CN112822025B - Mobile terminal equipment security authentication method and system based on elliptic curve algorithm - Google Patents

Mobile terminal equipment security authentication method and system based on elliptic curve algorithm Download PDF

Info

Publication number
CN112822025B
CN112822025B CN202110427184.XA CN202110427184A CN112822025B CN 112822025 B CN112822025 B CN 112822025B CN 202110427184 A CN202110427184 A CN 202110427184A CN 112822025 B CN112822025 B CN 112822025B
Authority
CN
China
Prior art keywords
user equipment
digital signature
random number
message
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110427184.XA
Other languages
Chinese (zh)
Other versions
CN112822025A (en
Inventor
文彬
周鹏兵
赵文登
焦显伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Telecom Easiness Information Technology Co Ltd
Original Assignee
Beijing Telecom Easiness Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Telecom Easiness Information Technology Co Ltd filed Critical Beijing Telecom Easiness Information Technology Co Ltd
Priority to CN202110427184.XA priority Critical patent/CN112822025B/en
Publication of CN112822025A publication Critical patent/CN112822025A/en
Application granted granted Critical
Publication of CN112822025B publication Critical patent/CN112822025B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]

Abstract

The invention relates to a mobile terminal device security authentication method and system based on an elliptic curve algorithm. The method mainly aims at one-to-one equipment communication, and user equipment firstly carries out identity authentication through a 5G network authentication protocol 5G-AKA to establish a security channel. When the user equipment UE performs D2D communication, the user equipment UE performs authentication and key agreement with a neighboring device through an elliptic curve cryptography algorithm. It provides a secure device discovery, mutual authentication and key agreement mechanism. Secondly, it is resistant to common attacks such as eavesdropping, replay attacks and man-in-the-middle attacks, it also prevents casual attacks, and it also enables all resource-constrained devices to enjoy D2D communication, as it involves only a small performance overhead. In the using process of the invention, the user equipment can carry out D2D communication safely, conveniently and efficiently.

Description

Mobile terminal equipment security authentication method and system based on elliptic curve algorithm
Technical Field
The invention relates to the technical field of information security, in particular to a mobile terminal equipment security authentication method and system based on an elliptic curve algorithm.
Background
A fifth generation cellular network 5G is emerging which has features of high speed, low latency and more efficient resource allocation. Device-to-Device (D2D) communication is to allow neighboring mobile devices to communicate directly. Providing numerous advantages to conventional cellular networks makes it one of the promising functions in 5G. First, it improves overall network efficiency: the users can directly communicate without depending on the base station, thereby reducing the flow of the base station and allowing more concurrent users to access a Core Network (GC). And also further increases spectral efficiency, improving the overall throughput of the 5G network. Second, D2D communication is a contributing factor to smart city applications such as wireless sensor networks and vehicle-to-all networks. Therefore, D2D technology can bring mobile users to faster networks through new applications. Furthermore, the Third Generation Partnership Project (3 GPP) issued a feasibility study for D2D communication and covered some basic requirements such as optimized paths, device discovery procedures and public safety applications. However, it faces more security challenges. For example, it is vulnerable to passive attacks such as eavesdropping and active attacks such as message making, pick-up behavior, etc.
Disclosure of Invention
The invention aims to provide a mobile terminal equipment security authentication method and system based on an elliptic curve algorithm so as to improve the security performance of D2D communication.
