Method, system and device for mutual authentication

A two-way authentication and vector technology, applied in the field of communication, can solve the problems of indistinguishable, inconvenient for implementers, and difficult to store a large amount of challenge information.

Inactive Publication Date: 2011-01-05
CHINA ACAD OF TELECOMM TECH
View PDF4 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0016] (1) This method is limited to the realization of ME authentication network WCDMA when the SIM card uses WCDMA ME or GSM / WCDMA dual-mode ME, but for the GSMSIM cards that will be popularized in China, use TD-SCDMA ME or GSM / TD-SCDMA dual-mode In the case of multi-mode ME or even multi-mode ME, this method cannot achieve two-way authentication
[0017] (2) This method cannot resist replay attacks
[0018] (3) This method only gives an abstract description of the cryptographic algorithm. In the actual implementation, the implementer also needs to design the cryptographic algorithm separately, which brings inconvenience to the implementer
[0030] (2) Another major defect of this method is: Since the HLR / AuC cannot distinguish whether the GSMSIM uses 2GME or 3G ME, it is necessary to generate RES1 according to RES1=A3(Ki, R1||R1), and to generate RES1 according to Kc1 =A8(Ki, R1||R1); R2=Kc1; RAND=R1||R2; the generated RAND is passed to ME, and for a large number of users who still use 2G ME, follow RES1=A3(Ki, RAND) to generate RES1, so that the RES1 generated by ME is not equal to the RES1 generated by the network, which will cause the problem of passing the authentication, which will have a huge impact on the large number of existing users who still use 2G ME;
[0031] (3) Since RAND changes at any time, and ME is difficult to store a large amount of challenge information due to the limitation of storage space, it is difficult to resist replay attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and device for mutual authentication
  • Method, system and device for mutual authentication
  • Method, system and device for mutual authentication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0064] like Figure 5 As shown, it is a flow chart of the two-way authentication method in Embodiment 1 of the present invention, and can refer to Image 6 A schematic diagram of the two-way authentication method in Embodiment 1 is shown. In this embodiment, MSC / VLR or SGSN refers to equipment in the TD-SCDMA system, and 3G ME refers to TD-SCDMA ME or GSM / TD-SCDMA dual-mode ME. This embodiment comprises the following steps:

[0065] Step S501, in some specific message flows, such as call establishment, routing area / location area update, etc., if the operator needs to be authenticated, the MSC / SGSN of the TD-SCDMA system in the visited place first checks the SIM user's Whether the triplet is a new, unused triplet, if not, execute step S502, step S503; if yes, turn to step S504.

[0066] In step S502, the MSC / SGSN sends an authentication information request (MAP_SEND_AUTHENTICATION_INFO Request) message to the HLR / AuC through the MobileApplication Part (hereinafter referred t...

Embodiment 2

[0079] Can refer to Figure 7 A schematic diagram of the two-way authentication method in the second embodiment is shown. In MSC / VLR or SGSN and ME, in this embodiment, except cryptographic algorithm AES, also has another cryptographic algorithm (recorded as f1), for the convenience of realization, f1=AES can be allowed, and during concrete implementation, f1 can also be Select an algorithm other than AES. The difference between this embodiment and Embodiment 1 is that on the network side, the network side first uses Kc and RAND as input parameters to generate another 64-bit output parameter MAC, and uses the combination of MAC and CNR instead of the combination of RAND and CNR as another An AES input parameter, using Kc as the encryption key, generates AUTN. Similar to Embodiment 1, after ME receives it, it also uses Kc to decrypt AUTN to generate XAUTN, and still separates and verifies CNR' according to the method of Embodiment 1. On the ME side, it needs to be added to us...

Embodiment 3

[0082] like Figure 8 Shown is a system structure diagram of the two-way authentication of the embodiment of the present invention. The system includes ME 810 , network entity 830 and HLR / AuC 840 . The ME 810 can be TD-SCDMA ME or GSM / TD-SCDMA dual-mode ME, or other 3G communication ME. The ME has a GSM SIM card 820 . The GSM SIM card 820 has the same function as the 2G SIM card. It stores the root key Ki and the 2G authentication and encryption algorithm A3 / A8. According to the root key Ki and the random number RAND sent by the network, A3 / A8 generates a temporary Key Kc.

[0083] Among them, the network entity 830 is mainly used to calculate the parameters of the ME authentication network, and compare them with the corresponding parameters sent by the network, so as to realize the authentication of the ME to the network; here only TD-SCDMA ME or GSM / TD-SCDMA dual-mode ME is described as an example. In fact, the method in this implementation is also applicable to multi-mode...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method, a system and a device for mutual authentication. The method comprises: a network entity obtains the new triplet vector of mobile equipment (ME); according to the triplet vector, the network entity generates an output parameter and sends the output parameter to the ME, wherein the output parameter is formed by encrypting random number RAND and authentication execution time CNR; the ME decrypts the output parameter and authenticates the network according to a decrypting result; meanwhile, the a subscriber identity module (SIM) card of the ME generates an RES and sends the generated RES to the network entity; and the network entity authenticates the ME according to the received RES. The invention can realize mutual authentication between ME and the network side and can judge that ME authenticates the network not to pass when suffering replay attack.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method, system and device for two-way authentication. Background technique [0002] In the 2G (second generation) communication era, the GSM (Global System for Mobile Communications) standard and technology widely used in China and even the world can only realize the function of one-way authentication, that is, it can only realize the network authentication of mobile phones, The mobile phone cannot authenticate the network. In layman's terms, only the network can judge whether the mobile phone user is a legitimate user, but the user cannot judge whether the network is a legal network, so there is a danger of being attacked by a fake base station. Based on this, 3GPP (3 rd Generation Partnership Project (3rd Generation Partnership Project) absorbed the above deficiencies when formulating 3G (including WCDMA, TD-SCDMA) security standards, enhanced from 3-tuple to 5-tuple...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04W12/04H04W12/06H04W76/02H04W88/06H04W12/041
Inventor 毕海洲赵建王可胡海静胡金玲
Owner CHINA ACAD OF TELECOMM TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap