CN112787709A - End-to-end identity authentication method suitable for satellite mobile communication system - Google Patents
End-to-end identity authentication method suitable for satellite mobile communication system Download PDFInfo
- Publication number
- CN112787709A CN112787709A CN202110104625.2A CN202110104625A CN112787709A CN 112787709 A CN112787709 A CN 112787709A CN 202110104625 A CN202110104625 A CN 202110104625A CN 112787709 A CN112787709 A CN 112787709A
- Authority
- CN
- China
- Prior art keywords
- mobile terminal
- short message
- satellite mobile
- authentication data
- identity authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18513—Transmission in a satellite or space-based system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/1851—Systems using a satellite or space-based relay
- H04B7/18519—Operations control, administration or maintenance
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
- H04W4/14—Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
Abstract
The invention relates to an end-to-end identity authentication method suitable for a satellite mobile communication system, which solves the problem that the security of a user is lower when the user transmits sensitive text information without considering identity authentication measures among users in the satellite mobile communication system. The method comprises the following steps: the method comprises the steps that a first authentication module obtains a first identity authentication data packet of a calling satellite mobile terminal (calling party) and sends the first identity authentication data packet to the calling party; a calling party generates a first short message and sends the first short message to a called satellite mobile terminal (called party) through a short message service channel; the called party analyzes and verifies the first short message, and if the first short message passes the verification, the authentication state of the calling party is updated; the second authentication module acquires a second identity authentication data packet of the called party and sends the second identity authentication data packet to the called party; the called generates a second short message and sends the second short message to the calling through the short message service channel; and the calling party analyzes and verifies the second short message, and if the second short message passes the verification, the authentication state of the called party is updated. The identity authentication between the calling party and the called party is realized, and the validity of the identities of the two communication parties is effectively protected.
Description
Technical Field
The invention relates to the technical field of satellite mobile communication, in particular to an end-to-end identity authentication method suitable for a satellite mobile communication system.
Background
The satellite mobile communication system can provide the user with the satellite mobile communication functions of voice, short messages, data and the like in the area which cannot be covered by the terrestrial mobile communication system. However, in the general satellite mobile communication system, identity authentication measures between communication users are not considered synchronously at the beginning of design, and if a user needs to transmit sensitive text information through the satellite mobile communication system, the user is easy to obtain by other parties except for a designated receiving party, and the security is low.
In view of the above existing situation, there is an urgent need for a method capable of verifying the validity of both sides' identities to prevent unauthorized services and data from being obtained by unauthorized users.
Disclosure of Invention
In view of the foregoing analysis, an embodiment of the present invention is directed to provide an end-to-end identity authentication method applicable to a satellite mobile communication system, so as to solve the problem that an existing satellite mobile communication system does not consider an identity authentication measure between users, and a user has low security when transmitting sensitive text information.
In one aspect, an embodiment of the present invention provides an end-to-end identity authentication method applicable to a satellite mobile communication system, including:
a first authentication module of a calling satellite mobile terminal acquires a first identity authentication data packet of the calling satellite mobile terminal and sends the first identity authentication data packet to the calling satellite mobile terminal; the calling satellite mobile terminal packages the first identity authentication data packet, generates a first short message and sends the first short message to a called satellite mobile terminal through a short message service channel;
the called satellite mobile terminal analyzes and verifies the first short message, and if the first short message passes the verification, the authentication state of the calling satellite mobile terminal is updated; a second authentication module of the called satellite mobile terminal acquires a second identity authentication data packet of the called satellite mobile terminal and sends the second identity authentication data packet to the called satellite mobile terminal; the called satellite mobile terminal packages the second identity authentication data packet to generate a second short message and sends the second short message to the calling satellite mobile terminal through a short message service channel;
and the calling satellite mobile terminal analyzes and verifies the second short message, and if the second short message passes the verification, the authentication state of the called satellite mobile terminal is updated.
Further, the first identity authentication data packet comprises first identity authentication data and a first abstract, wherein the first identity authentication data comprises a unique identifier of the calling satellite mobile terminal, authentication times, authentication time, a mobile phone number and a first identity authentication data length;
the second identity authentication data packet comprises second identity authentication data and a second abstract, and the second identity authentication data comprises the unique identification of the called satellite mobile terminal, authentication times, authentication time, a mobile phone number and the length of the second identity authentication data.
Further, the first authentication module of the calling satellite mobile terminal acquires a first identity authentication data packet of the calling satellite mobile terminal and sends the first identity authentication data packet to the calling satellite mobile terminal, and the method comprises the following steps:
the calling satellite mobile terminal initiates an identity authentication process with the called satellite mobile terminal, and the first authentication module is started;
the first authentication module acquires the first identity authentication data, calculates the first abstract based on the first identity authentication data, and forms the first identity authentication data packet by the first identity authentication data and the first abstract to be sent to the calling satellite mobile terminal.
Further, the calling satellite mobile terminal encapsulates the first identity authentication data packet, generates a first short message and sends the first short message to the called satellite mobile terminal through a short message service channel, and the method includes the steps of:
generating a first short message content based on the first identity authentication data packet by combining with a short message type identifier;
and based on the content of the first short message, generating the first short message by packaging according to a short message protocol packaging format.
Further, the called satellite mobile terminal analyzes and verifies the first short message, and if the first short message passes the verification, the authentication state of the calling satellite mobile terminal is updated, including:
when the called satellite mobile terminal analyzes the short message type identifier of the first short message to be an authentication short message, the called satellite mobile terminal calls a second authentication module to analyze first identity authentication data and a first abstract in the first short message;
performing verification based on the first identity authentication data and the first digest;
if the authentication is successful, the first identity authentication data is stored and the authentication state of the calling satellite mobile terminal is updated to be successful.
Further, the performing verification based on the first authentication data and the first digest includes: a first authentication data length verification, a first authentication data format verification, and a first digest verification.
Further, the second authentication module of the called satellite mobile terminal acquires a second identity authentication data packet of the called satellite mobile terminal and sends the second identity authentication data packet to the called satellite mobile terminal, and the method includes:
after the called satellite mobile terminal updates the authentication state of the calling satellite mobile terminal to be successful, the second authentication module is started;
and the second authentication module acquires the second identity authentication data, calculates the second abstract based on the second identity authentication data, and forms the second identity authentication data packet by the second identity authentication data and the second abstract to send the second identity authentication data packet to the called satellite mobile terminal.
Further, the called satellite mobile terminal encapsulates the second identity authentication data packet, generates a second short message and sends the second short message to the calling satellite mobile terminal through a short message service channel, and the method includes:
generating a second short message content based on the second identity authentication data packet by combining a short message type identifier;
and based on the content of the second short message, generating the second short message by packaging according to a short message protocol packaging format.
Further, the analysis and verification of the second short message by the calling satellite mobile terminal, and if the verification is passed, the updating of the authentication state of the called satellite mobile terminal includes:
when the calling satellite mobile terminal analyzes the short message type identifier of the second short message to be an authentication short message, the calling satellite mobile terminal calls a first authentication module to analyze second identity authentication data and a second abstract in the second short message;
performing verification based on the second identity authentication data and the second digest;
and if the authentication is successful, storing the second identity authentication data and updating the authentication state of the called satellite mobile terminal into an authentication state.
Further, the performing verification based on the second authentication data and the second digest includes: second authentication data length verification, second authentication data format verification and second abstract verification.
Compared with the prior art, the invention can at least realize the following beneficial effects:
the method and the system transmit the first short message generated by the calling satellite mobile terminal and the second short message generated by the called satellite mobile terminal by using the short message service channel, authenticate the identities of the two parties in communication, and effectively protect the identity legality of the two parties in communication; the short message is used for identity authentication, so that the defects of multiple satellite channel interaction times, large delay and large data transmission quantity caused by frequent interaction of identity authentication data are overcome, the authentication method can adapt to channel characteristics of large time delay, low bandwidth, large channel condition change along with weather and dimensionality and the like of a mobile communication satellite, and the stability is high.
In the invention, the technical schemes can be combined with each other to realize more preferable combination schemes. Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
The drawings are only for purposes of illustrating particular embodiments and are not to be construed as limiting the invention, wherein like reference numerals are used to designate like parts throughout.
Fig. 1 is a schematic flow chart of an end-to-end identity authentication method applied to a satellite mobile communication system according to an embodiment of the present application;
fig. 2 is a schematic diagram illustrating an identity authentication process between a calling satellite mobile terminal and a called satellite mobile terminal in an embodiment of the present application.
Detailed Description
The accompanying drawings, which are incorporated in and constitute a part of this application, illustrate preferred embodiments of the invention and together with the description, serve to explain the principles of the invention and not to limit the scope of the invention.
An embodiment of the present invention discloses an end-to-end identity authentication method suitable for a satellite mobile communication system, as shown in fig. 1, the method includes:
step S10: a first authentication module of a calling satellite mobile terminal acquires a first identity authentication data packet of the calling satellite mobile terminal and sends the first identity authentication data packet to the calling satellite mobile terminal; the calling satellite mobile terminal packages the first identity authentication data packet, generates a first short message and sends the first short message to a called satellite mobile terminal through a short message service channel;
step S20: the called satellite mobile terminal analyzes and verifies the first short message, and if the first short message passes the verification, the authentication state of the calling satellite mobile terminal is updated; a second authentication module of the called satellite mobile terminal acquires a second identity authentication data packet of the called satellite mobile terminal and sends the second identity authentication data packet to the called satellite mobile terminal; the called satellite mobile terminal packages the second identity authentication data packet to generate a second short message and sends the second short message to the calling satellite mobile terminal through a short message service channel;
step S30: and the calling satellite mobile terminal analyzes and verifies the second short message, and if the second short message passes the verification, the authentication state of the called satellite mobile terminal is updated.
Compared with the prior art, the authentication method provided by the embodiment transmits the first short message generated by the calling satellite mobile terminal and the second short message generated by the called satellite mobile terminal by using the short message service channel, performs identity authentication on both communication parties, and can effectively protect the validity of the identities of both communication parties; the short message is used for identity authentication, so that the defects of multiple satellite channel interaction times, large delay and large data transmission quantity caused by frequent interaction of identity authentication data are overcome, the authentication method can adapt to channel characteristics of large time delay, low bandwidth, large channel condition change along with weather and dimensionality and the like of a mobile communication satellite, and the stability is high.
In a specific embodiment, the first identity authentication data packet includes first identity authentication data and a first abstract, and the first identity authentication data includes a unique identifier of the calling satellite mobile terminal, authentication times, authentication time, a mobile phone number, and a first identity authentication data length; the second identity authentication data packet comprises second identity authentication data and a second abstract, and the second identity authentication data comprises the unique identification of the called satellite mobile terminal, authentication times, authentication time, a mobile phone number and the length of the second identity authentication data.
Specifically, the unique identifier is set in advance, and each satellite mobile terminal corresponds to one unique identifier; the unique identifier can be comprehensively formulated according to user information of the satellite mobile terminal, classification information of the terminal, time information, subsequent encryption scheme information and other information, for example: 202001YDZDUSM00102201, wherein 202001 represents time information, 1 month in 2020; YDZD represents the unit of the compound, and the unit is abbreviated; the USM represents a terminal type, namely a common user terminal; 001 denotes an encryption scheme, general level; 022, terminal classification, mobile satellite; and 01 denotes a number.
In a specific embodiment, the step S10 of obtaining the first authentication packet of the calling satellite mobile terminal by the first authentication module of the calling satellite mobile terminal and sending the first authentication packet to the calling satellite mobile terminal includes:
step S11: the calling satellite mobile terminal initiates an identity authentication process with the called satellite mobile terminal, and the first authentication module is started;
specifically, before identity authentication, the calling and called satellite mobile terminals all store respective contact information; the method for initiating the identity authentication with the called satellite mobile terminal by the calling satellite mobile terminal is an active triggering mode, before the identity authentication is carried out, the mobile phone number of the called satellite mobile terminal is stored in an address book contact of the calling satellite mobile terminal, and after the calling satellite mobile terminal triggers a contact authentication key, a first authentication module is started;
step S12: the first authentication module acquires the first identity authentication data, calculates the first abstract based on the first identity authentication data, and forms the first identity authentication data packet by the first identity authentication data and the first abstract to be sent to the calling satellite mobile terminal.
Specifically, after the first authentication module is started, first authentication data is obtained, the first authentication data comprises information such as a unique identifier, authentication times, authentication time, a mobile phone number and first authentication data length, and the first authentication data is subjected to abstract calculation to obtain a first abstract; and forming a first identity authentication data packet by the first identity authentication data and the calculated first abstract, and sending the first identity authentication data packet to the calling satellite mobile terminal. Optionally, the first identity authentication data and the first abstract are directly spliced into a data packet; optionally, the first authentication module performs digest calculation on the first authentication data by using a quotient secret SM3 algorithm to obtain a first digest.
In a specific embodiment, the encapsulating, by the calling satellite mobile terminal, the first authentication data packet in step S10, generating a first short message and sending the first short message to the called satellite mobile terminal through a short message service channel, including:
step S13: generating a first short message content based on the first identity authentication data packet by combining with a short message type identifier;
specifically, the first short message content comprises a first identity authentication data packet and a short message type identifier; optionally, the short message type identifier is an authentication short message; further, the first short message content further includes a short message length and a short message digest.
Step S14: and based on the content of the first short message, generating the first short message by packaging according to a short message protocol packaging format.
Specifically, the short message protocol encapsulation format includes the mobile phone number of the opposite terminal, the type of the short message (such as multimedia message), and the content of the short message; furthermore, the first short message content is used as the short message content, and the corresponding first short message is generated by encapsulation.
Further, when the first short message fails to be sent, a short message sending failure notice is returned to the calling satellite mobile terminal.
In a specific embodiment, the short message service channel belongs to a control channel.
The transmission channel of the short message belongs to the control channel, the reliability of the control channel is guaranteed by system design, as long as the system can realize communication, the system can be preferentially allocated to enough communication resources of the control channel, the identity authentication data is transmitted between the calling satellite mobile terminal and the called satellite mobile terminal by using the short message, and the reliability of data transmission is higher.
In a specific embodiment, the parsing and verifying the first short message by the called satellite mobile terminal in step S20, and if the first short message passes the verification, updating the authentication status of the calling satellite mobile terminal, including:
step S21: when the called satellite mobile terminal analyzes the short message type identifier of the first short message to be an authentication short message, the called satellite mobile terminal calls a second authentication module to analyze first identity authentication data and a first abstract in the first short message;
specifically, after the called satellite mobile terminal receives the first short message, when the first short message is analyzed to obtain the short message type identifier as the authentication short message, the second authentication module of the called satellite mobile terminal is started to analyze the first identity authentication data and the first abstract in the first short message.
Step S22: performing verification based on the first identity authentication data and the first digest;
further, step S22 includes: a first authentication data length verification, a first authentication data format verification, and a first digest verification.
Specifically, the first authentication data length verification includes: the second authentication module of the called satellite mobile terminal extracts the content representing the length of the first identity authentication data in the first identity authentication data, calculates the length of the received first identity authentication data, compares the length content carried in the first identity authentication data with the length of the first identity authentication data calculated by the second authentication module, and if the length content is the same as the length of the first identity authentication data, performs format authentication on the first identity authentication data; if the data length is inconsistent with the data length, returning to the 'data length error' and returning to the calling satellite mobile terminal for authentication failure.
The first authentication data format verification comprises: and verifying whether the unique identification field in the first identity authentication data only comprises numbers and letters, whether the mobile phone number field only comprises numbers, whether the authentication time only comprises numbers and whether the authentication times only comprises numbers. After the format is verified to be correct, performing first abstract verification; if the format is incorrect, returning 'data format error' and returning to the calling satellite mobile terminal for authentication failure.
First digest verification: the second authentication module analyzes the first identity authentication data and the first abstract, calculates the first identity authentication data to obtain an abstract value calculated by the second authentication module according to the first identity authentication data, and compares the abstract value calculated by the second authentication module according to the first identity authentication data with an abstract value carried in the first identity authentication data packet; if the two are consistent, the verification is passed, and if the two are not consistent, the abstract is returned to be wrong, and the abstract is returned to the calling satellite mobile terminal to fail in authentication.
Step S23: if the authentication is successful, the first identity authentication data is stored and the authentication state of the calling satellite mobile terminal is updated to be successful.
Specifically, after the first authentication data length verification, the first authentication data format verification and the first abstract verification are successfully authenticated, the called satellite mobile terminal stores the first authentication data and updates the field of the identity authentication state of the calling satellite mobile terminal to be successful. Further, the types of the fields of the authentication status include: unauthenticated, authentication failed, and authentication successful, if authentication fails, the reason for authentication failure is saved, for example: the data format is wrong.
In a specific embodiment, the step S20 of obtaining the second authentication data packet of the called satellite mobile terminal by the second authentication module of the called satellite mobile terminal and sending the second authentication data packet to the called satellite mobile terminal includes:
step S24: after the called satellite mobile terminal updates the authentication state of the calling satellite mobile terminal to be successful, the second authentication module is started;
step S25: and the second authentication module acquires the second identity authentication data, calculates the second abstract based on the second identity authentication data, and forms the second identity authentication data packet by the second identity authentication data and the second abstract to send the second identity authentication data packet to the called satellite mobile terminal.
Specifically, after the second authentication module is started, second identity authentication data is obtained, the second identity authentication data comprises information such as a unique identifier, authentication times, authentication time, a mobile phone number and second identity authentication data length, and the second identity authentication data is subjected to abstract calculation to obtain a second abstract; and forming a second identity authentication data packet by the second identity authentication data and the calculated second abstract and sending the second identity authentication data packet to the called satellite mobile terminal. Optionally, the second identity authentication data and the second digest are directly spliced into a data packet; optionally, the second authentication module performs digest calculation on the second identity authentication data by using a secret quotient SM3 algorithm to obtain a second digest.
In a specific embodiment, the step S20 of encapsulating, by the called satellite mobile terminal, the second identity authentication data packet, generating a second short message, and sending the second short message to the calling satellite mobile terminal through a short message service channel includes:
step S26: generating a second short message content based on the second identity authentication data packet by combining a short message type identifier;
specifically, the second short message content includes a second identity authentication data packet and a short message type identifier; optionally, the short message type identifier is an authentication short message; further, the second short message content further includes a short message length and a short message digest.
Step S27: and based on the content of the second short message, generating the second short message by packaging according to a short message protocol packaging format.
Specifically, the short message protocol encapsulation format includes the mobile phone number of the opposite terminal, the type of the short message (such as multimedia message), and the content of the short message; furthermore, the second short message content is used as the short message content, and the corresponding second short message is generated by encapsulation.
Further, when the second short message fails to be sent, a short message sending failure notice is returned to the called satellite mobile terminal.
In a specific embodiment, step S30 includes:
step S31: when the calling satellite mobile terminal analyzes the short message type identifier of the second short message to be an authentication short message, the calling satellite mobile terminal calls a first authentication module to analyze second identity authentication data and a second abstract in the second short message;
specifically, after the calling satellite mobile terminal receives the second short message, when the second short message is analyzed to obtain a short message type identifier as an authentication short message, a first authentication module of the calling satellite mobile terminal is started to analyze second identity data and a second abstract in the second short message.
Step S32: performing verification based on the second identity authentication data and the second digest;
further, step S32 includes: second authentication data length verification, second authentication data format verification and second abstract verification.
Specifically, the second authentication data length verification includes: the first authentication module of the calling satellite mobile terminal extracts content representing the length of the second identity authentication data in the second identity authentication data, calculates the length of the received second identity authentication data, compares the length content carried in the second identity authentication data with the length of the second identity authentication data calculated by the first authentication module, and if the length content carried in the second identity authentication data is the same as the length of the second identity authentication data calculated by the first authentication module, performs format authentication on the second identity authentication data; if not, the calling satellite mobile terminal is informed that the authentication fails, and the identity authentication process between the calling satellite mobile terminal and the called satellite mobile terminal is finished.
The second authentication data format verification comprises: and verifying whether the unique identification field in the second identity authentication data only comprises numbers and letters, whether the mobile phone number field only comprises numbers, whether the authentication time only comprises numbers and whether the authentication times only comprises numbers. After the format is verified to be correct, performing second abstract verification; if the format is incorrect, the calling satellite mobile terminal is informed that the authentication fails, and the identity authentication process between the calling satellite mobile terminal and the called satellite mobile terminal is finished.
And second digest verification: the first authentication module analyzes the second identity authentication data and the second abstract, calculates the second identity authentication data to obtain an abstract value calculated by the first authentication module according to the second identity authentication data, and compares the abstract value calculated by the first authentication module according to the second identity authentication data with an abstract value carried in a second identity authentication data packet; if the mobile terminals are consistent with each other, the verification is passed, otherwise, the calling satellite mobile terminal is informed that the authentication fails, and the identity authentication process between the calling satellite mobile terminal and the called satellite mobile terminal is finished.
Step S33: and if the authentication is successful, storing the second identity authentication data and updating the authentication state of the called satellite mobile terminal into an authentication state.
Specifically, after the second identity authentication data length verification, the second identity authentication data format verification and the second abstract verification are successfully authenticated, the calling satellite mobile terminal stores the second identity authentication data and updates the field of the identity authentication state of the called satellite mobile terminal to be successful in authentication. Further, the types of the fields of the authentication status include: unauthenticated, authentication failed, and authentication successful, if authentication fails, the reason for authentication failure is saved, for example: the data format is wrong.
Based on the steps S10, S20, and S30, the authentication state of the called satellite mobile terminal in the calling satellite mobile terminal is updated to be successful, and the authentication state of the calling satellite mobile terminal in the called satellite mobile terminal is updated to be successful, so that the identity authentication between the calling satellite mobile terminal and the called satellite mobile terminal is realized.
Those skilled in the art will appreciate that all or part of the flow of the method implementing the above embodiments may be implemented by a computer program, which is stored in a computer readable storage medium, to instruct related hardware. The computer readable storage medium is a magnetic disk, an optical disk, a read-only memory or a random access memory.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention.
Claims (10)
1. An end-to-end identity authentication method suitable for a satellite mobile communication system, comprising:
a first authentication module of a calling satellite mobile terminal acquires a first identity authentication data packet of the calling satellite mobile terminal and sends the first identity authentication data packet to the calling satellite mobile terminal; the calling satellite mobile terminal packages the first identity authentication data packet, generates a first short message and sends the first short message to a called satellite mobile terminal through a short message service channel;
the called satellite mobile terminal analyzes and verifies the first short message, and if the first short message passes the verification, the authentication state of the calling satellite mobile terminal is updated; a second authentication module of the called satellite mobile terminal acquires a second identity authentication data packet of the called satellite mobile terminal and sends the second identity authentication data packet to the called satellite mobile terminal; the called satellite mobile terminal packages the second identity authentication data packet to generate a second short message and sends the second short message to the calling satellite mobile terminal through a short message service channel;
and the calling satellite mobile terminal analyzes and verifies the second short message, and if the second short message passes the verification, the authentication state of the called satellite mobile terminal is updated.
2. The method of claim 1, wherein the first identity authentication data packet comprises first identity authentication data and a first summary, wherein the first identity authentication data comprises a unique identifier of the calling satellite mobile terminal, authentication times, authentication time, a mobile phone number and a first identity authentication data length;
the second identity authentication data packet comprises second identity authentication data and a second abstract, and the second identity authentication data comprises the unique identification of the called satellite mobile terminal, authentication times, authentication time, a mobile phone number and the length of the second identity authentication data.
3. The method of claim 2, wherein the obtaining of the first identity authentication packet of the calling satellite mobile terminal by the first authentication module of the calling satellite mobile terminal and the sending of the first identity authentication packet to the calling satellite mobile terminal comprises:
the calling satellite mobile terminal initiates an identity authentication process with the called satellite mobile terminal, and the first authentication module is started;
the first authentication module acquires the first identity authentication data, calculates the first abstract based on the first identity authentication data, and forms the first identity authentication data packet by the first identity authentication data and the first abstract to be sent to the calling satellite mobile terminal.
4. The method of claim 3, wherein the first identity authentication packet is encapsulated by the calling satellite mobile terminal, and a first short message is generated and sent to the called satellite mobile terminal through a short message service channel, comprising:
generating a first short message content based on the first identity authentication data packet by combining with a short message type identifier;
and based on the content of the first short message, generating the first short message by packaging according to a short message protocol packaging format.
5. The method of claim 4, wherein the called satellite mobile terminal performs parsing verification on the first short message, and if the verification is passed, the method updates the authentication status of the calling satellite mobile terminal, including:
when the called satellite mobile terminal analyzes the short message type identifier of the first short message to be an authentication short message, the called satellite mobile terminal calls a second authentication module to analyze first identity authentication data and a first abstract in the first short message;
performing verification based on the first identity authentication data and the first digest;
if the authentication is successful, the first identity authentication data is stored and the authentication state of the calling satellite mobile terminal is updated to be successful.
6. The method of claim 5, wherein said verifying based on said first authentication data and said first digest comprises: a first authentication data length verification, a first authentication data format verification, and a first digest verification.
7. The method according to any one of claims 2 to 6, wherein the second authentication module of the called satellite mobile terminal obtains a second identity authentication data packet of the called satellite mobile terminal and sends the second identity authentication data packet to the called satellite mobile terminal, and the method comprises:
after the called satellite mobile terminal updates the authentication state of the calling satellite mobile terminal to be successful, the second authentication module is started;
and the second authentication module acquires the second identity authentication data, calculates the second abstract based on the second identity authentication data, and forms the second identity authentication data packet by the second identity authentication data and the second abstract to send the second identity authentication data packet to the called satellite mobile terminal.
8. The method of claim 7, wherein the called satellite mobile terminal encapsulates the second authentication data packet, generates a second short message and sends the second short message to the calling satellite mobile terminal through a short message service channel, and comprises:
generating a second short message content based on the second identity authentication data packet by combining a short message type identifier;
and based on the content of the second short message, generating the second short message by packaging according to a short message protocol packaging format.
9. The method of claim 8, wherein the parsing and verifying the second short message by the calling satellite mobile terminal, and if the verification is passed, updating the authentication status of the called satellite mobile terminal, comprising:
when the calling satellite mobile terminal analyzes the short message type identifier of the second short message to be an authentication short message, the calling satellite mobile terminal calls a first authentication module to analyze second identity authentication data and a second abstract in the second short message;
performing verification based on the second identity authentication data and the second digest;
and if the authentication is successful, storing the second identity authentication data and updating the authentication state of the called satellite mobile terminal into an authentication state.
10. The method of claim 9, wherein the verifying based on the second authentication data and the second digest comprises: second authentication data length verification, second authentication data format verification and second abstract verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110104625.2A CN112787709B (en) | 2021-01-26 | 2021-01-26 | End-to-end identity authentication method suitable for satellite mobile communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110104625.2A CN112787709B (en) | 2021-01-26 | 2021-01-26 | End-to-end identity authentication method suitable for satellite mobile communication system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112787709A true CN112787709A (en) | 2021-05-11 |
| CN112787709B CN112787709B (en) | 2022-12-09 |
Family
ID=75757930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110104625.2A Active CN112787709B (en) | 2021-01-26 | 2021-01-26 | End-to-end identity authentication method suitable for satellite mobile communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112787709B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102883325A (en) * | 2012-10-29 | 2013-01-16 | 东莞宇龙通信科技有限公司 | Identification server, mobile terminal and end-to-end identification communication channel establishing method |
| CN106332066A (en) * | 2015-06-15 | 2017-01-11 | 数据通信科学技术研究所 | Identity authentication method and system between mobile terminal |
| CN106878015A (en) * | 2017-04-14 | 2017-06-20 | 江苏亨通问天量子信息研究院有限公司 | Encryption satellite communication system and method |
| CN108235314A (en) * | 2016-12-09 | 2018-06-29 | 中国电信股份有限公司 | Identity identifying method, device and system |
| CN111770461A (en) * | 2020-06-18 | 2020-10-13 | 中国人民解放军国防科技大学 | Method and system for distributing Beidou short message terminal numbers |
-
2021
- 2021-01-26 CN CN202110104625.2A patent/CN112787709B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102883325A (en) * | 2012-10-29 | 2013-01-16 | 东莞宇龙通信科技有限公司 | Identification server, mobile terminal and end-to-end identification communication channel establishing method |
| CN106332066A (en) * | 2015-06-15 | 2017-01-11 | 数据通信科学技术研究所 | Identity authentication method and system between mobile terminal |
| CN108235314A (en) * | 2016-12-09 | 2018-06-29 | 中国电信股份有限公司 | Identity identifying method, device and system |
| CN106878015A (en) * | 2017-04-14 | 2017-06-20 | 江苏亨通问天量子信息研究院有限公司 | Encryption satellite communication system and method |
| CN111770461A (en) * | 2020-06-18 | 2020-10-13 | 中国人民解放军国防科技大学 | Method and system for distributing Beidou short message terminal numbers |
Non-Patent Citations (2)
| Title |
|---|
| 张小亮等: "一种适用于卫星通信网络的端到端认证协议", 《计算机研究与发展》 * |
| 窦志斌等: "一种卫星网络中的星地轻量化认证鉴权架构", 《无线电工程》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112787709B (en) | 2022-12-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100985869B1 (en) | A method for verifying a first identity and a second identity of an entity | |
| EP1078492B1 (en) | Preventing unauthorized use of service | |
| CN109345245B (en) | Short message verification method, device, network and storage medium based on block chain | |
| US20100064344A1 (en) | Method and device for updating a key | |
| US8990563B2 (en) | Sending protected data in a communication network | |
| CN101964791A (en) | Communication authenticating system and method of client and WEB application | |
| US20100306820A1 (en) | Control of message to be transmitted from an emitter domain to a recipient domain | |
| CN111107085A (en) | Safety communication method based on publish-subscribe mode | |
| CN102802150B (en) | phone number verification method, system and terminal | |
| CN105407102B (en) | Http request data reliability verifying method | |
| EP1680940B1 (en) | Method of user authentication | |
| CN115022868A (en) | Satellite terminal entity authentication method, system and storage medium | |
| KR102095136B1 (en) | A method for replacing at least one authentication parameter for authenticating a secure element, and a corresponding secure element | |
| JP2012530447A (en) | General-purpose subscriber identification module authentication method and system | |
| CN106878280A (en) | The method and apparatus of user authentication, the method and apparatus for obtaining user number information | |
| EP3079329B1 (en) | Terminal application registration method, device and system | |
| CN112787709B (en) | End-to-end identity authentication method suitable for satellite mobile communication system | |
| WO2022067667A1 (en) | A method for preventing encrypted user identity from replay attacks | |
| WO2023216531A1 (en) | Communication authentication processing method and apparatus, device and computer readable storage medium | |
| CN113438081A (en) | Authentication method, device and equipment | |
| CN117311985A (en) | Block chain-based data processing method and device and readable storage medium | |
| CN106162645B (en) | A kind of the quick of Mobile solution reconnects method for authenticating and system | |
| WO2022067627A1 (en) | A method for preventing leakage of authentication sequence number of a mobile terminal | |
| KR101069059B1 (en) | method for verifying counsel using verification code | |
| CN114499896B (en) | Real name authentication method and system based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |