Nothing Special   »   [go: up one dir, main page]

WO2006026925A1 - Procede d'etablissement de la cle d'authentification - Google Patents

Procede d'etablissement de la cle d'authentification Download PDF

Info

Publication number
WO2006026925A1
WO2006026925A1 PCT/CN2005/001432 CN2005001432W WO2006026925A1 WO 2006026925 A1 WO2006026925 A1 WO 2006026925A1 CN 2005001432 W CN2005001432 W CN 2005001432W WO 2006026925 A1 WO2006026925 A1 WO 2006026925A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
random number
verification
key
user
Prior art date
Application number
PCT/CN2005/001432
Other languages
English (en)
Chinese (zh)
Inventor
Zhengwei Wang
Yingxin Huang
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2006026925A1 publication Critical patent/WO2006026925A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Definitions

  • the present invention relates to communication security technologies in a communication network, and in particular to a method for setting a verification key between a mobile terminal and a verification device. Background of the invention
  • the legitimacy of the mobile terminal user needs to be verified before the user uses the mobile terminal. Only the authenticated mobile terminal can be used normally or normally access to the mobile communication network, and the mobile terminal that has not passed the verification will automatically lock and shut down, and even automatically send short messages to the friends and relatives of the mobile terminal user according to the settings of the mobile terminal user or Sended to the public security organ, so that the illegal users who have stolen the mobile terminal can not be used normally even if they get the mobile terminal, and may even be brought to justice, thus fundamentally eliminating the phenomenon of stealing mobile terminals. Greatly improve the security of mobile terminals.
  • a verification device such as a home location register (HLR) or an authentication center (AC)
  • HLR home location register
  • AC authentication center
  • the key is simultaneously saved in the verification device, and the correspondence between the key and the user subscription information is also saved in the verification device.
  • the mobile terminal sends a request message requesting the key to the verification device, and the verification device sends the key corresponding to the mobile terminal user to the mobile terminal, and moves. The terminal compares the received key with the one saved by itself.
  • the terminal sends a request verification information to the verification device, and the verification device performs related calculation according to the key corresponding to the mobile terminal, for example, an encryption calculation or a digest calculation, and returns the calculation result to the mobile terminal, and the mobile terminal uses the key saved by the mobile terminal to perform corresponding Calculate, and compare the results of the self-calculation with the calculation results from the verification device to determine the legitimacy of the mobile terminal user.
  • the verification device performs related calculation according to the key corresponding to the mobile terminal, for example, an encryption calculation or a digest calculation, and returns the calculation result to the mobile terminal
  • the mobile terminal uses the key saved by the mobile terminal to perform corresponding Calculate, and compare the results of the self-calculation with the calculation results from the verification device to determine the legitimacy of the mobile terminal user.
  • the legitimate user When the mobile terminal is stolen, the legitimate user will ask the communication carrier to stop serving the user card. Then, if the illegal user who steals the mobile terminal wants to use the mobile terminal for normal communication, it must replace a user card. However, after the user card is replaced, because the user subscription information of different user cards is different, the verification device cannot find the key saved by the mobile terminal according to the new user subscription information, or find the obtained key and the secret stored in the mobile terminal. The keys are different, so that the mobile terminal determines that the user is illegal. In this way, the above method can effectively achieve the purpose of securing the mobile terminal.
  • the key in the mobile terminal and the key in the authentication device generally remain the same.
  • the key may be generated by the mobile terminal and then transmitted to the verification device.
  • the user of the mobile terminal may input a set of numbers or characters to form a key, or the mobile terminal randomly generates a key, and then moves.
  • the terminal transmits the key directly to the insurance device.
  • the key may be randomly generated by the verification device and then transmitted by the verification device directly to the mobile terminal.
  • the above key setting method has the following disadvantages.
  • the key is easily intercepted by others, thereby reducing the security of the validity verification of the mobile terminal user.
  • the key setting method in the prior art has a security vulnerability, thereby reducing the security of the validity verification of the mobile terminal user, and thus reducing the anti-theft effect of the mobile terminal. Summary of the invention
  • the main purpose of the present invention is to provide a verification key setting method for a mobile terminal and a verification device, to overcome the security vulnerabilities in the prior art, improve the security of the validity verification of the mobile terminal user, and ensure the security of the mobile terminal. Effect.
  • a method for setting a verification key is used between a mobile terminal and an authentication device, and the method includes at least:
  • one of the mobile terminal and the face device generates a random number, and transmits random information corresponding to the random number to the other of the mobile terminal and the verification device;
  • One of the mobile terminal and the face witness device jointly calculates the random number and the mobile terminal related information, or performs joint calculation on the random information and the mobile terminal related information, generates and saves the legality of the mobile terminal user for the risk certificate.
  • the other one of the mobile terminal and the verification device performs joint calculation on the random information and the mobile terminal related information, and generates and stores a corresponding verification key.
  • the random information is the same as the random number
  • step a is to generate a random number for the mobile terminal and send the random number to the verification device.
  • the sending a random number is performed by including the random number in a verification key setting request; the method further comprises: after the saving the verification key, the verification device returns a setting verification key to the mobile terminal Whether the operation succeeds in verifying the key setup request response message.
  • the random information is the same as the random number, and step a is to generate a verification device.
  • the random number is sent to the mobile terminal.
  • the mobile terminal further includes sending, by the mobile terminal, a verification key setting request to the verification device, where the verification device sends the random number to the mobile terminal, and the random number is included in a verification key setting. Sent in the request response.
  • step a is performed after receiving the setting required by the user to perform the validity verification of the mobile terminal user.
  • the mobile terminal generates and saves a verification key for verifying the legitimacy of the mobile terminal user according to the random number, including:
  • the mobile terminal sends the random number to the user card in the mobile terminal;
  • the user card performs joint calculation using the information about the mobile terminal saved by itself and the received random number to obtain a calculation result
  • the user card sends the obtained calculation result to the mobile terminal
  • the mobile terminal saves the calculation result received from the user card as a security key.
  • step a is to generate a random number for the mobile terminal, and calculate the random number to obtain a random information, and then send the random information to the verification device; move in step b
  • the terminal jointly calculates the random information and the information related to the mobile terminal to obtain a verification key.
  • the mobile terminal performs joint calculation on the random information and the related information of the mobile terminal to generate and save the verification key, including:
  • the mobile terminal sends the random number to the user card in the mobile terminal;
  • the user card encrypts the random number and obtains an encrypted calculation result as random information.
  • the user card jointly calculates the encryption calculation result and the corresponding mobile terminal related information, and obtains a joint calculation result;
  • the user card returns the encrypted calculation result and the joint calculation result to the mobile terminal at the same time;
  • the mobile terminal stores the joint calculation result ⁇ received from the user card as an authentication key.
  • step a is to generate a random number for the mobile terminal, and calculate the random number to obtain a random information, and then send the random information to the verification device; in step b, the mobile terminal The random number and the information related to the mobile terminal are calculated to obtain a verification key.
  • the mobile terminal performs a joint calculation on the random number and the mobile terminal related information to generate and save the verification key, including:
  • the mobile terminal sends the random number to the user card in the mobile terminal;
  • the user card performs joint calculation according to the random number and the corresponding information about the mobile terminal to obtain a first calculation result
  • the user card performs encryption calculation on the random number to obtain a second calculation result as random information; the user card returns two calculation results to the mobile terminal;
  • the mobile terminal saves the first calculation result as an authentication key.
  • step b the verification device performs joint calculation on the random information and the mobile terminal related information and generates the verification key, and the first calculation result is calculated from the second calculation result, and then the obtained first calculation result is saved as the verification key. key.
  • the mobile terminal further includes a security chip, and the mobile terminal saves the risk key to save the verification key on the security chip.
  • the user operation password is preset in the security chip, and before the verification key is written into the security chip or after receiving the setting of the user, the method further includes prompting the user to input a user operation indicating whether the user has the right to operate the security chip. Password, and then judge whether the user operation password entered by the user is correct. If step a is executed correctly, otherwise the process ends.
  • the mobile terminal related information is one of a root key KI of the user card, a communication key KC of the user card, an international mobile subscriber identity IMSI of the user card, an international mobile device identity IMEI of the mobile terminal, or Any combination.
  • the verification device saves the verification key by storing the corresponding verification key according to the terminal identity information.
  • the terminal identity information is one of user card identification information, user terminal number information and mobile terminal identification information or any combination thereof.
  • the authentication device is one of a home location register HLR, an authentication center AC, and a device identification register EIR.
  • a random number is generated by any one of the mobile terminal and the verification device, and then the random information corresponding to the random number is transmitted to another device, and the mobile terminal and the verification device are all based on the random number. Or the random information respectively generates respective verification keys for the legality of the mobile terminal user of the face.
  • the verification key of the present invention is obtained by directly or indirectly calculating a random number, instead of being directly generated by the user, thereby avoiding the phenomenon that the user directly generates the key and is easily attacked by the prior art; The direct transmission of the key is avoided, thereby avoiding the phenomenon that the key is obtained by intercepting the key due to the transmission of the corresponding signaling, so that the security of the key is also improved.
  • the security of the validity verification of mobile terminal users For example, even if the random information is intercepted by others, since the verification key is jointly calculated based on the random information and the related information of the mobile terminal, it is difficult for a person who intercepts the random information to know the specific calculation and use the key to be stored in the mobile terminal ( Including the relevant information in the user card, it is difficult to obtain the verification key based on the intercepted random information.
  • the key setting method according to the present invention overcomes the security vulnerabilities existing in the prior art, improves the security of the validity verification of the mobile terminal user, and thus improves the anti-theft effect of the mobile terminal.
  • 1 is a flow chart of a first method in accordance with the present invention.
  • 2 is a flow chart of a first embodiment of a first method in accordance with the present invention.
  • Figure 3 is a flow chart of a second embodiment of the first method in accordance with the present invention.
  • FIG. 4 is a flow chart of a second method in accordance with the present invention.
  • FIG. 5 is a flow chart of a third method in accordance with the present invention. Mode for carrying out the invention
  • the key generation method is abandoned in the present invention.
  • the key is not directly transmitted, but a random number for generating the key is transmitted, and then The mobile terminal and the verification device respectively calculate the respective keys according to the random number.
  • Fig. 1 shows the overall flow of a first key setting method according to the present invention proposed in accordance with the above idea. As shown in FIG. 1, the method includes the following steps:
  • step 101 the mobile terminal or the verification device generates a random number and then transmits the random number to the other party.
  • step 102 the mobile terminal and the verification device perform calculation according to the random number and the corresponding mobile terminal related information, respectively, to obtain respective verification keys for verifying the legitimacy of the mobile terminal user.
  • step 103 the mobile terminal and the verification device respectively save their own calculated face key.
  • the random number may be generated by the user card or may be generated by the mobile terminal itself.
  • the mobile terminal related information may be the KI of the user card, may be the KC of the user card, may be the IMSI of the user card, or may be the IMEI of the mobile terminal, and It can be any combination of them.
  • this information will be stored in both the mobile terminal and the authentication device.
  • the calculation performed by the mobile terminal according to the random number and the corresponding mobile terminal related information may be performed in the user card, that is, the user card calculates the verification key according to the random number and the mobile terminal related information.
  • the verification device When the verification device saves the calculated verification key in step 103, the user card identification information or the user terminal number information indicating the terminal identity information or the correspondence between the identification information of the mobile terminal and the calculated verification key may be further saved.
  • the verification device can save the verification key correspondingly according to the terminal identity information, thereby facilitating the verification of the key search.
  • the user card identification information is also the IMSI information
  • the user terminal number information is the telephone number corresponding to the user card in the mobile terminal
  • the identification information of the mobile terminal may be the IMEI of the mobile terminal.
  • the verification device in the present invention may be an HLR, an AC, or an EIR.
  • a first embodiment of the first method according to the present invention will now be described with reference to FIG.
  • a random number is generated by the mobile terminal, and then the random number is transmitted to the verification device.
  • step 201 the mobile terminal generates a random number and transmits the random number to the user card. This step may be performed when the user settings require a mobile terminal user legality verification operation.
  • step 202 after receiving the random number, the user card performs joint calculation using the random number and its saved KI and IMSI to obtain a calculation result, and then transmits the calculation result to the mobile terminal.
  • step 203 the mobile terminal sends a verification key setting request to the verification device, where the request carries the random number generated in step 201.
  • step 204 after receiving the verification key setting request from the mobile terminal, the face certificate device extracts the random number from the mobile terminal, and then jointly calculates the random number and the KI and the IMSI corresponding to the mobile terminal saved by the mobile terminal to obtain a calculation. Result, and save the calculation result It is an authentication key used to verify the legitimacy of mobile terminal users. Then, the verification key setting request response is returned to the mobile terminal, where the information about whether the setting of the face key is successful may be further carried.
  • step 205 after receiving the response message from the verification device, the mobile terminal saves the calculation result from the user card as an authentication key for verifying the legitimacy of the mobile terminal user.
  • the mobile terminal and the verification device perform respective calculations based on the same random number to obtain respective verification keys.
  • the calculation performed by the mobile terminal and the verification device on the same random number may be the same or different.
  • the mobile terminal judges whether the authentication key received from the verification device and the fingerprint key saved by itself are the same.
  • the mobile terminal determines the verification key received from the verification device and the verification key saved by itself. Whether the relationship is satisfied.
  • the mobile terminal may also determine whether the verification key stored in the verification device is consistent with the verification key saved by itself. For example, the mobile terminal may also send a random number to the verification device, and the mobile terminal and the verification device respectively perform encryption calculation on the random number according to the saved verification key, and the mobile terminal compares the encryption calculation result of the verification device with its own encryption calculation. Whether the result is consistent to determine whether the verification key stored in the verification device is consistent with the verification key saved by itself.
  • the above encryption calculation may be an encryption and decryption calculation of a reversible character string conversion, for example, an AES (Advanced Encryption Standard) encryption algorithm or a transformation form of the algorithm, or a summary calculation of an irreversible string transformation, for example, The MD5 (message-digest algorithm 5) information-summary algorithm 5 or its transformed form, or any other calculation is used.
  • AES Advanced Encryption Standard
  • MD5 messages-digest algorithm 5
  • information-summary algorithm 5 or its transformed form or any other calculation is used.
  • the KI can be used to encrypt the random number, and the calculated result is used, and then the IMSI is encrypted and calculated to obtain the most The final encryption calculation result.
  • the random number is generated by the verification device, and then the random number is transmitted to the mobile terminal.
  • step 301 the mobile terminal sends a verification key setting request to the verification device. This step can be started when the user needs to perform the mobile terminal user legality verification operation.
  • step 302 the verification device generates a random number, and uses the random number and the KI and IMSI information corresponding to the mobile terminal to perform a joint calculation to obtain a calculation result, and saves the calculation result as a verification secret for verifying the legitimacy of the mobile terminal user. key.
  • the verification key set request response is then returned to the mobile terminal, wherein the response message contains the random number.
  • step 303 after receiving the response message from the verification device, the mobile terminal extracts the random number therein, and then sends the random number to the user card.
  • step 304 the user card jointly calculates the random number and the KI and IMSI information saved by itself, obtains a calculation result, and returns the calculation result to the mobile terminal.
  • the mobile terminal saves the calculation result received from the user card as a verification key for verifying the legitimacy of the mobile terminal user.
  • the calculation of the same random number by the mobile terminal and the verification device may be the same or different.
  • the present invention proposes a second method as shown in FIG.
  • step 401 the mobile terminal generates a random number and transmits the random number to the user card. This step may be performed when the user settings require a mobile terminal user legality verification operation.
  • the random number is calculated to obtain a Calculation results.
  • the calculation may be an encryption calculation, and when performing the encryption calculation, one or any combination of information such as KI, KC, IMSI, IMEI, etc. may be introduced to participate in the calculation.
  • step 403 the user card uses the calculation result to perform joint calculation with the KI, IMSI, etc. saved by itself, and then obtains a joint calculation result, and then transmits the encrypted calculation result and the joint calculation result to the mobile terminal simultaneously.
  • step 404 the mobile terminal sends a verification key setting request to the verification device, where the request carries the encrypted calculation result, that is, the random information, received from the user card in step 403.
  • step 405 after receiving the verification key setting request from the mobile terminal, the verification device extracts the encryption calculation result, and then performs joint calculation on the encryption calculation result and the KI and IMSI corresponding to the mobile terminal saved by itself. A joint calculation result is obtained, and the joint calculation result is saved as an verification key for verifying the legitimacy of the mobile terminal user. The verification key set request response is then returned to the mobile terminal, carrying information indicating whether the verification key was successful.
  • step 406 after receiving the response message from the face card device, the mobile terminal saves the joint calculation result from the user card as an authentication key for verifying the legitimacy of the mobile terminal user.
  • the encryption calculation performed by the user card in step 402 and the joint calculation performed in step 403 are performed separately.
  • the calculation performed by the separation may have an effect on efficiency or increase the implementation. the complexity.
  • the two calculation steps can be combined into one by algorithm design.
  • the present invention proposes a third method as shown in FIG.
  • step 501 the mobile terminal generates a random number and transmits the random number to the user card. This step may be performed when the user settings require a mobile terminal user legality verification operation.
  • step 502 after receiving the random number, the user card performs joint calculation on the random number and related information of the mobile terminal, such as KI and IMSI, to obtain a first calculation result.
  • the random number is encrypted, a second calculation result is obtained.
  • One or any combination of information such as KI, KC, IMSI, IMEI, etc. participate in the calculation.
  • the user card simultaneously transmits the first calculation result and the second calculation result to the mobile terminal.
  • step 504 the mobile terminal sends a verification key setting request to the verification device, where the request carries a second calculation result, that is, random information, received from the user card in step 503.
  • step 505 after receiving the verification key setting request from the mobile terminal, the verification device extracts a second calculation result, and then saves the second calculation result and related information stored by the mobile terminal, such as KI, and The joint calculation is performed by IMSI and the like to obtain a joint calculation result, and the joint calculation result is saved as a verification key for verifying the legitimacy of the mobile terminal user.
  • the verification key set request response is then returned to the mobile terminal, carrying information indicating whether the verification key was successful.
  • step 506 after receiving the response message of the verification device, the mobile terminal saves the first calculation result from the user card as an authentication key for verifying the legitimacy of the mobile terminal user.
  • the premise of saving the verification key should be that the verification device responds with a message that the verification key is successful.
  • the verification key saved by the mobile terminal is the first calculation result
  • the verification key saved by the verification device is a joint calculation result obtained by further calculating the second calculation result
  • the joint calculation result calculated by the verification device is obtained.
  • the first calculation result calculated by the user card and the user card must satisfy the relationship of the symmetric key.
  • the step of calculating the second calculation result by the user card according to the random number may be referred to as step si
  • the step of calculating the first calculation result from the second calculation result is referred to as s2, and will be calculated from the random number.
  • the first calculation result is called s3, so that s3 is the result of executing s2 after si is executed.
  • the verification device can obtain the same calculation result as the calculation result obtained by the user card performing s3 by executing step s2.
  • step s1 the step of calculating the first calculation result by the user card according to the random number
  • step s2 the step of calculating the second calculation result from the first calculation result by the user card
  • the verification device is calculated from the second calculation
  • the step of calculating the joint calculation result is called s3, so that if s3 is performing the inverse step of s2, then s3 can calculate the first calculation result from the second calculation result, and use the calculation result as the result. Verify the joint calculation results of the device.
  • the mobile terminal after the mobile terminal receives the verification key setting request response from the face card device, the mobile terminal generates the verification key generated by itself, and in actual application, after the mobile terminal generates the verification key itself, The operation of saving the verification key can be performed directly without having to perform the save operation after receiving the verification key setting request response.
  • the operations of generating a random number, transmitting a random number, and the like by the mobile terminal are controlled by a mobile terminal program.
  • the user setting needs to perform the mobile terminal user legality verification operation may be set through the screen interface of the mobile terminal.
  • the authentication key of the mobile terminal is saved by the mobile terminal program in a non-volatile memory of the mobile terminal.
  • a security chip for verifying the legitimacy of the user may be set in the mobile terminal, and the verification key in the mobile terminal is preferably saved by the security chip.
  • the mobile terminal is receiving After the calculation result from the user card is sent to the security chip, the security chip saves the calculation result as a verification key for verifying the legitimacy of the mobile terminal user.
  • a user operation password may be set in the security chip, and when accessing the security chip, for example, writing key data operations, etc. , need to be verified by user operation key before proceeding.
  • the user terminal can verify the legality of the mobile terminal user. After the setting, the mobile terminal further prompts the user to input a user operation password to indicate that the user has the right to perform this setting. After the user inputs the user operation password, the mobile terminal program determines whether the user operation password input by the user is correct. If the subsequent steps are correctly performed, the user returns a password input error message and ends the process.
  • the user operation password can be set on the security chip to ensure the security of the user's operation key.
  • the mobile terminal program transmits the user operation key input by the user to the security chip, and the security chip determines whether the user operation password input by the user is correct, and transmits the determination result to the mobile terminal.
  • the program is displayed to the user; if the security chip determines that the user input password entered by the user is correct, the related access operation to the security chip is allowed.
  • the KI, KC, and IMSI information corresponding to the mobile terminal are actually KI, KC, and IMSI information in the current user card in the mobile terminal.
  • the combined calculation can be an encryption calculation.
  • the encryption calculation described herein may be an encryption and decryption calculation of a reversible character string conversion, for example, using an AES (Advanced Encryption Standard) encryption algorithm or a transformation form of the algorithm, or a digest calculation of an irreversible string transformation, for example, using MD5 (message- Digest algorithm 5) Information-Abstract Algorithm 5 or its transformed form, or any other algorithm.
  • AES Advanced Encryption Standard
  • MD5 messages- Digest algorithm 5
  • Information-Abstract Algorithm 5 or its transformed form, or any other algorithm.
  • the verification key saved by the mobile terminal and the verification device may be the same or different, as long as the preset relationship is satisfied or another password is derived from the verification key.
  • the key may be, that is, the two keys satisfy the symmetric key relationship. Since the symmetric key is common knowledge to those skilled in the art, it will not be described in detail herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

