WO2007124657A1 - Procédé, système et dispositif d'authentification - Google Patents

Procédé, système et dispositif d'authentification Download PDF

Info

Publication number
WO2007124657A1
WO2007124657A1 PCT/CN2007/000914 CN2007000914W WO2007124657A1 WO 2007124657 A1 WO2007124657 A1 WO 2007124657A1 CN 2007000914 W CN2007000914 W CN 2007000914W WO 2007124657 A1 WO2007124657 A1 WO 2007124657A1
Authority
WO
WIPO (PCT)
Prior art keywords
entity
authentication data
random number
algorithm
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2007/000914
Other languages
English (en)
Chinese (zh)
Inventor
Wenyu Liu
Jie Xu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CNA2006100849926A external-priority patent/CN101064606A/zh
Priority claimed from CN 200610091433 external-priority patent/CN101064607A/zh
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of WO2007124657A1 publication Critical patent/WO2007124657A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Definitions

  • the present invention relates to the field of wireless communication networks, and in particular, to a method, system and apparatus for authentication.
  • IP-based network architecture will inevitably make mobile networks face some security issues inherent in IP networks.
  • the mobile communications network will eventually evolve into an open network that will provide users with an open application interface to meet the individual needs of users.
  • the openness of the network and the characteristics of wireless communication, security issues will become one of the core issues of the entire mobile communication system.
  • 3GPP 3G Partnership Project
  • IMSI International Mobile Subscriber Identity
  • AKA Authentication and Key Agreement
  • the authentication algorithm used in the registration process of the IP Multimedia Subsystem is the AKA authentication algorithm, which generates an authentication vector AV based on the key, the random number and related parameters, and the authentication vector AV is a
  • the quintuple includes a random number RAND, an authentication token AUTN, an authentication response XRES, an encryption key CK, and a message integrity key IK:. Used for user-to-network authentication, network-to-user authentication, or IP security (IPSEC, IP Securty) establishment.
  • IPSEC IP Securty
  • the AKA authentication algorithm will be described below with reference to FIG. 3GPP defines 12 security algorithms for 3G systems: f0-f fl* and f5*, for different security services.
  • the calling procedure of the mobile subscriber registration and authentication parameters in the identity authentication and key distribution scheme is basically the same as that of the GSM (Global System Mobile) network, except that the 3GPP authentication vector AV is a quintuple and implements user authentication of the network.
  • AKA utilizes the f0 to f5* algorithm, which is executed only in the authentication center (AC, Authentication Center) and the identity card of the user terminal (such as SIM, Subscriber Identity Module).
  • the ⁇ algorithm is only executed in the AC to generate the random number RAND; the fl algorithm is used to generate the message authentication code (MAC-A in the AC, XMAC-A in the user identification card); fl* is the resynchronization message
  • An authentication algorithm for generating a MAC-S 2 algorithm for generating a desired authentication response (XRES in AC, RES in SIM card); ⁇ algorithm for generating encryption key CK; f4 algorithm for generating message integrity
  • the key IK; f5 algorithm is used to generate an anonymous key AK, which is used to encrypt and decrypt the serial number (SQN, Sequence number) to prevent location tracking; f5* is an anonymous key generation algorithm during resynchronization .
  • VLR Visited Location Register
  • AV Visited Location Register
  • XRES Random Access Response
  • CK Counter Key
  • IK IK
  • AUTN SQN ® AK II AMF II MAC-A VLR RAND and AUTN to the user (such as SIM).
  • the user calculates XMAC-A- flK (SQN il RAND II AMF). If the XMAC-A is equal to the MAC-A in the AUTN and the direct SQN is in the valid range, the network authentication is considered successful; and is calculated by f2 ⁇ f4 respectively.
  • RES CK IK send RES to VLR VLR to verify RES, if it matches XRES in the previously generated authentication vector, it is considered that the user terminal is successfully authenticated; otherwise, the access of the user terminal is rejected.
  • the SIM and AC enter the resynchronization procedure using the fl* algorithm, and the VLR requests a new authentication vector AV from the HLR/AC.
  • FIG. 2 it is a schematic diagram of an existing IMS authentication process. among them:
  • S-CSCF Serving Call Server Control Function
  • the S-CSCF requests authentication data (Cx-Authentication) from the home subscriber server (HSS Home Subscriber Server); 3.
  • the HSS obtains the 5-tuple (RA D, AUTN, XRES, CK, and IK) of the authentication vector AV according to the AKA algorithm, and sends it to the S-CSCF (Cx-Authentication Resp);
  • the S-CSCF sends the RAND, AUTN, CK, and IK in the quintuple to the proxy CSCF (P-CSCF), and the P-CSCF sends an authentication request including the authentication token AUTN and the random number RAND to the UE. Requesting the UE to generate authentication data (401 Unauthorized);
