentication failure;
Wherein, the described wildcard K1 wildcard that is described user terminal and described ILR; Described second parameters for authentication comprises described random number RA ND
UE, described random number RA ND
ILR, User Identity symbol (SID) and described RID be parameter.
12. system as claimed in claim 11 is characterized in that:
Described user also is used for when the needs access authentication described SID and described random number RA ND
UESend to described access server; And receive the random number R ES that described access server sends
2UEWith random number RA ND
ILRAfter, utilize described wildcard K1 first parameters for authentication to be calculated authentication result XRES by the first message integrity check algorithm
2UEBack and described authentication result RES
2UECompare, if consistent, described user terminal passes through the authentication of described certificate server, otherwise described user terminal is to the authentification failure of described certificate server;
Described access server also is used for described SID and the random number RA ND that will receive
UE, together with the PKI K of described access server
ASNAnd described RID sends to described ILR;
Described ILR also is used to utilize described wildcard K1 by the first message integrity check algorithm first parameters for authentication to be calculated authentication result RES
2UE, and use described K
ASNAfter adopting rivest, shamir, adelman that first encryption parameter is encrypted, enciphered data E1 is sent to described access server; Wherein, described first parameters for authentication comprises described authentication result RAND
UEWith random number RA ND
ILRDescribed first encryption parameter comprises described authentication result RES
2UEWith random number RA ND
ILR
Described access server also is used to utilize the private key K of access server
aAfter described enciphered data E1 deciphering, with the authentication result RES that obtains
2UEWith random number RA ND
ILRSend to described user terminal.
13., it is characterized in that as claim 11 or 12 described systems:
Described ILR also is used to the authenticate key K that utilizes described ILR and described access server to share
AI, the 3rd parameters for authentication is calculated authentication result RES by the 3rd message integrity check algorithm
2ASN, and with the PKI K of described access server
ASNTo obtaining enciphered data E3 after the encryption of second encryption parameter, E3 sends to described access server with this enciphered data; Wherein, described the 3rd parameters for authentication comprises RAND
ASN, RAND
UE, RAND
ILR, RID, the network identifier of ILR (IID) and SID; Described second encryption parameter comprises described authentication result RES
2ASN
Described access server also is used for after receiving described enciphered data E3, with the private key K of described access server
aWith described enciphered data E3 deciphering, extract described RES
2ASN, and with described authenticate key K
AIBy the 3rd message integrity check algorithm the 3rd parameters for authentication is calculated authentication result RES
2ASN, and with described authentication result XRES
2ASNWith described authentication result RES
2ASNCompare, if consistent, then described access server passes through the authentication of described ILR; If inconsistent, described access server is to the authentification failure of described ILR.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910176393.0A CN102036242B (en) | 2009-09-29 | 2009-09-29 | Access authentication method and system in mobile communication network |
| PCT/CN2010/076174 WO2011038620A1 (en) | 2009-09-29 | 2010-08-20 | Access authentication method, apparatus and system in mobile communication network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910176393.0A CN102036242B (en) | 2009-09-29 | 2009-09-29 | Access authentication method and system in mobile communication network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102036242A true CN102036242A (en) | 2011-04-27 |
| CN102036242B CN102036242B (en) | 2014-11-05 |
Family
ID=43825536
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910176393.0A Expired - Fee Related CN102036242B (en) | 2009-09-29 | 2009-09-29 | Access authentication method and system in mobile communication network |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102036242B (en) |
| WO (1) | WO2011038620A1 (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102625311A (en) * | 2012-03-14 | 2012-08-01 | 中国移动通信集团江苏有限公司 | Authentication method, authentication system and smart card |
| CN103795542A (en) * | 2014-01-24 | 2014-05-14 | 中国工商银行股份有限公司 | Digital signature authentication method and device |
| CN104753687A (en) * | 2013-12-31 | 2015-07-01 | 中国移动通信集团公司 | Charging method and device based on uniform charging platform |
| CN104954129A (en) * | 2014-03-31 | 2015-09-30 | 西安西电捷通无线网络通信股份有限公司 | Entity identification method and device |
| CN105391681A (en) * | 2014-08-28 | 2016-03-09 | 瑞萨电子株式会社 | Communication system, communication device, vehicle and communication method |
| WO2017152871A1 (en) * | 2016-03-10 | 2017-09-14 | Huawei Technologies Co., Ltd. | Authentication mechanism for 5g technologies |
| CN107786966A (en) * | 2012-06-29 | 2018-03-09 | 日本电气株式会社 | Renewal for the security of the feature based on group in M2M |
| CN108174385A (en) * | 2018-02-12 | 2018-06-15 | 海信集团有限公司 | The detection method and device of a kind of communication link |
| CN105577699B (en) * | 2016-03-03 | 2018-08-24 | 山东航天电子技术研究所 | A kind of secure access authentication method of two-way dynamic non-stop layer authentication |
| CN108476205A (en) * | 2015-12-21 | 2018-08-31 | 皇家飞利浦有限公司 | Network system for securely communicating |
| WO2019010701A1 (en) * | 2017-07-14 | 2019-01-17 | Zte Corporation | Methods and computing device for transmitting encoded information during authentication |
| CN109335906A (en) * | 2018-08-01 | 2019-02-15 | 苏州汇川技术有限公司 | Method of calibration, elevator control aggregate and elevator peripheral equipment |
| CN109644127A (en) * | 2016-07-26 | 2019-04-16 | 华为国际有限公司 | System and method for obtaining the common session key between equipment |
| CN110349468A (en) * | 2019-07-15 | 2019-10-18 | 贵州电网有限责任公司 | A kind of insulation of electrical installation test dummy emulation system based on multi-person synergy |
| CN110493272A (en) * | 2019-09-25 | 2019-11-22 | 北京风信科技有限公司 | Use the communication means and communication system of multiple key |
| US10873464B2 (en) | 2016-03-10 | 2020-12-22 | Futurewei Technologies, Inc. | Authentication mechanism for 5G technologies |
| WO2021134381A1 (en) * | 2019-12-31 | 2021-07-08 | 华为技术有限公司 | Method, apparatus and system for local communication |
| CN113206790A (en) * | 2021-04-30 | 2021-08-03 | 网络通信与安全紫金山实验室 | SRv6 transmission path authentication method, system and storage medium based on time period |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107493570B (en) * | 2017-07-18 | 2019-10-11 | 东北大学 | A kind of the PMIPV6 anonymous access authentication system and method for identity-based group label |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007038896A2 (en) * | 2005-10-05 | 2007-04-12 | Privasphere Ag | Method and devices for user authentication |
| CN101022418A (en) * | 2007-03-14 | 2007-08-22 | 华为技术有限公司 | HMIP identifying method, equipment and system |
| CN101299667A (en) * | 2008-06-05 | 2008-11-05 | 华为技术有限公司 | Authentication method, system, client equipment and server |
-
2009
- 2009-09-29 CN CN200910176393.0A patent/CN102036242B/en not_active Expired - Fee Related
-
2010
- 2010-08-20 WO PCT/CN2010/076174 patent/WO2011038620A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007038896A2 (en) * | 2005-10-05 | 2007-04-12 | Privasphere Ag | Method and devices for user authentication |
| CN101022418A (en) * | 2007-03-14 | 2007-08-22 | 华为技术有限公司 | HMIP identifying method, equipment and system |
| CN101299667A (en) * | 2008-06-05 | 2008-11-05 | 华为技术有限公司 | Authentication method, system, client equipment and server |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102625311A (en) * | 2012-03-14 | 2012-08-01 | 中国移动通信集团江苏有限公司 | Authentication method, authentication system and smart card |
| CN102625311B (en) * | 2012-03-14 | 2016-01-27 | 中国移动通信集团江苏有限公司 | A kind of method for authenticating, right discriminating system and smart card |
| US11070955B2 (en) | 2012-06-29 | 2021-07-20 | Nec Corporation | Update of security for group based feature in M2M |
| US11659359B2 (en) | 2012-06-29 | 2023-05-23 | Nec Corporation | Update of security for group based feature in M2M |
| CN107786966A (en) * | 2012-06-29 | 2018-03-09 | 日本电气株式会社 | Renewal for the security of the feature based on group in M2M |
| CN104753687A (en) * | 2013-12-31 | 2015-07-01 | 中国移动通信集团公司 | Charging method and device based on uniform charging platform |
| CN104753687B (en) * | 2013-12-31 | 2019-01-01 | 中国移动通信集团公司 | A kind of charging method and device based on unified charging platform |
| CN103795542A (en) * | 2014-01-24 | 2014-05-14 | 中国工商银行股份有限公司 | Digital signature authentication method and device |
| CN104954129A (en) * | 2014-03-31 | 2015-09-30 | 西安西电捷通无线网络通信股份有限公司 | Entity identification method and device |
| CN104954129B (en) * | 2014-03-31 | 2019-09-27 | 西安西电捷通无线网络通信股份有限公司 | Method for authenticating entities and device |
| CN105391681A (en) * | 2014-08-28 | 2016-03-09 | 瑞萨电子株式会社 | Communication system, communication device, vehicle and communication method |
| CN105391681B (en) * | 2014-08-28 | 2020-05-26 | 瑞萨电子株式会社 | Communication system, communication device, vehicle, and communication method |
| CN108476205A (en) * | 2015-12-21 | 2018-08-31 | 皇家飞利浦有限公司 | Network system for securely communicating |
| CN105577699B (en) * | 2016-03-03 | 2018-08-24 | 山东航天电子技术研究所 | A kind of secure access authentication method of two-way dynamic non-stop layer authentication |
| US10873464B2 (en) | 2016-03-10 | 2020-12-22 | Futurewei Technologies, Inc. | Authentication mechanism for 5G technologies |
| WO2017152871A1 (en) * | 2016-03-10 | 2017-09-14 | Huawei Technologies Co., Ltd. | Authentication mechanism for 5g technologies |
| US10382206B2 (en) | 2016-03-10 | 2019-08-13 | Futurewei Technologies, Inc. | Authentication mechanism for 5G technologies |
| US11700131B2 (en) | 2016-03-10 | 2023-07-11 | Futurewei Technologies, Inc. | Authentication mechanism for 5G technologies |
| CN109644127A (en) * | 2016-07-26 | 2019-04-16 | 华为国际有限公司 | System and method for obtaining the common session key between equipment |
| WO2019010701A1 (en) * | 2017-07-14 | 2019-01-17 | Zte Corporation | Methods and computing device for transmitting encoded information during authentication |
| CN108174385A (en) * | 2018-02-12 | 2018-06-15 | 海信集团有限公司 | The detection method and device of a kind of communication link |
| CN109335906A (en) * | 2018-08-01 | 2019-02-15 | 苏州汇川技术有限公司 | Method of calibration, elevator control aggregate and elevator peripheral equipment |
| CN109335906B (en) * | 2018-08-01 | 2020-09-11 | 苏州汇川技术有限公司 | Verification method, elevator control device and elevator peripheral device |
| CN110349468A (en) * | 2019-07-15 | 2019-10-18 | 贵州电网有限责任公司 | A kind of insulation of electrical installation test dummy emulation system based on multi-person synergy |
| CN110493272A (en) * | 2019-09-25 | 2019-11-22 | 北京风信科技有限公司 | Use the communication means and communication system of multiple key |
| WO2021134381A1 (en) * | 2019-12-31 | 2021-07-08 | 华为技术有限公司 | Method, apparatus and system for local communication |
| CN113206790B (en) * | 2021-04-30 | 2022-10-18 | 网络通信与安全紫金山实验室 | SRv6 transmission path authentication method, system and storage medium based on time period |
| CN113206790A (en) * | 2021-04-30 | 2021-08-03 | 网络通信与安全紫金山实验室 | SRv6 transmission path authentication method, system and storage medium based on time period |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102036242B (en) | 2014-11-05 |
| WO2011038620A1 (en) | 2011-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102036242B (en) | Access authentication method and system in mobile communication network | |
| Cremers et al. | Component-based formal analysis of 5G-AKA: Channel assumptions and session confusion | |
| JP5432999B2 (en) | Encryption key distribution system | |
| CN101409619B (en) | Flash memory card and method for implementing virtual special network key exchange | |
| JPH07170257A (en) | Method and equipment for checking user in communication network | |
| CN111865603A (en) | Authentication method, authentication device and authentication system | |
| CN101512537A (en) | Method and system for secure processing of authentication key material in an Ad Hoc Wireless Network | |
| CN101808142B (en) | Method and device for realizing trusted network connection through router or switch | |
| CN101588244A (en) | Method and system for authenticating network device | |
| CN108809903B (en) | Authentication method, device and system | |
| Sani et al. | Xyreum: A high-performance and scalable blockchain for iiot security and privacy | |
| CN107820239A (en) | Information processing method and device | |
| WO2023151479A1 (en) | Data processing method, and device | |
| CN101192927B (en) | Authorization based on identity confidentiality and multiple authentication method | |
| CN111224784A (en) | Role separation distributed authentication and authorization method based on hardware trusted root | |
| Zheng et al. | Trusted computing-based security architecture for 4G mobile networks | |
| CN100450305C (en) | Safety service communication method based on general authentification frame | |
| Mäurer et al. | A secure cell-attachment procedure of LDACS | |
| WO2022135391A1 (en) | Identity authentication method and apparatus, and storage medium, program and program product | |
| Alhakami et al. | A secure MAC protocol for cognitive radio networks (SMCRN) | |
| CN106209384B (en) | Use the client terminal of security mechanism and the communication authentication method of charging unit | |
| CN112367664A (en) | Method and device for safely accessing external equipment to intelligent electric meter | |
| Khan et al. | Another look at privacy threats in 3G mobile telephony | |
| CN101174945B (en) | Method for validating PUSH message and identity of its transmission part | |
| CN116155483A (en) | Block chain signing machine safety design method and signing machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141105 Termination date: 20170929 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |