KR101018470B1 - Secure authentication system in binary cdma communication networks and drive method of the same - Google Patents

Abstract

PURPOSE: A secure authentication system in binary CDMA communication networks and a drive method of the same is provided to permit authentication related to exchange traffic and re-authentication by using a mutual authentication and a key agreement protocol. CONSTITUTION: The security authentication system(1000) in binary CDMA networks(400) comprises a user mobile terminal(100), an operation control server(300), and an agent server(200). The security authentication system applies a mutual authentication and a key agreement protocol permitting the security authentication of the traffic exchange between the user mobile terminal and the operation control server. The agent server connects the user mobile terminal and the operation control server. A hand over scenario predicts a frequent portability of the user mobile terminal.

Description

Secure Authentication System in Binary CDMA Communication Networks and Drive Method of the Same}

The present invention relates to a wireless communication security technology combining binary CDMA technology and ARIA technology, and is a new public network model that can replace IEEE 802.11 WLAN. In particular, by applying mutual authentication and AKA protocol to binary CDMA network (ex: binary CDMA LAN), binary CDMA that permits security authentication and security re-authentication for traffic exchange between user mobile terminal and intermediary server. A security authentication system on a communication network and a driving method thereof.

Koinonia is a local proprietary digital wireless communication technology adopted as standard in ISO / IEC JTC SC 6, an international standardization organization in January 2009.

The Koinonia system is largely divided into a physical layer and a data link layer, and the data link layer is divided into a media access (MAC) sublayer and an adaptation sublayer.

The media access sublayer uses a hybrid multiple access (HMA) scheme that accesses media through a combination of code and time slots, taking advantage of binary CDMA, a physical layer.

The Adaptation sublayer is responsible for making the lower protocol stacks compatible with those of other higher wireless standards.

Koinonia system guarantees QoS even in noisy wireless environment, enables interoperability by tying various digital devices into one network (Koinonia network), and has the characteristics that it can be used simultaneously without interfering with existing communication system.

In addition, Koinonia system is developed to use both ARIA and AES for encryption service of binary CDMA radio section, so it can be used in domestic backbone network and public institutions.

Binary CDMA technology has been proposed to solve the problem of frequency allocation or quality of service (QoS) guarantee due to a mixture of various wireless technologies such as WLAN and Bluetooth. Koinonia, based on binary CDMA technology, It was adopted as a standard by the International Organization for Standardization ISO / IEC JTC SC6 in March, and it can interoperate with many existing technologies, guarantee QoS in noisy wireless environment, and use it simultaneously without interfering with existing communication system. There is a characteristic.

Recently, Guardian technology, which is based on binary CDMA technology, has been developed using wireless encryption technology.However, various security threats are increasing over the air, which may lead to the leakage of personal information or important information of national institutions or serious damage to equipment. There is a problem that a lot of damage is occurring.

Although IEEE 802.11 WLAN, which is widely used at present, recommends enhanced security of IEEE 802.11i, in reality, it does not provide security as expected in terms of cost and management problems.

For this reason, public networks and some organizations often use limited built-in security features or prohibit total ban, and even though 802.11i WLAN using AES ensures security, it is a cryptographic technology that is introduced to public institutions when designing public networks. There is a policy problem with adoption as it is mandatory to incorporate ARIA into security products.

A security authentication system and a method of driving the same on a binary CDMA network of the present invention have been devised to solve the problems of the prior art, and a first object of the present invention is mutual authentication and key matching protocol (AKA Protocol) to a binary CDMA network. By applying the security authorization and security re-authentication for traffic exchange between the user mobile terminal and the intermediary server, the mobile terminal possesses the user mobile terminal due to the strong security of the intermediate server connected to the user mobile terminal through the binary CDMA communication network. Not only to prevent the leakage of personal information of a user, but also to protect the leakage of personal information through security re-authentication for a user mobile terminal to be handed over.

In addition, the second object of the present invention is not only applicable to the binary CDMA communication network, but also public or private network created for any special purpose to increase the user satisfaction with a user mobile terminal that can protect their personal information, This is to improve the utilization rate of the security authentication system built on the binary CDMA communication network to maximize the company's profits.

In addition, a third object of the present invention is to propose a new network model that enables security authentication and security re-authentication for traffic exchange between a user mobile terminal and an intermediate server on a binary CDMA communication network, and can be widely used in various applications. Not only plays a role in the national backbone network but also contributes greatly to industrial development.

The present invention for achieving the above object includes the following configuration.

That is, the security authentication system on the binary CDMA communication network according to the embodiment of the present invention, the security on the binary CDMA communication network to perform the security authentication on the binary CDMA communication network using an intermediary server connecting the user mobile terminal and the operation management server with each other In the authentication system, upon receiving the personal image request signal through the binary CDMA communication network, the registered permanent ID or temporary ID is transmitted to the intermediary server, and the predetermined second mutual authentication is performed on the master shared key identified from the permanent ID. Compares whether or not the second mutual authentication routine operation value generated by the assignment to the function and the first mutual authentication routine operation value are matched to allow communication connection of the intermediate server when they match each other; and the master shared key and the intermediate server. A predetermined first key derivation function for the first random variable In addition to generating a user-side encryption key and a mutual authentication response value by applying to the first mutual authentication function, the second random variable received from the user-side encryption key and the intermediary server is applied to a predetermined second key derivation function. After generating the traffic protection stable key, and verifying the first key matching session value transmitted from the intermediate server, and applying the second traffic protection stable key to the key matching function to generate a second key matching session value to the intermediate server A user mobile terminal for transmitting to; By querying the permanent ID received from the intermediary server, the master shared key matching the permanent ID is 1: 1, as well as generating the first random variable by itself, and generating the master shared key and the first random variable. An operation management server that is assigned to a predetermined first key derivation function and first and second mutual authentication functions to generate a user side encryption key, a mutual authentication expectation value, and a first mutual authentication routine operation value; And transmitting a personal identification request signal for requesting personal identification information about a user possessing the user mobile terminal to the binary CDMA communication network, temporarily storing the user side encryption key and mutual authentication expectation request received from the operations management server. Transmitting the first random variable and the first mutual authentication routine operation value received from the operations management server to the user mobile terminal, and comparing the mutual authentication response value and the mutual authentication expected request value received through the binary CDMA communication network. If they coincide with each other, the user-side encryption key and the second random variable generated by itself are applied to a preset second key derivation function to generate a first traffic protection stable key, and the first traffic protection stable key is a preset key. The first key matching session value and the second LAN generated by applying to the matching function Transmit a variable to the user mobile terminal, and secondly verify the second key agreement session value received through the binary CDMA network to permit security authentication for traffic exchange of the user mobile terminal and permit the security authentication. It includes a mediation server for notifying the operations management server.

In addition, the method for driving a security authentication system on a binary CDMA communication network according to an embodiment of the present invention, a binary CDMA communication network that is connected to a personal image request signal for requesting personal identification information about a user possessing the user mobile terminal through an intermediate server A first step of transmitting to the; A second step of transmitting a pre-registered permanent ID or temporary ID to the intermediary server as a user mobile terminal receives the personal image request signal through the binary CDMA communication network; A third step of the operation management server querying the permanent ID received from the intermediary server, calling a master shared key that matches the permanent ID 1: 1, and generating a first random variable by itself; The operation management server substitutes the master shared key and the first random variable into a predetermined first key derivation function and first and second mutual authentication functions, respectively, and calculates a user side encryption key, mutual authentication expectation value, and first mutual authentication routine operation value. Generating a fourth step; The intermediate server temporarily stores the user-side encryption key and the mutual authentication expectation value received from the operations management server, and transmits the first random variable and the first mutual authentication routine operation value received from the operations management server to the user mobile terminal. A fifth step; A coincidence between a second mutual authentication routine operation value generated by substituting the master shared key determined from the permanent ID by the user mobile terminal into the second mutual authentication function and the first mutual authentication routine operation value; A sixth step of allowing a communication connection of the intermediary server when comparing with each other whether or not they match each other; A seventh step of the user mobile terminal generating the user side encryption key and the mutual authentication response value by applying the master shared key and the first random variable to the first key derivation function and the first mutual authentication function; If the intermediary server compares the mutual authentication response value received through the binary CDMA network with the mutual authentication expectation request value, and matches each other, the predetermined key derivation function of the user-side encryption key and the second random variable generated by the intermediate server An eighth step of applying to to generate a first traffic protection stable key; A ninth step of transmitting, by the intermediary server, the first key agreement session value and the second random variable generated by applying the first traffic protection stabilization key to a predetermined key matching function; The user mobile terminal generates the second traffic protection stable key by applying the user-side encryption key and the second random variable to a preset second key derivation function, and after verifying the first key agreement session value first, the second key. A tenth step of applying a traffic protection stable key to the key matching function to generate a second key matching session value and to transmit it to the intermediate server; And authorizing, by the intermediary server, a second security verification for the traffic exchange of the user mobile terminal by second verifying the second key agreement session value received through the binary CDMA communication network, and permitting the security authentication. Including the eleventh step to notify.

In order to minimize the involvement of the operation management server in the future, the intermediary server can continuously perform re-authentication with the mobile terminal while continuously generating the traffic protection stable key only with the user side encryption key.

The security authentication system and its driving method on the binary CDMA communication network of the present invention are secure authentication and security for the exchange of traffic between the user mobile terminal and the intermediary server by applying mutual authentication and AKA protocol to the binary CDMA communication network. By authorizing the authentication, the strong security of the intermediary server connected to the user mobile terminal through the binary CDMA network prevents the leakage of personal information of the user possessing the user mobile terminal, as well as the user mobile terminal to be handed over. Security re-authentication also has a first effect of protecting personal information leakage.

In addition, the present invention is sufficiently applicable to not only binary CDMA communication network, but also public or private networks established for any special purpose, thereby increasing user satisfaction with a user mobile terminal capable of protecting his or her personal information. By increasing the utilization rate of the security authentication system built in the communication network has a second effect that can maximize the company's profits focused on the system construction.

In addition, the present invention proposes a new network model that enables security authentication and security re-authentication for traffic exchange between a user mobile terminal and an intermediary server on a binary CDMA communication network, and can be widely applied to various applications based on this. It is not only responsible for the axis, but also has a third effect that greatly contributes to industrial development.

1 is a diagram illustrating a security authentication system on a binary CDMA communication network according to an embodiment of the present invention.
2 is a detailed diagram illustrating a security authentication system on a binary CDMA communication network according to an embodiment of the present invention.
3 is a detailed diagram illustrating a security authentication system on a binary CDMA communication network according to another embodiment of the present invention.
4 is a flowchart illustrating a method of driving a security authentication system on a binary CDMA communication network according to an embodiment of the present invention.
5 is a flowchart illustrating a method of driving a security authentication system on a binary CDMA communication network according to another embodiment of the present invention.

[Example]

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram illustrating a security authentication system on a binary CDMA communication network according to an embodiment of the present invention.

Referring to FIG. 1, a security authentication system 1000 on a binary CDMA network is connected with a user mobile station 100 on a binary CDMA network 400, which is one of new public network models that can replace IEEE 802.11 WLAN. It is a system that applies mutual authentication and key agreement protocol (AKA Protocol) that allows security authentication and security re-authentication for traffic exchange between operations management server (300: Home Base Station).

That is, the present invention utilizes a binary CDMA communication network that performs security authentication on the binary CDMA communication network 400 by using a mediation server 200 that connects the user mobile terminal 100 and the operation management server 300 to each other. Security authentication system 1000.

In addition, the present invention is a system for applying a mutual authentication and key matching protocol (AKA Protocol) to provide a fast handover scenario and a handover scenario for predicting frequent mobility of the user mobile terminal (100).

Here, the intermediate server 200 configured on the binary CDMA communication network 400 applied to the present invention is a network structure using a radio router (RAP: Radio Access Point), similar to the IEEE 802.11 WLAN but physically weak wireless routers Binary CDMA Visitor Location Register (BVLR) has been added to manage and support fast handover.

Mutual authentication and key matching protocol (AKA Protocol) applied in the mediation server 200 of the present invention is a protocol that can be identified from the binary CDMA Subscriber Identity Module (BSIM) installed in the user mobile terminal 100 It is characterized by a closer approach in terms of user authentication than device authentication.

That is, the security authentication system 1000 on the binary CDMA communication network includes a user mobile terminal 100, an operation management server 300, and an intermediate server 200.

First, the user mobile terminal 100 receives a personal ID request signal through the binary CDMA communication network 400 and receives a pre-registered permanent ID (PID) or temporary ID (TID: Temporary ID). ), And the mediation server 200 transmits the PID to the operation management server from the received PID or TID.

The user mobile terminal 100 assigns the second random authentication function MAF2 () to the second mutual authentication function MAF2 () by assigning the master random key MK identified from the first random variable generated by the operation management server 300 and the PID. Generate the authentication routine operation value (MA-R2).

The user mobile terminal 100 compares and agrees whether the first mutual authentication routine operation value MA-R1 and the second mutual authentication routine operation value MA-R2 generated by the operation management server 300 compare with each other. Allows the intermediary server 200 to communicate and generates the mutual authentication response value (RES) by applying the master shared key (MK) and the first random variable (Nonce1) to the first mutual authentication function (MAF1 ()). Let's do it.

After receiving the first key agreement session value and the second random variable from the intermediate server, the user mobile terminal 100 derives the predetermined second key from the user side encryption key (TK) and the second random variable (Nonce2). Apply to the function KDF2 () to generate a second traffic protection stable key (SK2: Session Key 2).

In addition, the user mobile terminal 100 performs a first verification for comparing and determining a match between the first key matching session value and the self-calculated first 'key matching session value KeyA1', and the first verification matching each other. Is generated by applying the calculation of XOR of the second traffic protection stabilization key SK2 and the second random variable Nonce2 and the second traffic protection stabilization key SK2 to the matching function KAF (). The 2 key matching session value KeyA2 is transmitted to the mediation server 200.

In other words, the user mobile terminal 100 generates the first generated by the intermediate server 200 by applying the first traffic protection stabilization key SK2 and the second random variable Nonce2 to the key matching function KAF (). The first 'key calculated by applying one key matching session value KeyA1, the second traffic protection stabilization key SK2 and the second random variable Nonce2 to the key matching function KAF () The match session value (KeyA1 ') is compared to check whether there is a match.

That is, only when the first key match session value KeyA2 and the first 'key match session value KeyA1' coincide with each other, the user mobile terminal 100 mediates the second key match session value KeyA2. Send to server 200.

The management server 300 calls the master shared key (MK) that matches the permanent ID (PID) 1: 1 by searching the permanent ID (PID) received from the mediation server 200, and randomly generated the first random Variable Nonce1 and Master Shared Key (MK) are assigned to predetermined first key derivation function (KDF1 ()) and first and second mutual authentication functions (MAF1 () and MAF2 ()), respectively, and the predetermined user-side encryption key. (TK), a mutual authentication expected request value (XRES), and a first mutual authentication routine calculation value (MA-R1), respectively.

The mediation server 200 transmits a personal image request signal for requesting personal identification information about a user possessing a user mobile terminal to a binary CDMA communication network 400 previously connected, and receives a user side encryption key received from the operation management server 300. (TK) and the mutual authentication expected request value (XRES) are temporarily stored, and the first random variable and the first mutual authentication routine calculation value (MA-R1) received from the operation management server 300 are stored in the user mobile terminal 100. send.

The mediation server 200 compares the mutual authentication response value RES received through the binary CDMA communication network with the mutual authentication expected request value XRES and checks whether the second server randomly generates a second random number. The variable Nonce2 and the user-side encryption key TK are applied to the preset second key derivation function KDF2 () to generate the first traffic protection stable key SK1.

In addition, the mediation server 200 applies the first traffic protection stabilization key SK1 to the predetermined key matching function KAF () to generate the first key matching session value KeyA1 and the second random variable Nonce2. To the user mobile terminal 100.

The mediation server 200 performs a second verification for comparing and determining a match between the second key matching session value KeyA2 received from the user mobile terminal 100 and the second 'key matching session value KeyA2' calculated by itself. And, upon success of the second verification coinciding with each other, the cryptographic validity of the traffic exchange between the user mobile terminal 100 and the operation management server 300 is acknowledged.

In other words, the mediation server 200 matches the calculated value obtained by XORing the second traffic protection stabilization key SK2 and the second random variable Nonce2 and the second traffic protection stabilization key SK2 at the user mobile terminal 100. The second matched session value KeyA2 generated according to the function KAF (), the first traffic protection stabilization key SK1 and the second random variable Nonce2 and the first traffic protection stabilization key As the calculated value obtained by XOR of (SK1) is applied to the key matching function (KAF ()), the second 'key matching session value KeyA2', which is self-calculated, is compared and checked for matching.

Therefore, when the second key match session value KeyA2 and the second 'key match session value KeyA2' coincide with each other, the mediation server 200 accordingly results in the traffic exchange of the user mobile terminal 100. Permits the security certification and notifies the operation management server 300 that the security certification is granted.

Here, the user-side encryption key (TK) is a value generated by the operation management server side 300 or the user mobile terminal side 100, respectively, as shown in [Equation 1], and the random number together with the master shared key (MK) Note that this is a secret key value generated by applying the generated first random variable Nonce1 to the first key derivation function KDF1 ().

Here, the first mutual authentication routine operation value (MA-R1) is a value generated at the operation management server side 300, as shown in [Equation 2], the master shared key (MK), the first random for the article Note that it is an operation value generated by applying the variable Nonce1 and the counter value to the second mutual authentication function MAF2 ().

Here, the second mutual authentication routine operation value (MA-R2) is a value generated on the user mobile terminal 100 side, as shown in [Equation 3], the master shared key (MK), the first random for the article Note that the variable (Nonce1) and the counter value (counter) are generated by applying the second mutual authentication function (MAF2 ()). (The counter value is a variable that changes the number of routines of the security authentication program. This value is applied to increase the reliability of data values output through mutual authentication and AKA protocol (I want the data values to be output consistently.) The values are updated or changed as needed.

Here, the first traffic protection stable key (SK1) is a value generated on the intermediate server 200 side, as shown in [Equation 4], the user-side encryption key (TK), the second random variable (Nonce2) as a second Note that this is a secret key value generated by applying it to the key derivation function (KDF2 ()).

Here, the second traffic protection stable key (SK2) is a value generated on the user mobile terminal 100 side, as shown in [Equation 5], the user-side encryption key (TK), received from the intermediate server 200 Note that this is a secret key value generated by applying the random variable (Nonce2) to the second key derivation function (KDF2 ()).

Here, the mutual authentication expected request value (XRES) is a value generated by the operation management server 300 side as shown in [Equation 6], the first random variable (Nonce1) to generate a random number together with the master shared key (MK) ) Is a value generated by applying the first mutual authentication function (MAF1 ()).

Here, the mutual authentication response value (RES) is a value generated by the user mobile terminal 100, as shown in [Equation 7], the first random received from the master shared key (MK), the intermediate server 200 Note that the variable Nonce1 is a value generated by applying the first mutual authentication function MAF1 ().

Here, the first key matching session value KeyA1 is a value generated at the mediation server 200 and is generated from the first traffic protection stable key SK1 and the first random variable, as shown in Equation (8). Note that the second random variable Nonce2, which generates another random number different from the random number, is generated by applying the key matching function KAF ().

Here, the first 'key match session value KeyA1' is a value generated at the user mobile terminal 100 and generates a second traffic protection stabilization key SK2 and another random number as shown in [Equation 9]. Note that the second random variable Nonce2 is generated by applying the key matching function KAF ().

Here, the second key matching session value KeyA2 is a value generated at the user mobile terminal 100 side, and as shown in [Equation 10], the second traffic protection stabilization key SK2 is a key matching function KAF ( Pre-applied to)) and XORing the second random variable (Nonce2) and the second traffic protection stabilization key (SK2) to the key agreement function (KAF ()). Note that it is a value.

Here, the second 'key matching session value KeyA2' is a value generated at the mediation server 200 side, and as shown in [Equation 11], the first traffic protection stabilization key SK1 is a key matching function KAF. Pre-applied to ()) and generated by XORing the second random variable (Nonce2) and the second traffic protection stabilization key (SK1) to the key agreement function (KAF ()). Note the value.

Subsequently, the user mobile terminal 100 includes a binary CDMA identification module 110 (BSIM) and a mobile terminal device 120 as shown in FIG. 2, and the operation management server 300 includes an authentication center device 310. , AuC: Authentication Center), and binary CDMA home location registers 320 (BHLR), and mediation server 200 includes binary CDMA visitor location registers 220 (BVLR) and wireless routers 210 (RAP).

That is, the binary CDMA identification module 110 of the user mobile terminal 100 sets the master shared key MK and the first random variable Nonce1, which are recognized from the permanent ID PID, to the preset first mutual authentication function MAF1. (RES) is applied to generate mutual authentication response value (RES).

The binary CDMA identification module 110 generates the second traffic protection stable key SK2 by applying the second random variable Nonce2 and the user-side encryption key TK to the second key derivation function KDF1 ().

The binary CDMA identification module 110 compares the first key matching session value KeyA1 received from the mediation server 200 with the first generated key matching session value KeyA1 'and compares them with each other. Upon confirming the first verification success, the second traffic protection stabilization key SK2 is applied to the predetermined key matching function KAF () to generate a second key matching session value KeyA2.

The binary CDMA identification module 110 is a device used to identify and authenticate subscribers owned by a user. The binary CDMA identification module 110 stores mutual authentication and key matching protocols (AKA Protocol) required for user authentication and service profiles of subscribers. It forms an interface that interacts with each other and the mobile terminal 120 responsible for the physical connection.

The mobile terminal 120 receives the personal image request signal through the binary CDMA communication network 400, and relays the permanent ID (PID), the temporary ID (TID), or the second key agreement session value (KeyA2) to the mediation server 200. To transmit.

The authentication center device 310 of the operation management server 300 inquires a permanent ID (PID) to call the master shared key (MK) that matches the permanent ID (PID) 1: 1 and generates a first random variable. Create (Nonce1).

The authentication center device 310 is responsible for verifying the identity of the user having the user mobile terminal 100 and providing values for authentication and encryption in order to secure security for each call.

In addition, the binary CDMA home location register 320 uses the master shared key (MK) and the first random variable (Nonce1) as a preset first key derivation function (KDF1 ()) and first and second mutual authentication functions (MAF1 ()). , MAF2 ()) generates a user-side encryption key (TK), a mutual authentication expectation request value (XRES), and a mutual authentication routine calculation value (MA-R1), respectively.

The binary CDMA home location register 320 stores and manages whether the user mobile terminal 100 is authenticated and the real time location received from the mediation server 200.

Subsequently, the binary CDMA visitor location register 220 of the mediation server 200 temporarily stores the user side encryption key TK and the mutual authentication expected request value XRES inputted from the authentication center device 310 of the operation management server 300. Save it.

As the binary CDMA visitor location register 220 compares and checks whether the mutual authentication response value RES and the mutual authentication expectation request value XRES match, the user side encryption key TK and the second random variable Nonce2 are matched with each other. After generating the first traffic protection stable key (SK1) by using the first traffic protection stable key (SK1) to a predetermined key matching function (KAF ()) to apply a first key matching session value (KeyA1). Create

The binary CDMA visitor location register 220 compares a match between the second key matching session value KeyA2 received from the user mobile terminal 100 and the second key matching session value Key1 calculated by itself, and compares them with each other. 2 Upon confirming the success of the verification, the security authentication for the traffic exchange of the user mobile terminal 100 is permitted.

In addition, the wireless router 210 transmits a personal image request signal for requesting personal image information to a pre-connected binary CDMA communication network 400 and receives the first random variable Nonce1 and the first received from the operation management server 300. The first key matching session value KeyA1 and the second random variable Nonce2, including the mutual authentication routine operation value MA-R1, are transmitted to the binary CDMA identification module 110 of the user mobile terminal 100.

In fact, the first and second random variables (Nonce1, Nonce2), the first mutual authentication routine calculation value (MA-R1) and the first key agreement session value (KeyA1) is transmitted directly to the binary CDMA identification module 110. Rather, input through the mobile terminal 120 will be appropriate for the structure of the user mobile terminal.

The security authentication system 1000 on a binary CDMA network in accordance with another embodiment of the present invention is driven as shown in FIG.

First, the user mobile terminal 100 transmits a temporary ID (TID) to the intermediary server 200 when handing over within the binary CDMA communication network 400, and stabilizes the fourth traffic protection using the user side encryption key (TK). The key SK4 is generated, and the first reauthentication key matching session value RAKA1 received from the mediation server 200 is compared with the self-operated first reauthentication key matching session value RAKA1 ', and then mutually compared. After confirming the success of the third verification at the match, the fourth traffic protection stabilization key SK4 is substituted into the key matching function KAF () to generate a second re-authentication key matching session value RAKA2.

The mediation server 200 is distinguished from a random number generated from a user side encryption key (TK), a first traffic protection stable key (SK1), and a first random variable recognized by a temporary ID (TID) reference and a permanent ID (PID) lookup. The third random variable Nonce3, which generates another random number, is applied to the preset second key derivation function KDF2 () to generate the third traffic protection stable key SK3.

The mediation server 200 generates the first re-authentication key matching session value RAKA1 by applying the third traffic protection stable key SK3 and the third random variable Nonce3 to the preset key matching function KAF (). Thereafter, the first re-authentication key matching session value RAKA1 and the third random variable Nonce3 are transmitted to the user mobile terminal 100 using the binary CDMA communication network 200.

In other words, when the user mobile terminal 100 is handed over in the binary CDMA communication network 400, the first wireless router 210 that is instrumented to the intermediate server 200 is changed from switching on to off. The second wireless router 211 that is provided in the server 200 is switched on from switching off to the first state, so that the first reauthentication key matching session value RAKA1 and the third random variable Nonce3 are changed using the binary CDMA communication network 400. ) Is transmitted to the user mobile terminal 100.

Accordingly, the mediation server 200 matches the second re-authentication key match session value RAKA2 received through the binary CDMA communication network 400 previously connected with the user mobile terminal 100, and the second re-authentication key match is calculated by itself. The session values RAKA2 'are compared with each other to allow secure reauthentication for traffic exchange of the user mobile terminal after confirming the success of the fourth verification at the time of matching.

Here, the third traffic protection stable key (SK3) is a value generated on the intermediate server 200 side, as shown in [Equation 12], and distinguished from the random number generated from the user-side encryption key (TK) and the first random variable Note that the third random variable Nonce3 is a secret key value generated by applying the second random derivation function KDF2 ().

Here, the fourth traffic protection stable key (SK4) is a value generated by the user mobile terminal 100, as shown in [Equation 13], received from the user-side encryption key (TK) and the intermediate server 200 Note that this is a secret key value generated by applying the third random variable Nonce3 to the second key derivation function KDF2 ().

Here, the first re-authentication key matching session value RAKA1 is a value generated at the mediation server 200 side, as shown in [Equation 14], and the third traffic protection stable key SK3 and the third random variable ( Note that this value is generated by applying Nonce3) to the key matching function (KAF ()).

Here, the first 're-authentication key matching session value RAKA1' is a value generated by the user mobile terminal 100, as shown in [Equation 15], and the fourth traffic protection stabilization key SK4 and the third. Note that the random variable (Nonce3) is generated by applying the key matching function (KAF ()).

Here, the second re-authentication key matching session value RAKA2 is a value generated on the user mobile terminal 100 side, and as shown in [Equation 16], the fourth traffic protection stabilization key SK4 is converted into a key matching function ( KAF ()), and XORing the third random variable (Nonce3) and the fourth traffic protection stabilization key (SK4) to the key agreement function (KAF ()). Note that this is a generated value.

Here, the second re-authentication key matching session value RAKA2 'is a value generated at the mediation server 200 side, and as shown in [Equation 17], the third traffic protection stable key SK3 is a key matching function. The pre-applying to (KAF ()) and the XOR of the third random variable (Nonce3) and the third traffic protection stabilization key (SK3) to post-apply to the matching function (KAF ()). Note that this value is generated accordingly.

4 is a flowchart illustrating a method of driving a security authentication system on a binary CDMA communication network according to an embodiment of the present invention.

Referring to FIG. 4, a method of driving a security authentication system on a binary CDMA communication network performs security authentication on traffic exchange between a user mobile terminal and an intermediary server by applying mutual authentication and an AKA protocol to a binary CDMA communication network. It is a driving method to permit.

First, the intermediary server transmits a personal image request signal for requesting personal identification information about a user possessing a user mobile terminal to a pre-connected binary CDMA communication network (S10).

As the user mobile terminal receives the personal image request signal through the binary CDMA network, the user terminal transmits a pre-registered permanent ID (PID) or temporary ID (TID) to an intermediary server connected to the binary CDMA communication network (S20, S30).

The management server inquires the permanent ID (PID) input from the intermediary server (S40) and calls the master shared key (MK) 1: 1 matching the permanent ID (PID) and generates the first random variable (Nonce1). (S50), the master shared key (MK) and the first random variable (Nonce1) are respectively assigned to the first key derivation function (KDF1 ()) and the first and second mutual authentication functions (MAF1 (), MAF2 ()). In operation S60, the user-side encryption key TK, the mutual authentication expectation request value XRES, and the first mutual authentication routine calculation value MA-R1 are generated.

The operation management server transmits the user side encryption key (TK), the mutual authentication expectation request value (XRES), the first random variable (Nonce1), and the first mutual authentication routine calculation value (MA-R1) to the intermediate server (S70).

The intermediate server temporarily stores the user side encryption key (TK) and the mutual authentication expected request value (XRES) received from the operation management server (S80), and the first random variable (Nonce1) and the first mutual authentication routine calculation value (MA-R1). ) Is transmitted to the user mobile terminal which is previously connected with the binary CDMA communication network (S90).

The user mobile terminal generates a second mutual authentication routine operation value (MA-R2) using the first random variable (Nonce1) received through the intermediate server and its own master shared key (MK), and then passes through the intermediate server. If it compares with the received first mutual authentication routine operation value MA-R1 and agrees with each other, communication connection with the intermediate server is allowed (S100).

In addition, the user mobile terminal generates a mutual authentication response value (RES) by applying the master shared key (MK) and the first random variable (Nonce1) to a predetermined first mutual authentication function (MAF1 ()) (S110). In step S120, the mutual authentication response value RES is transmitted to the binary CDMA communication network.

The intermediary server compares and checks whether the mutual authentication response value (RES) received through the binary CDMA communication network and the temporarily stored mutual authentication expectation request value (XRES) are compared to perform an authentication process for the user mobile terminal (S130).

When the mutual authentication response (RES) and mutual authentication expectation requirement (XRES) match each other, the intermediary server The first traffic is applied to the second key derivation function by applying a second random variable (Nonce2), which generates a user-side encryption key (TK) and another random number different from the random number generated from the first random variable, for the wireless section encryption key matching process. A protection stable key SK1 is generated (S140).

If the mutual authentication response value RES and the previously stored mutual authentication expectation request value XRES do not match, the intermediary server rejects the access of the user mobile terminal and transmits and notifies the user authentication rejection signal to the operation management server. S131).

Thereafter, the intermediary server issues the first traffic protection stabilization key SK1. After applying the preset key matching function KAF () to generate the first key matching session value KeyA1 (S150), the second random variable Nonce2 and the first key matching session value KeyA1 are binary CDMA. S160 transmits to the user mobile terminal connected to the communication network.

The user mobile terminal sets the user-side encryption key (TK) and the second random variable (Nonce2) generated using the pre-owned master shared key (MK) and the first random variable (Nonce1) received from the intermediate server. The second traffic protection stabilization key SK2 is generated by applying the derivation function KDF2 () (S170).

In addition, the user mobile terminal first verifies the first key agreement session value KeyA1 received through the binary CDMA communication network (S180), and if the first verification is successful, sets the second traffic protection stabilization key SK2 as a preset key. After the second key matching session value KeyA2 is generated by substituting the matching function KAF () (S190), the second key matching session value KeyA2 is transmitted to the intermediate server (S200).

If the first verification is not successful, the user mobile terminal re-requests retransmission of the first key agreement session value to the intermediate server (S181).

Thereafter, the intermediate server performs a second verification on the second key matching session value KeyA2 received from the user mobile terminal connected to the binary CDMA communication network (S210).

In other words, the intermediary server compares whether the second key matching session value KeyA2 'and the second key matching session value are equal to each other.

When the value of the second key agreement session value KeyA2 and the second key agreement session value KeyA2 'coincide with each other, the mediation server recognizes the encryption justification for the traffic exchange between the user mobile terminal and the operation management server. The security authentication for the traffic exchange of the user mobile terminal is allowed, and the operation management server is notified that the security authentication is allowed (S220, S230).

If the received second key agreement session value KeyA2 does not match, the mediation server re-performs step S150.

Note that the user-side encryption key (TK) is a secret key value generated by applying the first random variable (Nonce1) that generates a random number together with the master shared key (MK) to the first key derivation function (KDF1 ()). do.

Here, the first and second mutual authentication routines MA-R1 and MA-R2 convert the master shared key MK, the first random variable Nonce1 and the counter value into a second mutual authentication function MAF2 ( Note that this is a different operation value generated by applying to)).

Here, the first and second traffic protection stable keys SK1 and SK2 have different values generated by applying the user-side encryption key TK and the second random variable Nonce2 to the second key derivation function KDF2 (). Note that the secret key value is shared between the user mobile terminal and the intermediate server.

Note that the mutual authentication expected request value XRES is a value generated by applying the first random variable Nonce1, which generates a random number together with the master shared key MK, to the first mutual authentication function MAF1 (). .

Note that the mutual authentication response value RES is a value generated by applying the master shared key MK and the first random variable Nonce1 to the first mutual authentication function MAF1 ().

Note that the first key matching session value KeyA1 is a value generated by applying the first traffic protection stable key SK1 and the second random variable Nonce2 to the key matching function KAF ().

Note that the first 'key match session value KeyA1' is a value generated by applying the second traffic protection stable key SK2 and the second random variable Nonce2 to the key matching function KAF ().

The second matched session value KeyA2 pre-applies the second traffic protection stabilization key SK2 to the key matching function, and XORs the second random variable Nonce2 and the second traffic protection stabilization key SK2. Note that a calculation is a value generated by later application of the match function (KAF ()).

The second 'matched session value KeyA2' pre-applies the first traffic protection stabilization key SK1 to the key matching function, and the second random variable Nonce2 and the first traffic protection stabilization key SK1. Note that this is a value generated by applying the calculated value of XOR to the key matching function (KAF ()).

5 is a flowchart illustrating a method of driving a security authentication system on a binary CDMA communication network according to another embodiment of the present invention.

Referring to FIG. 5, in the method of driving a security authentication system on a binary CDMA network, security re-authentication regarding traffic exchange between a user mobile terminal and an intermediary server by applying mutual authentication and an AKA protocol to a binary CDMA network. It is a driving method to permit.

First, when a user mobile terminal performs a handover in a binary CDMA network (a term used to refer to a dynamic state of communication in which a user moves through a place using a user mobile terminal), a temporary ID (TID) is relayed to an intermediate server. Are transmitted to (S10 ', S20').

The intermediary server stores a third random variable that generates another random number that is distinguished from the random number generated from the first encryption variable and the user-side encryption key (TK) recognized by the permanent ID (PID) lookup with reference to the temporary ID (TID). The third traffic protection stable key SK3 is generated by applying the set second key derivation function KDF2 () (S30 ′).

The mediation server generates the first re-authentication key matching session value RAKA1 by applying the third traffic protection stabilization key SK3 and the third random variable Nonce3 to the predetermined key matching function KAF (). The third random variable Nonce3 and the first reauthentication key agreement session value RAKA1 are transmitted to the user mobile terminal using the binary CDMA communication network (S40 ', S50').

The user mobile terminal applies the user side encryption key (TK) and the third random variable (Nonce3) to the second key derivation function to generate a fourth traffic protection stable key (SK4), and is received from an intermediate server connected to the binary CDMA communication network. Comparing the first re-authentication key match session value RAKA1 with the self-calculated 1 're-authentication key match session value RAKA1', the fourth traffic protection stable key after confirming the success of the third verification is confirmed. The second re-authentication key matching session value RAKA2 is generated by substituting SK4 into the preset key matching function KAF (). (S60 ', S70', S80 ')

The intermediary server compares the second re-authentication key match session value RAKA2 received through the binary CDMA communication network previously connected with the user mobile terminal and the self-calculated second 're-authentication key match session value RAKA2' to each other. Confirm success of the fourth verification (justification) (S90 ', S100')

Accordingly, the intermediary server permits secure reauthentication for traffic exchange of the user mobile terminal (S110 ').

If the second 're-authentication key-match session value RAKA2' of the second re-authentication key-match session value RAKA2 is not successful, the intermediary server regenerates the third traffic protection stable key SK3 (S30). ').

Here, the third and fourth traffic protection stable keys SK3 and SK4 are different values generated by applying the user-side encryption key TK and the third random variable Nonce3 to the second key derivation function KDF2 (). Pay attention to

Here, the first re-authentication key matching session value RAKA1 applies the third random variable Nonce3, which generates another random number, with the third traffic protection stable key SK3, to the key matching function KAF (). Note that this is a generated value.

Here, the first 're-authentication key matching session value RAKA1' applies a third random variable Nonce3 generating another random number with the fourth traffic protection stable key SK4 to the key matching function KAF (). Note that this is a generated value.

Here, the second re-authentication key agreement session value RAKA2 is a calculated value obtained by applying the fourth traffic protection stabilization key SK4 in advance and XORing the third random variable Nonce3 and the traffic protection stabilization key SK4. Note that is a value generated by post application to the key matching function (KAF ()).

Here, the second re-authentication key agreement session value RAKA2 'pre-applies the third traffic protection stabilization key SK3, and XORs the third random variable Nonce3 and the traffic protection stabilization key SK3. Note that a calculation is a value generated by later application of the match function (KAF ()).

Although the above has been described with reference to a preferred embodiment of the present invention, those skilled in the art will be able to variously modify and change the present invention without departing from the spirit and scope of the invention as set forth in the claims below. It will be appreciated.

1000: Security Authentication System on Binary CDMA Network
100: user mobile terminal 400: binary CDMA communication network
200: mediation server 300: operations management server

Claims (26)

A security authentication system on a binary CDMA communication network that performs security authentication on a binary CDMA communication network using an intermediary server that connects a user mobile terminal and an operation management server.
In response to receiving the personal identification request signal through the binary CDMA network, the registered permanent ID or temporary ID is transmitted to the intermediary server, and the master shared key identified from the permanent ID is substituted into the second predetermined mutual authentication function. Comparing the second mutual authentication routine operation value generated according to the first mutual authentication routine operation value with each other and allowing communication connection of the intermediary server when the mutual mutual identity is matched with each other, and entering through the master shared key and the intermediate server. A random variable is applied to a predetermined first key derivation function and a first mutual authentication function to generate a user-side encryption key and a mutual authentication response, respectively, and to generate a second random variable received from the user-side encryption key and the intermediary server. The second traffic protection stable key is generated by applying the preset second key derivation function. After the first session key matches the value transmitted from the relay server, the first verifying the user's mobile terminal to transmit to the relay server 2 by applying a traffic protection key with the key stability matching function to generate the second key value matching the session;
By querying the permanent ID received from the intermediary server, the master shared key matching the permanent ID is 1: 1, as well as generating the first random variable by itself, and generating the master shared key and the first random variable. An operation management server that is assigned to a predetermined first key derivation function and first and second mutual authentication functions to generate a user side encryption key, a mutual authentication expectation value, and a first mutual authentication routine operation value; And
Transmitting a personal identification request signal for requesting personal identification information about a user possessing the user mobile terminal to the binary CDMA communication network, temporarily storing the user side encryption key and mutual authentication expectation request received from the operations management server, and The first random variable and the first mutual authentication routine operation value received from the operation management server are transmitted to the user mobile terminal, and the mutual authentication response value and the mutual authentication expected request value received through the binary CDMA communication network are compared with each other. If the same, the user-side encryption key and the second random variable generated by itself is applied to a preset second key derivation function to generate a first traffic protection stable key, and the first traffic protection stable key matches a predetermined key. A first key agreement session value generated by applying to a function and the second random Transmit a number to the user mobile terminal, and secondly verify the second key agreement session value received through the binary CDMA communication network to permit security authentication for traffic exchange of the user mobile terminal, and to permit the security authentication. Security authentication system on a binary CDMA communication network including an intermediary server to notify the operation management server.
The method of claim 1, wherein the user-side encryption key,
And a secret key value generated by applying the first random variable generating the master shared key and the random number to the first key derivation function.
The method of claim 2, wherein the first and second mutual authentication routine calculation values,
And a counter value generated by applying the master shared key, a first random variable, and an additional variable counter value to the second mutual authentication function.
The method of claim 2, wherein the first and second traffic protection stabilization key,
And a secret key value generated by applying the user-side encryption key and the second random variable generating another random number to the second key derivation function.
The method of claim 1, wherein the mutual authentication expectation requirement is:
And a data value generated by applying the first random variable, which generates a random number together with the master shared key, to the first mutual authentication function.
The method of claim 5, wherein the mutual authentication response value,
And a data value generated by applying the master shared key and the first random variable to the first mutual authentication function.
delete The method of claim 1, wherein the user mobile terminal,
When handing over in the binary CDMA network, the temporary ID is transmitted to the intermediary server, and a fourth traffic protection stable key is generated by using the user side encryption key, and the first re-authentication key match received from the intermediary server is matched. Compare the session value with the self-calculated 1 're-authentication key value session value and confirm the success of the third verification, and then substitute the fourth traffic protection stabilization key into the key matching function to match the second re-authentication key value. Generating a session value further comprising: generating a session value.
The method of claim 8, wherein the mediation server,
Generate a third traffic protection stable key by using the user-side encryption key recognized by the reference to the temporary ID and the inquiry on the permanent ID,
After generating the first re-authentication key matching session value by applying the third traffic protection stable key and the third random variable to the key matching function, the first re-authentication key matching session value and the third random variable are converted into the binary CDMA. Transmits to a user mobile terminal connected to a communication network,
Comparing the second re-authentication key matching session value received from the user mobile terminal with the self-calculated second 're-authentication key matching session value and matching each other, and after confirming the success of the fourth verification, exchanging traffic of the user mobile terminal. And authorizing a secure reauthentication for the secure CDMA communication network.
The method of claim 9, wherein the third, fourth traffic protection stabilization key,
Binary CDMA, characterized in that a secret key value generated by applying the third random variable to the second key derivation function to generate another random number distinct from the user-side encryption key and the random number generated from the first random variable Security authentication system on a network.
The method of claim 10, wherein the first re-authentication key matching session value,
A value generated by applying the third traffic protection stable key and the third random variable to the key matching function, wherein the first 're-authentication key matching session value,
And a value generated by applying the fourth traffic protection stabilization key and the third random variable to the key matching function.
delete The method of claim 8,
When the user mobile terminal is handed over in the binary CDMA network, the first wireless router device provided to the intermediate server is changed from switching on to off.
On the binary CDMA communication network, the second wireless router configured in the intermediate server is switched on from switching off to transmit the first re-authentication key matching session value to the user mobile terminal using the binary CDMA communication network. Security authentication system.
The method of claim 1, wherein the user mobile terminal,
The master shared key and the first random variable are applied to the first mutual authentication function to generate the mutual authentication response value, and the user side encryption key and the second random variable are applied to the second key derivation function to generate the second traffic. After generating the protection stabilization key, and compares the first key matching session value received from the intermediary server and the self-operated first 'key matching session value to match each other, and confirms the first verification success A binary CDMA identification module configured to apply the second traffic protection stabilization key to the key matching function to generate the second key matching session value; And
And a mobile terminal device receiving the personal identification request signal through the binary CDMA communication network and transmitting the permanent ID, temporary ID, or second key agreement session value to the intermediary server. .
The method of claim 1, wherein the operation management server,
An authentication center device for querying the permanent ID to call the master shared key that matches the permanent ID 1: 1 and generate the first random variable to generate a random number; And
Binary CDMA home which applies the master shared key and the first random variable to the first key derivation function and the first and second mutual authentication functions to generate the user side encryption key, mutual authentication expectation value and first mutual authentication routine operation value, respectively. Security authentication system on a binary CDMA network, comprising a location register.
The method of claim 1, wherein the mediation server,
Temporarily storing the user-side encryption key and the mutual authentication expectation value inputted from the operation management server, and comparing the mutual authentication response value with the mutual authentication expectation request value and generating the first traffic protection stable key when they match each other. Thereafter, the first traffic protection stable key is applied to a key matching function to generate a first key matching session value.
The security verification for the traffic exchange of the user mobile terminal is allowed by comparing the second key agreement session value with the self-operated second key matching session value and confirming the second verification success when the second key match session value is matched with each other. A binary CDMA visitor location register; And
The personal identification request signal is transmitted to the binary CDMA network, and the first key matching session value and the second random variable, including the first random variable and the first mutual authentication routine operation value received from the operation management server, are moved to the user. Security authentication system on a binary CDMA communication network comprising a wireless router for transmitting to the terminal.
A first step of the intermediary server transmitting a personal image request signal to a pre-connected binary CDMA communication network requesting personal image information about a user possessing the user mobile terminal;
A second step of transmitting a pre-registered permanent ID or temporary ID to the intermediary server as a user mobile terminal receives the personal image request signal through the binary CDMA communication network;
A third step of the operation management server querying the permanent ID received from the intermediary server, calling a master shared key that matches the permanent ID 1: 1, and generating a first random variable by itself;
The operation management server substitutes the master shared key and the first random variable into a predetermined first key derivation function and first and second mutual authentication functions, respectively, and calculates a user side encryption key, mutual authentication expectation value, and first mutual authentication routine operation value. Generating a fourth step;
The intermediate server temporarily stores the user-side encryption key and the mutual authentication expectation value received from the operations management server, and transmits the first random variable and the first mutual authentication routine operation value received from the operations management server to the user mobile terminal. A fifth step;
A coincidence between a second mutual authentication routine operation value generated by substituting the master shared key determined from the permanent ID by the user mobile terminal into the second mutual authentication function and the first mutual authentication routine operation value; A sixth step of allowing a communication connection of the intermediary server when comparing with each other whether or not they match each other;
A seventh step of the user mobile terminal generating the user side encryption key and the mutual authentication response value by applying the master shared key and the first random variable to the first key derivation function and the first mutual authentication function;
If the intermediary server compares the mutual authentication response value received through the binary CDMA network with the mutual authentication expectation request value, and matches each other, the predetermined key derivation function of the user-side encryption key and the second random variable generated by the intermediate server An eighth step of applying to to generate a first traffic protection stable key;
A ninth step of transmitting, by the intermediary server, the first key agreement session value and the second random variable generated by applying the first traffic protection stabilization key to a predetermined key matching function;
The user mobile terminal generates the second traffic protection stable key by applying the user-side encryption key and the second random variable to a preset second key derivation function, and after verifying the first key agreement session value first, the second key. A tenth step of applying a traffic protection stable key to the key matching function to generate a second key matching session value and to transmit it to the intermediate server; And
The intermediate server grants the security authentication for traffic exchange of the user mobile terminal by second verifying the second key agreement session value received through the binary CDMA communication network, and grants the security authentication to the operations management server. A method of driving a security authentication system on a binary CDMA communication network comprising an eleventh step of notifying.
The method of claim 17, wherein the fourth step,
(4-a) the operation management server generating the user-side encryption key by applying the first random variable that generates the master shared key and a random number to the first key derivation function;
(4-b) the operations management server generating the first mutual authentication routine operation value by applying the master shared key, the first random variable, and an additional variable counter value to the second mutual authentication function. A method of driving a security authentication system on a binary CDMA communication network.
The method of claim 17, wherein the sixth step,
And generating, by the user mobile terminal, the second mutual authentication routine operation value by applying the master shared key, a first random variable, and an additional variable counter value to the second mutual authentication function. A method of driving a security authentication system on a communication network.
The method of claim 17, wherein the eighth step is
The intermediate server generates the first traffic protection stable key by applying the second random variable to the second key derivation function to generate another random number distinguished from the random number generated from the user-side encryption key and the first random variable. And driving the secure authentication system on a binary CDMA communication network.
The method of claim 17, wherein the fourth step,
(4-c) the operations management server applies the master shared key and the first random variable to the first mutual authentication function to generate the mutual authentication expectation request value used to attempt communication linkage with the user mobile terminal. A method of driving a secure authentication system on a binary CDMA communication network, comprising the steps of:
The method of claim 21, wherein the seventh step is
And generating, by the user mobile terminal, the mutual authentication response value, which is a signal in response to the mutual authentication expectation request, by applying the master shared key and the first random variable to the first mutual authentication function. A method of driving a security authentication system on a CDMA communication network.
delete The method of claim 17, wherein the operation proceeds after the selected one of the second to tenth steps is performed.
A first 'step of transmitting the temporary ID to the intermediary server when the user mobile terminal hands over the binary CDMA communication network;
A second step of generating, by the intermediate server, a third traffic protection stable key by using the user-side encryption key recognized as a reference to the temporary ID and an inquiry about the permanent ID;
After the intermediate server generates the first re-authentication key matching session value by applying the third traffic protection stable key and the third random variable to the key matching function, the first re-authentication key matching session value and the third random variable are generated. Transmitting 3 'to the user mobile terminal which is previously connected with the binary CDMA communication network;
The user mobile terminal generates a fourth traffic protection stable key using the user-side encryption key, and compares the first reauthentication key matching session value received from the intermediary server with the self-calculated first 'reauthentication key matching session value. A fourth 'step of generating a second re-authentication key-match session value by substituting the fourth traffic protection stabilization key into the key-matching function after confirming the success of the third verification. And
When the intermediary server compares the second re-authentication key matching session value received from the user mobile terminal with the self-calculated second 're-authentication key matching session value, and confirms the success, the user moves after confirming the success of the fourth verification. And a fifth step of permitting secure reauthentication for traffic exchange of the terminal.
The method of claim 24, wherein the second 'step,
The intermediate server applies the third random variable to the second key derivation function by generating the third random variable that generates another random number distinct from the random number generated from the user-side encryption key and the first random variable. And generating a secure authentication system on a binary CDMA communication network. delete

Images