WO2006060943A1 - Authentication method - Google Patents
Authentication method Download PDFInfo
- Publication number
- WO2006060943A1 WO2006060943A1 PCT/CN2005/001767 CN2005001767W WO2006060943A1 WO 2006060943 A1 WO2006060943 A1 WO 2006060943A1 CN 2005001767 W CN2005001767 W CN 2005001767W WO 2006060943 A1 WO2006060943 A1 WO 2006060943A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- mobile terminal
- network
- random number
- security key
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
Definitions
- the present invention relates to an authentication method, and particularly to a method for generating authentication information by a network side device in a mobile communication system, a method for authenticating a network by a mobile terminal in a mobile communication system, and an authentication method in a mobile communication system .
- the current mobile terminals adopt a method of separating the cards, that is, the mobile terminal itself and the user card holding the information for verifying the wireless network users are two independent parts, and they can be combined at the time of use.
- the current user card is mainly used for the subscriber identity module card in the wireless communication system, for example, the subscriber identity module (SIM) card of the Global System for Mobile Communications (GSM) system, and the USIM card of the Wideband Code Division Multiple Access (WCDMA) communication system.
- SIM subscriber identity module
- GSM Global System for Mobile Communications
- WCDMA Wideband Code Division Multiple Access
- the use of the machine card separation method brings great convenience to the user, and also causes the mobile terminal to be stolen and robbed, so that in some places people do not dare to hang the mobile terminal at the waist.
- the new SIM card can be used without any problems.
- the thief can resell the stolen mobile terminal for profit.
- the user not only loses economic benefits, but also needs to go through a series of procedures at the communication carrier, such as changing the subscription data, which brings great inconvenience to the user.
- the mobile terminal is lost, and the user is saved in the mobile terminal. Common information, such as directory records, etc., will also be lost, which will have a significant impact on the daily life and work of the user.
- a more common method is to set password protection on the mobile terminal. For example, if the power-on password is set on the mobile terminal, the correct power-on password needs to be input every time the power is turned on, and the mobile terminal can perform subsequent operations such as registering with the network. If the power-on password is not entered correctly, the mobile terminal cannot be used normally. In this way, even if the thief gets the user's mobile terminal, it cannot be used and sold because the correct password cannot be entered. Therefore, this method solves the problem that the mobile terminal is easily stolen to some extent. However, for this method, the legitimate user needs to input the password every time the computer is turned on, which will bring great trouble to the legitimate user.
- Another solution is to build a large number of device identification register (EIR) devices and put the international mobile device identification ( ⁇ ) of the stolen mobile terminal into the corresponding EIR blacklist.
- EIR device identification register
- the mobile terminal reports the ⁇ to the network every time the network is powered on, and the related network device needs to go to the EIR device to check whether the ⁇ corresponding to the mobile terminal is added to the blacklist, if found in the blacklist.
- the network terminal considers that the mobile terminal is a stolen terminal, and the user of the mobile terminal is an illegal user, thereby rejecting the network service. In this way, the thief can also benefit from the fact that the obtained mobile terminal cannot be used again, so that the problem that the mobile terminal is easily stolen can be fundamentally solved.
- the user card can authenticate the mobile communication network, and when the rights are successful, the user card It can be used normally, and after the authentication fails, the user card cannot be used normally in the mobile communication network.
- this method can only solve the problem of user card security in the mobile terminal, and cannot solve the problem of theft of the mobile terminal itself. For example, after a thief steals a mobile terminal of a legitimate user, the user card of the legitimate user can be replaced with a user card, so that the existing authentication method can successfully authenticate the user card, so that the thief can still use the thief.
- the stolen mobile terminal cannot prohibit the stolen mobile phone from continuing to use, so that the anti-theft function of the mobile terminal cannot be achieved.
- the second generation mobile communication network does not support the terminal authentication of the terminal separated by the machine card. Therefore, the anti-theft problem cannot be solved. Summary of the invention
- an object of the present invention is to provide a method for generating authentication information by a network side device in a mobile communication system, so that the mobile terminal can authenticate the network, thereby improving the security of the mobile terminal and preventing the mobile terminal. Stolen and robbed.
- Another object of the present invention is to provide a method for a mobile terminal to authenticate a network in a mobile communication system to improve the security of the mobile terminal by authenticating the network, thereby preventing the mobile terminal from being stolen.
- Still another object of the present invention is to provide an authentication method in a mobile communication system to improve the security of the mobile terminal by authenticating the network by the mobile terminal, thereby preventing the mobile terminal from being stolen.
- a method for generating authentication information by a network device in a mobile communication system includes:
- the network device generates authentication information corresponding to the mobile terminal according to the security key and a random number.
- the authentication information herein includes the random number and an authentication token, wherein the authentication token includes at least a sequence number and a message authentication code.
- Step b generating the authentication information according to the security key and the random number includes:
- Step M includes: generating a message authentication code according to the security key, the random number, and the sequence number; and then combining the message authentication code and the sequence number into an authentication tag.
- the authentication token may further include an authentication management domain.
- the message authentication code is generated according to the security key, the random number and the sequence number, and the message is generated according to the security key, the random number, the serial number, and the authentication management domain.
- the weight coding, in the step of combining the authentication tokens, further includes the step of joining the authentication management domain.
- the network device may include a home location register/verification center HLR/AUC, the method further comprising the HLR/AUC generating a desired response, an encryption key, and an integrity key based on the authentication key and the random number; and the random number, expectation The response, encryption key, integrity key, and authentication token form a set of rights.
- the expected response, the encryption key, and the integrity key may also be generated according to the security key and the random number; and the random number, the expected response, the encryption key, the integrity key, and the authentication token are combined into an authentication set. .
- the network device can further include a mobile switching center MSC/VLR, the method further comprising the HLR/AUC transmitting the authentication set to the MSC/VLR.
- the HLR/AUC sends the authentication set to the MSC/VLR which will be greater than or equal to one authentication.
- the set is sent to the MSC/VLR.
- the HLR/AUC sends an authentication set greater than or equal to the MSC/VLR after receiving the authentication set request message from the MSC/VLR, or when the authentication set of the MSC VLR needs to be updated, Equal to an authentication set sent to the MSC/VLR.
