Strong authentication method based on symmetric encryption algorithm

Abstract

A strong identification method based on symmetrical code computation method, and the process is: through the establishment of radio link, the attestation device sends the request of identification to the user, and returns the identity information to the server, the server finds the identification code key and information integrity code key in the database, establishes conversations with the user, the server and the user both orderly through the random number producing to use the identification code key of the user to encrypt, the identification device decodes through the code key of the opposing party, identify the results after to-and-fro for three times, the server and the user encode and decode the broadcasting code key through producing the conversation, and use information integrity code key and the relative information to compute the integrity value of identification exchange, the identification device compares the identification results, and decides whether the user can be added in the network, and realizes the online correspondence and broadcasting communication from basic station to users.

Description

technical field [0001] The invention relates to an authentication method for verifying the legal identities of both the user and the server to ensure that legal users access network resources and prevent them from being deceived by false servers in a communication network. Background technique [0002] In the field of network communication, the most common use is to implement point-to-point link transmission data through the PPP protocol, and use the CHAP protocol (Challenge Handshake Authentication Protocol) to complete the identity authentication of the PPP link. This CHAP protocol is a challenge-handshake authentication protocol. Both parties of the link configure and test the PPP link through negotiation of the point-to-point scalable link control protocol, PPPLCP for short. After the PPP link is established, the identity of the connecter must be authenticated first, and then based on the authentication result, it is decided whether to allow the link to enter the NCP (Ne...

AI Technical Summary

Problems solved by technology

[0032] Error recovery problem: RADIUS protocol does not support error recovery failover mechanism, the result is that different implementations have different failover

[0034] Reliable transport issues: RADIUS runs over UDP and does not define retransmission behavior; as a result, reliability varies from implementation to implementation

This is difficult to achieve with things like unsolicited disconnection or on-demand re-authentication / re-authorization across heterogeneous networks

[0037] Auditability issues: RADIUS does not define data object security mechanisms, the result is that untrusted proxies can modify attributes or packet headers without being discovered

[0038] Capability negotiation issues: RADIUS does not support error handling, capability negotiation, or required / non-required flags for attributes

This would result in a large administrative load, and create templates to reuse RADIUS shared secrets, which would lead to security vulnerabilities

[0040] In summary, simply using the CHAP protocol for identity authentication and the PADIUS protocol for information transmission cannot solve the problem of two-way authentication between users and the network in mobile communications, and cannot effectively prevent physical layer eavesdropping, replay attacks, dictionary attacks, There is a potential communication security risk between the user and the access server NAS or the authenticator

Images