CN102026184B - Authentication method, authentication system and relevant device - Google Patents
Authentication method, authentication system and relevant device Download PDFInfo
- Publication number
- CN102026184B CN102026184B CN200910173440.6A CN200910173440A CN102026184B CN 102026184 B CN102026184 B CN 102026184B CN 200910173440 A CN200910173440 A CN 200910173440A CN 102026184 B CN102026184 B CN 102026184B
- Authority
- CN
- China
- Prior art keywords
- chap
- response
- authentication
- parameter
- portable terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
本发明实施例公开了一种鉴权方法及鉴权系统以及相关设备,用于提高鉴权过程的安全性。本发明实施例方法包括:移动终端根据第一CHAP-Response进行处理得到第二CHAP-Response,通过WAG将第二CHAP-Response发送至鉴权设备,鉴权设备对第二CHAP-Response与第四CHAP-Response进行比较以进行MD5认证,之后鉴权设备与移动终端各自生成AKA基础密钥,并根据该AKA基础密钥生成鉴权矢量,并进行AKA认证。本发明实施例还提供一种鉴权系统以及相关设备。本发明实施例可以有效地提高鉴权过程的安全性。
The embodiment of the invention discloses an authentication method, an authentication system and related equipment, which are used to improve the security of the authentication process. The method in the embodiment of the present invention includes: the mobile terminal processes the first CHAP-Response to obtain the second CHAP-Response, sends the second CHAP-Response to the authentication device through the WAG, and the authentication device compares the second CHAP-Response with the fourth CHAP-Response CHAP-Response is compared to perform MD5 authentication, and then the authentication device and the mobile terminal each generate an AKA basic key, and generate an authentication vector based on the AKA basic key, and perform AKA authentication. The embodiment of the present invention also provides an authentication system and related equipment. The embodiment of the present invention can effectively improve the security of the authentication process.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of method for authenticating and right discriminating system and relevant device.
Background technology
Along with development of internet technology, for guaranteeing the fail safe of data communication, communicating pair need carry out necessary authentication.
In the existing process a kind of based on information-summary (MD, Message-Digest Algorithm) 5 authentication and key agreement (AKA, Authentication and Key Agreement) roughly flow process is as follows for method for authenticating:
(1) portable terminal (MS, Mobile Subscriber) at first sends registration Register message;
(2) WLAN (wireless local area network) IAD (WAG, Wireless local area network AccessGateway) receive Register message after, initiate a challenge handshake authentication protocol (CHAP, ChallengeHandshake Authentication Protocol) random number of Random Challenge and CHAP ID send to MS by 401 Unauthorized message;
(3) after MS receives 401 Unauthorized message, mutual with subscriber identification module (UIM, UserIdentity Module) card, transmit CHAP-ID, CHAP-Challenge parameter, UIM carries out the MD5 algorithm, and the CHAP-Response that produces 128-bits returns to MS;
(4) MS produces the random number (being referred to as AKASEED) of a 64-bits, with the CHAP-Response that UIM returns, calculates and produces a CHAP-Response ':
CHAP-Response′=64MSBs?of?CHAP-Response|(64?LSBs?ofCHAP-Response^AKASEED)
Be CHAP-Response ' 128bit altogether, wherein high 64bit is identical with the high 64bit of CHAP-Response, and the low 64bit of CHAP-Response ' is the XOR result of low 64bit and the AKASEED of CHAP-Response.
Wherein: directly series connection of " | " expression, " ^ " expression step-by-step XOR.
(5) MS sends to WAG with the CHAP-Response ' that produces by Register message;
(6) WAG is to access network authentication, authentication and accounting server (AN-AAA, AccessNetwork, Authentication, Authorization, Accounting) send Access Request message, carry remote authentication dial access service (RADIUS, Remote Authentication Dial In UserService) attribute CHAP-Challenge, CHAP-Password (carrying CHAP-ID and CHAP-Response ') and and parameter such as authentication mode;
(7) AN-AAA at first according to the parameter that provides and user cipher operation MD5 algorithm, produce CHAP-Response, and whether the high 64bit of the CHAP-Response ' in the check request is correct.And low 64 bit of the CHAP-Response that produces by oneself restore the AKASEED parameter, produce the algorithm parameter of AKA then;
(8) AN-AAA operation AKA algorithm, by Radius Access Challenge message with AT_AUTN, AT_RAND, AT_MAC, IK, CK sends to WAG;
(9) WAG receives that the back sends 401 Unauthorized message, carries parameter and first IPSEC SA parameters of consulting such as AT_RAND, AT_AUTN, initiates the AKA authentication;
(10) MS produces AKA_KEY according to same algorithm, and according to AT_RAND calculation of parameter AKA authentication vector, sends the register message of carrying AKA Authentication Response XRES.Carry the IPSEC SA parameter at two ends simultaneously;
(11) WAG sends Access Request message to AN-AAA, carries above-mentioned Authentication Response value XRES;
(12) AN-AAA sends Access Accept message to WAG, the indication authentication success.
(13) WAG returns 200OK message to MS.Follow-up SIP signaling will use the IPSEC SA that new success is set up between MS and WAG to protect, and IK and CK are respectively as integrality and encryption key.
But, there are following problems in the above-mentioned prior art:
In the above-mentioned prior art, AN-AAA is after the request that receives the WAG transmission, whether the high 64bit of the CHAP-Response ' in the check request is correct, that is to say that AN-AAA can only finish the comparison to the high 64bit of CHAP-Response ', before obtaining AKASEED, can not finish the comparison to the low 64-bit of CHAP-Response ', thereby can not really finish the MD5 authentication;
Secondly, owing to be used for calculating the Key material of the foundation key of AKA authentication, it is that high 64bit by the AKASEED of 64bit and CHAP-Response ' is composed in series.And owing to Register message in (5) step is expressly to transmit, so the assailant also can obtain the high 64bit of correct CHAP-Response '.So in fact, Key material has only the level of security of 64bit key length (being the length of AKASEED), does not really reach the requirement of level of security of the 128bit key length of AKA authentication.
Summary of the invention
The embodiment of the invention provides a kind of method for authenticating and right discriminating system and relevant device, can improve the fail safe based on the AKA authentication process of MD5.
The method for authenticating that the embodiment of the invention provides, comprise: portable terminal is handled according to first challenge handshake authentication protocol response CHAP-Response and is obtained the 2nd CHAP-Response, and a described CHAP-Response is generated by subscriber identification module operation MD5 algorithm; Portable terminal is sent to authentication device by WLAN (wireless local area network) IAD WAG with described the 2nd CHAP-Response; Authentication device compares to carry out md5 authentication to described the 2nd CHAP-Response and the 4th CHAP-Response, described the 4th CHAP-Response is handled according to the 3rd CHAP-Response by described authentication device and obtains, and described the 3rd CHAP-Response is generated by described authentication device operation MD5 algorithm; Authentication device generates the 2nd AKA foundation key according to described the 3rd CHAP-Response, generates authentication parameter according to described the 2nd AKA foundation key, and the random parameter RAND in the described authentication parameter and parameters for authentication AUTN are sent to portable terminal by WAG; Portable terminal authenticates according to the network side of described AUTN, and portable terminal calculates authentication result RES according to described RAND and an AKA foundation key, and a described AKA foundation key is obtained according to a described CHAP-Response by described portable terminal; Portable terminal is sent to authentication device by WAG with described RES; Authentication device compares to carry out the AKA authentication to the expectation authentication result XRES in described RES and the described authentication parameter.
The right discriminating system that the embodiment of the invention provides comprises: subscriber identification module, portable terminal, authentication device, and WLAN (wireless local area network) IAD WAG; Described subscriber identification module is used for operation MD5 algorithm and generates first challenge handshake authentication protocol response CHAP-Response, and a described CHAP-Response is sent to portable terminal; Described portable terminal obtains the 2nd CHAP-Response for handling according to a described CHAP-Response, by WAG described the 2nd CHAP-Response is sent to authentication device; Described authentication device is used for operation MD5 algorithm and generates the 3rd CHAP-Response, handle according to the 3rd CHAP-Response and to obtain the 4th CHAP-Response, the 2nd CHAP-Response and the 4th CHAP-Response are compared to carry out md5 authentication, generate the 2nd AKA foundation key according to described the 3rd CHAP-Response, generate authentication parameter according to described the 2nd AKA foundation key, the random parameter RAND in the described authentication parameter and parameters for authentication AUTN are sent to portable terminal by WAG; Described portable terminal also is used for authenticating according to the network side of described AUTN, calculate authentication result RES according to described RAND and an AKA foundation key, a described AKA foundation key is obtained according to a described CHAP-Response by described portable terminal, by WAG described RES is sent to authentication device; Described authentication device also is used for the expectation authentication result XRES of described RES and described authentication parameter is compared to carry out the AKA authentication.
The portable terminal that the embodiment of the invention provides comprises: first receiving element is used for receiving first challenge handshake authentication protocol response CHAP-Response that subscriber identification module sends; First generation unit obtains the 2nd CHAP-Response for handling according to a described CHAP-Response; Second generation unit obtains an AKA foundation key for handling according to a described CHAP-Response; First transmitting element is used for by WLAN (wireless local area network) IAD WAG described the 2nd CHAP-Response being sent to authentication device.
The authentication device that the embodiment of the invention provides comprises: the 3rd generates the unit, is used for operation MD5 algorithm and generates the 3rd challenge handshake authentication protocol response CHAP-Response, handles obtaining the 4th CHAP-Response according to the 3rd CHAP-Response; Second authentication ' unit is used for the 2nd CHAP-Response and the 4th CHAP-Response are compared to carry out md5 authentication; The 4th generation unit is used for generating the 2nd AKA foundation key according to described the 3rd CHAP-Response when the described second authentication ' unit authentication is passed through; Second parameter generating unit is used for generating authentication parameter according to described the 2nd AKA foundation key; The 3rd transmitting element is used for random parameter RAND and the parameters for authentication AUTN of described authentication parameter are sent to portable terminal by WAG.
As can be seen from the above technical solutions, the embodiment of the invention has the following advantages:
In the present embodiment, authentication device can carry out the comparison of whole 128bit length to the 2nd CHAP-Response of MS transmission and the 4th CHAP-Response that self generates, and be not only the high 64bit of verification, therefore can realize the authentication of real 128bit key length level of security;
Secondly, in the present embodiment, MS can realize the AKA authentication of the network side of MS by the AUTN parameter that authentication device sends, authentication device can realize that network side is to the AKA authentication of MS by RES parameter and XRES parameter, therefore can realize the two-way authentication of AKA, improve the fail safe based on the AKA authentication process of MD5.
Description of drawings
Fig. 1 is embodiment schematic diagram of method for authenticating in the embodiment of the invention;
Fig. 2 is another embodiment schematic diagram of method for authenticating in the embodiment of the invention;
Fig. 3 is another embodiment schematic diagram of method for authenticating in the embodiment of the invention;
Fig. 4 is another embodiment schematic diagram of method for authenticating in the embodiment of the invention;
Fig. 5 is right discriminating system embodiment schematic diagram in the embodiment of the invention;
Fig. 6 is embodiment schematic diagram of portable terminal in the embodiment of the invention;
Fig. 7 is another embodiment schematic diagram of portable terminal in the embodiment of the invention;
Fig. 8 is embodiment schematic diagram of authentication device in the embodiment of the invention;
Fig. 9 is another embodiment schematic diagram of authentication device in the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of method for authenticating and right discriminating system and relevant device, is used for improving the fail safe based on the AKA authentication process of MD5.
See also Fig. 1, embodiment of method for authenticating comprises in the embodiment of the invention:
101, portable terminal is handled according to a CHAP-Response and is obtained the 2nd CHAP-Response;
In the present embodiment, when the AKA authentication process that carries out based on MD5, portable terminal can be according to get access to a CHAP-Response from UIM, and portable terminal can be handled according to a CHAP-Response and obtain the 2nd CHAP-Response, and concrete processing procedure will be described in detail in subsequent embodiment.
Need to prove that UIM operation MD5 algorithm can generate a CHAP-Response.
102, portable terminal is sent to authentication device by WAG with the 2nd CHAP-Response;
103, authentication device compares to carry out md5 authentication to the 2nd CHAP-Response and the 4th CHAP-Response;
In the present embodiment, authentication device can move the MD5 algorithm identical with UIM and generate the 3rd CHAP-Response after receiving the 2nd CHAP-Response, and the 3rd CHAP-Response handled obtains the 4th CHAP-Response.
Authentication device can compare to carry out md5 authentication by turn to the 2nd CHAP-Response and the 4th CHAP-Response after obtaining the 4th CHAP-Response.
104, authentication device generates the 2nd AKA foundation key according to the 3rd CHAP-Response;
After authentication device passes through md5 authentication, can generate the 2nd AKA foundation key according to the 3rd CHAP-Response that generates in the abovementioned steps 103, concrete generative process will be described in detail in subsequent embodiment.
105, authentication device generates authentication parameter according to the 2nd AKA foundation key, and the random parameter RAND in the authentication parameter and parameters for authentication AUTN are sent to portable terminal by WAG;
Authentication device can generate authentication parameter according to the 2nd AKA foundation key, and the RAND in the authentication parameter and AUTN are sent to portable terminal by WAG after having generated the 2nd AKA foundation key.
106, portable terminal authenticates according to the network side of AUTN;
107, portable terminal calculates authentication result RES according to RAND and an AKA foundation key;
In the present embodiment, when portable terminal after the authentication of network side is passed through according to AUTN, then can calculate RES according to the RAND that receives before and an AKA foundation key.
Need to prove, the one AKA foundation key is calculated according to a CHAP-Response by portable terminal, can after getting access to a CHAP-Response, just calculate at once portable terminal, also can just calculate after portable terminal is received 401 message that WAG sends for the second time, detailed process will be described in detail in subsequent embodiment.
108, portable terminal is sent to authentication device by WAG with RES;
109, authentication device compares to carry out the AKA authentication to the expectation authentication result XRES in RES and the authentication parameter.
In the present embodiment, authentication device receives after the RES that portable terminal sends, and the XRES in the authentication parameter that this RES is generated in the step 105 compares, to carry out the AKA authentication.
In the present embodiment, authentication device can compare the 2nd CHAP-Response of MS transmission and the 4th CHAP-Response that self generates, and is not only the high 64bit of verification, therefore can realize the MD5 authentication of real 128bit;
Again, in the present embodiment, MS can realize the AKA authentication of the network side of MS by the AUTN parameter that authentication device sends, authentication device can realize that network side is to the AKA authentication of MS by RES parameter and XRES parameter, therefore can realize the two-way authentication of AKA, improve the fail safe based on the AKA authentication process of MD5.
For ease of understanding, below the method for authenticating in the embodiment of the invention is described in detail:
See also Fig. 2, another embodiment of the method for authenticating in the embodiment of the invention comprises:
201, MS sends the registration request to WAG;
In the present embodiment, can carry the international mobile subscriber identity (IMSI, International Mobile Subscriber Identity) of this MS in the registration request (Register) that MS sends to WAG.
Need to prove; can also carry the IPSEC SA parameter (for example comprising that MS supports which cryptographic algorithm and protection algorithm integrallty) that MS supports in this registration request; and the expression authentication type is the authentication type parameter X-CT-Security of " based on the AKA authentication mode of MD5 "; but in actual applications; this IPSEC SA parameter and authentication type parameter can not carried in this step yet; and in subsequent step, carry, concrete mode does not limit herein.
202, WAG sends 401 challenge message to MS;
In the present embodiment, WAG receives after the registration request of MS transmission, then sends 401 challenge message (401Unauthorized) to MS, carries the MS identification parameter in this 401 challenge message, CHAP sign and CHAP challenge parameter (CHAP-Challenge).
Comprise the random number WAG-RAND that length is 128bit that WAG produces in this CHAP challenge parameter, the CHAP sign is the identification parameter that MD5 calculates that is used for of WAG generation.
Need to prove, if carry IPSECSA parameter and authentication type parameter that MS supports in the registration request in step 201, then in this step, WAG also needs to select MS and the common IPSEC SA parameter of supporting of WAG according to the IPSEC SA parameter of the IPSEC SA parameter of WAG self support and MS support, and in this 401 challenge message, carry the IPSEC SA parameter that MS supports, and the IPSEC SA parameter of WAG support, perhaps carry IPSEC SA parameter and the MS of WAG selection and the IPSEC SA parameter of the common support of WAG that MS supports.
203, MS sends the order of operation MD5 algorithm to UIM;
In the present embodiment, MS receives after 401 challenge message of WAG transmission, can from this 401 challenge message, extract CHAP sign and CHAP challenge parameter, and send the order of operation MD5 algorithm to UIM, wherein carry CHAP sign and CHAP challenge parameter.
Need to prove, if also carry the IPSEC SA parameter of MS support and the IPSEC SA parameter that WAG supports in this 401 challenge message, perhaps carry IPSEC SA parameter and MS and the common IPSEC SA parameter of supporting of WAG that MS supports, then MS judges at first whether the IPSEC SA parameter of the MS support of carrying in this 401 challenge message is consistent with the IPSEC SA parameter that the local MS that preserves of MS supports, if consistent, then determine not exist degradation attack.
Determine not exist after the degradation attack, if what carry in 401 challenge message is the IPSECSA parameter of MS support and the IPSEC SA parameter of WAG support, then MS selects MS and the WAG IPSEC SA parameter of support jointly according to the IPSEC SA parameter of MS support and the IPSEC SA parameter of WAG support;
If what carry in 401 challenge message is IPSEC SA parameter and the MS of WAG selection and the IPSEC SA parameter of the common support of WAG that MS supports, then MS can directly use this MS and the common IPSEC SA parameter of supporting of WAG.
204, UIM sends response message to MS;
When UIM receives the order of operation MD5 algorithm from MS after, can be according to the CHAP sign of wherein carrying, CHAP challenge parameter and shared cryptographic calculations obtain a CHAP-Response, and a CHAP-Response is sent to MS, comprise the authenticating result that the MD5 authentication arithmetic obtains among the one CHAP-Response, length is 128bit.
Need to prove, the password of shared password in the present embodiment between authentication device and UIM, appointing in advance, this password be used for to be carried out the MD5 algorithm, and the concrete numerical value of this password does not limit herein, as long as make that the shared password on the authentication device is identical with shared password on the UIM.
205, MS generates the 2nd CHAP-Response and an AKA foundation key;
In the present embodiment, MS receives after the CHAP-Response of UIM transmission, can calculate the 2nd CHAP-Response, and concrete computational process can be identical with computational process known in those skilled in the art.
In the present embodiment, calculate the 2nd CHAP-Response by CHAP-Response and specifically can adopt irreversible unidirectional derivation algorithm, for example one-way hash function algorithm, or other similar unidirectional derivation algorithms does not specifically limit herein.
I.e. the 2nd CHAP-Response=HASH (CHAP-Response).
In the present embodiment, MS receives after the CHAP-Response that UIM sends, and can also calculate an AKA foundation key, for example, concrete account form can for:
(1) calculate temporary key according to a CHAP-Response:
Temporary key Key_material=SHA256 (CHAP-Response|128bit " 0 ", " AKAv1-MD5 ").
Wherein, SHA256 is a kind of key derivation algorithm, the result who obtains is the temporary key Key_material of 256bit, in the present embodiment, obtain the temporary key of 256bit after namely a CHAP-Response being connected with 128bit " 0 " according to the SHA256 algorithm, need to prove, " 0 " of 128bit can be replaced with the CHAP challenge parameter that in step 202, receives from WAG equally, can also adopt other mode to obtain temporary key according to a CHAP-Response equally, specifically not limit herein.
(2) intercepting 128bit obtains an AKA foundation key from temporary key.
After calculating temporary key, can obtain an AKA foundation key in the following manner:
The one AKA foundation key AKA-Key=Trunc128 (Key_material)
Wherein, Trunc128 is a kind of intercepting algorithm, and the high 128bit of intercepting or low 128bit namely obtain an AKA foundation key from temporary key, need to prove, can adopt other mode from temporary key, to intercept 128bit as an AKA foundation key equally, specifically not limit herein.
Need to prove, the above-mentioned process of calculating an AKA foundation key according to a CHAP-Response only is a kind of implementation in the present embodiment, be understandable that, in actual applications, can take more mode to calculate an AKA foundation key according to a CHAP-Response equally.
206, MS sends the registration request to WAG again;
In the present embodiment, carry the 2nd CHAP-Response that MS obtains in the step 205 in this registration request.
Need to prove, in the present embodiment, if MS does not send IPSEC SA parameter and the authentication type parameter that MS supports to WAG in step 201, then MS can be in this step 206 sends IPSEC SA parameter and the authentication type parameter that MS supports to WAG, and concrete content is identical with content in the step 201.
207, WAG sends to AN-AAA and inserts request message;
In the present embodiment, WAG receives after the registration request of MS transmission, send the request of inserting (Access request) to AN-AAA, wherein carry the MS sign, CHAP challenge parameter and CHAP cryptographic parameter, the 2nd CHAP-Response that comprises the CHAP sign in this CHAP cryptographic parameter and in step 206, get access to.
Need to prove, carry the information of expression expression " based on the AKA authentication of MD5 " in the telecommunications algorithm types parameter (Tel-Algorithm-Type) in this access request message, carry out AKA authentication based on MD5 with the MS of indication AN-AAA.
208, AN-AAA carries out the MD5 authentication, generates the 2nd AKA foundation key and authentication parameter;
In the present embodiment, after AN-AAA receives the access request of WAG transmission, the operation MD5 algorithm identical with UIM at first, according to inserting the CHAP challenge parameter that comprises in the request, the CHAP in the CHAP cryptographic parameter identifies and shares cryptographic calculations the 3rd CHAP-Response.
Afterwards, obtain the 4th CHAP-Response according to the same processing mode of MS the 3rd CHAP-Response being handled, namely carry out the one-way hash function algorithm process, or other unidirectional derivation algorithm:
The 4th CHAP-Response=HASH (the 3rd CHAP-Response).
AN-AAA obtains after the 4th CHAP-Response, can carry out by turn comparison to carry out the MD5 authentication to inserting the 2nd CHAP-Response in the request and the 4th CHAP-Response.
When AN-AAA determined that the 2nd CHAP-Response is consistent with the 4th CHAP-Response, then definite MD5 authentication was passed through, and then can continue to calculate the 2nd AKA foundation key according to the 3rd CHAP-Response.