- the method further includes the MSC/VLR transmitting a request authentication set message to the HLR/AUC when the authentication set is found without authentication of the corresponding terminal, or sending the authentication set to the HLR/AUC after using all the authentication sets of the corresponding terminal. Request message.
- the method further includes the MSC/VLR transmitting authentication information consisting of the authentication set random number and the authentication token to the mobile terminal.
- the MSC/VLR sends the authentication information to the mobile terminal after receiving the request message for triggering authentication from the mobile terminal, or when the network side needs to authenticate the mobile terminal.
- the step of updating the serial number may be further included after the authentication information is formed.
- the serial number is a serial number used for mobile terminal user card authentication.
- the method further comprises the step of setting a sequence number corresponding to the authentication of the mobile terminal; the sequence number in step b is the set sequence number corresponding to the authentication of the mobile terminal.
- the mobile terminal feature information is mobile terminal device identification information IMEL
- Setting the security key corresponding to the mobile terminal in step a is setting a security key corresponding to the subscription information of the mobile terminal user.
- the mobile terminal user subscription related information is mobile terminal user identification information IMSI or mobile terminal user card number or mobile phone number MSISDN.
- Step b may further include a step of determining whether to execute the generation of the authentication information based on the security key, and if so, performing step b; otherwise, the step of generating the authentication information based on the security key is not performed.
- the security key of step a is generated based on the random number and the authentication key. Since the network device in the mobile communication system generates the authentication information, the security key corresponding to the mobile terminal is used in advance, so that the authentication information of the method of the present invention is different from the prior art without considering the security key.
- the authentication information coupled with the processing of the mobile terminal after receiving the authentication information, can realize the authentication of the network by the mobile terminal, and the authentication is performed by the user card differently from the prior art.
- the mobile terminal authenticates the network
- the illegal user replaces a user card, because the security key stored in the mobile terminal corresponds to the network side, and the legitimate user card is used as the mobile
- the security key set by the terminal such as the security key set in the subscription information of the legitimate user, is inconsistent with the security key set in the subscription information of the illegal user, so the authentication of the network by the mobile terminal will not pass, thus, The illegal user will not be able to use the mobile terminal normally; or the security key corresponds to the security key set by the network side according to the mobile terminal identifier, so that once the user loses the mobile terminal, the operator changes the network side to correspond to his own mobile terminal.
- the security key information of the device, the mobile terminal does not pass the authentication of the network, and therefore the mobile terminal will not be able to use normally. Therefore, the authentication of the network by the mobile terminal can effectively improve the security of the mobile terminal and effectively prevent the mobile terminal from being stolen.
- a method for authenticating a communication network by a mobile terminal in a mobile communication network includes at least:
- a security key corresponding to the mobile terminal is set in advance in the mobile terminal; b. after receiving the authentication information from the network side device, the mobile terminal determines, according to the security key set by itself and the authentication information Whether the authentication of the network is passed.
- the received authentication information includes a random number and an authentication token, wherein the authentication token includes at least a sequence number and a message authentication code.
- Step b judging whether the authentication of the network is passed according to the security key set by itself and the authentication information includes: Bl. Calculate a mobile terminal message authentication code according to the security key set by itself, the received serial number and the random number;
- the step bl may further include: determining whether the authentication token of the received authentication information is acceptable, and if yes, performing step M; otherwise directly determining that the authentication of the network fails. Determining whether the authentication mark is acceptable is to compare whether the serial number in the received authentication information and the serial number set by itself meet a predetermined condition, and if so, determine that the authentication mark is acceptable; otherwise, the determination of the authentication mark is unacceptable.
- the predetermined condition is that the difference between the serial number in the received authentication information and the serial number set by itself is within a predetermined range.
- the authentication tag may further include an authentication management domain.
- a mobile terminal message authentication code is further calculated according to the security key set by itself, the received sequence number, and the random number, and further combined with the authentication management domain.
- the step of updating the serial number set by itself is further included after determining that the authentication of the network is passed.
- the serial number is the serial number used for mobile terminal user card authentication.
- the method further includes the step of setting a sequence number corresponding to the authentication of the mobile terminal; the sequence number in step b is the set sequence number corresponding to the authentication of the mobile terminal.
- Setting the security key corresponding to the mobile terminal in step a is setting a security key corresponding to the mobile terminal user card feature information.
- the user card feature information is the mobile terminal user identification information IMSI or the mobile terminal user card number in the mobile terminal user card.
- the step b may further include a step of determining whether to perform the authentication of the network according to the security key and the authentication information, and if yes, performing step b; otherwise, the step of authenticating the network to the network is not performed.
- the mobile terminal may further send a step of sending a request message for triggering authentication to the network device.
- Step b further includes generating a desired response, an encryption key, and an integrity key based on the security key and the random number, and returning the expected response to the corresponding network device.
- Step a The security key is generated based on the random number and the authentication key in the user card. Since the mobile terminal directly determines whether the authentication of the network is passed according to the security key and the received authentication information after receiving the authentication information, the user is authenticated by the user card in the prior art. . As described above, since the mobile terminal authenticates the network by itself, the security of the mobile terminal is improved, and the mobile terminal is effectively prevented from being stolen.
- an authentication method in a mobile communication network includes at least
- the network device generates authentication information corresponding to the mobile terminal according to the security key and the random number;
- the network device sends the authentication information to the mobile terminal
- the mobile terminal judges whether the authentication of the network is passed according to the security key set by itself and the received authentication information.
- the authentication information includes a random number and an authentication token, wherein the authentication token includes at least a sequence number and a message authentication code.
- the network device includes an HLR/AUC
- the step b includes: the HLR/AUC generates a profile including a random number, an expected response, an encryption key, an integrity key, and an authentication token according to the authentication key, the sequence number set by itself, and the random number. Power set.
- the network device further includes an MSC/VLR, and step b includes: HLR/AUC transmitting the authentication set to the MSC VLR.
- the network device sends the authentication information to the mobile terminal
- the MSC/VLR sends the random number and the authentication token in the authentication set to the mobile terminal as authentication information.
- the method further comprises:
- the mobile terminal sends the random number to the user card, and the user card generates the expected response and the encryption key according to the authentication key set by itself and the received random number;
- the user card sends the expected response to the mobile terminal, which then sends the expected response to
- the MSC/VLR compares whether the expected response received from the mobile terminal and the expected response received from the corresponding authentication set of the HLR/AUC are consistent. If they are consistent, the network authenticates the mobile terminal; otherwise, the network does not authenticate the mobile terminal. by.
- the user card further generates an integrity key while generating the desired response and the encryption key, the method further comprising the user card transmitting the integrity key to the mobile terminal.
- the method further includes the mobile terminal generating an integrity key based on the encryption key.
- the step of transmitting an authentication token is further included while the mobile terminal transmits the random number to the user card.
- the method further includes setting an authentication token to a predetermined value, the user card further comprising determining whether the authentication token is a predetermined value after receiving the authentication token, and if so, performing the step of generating a desired response and an encryption key; otherwise, the user The card judges whether the authentication of the network is passed.
- the network device includes an HLR/AUC, and the step 3 ⁇ 4 includes:
- the HLR/AUC generates an authentication set including a random number, an expected response, an encryption key, an integrity key, and an authentication token based on the security key, the serial number set by itself, and the random number.
- the network device further includes an MSC/VLR, and step b includes: HLR/AUC transmitting the authentication set to the MSC/VLR.
- the network device sends the authentication information to the mobile terminal, and the MSC/VLR sends the random number and the authentication token in the authentication set to the mobile terminal as authentication information.
- Step d may further include:
- the mobile terminal generates a desired response and an encryption key according to the security key set by itself and the received random number; and sends the expected response to the MSC/VLR;
- the MSC/VLR compares whether the expected response received from the mobile terminal and the expected response received from the corresponding authentication set of the HLR/AUC are consistent. If they are consistent, the network authenticates the mobile terminal; otherwise, the network does not authenticate the mobile terminal. by.
- the mobile terminal since the first aspect and the second aspect are combined, the authentication of the network by the mobile terminal itself is realized, the security of the mobile terminal is improved, and the mobile terminal is effectively prevented from being stolen. Further, the mobile terminal may also send the expected response to the MSC/VLR, and the MSC/VLR compares whether the expected response received from the mobile terminal and the expected response received from the HLR/AUC are consistent, thereby implementing the mobile terminal's authentication of the network.
- the mobile terminal can be authenticated by the network, the authentication process is further improved, and the authentication effect is improved.
- FIG. 1 is a general flow chart of generating authentication information by a network device in accordance with the present invention.
- FIG. 2 is a flow diagram of one embodiment of generating authentication information for a network device in accordance with the present invention.
- FIG. 3 is a general flow diagram of a mobile terminal authenticating a network in accordance with the present invention.
- FIG. 4 is a flow diagram of one embodiment of a mobile terminal authenticating a network in accordance with the present invention.
- FIG. 5 is a flow diagram of an overall fattening operation in accordance with the present invention.
- FIG. 6 is a flow diagram of one embodiment of an overall authentication operation in accordance with the present invention.
- FIG. 7 is a flow chart of FIG. 6 further including a process for the network to authenticate the terminal.
- FIG. 8 is a flow diagram of another embodiment of an overall authentication operation in accordance with the present invention. Mode for carrying out the invention
- step 101 a security key (SKEY) corresponding to the mobile terminal is first set in the network device.
- SKEY security key
- the SKEY corresponding to the mobile terminal may be set to the SKEY corresponding to the mobile terminal feature information, for example, the SKEY corresponding to the IMEI; or the SKEY corresponding to the mobile terminal user subscription information, or the mobile terminal user card feature information.
- step 102 the network device first generates a random number (RAND) when generating authentication information for a mobile terminal.
- RAND random number
- the network device generates authentication information using the SKEY corresponding to the mobile terminal and the generated RAND.
- the authentication information includes a random number and an authentication token (AUTN).
- the authentication token may include at least a sequence number (SQN) and a message authentication code (MAC), and may further include an Authentication Management Domain (AMF).
- SQN sequence number
- MAC message authentication code
- AMF Authentication Management Domain
- the authentication management domain and serial number are pre-set in the network device, instead of being obtained according to SKEY and RAND.
- the MAC in the AUTN is generated, and the existing SQN and AMF are generated. Combined with the calculated MAC, it constitutes AUTN.
- the invention may include two stages in the specific implementation of the authentication information generated by the network device: the first stage generates an authentication set including the authentication information and other information by the HLR/AUC, and then sends the authentication set to the MSC VLR; In the second stage, the MSC/VLR extracts the authentication information in the authentication set and sends it to the mobile terminal.
- the specific process is shown in Figure 2.
- the authentication set here includes the expected response in addition to RAND and AUTN. ( XRES ), encryption key ( CK ), and integrity key (IK ).
- the other three parameters are sent to the MSC VLR and are saved by the MSC VLR, where XRES is used when the MSC/VLR authenticates the mobile terminal, CK is used for data encryption and decryption, ⁇ is used for data integrity verification, and data is verified. Summary information. The present invention will be described later.
- the above SKEY may be generated based on a random number and an authentication key.
- a random number may be generated by one of the parties, and the random number is sent to the other party, and the network side according to the random number and the saved one corresponding to the mobile
- the authentication key of the end user card is calculated, for example, a digest calculation, and a calculation result is obtained, and the calculation result is taken as SKEY.
- the mobile terminal performs corresponding calculation according to the random number and the KI in the user card. A calculation result is obtained, and the calculation result is saved as a SKEY on the mobile terminal.
- the mobile terminal transmits the random number to the user card, and the user card performs corresponding calculation according to the random number and the KI to obtain the SKEY required by the mobile terminal and sends the SKEY to the mobile terminal.
- the above summary calculation algorithm can be selected according to the actual application.
- the security key SKEY is generated by using the random number and the authentication key to ensure that the SKEY itself does not need to be transmitted between the network device and the terminal, thereby ensuring the security of the SKEY.
- the SKEY of the corresponding mobile terminal is first saved in the HLR7AUC.
- the HLR/AUC generates a RAND using its own random number generator.
- the HLR/AUC calculates XRES, CK, and IK using its own saved authentication key (KI) and its own generated RAND.
- step 204 the HLR/AUC utilizes a preset SKEY of the corresponding mobile terminal and
- RAND and SQN generate MAC.
- the SQN here is currently known, for example, pre-set.
- the HLR/AUC will generate the MAC generated in step 204 and the known SQN. Synthesize AUTN.
- step 206 the HLR/AUC combines the RAND, the AUTN obtained in step 205, and the XRES, CK, and IK obtained in step 203 into an authentication set of the mobile terminal.
- the HLR/AUC sends the authentication set to the MSC/VLR.
- step 208 upon authentication, the MSC/VLR extracts the RAND and the AUTN in the corresponding authentication set of the mobile terminal, and sends the authentication information to the mobile terminal as the authentication information of the present invention.
- This step may be started by the mobile terminal sending a trigger message to the network side.
- the MSC/VLR initiates an authentication request to the terminal, for example, when the mobile terminal starts to log in to the network, the MSC VLR initiates an authentication request to the terminal.
- the mobile terminal may also initiate a location update request, or the service request, as a request message including trigger authentication, and the MSC/VLR sends the right to reply information to the terminal when receiving the request.
- This step may be initiated by the network side. For example, when the mobile terminal does not initiate a related request for a long time, the network side initiates an authentication process. In this case, the trigger message of the mobile terminal is not required.
- the AMF is further considered in step 204, such as using SKEY, RAND, SQN, and AMF to generate a MAC, where AMF is also currently known, for example, pre-set.
- AMF is further considered in step 205, i.e., the MAC, SQN, and AMF are combined into an AUTN.
- a step of determining whether to execute the authentication information according to the SKEY may be further included, and if yes, performing step 204; otherwise, the authentication information is directly generated according to the authentication key and the random number according to the existing process, for example, using KI, RAND, SQN, and AMF generate MACs, which are then combined into AUTNs and further combined into an authentication set.
- Determining whether to perform the generation of the authentication information according to the SKEY may be pre-setting a security flag, if the security flag is a value indicating that the authentication information needs to be generated according to the SKEY, for example, 1 It means that the authentication information needs to be generated according to the SKEY. If the security flag is a value indicating that it is not necessary to generate the authentication information according to the SKEY, for example, 0, it means that it is not necessary to generate the authentication information according to the SKEY.
- determining whether to perform the generation of the authentication information according to the SKEY may be determining whether the SKEY is a specific value, for example, 0. If yes, it means that it is not necessary to generate the authentication information according to the SKEY, if not 0 but other arbitrary values, It means that the authentication information needs to be generated according to SKEY. .
- the HLR/AUC updates the SQN once after each generation of the authentication set.
- each authentication set has a different SQN.
- the SQN update it can be performed according to a certain algorithm, and the algorithm generates a new SQN according to the original SQN.
- the HLR/AUC and the user card in the mobile terminal both store one SQN, and it is necessary to ensure that the two SQNs are synchronized before performing the authentication process.
- the SQN of the present invention can use the same SQN as the prior art, that is, the SQN for user card authentication, that is, the SQN corresponding to the network and the user card, and can be specifically referred to the relevant protocol provisions of 3GPP 33.102/29.002.
- the present invention additionally provides a separate SQN dedicated to mobile terminal authentication, and the mobile terminal and the HLR/AUC also synchronize the SQN.
- the SQN set separately and the SQN saved in the user card can take the same value.
- the HLR/AUC sends the authentication set to the MSC/VLR after receiving the request authentication set message from the MSC/VLR, or when the authentication set saved in the MSC/VLR needs to be refreshed.
- the HLR/AUC Before sending the authentication set to the MSC/VLR, the HLR/AUC generally generates multiple authentication sets, so that after receiving the request message from the MSC/VLR for obtaining the authentication set, one can only send one to the MSC/VLR at a time.
- the authentication set may also send multiple authentication sets together to the MSC/VLR, for example, sending three authentication sets at a time to MSC/VLR, of course, the request message of the MSC/VLR requesting the authentication set may further include the number of authentication sets that need to be returned by the HLR/AUC, and the HLR/AUC according to the request of the MSC/VLR and the authentication currently saved by itself.
- the number of sets determines the number of authentication sets returned to the MSC/VLR. For example, if the HLR/AUC generates 5 authentication sets and the MSC/VLR requests 3 authentication sets, the HLR/AUC returns 3 to the MSC/VLR. If the HLR/AUC generates 2 authentication sets and the MSC/VLR requests 3 authentication sets, the HLR/AUC returns 2 authentication sets to the MSC/VLR.
- the MSC/VLR When the MSC/VLR is authenticated, for example, after receiving the request message for triggering authentication from the mobile terminal, or when the mobile terminal needs to be authenticated, an authentication set is taken from the saved authentication set of the terminal, and The authentication information such as RAND and AUTN included in the terminal is sent to the terminal. If the MSC/VLR finds that the authentication set sent from the HLR/AUC has been used up when the MSC/VLR is taken, the MSC/VLR sends a command to obtain an authentication set to the HLR/AUC.
- the foregoing calculation of the authentication set operation may be completed in the AUC, and the AUC sends the calculated authentication set to the HLR for temporary storage, and the HLR receives the request message of the MSC/VLR request authentication set, or needs to refresh.
- the authentication set is saved in the MSC/VLR, one or more authentication sets are sent to the MSC/VLR for storage. Since HLR and AUC are generally integrated in practice, the present invention is called HLR/AUC.
- the MSC/VLR is a general term for the mobile switching center and the visited location register module.
- operations such as saving the authentication set, requesting the authentication set from the HLR, and authenticating the terminal can be implemented by the VLR.
- the VLR is generally implemented as a module of the MSC, the MSC and the VLR are collectively referred to as the MSC/VLR in the present invention.
- the HLR/AUC calculates XRES, CK and IK using its own saved authentication key (KI) and its own generated RAND.
- HLR/AUC it is also possible for HLR/AUC to calculate XRES, CK and IK using their own saved SKEY and their own generated RAND.
- the terminal completely replaces the user card to complete and The mutual authentication process of the network.
- the security key SKEY of the terminal is required to be generated based on the authentication key KI.
- the step of updating the authentication set saved in the MSC/VLR may be further included.
- the authentication information in the authentication set generated according to the original SKEY is invalid. Therefore, it is necessary to regenerate the authentication set and update the authentication set saved in the MSC/VLR.
- the SQN specifically set for the authentication of the mobile terminal can be re-initialized after the SKEY is set.
- the above describes the processing of generating authentication information by the network device side. After the network device generates the authentication information, the authentication information is sent to the corresponding mobile terminal. The following describes the processing performed after the mobile terminal receives the authentication information.
- Fig. 3 shows a general method flow for a mobile terminal to authenticate a communication network in a mobile communication network.
- the mobile terminal first sets a SKEY, and the SKEY here is the same as the SKEY set and saved on the network device side corresponding to its own.
- step 302 after receiving the authentication information from the network device side, the mobile terminal determines whether the authentication of the network is passed according to the authentication information and the SKEY saved by itself. If yes, the mobile terminal can access the network normally in step 303. If it does not pass, it is considered illegal, and in step 304, its normal use is stopped.
- Stopping your normal use here may not allow you to access the network, or directly power off or shut down, etc., and you can also send a short message to inform relatives or friends or security agencies.
- the mobile terminal authenticating the network is shown in Figure 4.
- the mobile terminal first saves an SKEY, where the SKEY and the SKEY stored on the network device side are consistent with each other.
- the terminal and the network side respectively store a pair of symmetric keys, which are usually the same for symmetric keys.
- step 402 after receiving the RAND and AUTN from the MSC/VLR, the mobile terminal first determines whether the AUTN is acceptable, and determines whether the AUTN is acceptable or not by determining the SQN therein.
- the mobile terminal and the network side pre-store a synchronized SQN. In this way, when receiving the authentication information of the network side, the terminal determines whether the AUTN can be accepted by comparing whether the SQN in the saved SQN and the AUTN meets predetermined conditions.
- the predetermined condition may be that the difference between the SQN in the AUTN and the SQN saved by the mobile terminal itself is within a predetermined range.
- step 403 If the mobile terminal determines that the difference between the SQN in the AUTN and the SQN saved by itself is within the predetermined range, it is determined that the AUTN is acceptable, and step 403 is continued; otherwise, it is determined that the AUTN is unacceptable, and it is determined directly in step 405. The authentication of the network failed.
- step 403 the mobile terminal calculates a MAC value according to the SKEY and the received RAND and SQN, and compares whether the calculated MAC value and the MAC value in the AUTN are consistent. If they are consistent, the mobile terminal determines in step 404. The authentication is passed; otherwise, in step 405, it is determined that the authentication of the network has failed.
- the mobile terminal After the mobile terminal determines that the authentication of the network is passed, it updates the saved SQN by using the SQN in the received AUTN.
- the AMF is further considered in step 403, for example, using its own SKEY, the received RAND, SQ, and AMF to generate a MAC value, where the SQN and the AMF are carried in the AUTN.
- step 402 a step of determining whether to perform authentication on the network according to SKEY may be further included. If yes, step 402 is performed; otherwise, RAND is sent to the user card according to the existing process, and the network is authenticated by the user card. . Determining whether to perform authentication according to the SKEY may be pre-set a security flag. If the security flag indicates a value indicating that the network needs to be authenticated according to the SKEY, for example, 1 means that the network needs to be authenticated according to the SKEY. If the security flag is a value indicating that the network does not need to be authenticated according to SKEY, for example 0, it means that the network does not need to be authenticated according to SKEY.
- determining whether to perform authentication according to the SKEY may be determining whether the SKEY is a specific value, for example, 0. If yes, it means that the network is not required to be authenticated according to the SKEY, if not 0, but other arbitrary A value indicates that the network needs to be authenticated according to SKEY.
- the SQN here can use the same SQN as the prior art, that is, the SQN for user card authentication, that is, the SQN corresponding to the network and the user card.
- the present invention additionally provides a separate SQN dedicated to mobile terminal authentication, and the mobile terminal and the HLR/AUC also synchronize the SQN.
- the SQN set separately and the SQN saved in the user card can take the same value.
- the SKEY in the mobile terminal may be the SKEY corresponding to the number of the user card or IMSI.
- the SKEY can be directly saved in the mobile terminal instead of being saved according to the number of the supported user card or IMSI.
- the mobile terminal can select which SKEY to use to authenticate the network according to the current user card number or IMSI. Since the case of supporting multiple cards is an extended application example of the present invention, it is easy for a person skilled in the art to develop a specific application in accordance with the idea of the present invention, and therefore, a detailed description thereof will not be given here.
- a SKEY corresponding to the authentication of the mobile terminal is first set in the network device and the mobile terminal.
- the SKEY set by the network side device herein may be an SKEY set corresponding to the mobile terminal characteristic information, or may be an SKEY corresponding to the IMSI of the user card.
- the network side device can also set the SKEY according to the user's mobile terminal number MSISDN.
- step 502 the network device first generates a RAND when generating authentication information for a certain mobile terminal.
- the network device generates authentication information using the SKEY corresponding to the mobile terminal and the generated RAND.
- the network device transmits the authentication information to the corresponding mobile terminal.
- step 505 after receiving the authentication information from the network device side, the mobile terminal determines whether the authentication of the network is passed according to the authentication information and the SKEY saved by itself. If yes, the mobile terminal can access the network normally. If it does not pass, it is considered illegal, and in step 507, its normal use is stopped.
- the mobile terminal After the mobile terminal determines that the authentication of the network is passed, it updates the saved SQN by using the SQN in the received AUTN.
- step 601 the SKEY corresponding to the mobile terminal authentication is first saved in the HLR/AUC and the mobile terminal.
- the HLR/AUC generates a RAND using its own random number generator.
- the HLR/AUC calculates XRES, CK, and IK using its own stored authentication key (KI) and its own generated RAND.
- step 604 the HLR/AUC utilizes the SKEY of the corresponding mobile terminal saved in advance and RAND and SQN generate a MAC.
- the SQN here is currently known, for example, pre-set.
- the HLR/AUC combines the MAC and the known SQN into an AUTN.
- the AMF is further considered in step 604, for example, using SKEY, RAND, SQN, and AMF to generate a MAC, where the AMF is also pre-set.
- AMF is further considered, that is, MAC, SQN, and
- AMF is combined into AUTN.
- the HLR/AUC groups RAND, AUTN, XRES, CK, and IK into an authentication set.
- the HLR/AUC sends the authentication set to the MSC/VLR.
- step 608 upon authentication, the MSC/VLR extracts RAND and AUTN in the corresponding authentication set of the mobile terminal, and sends the authentication information to the mobile terminal as the authentication information of the present invention.
- This step may be started by the mobile terminal sending a trigger message to the network side.
- the MSC/VLR initiates an authentication request to the terminal, for example, when the mobile terminal starts to log in to the network, the MSC VLR initiates an authentication request to the terminal.
- This step may be initiated by the network side. For example, when the mobile terminal does not initiate a related request for a long time, the network side initiates an authentication process.
- step 609 after receiving the RAND and AUTN from the MSC/VLR, the mobile terminal first determines whether the AUTN is acceptable, for example, determining whether the difference between the SQN in the AUTN and the SQN saved by itself is within a predetermined range, and if so, If it is determined that the AUTN is acceptable, proceed to step 610; otherwise, it is determined that the AUTN is unacceptable, and it is determined directly in step 612 that the authentication of the network fails.
- the mobile terminal may send a synchronization command of the synchronous SQN to the network side.
- the terminal and the network corresponding to the saved SQN are synchronized.
- SQN synchronization process refer to the prior art regarding SQN.
- the related protocol of 3GPP 33.102/29.002 for a description of the synchronization, refer to the related protocol of 3GPP 33.102/29.002, and details are not described herein again.
- step 610 the mobile terminal calculates a MAC value according to its SKEY and the received RAND and SQN, and compares whether the calculated MAC value and the MAC value in the AUTN are consistent. If they are consistent, it is determined in step 611 for the network. Authentication passes; otherwise, at step 612, it is determined that authentication of the network has failed.
- the SQN saved by the received AUTN is used to update the saved SQN.
- the AMF is further considered in step 610, for example, using its own SKEY, received RAND, SQN, and AMF to generate a MAC value, where the SQN and AMF are carried in the AUTN.
- the foregoing describes the processing of authenticating the network by the mobile terminal of the present invention.
- the present invention may further include the process of authenticating the mobile terminal by the network, that is, after step 611, continuing to perform subsequent authentication of the terminal by the network. step.
- steps 701-712 and steps 601-612 are identical, and the description is not repeated, and a letter A is used instead.
- the mobile terminal transmits RAND to the user card.
- the user card generates XRES, CK, and IK using its own KI and the received RAND.
- the user card transmits the generated XRES to the mobile terminal.
- the mobile terminal transmits the XRES received from the subscriber card to the MSC/VLR.
- the MSC/VLR compares whether the XRES received from the mobile terminal and the corresponding authentication set XRES of the mobile terminal received from the HLR/AUC are consistent. If so, it is determined in step 718 that the network authenticates the mobile terminal; otherwise, in step 719, it is determined that the network failed to authenticate the mobile terminal.
- the mobile terminal is transmitting RAND
- AUTN can be sent, so that the user card can further authenticate the network according to AUTO and its own KI.
- the mobile terminal can set the AUTN sent to the user card to a special value indicating that the mobile terminal authenticates the network, and the user card uses only KI and RAND after determining that the AUT is the special value.
- XRES, CK, and IK and no longer authenticate the network based on AUTN and KI.
- the mobile terminal before the mobile terminal sends the XRES received from the user card to the MSC VLR, it can determine whether the network is a second generation mobile communication network. If so, the mobile terminal can be derived for the second generation according to XRES, CK, IK, etc.
- the network authentication SRES2g (Signed Response symbol response) and KC2g (Cipher Key cipher key) are transmitted to the MSC/VLR using the generated SRES2g instead of XRES, and the KC2g and the network side are used for encryption and decryption of related communication.
- the relevant derivation method has suggestions in the relevant protocols in the existing 3GPP, and will not be mentioned here.
- GSM 03.20 and GSM 09.02 for the authentication of the second generation mobile communication network.
- XRES, CK, IK can also be generated by SEY and RAND, and in this case, another embodiment as shown in Fig. 8 is proposed.
- step 801 the SKEY corresponding to the mobile terminal authentication is first saved in the HLR/AUC and the mobile terminal.
- the HLR/AUC uses its own random number generator to generate a RAND.
- the HLR/AUC calculates XRES, CK, and IK using the pre-stored SKEY of the corresponding mobile terminal and the RAND generated by itself.
- step 804 the HLR/AUC utilizes the SKEY of the corresponding mobile terminal saved in advance and RAND and SQN generate a MAC.
- the SQN here is currently known, for example, pre-set.
- the HLR/AUC combines the MAC and the known SQN into an AUTN.
- the AMF is further considered in step 804, for example, using SKEY, RAND, SQN, and AMF to generate a MAC, where the AMF is also pre-set.
- AMF is further considered, that is, MAC, SQN, and
- AMF is combined into AUTN.
- the HLR/AUC groups RAND, AUTN, XRES, CK, and IK into an authentication set.
- the HLR/AUC sends the authentication set to the MSC/VLR.
- step 808 during authentication, the MSC/VLR extracts the RA D and the AUTN in the corresponding authentication set of the mobile terminal, and sends the authentication information to the mobile terminal as the authentication information of the present invention.
- step 809 after receiving the RAND and AUTN from the MSC/VLR, the mobile terminal first determines whether the AUTN is acceptable, for example, determining whether the difference between the SQN in the AUTN and the SQN saved by itself is within a predetermined range, and if so, Determining that the AUTN is acceptable, proceeding to step 810; otherwise, determining that the AUTN is unacceptable, directly determining that the authentication of the network fails in step 812.
- the mobile terminal may send an SQN unacceptable command to the network side. For example, a synchronous SQN synchronization command is initiated, and the terminal and the corresponding SQN saved by the network are synchronized through the synchronization process.
