WO2018004114A2 - Système d'authentification de proxy, et procédé d'authentification pour fournir un service de proxy - Google Patents

Système d'authentification de proxy, et procédé d'authentification pour fournir un service de proxy Download PDF

Info

Publication number
WO2018004114A2
WO2018004114A2 PCT/KR2017/003364 KR2017003364W WO2018004114A2 WO 2018004114 A2 WO2018004114 A2 WO 2018004114A2 KR 2017003364 W KR2017003364 W KR 2017003364W WO 2018004114 A2 WO2018004114 A2 WO 2018004114A2
Authority
WO
WIPO (PCT)
Prior art keywords
proxy
authentication
terminal
key
information
Prior art date
Application number
PCT/KR2017/003364
Other languages
English (en)
Korean (ko)
Other versions
WO2018004114A3 (fr
Inventor
전병천
김의국
이창우
최재원
Original Assignee
(주)넷비젼텔레콤
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)넷비젼텔레콤 filed Critical (주)넷비젼텔레콤
Publication of WO2018004114A2 publication Critical patent/WO2018004114A2/fr
Publication of WO2018004114A3 publication Critical patent/WO2018004114A3/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords

Definitions

  • the present invention relates to a proxy authentication system and an authentication method for providing a proxy service. More specifically, proxy authentication is performed by checking whether the same key value is used instead of matching subscriber information in proxy authentication performed every proxy session.
  • the present invention relates to a proxy authentication system and an authentication method for providing a proxy service that can rapidly perform proxy authentication and minimize performance degradation that occurs during proxy authentication in a commercial mobile network with a large number of subscribers.
  • Proxy Server technology is a technology that provides additional services for a packet by passing a specific proxy server before the packet arrives at the receiving end. It is used to provide differentiated supplementary services to network users such as observation, data leakage prevention, and providing aggregation point for MPTCP.
  • Proxy Server technology provides additional services to users, it may be necessary to provide only to specific users.
  • standard specifications RFC1928, RFC1929, etc. of Proxy Server technology provide a user authentication method using Username / Password.
  • this username / password user authentication method when used in a commercial network that covers a large number of subscribers, is a proxy authentication procedure that must be contrasted with a large amount of information and the administrative burden of managing a database that manages a large number of subscriber information. There is a limit that the degradation of proxy service provisioning performance occurs.
  • the proxy server passes the information required for authentication (eg Username / Password) to the authentication server and allows or denies the access according to the result of the authentication server.
  • this method is not suitable for MPTCP-based aggregation applications because the access delay is long and processing performance is deteriorated when it is necessary to determine whether access from a plurality of mobile terminals in real time.
  • the present invention has been made to solve the above problems, and an object of the present invention is to manage the management of millions of subscribers while using the existing proxy authentication method when providing a service using a proxy in a commercial mobile network having millions or more of subscribers. It is to provide proxy authentication system and authentication method for proxy service provision that can reduce proxy performance and subscriber management burden by the number of subscribers by not needing.
  • Proxy authentication system for providing a proxy service according to an embodiment of the present invention includes a Proxy-Manager for pre-authenticating subscribers and forwarding initial configuration information for proxy authentication without subscriber information to the terminal and the Proxy-Server; A terminal for generating a username code1 and a password code2 constituting a proxy authentication packet based on the initial configuration information received from the proxy-manager, and transmitting the proxy authentication packet to the proxy-server; And based on the initial configuration information received from the Proxy-Manager, generates an analysis key to enable authentication processing without subscriber information, perform authentication by using the analysis key in the authentication request of the terminal, authentication And a Proxy-Server for restoring and storing the information of the completed subscriber.
  • the initial configuration information may include a usage code list including each terminal-independent code item and / or a code item dependent on each terminal, a group code, a shared secret for generating an One Time Password (OTP), and a random- Including the length of the number, each terminal non-dependent code item of each code item included in the use code list, the value of the code item if the value of the code item that can not be collected from the network is included It may further include.
  • OTP One Time Password
  • code2 is a random-number equal to the length of the code item included in the use code list received from the proxy-manager and the length of the random number among the value of the terminal dependent code item that each terminal can store.
  • Code1 may be generated by combining the UE-ID having the terminal information and the Random-Number and then encrypting using a Proxy authentication key generated based on the initial configuration information.
  • the proxy authentication key includes a Group-Key and a Master-key
  • the Group-Key is generated based on the Group Code
  • the Master-key is based on the Shared Secret for OTP generation included in the use code list OTP generated by, and may be composed of each code item included in the use code list.
  • the Proxy authentication key may be updated whenever one or more events occur, such as reaching a regeneration period of an OTP value, receiving an authentication policy change from the Proxy-Manager, or changing a value of each code item included in a use code list. have.
  • the Proxy-Server may perform authentication without subscriber information by checking whether the analysis key is the same as the Proxy authentication key used when the terminal encrypts the Code1.
  • the Proxy-Server extracts a Random-Number from Code2 contained in the Password field of the Proxy authentication packet received from the terminal, and decrypts the information stored in the Username field of the Proxy authentication packet using the analysis key. After extracting the decrypted Code1, it may be determined whether the analysis key is the same as the Proxy authentication key by comparing the Random-Number extracted from the decrypted Code1 and the Random-Number extracted from the Code2.
  • the Proxy-Server generates an OTP at a plurality of preset time points in order to overcome the difference in the OTP value due to time asynchronous with the terminal, and proceeds with the analysis key generation and authentication attempt by the number of generated OTPs. Can be.
  • the proxy-manager pre-authenticates a subscriber and initializes initial setting information for performing proxy authentication without subscriber information to the terminal and the proxy-server.
  • a transmitter-side key generation step of generating, by the terminal, Code1 and Code2 used for a proxy authentication packet based on the initial configuration information received from the Proxy-Manager;
  • An authentication packet transmission step of transmitting, by the terminal, the Code1 and Code2 to the Proxy-Server in the Username field and the Password field of the Proxy authentication packet, respectively;
  • An analysis key generation step of generating an analysis key for allowing the Proxy-Server to process the authentication request without subscriber information based on the initial configuration information received from the Proxy-Manager when an authentication request is made by the terminal;
  • an authentication and user information restoration step in which the Proxy-Server processes the authentication request of the terminal and restores and stores the information of the subscriber which has been authenticated upon successful authentication.