L'invention concerne un procédé permettant d'établir la clé d'authentification appliquée entre le terminal mobile et l'appareil d'authentification, qui consiste: a) en ce que le terminal mobile ou l'appareil d'authentification génère un nombre aléatoire et transmet à l'autre l'information aléatoire correspondant au nombre aléatoire; b) en ce que le terminal mobile ou l'appareil d'authentification calcule le nombre aléatoire et l'information se rapportant au terminal mobile ou calcule l'information aléatoire et l'information se rapportant au terminal mobile de façon à générer et à stocker la clé d'authentification destinée à authentifier la validité de l'utilisateur du terminal mobile, et l'autre, le terminal mobile ou l'appareil d'authentification, calcule l'information aléatoire et l'information se rapportant au terminal mobile pour générer et stocker la clé d'authentification correspondante. Selon le procédé d'établissement de la clé d'authentification, on améliore ainsi la sécurité de l'authentification de la validité de l'utilisateur du terminal mobile et, par conséquent, la protection contre le vol.
PCT/CN2005/001432 2004-09-08 2005-09-08 Procede d'etablissement de la cle d'authentification WO2006026925A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200410074295.3 2004-09-08
CNA2004100742953A CN1747384A (zh) 2004-09-08 2004-09-08 验证密钥设置方法

Publications (1)

Publication Number Publication Date
WO2006026925A1 true WO2006026925A1 (fr) 2006-03-16

Family

ID=36036078

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2005/001432 WO2006026925A1 (fr) 2004-09-08 2005-09-08 Procede d'etablissement de la cle d'authentification

Country Status (2)

Country Link
CN (1) CN1747384A (fr)
WO (1) WO2006026925A1 (fr)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7860882B2 (en) * 2006-07-08 2010-12-28 International Business Machines Corporation Method and system for distributed retrieval of data objects using tagged artifacts within federated protocol operations
CN101944170B (zh) * 2010-09-20 2014-04-30 中兴通讯股份有限公司 一种软件版本发布方法、系统及装置
CN102595401B (zh) * 2012-03-19 2018-05-04 中兴通讯股份有限公司 一种检测uicc和设备是否配对的方法和系统
CN112492590A (zh) 2017-11-14 2021-03-12 华为技术有限公司 一种通信方法及装置
CN111147236A (zh) * 2019-12-25 2020-05-12 江苏星地通通信科技有限公司 基于rsa和aes的加解密方法及系统
CN113381965A (zh) * 2020-03-09 2021-09-10 中国电信股份有限公司 安全认证方法、系统和认证服务平台

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5613214A (en) * 1993-10-18 1997-03-18 Nec Corporation Mobile communication terminal authenticating system
US5794139A (en) * 1994-08-29 1998-08-11 Sony Corporation Automatic generation of private authentication key for wireless communication systems
WO1999025086A2 (fr) * 1997-11-11 1999-05-20 Sonera Oyj Generation d'une valeur de depart

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5613214A (en) * 1993-10-18 1997-03-18 Nec Corporation Mobile communication terminal authenticating system
US5794139A (en) * 1994-08-29 1998-08-11 Sony Corporation Automatic generation of private authentication key for wireless communication systems
WO1999025086A2 (fr) * 1997-11-11 1999-05-20 Sonera Oyj Generation d'une valeur de depart

Also Published As

Publication number Publication date
CN1747384A (zh) 2006-03-15

Similar Documents

Publication Publication Date Title
WO2018050081A1 (fr) Procédé et appareil d'authentification d'identité de dispositif, et support de stockage
US8724819B2 (en) Credential provisioning
CN106161032B (zh) 一种身份认证的方法及装置
WO2017185913A1 (fr) Procédé d'amélioration du mécanisme d'authentification d'un réseau local sans fil
WO2015192670A1 (fr) Procédé d'authentification d'identité d'utilisateur, terminal et terminal de service
US20050149730A1 (en) Multi-authentication for a computing device connecting to a network
CN101272301B (zh) 一种无线城域网的安全接入方法
CN107820239B (zh) 信息处理方法及装置
WO2016115807A1 (fr) Procédé et dispositif de traitement d'accès à un routeur sans fil, et procédé et dispositif d'accès à un routeur sans fil
KR20070091266A (ko) 구별되는 랜덤한 시도들을 사용하는 부트스트랩 인증
WO2009155813A1 (fr) Procédé pour stocker des données chiffrées dans un client et système associé
CN107454035B (zh) 一种身份认证的方法及装置
WO2017185450A1 (fr) Procédé et système d'authentification de terminal
CN101272616A (zh) 一种无线城域网的安全接入方法
US20130097427A1 (en) Soft-Token Authentication System
CN106888092A (zh) 信息处理方法及装置
US8498617B2 (en) Method for enrolling a user terminal in a wireless local area network
CN101192927B (zh) 基于身份保密的授权与多重认证方法
CN110929231A (zh) 数字资产的授权方法、装置和服务器
CN114765534A (zh) 基于国密标识密码算法的私钥分发系统
CN112020716A (zh) 远程生物特征识别
WO2006026925A1 (fr) Procede d'etablissement de la cle d'authentification
CN107070918B (zh) 一种网络应用登录方法和系统
CN106953731A (zh) 一种终端管理员的认证方法及系统
WO2006024224A1 (fr) Procede de protection securisee de la carte utilisateur

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase