CN104967993A - Authorization key dynamic generation method based on CDMA, authorization key dynamic generation system based on CDMA and authorization key dynamic generation device based on CDMA - Google Patents
Authorization key dynamic generation method based on CDMA, authorization key dynamic generation system based on CDMA and authorization key dynamic generation device based on CDMA Download PDFInfo
- Publication number
- CN104967993A CN104967993A CN201510209239.4A CN201510209239A CN104967993A CN 104967993 A CN104967993 A CN 104967993A CN 201510209239 A CN201510209239 A CN 201510209239A CN 104967993 A CN104967993 A CN 104967993A
- Authority
- CN
- China
- Prior art keywords
- public
- travelling carriage
- algorithm
- private cipher
- auc
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000013475 authorization Methods 0.000 title abstract 11
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 112
- 230000003993 interaction Effects 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 27
- 238000010295 mobile communication Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 230000011664 signaling Effects 0.000 description 3
- 230000001413 cellular effect Effects 0.000 description 2
- 230000000875 corresponding effect Effects 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 230000002123 temporal effect Effects 0.000 description 2
- 101150012579 ADSL gene Proteins 0.000 description 1
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 1
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 1
- 241000256844 Apis mellifera Species 0.000 description 1
- 241001269238 Data Species 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000005314 correlation function Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 238000003909 pattern recognition Methods 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 230000001629 suppression Effects 0.000 description 1
- 239000010409 thin film Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention discloses an authorization key dynamic generation method based on CDMA, an authorization key dynamic generation system based on CDMA and an authorization key dynamic generation device based on CDMA. The method comprises the steps of using a mobile station and an authorization center to generate the private keys respectively by utilizing an MD5 algorithm and according to an international mobile subscriber identity (IMSI), an electronic serial number (ESN) and the random shared secret data (RANDSSD); using the mobile station and the authorization center to generate the public keys respectively by utilizing a DH algorithm and according to the respective private keys; using the mobile station and the authorization center to interchange the public keys to obtain the public keys of the opposite parties; using the mobile station and the authorization center to generate the authorization keys respectively according to the respective private keys and the public keys of the opposite parties and by utilizing the DH algorithm. Therefore, according to the present invention, the authorization keys are generated dynamically during the interaction process of the mobile station and the authorization center, and the dynamically generated and non-fixed authorization keys are utilized to authorize, thereby reducing the authorization key stolen risk substantially, and improving the authorization safety greatly.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of authentication code dynamic creation method based on CDMA, system and device.
Background technology
Safety problem is the major issue in wireless communication field, the safety measure that current solution safety problem is taked mainly comprises access authentication and encryption two parts, access authentication is the legitimacy in order to ensure user identity, and encryption is the fail safe in order to ensure Content of Communication.Access authentication is divided into subscription authentication and session authentication.Subscription authentication is when setting up session at first, the legitimacy of inspection terminal use; Session authentication is during session, and terminal is from static state to activated state or re-authenticating of switching and cause.
In cdma communication technical field, authentication code (Authentication Key, A-KEY) as the critical keys of in authentication process, be stored in the UIM card of travelling carriage (as mobile terminal) and the AUC of network side, determined by manufacturer or operator, length is 64bits.Authentication code is mainly used for SSD (the Shared Secret Data in authentication process, share secure data) upgrade, RANDSSD (the Random Shared Secret Data sent by AUC, random shared secure data) and ESN (Electronic Serial Number, Electronic Serial Number) generate SSD by CAVE (Cave Automatic VirtualEnvironment, the automatic virtual system of cavernous) algorithm.
Because authentication code produces the basis of other secret datas, so the safety of authentication code and important.In prior art, authentication code generates in advance and is fixed in the UIM card of mobile terminal, usually would not make again and change, thus cause authentication code to there is stolen risk, have impact on the fail safe of authentication after the value write of authentication code.
Summary of the invention
Main purpose of the present invention is to propose a kind of authentication code dynamic creation method based on CDMA, system and device, is intended to dynamic generating authentication code, solves authentication code and fixes and affect the problem of authentication security.
For achieving the above object, the present invention proposes a kind of authentication code dynamic creation method based on CDMA, comprises step:
Travelling carriage and AUC share secure data at random according to IMSI international mobile subscriber identity, ESN Electronic Serial Number and RANDSSD respectively and utilize MD5 algorithm to generate private cipher key;
Travelling carriage and AUC utilize DH algorithm to generate public-key cryptography according to respective private cipher key respectively;
Described public-key cryptography is intercoursed by travelling carriage and AUC, obtains the public-key cryptography of the other side;
Travelling carriage and AUC utilize DH algorithm generating authentication code according to the public-key cryptography of respective private cipher key and the other side respectively.
Preferably, described travelling carriage and AUC utilize MD5 algorithm generation private cipher key to comprise according to IMSI, ESN and RANDSSD respectively:
Travelling carriage obtains IMSI, ESN and RANDSSD, and generates data T
a, and T
a=IMSI+ESN+RANDSSD, utilizes MD5 algorithm to described data T
acarry out processing rear generation private cipher key X
a;
AUC obtains IMSI, ESN and RANDSSD, and generates data T
b, and T
b=IMSI-ESN-RANDSSD, utilizes MD5 algorithm to described data T
bcarry out processing rear generation private cipher key X
b.
Preferably, described travelling carriage and AUC utilize DH algorithm generation public-key cryptography to comprise according to respective private cipher key respectively:
Travelling carriage chooses a prime number q and an integer α, calculates public-key cryptography according to DH algorithm
wherein, X
afor the private cipher key of travelling carriage, X
a<q, α are the primitive roots of q;
AUC chooses the prime number q identical with travelling carriage and integer α, calculates public-key cryptography according to DH algorithm
wherein, X
bfor the private cipher key of AUC, X
b<q, α are the primitive roots of q.
Preferably, described travelling carriage and AUC utilize DH algorithm generating authentication code to comprise according to the public-key cryptography of respective private cipher key and the other side respectively:
Travelling carriage is according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of travelling carriage;
AUC is according to DH algorithm generating authentication code
wherein, Y
afor the public-key cryptography of travelling carriage, X
bfor the private cipher key of AUC.
The present invention also proposes a kind of authentication code dynamic creation method based on CDMA, is applied to mobile station side, comprises step:
Travelling carriage utilizes MD5 algorithm to generate private cipher key according to IMSI, ESN and RANDSSD;
Travelling carriage utilizes DH algorithm to generate public-key cryptography according to described private cipher key;
Public-key cryptography is intercoursed by travelling carriage and AUC, obtains the public-key cryptography of described AUC;
Travelling carriage utilizes DH algorithm generating authentication code according to the public-key cryptography of described private cipher key and described AUC.
Preferably, described travelling carriage utilizes MD5 algorithm generation private cipher key to comprise according to IMSI, ESN and RANDSSD:
Travelling carriage obtains IMSI, ESN and RANDSSD, and generates data T
a, and T
a=IMSI+ESN+RANDSSD, utilizes MD5 algorithm to described data T
acarry out processing rear generation private cipher key X
a.
Preferably, described travelling carriage utilizes DH algorithm generation public-key cryptography to comprise according to described private cipher key:
Travelling carriage chooses a prime number q and an integer α, calculates public-key cryptography according to DH algorithm
wherein, X
afor the private cipher key of travelling carriage, X
a<q, α are the primitive roots of q.
Preferably, described travelling carriage utilizes DH algorithm generating authentication code to comprise according to the public-key cryptography of described private cipher key and described AUC:
Travelling carriage is according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of travelling carriage.
The present invention proposes a kind of authentication code dynamic generating system based on CDMA simultaneously, comprises travelling carriage and AUC, wherein:
Described travelling carriage, private cipher key is generated for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD, DH algorithm is utilized to generate public-key cryptography according to described private cipher key, and intercourse public-key cryptography with described AUC, obtain the public-key cryptography of described AUC, the public-key cryptography according to described private cipher key and described AUC utilizes DH algorithm generating authentication code;
Described AUC, private cipher key is generated for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD, DH algorithm is utilized to generate public-key cryptography according to described private cipher key, and intercourse public-key cryptography with described travelling carriage, obtain the public-key cryptography of described travelling carriage, the public-key cryptography according to described private cipher key and described travelling carriage utilizes DH algorithm generating authentication code.
The invention also proposes a kind of authentication code dynamic generation apparatus based on CDMA, be applied to mobile station side, comprise private cipher key generation module, public-key cryptography generation module, public-key cryptography Switching Module and authentication code generation module, wherein:
Described private cipher key generation module, generates private cipher key for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD;
Described public-key cryptography generation module, generates public-key cryptography for utilizing DH algorithm according to described private cipher key;
Described public-key cryptography Switching Module, for intercoursing public-key cryptography with AUC, obtains the public-key cryptography of described AUC;
Described authentication code generation module, for utilizing DH algorithm generating authentication code according to the public-key cryptography of described private cipher key and described AUC.
Preferably, described private cipher key generation module is used for: obtain IMSI, ESN and RANDSSD, and generate data T
a, and T
a=IMSI+ESN+RANDSSD, utilizes MD5 algorithm to described data T
acarry out processing rear generation private cipher key X
a.
Preferably, described public-key cryptography generation module is used for: choose a prime number q and an integer α, calculate public-key cryptography according to DH algorithm
wherein, X
afor the private cipher key of travelling carriage, X
a<q, α are the primitive roots of q.
Preferably, described authentication code generation module is used for: according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of travelling carriage.
A kind of authentication code dynamic creation method based on CDMA proposed by the invention, dynamic generating authentication code in travelling carriage and AUC's reciprocal process, utilize dynamically generate and revocable authentication code carries out authentication, greatly reduce the risk that authentication code is stolen, significantly improve the fail safe of authentication.
Accompanying drawing explanation
Fig. 1 is the hardware configuration schematic diagram of the mobile terminal realizing each embodiment of the present invention;
Fig. 2 is the wireless communication system schematic diagram of mobile terminal as shown in Figure 1;
Fig. 3 is the flow chart of authentication code dynamic creation method first embodiment that the present invention is based on CDMA;
Fig. 4 is the flow chart that in the embodiment of the present invention, travelling carriage generates private cipher key;
Fig. 5 is the flow chart that embodiment of the present invention AUC generates private cipher key;
Fig. 6 is the mutual flow chart of travelling carriage and AUC in the embodiment of the present invention;
Fig. 7 is the flow chart of authentication code dynamic creation method second embodiment that the present invention is based on CDMA;
Fig. 8 is the module diagram of authentication code dynamic generating system one embodiment that the present invention is based on CDMA;
Fig. 9 is the module diagram of authentication code dynamic generation apparatus one embodiment that the present invention is based on CDMA.
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The mobile terminal realizing each embodiment of the present invention is described referring now to accompanying drawing.In follow-up description, use the suffix of such as " module ", " parts " or " unit " for representing element only in order to be conducive to explanation of the present invention, itself is specific meaning not.Therefore, " module " and " parts " can mixedly use.
Mobile terminal can be implemented in a variety of manners.Such as, the terminal described in the present invention can comprise the such as mobile terminal of mobile phone, smart phone, notebook computer, digit broadcasting receiver, PDA (personal digital assistant), PAD (panel computer), PMP (portable media player), guider etc. and the fixed terminal of such as digital TV, desktop computer etc.Below, suppose that terminal is mobile terminal.But it will be appreciated by those skilled in the art that except the element except being used in particular for mobile object, structure according to the embodiment of the present invention also can be applied to the terminal of fixed type.
Fig. 1 is the hardware configuration signal of the mobile terminal realizing each embodiment of the present invention.
Mobile terminal 100 can comprise wireless communication unit 110, A/V (audio/video) input unit 120, user input unit 130, sensing cell 140, output unit 150, memory 160, interface unit 170, controller 180 and power subsystem 190 etc.Fig. 1 shows the mobile terminal with various assembly, it should be understood that, does not require to implement all assemblies illustrated.Can alternatively implement more or less assembly.Will be discussed in more detail below the element of mobile terminal.
Wireless communication unit 110 generally includes one or more assembly, and it allows the radio communication between mobile terminal 100 and wireless communication system or network.Such as, wireless communication unit can comprise at least one in broadcast reception module 111, mobile communication module 112, wireless Internet module 113, short range communication module 114 and positional information module 115.
Broadcast reception module 111 via broadcast channel from external broadcasting management server receiving broadcast signal and/or broadcast related information.Broadcast channel can comprise satellite channel and/or terrestrial channel.Broadcast management server can be generate and send the server of broadcast singal and/or broadcast related information or the broadcast singal generated before receiving and/or broadcast related information and send it to the server of terminal.Broadcast singal can comprise TV broadcast singal, radio signals, data broadcasting signal etc.And broadcast singal may further include the broadcast singal combined with TV or radio signals.Broadcast related information also can provide via mobile communications network, and in this case, broadcast related information can be received by mobile communication module 112.Broadcast singal can exist in a variety of manners, such as, it can exist with the form of the electronic service guidebooks (ESG) of the electronic program guides of DMB (DMB) (EPG), digital video broadcast-handheld (DVB-H) etc.Broadcast reception module 111 can by using the broadcast of various types of broadcast system Received signal strength.Especially, broadcast reception module 111 can by using such as multimedia broadcasting-ground (DMB-T), DMB-satellite (DMB-S), digital video broadcasting-hand-held (DVB-H), forward link media (MediaFLO
@) the digit broadcasting system receiving digital broadcast of Radio Data System, received terrestrial digital broadcasting integrated service (ISDB-T) etc.Broadcast reception module 111 can be constructed to be applicable to providing the various broadcast system of broadcast singal and above-mentioned digit broadcasting system.The broadcast singal received via broadcast reception module 111 and/or broadcast related information can be stored in memory 160 (or storage medium of other type).
Radio signal is sent at least one in base station (such as, access point, Node B etc.), exterior terminal and server and/or receives radio signals from it by mobile communication module 112.Various types of data that such radio signal can comprise voice call signal, video calling signal or send according to text and/or Multimedia Message and/or receive.
Wireless Internet module 113 supports the Wi-Fi (Wireless Internet Access) of mobile terminal.This module can be inner or be externally couple to terminal.Wi-Fi (Wireless Internet Access) technology involved by this module can comprise WLAN (WLAN) (Wi-Fi), Wibro (WiMAX), Wimax (worldwide interoperability for microwave access), HSDPA (high-speed downlink packet access) etc.
Short range communication module 114 is the modules for supporting junction service.Some examples of short-range communication technology comprise bluetooth
tM, radio-frequency (RF) identification (RFID), Infrared Data Association (IrDA), ultra broadband (UWB), purple honeybee
tMetc..
Positional information module 115 is the modules of positional information for checking or obtain mobile terminal.The typical case of positional information module is GPS (global positioning system).According to current technology, GPS module 115 calculates from the range information of three or more satellite and correct time information and for the Information application triangulation calculated, thus calculates three-dimensional current location information according to longitude, latitude and pin-point accuracy.Current, the method for calculating location and temporal information uses three satellites and by the error of the position that uses an other satellite correction calculation to go out and temporal information.In addition, GPS module 115 can carry out computational speed information by Continuous plus current location information in real time.
A/V input unit 120 is for audio reception or vision signal.A/V input unit 120 can comprise camera 121 and microphone 1220, and the view data of camera 121 to the static images obtained by image capture apparatus in Video Capture pattern or image capture mode or video processes.Picture frame after process may be displayed on display module 151.Picture frame after camera 121 processes can be stored in memory 160 (or other storage medium) or via wireless communication unit 110 and send, and can provide two or more cameras 1210 according to the structure of mobile terminal.Such acoustic processing can via microphones sound (voice data) in telephone calling model, logging mode, speech recognition mode etc. operational mode, and can be voice data by microphone 122.Audio frequency (voice) data after process can be converted to the formatted output that can be sent to mobile communication base station via mobile communication module 112 when telephone calling model.Microphone 122 can be implemented various types of noise and eliminate (or suppress) algorithm and receiving and sending to eliminate (or suppression) noise or interference that produce in the process of audio signal.
User input unit 130 can generate key input data to control the various operations of mobile terminal according to the order of user's input.User input unit 130 allows user to input various types of information, and keyboard, the young sheet of pot, touch pad (such as, detecting the touch-sensitive assembly of the change of the resistance, pressure, electric capacity etc. that cause owing to being touched), roller, rocking bar etc. can be comprised.Especially, when touch pad is superimposed upon on display module 151 as a layer, touch-screen can be formed.
Sensing cell 140 detects the current state of mobile terminal 100, (such as, mobile terminal 100 open or close state), the position of mobile terminal 100, user for mobile terminal 100 contact (namely, touch input) presence or absence, the orientation of mobile terminal 100, the acceleration or deceleration of mobile terminal 100 move and direction etc., and generate order or the signal of the operation for controlling mobile terminal 100.Such as, when mobile terminal 100 is embodied as sliding-type mobile phone, sensing cell 140 can sense this sliding-type phone and open or close.In addition, whether whether sensing cell 140 can detect power subsystem 190 provides electric power or interface unit 170 to couple with external device (ED).Sensing cell 140 can comprise proximity transducer 1410 and will be described this in conjunction with touch-screen below.
Interface unit 170 is used as at least one external device (ED) and is connected the interface that can pass through with mobile terminal 100.Such as, external device (ED) can comprise wired or wireless head-band earphone port, external power source (or battery charger) port, wired or wireless FPDP, memory card port, for connecting the port, audio frequency I/O (I/O) port, video i/o port, ear port etc. of the device with identification module.Identification module can be that storage uses the various information of mobile terminal 100 for authentication of users and can comprise subscriber identification module (UIM), client identification module (SIM), Universal Subscriber identification module (USIM) etc.In addition, the device (hereinafter referred to " recognition device ") with identification module can take the form of smart card, and therefore, recognition device can be connected with mobile terminal 100 via port or other jockey.Interface unit 170 may be used for receive from external device (ED) input (such as, data message, electric power etc.) and the input received be transferred to the one or more element in mobile terminal 100 or may be used for transmitting data between mobile terminal and external device (ED).
In addition, when mobile terminal 100 is connected with external base, interface unit 170 can be used as to allow by it electric power to be provided to the path of mobile terminal 100 from base or can be used as the path that allows to be transferred to mobile terminal by it from the various command signals of base input.The various command signal inputted from base or electric power can be used as and identify whether mobile terminal is arranged on the signal base exactly.Output unit 150 is constructed to provide output signal (such as, audio signal, vision signal, alarm signal, vibration signal etc.) with vision, audio frequency and/or tactile manner.Output unit 150 can comprise display module 151, dio Output Modules 152, alarm modules 153 etc.
Display module 151 may be displayed on the information of process in mobile terminal 100.Such as, when mobile terminal 100 is in telephone calling model, display module 151 can show with call or other communicate (such as, text messaging, multimedia file are downloaded etc.) be correlated with user interface (UI) or graphic user interface (GUI).When mobile terminal 100 is in video calling pattern or image capture mode, display module 151 can the image of display capture and/or the image of reception, UI or GUI that video or image and correlation function are shown etc.
Meanwhile, when display module 151 and touch pad as a layer superposed on one another to form touch-screen time, display module 151 can be used as input unit and output device.Display module 151 can comprise at least one in liquid crystal display (LCD), thin-film transistor LCD (TFT-LCD), Organic Light Emitting Diode (OLED) display, flexible display, three-dimensional (3D) display etc.Some in these displays can be constructed to transparence and watch from outside to allow user, and this can be called transparent display, and typical transparent display can be such as TOLED (transparent organic light emitting diode) display etc.According to the specific execution mode wanted, mobile terminal 100 can comprise two or more display modules (or other display unit), such as, mobile terminal can comprise outside display module (not shown) and inner display module (not shown).Touch-screen can be used for detecting touch input pressure and touch input position and touch and inputs area.
When dio Output Modules 152 can be under the isotypes such as call signal receiving mode, call mode, logging mode, speech recognition mode, broadcast reception mode at mobile terminal, voice data convert audio signals that is that wireless communication unit 110 is received or that store in memory 160 and exporting as sound.And dio Output Modules 152 can provide the audio frequency relevant to the specific function that mobile terminal 100 performs to export (such as, call signal receives sound, message sink sound etc.).Dio Output Modules 152 can comprise loud speaker, buzzer etc.
Alarm modules 153 can provide and export that event informed to mobile terminal 100.Typical event can comprise calling reception, message sink, key signals input, touch input etc.Except audio or video exports, alarm modules 153 can provide in a different manner and export with the generation of notification event.Such as, alarm modules 153 can provide output with the form of vibration, when receive calling, message or some other enter communication (incomingcommunication) time, alarm modules 153 can provide sense of touch to export (that is, vibrating) to notify to user.By providing such sense of touch to export, even if when the mobile phone of user is in the pocket of user, user also can identify the generation of various event.Alarm modules 153 also can provide the output of the generation of notification event via display module 151 or dio Output Modules 152.
Memory 160 software program that can store process and the control operation performed by controller 180 etc., or temporarily can store oneself through exporting the data (such as, telephone directory, message, still image, video etc.) that maybe will export.And, memory 160 can store about when touch be applied to touch-screen time the vibration of various modes that exports and the data of audio signal.
Memory 160 can comprise the storage medium of at least one type, described storage medium comprises flash memory, hard disk, multimedia card, card-type memory (such as, SD or DX memory etc.), random access storage device (RAM), static random-access memory (SRAM), read-only memory (ROM), Electrically Erasable Read Only Memory (EEPROM), programmable read only memory (PROM), magnetic storage, disk, CD etc.And mobile terminal 100 can be connected the memory function of execute store 160 network storage device with by network cooperates.
Controller 180 controls the overall operation of mobile terminal usually.Such as, controller 180 performs the control relevant to voice call, data communication, video calling etc. and process.In addition, controller 180 can comprise the multi-media module 1810 for reproducing (or playback) multi-medium data, and multi-media module 1810 can be configured in controller 180, or can be configured to be separated with controller 180.Controller 180 can pattern recognition process, is identified as character or image so that input is drawn in the handwriting input performed on the touchscreen or picture.
Power subsystem 190 receives external power or internal power and provides each element of operation and the suitable electric power needed for assembly under the control of controller 180.
Various execution mode described herein can to use such as computer software, the computer-readable medium of hardware or its any combination implements.For hardware implementation, execution mode described herein can by using application-specific IC (ASIC), digital signal processor (DSP), digital signal processing device (DSPD), programmable logic device (PLD), field programmable gate array (FPGA), processor, controller, microcontroller, microprocessor, being designed at least one performed in the electronic unit of function described herein and implementing, in some cases, such execution mode can be implemented in controller 180.For implement software, the execution mode of such as process or function can be implemented with allowing the independent software module performing at least one function or operation.Software code can be implemented by the software application (or program) write with any suitable programming language, and software code can be stored in memory 160 and to be performed by controller 180.
So far, oneself is through the mobile terminal according to its functional description.Below, for the sake of brevity, by the slide type mobile terminal that describes in various types of mobile terminals of such as folded form, board-type, oscillating-type, slide type mobile terminal etc. exemplarily.Therefore, the present invention can be applied to the mobile terminal of any type, and is not limited to slide type mobile terminal.
Mobile terminal 100 as shown in Figure 1 can be constructed to utilize and send the such as wired and wireless communication system of data via frame or grouping and satellite-based communication system operates.
Describe wherein according to the communication system that mobile terminal of the present invention can operate referring now to Fig. 2.
Such communication system can use different air interfaces and/or physical layer.Such as, the air interface used by communication system comprises such as frequency division multiple access (FDMA), time division multiple access (TDMA), code division multiple access (CDMA) and universal mobile telecommunications system (UMTS) (especially, Long Term Evolution (LTE)), global system for mobile communications (GSM) etc.As non-limiting example, description below relates to cdma communication system, but such instruction is equally applicable to the system of other type.
With reference to figure 2, cdma wireless communication system can comprise multiple mobile terminal 100, multiple base station (BS) 270, base station controller (BSC) 275 and mobile switching centre (travelling carriage C) 280.Travelling carriage C280 is constructed to form interface with Public Switched Telephony Network (PSTN) 290.Travelling carriage C280 is also constructed to form interface with the BSC275 that can be couple to base station 270 via back haul link.Back haul link can construct according to any one in some interfaces that oneself knows, described interface comprises such as E1/T1, ATM, IP, PPP, frame relay, HDSL, ADSL or xDSL.Will be appreciated that system as shown in Figure 2 can comprise multiple BSC2750.
Each BS270 can serve one or more subregion (or region), by multidirectional antenna or point to specific direction each subregion of antenna cover radially away from BS270.Or each subregion can by two or more antenna covers for diversity reception.Each BS270 can be constructed to support multiple parallel compensate, and each parallel compensate has specific frequency spectrum (such as, 1.25MHz, 5MHz etc.).
Subregion can be called as CDMA Channel with intersecting of parallel compensate.BS270 also can be called as base station transceiver subsystem (BTS) or other equivalent terms.Under these circumstances, term " base station " may be used for broadly representing single BSC275 and at least one BS270.Base station also can be called as " cellular station ".Or each subregion of particular B S270 can be called as multiple cellular station.
As shown in Figure 2, broadcast singal is sent to the mobile terminal 100 at operate within systems by broadcsting transmitter (BT) 295.Broadcast reception module 111 as shown in Figure 1 is arranged on mobile terminal 100 and sentences the broadcast singal receiving and sent by BT295.In fig. 2, several global positioning system (GPS) satellite 300 is shown.Satellite 300 helps at least one in the multiple mobile terminal 100 in location.
In fig. 2, depict multiple satellite 300, but be understandable that, the satellite of any number can be utilized to obtain useful locating information.GPS module 115 as shown in Figure 1 is constructed to coordinate to obtain the locating information wanted with satellite 300 usually.Substitute GPS tracking technique or outside GPS tracking technique, can use can other technology of position of tracking mobile terminal.In addition, at least one gps satellite 300 optionally or extraly can process satellite dmb transmission.
As a typical operation of wireless communication system, BS270 receives the reverse link signal from various mobile terminal 100.Mobile terminal 100 participates in call usually, information receiving and transmitting communicates with other type.Each reverse link signal that certain base station 270 receives is processed by particular B S270.The data obtained are forwarded to relevant BSC275.BSC provides call Resourse Distribute and comprises the mobile management function of coordination of the soft switching process between BS270.The data received also are routed to travelling carriage C280 by BSC275, and it is provided for the extra route service forming interface with PSTN290.Similarly, PSTN290 and travelling carriage C280 forms interface, and travelling carriage C and BSC275 forms interface, and BSC275 correspondingly control BS270 so that forward link signals is sent to mobile terminal 100.
Based on above-mentioned mobile terminal hardware configuration and communication system, each embodiment of the inventive method is proposed.
As shown in Figure 3, authentication code dynamic creation method first embodiment that the present invention is based on CDMA is proposed.In the present embodiment, the English abbreviation of travelling carriage is MS, and English full name is Mobile Station, and refer to the terminal equipment at specified point carrying mobile service under dynamic or static state, described terminal equipment is as aforementioned mobile terminal; The English abbreviation of AUC is AUC, and English full name is Authentication Center, is the identity for certification mobile subscriber and the functional entity producing corresponding authentication parameter.
The authentication code dynamic creation method of the present embodiment comprises the following steps:
Step S11: travelling carriage and AUC utilize MD5 algorithm to generate private cipher key according to IMSI, ESN and RANDSSD respectively.
Wherein, IMSI full name is International Mobile Subscriber Identity, i.e. international mobile subscriber identity; ESN full name is Electronic Serial Number, i.e. Electronic Serial Number; RANDSSD full name is Random Shared Secret Data, namely shares secure data at random; MD5 full name is Message-Digest Algorithm 5, i.e. message digest algorithm 5, is one of widely used hashing algorithm of computer.
The effect of MD5 algorithm process is that Large Copacity information " compression " is become a kind of secret form, namely the byte serial of a random length is transformed into the hexadecimal number word string of certain length.To MD5 algorithm concise and to the point describe can be: MD5 with 512 groupings to process the information of input, and each grouping is divided into again 16 32 seat groupings, after have passed through a series of process, the output of algorithm is made up of four 32 groupings, by after these four 32 packet concatenation by generation 128 hashed values.MD5 algorithm has following characteristics:
1. compressibility: the data of random length, the MD5 value length calculated is all fixing.
2. easily calculate: calculate MD5 value from former data and be easy to.
3. anti-amendment: make any change to former data, even only revise 1 byte, the MD5 value obtained has very large difference.
4. weak impact resistant: known former data and its MD5 value, wants to find data (i.e. data falsification) with identical MD5 value to be very difficult.
5. strong impact resistant: want to find the data that two different, making them have identical MD5 value, is very difficult.
The process of travelling carriage generation private cipher key can as shown in Figure 4, and its idiographic flow is:
The RANDSSD that A, travelling carriage acquisition IMSI, ESN and AUC issue.
B, to calculate for generation of private cipher key X
aone group of data T
a
T
A=RANDSSD+ESN+IMSI。
C, utilize MD5 algorithm to data T
acarry out processing rear generation private cipher key X
a, be specially: to T
acarry out data stuffing, be then divided into four groups and carry out four-wheel circular flow, operation result cascade is obtained 128bits data X
a.
AUC generate private cipher key process can as shown in Figure 5, its idiographic flow is:
A, AUC obtain IMSI, ESN of RANDSSD and travelling carriage.
B, to calculate for generation of private cipher key X
bone group of data T
b
T
B=RANDSSD-ESN-IMSI。
C, utilize MD5 algorithm to data T
bcarry out processing rear generation private cipher key X
b, be specially: to T
bcarry out data stuffing, be then divided into four groups and carry out four-wheel circular flow, operation result cascade is obtained 128bits data X
b.
Step S12: travelling carriage and AUC utilize DH algorithm to generate public-key cryptography according to respective private cipher key respectively.
The full name of DH is Diffie-Hellman, i.e. rivest, shamir, adelman, and being fail safe based on a kind of cryptographic algorithm of difficulty calculating discrete logarithm in finite field, is a kind of Diffie-Hellman.The validity of DH Diffie-Hellman depends on the difficulty calculating discrete logarithm, in brief, can as discrete logarithm of giving a definition: the primitive root first defining a prime number q, for its each power produces all integer roots from 1 to q-1, that is, if α is a primitive root of prime number q, so numerical value α 1modq, α 2modq ..., α q-1modq is different integer, and constitutes all integers from 1 to q-1 with certain arrangement mode.For a primitive root α of an integer β and prime number q, only index i can be found, make β=α imodq, discrete logarithm or the index of what wherein 0≤i≤(q-1), index i were called β with α the is mould q of radix.Although the index that calculating is mould with a prime number is relatively easy, calculate discrete logarithm very difficult.For large prime number, it is almost impossible for calculating discrete logarithm, therefore effectively can increase the fail safe of data.
According to DH algorithm, travelling carriage chooses a prime number q and an integer α (can deposit in travelling carriage in advance), wherein, and the private cipher key X of travelling carriage
a<q, α are the primitive roots of q.Travelling carriage is according to the two number q chosen and α and private cipher key X
a, utilize DH algorithm to calculate public-key cryptography
Same, according to DH algorithm, AUC chooses the prime number q identical with travelling carriage and integer α (can deposit in AUC in advance), wherein, and the private cipher key X of AUC
b<q, α are the primitive roots of q.AUC is according to the two number q chosen and α and private cipher key X
b, utilize DH algorithm to calculate public-key cryptography
Step S13: public-key cryptography is intercoursed by travelling carriage and AUC, obtains the public-key cryptography of the other side.
In this step S13, travelling carriage and AUC exchange public-key cryptography by signaling message, and travelling carriage obtains the public-key cryptography Y of AUC
b, AUC obtains the public-key cryptography Y of travelling carriage
a.
Step S14: travelling carriage and AUC utilize DH algorithm generating authentication code according to the public-key cryptography of respective private cipher key and the other side respectively.
In this step S14, travelling carriage and AUC generate identical unique authentication code value respectively.Concrete, travelling carriage is according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of travelling carriage; AUC is according to DH algorithm generating authentication code
wherein, Y
afor the public-key cryptography of travelling carriage, X
bfor the private cipher key of AUC.That is, authentication code
when after generating authentication code, travelling carriage and AUC then utilize the authentication code of generation to carry out the authorizing procedure of next round.
In this method travelling carriage and AUC can be simply expressed as Fig. 6 alternately such.As shown in Figure 6, AUC to sending mobile station RANDSSD message, then travelling carriage and AUC each self-generating private cipher key X
aand X
b, then travelling carriage and AUC generate public-key cryptography Y according to DH algorithm separately
aand Y
b, last travelling carriage and AUC generate identical authentication code K according to DH algorithm separately.After generating authentication code, then authentication procedure is utilized to carry out authentication operations respectively.
See Fig. 7, propose authentication code dynamic creation method second embodiment that the present invention is based on CDMA, the present embodiment is applied to mobile station side, said method comprising the steps of:
Step S21: travelling carriage utilizes MD5 algorithm to generate private cipher key according to IMSI, ESN and RANDSSD.
In this step S21, first travelling carriage obtains the RANDSSD that IMSI, ESN and AUC issue; Then calculate for generation of private cipher key X
aone group of data T
a, T
a=RANDSSD+ESN+IMSI; Finally utilize MD5 algorithm to data T
acarry out processing rear generation private cipher key X
a, be specially: to T
acarry out data stuffing, be then divided into four groups and carry out four-wheel circular flow, operation result cascade is obtained 128bits data X
a.
Step S22: travelling carriage utilizes DH algorithm to generate public-key cryptography according to private cipher key.
In this step S22, according to DH algorithm, travelling carriage chooses a prime number q and an integer α (can deposit in travelling carriage in advance), wherein, and the private cipher key X of travelling carriage
a<q, α are the primitive roots of q.Travelling carriage is according to the two number q chosen and α and private cipher key X
a, utilize DH algorithm to calculate public-key cryptography
Step S23: public-key cryptography is intercoursed by travelling carriage and AUC, obtains the public-key cryptography of AUC.
In this step S23, travelling carriage and AUC exchange public-key cryptography by signaling message, and travelling carriage obtains the public-key cryptography Y of AUC
b.
Step S24: travelling carriage utilizes DH algorithm generating authentication code according to the public-key cryptography of private cipher key and AUC.
In this step S24, travelling carriage is according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of travelling carriage.
After generating authentication code, travelling carriage then utilizes the authentication code generated to carry out the authorizing procedure of next round with AUC.
Thus, the present invention is based on the authentication code dynamic creation method of CDMA, dynamic generating authentication code in travelling carriage and AUC's reciprocal process, utilize dynamically generate and revocable authentication code carries out authentication, greatly reduce the risk that authentication code is stolen, significantly improve the fail safe of authentication.
See Fig. 8, the present invention further provides a kind of authentication code dynamic generating system based on CDMA, described system is used for realizing preceding method, and described system comprises travelling carriage and AUC, wherein:
Travelling carriage: generate private cipher key for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD, DH algorithm is utilized to generate public-key cryptography according to private cipher key, and intercourse public-key cryptography with AUC, obtain the public-key cryptography of AUC, the public-key cryptography according to private cipher key and described AUC utilizes DH algorithm generating authentication code.
AUC: generate private cipher key for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD, DH algorithm is utilized to generate public-key cryptography according to private cipher key, and intercourse public-key cryptography with travelling carriage, obtain the public-key cryptography of travelling carriage, the public-key cryptography according to private cipher key and described travelling carriage utilizes DH algorithm generating authentication code.
Travelling carriage in the present embodiment and AUC, be respectively the travelling carriage and AUC that relate in preceding method embodiment, and the technical characteristic in preceding method embodiment is all corresponding to be in the present embodiment suitable for, and does not repeat them here.
The present invention is based on the authentication code dynamic generating system of CDMA, dynamic generating authentication code in travelling carriage and AUC's reciprocal process, utilize dynamically generate and revocable authentication code carries out authentication, greatly reduce the risk that authentication code is stolen, significantly improve the fail safe of authentication.
With reference to Fig. 9, further proposition the present invention is based on the authentication code dynamic generation apparatus of CDMA, described application of installation is in mobile station side, namely aforementioned mobile terminal is equivalent to travelling carriage, now based on aforementioned mobile terminal hardware configuration and communication system, authentication code dynamic generation apparatus one embodiment that the present invention is based on CDMA is proposed.Described device comprises private cipher key generation module, public-key cryptography generation module, public-key cryptography Switching Module and authentication code generation module, wherein, private cipher key generation module, public-key cryptography generation module are connected successively with public-key cryptography Switching Module, and authentication code generation module is connected with private cipher key generation module and public-key cryptography Switching Module respectively.
Private cipher key generation module: generate private cipher key for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD.
Concrete, first private cipher key generation module obtains the RANDSSD that IMSI, ESN and AUC issue; Then calculate for generation of private cipher key X
aone group of data T
a, T
a=RANDSSD+ESN+IMSI; Finally utilize MD5 algorithm to data T
acarry out processing rear generation private cipher key X
a, be specially: to T
acarry out data stuffing, be then divided into four groups and carry out four-wheel circular flow, operation result cascade is obtained 128bits data X
a.
Public-key cryptography generation module: generate public-key cryptography for utilizing DH algorithm according to private cipher key.
Concrete, according to DH algorithm, public-key cryptography generation module chooses a prime number q and an integer α (can deposit in public-key cryptography generation module in advance), wherein, and private cipher key X
a<q, α are the primitive roots of q.Public-key cryptography generation module is according to the two number q chosen and α and private cipher key X
a, utilize DH algorithm to calculate public-key cryptography
Public-key cryptography Switching Module: for intercoursing public-key cryptography with AUC, obtains the public-key cryptography of AUC.
Concrete, public-key cryptography Switching Module carries out the exchange of public-key cryptography by signaling message and AUC, obtains the public-key cryptography Y of AUC
b.
Authentication code generation module: for utilizing DH algorithm generating authentication code according to the public-key cryptography of private cipher key and AUC.
Concrete, authentication code generation module is according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of mobile station side.
After generating authentication code, travelling carriage then utilizes the authentication code generated to carry out the authorizing procedure of next round with AUC.
Thus, the present invention is based on the authentication code dynamic generation apparatus of CDMA, dynamic generating authentication code in travelling carriage and AUC's reciprocal process, utilize dynamically generate and revocable authentication code carries out authentication, greatly reduce the risk that authentication code is stolen, significantly improve the fail safe of authentication.
It should be noted that, in this article, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or device and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or device.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the device comprising this key element and also there is other identical element.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that above-described embodiment method can add required general hardware platform by software and realize, hardware can certainly be passed through, but in a lot of situation, the former is better execution mode.Based on such understanding, technical scheme of the present invention can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product is stored in a storage medium (as ROM/RAM, magnetic disc, CD), comprising some instructions in order to make a station terminal equipment (can be mobile phone, computer, server, air conditioner, or the network equipment etc.) perform method described in each embodiment of the present invention.
These are only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (13)
1., based on an authentication code dynamic creation method of CDMA, it is characterized in that, comprise step:
Travelling carriage and AUC share secure data at random according to IMSI international mobile subscriber identity, ESN Electronic Serial Number and RANDSSD respectively and utilize MD5 algorithm to generate private cipher key;
Travelling carriage and AUC utilize DH algorithm to generate public-key cryptography according to respective private cipher key respectively;
Described public-key cryptography is intercoursed by travelling carriage and AUC, obtains the public-key cryptography of the other side;
Travelling carriage and AUC utilize DH algorithm generating authentication code according to the public-key cryptography of respective private cipher key and the other side respectively.
2. the authentication code dynamic creation method based on CDMA according to claim 1, is characterized in that, described travelling carriage and AUC utilize MD5 algorithm generation private cipher key to comprise according to IMSI, ESN and RANDSSD respectively:
Travelling carriage obtains IMSI, ESN and RANDSSD, and generates data T
a, and T
a=IMSI+ESN+RANDSSD, utilizes MD5 algorithm to described data T
acarry out processing rear generation private cipher key X
a;
AUC obtains IMSI, ESN and RANDSSD, and generates data T
b, and T
b=IMSI-ESN-RANDSSD, utilizes MD5 algorithm to described data T
bcarry out processing rear generation private cipher key X
b.
3. the authentication code dynamic creation method based on CDMA according to claim 1, is characterized in that, described travelling carriage and AUC utilize DH algorithm generation public-key cryptography to comprise according to respective private cipher key respectively:
Travelling carriage chooses a prime number q and an integer α, calculates public-key cryptography according to DH algorithm
wherein, X
afor the private cipher key of travelling carriage, X
a<q, α are the primitive roots of q;
AUC chooses the prime number q identical with travelling carriage and integer α, calculates public-key cryptography according to DH algorithm
wherein, X
bfor the private cipher key of AUC, X
b<q, α are the primitive roots of q.
4. the authentication code dynamic creation method based on CDMA according to any one of claim 1-3, is characterized in that, described travelling carriage and AUC utilize DH algorithm generating authentication code to comprise according to the public-key cryptography of respective private cipher key and the other side respectively:
Travelling carriage is according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of travelling carriage;
AUC is according to DH algorithm generating authentication code
wherein, Y
afor the public-key cryptography of travelling carriage, X
bfor the private cipher key of AUC.
5., based on an authentication code dynamic creation method of CDMA, be applied to mobile station side, it is characterized in that, comprise step:
Travelling carriage utilizes MD5 algorithm to generate private cipher key according to IMSI, ESN and RANDSSD;
Travelling carriage utilizes DH algorithm to generate public-key cryptography according to described private cipher key;
Public-key cryptography is intercoursed by travelling carriage and AUC, obtains the public-key cryptography of described AUC;
Travelling carriage utilizes DH algorithm generating authentication code according to the public-key cryptography of described private cipher key and described AUC.
6. the authentication code dynamic creation method based on CDMA according to claim 5, is characterized in that, described travelling carriage utilizes MD5 algorithm generation private cipher key to comprise according to IMSI, ESN and RANDSSD:
Travelling carriage obtains IMSI, ESN and RANDSSD, and generates data T
a, and T
a=IMSI+ESN+RANDSSD, utilizes MD5 algorithm to described data T
acarry out processing rear generation private cipher key X
a.
7. the authentication code dynamic creation method based on CDMA according to claim 5, is characterized in that, described travelling carriage utilizes DH algorithm generation public-key cryptography to comprise according to described private cipher key:
Travelling carriage chooses a prime number q and an integer α, calculates public-key cryptography according to DH algorithm
wherein, X
afor the private cipher key of travelling carriage, X
a<q, α are the primitive roots of q.
8. the authentication code dynamic creation method based on CDMA according to any one of claim 5-7, is characterized in that, described travelling carriage utilizes DH algorithm generating authentication code to comprise according to the public-key cryptography of described private cipher key and described AUC:
Travelling carriage is according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of travelling carriage.
9. based on an authentication code dynamic generating system of CDMA, it is characterized in that, comprise travelling carriage and AUC, wherein:
Described travelling carriage, private cipher key is generated for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD, DH algorithm is utilized to generate public-key cryptography according to described private cipher key, and intercourse public-key cryptography with described AUC, obtain the public-key cryptography of described AUC, the public-key cryptography according to described private cipher key and described AUC utilizes DH algorithm generating authentication code;
Described AUC, private cipher key is generated for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD, DH algorithm is utilized to generate public-key cryptography according to described private cipher key, and intercourse public-key cryptography with described travelling carriage, obtain the public-key cryptography of described travelling carriage, the public-key cryptography according to described private cipher key and described travelling carriage utilizes DH algorithm generating authentication code.
10. based on an authentication code dynamic generation apparatus of CDMA, be applied to mobile station side, it is characterized in that, comprise private cipher key generation module, public-key cryptography generation module, public-key cryptography Switching Module and authentication code generation module, wherein:
Described private cipher key generation module, generates private cipher key for utilizing MD5 algorithm according to IMSI, ESN and RANDSSD;
Described public-key cryptography generation module, generates public-key cryptography for utilizing DH algorithm according to described private cipher key;
Described public-key cryptography Switching Module, for intercoursing public-key cryptography with AUC, obtains the public-key cryptography of described AUC;
Described authentication code generation module, for utilizing DH algorithm generating authentication code according to the public-key cryptography of described private cipher key and described AUC.
The 11. authentication code dynamic generation apparatus based on CDMA according to claim 10, it is characterized in that, described private cipher key generation module is used for: obtain IMSI, ESN and RANDSSD, and generate data T
a, and T
a=IMSI+ESN+RANDSSD, utilizes MD5 algorithm to described data T
acarry out processing rear generation private cipher key X
a.
The 12. authentication code dynamic generation apparatus based on CDMA according to claim 10, it is characterized in that, described public-key cryptography generation module is used for: choose a prime number q and an integer α, calculate public-key cryptography according to DH algorithm
wherein, X
afor the private cipher key of travelling carriage, X
a<q, α are the primitive roots of q.
13. authentication code dynamic generation apparatus based on CDMA according to any one of claim 10-12, it is characterized in that, described authentication code generation module is used for: according to DH algorithm generating authentication code
wherein, Y
bfor the public-key cryptography of AUC, X
afor the private cipher key of travelling carriage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510209239.4A CN104967993B (en) | 2015-04-29 | 2015-04-29 | Authentication code dynamic creation method, system and device based on CDMA |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510209239.4A CN104967993B (en) | 2015-04-29 | 2015-04-29 | Authentication code dynamic creation method, system and device based on CDMA |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104967993A true CN104967993A (en) | 2015-10-07 |
| CN104967993B CN104967993B (en) | 2019-04-05 |
Family
ID=54221913
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510209239.4A Active CN104967993B (en) | 2015-04-29 | 2015-04-29 | Authentication code dynamic creation method, system and device based on CDMA |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104967993B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116827560A (en) * | 2023-08-31 | 2023-09-29 | 北京云驰未来科技有限公司 | Dynamic password authentication method and system based on asynchronous password |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050106237A (en) * | 2004-05-04 | 2005-11-09 | (주)인와이저 | Unmanned video security and gateway system with supporting virtual private network and quality of service support in the broadband convergence network |
| CN103079203A (en) * | 2013-02-05 | 2013-05-01 | 北京握奇数据系统有限公司 | Terminal authentication method and smart card |
-
2015
- 2015-04-29 CN CN201510209239.4A patent/CN104967993B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050106237A (en) * | 2004-05-04 | 2005-11-09 | (주)인와이저 | Unmanned video security and gateway system with supporting virtual private network and quality of service support in the broadband convergence network |
| CN103079203A (en) * | 2013-02-05 | 2013-05-01 | 北京握奇数据系统有限公司 | Terminal authentication method and smart card |
Non-Patent Citations (2)
| Title |
|---|
| GUOHENG WEI,XUEGUANG ZHOU,HUANGUO ZHANG: "A Trusted Computing Model Based on Code Authorization", 《2008 INTERNATIONAL SYMPOSIUMS ON INFORMATION PROCESSING》 * |
| 彭鹏,周国志,张燕: "GSM_TD_SCDMA_TD__LTE融合网络的鉴权与加密关键技术_彭鹏", 《电信快报-论文选粹》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116827560A (en) * | 2023-08-31 | 2023-09-29 | 北京云驰未来科技有限公司 | Dynamic password authentication method and system based on asynchronous password |
| CN116827560B (en) * | 2023-08-31 | 2023-11-17 | 北京云驰未来科技有限公司 | Dynamic password authentication method and system based on asynchronous password |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104967993B (en) | 2019-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105376062A (en) | Communication safety interaction method, device and system | |
| CN104732133A (en) | Electronic contract signing method and system | |
| CN104883658A (en) | Virtual card information processing method and system | |
| CN105183308A (en) | Picture display method and apparatus | |
| CN105117123A (en) | Device and method for displaying hidden object | |
| CN104735255A (en) | Split screen display method and system | |
| CN104834863A (en) | Wi-Fi password storage method and apparatus | |
| CN104992109A (en) | Method and device for password setting and method and device for password matching | |
| CN105208011A (en) | Verification system and method | |
| CN104980429A (en) | Method, device and system for unified account login based on virtual user identification card | |
| CN104915606A (en) | File encryption and decryption methods and devices | |
| CN104915119A (en) | Regulation method and device of terminal desktop icon | |
| CN104732162A (en) | File encryption processing method and device | |
| CN105099669A (en) | Recording encryption and decryption method and device | |
| CN105184183A (en) | Chatting record encryption method and mobile terminal | |
| CN105095708A (en) | Unlocking method and device for mobile terminal | |
| CN104932697A (en) | Gesture unlocking method and device | |
| CN105138871A (en) | Unlocking method and apparatus for mobile terminal and mobile terminal | |
| CN105138880A (en) | Processing apparatus and method for terminal operation data | |
| CN104935577A (en) | Authentication certification method, intelligent card cloud, APP cloud, apparatus and system | |
| CN105101187A (en) | Method and system for processing encrypted information | |
| CN104820797A (en) | Method and device for managing application account | |
| CN104809406A (en) | Method and device for safe file sharing | |
| CN107135069A (en) | Remote assistance control method and system | |
| CN105282155A (en) | Authority control method, device and system for interaction among terminals |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| CB02 | Change of applicant information |
Address after: A District No. 9018 Han innovation building in Nanshan District high tech Zone in Shenzhen city of Guangdong Province, North Central Avenue, 518000 Floor 9 Applicant after: SHENZHEN ZTEWELINK TECHNOLOGY Co.,Ltd. Address before: A District No. 9018 Han innovation building in Nanshan District high tech Zone in Shenzhen city of Guangdong Province, North Central Avenue, 518000 Floor 9 Applicant before: Shenzhen Zhongxing Wulian Technology Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: MINDRAY building, 518000 Guangdong city of Shenzhen province Nanshan District Guangdong streets high-tech industrial park of science and technology 12 South Road 2 B zone C Applicant after: Shenzhen Zhongxing Wulian Technology Co.,Ltd. Address before: A District No. 9018 Han innovation building in Nanshan District high tech Zone in Shenzhen city of Guangdong Province, North Central Avenue, 518000 Floor 9 Applicant before: SHENZHEN ZTEWELINK TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 518000 Guangdong, Shenzhen, Nanshan District, Guangdong Province, Nanshan District high tech Industrial Park, South Korea 12 road, MINDRAY Building 2 floor B area, zone 12 Patentee after: Gaoxing Wulian Technology Co.,Ltd. Address before: 518000 Guangdong, Shenzhen, Nanshan District, Guangdong Province, Nanshan District high tech Industrial Park, South Korea 12 road, MINDRAY Building 2 floor B area, zone 12 Patentee before: Shenzhen Zhongxing Wulian Technology Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 518000 606, block a, sharing building, No. 78, Keyuan North Road, songpingshan community, Xili street, Nanshan District, Shenzhen, Guangdong Patentee after: Gosuncn IOT Technology Co.,Ltd. Address before: 518000 Guangdong, Shenzhen, Nanshan District, Guangdong Province, Nanshan District high tech Industrial Park, South Korea 12 road, MINDRAY Building 2 floor B area, zone 12 Patentee before: Gaoxing Wulian Technology Co.,Ltd. |