  • the code2 includes a code item value included in a usage code list received from the proxy-manager among terminal-dependent values that each terminal can store, and a random received from the proxy-manager. It consists of a random number as long as the number of -Number, Code1 is encrypted by using the Proxy authentication key generated based on the initial configuration information after combining the UE-ID having the information of the terminal and the Random-Number Can be generated.
  • the proxy authentication key includes a Group-Key and Master-key
  • the Group-Key is generated based on the Group Code
  • the Master-key based on the Shared Secret for generating OTP included in the initial configuration information
  • the generated OTP and each code item included in the usage code list may be included.
  • the proxy-server of the OTP generated at a plurality of preset time points to overcome the difference in the OTP value due to time asynchronous with the terminal The number of times may be repeated to attempt authentication of the terminal.
  • the terminal can be authenticated without subscriber information by checking whether the analysis key is the same as the Proxy authentication key used when the terminal encrypts the Code1.
  • the authentication and user information restoration step may include: extracting a Random-Number from Code2 contained in a Password field of a Proxy authentication packet transmitted from the terminal; Extracting the decrypted Code1 by decrypting the information stored in the Username field of the Proxy authentication packet by using the analysis key, and extracting a Random-Number included in the decrypted Code1; Contrasting the Random-Number extracted from Code1 with the Random-Number extracted from Code2; And when the two random numbers coincide, completing terminal authentication, and extracting user information of the authenticated terminal from the proxy authentication packet and storing them for monitoring proxy service usage and usage pattern information of each proxy service subscriber. Can be done.
  • the Proxy Server used to provide additional network services provides a number of Proxy authentication requests received from multiple subscribers while providing proxy services in a network having a large number of subscribers. You have to deal quickly.
  • the present invention regardless of the number of subscribers to provide a constant proxy authentication performance, even when used in a network having a large number of subscribers, it is possible to provide a proxy service and authentication without degradation.
  • one of the major problems faced when installing equipment that provides differentiated additional services for each subscriber is management of the subscriber.
  • the use of subscriber database is essential.
  • the proxy server using the authentication concept of the present invention uses subscriber information for subscriber authentication. Since it is not used, it can be freed from the management burden on subscriber information.
  • FIG. 1 is a configuration diagram of an entire network of an MPTCP Aggregation service system which is an embodiment of a proxy authentication system of the present invention.
  • FIG. 3 is an introduction to the Proxy Server's Proxy Authentication Key Generation for solving the difference in OTP caused by network delay or time synchronization delay.
  • 9 is a description of a proxy authentication key generation method.
  • 11 is a description of the procedure of the authentication and user information restoration step.
  • One embodiment of the present invention is a typical server that a terminal of a particular subscriber does not support MPTCP using MPTCP using an Aggregation Point Proxy Server for MPTCP (MPTCP) in a commercial network
  • MPTCP Aggregation Point Proxy Server for MPTCP
  • This is a proxy authentication system and authentication method that does not require extensive subscriber management in Proxy-Server and does not cause deterioration of proxy performance when proceeding with authentication of a specific subscriber's terminal using Username / Password. .
  • the proxy authentication system includes a Proxy-Manager for pre-authenticating subscribers and delivering initial configuration information for performing Proxy authentication without subscriber information to the terminal and the Proxy-Server, and from the Proxy-Manager.
  • the Proxy-Manager transmits initial configuration information for pre-authenticating subscribers and proceeding with proxy authentication without subscriber information to the terminal and the Proxy-Server to transmit the initial configuration information.
  • Initial setup step for the terminal and the Proxy-Server to share Step for generating a key on the sending side for generating the Code1 for the Username and Code2 for the password to be used for the packet for the proxy authentication
  • the terminal is the Proxy authentication packet for the Code1 and Code2 Authentication packet transmission step of sending to the Proxy-Server in Username and Password fields of the server, and generation of an analysis key that generates an analysis key that allows the Proxy-Server to process the authentication request of the terminal without subscriber information when the terminal requests authentication.
  • Step, and process the authentication request of the terminal, and restore and save for later operations such as monitoring, statistics, information of the subscriber is completed authentication Authentication and a user information recovery method comprising.
  • the Proxy-Server when the operation of the Proxy-Server starts, the Proxy-Server requests initial configuration information from the Proxy-Manager, and the Proxy-Manager delivers initial configuration information to the Proxy-Server in response to the request.
  • the process proceeds to a part of the initial setting step.
  • the terminal when the operation of the terminal starts, the terminal requests pre-authentication from the Proxy-Manager, and after the Proxy-Manager proceeds with the authentication of the subscriber, the initial authentication information is transmitted to the authenticated subscriber station. Proceed with some of the initial setup steps. At this time, it is recommended to use strong security techniques such as Secure Tunnel and VPN for pre-authentication that the terminal proceeds with Proxy-Manager.
  • the initial configuration information delivered by the Proxy-Manager to the Proxy-Server and the terminal is a Group Code, Shared Secret for generating one time password (OTP), a usage code list, and a random-number length.
  • OTP one time password
  • the values of terminal-independent items which are not dependent on the terminal and are shared by all the terminals on the network are not properly shared between the Proxy-Server and each terminal. Hold in addition.
  • Each code item included in the usage code list is information that can be stored by the terminal itself while all terminals on the network such as MCC (Mobile Country Code) and MNC (Mobile Network Code) share the same value, or IP address,
  • MCC Mobile Country Code
  • MNC Mobile Network Code
  • Each terminal, such as MSISDN and IMSI, can be kept and is dependent on each terminal, and the concept of the present invention is not limited to the code used for MCC, MNC, IP Address, MSISDN, IMSI. If necessary, a number of necessary codes can be selected and used.
  • the terminal completes the proxy authentication without subscriber information. You are ready to generate proxy authentication information (packets) to make it possible.
  • This proxy authentication information is composed of two codes, Code1 and Code2.
  • Code2 is a code included in the usage code list received from Proxy-Manager among the device-dependent values that each terminal can store, such as IP Address, MSISDN, and IMSI. It consists of the value of the item and the Random-Number equal to the length of the Random-Number received from the Proxy-Manager.
  • Code1 is based on the initial configuration information after combining the UE-ID having the terminal information and the Random-Number of Code2. It is generated by encrypting using the proxy authentication key generated by. In this way, the terminal creates Code1 and Code2 to complete the generation of the proxy authentication information.
  • the terminal divides the initial configuration information into two groups to generate the proxy authentication key.
  • the first group is an immutable group unless the authentication policy is changed.
  • the group code is received from the Proxy-Manager when the terminal completes the Proxy-Manage and pre-authentication.
  • the Group-Code received from the Proxy-Manager is the Group-Key. It is used to create a subset of the Proxy authentication keys.
  • the second group consists of the codes included in the OTP generated based on the shared secret for generating the OTP received from the Proxy-Manager and the usage code list received from the Proxy-Manager. It is used to generate a key after being updated for each proxy authentication key regeneration event and used to generate a master-key which is a key of the remaining part except the group code in the proxy authentication key.
  • the proxy authentication key be at least 256 bits in size.
  • the size of the proxy authentication key, the size of the Group-Key, and the size of the Master-key generated from the information of the second group may be operators using the concept of the present invention. Can be decided according to your needs.
  • the Proxy authentication key regeneration event is triggered when the OTP value is regenerated, the authentication policy change is received from the Proxy-Manager, and the value of each code included in the use code list is changed.
  • Code1 and Code2 update using new Proxy authentication key is also performed.
  • the terminal may be able to request a proxy service using the Proxy-Server at any time.
  • the terminal if a packet that requires a proxy service is generated at the terminal, the terminal first attempts authentication with the proxy server to establish a proxy connection.
  • Code1 and Code2 generated at the sender key generation step are generated. Is sent to the Proxy-Server with the Username and Password fields of the Proxy authentication packet. If the authentication packet is authenticated by the proxy server in response to the authentication packet, the communication session of the terminal can use the proxy service immediately.
  • the Proxy-Server of the present invention accesses the subscriber database and compares the subscriber information one by one. Generates an interpretation key that is dependent on each terminal needed to perform proxy authentication.
  • the Proxy-Server also divides the initial configuration information into two groups, like the terminal.
  • the Proxy-Server forwards it from the Proxy-Manager in advance. Generate Group-Key using the received Group Code as the first group and use it as part of the analysis key, and receive it in advance from the OTP and Proxy-Manager created in advance as Shared Secret for OTP generation received from Proxy-Manager.
  • the remaining key of the analysis key is generated by using the value of each terminal-independent code included in the usage code list and each terminal-dependent value extracted from Code2 in the Password field of the Proxy authentication packet received from the terminal as a second group. This completes the analysis key generation step.
  • the OTP is generated at every regeneration cycle of the OTP or when a new shared secret for OTP is received due to the change of the proxy-manager's authentication policy.
  • the Proxy-Server When generation of an analysis key dependent on each terminal necessary to perform proxy authentication for a terminal without subscriber information through the interpretation key generation step, the Proxy-Server checks the subscriber information using the analysis key. It authenticates the proxy authentication packet transmitted by the terminal without any authentication, and extracts user information of the completed terminal from the proxy authentication packet and stores it for monitoring information such as proxy service usage and usage pattern of each proxy service subscriber. And the user information restoration step.
  • the Proxy-Server extracts a Random-Number from Code2 sent by the terminal using the Password field of the Proxy authentication packet transmitted by the terminal, and uses the analysis key generated in the analysis key generation step. After decrypting the information stored in the Username field of the extracted Decoded Code1, and then compares the Random-Number extracted from the decrypted Code1 and the Random-Number extracted from Code2 to proceed with the proxy authentication of the terminal without subscriber information.
  • the decryption key generated by the Proxy-Server is identical to the proxy authentication key of the terminal by verifying that the Random-Number extracted from Code1 is the same as the Random-Number delivered by the terminal through Code2 through decryption. This means that the terminal completed the pre-authentication with the Proxy-Manager without any problem, so that the Proxy-Server can immediately proceed with the Proxy authentication without checking the user of the terminal.
  • the Proxy-Server may generate the OTP at a plurality of preset time points in order to overcome the difference in the OTP value due to time asynchronous with the terminal. For example, up to three OTPs may be generated, and upon receiving a proxy authentication packet, three proxy authentication keys may be generated and authentication attempts may be performed. At this time, the three proxy authentication keys may be OTP at the present time, OTP at one time before, and OTP at one time after, respectively.In case of proxy authentication request or proxy authentication failure, an analysis key generation step and authentication and user information are performed. Repeated restoration steps are generated three times each and authentication is attempted.
  • the OTP generation period must be larger than the time difference between the terminal and the Proxy-Server and the packet reception delay due to the network delay, and a period in which the proxy authentication security is not invalidated due to packet eavesdropping should be set.
  • OTP generation period can also be set according to the needs of the operator using the present invention,
  • the Proxy-Server checks whether the terminal uses the same Proxy authentication key (interpretation key) instead of checking the user information of the terminal, and confirms whether the terminal has completed pre-authentication with the Proxy-Manager.
  • the Proxy-Server eliminates the need for the subscriber information management and eliminates the change in the terminal authentication performance according to the number of subscribers. To provide.
  • FIG. 1 is a network diagram of an MPTCP Aggregation Service System 1000, which is an embodiment of a proxy authentication system of the present invention.
  • the MPTCP Aggregation Service System 1000 which applies the concept of proxy authentication system of the present invention, can quickly identify subscribers and provide MPTCP Aggregation differentially without burdening subscriber information management.
  • the MPTCP Aggregation Service System 1000 as shown in Figure 1, the proxy for pre-authenticating each terminal 300, and forwards the initial configuration information 400 to each of the authenticated terminal 300 and Proxy-Server (200)
  • the manager 100 generates the same analysis key 500 as the Proxy authentication key 500 generated by the terminal whenever the authentication request of each terminal is shared with the initial configuration information 400 shared by the Proxy-Manager 100.
  • the Proxy-Server (200) to quickly authenticate the terminal, and the terminal 300 using the MPTCP Aggregation service provided by the Proxy-Server (200).
  • the Proxy-Server 200 and the terminals 300 when the Proxy-Server 200 and the terminals 300 are started, the subscriber information after pre-authentication with the Proxy-Manager 100 is performed.
