CN103428692A - Wireless access network authentication method and wireless access network authentication system capable of holding accountability and protecting privacy - Google Patents

Wireless access network authentication method and wireless access network authentication system capable of holding accountability and protecting privacy Download PDF

Info

Publication number
CN103428692A
CN103428692A CN2013103431476A CN201310343147A CN103428692A CN 103428692 A CN103428692 A CN 103428692A CN 2013103431476 A CN2013103431476 A CN 2013103431476A CN 201310343147 A CN201310343147 A CN 201310343147A CN 103428692 A CN103428692 A CN 103428692A
Authority
CN
China
Prior art keywords
user
group
access point
key
virtual network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013103431476A
Other languages
Chinese (zh)
Other versions
CN103428692B (en
Inventor
何道敬
唐韶华
贺品嘉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN201310343147.6A priority Critical patent/CN103428692B/en
Publication of CN103428692A publication Critical patent/CN103428692A/en
Application granted granted Critical
Publication of CN103428692B publication Critical patent/CN103428692B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a wireless access network authentication method capable of holding accountability and protecting privacy. The wireless access network authentication method includes: step 1, user group managing staff register in network operators; step 2, users contact with the user group managing staff to authenticate to be able to join in the user group; step 3, the network operators withdraw users when the users are found to be attacked; step 4, the users can access to wireless network successfully; step 5, when two or more than two signatures are needed to be authenticated at access points, the access points perform signature verification in a large quantity on the signature; step 6, authority of law confirms users responsible for specific communicational conversation. The invention further discloses a wireless access network authentication system capable of holding accountability and protecting privacy. The wireless access network authentication system comprises the network operators, the access points, the user group managing staff, the users and authority of law. With the wireless access network authentication method and the wireless access network authentication system capable of holding accountability and protecting privacy, the credibility of each real item is limited, and the problems of agent management and single point of failure are solved.

Description

But Radio Access Network authentication method and the Verification System thereof of accountability and secret protection
Technical field
The present invention relates to a kind of wireless communication technology, but particularly Radio Access Network authentication method and the Verification System thereof of a kind of accountability and secret protection.
Background technology
The universal quality of life and the efficiency of work greatly improved of Radio Access Network, allow almost access network whenever and wherever possible of user.And, along with the demand to Radio Access Network is increasing, Radio Access Network starts to have played the part of irreplaceable role in life.But alarming, the Radio Access Network risk is ubiquitous, these risks comprise lacks experience or without the easy implementation of the user's of alertness sensitive information leakage, wireless signal interception be tending towards fast ripe watch-dog etc.So if need this Radio Access Network of any wide-area deployment, but fail safe, privacy accountability and high efficiency are to need the topmost problem of considering.Yet in the prior art, but the Radio Access Network Verification System of actual available accountability and secret protection is few.In addition, existing great majority guarantee that the Verification System of privacy all needs a third party trusty.Yet, when third party trusty exists, system can face the problem of managing on behalf of another and single point failure problem.The opponent can destroy by destroying third party trusty the configuration of whole system.Therefore, do not relating under third-party prerequisite trusty, but guaranteeing that accountability, fail safe, privacy and the high efficiency of Radio Access Network Verification System just seem very necessary simultaneously.In addition, accountability and privacy are two targets that seem contradiction, so prior art can't be applied directly in the Radio Access Network Verification System, thereby but do not lose the privacy of system when to system, providing accountability.And the present invention is based on the responsibility separation principle, solved well this problem.In the present invention, Virtual network operator has group private key (group private key, lower same), but do not know member's key (member secret keys, lower with) and the mapping of subscriber identity information right, and customer group manager (group manager, lower same) know that the mapping of member's key and subscriber identity information is to (the mapping between the member secret keys and the essential attributes of the users, lower same), but there is no group private key, this has guaranteed the privacy of system.And, under the needs of authority of law, Virtual network operator and customer group manager can provide information jointly, to find out responsible user, but this has guaranteed accountability.The present invention is not relating under a third-party prerequisite trusty, but has guaranteed fail safe, privacy accountability and the high efficiency of system simultaneously, and this is that prior art can't realize.
Existing wireless access Verification System relates to the tripartite: a wireless roaming user U, access points AP and Virtual network operator NO.The AP of some is deployed in the different location of coverage, to cover whole zone, and provides services on the Internet to the network user.The user can access this network anywhere with their mobile device.Existing Radio Access Network authentication method and Verification System thereof mainly contain two shortcomings.At first, existing method and system thereof often need a third party trusty, as member management person, trust authority (Trust Authority, lower same), home server, off line Secure Manager and aaa server.This third party trusty manages all keying materials.If, but these keying materials leak out, user's privacy can face the danger be disclosed.Unfortunately, when third party trusty is arranged, safety system can face the problem of managing on behalf of another and single point failure problem.The opponent can destroy by destroying third party trusty the configuration of whole system.The second, but existing Radio Access Network can't guarantee privacy when accountability is provided.If want, allow authority of law can find the user responsible to ad-hoc communication session, user profile can more or less be revealed; If but want to guarantee user's privacy, authority of law is difficult to according to limited information, the user be followed the trail of.The more important thing is, but do not lose privacy when accountability is provided, this is two targets that seem contradiction.There is no now directly to dispose and can reach relevant (privacy aware) cryptographic primitives of available privacy of above target.
Summary of the invention
Primary and foremost purpose of the present invention is that the shortcoming that overcomes prior art is with not enough, but the Radio Access Network authentication method of a kind of accountability and secret protection is provided, and the method has been avoided the problem of the problem of managing on behalf of another and single point failure effectively.
Another object of the present invention is to overcome the shortcoming and deficiency of prior art, but a kind of Verification System that realizes the Radio Access Network authentication method of accountability and secret protection is provided, this system does not relate to third party trusty, safe, and privacy is high.
Primary and foremost purpose of the present invention is achieved through the following technical solutions: but the Radio Access Network authentication method of a kind of accountability and secret protection comprises the following steps:
Step 1, customer group manager register at the Virtual network operator place, Virtual network operator generated group private key and partial group PKI (partial group public key, lower same), and the partial group PKI is issued to the customer group manager; After customer group manager's generated group PKI (group public key, lower same), return to Virtual network operator; Group's public key broadcasts that the Virtual network operator handle is received from the customer group manager is to each access point;
Step 2, user and customer group manager contact to be authenticated, and after this customer group manager will send member's key and the group's PKI for access network to it; Now the user successfully adds customer group, becomes user in the group;
If step 3 finds that the user is broken, the customer group manager will be broken the user to these and be considered as the user that need cancel, and the list of cancelling the user is sent to Virtual network operator; Virtual network operator is broadcast to each access point on this list after digital signature, to cancel, be broken the user; Now, the user is cancelled;
If step 4, user want access network, at first need to guarantee to lay oneself open in the communication range of an access point; After with this access point, carrying out authentication mutually and cipher key change, can set up a shared symmetric key between access point and user, for communication session backward; Now, user's success access of radio network;
Step 5, when the access point place has two or more signatures to need authentication, access point carries out the batch signature verification to these signatures.Our batch signature verification technique, when greatly having reduced a large amount of time consumed of signing of checking, has also reduced the disconnecting rate that signature verification this potential bottleneck problem in access point place causes.
If step 6 authority of law wants to follow the trail of the user responsible to ad-hoc communication session, only need obtain group's private key from Virtual network operator, and it is right to obtain the mapping of member's key and subscriber identity information from the customer group manager; Utilize group's private key and above-mentioned mapping to determining the user.
Described step 4 comprises the following steps:
A, access point are periodically broadcasted the beacon message of this access point digital signature, thereby announce that its service exists;
B, after the user receives beacon message, can be according to beacon message, the validity of proving time stamp, the certificate expired time of access point with and the reliability of PKI.If these checkings have any one not pass through, the user will can not link this access point; If these checkings are all passed through, the user generates solicited message, and utilizes the member's key of oneself to carry out group's signature to it, and clean culture replies to access point;
C, after access point is received the above-mentioned information that the user sends, by the freshness of first inspection message (message freshness, lower with).Subsequently, check whether this user exists in its list of cancelling the user.If exist, refusal link; If do not exist, calculate the symmetric key shared with it and send response message to the user;
D, user, after receiving the information that above-mentioned access point sends, can verify the validity of this information.If information is invalid, refusal link; If effectively, this links successfully and sets up.
Described step 6 comprises the following steps:
(1) authority of law requires to follow the trail of the user responsible to ad-hoc communication session;
(2) Virtual network operator link Network Based and session identification find corresponding session authentication information from the network log file;
(3) Virtual network operator carries out linear encryption to first three element of the digital signature in above-mentioned session authentication information, and obtains member's key of this user with group's private key.After this, the net operation business reports to authority of law to member's key of this user who obtains;
(4) authority of law sends member's key of this user who obtains from Virtual network operator to the customer group manager;
(5) the customer group manager is according to member's key of this user who obtains from authority of law, and member's key of storing at oneself and the mapping centering of subscriber identity information are searched, and a subscriber identity information of finding is replied to authority of law.
Method for network authorization of the present invention has following six stages: system made, add new user, cancel the user, authentication and cipher key change, batch signature verification, user tracking mutually.In the system made stage, Virtual network operator and each customer group manager be the generating unit PKI that hives off separately.Group's PKI is assigned to each access point.System enters and adds the new user stage when having new user to enter group, and enters and cancel user's stage when one or more users are cancelled.In mutually authentication and cipher key exchange phase, as a user wants to be linked to an access point, he/her need and access point between mutually authenticate and cipher key change, then set up a shared symmetric key.In the batch signature verification stage, but the many requests that receive of access point simultaneous verification, rather than process individually each request.In the user tracking stage, Virtual network operator and customer group manager help authority of law to follow the trail of one particular network are linked to responsible user.
Another object of the present invention is achieved through the following technical solutions: but a kind of Verification System that realizes the Radio Access Network authentication method of accountability and secret protection, it is characterized in that, comprising: user and authority of law in Virtual network operator, access point, customer group manager, group; Described Virtual network operator is to hive off PKI receive group's PKI from the customer group manager of customer group manager sending part, and Virtual network operator is also to access point broadcast group PKI; In access point and group, the user authenticates and cipher key change mutually, and in the group, the user also obtains the member's key and group's PKI for access network from the customer group manager; Authority of law obtains group's private key from Virtual network operator, and it is right to obtain the mapping of member's key and subscriber identity information from the customer group manager.
Key management model in Verification System of the present invention relates to four typical network entities altogether: user in Virtual network operator, access point, customer group manager and group.In the present invention, the user is not directly registered to Virtual network operator, but represents that by the customer group manager all its users inside the group are to the Virtual network operator subscription service.Group's PKI of Virtual network operator generated group private key and part, but group's private key is maintained secrecy.When receiving a gerentocratic registration request of group, the network operation chamber of commerce is distributed to this customer group manager to the partial group PKI.Then, group's manager's generated group PKI it is returned to Virtual network operator.Finally, Virtual network operator sends to each access point to group's PKI.If want access network, each user need to ask its member's key and group's PKI to its crowd of managers.
This key managing project has several outstanding features, and at first, for the purpose of controlling access, the user who has effective member's key that each is legal can generate an effectively access certificate, for example group's signature of new access request.The available group of each access point PKI is verified this access certificate.Therefore, access security is guaranteed.The second, the mapping of the present invention's handle group's private key and member's key and subscriber identity information is to being kept at respectively in two autonomous entity items: group's user administrator and Virtual network operator.Wherein Virtual network operator has group private key, but do not know to shine upon right.And the group manager knows that mapping is right, but do not know group private key.Suppose that the group manager can not gang up with Virtual network operator here.This hypothesis is reasonably, because customer group manager and Virtual network operator be substantially from different groups, and the conflict of interest is even arranged between them.This has caused customer group manager and network operation commercial city to can not determine that specific user's identity information can not utilize user's access authentication to invade user's privacy.Therefore, user's privacy has obtained reinforcement.
Finally, under Virtual network operator and the gerentocratic common help of customer group, there is and only have authority of law to track the corresponding network user according to communication linkage arbitrarily.Therefore, when service dispute or swindle occur, authority of law can be determined accurately needs responsible user, and pursues its responsibility.So user's accountability also can realize.Simultaneously, whole cipher key management procedures can complete when system made, so this can not bring thereafter any calculating and the expense of communicating by letter.
Developed new short group's signature (Short group signature, lower same) scheme by revising key schedule.Novel group signature be integrated in the design of of the present invention authentication and IKMP thereafter.In addition, in order to realize high efficiency, based on novel group's signature, novel batch signature verification method has been proposed.In order to cancel a user who is broken, adopted Verifier-Local Revocation(local verification to revoke) method.This method is based on novel group signature scheme design.In addition, for the renewal of back-up system and large-scale user cancel, some additional mechanism also have been incorporated in the present invention.
But the efficient wireless access network system of accountability of the present invention and secret protection, comprise: in the system made stage, customer group manager registers at the Virtual network operator place, Virtual network operator generated group private key and partial group PKI, and the partial group PKI is issued to the customer group manager; After customer group manager's generated group PKI, return to Virtual network operator, subsequently Virtual network operator by group's public key broadcasts to each access point.Adding the new user stage, user and customer group manager contact to be authenticated, and after this user will obtain the member's key and group PKI that is used for access network.If find, the user is broken, customer group manager will be broken the user to these and be considered as the user that need cancel, and the list of cancelling the user is sent to Virtual network operator, Virtual network operator is broadcast to each access point on this list after digital signature, to cancel, be broken the user.If the user wants access network, at first need to guarantee to lay oneself open in the communication range of an access point; After with this access point, carrying out authentication mutually and cipher key change, can set up a shared symmetric key between access point and user, for communication session backward.If authority of law wants to follow the trail of the user responsible to ad-hoc communication session, only need obtain group's private key from Virtual network operator, and it is right to obtain the mapping of member's key and subscriber identity information from the customer group manager; Utilize group's private key and above-mentioned mapping to determining the user.
But the present invention is the first system of simultaneously supporting Radio Access Network accountability, fail safe, privacy and high efficiency.In the past system do not accomplish a bit, but guarantee the privacy of system when accountability is provided.But in the present invention, Virtual network operator has group private key, but do not know that the mapping of member's key and subscriber identity information is right; And the customer group manager knows that the mapping of member's key and subscriber identity information is right, but there is no group private key; This has guaranteed privacy.And, under the requirement of authority of law, Virtual network operator and customer group manager can provide information jointly, to find out responsible user, but this provides accountability.The renewal of back-up system of the present invention and large-scale user cancel, and this has guaranteed the high efficiency of system.In addition, another characteristics of the present invention are not rely on any third party trusty.In the present invention, the degree of belief of each entity item is limited, and this makes system avoided the problem of managing on behalf of another and single point failure problem.
Operation principle of the present invention: but the present invention proposes the Radio Access Network Verification System of a kind of accountability and secret protection.In this system, have six stages, be respectively system made, add new user, cancel the user, mutually authentication and cipher key change and, batch signature verification, user tracking.At first, system needs initialization, and this is the stage of system made.In this stage, system completes the task of group public key distribution.After system is successfully set up, each access point divides a group's PKI.After this, if will add new user, enter and add new user's stage; If cancel the user, enter and cancel user's stage.When the user wants to be linked to access point, need mutually authenticate and cipher key change with this access point, at this moment enter mutual authentication and cipher key exchange phase.And, when authority of law need to be followed the trail of a specific user, system enters the user tracking stage.The present invention is not relating under a third-party prerequisite trusty, but has guaranteed fail safe, privacy accountability and the high efficiency of system simultaneously.At first, for the purpose of controlling access, the user who has effective member's key that each is legal can generate an effectively access certificate, for example group's signature of new access request.The available group of each access point PKI is verified this access certificate.Therefore, access security is guaranteed.The second, the present invention the mapping between member's key and subscriber identity information to and group private key be kept at respectively in two autonomous entity items: customer group manager and Virtual network operator.Wherein Virtual network operator has group private key, but does not know that the mapping between member's key and subscriber identity information is right.And the customer group manager knows that mapping is right, but do not know group private key.Suppose that the group manager can not gang up with Virtual network operator here.This hypothesis is reasonably, because customer group manager and Virtual network operator be substantially from different groups, and the conflict of interest is even arranged between them.This has caused customer group manager and network operation commercial city to can not determine that specific user's identity information can not utilize user's access authentication to invade user's privacy.Therefore, the privacy of system is guaranteed.The 3rd, under Virtual network operator and the gerentocratic common help of customer group, there is and only have authority of law to track the corresponding network user according to communication linkage arbitrarily.Therefore, when service dispute or swindle occur, authority of law can be determined accurately needs responsible user, and pursues its responsibility.So user's accountability also can realize.Simultaneously, whole cipher key management procedures can complete when system made, so this can not bring any calculating and the expense of communicating by letter at the During Process of Long-term Operation of system thereafter.Finally, developed different short group signature schemes by revising key schedule.Novel group signature be integrated in the design of of the present invention authentication and IKMP thereafter.In addition, based on novel group's signature, novel batch signature verification method has been proposed.In order to cancel a user who is broken, adopted Verifier-Local Revocation(local verification to revoke) method.This method is based on novel group signature scheme design.In addition, for the renewal of back-up system and large-scale user cancel, some additional mechanism also have been incorporated in the present invention.Therefore, the high efficiency of system is guaranteed.
The present invention has following advantage and effect with respect to prior art:
1, the present invention does not rely on any third party trusty, and the degree of belief of each entity item is limited, and this has been avoided the problem of managing on behalf of another and single point failure problem.
2, the present invention is specially adapted to Radio Access Network, the integration of its new group's signature algorithm based on responsibility separation principle and attainable batch signature verification.
3, the present invention, by realizing mutual authentication and Key Establishing clear and definite between user and access point, has guaranteed the fail safe of system.
4, the present invention, by realizing the anonymous authentication on one direction between user and access point, has guaranteed user's anonymity and Unlinkability.
5, the present invention does not lose privacy when but accountability is provided.Because Virtual network operator has group private key, but do not know to shine upon right, and the customer group manager knows that mapping is right, but there is no group private key, and this has guaranteed privacy.And, under the needs of authority of law, Virtual network operator and customer group manager can provide information jointly, to find out responsible user, but this has guaranteed accountability.
6, the present invention is by adopting Verifier-Local Revocation(local verification to revoke) method and some additional mechanisms, the renewal of back-up system and large-scale user cancel, and have guaranteed the high efficiency of system.
7, the present invention allows new user's dynamic appending and the Dynamic Revocation that is broken the user.But the present invention is the first system of simultaneously supporting Radio Access Network accountability, fail safe, privacy and high efficiency.
The accompanying drawing explanation
Fig. 1 is flow chart of the present invention
Fig. 2 is trust of the present invention and key management model schematic diagram.
Embodiment
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited to this.
Embodiment
Existing wireless access Verification System relates to the tripartite: a wireless roaming user U, access points AP and Virtual network operator NO.The AP of some is deployed in the different location of coverage, to cover whole zone, and provides services on the Internet to the network user.The user can access this network anywhere with their mobile device.
Fig. 2 is Radio Access Network Verification System of the present invention, and the key management model in Verification System of the present invention relates to four typical network entities altogether: user in Virtual network operator, access point, customer group manager and group.In the present invention, the user is not directly registered to Virtual network operator, but represents that by the customer group manager all its users inside the group are to the Virtual network operator subscription service.Group's PKI of Virtual network operator generated group private key and part, but group's private key is maintained secrecy.When receiving a gerentocratic registration request of group, the network operation chamber of commerce is distributed to this customer group manager to the partial group PKI.Then, group's manager's generated group PKI it is returned to Virtual network operator.Finally, Virtual network operator sends to each access point to group's PKI.If want access network, each user need to ask its member's key and group's PKI to its crowd of managers.
This key managing project has several outstanding features.At first, for the purpose of controlling access, the user who has effective member's key that each is legal can generate an effectively access certificate, for example group's signature of new access request.The available group of each access point PKI is verified this access certificate.Therefore, access security is guaranteed.The second, the mapping of the present invention's handle group's private key and member's key and subscriber identity information is to being kept at respectively in two autonomous entity items: group manager and Virtual network operator.Wherein Virtual network operator has group private key, but do not know to shine upon right.And the group manager knows that mapping is right, but do not know group private key.Suppose that group reason person can not gang up with Virtual network operator here.This hypothesis is reasonably, because customer group manager and Virtual network operator be substantially from different groups, and the conflict of interest is even arranged between them.This has caused customer group manager and network operation commercial city to can not determine that specific user's identity information can not utilize user's access authentication to invade user's privacy.Therefore, user's privacy has obtained reinforcement.
Finally, under Virtual network operator and the gerentocratic common help of customer group, there is and only have authority of law to track the corresponding network user according to communication linkage arbitrarily.Therefore, when service dispute or swindle occur, authority of law can be determined accurately needs responsible user, and pursues its responsibility.So user's accountability also can realize.Simultaneously, whole cipher key management procedures can complete when system made, so this can not bring thereafter any calculating and the expense of communicating by letter.
The present invention has developed new short group's signature (short group signature) scheme by revising key schedule.Novel group signature be integrated in the design of of the present invention authentication and IKMP thereafter.In addition, in order to realize high efficiency, based on novel group's signature, novel batch signature verification method has been proposed.In order to cancel a user who is broken, adopted Verifier-Local Revocation(local verification to revoke) method.This method is based on novel group signature scheme design.In addition, for the renewal of back-up system and large-scale user cancel, some additional mechanism also have been incorporated in the present invention.
The present invention was comprised of following six stages: system made, add new user, cancel the user, authentication and cipher key change, batch signature verification and user tracking mutually.In the system made stage, Virtual network operator and each customer group manager be the generating unit PKI that hives off separately.Group's PKI is assigned to each access point.System enters and adds the new user stage when having new user to enter group, and enters and cancel user's stage when one or more users are cancelled.In mutually authentication and cipher key exchange phase, as a user wants to be linked to an access point, he/her need and access point between mutually authenticate, then set up a shared symmetric key.In the batch signature verification stage, but the many requests that receive of access point simultaneous verification, rather than process individually each request.In the user tracking stage, Virtual network operator and customer group manager help authority of law to follow the trail of one particular network are linked to responsible user.
As shown in Figure 1, realize that six stages of authentication method of Radio Access Network Verification System of the present invention are specific as follows:
A. system made stage
What Virtual network operator was responsible for is group's private key of all customer groups and the generating run of partial group PKI.The detailed process of network operators handle is as follows:
1. select a random generator g 2∈ G 2, and calculate g 1=ψ (g 2).
2. choose at random
Figure BDA00003631025900091
s 1, s 2∈ Z pAnd u is set, v ∈ G 1, s 1u=s 2V=η, can obtain u=s 1 (1)η, v=s 2 (1)η.S wherein 1 (1)S 1Inverse, s 2 (1)S 2Inverse.
3. by group's private key gsk=(s 1, s 2) maintain secrecy.
4. random selection
Figure BDA00003631025900101
And h is set 1, h 2∈ G 2, h 1=s 1H 0, h 2=s 2H 0.
5. once Virtual network operator receives that group identity is grp iGroup manager GM jRegistration information, Virtual network operator need be to group manager GM jAuthenticated.Trusting relationship between group manager and the Virtual network operator of this authentication based on having established.This trusting relationship may be set up when I contact.Then Virtual network operator is selected j ∈ Z at random pGroup's index storage pairing (j, grp as this customer group j).Next Virtual network operator sends information (j, g to the group manager 1, g 2, η, u, v), (g wherein 1, g 2, η, u, v) and be the partial group PKI.In the present invention, Virtual network operator is used a secure transfer protocol (as wired Transport Layer Security) and group manager GM jCommunicate.Imagination strong Diffie-Hellman (SDH) is at (G 1, G 2) on keep, and linear Diffie-Hellman is at G 1On keep.
In order to improve the efficiency of proposed system, Virtual network operator is distributed to the system parameters h of each group 0With partial group PKI (g 1, g 2, be η) the same.In order to realize non-repudiation, in above-mentioned the 5th step, Virtual network operator under the standard digital signature scheme to information (j, g 1, g 2, η, u, v) and signature.Relevant digital signature scheme has RSA and ECDSA.It should be noted that crowd manager is after the registration of Virtual network operator place, Virtual network operator can send to the group manager its PKI.Therefore, do not need PKI system (PKI).Suppose that the present invention has used ECDSA-160.The public/private key of the digital signature of this Virtual network operator is to being defined as (OPK, OSK).
Each crowd of manager GM jReceiving (j, g 1, g 2, η, u, v) after, incite somebody to action generated group PKI in accordance with the following steps:
1. select at random a digital gamma ∈ Z p, and w is set j=γ g 2.
2. return information (j, gpk j) give Virtual network operator, its group of PKIs are gpk j=(g 1, g 2, η, u, v, w j).Similarly, in order to realize non-repudiation, group the manager according to ECDSA-160 to information (j, gpk j) carry out digital signature.
Once Virtual network operator receives (j, gpk j) after, will in his/her local record, store j and w jBetween pairing.Finally, Virtual network operator is by { g 1, g 2, η, u, v, h 0, h 1, h 2And mapping (j, w j) send to each access point.In addition, Virtual network operator (is designated as AP to each access point k) give a public/private key pair, be expressed as (PPK k, PSK k).Each access point has also obtained the subsidiary public key certificate by the Virtual network operator digital signature, for the authenticity of verification key.The certificate of a simple form consists of the following components: Cert k={ AP k, PPK k, ExpT, SIG OSK{ h (AP k|| PPK k|| ExpT) } }.Wherein h (.) means the hash function operation, and as SHA-1, ExpT is the certificate expired time, SIG OSK{ h (AP k|| PPK k|| ExpT) } be that commercial its private key OSK of network operation is at h (AP k|| PPK k|| ExpT) upper digital signature generates.
B. add new user's stage
Before access network, a network user must I be authenticated to group manager contact.To each identity, be grp jCustomer group, an identity is UID iUser i be endowed as follows random member's key and group PKI:
1. group manager GM jThe random x that selects i∈ Z p, and calculate with γ
Figure BDA00003631025900111
GM jIn his/her record, storage is to (A i, UID i).
2. group manager GM jBy a secure transfer protocol (as wired Transport Layer Security) to user i transmission information (j, gpk j, msk[i]).Now member's key of user i is msk[i]=(A i, x i).
It should be noted that in the environment of above two steps:
● group manager GM jMapping (the A that only retains member's key and subscriber identity information i, UID i), and do not retain crowd private key gsk.
● Virtual network operator is only known crowd private key gsk and is not known mapping (A i, UID i).
3. only have Virtual network operator to know mapping (j, grp j).Certainly, each user and each crowd of managers can only calculate his/her group's index and the mapping of group's identity.
C. cancel user's stage
Customer group manager GM jOnce find some users 1 ..., r} is broken, will be broken the user to these and be considered as the user that need cancel, and cancelling user's list URL J={ A 1... A rSend to Virtual network operator.Then, Virtual network operator is at URL JUpper digital signature also is broadcasted to each access point.
D. mutually authenticate and cipher key exchange phase
A network user i, if want access network, need to be at an access point AP kDirect communications range in, and mutually authenticate and cipher key change according to following steps:
1. access point AP kSelect a random number r P∈ Z pAnd generation r PG 1.Next AP kAccording to ECDSA-160 to r PG 1And timestamp ts 1Carry out digital signature.Then, AP kBroadcast following message as the beacon message of periodically announcing that its service exists:
r P·g 1,ts 1,SIG PSK{r P·g 1||ts 1},Cert k (M1)
2., once user i receives (M1), will carry out following operation:
A. the review time is stabbed ts 1Validity to prevent Replay Attack.Check Cert with OPK kCome reliability and the AP of verification public key kThe certificate expired time.Then pass through PPK kChecking SIG PSK{ r PG 1|| ts 1.And if only if, and they are all effectively, just can carry out next step.
B. select a random number r U∈ Z pWith an interim identity another name alias, then calculate r UG 1.
C. generated group signature sigma on information M.M={alias now, j, r PG 1, r UG 1, ts 2.Give grouping PKI gpk j=(g 1, g 2, η, u, v, w j), member's key msk[i]=(A i, x i), and information M, group's signature sigma can be calculated according to following steps:
select at random α, β ∈ Z p.
calculate A iEncryption and (T 1, T 2, T 3), wherein:
T 1=αu,T 2=βv,T 3=A i+(α+β)η (1)
δ=α x is set i, μ=β x i.
choose at random blind value r α, r β, r x, r δ, r μ∈ Z p.Arrange
R 1 = r a u , R 2 = r β v , R 3 = e ^ ( T 3 , g 2 ) r x e ^ ( η , ( - r a - r β ) w j + ( - r δ - r μ ) g 2 ) , R 4 = r x T 1 - r δ u , R 5 = r x T 2 - r μ v
calculates c by above value and M:
c=H(M,T 1,T 2,T 3,R 1,R 2,R 3,R 4,R 5)
wherein h (.) is that an Output rusults scope is Z pHash function.
arrange: s α=r α+ c α, s β=r β+ c β, s x=r x+ cx i, s δ=r δ+ c δ, s μ=r μ+ c μ.
last, the value obtained more than merging forms group's signature:
σ=(T 1,T 2,T 3,c,s α,s β,s x,s δ,s μ)
D. with AP kGenerate shared key: SK k=r U(r PG 1).
E. clean culture replies to AP k
alias,j,r P·g 1,r U·g 1,ts 2,σ (M2)
It should be noted that user i also can select to use AP kPKI PPK kGive information { alias, j, r PG 1, r UG 1, ts 2Encryption, then generated group signature sigma on encrypted information.Subsequently, user i is to AP kClean culture encrypted information and group's signature sigma, rather than information (M2).Clearly, in this case, only have Virtual network operator and AP kCan be by using AP kPrivate key PSK kObtain:
{alias,j,r P·g 1,r U·g 1,ts 2}
3. after receiving information (M2), AP kCarry out following steps and carry out authenticated user i:
A. check r PG 1And ts 2Validity to guarantee the freshness of (M2).
B. select group's PKI gpk according to index j j, then carry out group signature verification operations.At first recalculate challenger c, then according to following steps reconstruct
Figure BDA00003631025900141
arrange
R ~ 1 = - c T 1 + s α u , R ~ 2 = - c T 2 + s β v , R ~ 3 = e ^ ( s x T 3 , g 2 ) e ^ ( c T 3 , w j ) e ^ ( η , w j ) - s α - s β · e ^ ( η , g 2 ) - s δ - s μ e ^ ( g 1 , g 2 ) - c
arrange R ~ 4 = s x T 1 - s δ u , R ~ 5 = s x T 2 - s μ v .
if and only if that c equals
Figure BDA00003631025900144
The time accept this information.
C. select to cancel user list URL according to index j j, then carry out and cancel inspection as follows: for each, cancel mark A i∈ URL j, AP kCheck A iWhether by the (T of σ 1, T 2, T 3) coding.Check whether equation is set up:
e ^ ( T 3 - A i , h 0 ) = e ^ ( T 1 , h 1 ) e ^ ( T 2 , h 2 ) - - - ( 2 )
Because
e ^ ( T 3 - A i , h 0 ) = e ^ ( ( α + β ) η , h 0 ) = e ^ ( α · η + β · η , h 0 )
= e ^ ( α · η , h 0 ) e ^ ( β · η , h 0 ) = e ^ ( α · s 1 · u , h 0 ) e ^ ( β · s 2 · v , h 0 )
= e ^ ( α · u 1 , s 1 · h 0 ) e ^ ( β · v , s 2 · h 0 ) = e ^ ( T 1 , h 1 ) e ^ ( T 2 h 2 ) ,
If coding is not from (T 1, T 2, T 3) URL cancel mark, the signer of σ is not cancelled.
If all success of all above inspections, AP kWill be considered as access request effectively and the user changes without being authorized to, and make the user and set up a shared symmetric key SK kConclusion.Although AP kDo not know which user this is actually.It should be noted that UID iRevealed or propagated never in the process of agreement operation.
4.AP kUtilize (r UG 1, r P) information, calculate and share symmetric key SK k=r P(r UG 1) and send following information (M3) and give user i:
alias , AP k , r U · g 1 , E SK k ( AP k , r U · g 1 , r P · g 1 ) , ( M 3 )
E wherein K(X) encrypted information X with symmetric key K.
5. after having received (M3), user i deciphering is also verified SK with symmetric key k.If be (M3) effectively, user i can think AP kWith him/her, set up a shared key.Otherwise user i can refuse link.Above agreement not only makes the explicit mutual authentication between an access point and legitimate network user feasible, also makes monolateral user anonymity user rs authentication become possibility.Once agreement is successfully completed, can set up a shared symmetric key between access point and user.This key can be used for communication session backward.This session is by (alias, AP k, r UG 1) uniquely identified.
The computing cost of an access point digital signature of checking is mainly caused by 13 scalar multiplications (scalar multiplications, lower same) and 5 pairings (pairing, lower same) operation.Obviously, the expense that wherein computing cost of matching operation operates far above scalar multiplication.
E. signature verification stage in batches
Calculate R 3It is the part of consumes resources in proof procedure.Because each R 3All in the checking equation by Hash, being difficult to see this if therefore do not contemplate can be batch processing.σ=(T is set 1, T 2, T 3, R 3, c, s α, s β, s x, s δ, s μ).That is to say R 3A part as σ is transmitted.In the system made stage, NO selects a random number ε ∈ Z p, and ε (as the part of group's PKI) is transferred to each crowd of managers and each AP.Arrange
c = ϵ H ( M , T 1 , T 2 , T 3 , R 1 , R 2 , R 3 , R 4 , R 5 ) mod p
Here<M 1, σ 1,<M 2, σ 2...,<M n, σ nMean respectively to come from n different user U of same customer group 1, U 2..., U nThe access request information be labeled as.AP kCheck whether following equation is set up:
Figure BDA00003631025900151
If this equation is set up, AP kCheck whether following equation is set up:
Figure BDA00003631025900152
Therefore, for current inspection, AP kOnly need to check whether following equation is set up: &Pi; i = 1 n R 3 i = e ^ ( &Sigma; i = 1 n ( s x i T 3 i - c i g 1 - ( s &delta; i + s &mu; i ) &eta; ) , g 2 ) e ^ ( &Sigma; i = 1 n c i T 3 i - ( s &alpha; i + s &beta; i ) &eta; ) , w j ) .
Above batch of checking equation set up, and reason is:
&Pi; i = 1 n R ~ 3 i = &Pi; i = 1 n e ^ ( s x i T 3 i , g 2 ) e ^ ( c i T 3 i , w j ) &CenterDot; e ^ ( ( - s &alpha; i - s &beta; i ) &eta; , w j ) e ^ ( ( - s &delta; i - s &mu; i ) &eta; , g 2 ) e ^ ( ( - c i ) g 1 , g 2 )
= e ^ ( &Sigma; i = 1 n s x i T 3 i , g 2 ) e ^ ( &Sigma; i = 1 n c i T 3 i , w j ) &CenterDot; e ^ ( &Sigma; i = 1 n ( - s &alpha; i - s &beta; i ) &eta; , w j ) e ^ ( &Sigma; i = 1 n ( - s &delta; i - s &mu; i ) &eta; , g 2 ) e ^ ( &Sigma; i = 1 n ( - c i ) g 1 , g 2 )
= e ^ ( &Sigma; i = 1 n ( s x i T 3 i - c i g 1 - ( s &delta; i + s &mu; i ) &eta; , g 2 ) e ^ ( &Sigma; i = 1 n ( c i T 3 i - ( s &alpha; i + s &beta; i ) &eta; ) , w j ) .
All signature sigma 1, σ 2..., σ nWhen above two inspections that and if only if are all correct just effectively.In above-mentioned batch checking equation, verify that the calculating of n signature consumes mainly from 2 pairings and 13n scalar multiplication operation.Thereby this has greatly reduced the time that a large amount of signatures of checking consume, and has also reduced the disconnecting rate caused by this potential bottleneck problem of AP place signature verification simultaneously.Should be noted that proposed method inherited all security features of short group signature (SGS) technology, in addition, the method is also supported batch checking.
If a negative value is returned in batch checking, will use " dividing and rule " method of a recurrence.That is to say, simply set is divided into to two equal portions, then these two equal portions are verified separately again.When this process finishes, AP exports the index of each invalid signature.Here imagine: the invalid existing probability that contracts out is very little.
F. user tracking stage
When authority of law is wanted to follow the trail of the user responsible to ad-hoc communication session, will carry out following step:
1. Virtual network operator, based on link and session identification, finds corresponding session authentication information (M2) from the network log file.
2. Virtual network operator is first three element (T of group's signature sigma 1, T 2, T 3) be considered as a linear encryption, and with group's private key (s 1, s 2) obtain user's A i, as shown in equation (3).Then Virtual network operator is to authority of law report (A i, j).
A i=T 3-(s 1·T 1+s 2·T 2) (3)
Because:
T 3-(s 1·T 1+s 2·T 2)=A i+(α+β)η-(s 1·T 1+s 2·T 2)
=A i+α·η+β·η-s 1·α·u-s 2·β·v=A i
Authority of law is to customer group manager GM jSend A i.GM jCan check record (A i, UID i) find corresponding identity UID i, then UID iReply to authority of law.On this step, only have the authority of law can be by Virtual network operator and the gerentocratic help of customer group, in examination, confirm need be responsible to ad-hoc communication session the user.
Relevant technical term is as follows:
G 2Mean G 2Random generator;
G 1Mean circled addition group 1;
G 2Mean circled addition group 2;
G TMean and G 1And G 2The circulation multiplicative group that has same Prime Orders;
ψ means from G 2To G 1Isomorphism mapping;
Gsk means group private key;
Grp iThe identity that means group manager i;
GM jMean group manager j;
Z pMean to be less than or equal to the integer field of p;
(OPK, OSK) means the public/private key pair that the Virtual network operator digital signature is used;
(PPK k, PSK k) mean that Virtual network operator gives the public/private key pair of each access point;
UID iThe identity that means user i;
Msk[i] mean member's key of member i;
Figure BDA00003631025900171
Mean computable bilinear map G 1* G 2→ G T.
Above-described embodiment is preferably execution mode of the present invention; but embodiments of the present invention are not restricted to the described embodiments; other any do not deviate from change, the modification done under Spirit Essence of the present invention and principle, substitutes, combination, simplify; all should be equivalent substitute mode, within being included in protection scope of the present invention.

Claims (4)

1. but the Radio Access Network authentication method of an accountability and secret protection, is characterized in that, comprises the following steps:
Step 1, customer group manager register at the Virtual network operator place, Virtual network operator generated group private key and partial group PKI, and the partial group PKI is issued to the customer group manager; Issue Virtual network operator after customer group manager's generated group PKI, group's public key broadcasts that the Virtual network operator handle is received from the customer group manager is to access point;
Step 2, user and customer group manager contact to be authenticated, and customer group manager will send member's key and the group's PKI for access network to it, and now the user successfully adds customer group, becomes user in the group;
If step 3 finds that the user is broken, the customer group manager will be broken the user to these and be considered as the user that need cancel, and the list list of cancelling the user is sent to Virtual network operator, Virtual network operator is broadcast to access point by described list, to cancel the described user of being broken;
User in the communication range of step 4, access point with described access point authenticates mutually and cipher key change after, set up shared symmetric key, described symmetric key is for communication session, now the successful access of radio network of user;
Step 5, when the access point place has two or more signatures to need authentication, access point carries out the batch signature verification to these signatures;
If step 6 authority of law need to be followed the trail of the user responsible to ad-hoc communication session, only need obtain group private key from Virtual network operator, and it is right to obtain the mapping of member's key of the user responsible to ad-hoc communication session and subscriber identity information from the customer group manager, utilize the described group's private key obtained with mapping to determining the user responsible to ad-hoc communication session.
2. but the Radio Access Network authentication method of accountability according to claim 1 and secret protection, is characterized in that, described step 4 comprises the following steps:
1. access point is periodically broadcasted the beacon message with this access point digital signature, to mean that described access point is in service state;
2. after the user receives described beacon message, according to the authenticity of the PKI of certificate expired time of the validity of described beacon message proving time stamp, access point and access point; If the authenticity any one of the certificate expired time of the validity of timestamp, access point or PKI is not by checking, the user refuses to receive the corresponding access point of beacon message; If the authenticity of the PKI of the certificate expired time of the validity of timestamp, access point and access point is all by checking, the user generates solicited message, and utilizes the member's key of oneself to carry out group's signature to it, and clean culture replies to access point;
3. access point receives that step that the user sends is 2. after described solicited message, and whether the freshness of first inspection message, reexamine this user and be present in the list list of cancelling the user; If exist, refusal link; Otherwise, calculate the symmetric key shared with the user and send response message to the user;
4. the user, after receiving the information that the access point of step described in 3. send, verifies that whether this information is effective, if information is invalid, and refusal link; Otherwise, establish the link.
3. but the Radio Access Network authentication method of accountability according to claim 1 and secret protection, is characterized in that, described step 6 comprises the following steps:
A, authority of law require Virtual network operator and customer group manager to follow the trail of the user responsible to ad-hoc communication session;
B, Virtual network operator link Network Based and session identification find corresponding session authentication information from the network log file;
C, Virtual network operator carry out linear encryption to first three element of the digital signature in the described session authentication information of step B, and obtain member's key of this user with group's private key; After this, the net operation business reports to authority of law to member's key of this user who obtains;
D, authority of law send the member's key obtained from Virtual network operator to the customer group manager;
E, customer group manager are according to the member's key obtained from authority of law, and member's key of storing at oneself and the mapping centering of subscriber identity information are searched, and a subscriber identity information of finding is replied to authority of law.
4. but a Verification System that realizes the Radio Access Network authentication method of the described accountability of claim 1 and secret protection, is characterized in that, comprising: user and authority of law in Virtual network operator, access point, customer group manager, group; Described Virtual network operator is to hive off PKI receive group's PKI from the customer group manager of customer group manager sending part, and Virtual network operator is also to access point broadcast group PKI; In access point and group, the user authenticates and cipher key change mutually, and in the group, the user also obtains the member's key and group's PKI for access network from the customer group manager; Authority of law obtains group's private key from Virtual network operator, and it is right to obtain the mapping of member's key and subscriber identity information from the customer group manager.
CN201310343147.6A 2013-08-07 2013-08-07 Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof Active CN103428692B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310343147.6A CN103428692B (en) 2013-08-07 2013-08-07 Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310343147.6A CN103428692B (en) 2013-08-07 2013-08-07 Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof

Publications (2)

Publication Number Publication Date
CN103428692A true CN103428692A (en) 2013-12-04
CN103428692B CN103428692B (en) 2016-08-10

Family

ID=49652715

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310343147.6A Active CN103428692B (en) 2013-08-07 2013-08-07 Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof

Country Status (1)

Country Link
CN (1) CN103428692B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105406970A (en) * 2015-10-21 2016-03-16 浪潮电子信息产业股份有限公司 Signature method, signature device, signature verification method and signature verification device
CN105450627A (en) * 2014-09-18 2016-03-30 三星电子株式会社 Electronic device and method for processing data in electronic device
CN109963282A (en) * 2019-03-28 2019-07-02 华南理工大学 Secret protection access control method in the wireless sensor network that IP is supported
CN113329019A (en) * 2021-05-28 2021-08-31 南京邮电大学 Privacy-protecting infectious disease close contact person identity tracking method
CN114362933A (en) * 2021-12-16 2022-04-15 国网河北省电力有限公司信息通信分公司 Credible authentication method for data source under power Internet of things environment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1833222A1 (en) * 2006-03-10 2007-09-12 Abb Research Ltd. Access control protocol for embedded devices
CN101335625A (en) * 2007-06-25 2008-12-31 株式会社日立制作所 Batch verification device, program and batch verification method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1833222A1 (en) * 2006-03-10 2007-09-12 Abb Research Ltd. Access control protocol for embedded devices
CN101335625A (en) * 2007-06-25 2008-12-31 株式会社日立制作所 Batch verification device, program and batch verification method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
H. GUO等: "A unique batch authentication protocol for vehicle-to-grid communications", 《IEEE TRANSACTIONS ON SMART GRID》 *
何道敬: "无线网络安全的关键技术研究", 《浙江大学2012年博士毕业论文》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105450627A (en) * 2014-09-18 2016-03-30 三星电子株式会社 Electronic device and method for processing data in electronic device
CN105406970A (en) * 2015-10-21 2016-03-16 浪潮电子信息产业股份有限公司 Signature method, signature device, signature verification method and signature verification device
CN105406970B (en) * 2015-10-21 2019-03-12 浪潮电子信息产业股份有限公司 Method and device, the method and device of verifying signature of signature
CN109963282A (en) * 2019-03-28 2019-07-02 华南理工大学 Secret protection access control method in the wireless sensor network that IP is supported
CN109963282B (en) * 2019-03-28 2022-07-26 华南理工大学 Privacy protection access control method in IP-supported wireless sensor network
CN113329019A (en) * 2021-05-28 2021-08-31 南京邮电大学 Privacy-protecting infectious disease close contact person identity tracking method
CN113329019B (en) * 2021-05-28 2022-08-16 南京邮电大学 Privacy-protecting infectious disease close contact person identity tracking method
CN114362933A (en) * 2021-12-16 2022-04-15 国网河北省电力有限公司信息通信分公司 Credible authentication method for data source under power Internet of things environment

Also Published As

Publication number Publication date
CN103428692B (en) 2016-08-10

Similar Documents

Publication Publication Date Title
CN110084068B (en) Block chain system and data processing method for block chain system
Pu et al. An efficient blockchain-based privacy preserving scheme for vehicular social networks
Shim ${\cal CPAS} $: an efficient conditional privacy-preserving authentication scheme for vehicular sensor networks
US9509506B2 (en) Quantum key management
Han et al. A scalable and efficient key escrow model for lawful interception of IDBC‐based secure communication
CN105141425A (en) Bidirectional authentication method capable of protecting identity based on chaotic mapping
Wang et al. An efficient privacy‐preserving aggregation and billing protocol for smart grid
Neji et al. Distributed key generation protocol with a new complaint management strategy
CN107493165A (en) A kind of car networking certification and cryptographic key negotiation method with strong anonymity
Wang et al. A practical authentication framework for VANETs
CN103428692A (en) Wireless access network authentication method and wireless access network authentication system capable of holding accountability and protecting privacy
Malip et al. A certificateless anonymous authenticated announcement scheme in vehicular ad hoc networks
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
Rajput et al. A two level privacy preserving pseudonymous authentication protocol for VANET
Li et al. (WIP) authenticated key management protocols for internet of things
Daza et al. Cryptographic techniques for mobile ad-hoc networks
Salem et al. SOS: Self‐organized secure framework for VANET
Imghoure et al. ECDSA-based certificateless conditional privacy-preserving authentication scheme in Vehicular Ad Hoc Network
Parameswarath et al. A privacy-preserving authenticated key exchange protocol for V2G communications using SSI
Patonico et al. Elliptic curve‐based proxy re‐signcryption scheme for secure data storage on the cloud
Chiou et al. Design and implementation of a mobile voting system using a novel oblivious and proxy signature
Le et al. Certificate‐based signcryption scheme without pairing: directly verifying signcrypted messages using a public key
Nkurunziza et al. ECAAP‐SG: Efficient certificateless anonymous authentication protocol for SG
Jung et al. A robust and efficient anonymous authentication protocol in VANETs
Zhang et al. A lightweight electronic voting scheme based on blind signature and Kerberos mechanism

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant