CN1933665A - Mobile communication system user certification method - Google Patents

Abstract

A user certification method of mobile communication system includes confirming public key of network end in network center at system initialization course and disclosing relevant parameter of network center to user then confirming public key at user end by selecting random number at user end, setting up user status ID by network center and sending it to user end for using it to carry out status verification, setting up relevant databank by network center and calculating out user signature being sent to network center, querying public key of user end in databank by network center according to user signature to verify whether user is legal user or not.

Description

Mobile communication system user certification method

Technical field

The present invention relates to moving communicating field, be specifically related to the network security of mobile communication system.

Background technology

The authentification of user scheme that is based on the private key system that the second generation, 3-G (Generation Three mobile communication system) adopt, though the private key system has the advantage that speed is fast, cost is low, but it requires user and network center must share a common key in advance, this reduces security of system, simultaneously, along with the increase of mobile subscriber's amount, this scheme has also been brought the distribution and the problem of management of key.Utilize public key system to come the scheme of structuring user's authentication, it does not require the shared any secret information of communicating pair realization, thereby can simplify the problem of management of key.Domestic and international many scholars have designed many mobile communication system user certificate schemes based on public key system in succession.Such as at " communication journal " the 23rd phases 11 volume 118-121 page or leaf in 2002, Wang Xiaoming, Chang Zuling, the authenticating user identification scheme in the digital mobile communication system of being applicable to based on Schnorr signature has been proposed in " being applicable to the authentification of user scheme of digital mobile communication system " literary composition of Chen Lusheng, but this scheme has the following disadvantages: the overall security of scheme is signed based on Schnorr, and fail safe is not high; Amount of calculation is bigger, is not suitable for the safety certification of mobile communication terminal.

Summary of the invention

The present invention is directed to the above-mentioned deficiency of prior art, be intended to design a kind of little, safe authentication public key scheme of amount of calculation that is suitable for mobile communication system.Proposed a kind of authentication method based on the ElGamal signature system thus, and amount of calculation is born by network side in a large number, the portable terminal part is only born part checking work, has reduced the terminal burden.

The technical scheme that the present invention solves the problems of the technologies described above is to select parameter and determine the network terminal PKI in network center, and disclose PKI k to the user _NpAnd selected parameter: big prime number p, generator g, One-Way Hash Function h; Network terminal is set up algoritic module and comparison judge module; User side selects random number to determine user side PKI k _UpNetwork center sets up User Identity ID according to client public key for the user, and definite digital signature s of network center and follow parameter r; And ID, s, r sent to user side, user side carries out network identity validation; Set up relevant database in network center with digital signature S; User side is chosen the parameter call algoritic module and is carried out precomputation, determines user side certificate parameter c; Adopt challenge, response mode to authenticate.

The user sends the request of networking to network center, and network center's checking network center's digital signature and user select random number and preserve session key; User side calculates user's signature b, user's signature is sent to network center, and according to user's signature network is verified; Authenticating user identification comprises: network center is according to user side PKI k in the user's signature Query Database _Up, calculate user characteristics value e and signature and follow parameter r, the user is verified, determine whether it is validated user.

This method adopts the authentication public key system based on the ElGamal signature, by improvement to verification process, reduce computation complexity, make the amount of calculation of user side be minimized, the fail safe of network further improves, and satisfies the requirement of mobile communication system user safety certification.

Description of drawings

Figure 1 shows that the flow chart of data transmission in network

Embodiment

The ElGamal signature system is a kind of modification of Rabin system.The fail safe of scheme is based on the difficulty of asking discrete logarithm.

Below in conjunction with accompanying drawing technical scheme of the present invention is described in detail, Figure 1 shows that the flow chart of data transmission in network, this authentication method specifically comprises the steps:

At first system is carried out initialization, comprise: select network center's parameter and customer parameter, for the user sets up User Identity ID, sets up algoritic module, sets up relatively judge module, select secret random number, and secret random number generates PKI thus in network center.

(1) network center sets up respective algorithms module and comparison judge module, selects calculation of parameter network PKI k _NpNetwork center sets up PKI and calculates the scheduling algorithm module, for key x, $X\∈z_p^{*};$ Y=g is arranged ^xModp is a PKI.Select a big prime number p, this big prime number can make the Z the group _pIn to find the solution discrete logarithm be difficult problem, at Z _pMiddle multiplicative group Z _p ^*Generator or primitive element be g, select the One-Way Hash Function h of a safety.Choose a random number k in network center _NsAs private key, it is satisfied $k_{\mathrm{ns}}\∈Z_p^{*};$ Call cipher key calculation formula in the algoritic module $k_{\mathrm{np}}=g^{k_{\mathrm{ns}}}\mathrm{mod}p$ Obtain network PKI k _Np, and this network center's parameter: p, g, h, k are disclosed to the user _Np

(2) user side is selected parameter and is calculated client public key k _UpThe user selects random number k _UsAs private key for user, this private key satisfies $k_{\mathrm{us}}\∈Z_p^{*};$ User side sends request, calls the key algorithm module, passes through formula $k_{\mathrm{up}}=g^{k_{\mathrm{us}}}\mathrm{mod}p$ Calculate client public key k _Up, and send it to network center.

(3) network center sets up User Identity ID according to the client public key of receiving for the user, and it is signed.Select secret random number $k\∈Z_p^{*},$ Call network center's algoritic module and relevant parameter, according to formula: r=g ^kMod p, e=h (ID, k _Up, r), s=(e-k _Ns) k ^-1Mod (p-1) computing network center digital signature s, the signature value of following r, user characteristics value e, with s, ID, r sends it back the user.

(4) user carries out authentication, and whether the user side checking institute parameter of receiving is that the network of needs adding is sent out.User side receives that network center sends the signature verification parameter of returning, and carries out authentication at user side, calls the comparison judge module, verifies that whether received parameter is sent out by the network center that the user asks to network, if equation $g^{h(ID,k_{\mathrm{up}},r)}=k_{\mathrm{np}}{r}^s\mathrm{mod}p$ Set up, then send the network of the network of parameter for user's request, user side receives the digital signature s that network center sends, otherwise rejection s.

(5) set up database according to the digital signature s of network center in network center.Network center sets up the database relevant with s, sets up parameter list according to the value of s in database, sets up digital signature s and parameter k _Up, r, the corresponding lists one by one of e.

After system initialization is finished, in network center's archival memory, preserve parameter: k _Ns, k _Np, k _Up, s, ID, r, e, user side is preserved parameter k in memory RAM _Np, k _Up, s, k _Us

2, user side is set up algoritic module, chooses parameter and carries out precomputation.The user chooses random number x, the d less than p ₁, d ₂, call computing module, according to formula $c=\left(d_{1}P{d}_2\mathrm{Ps}\right)k_{\mathrm{np}}^{x{k}_{\mathrm{us}}}\mathrm{mod}p$ (the numeral cascade of symbol " P ") calculates certificate parameter c.All must choose x, d again before each the networking ₁, d ₂, different parameters is used in each checking, has effectively guaranteed network and security of users.

3, authentication phase adopts challenge, response mode to carry out network and user's mutual authentication.

Be illustrated in figure 1 as the flow chart of network data transmission in the verification process.

(1) user sends the request of networking to network center, and with client public key k _Up, the random number x that selects of user side and the certificate parameter c that calculates send to network center;

(2) network center's checking digital signature s of network center sets up the digital cascade relevant with certificate parameter, and preserves session key.The user-network access request is received by network center, the starting algorithm module, and the PKI according to network center's private key and user calls formula $\left(d_{1}P{d}_2\mathrm{Ps}\right)={\mathrm{ck}}_{\mathrm{up}}^{-{\mathrm{xk}}_{\mathrm{ns}}}\mathrm{mod}p,$ And the parameter that user side is sent: k _Up, this formula of c substitution calculates corresponding parameters s, d with it ₁, d ₂Start relatively judge module, call formula: $g^{h(\mathrm{ID},k_{\mathrm{up}},r)}=k_{\mathrm{np}}{r}^s\mathrm{mod}p$ Above-mentioned parameter is verified, is set up that what show that network terminal receives is the parameter that the request networking user sends as equation.Network center chooses random number t, and value t satisfies condition: 1≤t≤2 ^q(q 〉=72) set up digital cascade connection y=(tP d ₁), and y sent it back the user, authentication center's database is preserved d simultaneously ₂As session key;

(3) user side is determined user's signature b, and whether checking is network to be networked according to user's signature.

After the user received y, therefrom deciphering drew d ₁, judge whether the d that sends with oneself ₁Equate,, then abandon this application as unequal.As equating, then start the user side computing module, call formula $b=k_{\mathrm{np}}^{t{k}_{\mathrm{us}}}\mathrm{mod}p$ Calculate user's signature b, and user's signature b is sent to network center, after network center receives, find client public key k according to the s of b correspondence _Up, bring relevant parameter into formula $b^{\′}=k_{\mathrm{up}}^{t{k}_{\mathrm{ns}}}\mathrm{mod}p$ Calculate, obtain number signature verification value b ', judge whether b, b ' equate that as unequal, then refusing user's is visited this network, determine that as equating network for network to be networked, enters next step;

(4) network center verifies the user, corresponding signature value of following, user characteristics value are calculated according to client public key, network privacy by network center, and according to the user characteristics value e in the digital signature s of the network center Query Database, the signature value of following r, relatively the signature value of following, user characteristics value are to determine whether to allow this user-network access.Algoritic module and comparison judge module call in network center, the word signature validation value of using tricks to count $b^{\′}=k_{\mathrm{up}}^{t{k}_{\mathrm{ns}}}\mathrm{mod}p$ The time client public key k _UpCalculate user characteristics value e '=h (ID, k _Up, r ').Network center finds e, r according to s, and judges: as e ≠ e ', then refuse this user's access request, as e=e ', continue the compute signature value of following $r^{\′}=g^{(e-k_{\mathrm{ns}})s^{-1}}\mathrm{mod}p,$ And judge that then database is not modified as r '=r, and agree user's access request, as r ' ≠ r, then refuse this user's access request.

The process of user's signature:

Wish that as the Party A Party B signs for its message m, step is as follows:

A. the Party B chooses random number: $k$ $\∈$ $z_p^{*},$ And send it to network center;

B. formula in the algoritic module: r=g calls in network center ^kMod p, s=(m-xr) k ^-1Mod (p-1) calculating (r, s), will (r, s) conduct sends to the Party A to the signature of message;

C. the Party A calls the comparison judge module, the checking equation $g^m=y_B^r{r}^s\mathrm{mod}p$ Whether set up, whether accept the Party B to the signature of message (y wherein with decision _BPrivate key for user B).

The present invention adopts a kind of authentication method based on ElGamal signature system.This method effectively alleviates user's amount of calculation by the improvement to verification process, and the fail safe of network center further improves, and can satisfy the mobile communication system requirement.

The above; only be better embodiment of the present invention, but protection category of the present invention is not limited thereto, anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the conversion that can expect easily and replacement all should be included in the protection category of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (5)

1, a kind of mobile communication system user certification method, employing is based on the authentication public key method of ElGamal signature, it is characterized in that, the method comprising the steps of: network center sets up algoritic module and comparison judge module, select calculation of parameter network center PKI, and disclose PKI and selected parameter to the user: user side is chosen random number and is calculated client public key k _Up, and be sent to network center; Network center sets up User Identity ID according to client public key, computing network center digital signature S, and the foundation database relevant with S; User side carries out network identity validation, precomputation user side certificate parameter c; Adopt challenge, response mode that user and network are authenticated.

2, method according to claim 1 is characterized in that, the parameter that network center is selected comprises: big prime number p, generator g, One-Way Hash Function h.

3, method according to claim 1 is characterized in that, the algoritic module that network center sets up comprises the PKI computing formula: for key x, $x\∈z_p^{*},$ PKI y=g is arranged ^xMod p.

4, according to one of them described method of claim 1-3, it is characterized in that the step that network is authenticated comprises: the user sends the request of networking and certificate parameter c to network center; The certifying digital signature s of network center sets up the digital cascade relevant with certificate parameter, and preserves session key; User terminal is determined user's signature b, and whether checking is network to be networked according to user's signature.

5, according to one of them described method of claim 1-3, it is characterized in that, the step that the user is authenticated comprises: the corresponding signature value of following r ' and user characteristics value e ' calculate according to client public key, network privacy in network center, and with database in store with the corresponding signature value of following r of s and user characteristics value e comparison, determine whether to allow this user-network access.