  • the UE After receiving the authentication request, the UE first calculates the XMAC and compares it with the MAC in the AUTN. If it is different, it sends a reject authentication message to the VLR, and discards the process. Also verify that the received sequence number SQN is within the valid range. If not, the MS sends a synchronization failure message to the VLR and discards the process.
  • the user terminal calculates RES with f2, calculates CK with ⁇ , calculates IK with f4 algorithm, and establishes IP security (IPSEC) tunnel according to IK, CK and P-CSCF, and sends RES to IMS network (REGISTER);
  • IPSEC IP security
  • the S-CSCF compares the RES reported by the UE with the XRES obtained from the HSS. If the two are the same, the authentication is considered successful, and the user data is exchanged with the HSS, otherwise the authentication fails.
  • the IMS network After the authentication succeeds, the IMS network returns an authentication success message (200OK) to the UE. Since the UE and the HSS calculate the CK using the same algorithm ⁇ , the resulting CK must be the same, so that the UE and the IMS network undergo mutual identity authentication and password negotiation, respectively, and the CK and IK in the process are used as the future UE and RNC's secure communication.
  • CAVE Cellular Authentication Voice Encryption
  • the CAVE algorithm cannot generate a 5-tuple authentication vector similar to the AKA algorithm based on a random number, and only generates an authentication result. That is, after the authentication center and the user terminal calculate an authentication result according to the same random number, the network Compare whether the results of both parties are met; if they are met, the authentication is passed. See the CDMA2000 circuit domain authentication process below:
  • FIG. 3 it is an authentication process that uses the CAVE algorithm when registering in the prior art.
  • the mobile terminal (MS, Mobile Station) in the base station subsystem (BSS, Base Station Subsystem) initiates a location registration request message, and carries the RANDC, RAND, and the profile generated by the CAVE algorithm. The weight responds to the parameters AUTHR and COUNT parameters.
  • the mobile switching center/Visitor Location Register (MSC/VLR, Mobile Services Switching Center/Visited Location Register) sends an authentication request message AUTHREQ to the Home Location Register/Authentication Center (HLR/AC, Home Location Register/Authentication Center), Carry RAN, AUTHR, COUNT parameters.
  • the HLR/AC uses the CAVE algorithm to generate an authentication response parameter AUTHR, which is compared with the AUTHR transmitted by the UE to determine whether it is the same, to verify the legitimacy of the mobile phone, and to return the authentication response message authreq to the MSC/VLR, and return The result of the authentication.
  • the MSC/VLR determines to access/reject the subsequent service according to the result. If the authentication is successful, the MSC/VLR sends a REGNOT message to the HLR/AC.
  • the HLR/AC returns the location registration response message regnot.
  • the MSC/VLR returns a Location Registration Accept message to the BSS.
  • the SSD is a set of 128-bit data stored in the semi-permanent memory of the user terminal, which is readily available on the network side.
  • the SSD is divided into two distinct subsets, each of which is used to support different processes.
  • the first 64-bit SSD-A of the SSD is used to support the authentication process, and the latter 64-bit SSD-B is used for voice privacy and signaling information encryption.
  • the authentication process :
  • the MSC initiates an authentication request message AUTHREQ.
  • the SSD update process is initiated.
  • An authreq message is sent to the MSC with the number of RANSSDs used to calculate the SSD, AUTHU, and the random number RA DU used to calculate the AUHTU.
  • the MSC sends an SSD Update Request message to the mobile phone, and the message carries a random number RANDSSD for SSD update.
  • the mobile phone After the mobile phone receives the random number RANDSSD, it generates a RANDBS parameter, and uses the CAVE algorithm to calculate an SSD value and an AUTHBS value. At this time, the mobile phone needs to verify the legitimacy of the network side, and sends a Base Station Challenge message to the MSC, where the message carries the RANDBS parameter.
  • the MSC sends a base station query message to the HLR/AC.
  • MSG calculates a new SSD value by using the same RANDSSD parameter as that sent to the mobile phone, and after receiving the RA DBS parameter from the mobile phone, it uses the CAVE algorithm to calculate the AUTHBS parameter with the new SSD. At this time, it sends the mobile phone to the mobile phone.
  • the base station queries a response message (Base Station Challenge Response), and carries the AUTHBS parameter in the message.
  • the mobile phone compares the AUTHBS parameter received from the network side with its own calculated AUTHBS value. If the two values are the same, it means that the verification is passed, the SSD parameter saved in the original mobile phone is updated, and the SSD update accept message is reported to the MSC (SSD Update). Response ); If the two values are different, the phone will still retain the current value if it abandons the new SSD value.
  • the MSC sends a unique query message (Authentication Request) to the BSS, and carries the random number RANDU in the message, requesting a unique query.
  • Authentication Request a unique query message
  • the mobile phone calculates the AUTHU with the updated SSD and RANDU, and sends it to the MSC/VLR through a unique query response message (Authentication Response).
  • the MSC sends an authentication status report message ASREPORT to the VLR, and carries the result of the SSD update SSDUPRT and the result of the unique query UCHALRPT.
  • the MSC sends an authentication status report message ASREPORT to the HLR/AC, where the message carries the result of the SSD update SSDUPRT and the result of the unique query UCHALRPT.
  • an EARLY IMS solution proposed by the 3GPP standards organization is to use the trust relationship between the access network and the IMS network after the access network authenticates the terminal, and the access network notifies the IMS network of the IP obtained by the user. Address, the IMS network accepts the terminal registration of the IP address.
  • IPSEC IP address spoofing
  • Embodiments of the present invention provide a method, system, and apparatus for authenticating a user terminal and Authentication between IMS networks is more secure.
  • a method for authentication according to an embodiment of the present invention includes the following steps: The third entity generates second authentication data and a second random number, and sends the second random number to the second entity;
  • the first entity generates first authentication data according to the first random number, and sends the first authentication data to the second entity;
  • the second entity generates third authentication data according to the first authentication data and the second random number, and sends the third authentication data to the third entity;
  • the third entity determines whether the authentication is successful by comparing the consistency of the second authentication data with the third authentication data.
  • the embodiment of the invention further provides a method for authentication, comprising the following steps:
  • the third entity generates second authentication data and a second random number, and sends the second random number to the second entity;
  • the second entity obtains a plurality of first random numbers according to the second random number, and sends the multiple first random numbers to the first entity;
  • the first entity generates a plurality of corresponding first authentication data according to the plurality of random numbers, and sends the plurality of first authentication data to the second entity;
  • the second entity sends third authentication data combined by the plurality of first authentication data to the third entity.
  • the third entity determines whether the authentication is successful by comparing the consistency of the third authentication data with the second authentication data.
  • a system for authentication includes a first entity, a second entity, and a third entity, where the first entity and the second entity have a trust mechanism, A random number associated with the first random number may be exchanged between the second entity and the third entity;
  • the third entity is configured to generate first authentication data by using a first algorithm according to the first random number obtained by the random number, and send the first authentication data to the second entity, and Generating second authentication data according to the first authentication data; and for authenticating by comparing the second authentication data and the third authentication data;
  • the first entity is configured to generate first authentication data by using the first algorithm according to the first random number, and send the first authentication data to the second entity;
  • the second entity is configured to generate third authentication data according to the first authentication data, and send the third authentication data to the third entity.
  • An apparatus for authentication including an S-CSCF interface module for performing information interaction with an S-CSCF, and a second algorithm execution module for performing a second algorithm operation, further includes:
  • An HLR interface module configured to perform information interaction with the HLR, to obtain first authentication data and a first random number
  • a second algorithm parameter generating module configured to receive the first random number and the first authentication data from the HLR interface module; and perform a second randomization obtained by combining/combining the first random number and the first authentication data The number and the first key are passed to the second algorithm execution module.
  • Another apparatus for authentication includes a P-CSCF interface module for performing information interaction with a P-CSCF, and a second algorithm execution module for performing a second algorithm operation; :
  • a user identification card interface module configured to perform information interaction with the user identification card, and send a second random number received from the network to the user identification card, and receive the first random number and the first authentication data fed back by the user identification card;
  • a second algorithm parameter generating module configured to receive the first random number and the first authentication data from the user card interface module, and obtain the first obtained by the first random number and the first authentication data The second random number and the first key are transmitted to the second algorithm execution module.
  • a method, system, and device system for authenticating an embodiment of the present invention when authentication is required between a second entity and a third entity that do not have a shared key, may be performed by a first entity having a trust mechanism with each of them
  • the fourth entity calculates a random number exchanged between the second entity and the third entity to generate a common key or an authentication vector, thereby implementing an authentication process.
  • the CAVE algorithm is used to generate authentication data on the terminal side and the network side
  • the AKA algorithm is used as the key to generate five yuan.
  • the authentication vector of the group or directly forms a five-tuple authentication vector with multiple authentication data, thereby realizing the mutual authentication process between the terminal and the network.
  • This method of authentication does not require major modifications to the existing network, and can establish a good IPSEC between the access network and the IMS network to ensure the security of communication between the terminal and the network, and can protect more from the outside world. s attack.
  • 1 is a schematic diagram of an existing AKA authentication algorithm
  • FIG. 2 is a schematic diagram of an existing IP multimedia subsystem authentication process
  • FIG. 3 is a schematic diagram of an existing authentication process using a CAVE algorithm when registering
  • FIG. 4 is a schematic diagram of an existing authentication process when updating shared secret data
  • FIG 5 shows an existing IPV4 and IPV6 network definition called "CAVE-based".
  • Figure 6 is a flow chart of a first embodiment of a method for authentication of the present invention.
  • Figure 7 is a schematic diagram of the principle on which the authentication process employed in Figure 6 of the present invention is based;
  • Figure 8 is a flow chart of a second embodiment of the method for authentication of the present invention.
  • Figure 9 is a flow chart of a third embodiment of the method for authentication of the present invention.
  • Figure 10 is a schematic structural view of a first embodiment of the HSS of the present invention.
  • Figure 11 is a schematic structural view of a second embodiment of the HSS of the present invention.
  • FIG. 12 is a schematic structural diagram of a user terminal according to an embodiment of the present invention.
  • Embodiments of the present invention provide a method, apparatus, and system for authentication, which are described below in conjunction with the attached drawings.
  • Step 1 The user terminal (UE) sends a registration request to the call session control function (CSCF) to request registration to the IMS network;
  • CSCF call session control function
  • Step 2 The CSCF requests authentication data from the Home Subscriber Server (HSS);
  • HSS Home Subscriber Server
  • Step 3 The HSS requests authentication data from the home location register (HLR);
  • Step 4 The HLR generates a random number Randr, and according to the random number, Randr uses the CAVE algorithm to generate the authentication data Authr, and feeds the authentication data Authr to the HSS;
  • Step 5 HSS generates a key with Authr and generates Rand with Randr, using AKA
  • the method calculates the five-tuple authentication vector AV ( AUTN, Xres, IK, CK, Rand );
  • Step 6 The HSS sends the authentication vector to the CSCF.
  • Step ⁇ The CSCF sends the random number Rand and the authentication token AUTN in the authentication vector to the user terminal;
  • Step 8 The user terminal gets Randr from the random number Rand
  • Step 9 The user terminal sends the Randr to the user identification card (Car);
  • Step 10 The user identification card calculates the authentication data Authr according to the random number Randr by using the CAVE algorithm, and feeds the authentication data Authr to the user terminal;
  • Step 11 The user terminal generates a key with Authr and combines the random number Rand, and uses the AKA algorithm to calculate the authentication vector AV of the quintuple;
  • Step 12 The user terminal sends the authentication result Xres to the CSCF for subsequent authentication process, and the CSCF can authenticate the user terminal by comparing whether the Xres generated from the user terminal and the Xres generated in the HSS are the same, if two If they are the same, it means that the terminal is successfully authenticated.
  • the HSS obtains the authentication data from the HLR, and then the authentication data acquired by the 4B is used as the authentication key of the terminal to generate an authentication vector of the quintuple.
  • the terminal sends the random number received from the network to the user identification card, and the authentication result fed back by the user identification card is used as an authentication key to generate an authentication vector of the quintuple, thereby realizing authentication between the terminal and the network. process.
  • the HLR and the HSS may be integrated together, and the foregoing steps 3 and 4 may be an internal implementation process, and no performance is performed outside, or the Randr may be composed of multiple random numbers, and the Authr may Is a plurality of authentication data corresponding to the plurality of random numbers.
  • FIG. 7 it is a schematic diagram based on the authentication process used in FIG. 6 of the present invention: Entity between the entities A and B is required, and the authentication algorithm 2 is used, but A and B do not have a shared key.
  • Entity A trust relationship has been established between entities X and A. Entity A can request authentication data from entity X.
  • a trust relationship has been established between entities B and Y, and entity B can request authentication data from entity Y.
  • Entities A and B are exchanged to obtain a common challenge random number. Its working principle is as follows:
  • entity Y generates a random number and generates first authentication data using algorithm 1 and said first random number;
  • entity B generates a key required by algorithm 2 with the first authentication data, and generates a second random number (ie, challenge random number) required by algorithm 2 with the first random number, and The second random number is generated by the algorithm 2, and the second random number and the second authentication data are sent to the entity B;
  • a second random number ie, challenge random number
  • Entity The second random number is sent to the entity A, and some entities (not shown) may be passed in the middle;
  • the entity A obtains the first random number according to the second random number, and sends the first random number to the entity X;
  • the entity X generates the first authentication data by using the algorithm 1 according to the first random number, and sends the first authentication data to the entity A;
  • the first entity A generates a key with the first authentication data, and generates a third authentication data by using the second random number and the key using algorithm 2, and the third authentication
  • the right data is sent to the entity B;
  • Entity A and B both use the authentication data obtained by each as the key. Since X and Y use the common key and the authentication data generated by the challenge random number, the authentication data of the A and B activities are the same, that is, A and B gets a common key.
  • the user terminal, HSS, user identification card, HLR can be divided into entities A, B, X, Y; CAVE algorithm can be regarded as algorithm 1; AKA algorithm can be It is regarded as algorithm 2; authentication data Aut can be regarded as the common key obtained by entities A and B, Randr is the first random number; Rand is the second random number; Authr is the first authentication data; entity A And Xres in the entity B are the third authentication data and the second authentication data, respectively.
  • entity Y and the entity B may also be implemented by one entity, hereinafter referred to as an entity BY (not shown), and the principle is:
  • the entity BY generates a key required by the algorithm 2 with the first authentication data, and generates a second random number (ie, a challenge random number) required by the algorithm 2 with the first random number, and The key and the second random number generate the second authentication data by using the algorithm 2;
  • the entity BY sends the second random number to the entity A, and some entities may be passed in the middle (not shown);
  • the first entity A generates a key with the first authentication data, and generates a third authentication data by using the second random number and the key using algorithm 2, and the third authentication
  • the right data is sent to the entity BY;
  • the entity BY compares the consistency of the second authentication data with the third authentication data to determine whether the authentication is successful.
  • Step 1 The user terminal (UE) sends a registration request to the call session control function (CSCF) to request registration to the IMS network;
  • CSCF call session control function
  • Step 2 The CSCF requests authentication data from the Home Subscriber Server (HSS);
  • HSS Home Subscriber Server
  • Step 3 The HSS requests authentication data from the home location register (HLR); and consecutively requests 4 times corresponding to steps 3, 3a, 3b, 3c;
  • Step 4 The HLR generates 4 authentication data based on 4 requests and uses the CAVE algorithm.
  • Step 5 The HSS combines 32 bits of Randl/2/3/4 of the four authentication data into one 128-bit Rand and associates Authl/2/3/4 (AUTN, Xres, IK, CK). , generated a 5-tuple authentication vector AV;
  • Step 6 The HSS sends the authentication vector to the CSCF.
  • Step ⁇ ' The CSCF sends the random number Rand and the authentication token AUTN in the authentication vector to the user terminal;
  • Step 7a The user terminal decomposes the 128-bit Rand into four 32-bit Randl and Rand2.
  • Step 8 The user terminal sends the four random numbers (Randl, Rand2, Rand3, and Rand4) to the user identification card in four times for requesting the authentication result, corresponding to steps 8, 8a, 8b, and 8c;
  • Step 9 User The identification card calculates the authentication data Authl, Auth2, Auth3 and Auth4 according to Randl, Rand2, Rand3 and Rand4 respectively, and feeds the authentication data result to the user terminal, corresponding to steps 9, 9a, 9b, 9c;
  • Step 10 The user terminal associates Authl, Auth2, Auth3, and AutM with AUTN, Xres, IK:, CK, and combines the original 128-bit Rand to generate a five-tuple authentication vector AV;
  • Step 11 User terminal The weight result Xres is sent to the CSCF for subsequent authentication process, and the CSCF can authenticate the user terminal by comparing whether the Xres generated from the user terminal and the Xres generated in the HSS are the same, and if the two are the same, the terminal is The authentication was successful.
  • the HSS can obtain the authentication data multiple times from the HLR, combine the multiple random numbers into one random number, and map the multiple obtained data into the authentication vector of the quintuple.
  • the terminal decomposes the random number received from the network into a plurality of random numbers and sends them to the user identification card, and corresponds the plurality of authentication results fed back by the user identification card to the authentication vectors of the five-tuple. Thereby, the process of answering power between the terminal and the network is realized.
  • the HLR and HSS may be integrated, and steps 3, 3a, 3b, 3c and steps 4, 4a, 4b, 4c described above are internal implementations and are not externally represented.
  • Step 1 The user terminal (UE) sends a registration request (Register) to the call session control function (CSCF) to request registration to the IMS network;
  • a registration request (Register)
  • CSCF call session control function
  • Step 2 The CSCF sends a CxAuthReq message to request authentication data from the Home Subscriber Server (HSS);
  • HSS Home Subscriber Server
  • Step 3 The HSS requests authentication data from the home location register (HLR);
  • Step 4 The HLR generates a random number Randu, and according to the random number, Randu uses the CAVE algorithm to generate the authentication data Authu, and feeds the authentication data Authu to the HSS;
  • Step 4a The HSS feeds back an authentication status report to the HLR, requesting feedback shared encrypted data (SSD);
  • Step 4b The HLR feeds back the shared encrypted data (SSD) to the HSS;
  • the HSS generates a random number Randr, and uses the CAVE algorithm to generate authentication data AuthR, Signaling Message Encryption Key (SMEKEY) and CDMA Private Long Code Mask (CDMAPLCM) according to the SSD.
  • the items are collectively referred to as Keys.
  • the HSS generates the authentication key of the AKA algorithm with AuthR or / and Keys.
  • the generation method can be obtained by using SMEKEY, CDMAPLCM and AuthR together for bit operation.
  • HSS uses Randr to generate the random number Rand of AKA algorithm, and finally uses the AKA algorithm to calculate the 5-tuple authentication vector AV (Rand, AUTN, Xres, IK, CK) according to the random number Rand and the authentication key;
  • Step 6 The HSS sends the authentication vector AV to the CSCF;
  • Step 7 The CSCF sends the random number Rand and the authentication token AUTN in the authentication vector AV to the user terminal;
  • Step 8 The user terminal gets Randr from the random number Rand
  • Step 9 The user terminal sends the Randr to the user identification card (Card);
  • Step 10 The user identification card calculates the authentication data Authr, Keys according to the random number Randr and uses the CAVE algorithm to feed back the authentication data Authr and Keys values to the user terminal;
  • Step 11 The user terminal generates an authentication key of the AKA algorithm by using Authr or / and Keys. Combined with the random number Rand, the authentication vector AV of the quintuple is calculated by the AKA algorithm;
  • Step 12 The user terminal sends the authentication result Xres to the CSCF for subsequent authentication process, and the CSCF can authenticate the user terminal by comparing whether the Xres from the user terminal and the Xi'es generated in the HSS are the same. If the two are the same, it means that the terminal is successfully authenticated.
  • the HSS obtains authentication data from the HLR, and notifies the HLR of the ability to perform CAVE execution, and the HLR sends the shared encrypted data SSD to the HSS, and the HSS can use the CAVE algorithm to calculate the authentication data according to the SSD ( AuthR, Keys), and then the calculated authentication data is synthesized into the authentication key of the terminal to generate a five-tuple authentication vector.
  • the terminal sends the random number received from the network to the user identification card, and uses the authentication result fed back by the user identification card as an authentication key to generate an authentication vector of the quintuple, thereby realizing authentication between the terminal and the network. process.
  • the HLR and the HSS may be integrated together, and the foregoing steps 3, 4, 4a, and 4b may be internal implementation processes, no performance on the outside, or the Randr may be multiple random.
  • the Authr, Keys may be a plurality of authentication data corresponding to the plurality of random numbers.
  • a system for authentication of the present invention mainly includes a user terminal, a subscriber identity card, a P-CSCF, an S-CSCF, an HSS, and an HLR.
  • the main device according to the present invention will be described in detail below with reference to FIGS. 10 to 12.
  • FIG. 10 it is a schematic structural diagram of a first embodiment of an authentication device (HSS) according to the present invention.
  • the HSS mainly includes an HLR interface module 101, an AKA algorithm parameter generation module 102, an AKA algorithm execution module 103, and an S-CSCF interface module 104 that are sequentially connected.
  • the HLR interface module 101 is configured to perform information interaction with the HLR;
  • the AKA algorithm parameter generation module 102 is used to generate parameters (such as random numbers and keys, etc.) for the AKA algorithm;
  • the AKA algorithm execution module 103 is used to execute the AKA algorithm;
  • the S-CSCF interface module 104 is used for information interaction with the S-CSCF.
  • the first random number and the first authentication data are obtained by the information exchange between the HLR interface module 101 and the HLR.
  • the AKA algorithm parameter generating module 102 obtains the first random number and the first from the HLR interface module 101.
  • the data is authenticated, and combined or/and computed to obtain a second random number and a key required by the AKA algorithm, and the AKA algorithm execution module 103 performs AKA algorithm calculation, and the AKA algorithm execution module 103 uses the second random number.
  • the key is calculated by the AKA algorithm to obtain a calculation result (second authentication data), and the calculation result is transmitted to the S-CSCF via the S-CSCF interface module 104.
  • FIG. 11 it is a schematic structural view of a second embodiment of an authentication device (HSS) according to the present invention.
  • HSS authentication device
  • the shared encrypted data (SSD) for the CAVE algorithm is acquired at this time; the CAVE algorithm execution module 105 utilizes the shared secret data according to the shared data.
  • the CAVE algorithm performs an operation to generate first authentication data and simultaneously outputs a first random number for the CAVE operation.
  • the AKA algorithm parameter generation module 102 obtains the first random number and the first authentication from the CAVE algorithm execution module 105.
  • the data, combined or/and computed, obtains a second random number and a key required by the AKA algorithm, and is sent to the AKA algorithm execution module 102 for AKA algorithm calculation, and the AKA algorithm execution module 102 uses the second random number and the key.
  • the calculation is performed using the AKA algorithm to obtain a calculation result (second authentication data), which is transmitted to the S-CSCF via the S-CSCF interface module 104.
  • FIG. 12 it is a schematic structural diagram of an authentication device (user terminal) according to the present invention.
  • the user terminal mainly includes a subscriber identity card interface module 121, an AKA algorithm parameter generation module 122, an AKA algorithm execution module 123, and a P-CSCF interface module 124 that are sequentially connected.
  • the user identification card interface module 121 is configured to perform information interaction with the user identification card;
  • the AKA algorithm parameter generation module 122 is configured to generate parameters (eg, random numbers and keys, etc.) required by the AKA algorithm;
  • the AKA algorithm execution module 123 Used to execute the AKA algorithm;
  • the P-CSCF interface module 124 is used to Information exchange with the P-CSCF.
  • the user identification card interface module 121 performs information interaction with the user identification card to obtain a first random number and first authentication data of the CAVE algorithm; the AKA algorithm parameter generation module 122 performs the first random number and the first authentication data. Combining or/and operations, obtaining a second random number and a key required by the AKA algorithm, and performing the calculation by the AKA algorithm execution module 123, and the AKA algorithm execution module 123 calculates the second random number and the key by using the AKA algorithm. Obtaining second authentication data; the second authentication data is transmitted to the P-CSCF via the P-CSCF interface module 124.
  • the CAVE algorithm is used at the terminal side and the network side to generate authentication data; and the authentication data is used as the key to generate the quintuple authentication vector by using the AKA algorithm, or directly A plurality of authentication data is used to form a five-tuple authentication vector, thereby realizing mutual authentication between the terminal and the network.
  • This method of authentication does not require major modifications to the existing network, and can establish a good IPSEC between the access network and the IMS network, which can solve the security loopholes in the prior art; s attack.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé, un système, et un dispositif d'authentification. Le procédé consiste en ce que la troisième entité génère les deuxièmes données authentifiantes et les deuxièmes données aléatoires et transfère les deuxième données aléatoires à la deuxième entité; en ce que la deuxième entité transfère à la première entité les premières données aléatoires issues des deuxièmes données aléatoires; en ce que la première entité génère les premières données authentifiantes en fonction des premières données aléatoires et transfère à la deuxième entité les premières données authentifiantes; en ce qua la deuxième entité génère les troisièmes données authentifiantes en fonction des premières données authentifiantes et des deuxièmes données aléatoires, et transfère à la troisième entité les troisièmes données authentifiantes; et en ce qua la troisième entité détermine si l'authentification est réussie en vérifiant par comparaison si les deuxièmes données authentifiantes sont cohérentes avec les troisièmes données authentifiantes. Cette invention peut faire évoluer l'authentification de façon sûre entre le terminal utilisateur et le réseau IMS.
PCT/CN2007/000914 2006-04-29 2007-03-21 Procédé, système et dispositif d'authentification Ceased WO2007124657A1 (fr)

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
CN200610035298.5 2006-04-29
CN200610035298 2006-04-29
CN200610084992.6 2006-05-29
CNA2006100849926A CN101064606A (zh) 2006-04-29 2006-05-29 一种用于鉴权的系统、装置及方法
CN 200610091433 CN101064607A (zh) 2006-04-29 2006-06-12 一种用于鉴权的系统、装置及方法
CN200610091433.8 2006-06-12

Publications (1)

Publication Number Publication Date
WO2007124657A1 true WO2007124657A1 (fr) 2007-11-08

Family

ID=38655053

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/000914 Ceased WO2007124657A1 (fr) 2006-04-29 2007-03-21 Procédé, système et dispositif d'authentification

Country Status (1)

Country Link
WO (1) WO2007124657A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113795022A (zh) * 2021-09-14 2021-12-14 浙江海高思通信科技有限公司 公网对讲机加密通信方法及公网对讲系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5661806A (en) * 1994-03-29 1997-08-26 France Telecom Process of combined authentication of a telecommunication terminal and of a user module
WO2005120113A1 (fr) * 2004-06-04 2005-12-15 Telefonaktiebolaget L.M. Ericsson (Publ) Authentification de reseaux de communication mobile

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5661806A (en) * 1994-03-29 1997-08-26 France Telecom Process of combined authentication of a telecommunication terminal and of a user module
WO2005120113A1 (fr) * 2004-06-04 2005-12-15 Telefonaktiebolaget L.M. Ericsson (Publ) Authentification de reseaux de communication mobile

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113795022A (zh) * 2021-09-14 2021-12-14 浙江海高思通信科技有限公司 公网对讲机加密通信方法及公网对讲系统

Similar Documents

Publication Publication Date Title
CN101946536B (zh) 演进网络中的应用特定的主密钥选择
Mun et al. 3G-WLAN interworking: security analysis and new authentication and key agreement based on EAP-AKA
US8792641B2 (en) Secure wireless communication
JP3742772B2 (ja) 通信システムにおける完全性のチェック
JP5576529B2 (ja) セキュリティ保護されたセッション鍵生成
EP2033479B1 (fr) Procédé et appareil pour la protection de sécurité de l'identité d'un utilisateur d'origine dans un message de signalisation initial
CN1969580B (zh) 移动通信系统中的安全
ES2584862T3 (es) Autenticación en comunicación de datos
US9270672B2 (en) Performing a group authentication and key agreement procedure
CN100488280C (zh) 一种鉴权方法及相应的信息传递方法
KR20000011999A (ko) 무선통신시스템에서보안공유된데이터를갱신하는방법
WO2012174959A1 (fr) Procédé, système et passerelle d'authentification de groupe dans une communication entre machines
Ouaissa et al. An efficient and secure authentication and key agreement protocol of LTE mobile network for an IoT system
WO2019095990A1 (fr) Procédé et dispositif de communication
CN112333705B (zh) 一种用于5g通信网络的身份认证方法及系统
KR20090042867A (ko) 듀얼 스택 동작의 인가를 인터워킹하기 위한 방법 및 장치
KR100987899B1 (ko) 서비스 제공자로부터 수신된 챌린지에 대한 응답을 생성하기 위한 의사―비밀 키 생성 방법 및 장치
CN100407868C (zh) 一种在移动用户和应用服务器之间建立安全信道的方法
CN117499920A (zh) 一种认证方法、装置及系统
CN101192927B (zh) 基于身份保密的授权与多重认证方法
Sharma et al. Improved IP multimedia subsystem authentication mechanism for 3G-WLAN networks
WO2007041933A1 (fr) Procédé de mise à jour de clés secrètes contrôlées et appareil idoine
WO2007124657A1 (fr) Procédé, système et dispositif d'authentification
CN101160784B (zh) 一种密钥更新协商方法及装置
Gu et al. A green and secure authentication for the 4th generation mobile network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720488

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07720488

Country of ref document: EP

Kind code of ref document: A1