WO2006026925A1 - A method for setting the authentication key - Google Patents

A method for setting the authentication key

Info

Publication number
WO2006026925A1
WO2006026925A1 PCT/CN2005/001432 CN2005001432W WO2006026925A1 WO 2006026925 A1 WO2006026925 A1 WO 2006026925A1 CN 2005001432 W CN2005001432 W CN 2005001432W WO 2006026925 A1 WO2006026925 A1 WO 2006026925A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
mobile terminal
key
user
random number
information
Prior art date
Application number
PCT/CN2005/001432
Other languages
French (fr)
Chinese (zh)
Inventor
Zhengwei Wang
Yingxin Huang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • H04L63/0869Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Abstract

Amethod for setting the authentication key applied between the mobile terminal and the authentication apparatus comprises a. one of the mobile terminal and the authentication apparatus generates a random number and transmits the random information corresponding to the random number to the other one of the mobile terminal and the authentication apparatus; b. one of the mobile terminal and the authentication apparatus computes the random number and the information relating to the mobile terminal associately or computes the random information and the information relating to the mobile terminal associately to generate and store the authentication key for authenticating the validity of the mobile terminal user, and the other one of the mobile terminal and the authentication apparatus computes the random information and the information relating to the mobile terminal associately to generate and store the corresponding authentication key. According to the authentication key setting method of present invention the security of the validity authentication of the mobile terminal user is improved and hence the effect of preventing from being stolen is improved.

Description

Verification key setting method

FIELD

The present invention relates to secure communication technologies in a communication network, particularly to a method for setting the authentication key between a mobile terminal and a verification device. BACKGROUND OF THE INVENTION

In the current mobile communication network, to ensure the safety of the mobile terminal, for example, to prevent robbery case where the mobile terminal easily occurs from time to time, before the user uses the mobile terminal, the mobile terminal user needs to verify the legitimacy. Only the normal use of the mobile terminal authenticated access to the normal mobile communication network or, without passing through the mobile terminal will be verified automatically locked shut, even automatically send a short message to the mobile terminal user according to the mobile terminal user is provided relatives or sent to the public security organs, making robbery an illegal user of a mobile terminal even with the mobile terminal can not be used properly, they may even be brought to justice, and thus put an end to the phenomenon of stealing mobile terminal fundamentally, greatly improved the security of the mobile terminal.

In the process of the mobile terminal user in the legality verification, a verification apparatus typically need to set up a mobile communication network, for example a home location register (HLR) or an authentication center (the AC), and a key provided in the mobile terminal , where it may be referred to as anti-theft key, while the key is stored in the verification apparatus, the verification apparatus further save key and the correspondence relationship between the user subscription information. When a mobile terminal user needs to Xian the legality certificate, the easiest way is to the mobile terminal a request message to the key verification request transmitting device, authentication device corresponding to the key to the mobile terminal of the mobile terminal user, the mobile whether the terminal compares the received key and save yourself the key agreement. If they are consistent, it indicates that mobile terminal users legal, illegal or show mobile terminal users. Of course, the mobile terminal may be a request to send authentication information verification apparatus, a verification device for mobile terminal according to the correlation calculation corresponding to the key, such as encryption or digest calculation will calculate the results returned to the mobile terminal, the mobile terminals to use their saved the key corresponding calculation, and the calculated result of the comparison and whether their results from the verification device to determine the legitimacy of the same mobile terminal users.

When the mobile terminal was robbery, legitimate users will require telecommunications operators to stop their service user card, then stealing mobile terminal unauthorized users if you want to use the mobile terminal communicate properly, it is necessary to replace a user card. However, after replacing the card user, since the user subscription cards of different users of different information, resulting in signed authentication apparatus according to the new subscriber information stored in the mobile terminal can not find the key, or look for a mobile terminal and a key held in secret obtained different keys, so that the mobile terminal determines that the user illegally. Such above-described method can effectively achieve the objective of protecting the security of the mobile terminal.

In the above method, the mobile terminal device key and the verification key is generally consistent. In the specific implementation, the key may be generated by the mobile terminal, and then transmitted to the authentication device, may be formed, for example, a key, or a key is generated randomly by the mobile terminal enter a digit or character by a user of the mobile terminal, and then moved the terminal key is transferred directly to the insurance card device. Further, the key may be randomly generated by the authentication device, by the authentication device and transmitting the key directly to the mobile terminal.