  • MPTCP in an environment where huge subscriber information such as a commercial mobile network is used, by allowing each of the authenticated terminals 300 and the Proxy-Server 200 to share the initial configuration information 400 that allows the proxy authentication request to proceed quickly without the need for storage.
  • the Aggregation Service System 1000 provides a service in which the number of proxy authentications is increased according to the number of paths, the authentication procedure can be processed at a constant rate without being affected by the number of subscribers without storing subscriber information. .
  • the server to which the terminal 300 makes a TCP connection must have the MPTCP function.
  • the conventional servers existing in the commercial network have the new technology MPTCP.
  • the terminal 300 can obtain a benefit of MPTCP by allowing the proxy-server to communicate with the Proxy-Server 200 having the MPTCP function located in a high-speed back-borne network.
  • An MPTCP Aggregation Service System 1000 is provided.
  • the MPTCP Aggregation service system 1000 utilizes the concept of the present invention instead of collating subscriber information.
  • the terminal 300 requesting authentication uses the same Proxy authentication key 500 as the Proxy-Server 200, it processes the Proxy authentication request, thereby maintaining a constant and rapid rate without being affected by the number of subscribers without storing subscriber information. It allows the authentication process to be processed at a speed, thereby preventing the gain from using the MPTCP technology from being lowered.
  • the initial configuration information 400 is information received from the Proxy-Manager 100 when the terminal 300 or the Proxy-Server 200 of each subscriber subscribed to the MPTCP Aggregation Service System 1000 is authenticated by the Operator. Unless the policy is modified, the information is unchanged, and information necessary for proceeding with the proxy authentication procedure of the present invention for quickly performing proxy authentication between the subscriber terminal 300 and the Proxy-Server 200 where pre-authentication is completed.
  • the initial configuration information 400 is a "Group Code” (410), “OTP Shared Secret” (420), “Use Code List” (430), “Random-Number length 440, “value of each terminal independent item” 450.
  • the “Group Code” 410 is a code generated and used by the Proxy-Manager and is transmitted to the terminal and the Proxy-Server where the pre-authentication is completed and used as the Group-Key 510 which is part of the Proxy authentication key 500.
  • “Shared Secret for OTP” (420) is also a value generated by the Proxy-Manager and transmitted to the terminal and Proxy-Server where pre-authentication is completed, and Master-Key (part of Proxy authentication key 500 in each terminal and Proxy-Server). While generating one time password (hereinafter referred to as OTP), which is one of information for generation, based on the current time, the UE and the Proxy-Server can generate the same OTP.
  • OTP one time password
  • the reason why the OTP is used to generate the master-key 520 is to prevent an unauthenticated terminal from using an eavesdropping packet unfairly using a function of the Proxy-Server 200 such as the MPTC aggregation service. Yet, since the authenticated terminals 300 and the Proxy-Server 200 must share the same Proxy authentication key 500, the authenticated terminals 300 and the Proxy-Server 200 should have the same OTP. In order to accomplish this, the concept of the present invention delivers the same shared secret 420 for the OTP to the authenticated terminals 300 and the Proxy-Server 200 to calculate the OTP.
  • the “use code list” 430 transmits a list of information of which items are used as information for generating a master-key 520 that is part of the proxy authentication key 500.
  • the terminal 300 and the proxy-server The terminal 300 and the Proxy-Server 200 can share the same Proxy authentication key 500 when the 200 generates the Master-Key 520 with the same item information, and the same Proxy authentication of the present invention. Since the concept of quickly processing the proxy authentication request without subscriber information may be implemented by checking whether the key 500 is used, the Proxy-Manager 100 may authenticate the terminals 300 and the Proxy-Server 200. Information to pass on.
  • Terminal independent refers to an item that all terminals have the same information because the information is shared by the network, such as MNC and MCC.
  • terminal independent items are items that the Proxy-Server 200 needs to store without the terminal 300 having to transmit them to the Proxy-Server 200.
  • the terminal 300 and the Proxy-Server 200 may also collect information on the “terminal independent item” from the network, but when collecting information on a specific “terminal independent item” is difficult, the corresponding information Only the Proxy-Manager 100 can use the "value of each terminal non-dependent items" (450) so that the corresponding information can be shared between each terminal 300 and the Proxy-Server (200) that pre-authentication is completed.
  • “Terminal dependent item” is an item in which each terminal has different information such as IP address and MSISDN, and each terminal 300 and Proxy- which have been pre-authenticated by being included in the Proxy authentication packet when the authentication procedure of the present invention is performed. Information shared by the server 200.
  • Random-Number Length (440) is used to check instead of subscriber information in the Proxy authentication process of the present invention to determine whether the terminal 300 and the Proxy-Server (200) uses the same Proxy authentication key (500)
  • Code1 610 and Code2 620 constituting the proxy authentication information 600 are generated.
  • Proxy-Server 200 should collect Random-Number information from Code2 620 when processing Proxy authentication request, terminals 300 and Proxy-Server 200 should use the same Random-Number length.
  • the Proxy-Manager 100 transmits the “Random-Number Length” 440 information to the terminals 300 and the Proxy-Server 200 where each authentication is completed.
  • the Proxy-Server 200 can infer the length of the Random-Number by excluding all of the “terminal dependent item” information from Code2.
  • the value of each terminal-independent item 450 indicates that the terminal 300 and the Proxy-Server (for which the authentication is completed) are performed by the Proxy-Manager 100 only for the "terminal-independent item" which is difficult to collect specific information. This field is used to allow the information to be shared.
  • the terminal 300 Proxy authentication key 500 may be different from Proxy authentication key 500 of Proxy-Server 200.
  • the Proxy-Server 200 stores three OTPs as shown in FIG. 3, and then generates three Proxy authentication keys 500 when the Proxy authentication packet is received. Before rejecting the request, the authentication attempt for each of the three proxy authentication keys 500 is performed so that a delay occurs in the network or time synchronization between the terminal 300 and the Proxy-Server 200. It will provide as much time as possible.
  • the OTP generation cycle can be set according to the needs of the operator using the present invention.
  • the OTP generation cycle can be set according to the state of the network in which the service is provided. A time that is long enough to cope with the delay caused by the time synchronization scheme used is recommended.
  • the time synchronization method may also be selected according to the needs of the operator using the present invention, and time synchronization through a third server or a direct time synchronization method between the Proxy-Server 200 and the terminal 300 may be performed according to the needs of the operator. Can be selected.
  • Proxy authentication key 500 is composed of two keys, Group-Key (510) and Master-key (520).
  • the Group-Key 510 is a key generated based on the Group Code 410 received from the Proxy-Manager 100 and uses Key-Generation in the Group Code 410 according to the needs of the Operator using the present invention.
  • the generated or Group Code 410 may be used as the Group-Key 510 which is part of the Proxy authentication key 500 as it is, and the length of the Group-Key 510 may be set according to the needs of the operator.
  • the master-key 520 is generated based on the sum of the values of the items specified in the OTP and the use code list 430 generated through the shared secret 420 for generating the OTP.
  • the Master-key 520 together with the Group-Key 510 constitutes a part of the Proxy authentication key 500, and like the Group-Key 510, the Master-key 520 according to the needs of the operator using the present invention.
  • the length can also be set. However, the present invention recommends the total length of the proxy authentication key 500 to be at least 256 bits.
  • the Proxy-Server 200 and the terminal 300 generate and share the same Proxy authentication key 500 by using the initial configuration information 400 that is identically received after the strong line authentication with the Proxy-Manager 100.
  • the Proxy-Server 200 checks whether the Proxy-Server 200 and the terminal 300 share the same key by transmitting the same Proxy authentication key 500 shared in the Proxy authentication packet. Authentication of the 300 is quickly processed without subscriber information.
  • the concept of the present invention is that the terminal 300 uses the Proxy authentication key ( Proxy-Server which encrypts the information of the terminal 300 and prepares the proxy authentication information 600, inserts it into the Username field and the Password field of the Proxy authentication packet, and transfers the received packet.
  • Proxy authentication key Proxy-Server which encrypts the information of the terminal 300 and prepares the proxy authentication information 600, inserts it into the Username field and the Password field of the Proxy authentication packet, and transfers the received packet.
  • the same proxy authentication key is decrypted sequentially by using three proxy authentication keys 500 generated based on three OTPs and initial configuration information 400 storing the proxy authentication information 600 received by the 200. If 500 is found to be used, authentication is completed and if the same Proxy authentication key 500 is found not to be used, the authentication is rejected.
  • Proxy authentication information 600 used in this process will have Code1 610 and Code2 620.
  • Code1 610 is random generated when Proxy authentication information 600 is generated.
  • UE-ID which is terminal information
  • the value is encrypted with Proxy authentication key 500
  • Code2 620 is a value that combines the terminal-dependent code and the Random-Number value.
  • Code1 610 is transmitted to the Proxy-Server 200 using the Username field of the Proxy authentication packet
  • Code2 620 is transmitted to the Proxy-Server 200 using the Password field of the Proxy authentication packet.
  • Code1 610 and Code2 620 delivered to Proxy-Server 200 share the same Random-Number while Code1 610 is encrypted with Proxy authentication key 500 and Code2 620 is not encrypted. Since the Proxy-Server 200 decodes Code1 610 after decoding the Code1 610, the Proxy-Server 200 compares the Random-Number extracted from the Code2 620, and the terminal 300 and the Proxy-Server 200 have the same Proxy. It is possible to check whether the authentication key 500 is used, so that the Proxy-Server 200 can quickly perform authentication for the terminal without subscriber information.
  • Code1 610 which is decrypted in the concept of the present invention, includes UE-ID, which is terminal information, to determine who is using a subscriber's service even when Proxy-Server 200 does not store subscriber information. To get information.
  • UE-ID which is terminal information
  • the Proxy-Manager 100 may use the high-performance authentication method that consumes a lot of time and resources depending on the number of subscribers when the service of the Proxy-Server 200 and the terminal 300 starts. Proceed to pre-authentication with the client and allow the authenticated terminal 300 and the Proxy-Server 200 to generate the same Proxy authentication key 500 based on the same initial configuration information 400 and then use the Proxy service.
  • the Proxy authentication process that proceeds when the Proxy-Server (200) using the Proxy authentication information (600) created based on the same Proxy authentication key 500, the Proxy-Server (200) is quickly authenticated the terminal 300, the pre-authentication is completed without the subscriber information Identify and provide services immediately.
  • the first step of the present invention is the initial setting step
  • Figure 6 shows the detailed procedure of the initial setting step.
  • the initial setting step is to initialize the information necessary for the operation of the present invention when each component of the present invention is started, the time-consuming but strong line authentication for the Proxy-Server (200) and the terminal (300)
  • This is a procedure for sharing the initial configuration information 400 necessary for the operation of the present invention, which can rapidly proceed with proxy authentication without using subscriber information, to the Proxy-Server 200 and the subscriber station 300.
  • each component of the present invention performs authentication with the Proxy-Manager 100 and receives initial configuration information 400 from the Proxy-Manager 100.
  • the Proxy-Server (200) When the Proxy-Server (200) is started in the first procedure, the Proxy-Server (200) after the authentication with the Proxy-Manager (100), and stores the initial configuration information (400) received in the second procedure .
  • the third procedure proceeds when the terminal 300 starts to use the MPTCP Aggregation service provided by the Proxy-Server 200, and proceeds with pre-authentication with the Proxy-Manager 100 for use of the service at the same time as the service starts. do.
  • This pre-authentication is not a quick authentication of the present invention, but is a normal authentication procedure, and is a procedure for confirming whether the terminal 300 is a service subscriber, and an authentication method may be selected according to the needs of an operator using the concept of the present invention. have. Unlike the proxy authentication that occurs every time, the terminal 300 and the proxy-manager 100 proceed with the line authentication, which requires a periodic or one-time authentication at the start of the service. The use of authentication methods is recommended. In the concept of the present invention, this pre-authentication actually authenticates the subscriber, and the method of rapidly proxieing the proxy without the subscriber information introduced by the concept of the present invention only determines whether the terminal 300 requesting the proxy authentication has completed the pre-authentication process. Check and provide fast proxy authentication.
  • the terminal 300 When the terminal 300 completes pre-authentication with the Proxy-Manager 100 in the third procedure of FIG. 6, the terminal 300 transmits the initial configuration information 400 to the Proxy-Manager 100 in the fourth procedure of FIG. 6. Will be provided by The terminal 300 generates the proxy authentication information 500 based on the received initial configuration information 400 and the proxy authentication information 600 using the random number, and performs the proxy authentication procedure for each proxy communication session. By using it, the Proxy-Server 200 allows the terminal 300 to request Proxy authentication to proceed with quick authentication by checking only using the same Proxy authentication key 500 as its own. The procedure up to Proxy authentication after the initial configuration step is described in detail later in the drawings and paragraphs.
  • the terminal 300 using the MPTCP Aggregation service completes the initial setting step of FIG. 6 and receives and stores the initial setting information 400.
  • the stored initial setting information 400 is stored in the proxy authentication procedure of FIG. It is used to generate a key 500 and information 600 for proxy authentication.
  • the terminal which has been authenticated through the initial setting step, has received the initial setting information 400 according to the authentication policy, and using the initial setting information 400, the proxy authentication key 500 and the proxy authentication shown in FIG. 7 immediately.
  • the procedure for generating the usage information 600 is entered.
  • the terminal generates an OTP using the shared secret 420 for generating the OTP included in the received initial setting information 400, and the group code 410 of the initial setting information 400 together with the generated OTP.
  • the proxy authentication key 500 is generated and stored using the value of each item of the usage code list 430. The detailed method of generating the Proxy authentication key 500 is described in detail with the description of FIG. 9 in the following paragraph.
  • the terminal 300 When the proxy authentication key 500 is generated in this way, the terminal 300 generates a random number in the manner of FIG. 8 illustrating a method of generating Code 1 610 and Code 2 620, and the Proxy-Server 200 MPTCP.
  • Code1 (610) is generated by encrypting using the Proxy authentication key (500) generated above, and among the use code list (430) items.
  • Code2 620 is generated by combining the value of the terminal-dependent item and the same value as the Random-Number used to generate Code1 610.
  • the position of Random-Number in Code2 620 is set to Random-Number even if Proxy-Server 200 does not have information about the length of Random-Number. It is recommended that the length information of each item is aggregated after the values of the published terminal dependent items so that the length of each item can be extracted from the random number.
  • the Random-Number and the UE-ID are combined to generate Code1 610, the Random-Number is placed before the UE-ID as shown in FIG. 8, so that the Proxy-Server 200 does not know the exact length of the UE-ID. It is recommended to be able to extract the UE-ID by using the length of the Random-Number extracted in Code2.
  • the concept of the present invention is described as transferring the information of Code2 620 without encryption in order to make the authentication of the Proxy authentication packet as quick as possible, but this is not a problem using any encryption method according to the needs of the operator. .
  • the terminal 300 stores this information for subsequent Proxy authentication packets.
  • Event of type causes regeneration process.
  • the first event is the change of the authentication policy, when the authentication policy is changed according to the needs of the operator, the Proxy-Server (200) and the terminal (300) to receive a new initial configuration information 400 according to the changed authentication policy.
  • the second event is when the regeneration cycle of the OTP is reached, which is triggered when the regeneration cycle of the OTP, which the present invention uses as a countermeasure against packet eavesdropping, arrives. Since the OTP is regenerated, the proxy authentication key 500 generated with the information including the OTP expires, and the terminal 300 newly generates the proxy authentication key 500, Code1 (610), and Code2 (620). The process of creating and archiving is going on.
  • the terminal dependent information used to generate the proxy authentication key 500 is changed.
  • the terminal dependent information may include information that may be changed due to terminal mobility, such as IP-Address of the terminal, and the change of the terminal dependent information may mean the expiration of the existing Proxy authentication key 500, and thus, a new Proxy authentication key ( 500), Code1 (610), and Code2 (620) will be created and stored.
  • the terminal 300 can start the proxy communication at any time using the concept of the present invention. do.
  • the communication using the MPTCP Aggregation service is started in the terminal, the communication becomes a proxy communication, and the proxy authentication procedure for authenticating whether the corresponding proxy communication is started from the terminal of the service subscriber is started.
  • the terminal inserts Code1 610 and Code2 620, which are generated in advance in the Username and Password fields of the Proxy authentication packet, as described in FIG. Thereafter, when the terminal 300 receives the authentication success from the Proxy-Server 200, the proxy 300 may proceed with the proxy communication. If the terminal 300 receives the authentication failure, the proxy 300 does not proceed.
  • the Random-Number is generated in advance, and Code1 610 and Code2 620 are generated and stored in advance, but the Random-Number is generated at the time of starting the proxy communication according to the needs of the operator. It is also possible.
  • the terminal 300 generates and stores only the proxy authentication key 500, and generates a random number when a proxy authentication packet is produced due to the start of proxy communication, and generates Code1 610 and Code2 620. It is generated and used for Proxy authentication packet. This method requires more time and resources to generate Proxy authentication packets, but can prevent the random number leakage of the terminal 300 due to packet eavesdropping.
  • the Proxy-Server When the Proxy authentication packet of the terminal 300 is transmitted to the Proxy-Server 200 as described above, the Proxy-Server performs the Proxy authentication of the terminal 300 through a key generation step for interpretation, authentication, and user information restoration.
  • the proxy authentication key 500 will be described in detail with reference to FIG. 9 before explaining the proxy authentication procedure of the Proxy-Server 200.
  • the proxy authentication key 500 is a combination of a Group-Key 510 and a Master-key 520.
  • the Group-Key (510) and the Master-key (520) are the values of each item of the initial setting information (400) received by the terminal 300 and the Proxy-Server 200 after the pre-authentication with the Proxy-Manager 100, respectively. Is generated based on
  • the Group-Key 510 is generated based on the Group Code 410 of the initial setting information 400.
  • the Key-Generation module used at this time is not specified and can be selected by the operator as needed.
  • the OTP generated based on the shared secret 420 for generating the OTP among the initial setting information 400 and the value of each item specified in the use code list 430 are generated.
  • the Key-Generation module used for generating the Master-key 520 is not specified and can be selected by the Operator as needed.
  • the Group-Key 510 and the Master-key 520 may use different Key-Generation modules.
  • the Master-key 520 may use a plurality of values of each item specified in the use code list 430, but the Operator may decide which item to use. If there is no information that the operator wants to use in generating the master-key 520 by specifying the use code list 430, the use code list 430 and the value 450 of each terminal-independent item are set in the initial setting information 400. It may be completely excluded. However, at least one information is required to prepare the master-key 520, and since OTP is selected as a protection against packet eavesdropping, the OTP value must be included when generating the master-key 520. As the method of generating the OTP value, as shown in FIG. 9, the time-based One-time Password Algorithm (RFC 6238) method is recommended. Can be freely selected as needed.
  • RRC 6238 One-time Password Algorithm
  • each terminal-independent item such as an MNC may be included.
  • the terminal 300 and the proxy-server 200 collect information on these values from the network or initialize information.
  • the terminal non-dependent items of 400 may be collected through the value 450.
  • the two keys are combined into one to generate the Proxy authentication key 500. That is, when a 128-bit key is generated for the Group-Key 510 and another 128-bit key is generated for the Master-key 520, two keys are combined to generate a 256-bit Proxy authentication key 500. Will be.
  • the length of the Group-Key (510) and the length of the Master-key (520) may be determined according to the needs of the operator, the present invention, the Group-Key (510) and Master-key (520) for security purposes It is recommended that the length of the Group-Key 510 and the Length of the Master-key 520 be set so that the result of the Proxy authentication key 500 formed by combining the keys is at least 256 bits long.
  • FIG. 10 illustrates a process of an analysis key generation step performed by the Proxy-Server 200 before proceeding with the authentication and user information restoration step when the proxy authentication packet is received from the terminal 300.
  • the Proxy-Server 200 receives the initial setting information 400 from the Proxy-Manager 100 through the initial setting step after the start of the service, generates the OTP, and stores the generated initial setting information 400. 10 and OTP are updated when the authentication policy is changed to change the initial setting information 400 or when the OTP expires because the set OTP regeneration period is reached.
  • the Proxy-Server 200 generates and stores three OTPs, and when the Proxy authentication packet is received, generates the Proxy authentication key 500, which is a key for interpretation, and authenticates the Proxy authentication packet. Three OTPs are used sequentially.
  • the Proxy-Server 200 is ready to receive and authenticate the Proxy authentication packet and receives the Proxy authentication packet of Event3 of FIG. If this occurs, the proxy authentication key 500 is generated by the proxy authentication key 500 generation method described with reference to FIG. 9, and then the authentication and user information restoration steps are performed.
  • the Proxy-Server 200 When the Proxy-Server 200 generates the Proxy authentication key 500, the Proxy-Server 200 receives the Group-Key 510 using the Group Code 410 of the initial configuration information 400 received and stored. In the case of generating the master-key 520, but not the value of the terminal non-dependent items of the OTP in storage and the initial setting information 400 received and stored in the proxy authentication received from the terminal 300. UE-dependent information such as IP address extracted from the packet's Password field should also be used. Therefore, in the present embodiment of the present invention and FIG. 10, the generation of the proxy authentication key 500 is performed after receiving the packet for proxy authentication. However, the terminal-independent item is not used or terminal-independent items are not used depending on the needs of the operator. If the value 450 is shared with the Proxy-Server 200 in advance, the Proxy-Server 200 may also prepare and store three Proxy authentication keys 500 in advance and use them when receiving a packet for Proxy authentication.
  • the Proxy-Server 200 receives the Proxy authentication packet through the above steps and the Proxy Authentication Key 500 is created, the Proxy-Server proceeds with the authentication and user information restoration steps shown in FIG.
  • the Proxy-Server proceeds with the authentication and user information restoration steps shown in FIG.
  • the Proxy-Server 200 When the Proxy-Server 200 receives the Proxy authentication packet and generates the Proxy authentication key 500, the Proxy-Server 200 generates Code1 610 and Code2 620 in the Username and Password fields of the Proxy authentication packet as shown in FIG. Proceed with proxy authentication and user information extraction. The Proxy-Server 200 extracts values of terminal dependent items from Code2 620 to create a Proxy authentication key 500 to be used for this Proxy authentication attempt, and the terminal 300 is a Proxy such as Proxy-Server 200. The Random-Number required to check whether the authentication key 500 is shared is extracted.
  • the Proxy-Server 200 decrypts Code1 610 with the Proxy authentication key 500 and extracts the [Random-Number, UE-ID] combination.
  • the Proxy-Server 200 proceeds to check whether the Random-Number extracted from Code1 and the Random-Number extracted from Code2 are the same, and if the two Random-Number values are the same, the terminal 300 transmits an authentication success message. Establish a Proxy connection by sending to
  • the next proxy authentication key 500 is created using the following OTP information, and the necessary information is extracted again from the packet for proxy authentication, and the operation of matching the random number again is performed again. If the authentication attempts using the three OTPs and the proxy authentication key 500 have already failed, the Proxy-Server 200 records the terminal information and the authentication failure in a log, and transmits the Proxy authentication failure message to establish the Proxy connection. Reject.
  • the Proxy-Manager 100 starts service at the terminal 300 with strong line authentication, the terminal authentication is completed, and the authenticated terminal 300 uses the same Proxy authentication key 500 as the Proxy-Server 200.
  • the Proxy-Server 200 only checks whether the terminal 300 shares the same Proxy authentication key 500. It is a concept of the present invention to check whether the terminal 300 completes pre-authentication with the Proxy-Manager 100 so that the Proxy-Server 200 can be quickly completed without the subscriber information.
  • the MPTCP Aggregation Service System 1000 since the MPTCP Aggregation Service System 1000 uses two paths, two proxy authentication processes are performed per communication session. In addition, since the MPTCP Aggregation service system 1000 is serviced in a commercial network, the MPTCP Aggregation service system 1000 must deal with a large amount of subscriber information. However, the MPTCP Aggregation service system 1000 must provide a differentiated service for each subscriber due to the property of premium service. When the existing proxy authentication method is used in such an environment, there is a burden that the Proxy-Server 200 manages a large amount of subscriber information, and each time a proxy communication session is created, a contrast of the subscriber information and the session authentication request is performed. There is a problem that the service performance is greatly reduced because it has to proceed twice.
  • the present invention proposes a method of minimizing the performance degradation due to proxy authentication without requiring subscriber management for a situation where proxy authentication should be used in a commercial network in which a large amount of subscribers exist.
  • Proxy service such as
  • Proxy service can be provided without deterioration due to proxy authentication in commercial mobile network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Dans l'état de la technique, une technique d'authentification de proxy utilisant un nom d'utilisateur/mot de passe spécifié dans les spécifications standard (RFC1928, RFC1929, etc.) de technologies de serveur proxy existantes implémente un procédé d'authentification en comparant des informations d'abonné à des informations d'authentification envoyées par un terminal. Cette technique est donc désavantageuse en ce que la charge du proxy requise pour gérer un grand volume d'informations d'abonné lorsqu'il est utilisé dans un environnement avec un grand nombre d'abonnés tels qu'un réseau mobile commercial est élevée, et les performances sont significativement dégradées en raison de l'authentification du proxy. La présente invention est apte à résoudre le problème susmentionné, et concerne un nouveau système d'authentification de proxy et un procédé d'authentification dans lesquels, en confirmant si la même valeur de clé est utilisée, au lieu de comparer des informations d'abonné, pour une authentification de proxy effectuée pendant chaque session proxy, le proxy peut effectuer rapidement l'authentification de proxy sans devoir gérer des informations d'abonné, même dans un réseau mobile commercial traitant un grand volume d'informations d'abonné.
PCT/KR2017/003364 2016-06-30 2017-03-28 Système d'authentification de proxy, et procédé d'authentification pour fournir un service de proxy WO2018004114A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1020160082721A KR101837150B1 (ko) 2016-06-30 2016-06-30 프록시 서비스 제공을 위한 프록시 인증시스템 및 인증방법
KR10-2016-0082721 2016-06-30

Publications (2)

Publication Number Publication Date
WO2018004114A2 true WO2018004114A2 (fr) 2018-01-04
WO2018004114A3 WO2018004114A3 (fr) 2018-09-07

Family

ID=60786986

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2017/003364 WO2018004114A2 (fr) 2016-06-30 2017-03-28 Système d'authentification de proxy, et procédé d'authentification pour fournir un service de proxy

Country Status (2)

Country Link
KR (1) KR101837150B1 (fr)
WO (1) WO2018004114A2 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019239108A1 (fr) * 2018-06-15 2019-12-19 Iothic Ltd Authentification décentralisée
CN112749182A (zh) * 2019-10-30 2021-05-04 深圳市傲冠软件股份有限公司 代理访问Oracle数据库的方法、审计终端、装置及存储介质
US11432357B2 (en) * 2018-02-06 2022-08-30 Huawei Technologies Co., Ltd. Multipath establishment method and apparatus

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8788802B2 (en) 2005-09-29 2014-07-22 Qualcomm Incorporated Constrained cryptographic keys
KR100957183B1 (ko) * 2008-08-05 2010-05-11 건국대학교 산학협력단 프록시 모바일 ip 환경에서의 이동 단말 인증방법
SG10201903265PA (en) * 2011-09-29 2019-05-30 Amazon Tech Inc Parameter based key derivation
KR101297648B1 (ko) * 2011-12-29 2013-08-19 고려대학교 산학협력단 서버와 디바이스간 인증방법

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11432357B2 (en) * 2018-02-06 2022-08-30 Huawei Technologies Co., Ltd. Multipath establishment method and apparatus
WO2019239108A1 (fr) * 2018-06-15 2019-12-19 Iothic Ltd Authentification décentralisée
CN112703702A (zh) * 2018-06-15 2021-04-23 艾欧特可有限公司 分散式认证
US20210167963A1 (en) * 2018-06-15 2021-06-03 Iothic Ltd Decentralised Authentication
CN112749182A (zh) * 2019-10-30 2021-05-04 深圳市傲冠软件股份有限公司 代理访问Oracle数据库的方法、审计终端、装置及存储介质
CN112749182B (zh) * 2019-10-30 2023-01-31 深圳市傲冠软件股份有限公司 代理访问Oracle数据库的方法、审计终端、装置及计算机可读存储介质

Also Published As

Publication number Publication date
KR101837150B1 (ko) 2018-03-09
KR20180003196A (ko) 2018-01-09
WO2018004114A3 (fr) 2018-09-07

Similar Documents

Publication Publication Date Title
US8245039B2 (en) Extensible authentication protocol authentication and key agreement (EAP-AKA) optimization
FI106604B (fi) Menetelmä tilaajan identiteetin suojaamiseksi
JP3105361B2 (ja) 移動通信方式における認証方法
FI106605B (fi) Autentikointimenetelmä
CN110858969A (zh) 客户端注册方法、装置及系统
US20070189537A1 (en) WLAN session management techniques with secure rekeying and logoff
WO2019132272A1 (fr) Identifiant en tant que service basé sur une chaîne de blocs
US20060059344A1 (en) Service authentication
WO2011081242A1 (fr) Procédé d'authentification de clef pour cdma binaire
WO2018004114A2 (fr) Système d'authentification de proxy, et procédé d'authentification pour fournir un service de proxy
WO2019182377A1 (fr) Procédé, dispositif électronique et support d'enregistrement lisible par ordinateur permettant de générer des informations d'adresse utilisées pour une transaction de cryptomonnaie à base de chaîne de blocs
MXPA05009804A (es) Tecnicas de manejo de sesion de red de area local inalambrica con claves dobles y salida de registro seguros.
JP2003338814A (ja) 通信システム、管理サーバおよびその制御方法ならびにプログラム
WO2020067734A1 (fr) Équipement réseau sans adresse et système de sécurité de communication l'utilisant
CN108400967B (zh) 一种鉴权方法及鉴权系统
JP2006345150A (ja) 端末装置及び認証装置
CN115276974A (zh) 一种量子安全设备接入基站的方法和系统
JP4677784B2 (ja) 集合型宅内ネットワークにおける認証方法及びシステム
CN116569516A (zh) 防止移动终端的认证序列号泄露的方法
WO2013176502A1 (fr) Procédé permettant de fournir des informations relatives à un fournisseur de communications mobiles et dispositif permettant la mise en œuvre dudit procédé
CN113038459A (zh) 隐私信息传输方法、装置、计算机设备及计算机可读介质
WO2023008940A1 (fr) Procédé et système de gestion sécurisée de reconnexion de dispositifs clients à un réseau sans fil
CN114268499B (zh) 数据传输方法、装置、系统、设备和存储介质
WO2023249320A1 (fr) Procédé, dispositif et système de communication de dds
EP3439260B1 (fr) Ticket de dispositif client

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17820391

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17820391

Country of ref document: EP

Kind code of ref document: A2