Need to prove that MS is consistent according to the process that a CHAP-Response calculates an AKA foundation key in the process that AN-AAA calculates the 2nd AKA foundation key in the present embodiment according to the 3rd CHAP-Response and the abovementioned steps 205, repeats no more herein.
After AN-AAA calculates the 2nd AKA foundation key; can be according to the 2nd AKA foundation key compute authentication parameter; authentication parameter can comprise: integrity protection key parameter IK; encryption key parameters CK; expectation authentication result XRES; authentication parameter AUTN and random parameter RAND, specifically the generative process of each parameter can for:
AN-AAA generates the random parameter RAND that length is 128bit, and the sequence number SQN that to generate a length be 6 bytes;
AN-AAA all is set to 0 with 16 bit of authentication management territory (Authentication Management Field) parameter A MF;
Calculating authenticate key (Authentication Key) parameter A K=f5 (AKA-Key, RAND);
Calculating message authentication code (Message Authentication Code) parameter MAC=f1 (AKA-KEY, RAND, SQN, AMF);
Calculation expectation authentication result XRES=f2 (AKA-KEY, RAND);
Calculation of integrity protection key parameter IK=f4 (AKA-KEY, RAND);
Calculating encryption key parameters CK=f3 (AKA-KEY, RAND);
Calculate parameters for authentication
Wherein function f 1~f5 is the algorithm of definition among the 3GPP standard TS 33.102, specifically repeats no more herein.
209, AN-AAA sends to WAG and inserts challenge message;
In the present embodiment, after AN calculates authentication parameter, can send to WAG and insert challenge message Access Challenge, wherein include RAND, AUTN, IK and CK.
210, WAG sends 401 challenge message to MS;
After WAG receives the access challenge message of AN-AAA transmission, preserve wherein IK and CK, and send 401 challenge message to MS, in this 401 challenge message, include RAND and AUTN.
Need to prove, in the present embodiment, if just receive IPSEC SA parameter and authentication type parameter that MS supports in the WAG step 206, then WAG can carry out the selection of IPSEC SA parameter equally, detailed process is consistent with the described process of step 202, and in this step 210, carry the IPSEC SA parameter that MS supports, and the IPSEC SA parameter of WAG support, IPSEC SA parameter and the MS of WAG selection and the IPSEC SA parameter that WAG supports jointly that MS supports perhaps carried.
211, MS compute authentication parameter and network side authenticated;
In the present embodiment, after MS receives 401 challenge message that WAG sends, can authenticate according to the network side of AUTN wherein, concrete verification process can for:
Calculating authenticate key AK=f5 (AKA-Key, RAND);
From parameters for authentication AUTN, propose respectively
AMF and MAC, and calculate sequence number
Judge SQN in suitable scope, SQNMS<SQN<SQNMS+L (constant) for example, wherein SQNMS is that MS goes up the sequence number of preserving, and is used for preventing Replay Attack.
And renewal SQNMS=SQN.
(SQN AMF), and judges whether this MAC that calculates is consistent with the MAC among the AUTN for AKA-KEY, RAND, if consistent, determine to authenticate and passes through, and has namely finished the AKA authentication of the network side of MS to calculate message authentication code MAC=f1.
After the success of the network side authentication of MS, MS can the compute authentication parameter, specifically comprises authentication result RES, IK and CK, concrete computational process can for:
Calculating authentication result RES=f2 (AKA-KEY, RAND);
Calculation of integrity protection key parameter IK=f4 (AKA-KEY, RAND);
Calculating encryption key parameters CK=f3 (AKA-KEY, RAND)
Wherein function f 1~f5 is the algorithm of definition among the 3GPP standard TS 33.102, specifically repeats no more herein.
Need to prove, in the present embodiment, if MS just receives the IPSEC SA parameter of carrying the MS support that WAG sends in step 210, and the response message of the IPSEC SA parameter of WAG support, perhaps carry IPSEC SA parameter and the MS of WAG selection and the message of the common IPSEC SA parameter of supporting of WAG that MS supports, then MS can carry out corresponding IPSEC in this step 211
SA parameter selection course, detailed process is consistent with the process of execution in the abovementioned steps 203.
212, MS sends the registration request to WAG;
MS sends the registration request to WAG again after calculating authentication parameter, include the RES that calculates in IMSI and the step 211 in this registration request.
213, WAG sends to AN-AAA and inserts request message;
WAG sends the access request message to AN-AAA after the registration request that receives the MS transmission, carry the RES that MS calculates in this access request message.
214, the MS of AN-AAA authenticates;
AN-AAA receives after the access request message that WAG sends, and from wherein extracting RES, and this RES and the XRES that calculates in step 208 is compared, if consistent, determines that then network side is to the AKA authentication success of MS.
215, AN-AAA sends to WAG and accepts message;
After the MS authentication success of AN-AAA, then can send to WAG and accept message Access Accept.
216, WAG sends authentication success message 200OK to MS;
217, set up the IPSEC tunnel between WAG and the MS.
In the present embodiment, WAG and MS have set up after the IPSEC tunnel, then for the message between follow-up MS and the WAG, WAG can use the IK and the CK that preserve in step 210 to carry out safe handling, and MS can use the IK and the CK that calculate in step 211 to carry out safe handling.
In the present embodiment, authentication device can compare the 2nd CHAP-Response of MS transmission and the 4th CHAP-Response that self generates, and is not only the high 64bit of verification, therefore can realize the MD5 authentication of real 128bit;
Secondly, in the present embodiment, MS generates an AKA foundation key according to a CHAP-Response, authentication device generates the 2nd AKA foundation key according to the 3rd CHAP-Response, and that plaintext transmission is the 2nd CHAP-Response, the 2nd CHAP-Response is obtained according to unidirectional derivation algorithm process by a CHAP-Response, the assailant can't be according to the anti-CHAP-Response that pushes back of the 2nd CHAP-Response, so also just can't know an AKA foundation key, therefore need not to worry the Register message of plaintext transmission to the influence of AKA foundation key, thereby can really reach the AKA authentication to the security level required of key length;
Again, in the present embodiment, MS can realize the AKA authentication of the network side of MS by the AUTN parameter that authentication device sends, authentication device can realize that network side is to the AKA authentication of MS by RES parameter and XRES parameter, therefore can realize the two-way authentication of AKA, improve the fail safe based on the AKA authentication process of MD5;
Further, in the present embodiment, MS can consult IPSEC SA parameter with WAG, therefore can be so that the Uw interface between MS and the WAG can access the protection of IPSEC, thus improve security of system;
Further again, the function of the UIM in the present embodiment and attaching position register (HLR, Home LocationRegister) does not change, and just adjusted MS, the function of WAG and AN-AAA, thus change to key network element in the network can be reduced, reduce network rebuilding cost.
In above-described embodiment, MS is in step 205, a CHAP-Response who gets access to the UIM transmission namely calculates an AKA foundation key according to a CHAP-Response afterwards, be understandable that, in actual applications, MS can also calculate an AKA foundation key according to a CHAP-Response other opportunitys in this flow process, describes with an instantiation below, see also Fig. 3, another embodiment of method for authenticating comprises in the embodiment of the invention:
301~304, with aforementioned embodiment shown in Figure 2 in step 201 to 204 identical, repeat no more herein;
305, MS generates the 2nd CHAP-Response;
In the present embodiment, MS is after a CHAP-Response who receives the UIM transmission, handle to obtain the 2nd CHAP-Response according to a CHAP-Response, the processing procedure of describing among concrete processing procedure and the aforementioned embodiment shown in Figure 2 is similar, repeats no more herein.
In the present embodiment, MS only handles according to a CHAP-Response in this step and obtains the 2nd CHAP-Response, and can't calculate an AKA foundation key in this step.
306~310, with aforementioned embodiment shown in Figure 2 in step 206 to 210 identical, repeat no more herein;
311, network side is authenticated;
In the present embodiment, after MS receives 401 challenge message of WAG transmission, can authenticate according to wherein the network side of AUTN, the verification process among concrete verification process and the aforementioned embodiment shown in Figure 2 described in the step 211 is consistent, repeats no more herein.
312, calculate the 2nd AKA foundation key and authentication parameter;
In the present embodiment, after the network side authentication of MS is passed through, just can calculate an AKA foundation key according to a CHAP-Response, and according to an AKA foundation key compute authentication parameter.
Calculating the 2nd AKA foundation key in addition also can occur between step 310 and the step 311.Namely receive after 401 message, before network side is authenticated.
In the present embodiment, the process of calculating an AKA foundation key and compute authentication parameter is all consistent with the process described among the aforementioned embodiment shown in Figure 2, repeats no more herein.
313~318, with aforementioned embodiment shown in Figure 2 in step 212 to 217 identical, repeat no more herein.
In the present embodiment, authentication device can compare the 2nd CHAP-Response of MS transmission and the 4th CHAP-Response that self generates, and is not only the high 64bit of verification, therefore can realize the MD5 authentication of real 128bit;
Secondly, in the present embodiment, MS generates an AKA foundation key according to a CHAP-Response, authentication device generates the 2nd AKA foundation key according to the 3rd CHAP-Response, and that plaintext transmission is the 2nd CHAP-Response, the 2nd CHAP-Response is obtained according to unidirectional derivation algorithm process by a CHAP-Response, the assailant can't be according to the anti-CHAP-Response that pushes back of the 2nd CHAP-Response, so also just can't know an AKA foundation key, therefore need not to worry the Register message of plaintext transmission to the influence of AKA foundation key, thereby can really reach the AKA authentication to the security level required of key length;
Again, in the present embodiment, MS can realize the AKA authentication of the network side of MS by the AUTN parameter that authentication device sends, authentication device can realize that network side is to the AKA authentication of MS by RES parameter and XRES parameter, therefore can realize the two-way authentication of AKA, improve the fail safe based on the AKA authentication process of MD5;
Further, in the present embodiment, MS can consult IPSEC SA parameter with WAG, therefore can be so that the Uw interface between MS and the WAG can access the protection of IPSEC, thus improve security of system;
Further again, the UIM in the present embodiment and the function of HLR do not change, and have just adjusted MS, the function of WAG and AN-AAA, thus can reduce change to key network element in the network, reduce network rebuilding cost;
At last, in the present embodiment, MS just can calculate an AKA foundation key according to a CHAP-Response after network side authentication is passed through according to AUTN, therefore make that an AKA foundation key that calculates can both effectively be utilized, thereby improve the treatment effeciency of MS.
All describe as the example of authentication device with AN-AAA among aforesaid two embodiment, be understandable that, if transformation does not have too much restriction to network element in actual applications, then this authentication device also can be HLR, then this moment, AN-AAA only played transparent transmission, specifically see also Fig. 4, another embodiment of method for authenticating comprises in the embodiment of the invention:
411~417, with aforementioned embodiment shown in Figure 3 in step 301 to 307 identical, repeat no more herein;
418, AN-AAA sends a request message to HLR;
In the present embodiment, AN-AAA receives after the access request message of WAG transmission, and the content in this access request message is forwarded to HLR, perhaps directly should insert request message and be forwarded to HLR.
Include the MS sign in this access request message, CHAP challenge parameter and CHAP cryptographic parameter comprise CHAP sign and the 2nd CHAP-Response in this CHAP cryptographic parameter.
419, HLR carries out the MD5 authentication, generates the 2nd AKA foundation key and authentication parameter;
In the present embodiment, HLR can carry out the MD5 authentication according to the message that AN-AAA transmits, and generating the 2nd AKA foundation key and authentication parameter, concrete process is identical with step 308 among the aforementioned embodiment shown in Figure 3, only is that executive agent is changed to HLR by AN-AAA.
420, HLR sends response message to AN-AAA;
In the present embodiment, HLR carries RAND, AUTN, IK and CK in the response message of AN-AAA transmission.
421~426, with aforementioned embodiment shown in Figure 3 in step 309 to 314 identical, repeat no more herein;
427, AN-AAA sends a request message to HLR;
In the present embodiment, AN-AAA receives after the access request message of WAG transmission, and the content in this access request message is forwarded to HLR, perhaps directly should insert request message and be forwarded to HLR.
Comprise the IMSI of MS and the RES that MS calculates in this access request message.
428, the MS of HLR authenticates;
In the present embodiment, the detailed process that the MS of HLR authenticates is identical with step 315 among the aforementioned embodiment shown in Figure 3, only is that executive agent is changed to HLR by AN-AAA.
429, HLR sends response message to AN-AAA;
In the present embodiment, the response message indication authentication success that HLR sends to AN-AAA.
430~432, with aforementioned embodiment shown in Figure 3 in step 316 to 318 identical, repeat no more herein.
In the present embodiment, authentication device can compare the 2nd CHAP-Response of MS transmission and the 4th CHAP-Response that self generates, and is not only the high 64bit of verification, therefore can realize the MD5 authentication of real 128bit;
Secondly, in the present embodiment, MS generates an AKA foundation key according to a CHAP-Response, authentication device generates the 2nd AKA foundation key according to the 3rd CHAP-Response, and that plaintext transmission is the 2nd CHAP-Response, the 2nd CHAP-Response is handled by a CHAP-Response and obtains, the assailant can't be according to the anti-CHAP-Response that pushes back of the 2nd CHAP-Response, so also just can't know an AKA foundation key, therefore need not to worry the Register message of plaintext transmission to the influence of AKA foundation key, thereby can really reach the AKA authentication to the security level required of key length;
Again, in the present embodiment, MS can realize the AKA authentication of the network side of MS by the AUTN parameter that authentication device sends, authentication device can realize that network side is to the AKA authentication of MS by RES parameter and XRES parameter, therefore can realize the two-way authentication of AKA, improve the fail safe based on the AKA authentication process of MD5;
Further, in the present embodiment, MS can consult IPSEC SA parameter with WAG, therefore can be so that the Uw interface between MS and the WAG can access the protection of IPSEC, thus improve security of system;
Further again, in the present embodiment, MS just can calculate an AKA foundation key according to a CHAP-Response after network side authentication is passed through according to AUTN, therefore make that an AKA foundation key that calculates can both effectively be utilized, thereby improve the treatment effeciency of MS.
Below the right discriminating system embodiment in the embodiment of the invention is described, sees also Fig. 5, the right discriminating system embodiment in the embodiment of the invention comprises:
In the present embodiment, portable terminal 502 is handled the process that obtains the 2nd CHAP-Response according to a CHAP-Response consistent to the processing procedure among the embodiment shown in Figure 4 with earlier figures 2, repeats no more herein.
In the present embodiment, authentication device 504 generates the process of the 3rd CHAP-Response, and handle the process that obtains the 4th CHAP-Response according to the 3rd CHAP-Response, and the process of carrying out md5 authentication, and the process that generates the 2nd AKA foundation key according to the 3rd CHAP-Response, and the process that generates authentication parameter according to the 2nd AKA foundation key is all consistent with the process that earlier figures 2 is described to the embodiment shown in Figure 4, repeats no more herein.
In the present embodiment, portable terminal 502 generates the process of an AKA foundation key according to a CHAP-Response, and the process that authenticates according to the network side of AUTN is all consistent with the process that earlier figures 2 is described to the embodiment shown in Figure 4, repeats no more herein.
In the present embodiment, portable terminal 502 also is used for sending registration message to WLAN (wireless local area network) IAD 503, comprises the Internet protocol security IPSEC security alliance SA parameter that portable terminal 502 is supported in the registration message;
WLAN (wireless local area network) IAD 503 also is used for choosing according to the IPSEC SA parameter of the IPSEC SA parameter of portable terminal 502 supports and 503 supports of WLAN (wireless local area network) IAD the IPSEC SA parameter of common support, send 401 challenge message to portable terminal 502, carry the IPSEC SA parameter that portable terminal 502 is supported in 401 challenge message, the IPSEC SA parameter that WLAN (wireless local area network) IAD 503 is supported;
When the IPSEC SA parameter that the portable terminal 502 that portable terminal 502 also carries for inspection 401 challenge message is supported and the IPSEC SA parameter of the local portable terminal of preserving 502 supports were consistent, then the IPSEC SA parameter of supporting according to IPSEC SA parameter and the portable terminal 502 of 503 supports of WLAN (wireless local area network) IAD was chosen the IPSEC SA parameter of common support.
In the present embodiment, WLAN (wireless local area network) IAD 503 sends to also can carry IPSEC SA parameter and the portable terminal 502 and the WLAN (wireless local area network) IAD 503 common IPSEC SA parameters of supporting that portable terminal 502 is supported in 401 challenge message of portable terminal 502.
In the present embodiment, authentication device 504 can compare the 2nd CHAP-Response of portable terminal 502 transmissions and the 4th CHAP-Response that self generates, and is not only the high 64bit of verification, therefore can realize the MD5 authentication of real 128bit;
Secondly, in the present embodiment, portable terminal 502 generates an AKA foundation key according to a CHAP-Response, authentication device 504 generates the 2nd AKA foundation key according to the 3rd CHAP-Response, and that plaintext transmission is the 2nd CHAP-Response, the 2nd CHAP-Response is handled by a CHAP-Response and obtains, the assailant can't be according to the anti-CHAP-Response that pushes back of the 2nd CHAP-Response, so also just can't know an AKA foundation key, therefore need not to worry the Register message of plaintext transmission to the influence of AKA foundation key, thereby can really reach the AKA authentication to the security level required of key length;
Again, in the present embodiment, portable terminal 502 can be realized the AKA authentication of 502 pairs of network sides of portable terminal by the AUTN parameter that authentication device 504 sends, authentication device 504 can realize that network side is to the AKA authentication of portable terminal 502 by RES parameter and XRES parameter, therefore can realize the two-way authentication of AKA, improve the fail safe based on the AKA authentication process of MD5.
Introduce the portable terminal embodiment in the embodiment of the invention below, see also Fig. 6, embodiment of portable terminal comprises in the embodiment of the invention:
First receiving element 601 is used for receiving first challenge handshake authentication protocol response CHAP-Response that subscriber identification module sends;
First transmitting element 604 is used for by WLAN (wireless local area network) IAD WAG the 2nd CHAP-Response being sent to authentication device.
For ease of understanding, describe with an instantiation below, see also Fig. 7, another embodiment of the portable terminal in the embodiment of the invention comprises:
First receiving element 701 is used for receiving first challenge handshake authentication protocol response CHAP-Response that subscriber identification module sends;
In the present embodiment, first generation unit 702 is handled the process of describing among the process that obtains the 2nd CHAP-Response and the aforementioned embodiment shown in Figure 2 according to a CHAP-Response consistent, repeats no more herein.
In the present embodiment, second generation unit 703 is handled the process of describing among the process that obtains an AKA foundation key and the aforementioned embodiment shown in Figure 2 according to a CHAP-Response consistent, repeats no more herein.
First transmitting element 704 is used for by WAG the 2nd CHAP-Response being sent to authentication device;
Second receiving element 705 is used for receiving random parameter RAND and the parameters for authentication AUTN that authentication device sends;
First authentication ' unit 706 is used for authenticating according to the network side of AUTN;
First parameter generating unit 707 is used for calculating authentication result RES according to RAND and an AKA foundation key after 706 pairs of network side authentications of first authentication ' unit are passed through;
In the present embodiment, the process of describing among the process that first parameter generating unit 707 is calculated authentication result RES and the aforementioned embodiment shown in Figure 2 is consistent, repeats no more herein.
Second transmitting element 708 is used for by WAG RES being sent to authentication device.
Portable terminal embodiment in the present embodiment can further include:
The security parameter transmitting element is used for sending registration message to WAG, comprises the Internet protocol security IPSEC security alliance SA parameter that portable terminal is supported in the registration message;
The security parameter selected cell, be used for receiving 401 challenge message that WAG sends, when carrying the IPSEC SA parameter of common support in 401 challenge message, preserve this common IPSEC SA parameter of supporting, when carrying the IPSEC SA parameter that IPSEC SA parameter that portable terminal supports and WAG support in 401 challenge message, if check that the IPSEC SA parameter that IPSEC SA parameter that the portable terminal that carries in 401 challenge message supports and the local portable terminal of preserving support is consistent, then choose the IPSEC SA parameter of common support according to the IPSEC SA parameter of the IPSEC SA parameter of WAG support and portable terminal support.
In the present embodiment, second generation unit 703 generates an AKA foundation key according to a CHAP-Response, and that plaintext transmission is the 2nd CHAP-Response, the 2nd CHAP-Response is handled by 702 couples of CHAP-Response of first generation unit and obtains, the assailant can't be according to the anti-CHAP-Response that pushes back of the 2nd CHAP-Response, so also just can't know an AKA foundation key, therefore need not to worry the Register message of plaintext transmission to the influence of AKA foundation key, thereby can really reach the AKA authentication to the security level required of key length;
Again, in the present embodiment, first authentication ' unit 706 can realize the AKA authentication of the network side of MS by the AUTN parameter that authentication device sends, authentication device can realize that network side is to the AKA authentication of MS by RES parameter and XRES parameter, therefore can realize the two-way authentication of AKA, improve the fail safe based on the AKA authentication process of MD5;
Further, in the present embodiment, the security parameter selected cell can be consulted IPSEC SA parameter with WAG, therefore can be so that the Uw interface between MS and the WAG can access the protection of IPSEC, thus improve security of system;
Introduce the authentication device embodiment in the embodiment of the invention below, see also Fig. 8, embodiment of the authentication device in the embodiment of the invention comprises:
The 3rd generates unit 801, is used for operation MD5 algorithm and generates the 3rd CHAP-Response, handles obtaining the 4th CHAP-Response according to the 3rd CHAP-Response;
Second authentication ' unit 802 is used for the 2nd CHAP-Response and the 4th CHAP-Response are compared to carry out md5 authentication;
The 4th generation unit 803 is used for generating the 2nd AKA foundation key according to the 3rd CHAP-Response when the second authentication ' unit authentication is passed through;
Second parameter generating unit 804 is used for generating authentication parameter according to the 2nd AKA foundation key;
The 3rd transmitting element 805 is used for random parameter RAND and the parameters for authentication AUTN of authentication parameter are sent to portable terminal by WAG.
For ease of understanding, describe with an instantiation below, see also Fig. 9, another embodiment of the authentication device in the embodiment of the invention comprises:
The 3rd generates unit 901, is used for operation MD5 algorithm and generates the 3rd CHAP-Response, handles obtaining the 4th CHAP-Response according to the 3rd CHAP-Response;
In the present embodiment, the 3rd generates that unit 901 generates the process of the 3rd CHAP-Response and handles the process of describing among the process that obtains the 4th CHAP-Response and the aforementioned embodiment shown in Figure 2 according to the 3rd CHAP-Response consistent, repeats no more herein.
Second authentication ' unit 902 is used for the 2nd CHAP-Response and the 4th CHAP-Response are compared to carry out md5 authentication;
The 4th generation unit 903 is used for generating the 2nd AKA foundation key according to the 3rd CHAP-Response when the second authentication ' unit authentication is passed through;
Second parameter generating unit 904 is used for generating authentication parameter according to the 2nd AKA foundation key;
In the present embodiment, the 4th generation unit 903 generates the process of the 2nd AKA foundation key and the process that second parameter generating unit 904 generates authentication parameter, and the process of describing among the content of concrete authentication parameter and the aforementioned embodiment shown in Figure 2 is consistent, repeats no more herein.
The 3rd transmitting element 905 is used for random parameter RAND and the parameters for authentication AUTN of authentication parameter are sent to portable terminal by WAG;
The 3rd receiving element 906 is used for the RES that mobile terminal receive sends;
The 3rd authentication ' unit 907 is used for the expectation authentication result XRES of RES and authentication parameter is compared to carry out the AKA authentication.
Authentication device in the present embodiment can be AN-AAA or HLR.
In the present embodiment, second authentication ' unit 902 can compare the 2nd CHAP-Response of MS transmission and the 4th CHAP-Response that self generates, and is not only the high 64bit of verification, therefore can realize the MD5 authentication of real 128bit;
Secondly, in the present embodiment, MS can realize the AKA authentication of the network side of MS by the AUTN parameter that authentication device sends, the 3rd authentication ' unit 907 can realize that network side is to the AKA authentication of MS by RES parameter and XRES parameter, therefore can realize the two-way authentication of AKA, improve the fail safe based on the AKA authentication process of MD5.
One of ordinary skill in the art will appreciate that all or part of step that realizes in above-described embodiment method is to instruct relevant hardware to finish by program, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.
More than a kind of method for authenticating provided by the present invention and right discriminating system and relevant device are described in detail, for one of ordinary skill in the art, thought according to the embodiment of the invention, part in specific embodiments and applications all can change, in sum, this description should not be construed as limitation of the present invention.
Claims (14)
1. a method for authenticating is characterized in that, comprising:
Portable terminal is handled according to first challenge handshake authentication protocol response CHAP-Response and is obtained the 2nd CHAP-Response, and a described CHAP-Response is generated by subscriber identification module operation MD5 algorithm;
Portable terminal is sent to authentication device by WLAN (wireless local area network) IAD WAG with described the 2nd CHAP-Response;
Authentication device carries out the comparison of whole 128bit length to carry out md5 authentication to described the 2nd CHAP-Response and the 4th CHAP-Response, described the 4th CHAP-Response is handled according to the 3rd CHAP-Response by described authentication device and obtains, and described the 3rd CHAP-Response is generated by described authentication device operation MD5 algorithm;
Authentication device generates the 2nd AKA foundation key according to described the 3rd CHAP-Response, generates authentication parameter according to described the 2nd AKA foundation key, and the random parameter RAND in the described authentication parameter and parameters for authentication AUTN are sent to portable terminal by WAG;
Portable terminal authenticates according to the network side of described AUTN, and portable terminal calculates authentication result RES according to described RAND and an AKA foundation key, and a described AKA foundation key is obtained according to a described CHAP-Response by described portable terminal;
Portable terminal is sent to authentication device by WAG with described RES;
Authentication device compares to carry out the AKA authentication to the expectation authentication result XRES in described RES and the described authentication parameter.
2. method according to claim 1 is characterized in that, a described AKA foundation key was obtained according to a described CHAP-Response before by WAG described the 2nd CHAP-Response being sent to authentication device by described portable terminal;
Or,
A described AKA foundation key is obtained according to a described CHAP-Response after the RAND that receives the authentication device transmission by WAG and AUTN by described portable terminal.
3. method according to claim 1 and 2 is characterized in that, also comprises in the described authentication parameter: integrity protection key parameter IK and encryption key parameters CK;
Described method also comprises:
Authentication device is sent to WAG with described IK and CK;
Portable terminal calculates IK, CK according to described RAND and an AKA foundation key;
Portable terminal and WAG use respectively separately IK and CK to carrying out safe handling.
4. method according to claim 1 and 2 is characterized in that, described portable terminal is handled according to a CHAP-Response and obtained also comprising before or after the 2nd CHAP-Response:
Portable terminal sends registration message to WAG, comprises the Internet protocol security IPSEC security alliance SA parameter that portable terminal is supported in the described registration message;
The IPSEC SA parameter that WAG supports according to the IPSEC SA parameter of described portable terminal support and WAG is chosen the IPSEC SA parameter of common support;
WAG sends 401 challenge message to portable terminal, carries the IPSEC SA parameter that portable terminal is supported in described 401 challenge message, the IPSEC SA parameter that WAG supports;
When the IPSEC SA parameter that the IPSEC SA parameter that the portable terminal that carries in described 401 challenge message of mobile terminal check is supported and the local portable terminal of preserving are supported is consistent, then choose the IPSEC SA parameter of common support according to the IPSEC SA parameter of the IPSEC SA parameter of described WAG support and portable terminal support.
5. method according to claim 1 and 2 is characterized in that, described portable terminal is handled according to a CHAP-Response and obtained also comprising before or after the 2nd CHAP-Response:
Portable terminal sends registration message to WAG, comprises the IPSEC SA parameter that portable terminal is supported in the described registration message;
The IPSEC SA parameter that WAG supports according to the IPSEC SA parameter of described portable terminal support and WAG is chosen the IPSEC SA parameter of common support;
WAG sends 401 challenge message to portable terminal, carries the IPSEC SA parameter of common support in described 401 challenge message;
Portable terminal is preserved the IPSEC SA parameter of the common support of carrying in described 401 challenge message.
6. method according to claim 1 and 2 is characterized in that, described portable terminal is sent to authentication device by WAG with described the 2nd CHAP-Response and comprises:
The registration message that the WAG mobile terminal receive sends carries the 2nd CHAP-Response in the described registration message;
WAG send to insert request to authentication device, carries described the 2nd CHAP-Response in the described access request, CHAP challenge parameter and be designated as sign based on the AKA authentication of MD5.
7. method according to claim 1 and 2 is characterized in that, subscriber identification module operation MD5 algorithm generates a CHAP-Response and comprises:
The MD5 action command that the subscriber identification module mobile terminal receive sends comprises CHAP challenge parameter in the described MD5 action command, described CHAP challenge parameter brings described portable terminal by WAG in 401 challenge message;
Subscriber identification module generates a CHAP-Response according to described CHAP challenge parameter and shared password operation MD5 algorithm;
Authentication device operation MD5 algorithm generates the 3rd CHAP-Response and comprises:
Authentication device receives the access request that WAG sends, and carries CHAP challenge parameter in the described access request;
Authentication device generates the 3rd CHAP-Response according to the challenge parameter of the CHAP in the described access request and shared password operation MD5 algorithm.
8. method according to claim 1 and 2 is characterized in that, portable terminal calculates an AKA foundation key according to a CHAP-Response and comprises:
Portable terminal calculates temporary key according to a CHAP-Response, and then obtains an AKA foundation key;
Authentication device calculates the 2nd AKA foundation key according to the 3rd CHAP-Response and comprises:
Authentication device calculates temporary key according to the 3rd CHAP-Response, and then obtains the 2nd AKA foundation key.
9. method according to claim 1 and 2 is characterized in that,
Described authentication device is access network authentication, authentication and accounting server AN-AAA, or attaching position register HLR.
10. a right discriminating system is characterized in that, comprising:
Subscriber identification module, portable terminal, authentication device, and WLAN (wireless local area network) IAD WAG;
Described subscriber identification module is used for operation MD5 algorithm and generates first challenge handshake authentication protocol response CHAP-Response, and a described CHAP-Response is sent to portable terminal;
Described portable terminal obtains the 2nd CHAP-Response for handling according to a described CHAP-Response, by WAG described the 2nd CHAP-Response is sent to authentication device;
Described authentication device is used for operation MD5 algorithm and generates the 3rd CHAP-Response, handle according to the 3rd CHAP-Response and to obtain the 4th CHAP-Response, the 2nd CHAP-Response and the 4th CHAP-Response are carried out the comparison of whole 128bit length to carry out md5 authentication, generate the 2nd AKA foundation key according to described the 3rd CHAP-Response, generate authentication parameter according to described the 2nd AKA foundation key, the random parameter RAND in the described authentication parameter and parameters for authentication AUTN are sent to portable terminal by WAG;
Described portable terminal also is used for authenticating according to the network side of described AUTN, calculate authentication result RES according to described RAND and an AKA foundation key, a described AKA foundation key is obtained according to a described CHAP-Response by described portable terminal, by WAG described RES is sent to authentication device;
Described authentication device also is used for the expectation authentication result XRES of described RES and described authentication parameter is compared to carry out the AKA authentication.
11. right discriminating system according to claim 10 is characterized in that,
Described portable terminal also is used for sending registration message to WAG, comprises the Internet protocol security IPSEC security alliance SA parameter that portable terminal is supported in the described registration message;
Described WAG also is used for choosing according to the IPSEC SA parameter of the IPSEC SA parameter of described portable terminal support and WAG support the IPSEC SA parameter of common support, send 401 challenge message to portable terminal, carry the IPSEC SA parameter that portable terminal is supported in described 401 challenge message, the IPSEC SA parameter that WAG supports;
Described portable terminal also be used for to check when IPSEC SA parameter that IPSEC SA parameter that portable terminal that described 401 challenge message are carried supports and the local portable terminal of preserving support is consistent, then chooses the IPSEC SA parameter of common support according to the IPSEC SA parameter of the IPSEC SA parameter of described WAG support and portable terminal support.
12., it is characterized in that described authentication device is access network authentication, authentication and accounting server AN-AAA, or attaching position register HLR according to claim 10 or 11 described right discriminating systems.
13. an authentication device is characterized in that, comprising:
The 3rd generates the unit, is used for operation MD5 algorithm and generates the 3rd challenge handshake authentication protocol response CHAP-Response, handles obtaining the 4th CHAP-Response according to the 3rd CHAP-Response;
Second authentication ' unit, be used for the 2nd CHAP-Response and the 4th CHAP-Response are carried out the comparison of whole 128bit length to carry out md5 authentication, described the 2nd CHAP-Response is handled according to a CHAP-Response by portable terminal and obtains, and a described CHAP-Response is generated by subscriber identification module operation MD5 algorithm;
The 4th generation unit is used for generating the 2nd AKA foundation key according to described the 3rd CHAP-Response when the described second authentication ' unit authentication is passed through;
Second parameter generating unit is used for generating authentication parameter according to described the 2nd AKA foundation key;
The 3rd transmitting element is used for random parameter RAND and the parameters for authentication AUTN of described authentication parameter are sent to portable terminal by WAG.
14. authentication device according to claim 13 is characterized in that, described authentication device also comprises:
The 3rd receiving element is used for the RES that mobile terminal receive sends;
The 3rd authentication ' unit is used for the expectation authentication result XRES of described RES and described authentication parameter is compared to carry out the AKA authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910173440.6A CN102026184B (en) | 2009-09-16 | 2009-09-16 | Authentication method, authentication system and relevant device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910173440.6A CN102026184B (en) | 2009-09-16 | 2009-09-16 | Authentication method, authentication system and relevant device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102026184A CN102026184A (en) | 2011-04-20 |
| CN102026184B true CN102026184B (en) | 2013-08-07 |
Family
ID=43866900
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910173440.6A Expired - Fee Related CN102026184B (en) | 2009-09-16 | 2009-09-16 | Authentication method, authentication system and relevant device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102026184B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103825742A (en) * | 2014-02-13 | 2014-05-28 | 南京邮电大学 | Authentication key agreement method applicable to large-scale sensor network |
| CN105282168B (en) * | 2015-11-06 | 2019-02-05 | 盛趣信息技术(上海)有限公司 | Data interactive method and device based on CHAP agreement |
| CN108718237A (en) * | 2018-03-20 | 2018-10-30 | 如般量子科技有限公司 | A kind of modified AKA identity authorization systems and method based on pool of symmetric keys |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1551561A (en) * | 2003-05-16 | 2004-12-01 | 华为技术有限公司 | A Method for Realizing High-Rate Packet Data Service Authentication |
| CN1662092A (en) * | 2004-02-27 | 2005-08-31 | 北京三星通信技术研究有限公司 | Access authentication method and device in high-speed packet data network |
-
2009
- 2009-09-16 CN CN200910173440.6A patent/CN102026184B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1551561A (en) * | 2003-05-16 | 2004-12-01 | 华为技术有限公司 | A Method for Realizing High-Rate Packet Data Service Authentication |
| CN1662092A (en) * | 2004-02-27 | 2005-08-31 | 北京三星通信技术研究有限公司 | Access authentication method and device in high-speed packet data network |
Non-Patent Citations (3)
| Title |
|---|
| "3G Security;Wireless Local Area Network (WLAN) interworking security";3GPP TSGSSA:;《3GPP TS 33.234 V8.1.0》;20080331;第6.1.1.1节 * |
| 3GPP TSGSSA:."3G Security |
| Wireless Local Area Network (WLAN) interworking security".《3GPP TS 33.234 V8.1.0》.2008, |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102026184A (en) | 2011-04-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6492115B2 (en) | Encryption key generation | |
| JP5579872B2 (en) | Secure multiple UIM authentication and key exchange | |
| US9668139B2 (en) | Secure negotiation of authentication capabilities | |
| EP3605942B1 (en) | Key agreement for wireless communication | |
| US7908484B2 (en) | Method of protecting digest authentication and key agreement (AKA) against man-in-the-middle (MITM) attack | |
| US8379854B2 (en) | Secure wireless communication | |
| CN101931955B (en) | Authentication method, device and system | |
| CN101511084B (en) | Authentication and cipher key negotiation method of mobile communication system | |
| EP1976322A1 (en) | An authentication method | |
| JP2018507646A (en) | Security configuration for communication between communication devices and network devices | |
| WO2016161583A1 (en) | Gprs system key enhancement method, sgsn device, ue, hlr/hss and gprs system | |
| CN102118387A (en) | System and method for secure transaction of data between wireless communication device and server | |
| CN105323754B (en) | A kind of distributed method for authenticating based on wildcard | |
| CN101401465A (en) | Method and system for recursive authentication in a mobile network | |
| Ouaissa et al. | New security level of authentication and key agreement protocol for the IoT on LTE mobile networks | |
| CN102026184B (en) | Authentication method, authentication system and relevant device | |
| CN103763697A (en) | Wireless access point multi-secret key support system and method | |
| Parne et al. | SEACE: Security enhanced and computationally efficient AKA protocol for UMTS networks | |
| WO2024230644A1 (en) | Authentication method and device | |
| HK40023059B (en) | Key agreement for wireless communication | |
| HK40023059A (en) | Key agreement for wireless communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130807 |