As can be seen, the above-described key setting method has the following drawbacks. First, if the key input by the mobile terminal user, the key input by the user may not conform to a standard key generation key, in other words, a key vulnerable to attack, thereby reducing the mobile terminal user legitimacy security verification. Second, whether the mobile terminal transmits the key to the authenticating apparatus, or device authentication key to the mobile terminal, in the course of the transport key, the network-side equipment associated signaling may not be encrypted, resulting in transfer the key is easily intercepted by others, thereby reducing the security verification of the legality of mobile terminal users. In summary, there is provided a method key prior art security vulnerabilities, thereby reducing the security verification of the legitimacy of a mobile terminal user, and thus reduces the effect of theft of a mobile terminal. SUMMARY

In view of this, the main object of the present invention is to propose a method of setting verification key verification apparatus and a mobile terminal to overcome the vulnerabilities of the prior art, to improve the safety of the end user to verify the legitimacy of the movement, the mobile terminal security protection Effect.

The above object of the present invention is to be implemented by the following technical solutions:

A setting key authentication method used between the mobile terminal and the authentication apparatus, the method comprising at least:

. A mobile terminal authentication apparatus and face one generates a random number, and transmits the random number to be arbitrary information to another mobile terminal and the verification device;

b. a mobile terminal apparatus and face card for the mobile terminal and the random number information joint computing, or random information and mobile terminal information related to the joint calculation, generates and stores a mobile terminal user insurance certificate legitimacy eyelid license key, and another mobile terminal in the joint verification device calculates the random information and mobile terminal information, generates and stores corresponding verification key.

Preferably, the same random information and the random number, a random number generated in step a mobile terminal and the random number to the verification device.

Preferably, the transmitted random number is the random number contained in the transmission request is provided a verification key; the method further comprises returning a verification device arranged for indicating the mobile terminal authentication key to the authentication key stored after whether the operation was successful authentication key setting request response message.

Preferably, the same random information and the random number, a step of generating a random number for the authentication apparatus and the random number to the mobile terminal.

Preferably, the mobile terminal further comprises a key set authentication request to send an authentication device, the authentication device transmits the random number to the mobile terminal is the random number contained in an authentication device authentication key prior disposed generates a random number It transmits a response request.

Preferably, after performing the step of receiving a user requires a mobile terminal user to verify the legitimacy of the set.

Preferably, in step b the mobile terminal generates a random number and saved for the mobile terminal user to verify the legitimacy of the authentication key comprises:

The mobile terminal sends the random number to the user card in the mobile terminal;

Use their own user card information stored in the mobile terminal and the random number received joint calculation to obtain a calculation result;

The result of the calculation the user card to the mobile terminal obtained;

Mobile terminal receives the calculation result from the user's card is saved ^ insurance card key.

Preferably, the different random information and the random number, a random number generated in step a mobile terminal, and to calculate the random number to obtain a random information, and then transmits the random message to the verification device; moving in step b random information terminal and the mobile terminal information related to calculate the joint verification key.

Preferably, the step of the mobile terminal b of random information and information related to the mobile terminal generates and stores a joint computing the authentication key comprises:

The mobile terminal sends the random number to the user card in the mobile terminal;

User card encrypts the random number calculation, the calculation result as the encrypted random information;

User card and calculated results of the mobile terminal related information corresponding to the encrypted joint calculation, the calculation result of a joint;

The user card encryption calculation result and returning the combined results to the mobile terminal; mobile terminal user receives the federated computing results from the card verification key stored as ί stay.

Preferably, the different random information and the random number, a random number generated in step a mobile terminal, and to calculate the random number to obtain a random information, and then transmits the random message to the verification device; mobile terminal in step b random number and the information related to the mobile terminal calculated by the authentication key.

Preferably, the step of the mobile terminal b of the random number and information related to the mobile terminal generates and stores a joint computing the authentication key comprises:

The mobile terminal sends the random number to the user card in the mobile terminal;

User card joint calculation result calculated based on the first random number and information related to a corresponding mobile terminal;

User card encrypts the random number calculation, the calculation result as the second random information a; the two user card results returned to the mobile terminal;

A first mobile terminal authentication key calculation result is stored.

Preferably, in step b, the random information verification apparatus and the mobile terminal information related joint computing and generates an authentication key is calculated by the first calculation result from the second calculation result and first calculation result obtained is stored as authentication password key.

Preferably, the mobile terminal further comprises a secure chip, the mobile terminal stores the insurance certificate key is the verification key stored on the security chip.

After Preferably, the security chip is set in advance in a user access code, the authentication key prior to writing the security chip or receiving the user's setting, further comprising prompting the user input indicates whether the user is entitled to operate the secure chip user operation password, the user then determines that the user operation input password is correct, if a step is correct, otherwise the process ends.

Preferably, the mobile terminal related information is international mobile equipment identity IMEI international mobile subscriber identity IMSI, the mobile terminal communication key KC, user card root key KI, the card user's card of one user or they any combination. Preferably, verification device stores the verification key is stored in accordance with the terminal identity information corresponding to the calculated verification key.

Preferably, the terminal identity information is user identification information of the card, one or any combination of the user terminal and a mobile terminal number information of the identification information thereof.

Preferably, the card device Xian the HLR is the home location register, an authentication center AC and one kind of equipment identity register EIR is.

As can be seen from the aspect of the present invention, by any of a mobile terminal device and the authentication apparatus generates a random number, random information will then be transmitted to another random number of a device, a mobile terminal and a random number verification equipment generates random information or authentication key for the respective mobile terminal users face syndrome legitimacy. Authentication key by the present invention a random number is calculated directly or indirectly, rather than directly generated by the user, thus avoiding the prior art the user directly generates a key phenomenon is easily caused by the attack; Further, this method also avoid direct transfer key, thereby avoiding interception of the keys in the key obtained by the plaintext transmission phenomenon as' no transmission of signaling corresponding encrypted result occurs, and therefore, to ensure the security of the key, but also improve the safety of the end user to verify the legality of the move. For example, even if the information is intercepted random others, but because the authentication key is calculated according to the random joint information and mobile terminal information, people intercepted random information stored in the mobile terminal it is difficult to know when and generates the key using a specific calculation ( including user card) in the relevant information, it is difficult to obtain a key according to the random authentication information intercepted.

As described above, according to the key setting method of the present invention overcomes the prior art security holes exist, increased safety legality verification mobile terminal user, and thus improved anti-theft effect of the mobile terminal. BRIEF DESCRIPTION OF DRAWINGS

FIG 1 is a flowchart of a first method of the present invention. FIG 2 is a flowchart of a first embodiment according to the first embodiment of the method of the present invention.

FIG 3 is a flowchart of a first embodiment according to the second embodiment of the method of the present invention.

FIG 4 is a flowchart of a second method according to the present invention.

5 is a flowchart according to the third method of the present invention. Embodiment of the present invention.

The present invention is described in detail accompanying drawings and the following Examples in conjunction with specific embodiments.

In order to overcome the prior art mobile terminal user input information as a key vulnerable to attacks may cause defects in the present invention, such a key generation mode abandoned. In order to prevent direct transmission between the mobile terminal device and the authentication key is likely to cause problems are intercepted leaked key, the key is not in the direct transmission of the present invention, but the transmission of a random number used to generate the key, and the mobile terminal authentication apparatus and were calculated according to the random number the respective keys.

FIG 1 illustrates a general procedure according to the first key setting method of the present invention made in accordance with the above ideas. As shown in FIG 1, the method comprising the steps of:

In step 101, the mobile terminal or the authentication device generates a random number, and then sends the random number to each other.

102, and the mobile terminal authentication apparatus is calculated based on the random number and the corresponding step in the mobile terminal related information, respectively, to give the respective mobile terminal user to verify the legitimacy of a verification key.

In step 103, the mobile terminal authentication apparatus and face were preserved their license key calculated.

Wherein in step 101, the mobile terminal for generating a random number, the random number may be generated by the user card, and may be generated by the mobile terminal itself.

Wherein in step 102, the mobile terminal related information may be KI user card, the user card may be a KC, user card may be IMSI, IMEI may be a mobile terminal, and may be any combination thereof. Those skilled in the art will appreciate, the information stored in the mobile terminal simultaneously and verification device. For the mobile terminal, the mobile terminal described above may be carried out in a user card according to the calculated random number and a corresponding mobile terminal related information, i.e., by the user card and a random number calculated by the mobile terminal authentication key information.

In correspondence relationship stored in step 103 when validation device calculates authentication key obtained, may be further stored information indicates the terminal identity information or the user identification card number of the user terminal information or the identification information of the mobile terminal and the verification key are calculated, so that verification device may be maintained in accordance with the terminal information corresponding to the authentication key, to find the key to facilitate authentication. Here the user card identification information is the IMSI information, the user information is the terminal number of the mobile terminal user corresponding to the telephone number of the card, identification information of the mobile terminal may be IMEI of the mobile terminal.

In the present invention, the verification device may be a HLR, may be AC, may also be EIR. Described below in connection with FIG. 2, according to a first embodiment before a first embodiment of the method of the present invention. In the first embodiment, the random number is generated by the mobile terminal, and then transmits the random number to the authentication device.

In step 201, the mobile terminal generates a random number, and transmits the random number to the user card. This step may be started when the user is provided a mobile terminal user is required to verify the legality of the operation.

In step 202, the user card after receiving the random number using the random number and its own stored IMSI and KI joint calculate a calculation result, the calculation result is then transmitted to the mobile terminal.

In step 203, the mobile terminal device sends a verification request verification key set, step 201 carries the generated random number in the request.

In step 204, the face authentication apparatus after receiving the authentication key setting request from the mobile terminal, extracted from the random number and the random number and the KI to be stored in the mobile terminal and the IMSI of their joint calculate a calculated as a result, and the calculation result is saved as a verification key for verifying the legitimacy of a mobile terminal user. And then returns to the mobile terminal authentication key setup request response, which may be further carry a card key face is provided if successful.

In, after receiving a response message authentication device, the calculation result for a card from a user of the mobile terminal 205 is a step for verifying the legitimacy of the authentication key of mobile terminal users.

Thus, the mobile terminal and the verification device respectively calculates the respective authentication key by transmitting a random number from the same random number. Here, the mobile terminal and the verification device may be the same calculation performed by the same random number may be different. In the same case, when the mobile terminal user subsequent legality verification, the mobile terminal determines an authentication key received from the authentication device certificate and its own storage key is the same face. Calculated in two different situations, it is necessary to determine the relationship between the two is calculated, so that when the legality of the mobile terminal user in the subsequent face card, the mobile terminal determines an authentication key received from the authentication device and an authentication key held by itself whether the relationship is satisfied.

Incidentally, the mobile terminal may be determined whether the verification key stored in the device and stored in its own authentication key agreement by other means. For example, the mobile terminal may be sent via a random number to the verification apparatus, encrypts the random number calculated by the authentication apparatus and the mobile terminal, respectively, according to the stored verification key, the mobile terminal calculated by the encryption calculation result of the comparison of the verification apparatus and its own encryption whether the results are consistent to determine whether the verification key stored in the device and save your own authentication key agreement.

Those skilled in the art will appreciate that the above calculations may be reversible encryption plus character string conversion decryption calculation, for example, with the transformation of AES (Advanced Encryption Standard) encryption algorithm or the algorithm may be irreversible transform calculation digest string, e.g. Bian information MD5 (message-digest algorithm 5) - digest algorithm 5 or converted form, or any other calculations. For the calculation of the joint, KI may be used to encrypt the random number calculation, and using the calculated results, and then the IMSI is calculated to obtain the final encrypted cryptographic calculations.

Below in connection with FIG 3 illustrates a second embodiment in accordance with a first embodiment of the method of the present invention. In the second embodiment, the random number generated by the authentication device, and then transmits the random number to the mobile terminal.

In step 301, the mobile terminal device sends a verification request verification key set. This step may be started when the user is provided a mobile terminal user is required to verify the legality of the operation.

In step 302, the verification device generates a random number and use the random number to be KI and IMSI information of the mobile terminal and joint calculate a calculation result, the calculation result is stored for the mobile terminal user to verify the legitimacy of the authentication password key. And then returns to the mobile terminal authentication key setup request response, wherein the random number included in the response message.

In step 303, the mobile terminal after receiving a response message from the authentication device, wherein the extracted random number, and then sends the random number to the user card.

In step 304, the user card and the random number stored in their joint KI and IMSI information calculation, the calculation result, the calculation result is then returned to the mobile terminal.

In step 305, the mobile terminal receives the calculation result from the user card verification key stored for use by a mobile terminal user to verify legitimacy.

Similar to the first embodiment, where the mobile terminal and the verification device may be the same calculation performed by the same random number may be different.

In the present invention, the random number may be calculated to give an encrypted encryption calculation result, then the calculation result as a new encrypted random number, random information is sent to the other party. More specifically, the present invention provides a second method shown in Figure 4.

In step 401, the mobile terminal generates a random number, the random number and sends the card user. This step may be started when the user is provided a mobile terminal user is required to verify the legality of the operation.

After step 402, the card user receives the random number, the random number is calculated to obtain a calculation result. The encryption calculation may be calculated, and when cryptographic calculations performed, can be introduced, or a combination of any of several other information KI, KC, IMSI, IMEI, etc. involved in the calculation.

In step 403, the user card and the calculation result stored in its own IMSI and KI joint like joint calculate a calculation result, the calculation result and then transmit the encrypted combined calculation result to the mobile terminal simultaneously.

In step 404, the mobile terminal device sends a verification request verification key setting, there is carried in the request step 403 the calculation results received from the encrypted user card, i.e. random information.

In step 405, after receiving the authentication device authentication key setting request from the mobile terminal, extracts the encryption calculation result, and then calculates the joint encryption calculation results of their own mobile terminal should KI stored IMSI and the like to obtain a combined calculation result, and the calculation results are stored as a combined verification key for verifying the legitimacy of a mobile terminal user. And then returns to the mobile terminal authentication key setup request response that carries the authentication information is set key to success.

Combined result of calculation at step 406, the mobile terminal receives the response message face authentication apparatus, from a user for a card verification key for authenticating the legitimacy of a mobile terminal user.

In the second method, the user card 402 in the encryption calculation step and calculating the joint is performed in step 403 for separation of practice, this separation calculation performed may have some impact on the efficiency, or to achieve increased the complexity. Practice, these two can be calculated by an algorithm designed as a step of the synthesis, for, the present invention provides a third method shown in FIG. 5.

In step 501, the mobile terminal generates a random number, the random number and sends the card user. This step may be started when the user is provided a mobile terminal user is required to verify the legality of the operation.

In step 502, the card user receives the random number, the random number and a mobile terminal related information, like e.g. KI and IMSI joint calculate a first calculation result, and encrypting the random number calculated by a second computing result. It can be introduced into the encryption calculation

Involved in the calculation KI, KC, IMSI, IMEI, etc. a combination of any of several information or the like.

In step 503, the user card will first calculation result and second calculation result to the mobile terminal simultaneously.

In step 504, the mobile terminal device sends a verification request verification key set, a second carrying step of calculation results received from the user card 503 in the request, i.e. random information.

In step 505, after receiving the authentication device authentication key setting request from the mobile terminal, extracts the second calculation result and the second calculation result and their related information should be stored in the mobile terminal, and KI e.g. IMSI joint like joint calculate a calculation result, and the calculation result is saved as a combined mobile terminal user to verify the legitimacy of the authentication key. And then returns to the mobile terminal authentication key setup request response that carries the authentication information is set key to success.

In 506, after receiving a response message authentication apparatus, the first calculation result from a user mobile terminal for a card verification step for the mobile terminal user to verify the legitimacy of the key. Of course, storing the authentication key should be provided to the receiving device in response to the authentication success message authentication key set.

In the above method, the mobile terminal authentication key stored in the first calculation, and verification device verification key is stored in second joint calculation result calculated by further calculation, the combination calculation result calculated by the verification apparatus user card and a first calculation result is calculated to satisfy the relationship obtained symmetric key. For example, practice, the user card can be calculated according to step a second random number calculation result as step si, calculation results from the second step to obtain a first calculation result calculation referred s2, calculated from the random number then after the step s2 is the execution result of the first calculation result is referred to s3, so, s3 is executed si. Accordingly, the authentication apparatus according to a second calculation result, i.e., by performing the step s2 can be obtained and the user card performs the same calculation result of the calculation results obtained s3. 'Likewise, if the user card is referred to as step sl calculated in accordance with the first step of the random number calculation result, the user card a second step to obtain a first calculation result from the calculation result of the calculating referred S2; from the second verification device the results calculated by the calculation result of said step of jointly referred s3, so that, if the reverse step s3 s2 is executed, then, s3 can be calculated from the first calculation result of the second calculation result, and the result of this calculation authentication calculation result as a combined device.

Practice, probably because the algorithm design evolved a variety of different steps, but the core idea they are all under the framework of the method of the present invention.

In each of the above embodiments, both the mobile terminal after receiving the authentication key from the face authentication apparatus is provided in response to a request, only self-generated authentication key storage, in practical applications, the mobile terminal itself generates the authentication key, and saving may perform authentication key directly, without having received the authentication key response setting request after the save operation.

In each of the above embodiments, the mobile terminal generates a random number, transmits the random number and other operations is controlled by a program implemented in the mobile terminal. Further, the user sets the mobile terminal user is required to verify the legitimacy of the operation may be set by the mobile terminal screen interface.

Under normal circumstances, the mobile terminal authentication key is stored in a nonvolatile memory of the mobile terminal by a mobile terminal program. In this case, the mobile terminal may be provided for the user to verify the legitimacy of the security chip, the mobile terminal authentication key is preferably be kept by the security chip, in this case the above-described two embodiments, the mobile terminal receives after the calculation result from the user card, the calculation result is further sent to the security chip, the security chip results stored for use by the mobile terminal user to verify the legitimacy of the authentication key.

In the case where the verification key stored in the security chip, in order to improve the safety of operation of the security chip, a user may be provided access code in the security chip, when the secure chip access, for example, key data write operation , required by a user operation only after authentication key. After the practice, a user may set the mobile terminal user is required to verify the legitimacy of the operation, the mobile terminal further prompts the user to enter a user access code, the right to the user to indicate that this setting. After a user enters a user access code, the mobile user terminal program determines a user operation input password is correct, if correct next steps, otherwise return to the user password input error message, and the process ends.

Practice, the user operates the password may be provided in the security chip, in order to ensure the security of user operation of the key. The user operates the key corresponding to the transfer, after the user enters a user access code, the mobile terminal will program the user input to the security chip, the security chip is determined by a user operation input by the user password is correct, and the determination result is transmitted to the mobile terminal program to display to a user; if the secure chip determines that the user input password is correct user operation is allowed to access the secure chip related operations.

Each of the above embodiments, the mobile terminal to be KI, KC and IMSI information of the mobile terminal is actually in the current user card KI, KC and IMSI information. The calculation can be combined encryption calculation.

The calculations described herein may be reversible encryption of the character string conversion cryptographic calculations with the transformation of e.g. AES (Advanced Encryption Standard) encryption algorithm or the algorithm may be irreversible transform calculation digest string, for example using MD5 (message- digest algorithm 5) information - digest algorithm 5, or a transformed form, or any other algorithm.

In each of the above embodiments, the mobile terminal and stored in the verification key verification device may be the same or different, as long as the relationship set in advance or from a ^ "a single authentication key cylinder deduced another secret key to, i.e., two keys of a symmetric key relationship can be satisfied. Since this is a symmetric key common general knowledge the skilled person, will not be described here in detail.

It will be appreciated, the above embodiments are merely preferred embodiments of the present invention, not intended to limit the present invention, any modifications within the spirit and principle of the present invention, equivalent substitutions, improvements, etc., are all included in the present invention, within the scope of protection.

Claims

Claims
CLAIMS 1. A method for setting the authentication key, between a mobile terminal and a verification apparatus, wherein the method comprises at least:
. A mobile terminal and a verification device generates a random number, and transmits the random number to be arbitrary information to another mobile terminal and the verification device;
b. a mobile terminal apparatus performs authentication and the random number and the information related to the mobile terminal calculates the joint, or random information and mobile terminal information related to the joint calculation, generates and stores a mobile terminal user to verify the legitimacy of the insurance certificate key, and another mobile terminal in the joint verification device calculates the random information and mobile terminal information, generates and stores corresponding verification key.
2. verification key setting method according to claim 1, characterized in that the same random number and the random information, a step of generating a random number and the random number to the verification device is a mobile terminal.
3. verification key setting method according to claim 2, wherein said transmitting the random number is a random number included in the authentication key transmitted setting request; the method further comprising a verification device in the authentication storage whether the key is returned, after the mobile terminal is provided for indicating a successful operation of the authentication key certificate face key setting request response message.
The authentication key setting method according to claim 1, characterized in that the same random number and the random information, a step of generating a random number for the authentication apparatus and the random number to the mobile terminal.
The authentication key setting method according to claim 4, characterized in that, prior to authentication apparatus further comprising a random number generating a key is provided a mobile terminal sends a verification request to authentication apparatus, the authentication device transmits the random number the mobile terminal is the random number contained in an authentication key setup request response transmission.
The authentication key setting method according to claim 2 or claim 5, wherein, in the step of receiving a user requires a mobile terminal user performs legality authentication after setting.
The authentication key setting method according to claim 2 or claim 5, wherein, in step b, the mobile terminal generates and stores for the mobile terminal user to verify the legitimacy of the authentication key according to the random number comprises:
The mobile terminal sends the random number to the user card in the mobile terminal;
Use their own user card information stored in the mobile terminal and the random number received joint calculation to obtain a calculation result;
The result of the calculation the user card to the mobile terminal obtained;
Mobile terminal receives the calculation result from the card user verification key is saved.
8. verification key setting method according to claim 1, characterized in that, different from the random information and the random number, a random number generated in step a mobile terminal, and to calculate the random number to obtain a random information, the information is then sent to a random face authentication apparatus; random information and mobile terminal information related to the mobile terminal in step b is calculated verification key joint.
9. The verification key setting method according to claim 8, wherein step b of the mobile terminal and the mobile terminal information related to random information generated and saved joint computing the authentication key comprises:
The mobile terminal sends the random number to the user card in the mobile terminal;
User card encrypts the random number calculation, the calculation result as the encrypted random information;
User card and calculated results of the mobile terminal related information corresponding to the encrypted joint calculation, the calculation result of a joint;
The user card encryption calculation result and returning the combined results to the mobile terminal; mobile terminal receives the combined results from the user's card verification key is stored.
10. The authentication key setting method according to claim 1, characterized in that, different from the random information and the random number, a random number generated in step a mobile terminal, and to calculate the random number to obtain a random information, and then transmits the random message to the authentication device; random number and the mobile terminal information related to the mobile terminal in step b is calculated authentication key.
11. The face of the card key setting method according to claim 10, wherein step b of the mobile terminal and the random number information of the mobile terminal generates and stores the joint calculated authentication key comprises:
The mobile terminal sends the random number to the user card in the mobile terminal;
User card joint calculation result calculated based on the first random number and information related to a corresponding mobile terminal;
User card encrypts the random number calculation, the calculation result as the second random information a; the two user card results returned to the mobile terminal;
A first mobile terminal authentication key calculation result is stored.
Was calculated from the first and second calculation result 12. The verification key setting method according to claim 11, characterized in that the random information verification apparatus and the mobile terminal information related to the joint calculation step and generates an authentication key b the results, obtained and then the first calculation result is stored as the verification key.
13. The authentication key setting method according to claim 1, wherein said mobile terminal further comprises a secure chip, the mobile terminal stores the authentication key to the authentication key stored in the security chip .
14. The face of the card key setting method according to claim 13, characterized in that, the user operates the password set in advance in the security chip, the security chip after the previous key writing or received in the user authentication is provided, further comprising a user is prompted to indicate whether the user is authorized user operation password security chip, then the judgment entered by the user operating the user password is correct, if you do the right steps a, or the end of the process.
15. verification key setting method according to claim 1, characterized in that the mobile communication terminal related information is a root key KC key KI, the user card user card, an international mobile subscriber identity IMSI of the user card , one or any combination of the international mobile equipment identity IMEI of the mobile terminal thereof.
16. verification key setting method according to claim 1, characterized in that a verification device verification key stored in the authentication key is stored in accordance with the terminal identification information corresponding calculated.
17. verification key setting method according to claim 16, characterized in that the terminal identity information is user identification information of the card, one or any combination of the user terminal and a mobile terminal number information of the identification information thereof.
18. verification key setting method according to claim 1, wherein said verification device is a home location register the HLR, Authentication Center AC and one kind of equipment identity register EIR is.
PCT/CN2005/001432 2004-09-08 2005-09-08 A method for setting the authentication key WO2006026925A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN200410074295.3 2004-09-08
CN 200410074295 CN1747384A (en) 2004-09-08 2004-09-08 Authenticated key set

Publications (1)

Publication Number Publication Date
WO2006026925A1 true true WO2006026925A1 (en) 2006-03-16

Family

ID=36036078

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/001432 WO2006026925A1 (en) 2004-09-08 2005-09-08 A method for setting the authentication key

Country Status (2)

Country Link
CN (1) CN1747384A (en)
WO (1) WO2006026925A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7860882B2 (en) 2006-07-08 2010-12-28 International Business Machines Corporation Method and system for distributed retrieval of data objects using tagged artifacts within federated protocol operations
CN101944170B (en) * 2010-09-20 2014-04-30 中兴通讯股份有限公司 Method, system and device for issuing software version
CN102595401B (en) * 2012-03-19 2018-05-04 中兴通讯股份有限公司 A method and apparatus for detecting whether a uicc pairing system and

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5613214A (en) * 1993-10-18 1997-03-18 Nec Corporation Mobile communication terminal authenticating system
US5794139A (en) * 1994-08-29 1998-08-11 Sony Corporation Automatic generation of private authentication key for wireless communication systems
WO1999025086A2 (en) * 1997-11-11 1999-05-20 Sonera Oyj Generation of a seed number

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5613214A (en) * 1993-10-18 1997-03-18 Nec Corporation Mobile communication terminal authenticating system
US5794139A (en) * 1994-08-29 1998-08-11 Sony Corporation Automatic generation of private authentication key for wireless communication systems
WO1999025086A2 (en) * 1997-11-11 1999-05-20 Sonera Oyj Generation of a seed number

Also Published As

Publication number Publication date Type
CN1747384A (en) 2006-03-15 application

Similar Documents

Publication Publication Date Title
USRE36946E (en) Method and apparatus for privacy and authentication in wireless networks
US5497421A (en) Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system
Khan et al. Cryptanalysis and security enhancement of a ‘more efficient & secure dynamic ID-based remote user authentication scheme’
He et al. A strong user authentication scheme with smart cards for wireless communications
US7480939B1 (en) Enhancement to authentication protocol that uses a key lease
US6075860A (en) Apparatus and method for authentication and encryption of a remote terminal over a wireless link
US5689563A (en) Method and apparatus for efficient real-time authentication and encryption in a communication system
US6374355B1 (en) Method for securing over-the-air communication in a wireless system
US5345506A (en) Mutual authentication/cipher key distribution system
US7373509B2 (en) Multi-authentication for a computing device connecting to a network
US6201871B1 (en) Secure processing for authentication of a wireless communications device
US6243812B1 (en) Authentication for secure devices with limited cryptography
US20080005577A1 (en) Subsidy lock enabled handset device with asymmetric verification unlocking control and method thereof
US20020187808A1 (en) Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network
US5343529A (en) Transaction authentication using a centrally generated transaction identifier
US5517567A (en) Key distribution system
US7194765B2 (en) Challenge-response user authentication
US20050177723A1 (en) SIM-based authentication method capable of supporting inter-AP fast handover
US6073237A (en) Tamper resistant method and apparatus
US20060195402A1 (en) Secure data transmission using undiscoverable or black data
US6249867B1 (en) Method for transferring sensitive information using initially unsecured communication
US20060206710A1 (en) Network assisted terminal to SIM/UICC key establishment
US20030041244A1 (en) Method for securing communications between a terminal and an additional user equipment
US20020197979A1 (en) Authentication system for mobile entities
US20120131340A1 (en) Enrollment of Physically Unclonable Functions

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct app. not ent. europ. phase