- step 810 the mobile terminal calculates a MAC value according to its SKEY and the received RAND and SQN, and compares whether the calculated MAC value and the MAC value in the AUTN are consistent. If they are consistent, the mobile terminal determines in step 811. The authentication is passed; otherwise, in step 812, it is determined that the authentication of the network has failed.
- the SQN saved by the received AUTN is used to update the saved SQN.
- the AMF is further considered in step 810, for example, using its own SKEY, received RAND, SQN, and AMF to generate a MAC value, where SQN and AMF are carried in the AUTO.
- the mobile terminal generates X ES, CK, and IK using its own SKEY and the received RAND. Send the XRES generated by yourself to the MSC/VLR.
- the MSC/VLR compares whether the XRES received from the mobile terminal and the corresponding authentication set XRES of the mobile terminal received from the HLR 7AUC are consistent. If they are consistent, it is determined in step 815 that the network authenticates the mobile terminal; otherwise, in step 816, it is determined that the network fails to authenticate the mobile terminal.
- the network device may send the authentication information once or multiple times when transmitting the authentication information to the terminal. For example, the first transmission of a random number RAND, the second transmission of the authentication token AUTN.
- RAND random number
- AUTN the authentication token AUTN
- the MSC/VLR may send authentication information such as RAND and AUTN to the mobile terminal through an authentication command at a time, and in the second generation mobile communication network, the MSC/VLR may need to pass two or more times.
- the authentication information such as RAND and AUTN is sent to the mobile terminal through the authentication command of the second generation network.
- the algorithm used in the present invention to generate a random number, generate an authentication set, and generate a desired response XRES, an encryption key, an integrity key, a message authentication code MAC, etc. may be specified or suggested by an existing 3GPP protocol.
- the algorithm can also determine the algorithm separately.
- For the authentication of the third generation mobile communication network please refer to 3G TS 33.102 and 3G TS 29.002.
- the above MSC/VLR device is a circuit domain device, and for a packet domain network, the corresponding MSC/VLR device may be an SGSN.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Lock And Its Accessories (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AT05802192T ATE454000T1 (de) | 2004-10-27 | 2005-10-26 | Authentifizierungsverfahren |
DE602005018638T DE602005018638D1 (de) | 2004-10-27 | 2005-10-26 | Authentifizierungsverfahren |
EP05802192A EP1758417B1 (en) | 2004-10-27 | 2005-10-26 | Authentication method |
US11/612,314 US8909193B2 (en) | 2004-10-27 | 2006-12-18 | Authentication method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2004100878811A CN1767430B (zh) | 2004-10-27 | 2004-10-27 | 鉴权方法 |
CN200410087881.1 | 2004-10-27 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/612,314 Continuation US8909193B2 (en) | 2004-10-27 | 2006-12-18 | Authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006060943A1 true WO2006060943A1 (en) | 2006-06-15 |
Family
ID=36577654
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2005/001767 WO2006060943A1 (en) | 2004-10-27 | 2005-10-26 | Authentication method |
Country Status (6)
Country | Link |
---|---|
US (1) | US8909193B2 (zh) |
EP (1) | EP1758417B1 (zh) |
CN (1) | CN1767430B (zh) |
AT (1) | ATE454000T1 (zh) |
DE (1) | DE602005018638D1 (zh) |
WO (1) | WO2006060943A1 (zh) |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7831237B2 (en) * | 2006-02-03 | 2010-11-09 | Broadcom Corporation | Authenticating mobile network provider equipment |
US8265593B2 (en) | 2007-08-27 | 2012-09-11 | Alcatel Lucent | Method and system of communication using extended sequence number |
US8379854B2 (en) * | 2007-10-09 | 2013-02-19 | Alcatel Lucent | Secure wireless communication |
KR100905072B1 (ko) * | 2007-12-18 | 2009-06-30 | 주식회사 케이티프리텔 | 강제 재위치 등록에 의한 도난 단말 사용 저지 방법 및시스템 |
US8600058B2 (en) * | 2009-03-27 | 2013-12-03 | Samsung Electronics Co., Ltd. | Generation of self-certified identity for efficient access control list management |
CN101959172A (zh) * | 2009-07-17 | 2011-01-26 | 中兴通讯股份有限公司 | Ngn中身份标识和位置分离的附着方法及系统 |
US20110197267A1 (en) * | 2010-02-05 | 2011-08-11 | Vivianne Gravel | Secure authentication system and method |
CN102395130B (zh) * | 2011-11-01 | 2014-06-04 | 重庆邮电大学 | 一种lte中鉴权的方法 |
CN102595401B (zh) * | 2012-03-19 | 2018-05-04 | 中兴通讯股份有限公司 | 一种检测uicc和设备是否配对的方法和系统 |
CN102905264B (zh) * | 2012-10-11 | 2015-01-21 | 东信和平科技股份有限公司 | 一种基于sim卡的网络服务保护方法及系统 |
US8914853B2 (en) * | 2012-12-07 | 2014-12-16 | Verizon Patent And Licensing Inc. | Blocking network access for unauthorized mobile devices |
CN104754577B (zh) * | 2013-12-31 | 2019-05-03 | 华为技术有限公司 | 一种选择认证算法的方法、装置及系统 |
US10211990B2 (en) | 2014-07-25 | 2019-02-19 | GM Global Technology Operations LLC | Authenticating messages sent over a vehicle bus that include message authentication codes |
CN106411522A (zh) * | 2015-08-03 | 2017-02-15 | 中兴通讯股份有限公司 | 一种基于智能卡的在线认证方法、智能卡及认证服务器 |
US9992810B2 (en) * | 2015-08-26 | 2018-06-05 | Samsung Electronics Co., Ltd | Method for providing integrity protection in a dual SIM dual standby device |
CN105825120B (zh) * | 2016-03-11 | 2019-09-10 | 北京天创征腾信息科技有限公司 | 一种计算机与移动终端之间交互认证的方法及系统 |
US9807615B2 (en) | 2016-03-17 | 2017-10-31 | International Business Machines Corporation | Disabling a mobile device that has stolen hardware components |
CN105871935A (zh) * | 2016-06-21 | 2016-08-17 | 珠海市魅族科技有限公司 | 一种移动通信的方法及装置 |
CN106028331B (zh) * | 2016-07-11 | 2020-03-10 | 华为技术有限公司 | 一种识别伪基站的方法及设备 |
CN107071773B (zh) * | 2016-11-24 | 2021-01-08 | 奇酷互联网络科技(深圳)有限公司 | 一种网络连接建立方法及装置 |
US10608822B2 (en) * | 2017-04-26 | 2020-03-31 | Nxp B.V. | Efficient calculation of message authentication codes for related data |
WO2018208221A1 (zh) * | 2017-05-09 | 2018-11-15 | 华为国际有限公司 | 网络认证方法、网络设备及终端设备 |
CN114499925A (zh) | 2018-08-06 | 2022-05-13 | 华为技术有限公司 | 一种签约信息配置方法及通信设备 |
CN109219037A (zh) * | 2018-09-19 | 2019-01-15 | 东信和平科技股份有限公司 | 智能卡上多个号码同时待机的实现方法、装置及存储介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020114469A1 (en) * | 2001-02-21 | 2002-08-22 | Stefano Faccin | Method and system for delegation of security procedures to a visited domain |
US20020187808A1 (en) * | 2001-06-12 | 2002-12-12 | Jari Vallstrom | Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network |
CN1419793A (zh) * | 2000-03-30 | 2003-05-21 | 诺基亚公司 | 用户鉴权 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI102235B1 (fi) * | 1996-01-24 | 1998-10-30 | Nokia Telecommunications Oy | Autentikointiavainten hallinta matkaviestinjärjestelmässä |
DE10026326B4 (de) * | 2000-05-26 | 2016-02-04 | Ipcom Gmbh & Co. Kg | Verfahren zur kryptografisch prüfbaren Identifikation einer physikalischen Einheit in einem offenen drahtlosen Telekommunikationsnetzwerk |
US8526914B2 (en) * | 2004-06-04 | 2013-09-03 | Alcatel Lucent | Self-synchronizing authentication and key agreement protocol |
-
2004
- 2004-10-27 CN CN2004100878811A patent/CN1767430B/zh active Active
-
2005
- 2005-10-26 DE DE602005018638T patent/DE602005018638D1/de active Active
- 2005-10-26 EP EP05802192A patent/EP1758417B1/en active Active
- 2005-10-26 WO PCT/CN2005/001767 patent/WO2006060943A1/zh active Application Filing
- 2005-10-26 AT AT05802192T patent/ATE454000T1/de not_active IP Right Cessation
-
2006
- 2006-12-18 US US11/612,314 patent/US8909193B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1419793A (zh) * | 2000-03-30 | 2003-05-21 | 诺基亚公司 | 用户鉴权 |
US20020114469A1 (en) * | 2001-02-21 | 2002-08-22 | Stefano Faccin | Method and system for delegation of security procedures to a visited domain |
US20020187808A1 (en) * | 2001-06-12 | 2002-12-12 | Jari Vallstrom | Method and arrangement for encrypting data transfer at an interface in mobile equipment in radio network, and mobile equipment in radio network |
Also Published As
Publication number | Publication date |
---|---|
EP1758417A4 (en) | 2007-10-31 |
DE602005018638D1 (de) | 2010-02-11 |
CN1767430B (zh) | 2010-04-21 |
US8909193B2 (en) | 2014-12-09 |
ATE454000T1 (de) | 2010-01-15 |
EP1758417A1 (en) | 2007-02-28 |
EP1758417B1 (en) | 2009-12-30 |
US20070173229A1 (en) | 2007-07-26 |
CN1767430A (zh) | 2006-05-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2006060943A1 (en) | Authentication method | |
JP4615892B2 (ja) | 通信システム内での認証の実行 | |
US7904072B2 (en) | Method and apparatus for secure immediate wireless access in a telecommunications network | |
JP4263384B2 (ja) | ユーザ加入識別モジュールの認証についての改善された方法 | |
JP6632713B2 (ja) | 直接通信キーの確立のための方法および装置 | |
CA2579272C (en) | Method and apparatus for pseudo-secret key generation to generate a response to a challenge received from service provider | |
CN102318386B (zh) | 向网络的基于服务的认证 | |
WO2006128364A1 (fr) | Procede et systeme de mise a jour d'une cle secrete | |
TW200952424A (en) | Authenticating a wireless device in a visited network | |
WO2009002236A1 (en) | A method and apparatus for enabling connectivity in a communication network | |
KR20070091266A (ko) | 구별되는 랜덤한 시도들을 사용하는 부트스트랩 인증 | |
EP2340656A1 (en) | Secure negotiation of authentication capabilities | |
WO2012174959A1 (zh) | 一种机器到机器通信中组认证的方法、系统及网关 | |
EP1992185A2 (en) | Fast re-authentication method in umts | |
WO2006047938A1 (fr) | Procede permettant a un equipement de reseau de produire un nombre aleatoire d'authentification de carte d'abonne et procede d'authentification | |
WO2013185709A1 (zh) | 一种呼叫认证方法、设备和系统 | |
WO2011124051A1 (zh) | 终端鉴权方法及系统 | |
CN100466806C (zh) | 一种移动终端和网络设备之间的鉴权方法 | |
US8229398B2 (en) | GSM authentication in a CDMA network | |
CN101160784B (zh) | 一种密钥更新协商方法及装置 | |
WO2006050663A1 (fr) | Procede de definition de code de securite | |
CN101228769B (zh) | 在通用引导架构(gba)中结合认证偏好来提供移动节点标识的装置、方法和计算机程序产品 | |
Parne et al. | SEACE: Security enhanced and computationally efficient AKA protocol for UMTS networks | |
WO2007124657A1 (fr) | Procédé, système et dispositif d'authentification | |
Lee et al. | Improved authentication scheme in W-CDMA networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 11612314 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005802192 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 4763/CHENP/2006 Country of ref document: IN |
|
WWP | Wipo information: published in national office |
Ref document number: 2005802192 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 11612314 Country of ref document: US |