In order to achieve the purpose, the invention provides the following scheme:
a mobile terminal equipment security authentication method based on an elliptic curve algorithm comprises the following steps:
an access and mobile management function module in the 5G network generates a main private key and a main public key, and generates a public and private key pair for each user device passing the authentication by using an elliptic curve algorithm, and stores the public key of each user device;
the first user equipment generates a digital signature of the first user equipment by using an elliptic curve algorithm, and generates a first message for broadcasting by using the digital signature and the identity ID; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1,s 1),r 1=x 1 modns 1=a -1(ID A+r 1 k A)modnx 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aGGis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais a private key of the first user equipment;
the second user equipment generates the second user equipment by utilizing an elliptic curve algorithmGenerates a request message and sends the request message to the access and mobile management function module; the request message includes the identity ID of the second user equipment, the digital signature ∂ of the second user equipment2Time stampt 1The identity ID of the first user equipment and the digital signature of the first user equipment; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modns 2=b -1(ID B+r 2 k B)modnx 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bGbis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobile management function module respectively verifies the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modns 3=c -1(R+r 3 x)modnx 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cGcis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF;
the first user equipment passes the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR
The second user equipment passes the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dGdis a random number, and is a random number,t 4a timestamp for the second message;
the first user equipment verifies the digital signature of the message sent by the second user equipment through the public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hGhIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG
The second user equipment verifies the digital signature of the message sent by the first user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
Optionally, the access and mobility management functional module in the 5G network generates a master private key and a master public key, and before that, the method further includes:
initializing the system of the 5G network to generate the order ofnA subgroup of (a).
Optionally, the accessing and mobility management function module verifies the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment, and specifically includes:
the access and mobility management function module timestampst 1Verifying the validity of the key;
if the time stampt 1If the identity ID of the first user equipment is legal, the access and mobile management function module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment;
and if the identity ID of the first user equipment and the identity ID of the second user equipment are both legal, the access and mobile management functional module verifies the digital signature of the first user equipment according to the stored public key of the first user equipment and verifies the digital signature of the second user equipment according to the stored public key of the second user equipment.
Optionally, the second user equipment uses the master public key and the random numberRVerifying the digital signature of the AMF, which specifically comprises the following steps:
time stamp of second notification message by the second user equipmentt 3Verifying the validity of the key;
if the second user equipment is legal, the second user equipment passes the master public key and the random numberRThe digital signature of the AMF is verified.
Optionally, the second user equipment sends a message with a digital signature of ∂4=(r 4,s 4),r 4=x 4 modns 4=d -1(N 1+r 4 k B)modnx 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dGdis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID AID BRC 4
optionally, the first user equipment sends a message with a digital signature of ∂5=(r 5,s 5),r 5=x 5 modns 5=h -1(N 5+r 5 k A)modnx 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hGhis a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID AID BRC 5K 1
the invention also provides a mobile terminal equipment safety certification system based on the elliptic curve algorithm, which comprises the following steps:
the access and mobile management function module initialization module is used for generating a main private key and a main public key through the access and mobile management function module in the 5G network, generating a public and private key pair for each user device passing the authentication by utilizing an elliptic curve algorithm, and storing the public key of each user device;
the first user equipment broadcasting module is used for generating a digital signature of the first user equipment by utilizing an elliptic curve algorithm and generating a first message for broadcasting by the digital signature and the identity ID; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1s 1),r 1=x 1 modns 1=a -1(ID A+r 1 k A)modnx 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aGGis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais a private key of the first user equipment;
the second user equipment request module is used for generating a digital signature of the second user equipment by utilizing an elliptic curve algorithm, generating a request message and sending the request message to the access and mobile management function module; the request message includes the identity ID of the second user equipment, the digital signature ∂ of the second user equipment2Time stampt 1The identity ID of the first user equipment and the digital signature of the first user equipment; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modns 2=b -1(ID B+r 2 k B)modnx 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bGbis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobile management functional module verification module is used for verifying the digital signature of the first user equipment and the digital signature of the second user equipment respectively by the access and mobile management functional module according to the stored public key of the first user equipment and the stored public key of the second user equipment; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modns 3=c -1(R+r 3 x)modnx 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cGcis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF;
a first user equipment storage module for the first user equipment to pass the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR
A second user equipment verification module for the second user equipment to pass the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dGdis a random number, and is a random number,t 4a timestamp for the second message;
the first session key generation module is used for verifying the digital signature of the message sent by the second user equipment by the first user equipment through a public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hGhIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG
The second session key generation module is used for verifying the digital signature of the message sent by the first user equipment by the second user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
Optionally, the access and mobility management function module authentication module specifically includes:
a time stamp verification unit for time stamp-pair by the access and mobility management function modulet 1Verifying the validity of the key;
an ID verification unit for verifying the ID when the time stamp is generatedt 1When the identity ID of the first user equipment and the identity ID of the second user equipment are legal, the access and mobile management functional module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment;
and the signature verification unit is used for verifying the digital signature of the first user equipment according to the stored public key of the first user equipment and verifying the digital signature of the second user equipment according to the stored public key of the second user equipment when the identity ID of the first user equipment and the identity ID of the second user equipment are both legal.
Optionally, the second user equipment verification module specifically includes:
a time stamp verification unit for time stamp of the second notification message by the second user equipmentt 3Verifying the validity of the key;
a signature verification unit for passing the master public key and the random number by the second user equipment when the time stamp is legalRThe digital signature of the AMF is verified.
Optionally, the second user equipment sends a message with a digital signature of ∂4=(r 4,s 4),r 4=x 4 modns 4=d -1(N 1+r 4 k B)modnx 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dGdis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID AID BRC 4
the first user equipment sends a message with a digital signature of ∂5=(r 5,s 5),r 5=x 5 modns 5=h -1(N 5+r 5 k A)modnx 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hGhis a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID AID BRC 5K 1
according to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the communication entities in the method provided by the invention carry out mutual authentication, thereby avoiding impersonation attack and ensuring the safety of communication; the user equipment guarantees the freshness of the message through the time stamp. Thereby avoiding replay attacks; in each session in the authentication process, the private key values of the user equipment are different, so that the backward security of the secret key is ensured; the session key is generated by an elliptic curve cryptography algorithm, so that the actual session key can never be transmitted through an unsafe free channel, and the security of the key is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is an authentication diagram of the security authentication method of the mobile terminal device based on the elliptic curve algorithm according to the present invention;
FIG. 2 is an authentication flow chart of the mobile terminal device security authentication method based on the elliptic curve algorithm of the present invention;
fig. 3 is a schematic structural diagram of the mobile terminal device security authentication system based on the elliptic curve algorithm.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is an authentication schematic diagram of the mobile terminal device security authentication method based on the elliptic curve algorithm of the present invention, fig. 2 is an authentication flow chart of the mobile terminal device security authentication method based on the elliptic curve algorithm of the present invention, and as shown in fig. 1 and fig. 2, the mobile terminal device security authentication method based on the elliptic curve algorithm of the present invention includes the following steps:
the method comprises the following steps: and an access and mobile management function module in the 5G network generates a main private key and a main public key, generates a public and private key pair for each user device passing the authentication by using an elliptic curve algorithm, and stores the public key of each user device. The step is an initialization process, and the user equipment UE performs authentication by using an authentication protocol 5G-AKA and a 5G Core Network (5G Core Network, 5 GC) to establish a secure channel, where the 5G Core Network includes an Access and Mobility Management Function (AMF), a Security Anchor Function (SEAF), a Unified Data Management (UDM), an authentication credential storage and processing FunctionCan (Authentication creation reporting and Processing Function, ARPF). The 5G network assigns a temporary identity ID to each user equipment UE, which ID can be updated periodically. Then the Access and Mobility Management Function (AMF) first generates a master private key x, the master public key being Y = xG. A public and private key pair (P, k) is then generated for each user equipment UE by using an Elliptic Curve Diffie-Hellman (ECDH) algorithm, where the private key k ∈ Zn *Where n is the order of the subgroup; the public key P = kG, where G is the reference point of the subgroup. And meanwhile, storing the generated public key P, and sending the public and private key pair (P, k) and G of each user equipment back to the user equipment UE through a secure channel.
Step two: first User Equipment (UE)AFirst, a random number is selecteda∈Zn *Calculating pointsC 1=aGCalculating a valuer 1=x 1 modnWhereinx 1Is thatC 1X coordinate of (2), calculatings 1=a -1(ID A+r 1 k A)modnWherein, in the step (A),a -1is composed ofaDienThe inverse of the multiplication of (a),ID Afor the UEAIs determined by the identity of the user,k Afor the UEAFinally generating a first user equipment UEADigital signature ∂1=(r 1,s 1). The user equipment UE thenABroadcast message first messageM 1={ID A,∂1}。
Step three: when the second user equipment UEBReceiving to UEAAfter broadcasting the information, the UE nowBWant to with UEAConnection is established, then UEBFirst, a random number is selectedb∈Zn *Calculating pointsC 2=bGCalculating a valuer 2=x 2 modnWhereinx 2Is thatC 2X coordinate of (2), calculatings 2=b -1(ID B+r 2 k B)modnWhereinb -1Is composed ofbDienThe inverse of the multiplication of (a),ID Bfor the UEBIs determined by the identity of the user,k Bfor the UEBPrivate key, and finally generates a digital signature ∂2=(r 2,s 2). The D2D connection request message is then sent to the access and mobility management function AMF over the secure channel. Wherein the connection request message includes information that the UE is a UEBIdentity ID information ofID BSignature ∂2Time stampt 1And receiving to the UEAOf broadcast informationID AAnd ∂1
Step four: slave UE when access and mobile management function AMFBAfter receiving the connection message, the timestamp is first verifiedt 1And if so, continuing. The access and mobility management function AMF will first check the temporary identity in the connection requestID AID BWhether it is legal. If they are legitimate, the access and mobility management function AMF will use the stored UEA,UEAPublic key and temporary identity pair signature ∂1,∂2And (6) carrying out verification. If the signature is legitimate, the request continues, otherwise, the request is denied.
If the authentication is passed, the access and mobility management function AMF first generates a random number R and then selects another random numberc∈Zn *Calculating pointsC 3=cGCalculating a valuer 3=x 3 modnWhereinx 3Is thatC 3X coordinate of (2), calculatings 3=c -1(R+r 3 x)modnWhereinc -1Is composed ofcDienThe inverse of the multiplication of (a),xthe digital signature ∂ is finally generated for the AMF's private key3=(r 3,s 3). Then time stampingt 2Random number ofR、UEBOf (2) a public keyP BAMF signature ∂3And sends it to UE together with its public key YANotifying UEAHaving a user equipment UE with which a connection is desiredB(ii) a Access and mobility management function AMF timestampst 3Random number ofR、UEAOf (2) a public keyP AAMF digital signature ∂3And sends it to UE together with its public key YBNotifying UEBMessages may be sent to connect to the UEA
Step five: first User Equipment (UE)AAfter receiving the message sent by the access and mobile management function AMF, firstly verifying the time stampt 2And if so, continuing. UE (user Equipment)AVerifying signature ∂ by AMF public key Y and R3If the signature is legitimate, the request continues, otherwise, the request is denied. At this time, the UEAThe random value R is saved.
Step six: second user equipment UEBAfter receiving the message sent by the access and mobile management function AMF, firstly verifying the timestamp of the timestampt 3If legal, and if so, verify the signature ∂ by AMF public key Y and R3If the signature is legitimate, the request continues, otherwise, the request is denied. UE (user Equipment)BSelecting a random numberd∈Zn *And calculateC 4=dGCalculating a valueN 1=ID AID BRC 4Calculating a valuer 4=x 4 modnWhereinx 4Is thatC 4X coordinate of (2), calculatings 4=d -1(N 1+r 4 k B)modnWhereind -1Is composed ofdDienThe inverse of the multiplication of (a),k Bfor the UEBPrivate key, and finally generates a digital signature ∂4=(r 4,s 4). Then the message is sentM 2={ID B,∂4,C 4,t 4Is sent to UEA
Step seven: when a first user equipment UEAReceiving a slave UEBAfter the message is sent, UEAFirst verifying a timestampt 4Whether the code is legal or not, and if the code is legal, continuing; UE (user Equipment)AGeneratingN 2=ID AID BRC 4Using UEBPublic key P ofBVerification ∂4. If the authentication is successful, the protocol continues, otherwise the connection is denied. UE (user Equipment)ASelecting a random numberh∈Zn *And calculateC 5=hGThen UEAGenerating session keysK 1=hdGCalculating a valueN 5=ID AID BRC 5K 1Calculating a valuer 5=x 5 modnWhereinx 5Is thatC 5X coordinate of (2), calculatings 5=h -1(N 5+r 5 k A)modnWhereinh -1Is composed ofhDienMultiplication inverse of (k)AFor the UEAPrivate key, and finally generates a digital signature ∂5=(r 5,s 5). Then the message is sentM 3={ID A,∂5,C 5,t 5Is sent to UEB
Step eight: when the second user equipment UEBReceiving a slave UEAAfter the transmitted message, the UEBFirst verifying a timestampt 5Whether the code is legal or not, and if the code is legal, continuing; UE (user Equipment)BFirst, a session key is generatedK 2=hdGThen generateN 6=ID AID BRC 5K 2Use ofN 6And UEAPublic key P ofAVerification ∂5. If the verification is successful, it indicatesN 6AndN 5are equal, so that the UE can be determinedBWith user equipment UEAThe same session key is generated, otherwise the UEBThe connection is denied. User Equipment (UE)BBy session keyK 2Sending the generated feedback message to a first User Equipment (UE)AAnd completing the authentication between the first user equipment and the second user equipment. Last user equipment UEAWith user equipment UEBThe communication is performed by the same session key.
The present invention also provides a mobile terminal device security authentication system based on the elliptic curve algorithm, as shown in fig. 3, the mobile terminal device security authentication system based on the elliptic curve algorithm comprises:
the access and mobility management function module initialization module 301 is configured to generate a main private key and a main public key through an access and mobility management function module in the 5G network, generate a public and private key pair for each authenticated user equipment by using an elliptic curve algorithm, and store the public key of each user equipment.
A first user equipment broadcasting module 302, configured to generate a digital signature of the first user equipment by using an elliptic curve algorithm, and generate a first message from the digital signature and the identity ID for broadcasting; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1s 1),r 1=x 1 modns 1=a -1(ID A+r 1 k A)modnx 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aGGis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais the private key of the first user equipment.
A second user equipment request module 303, configured to generate a digital signature of the second user equipment by using an elliptic curve algorithm, generate a request message, and send the request message to the access and mobility management function module; the request message comprises the ID of the second user equipment and the digital signature of the second user equipmentName ∂2Time stampt 1The identity ID of the first user equipment and the digital signature of the first user equipment; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modns 2=b -1(ID B+r 2 k B)modnx 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bGbis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobility management function module verification module 304 is configured to verify the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment, respectively; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modns 3=c -1(R+r 3 x)modnx 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cGcis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF;
a first user device storage module 305, aA user device passes the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR
A second user device verification module 306 for the second user device to pass the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dGdis a random number, and is a random number,t 4a timestamp for the second message;
a first session key generation module 307, where the first user equipment verifies a digital signature of a message sent by a second user equipment through a public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hGhIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG
A second session key generation module 308, configured to verify, by the second user equipment, the digital signature of the message sent by the first user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
As a specific embodiment, in the mobile terminal device security authentication system based on the elliptic curve algorithm of the present invention, the access and mobility management function module verification module 301 specifically includes:
a time stamp verification unit for time stamp-pair by the access and mobility management function modulet 1Verifying the validity of the key;
an ID verification unit for verifying the ID when the time stamp is generatedt 1When the identity ID of the first user equipment and the identity ID of the second user equipment are legal, the access and mobile management functional module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment;
and the signature verification unit is used for verifying the digital signature of the first user equipment according to the stored public key of the first user equipment and verifying the digital signature of the second user equipment according to the stored public key of the second user equipment when the identity ID of the first user equipment and the identity ID of the second user equipment are both legal.
As a specific embodiment, in the mobile terminal device security authentication system based on an elliptic curve algorithm of the present invention, the second user equipment verification module 303 specifically includes:
a time stamp verification unit for time stamp of the second notification message by the second user equipmentt 3Verifying the validity of the key;
a signature verification unit for passing the master public key and the random number by the second user equipment when the time stamp is legalRThe digital signature of the AMF is verified.
As a specific embodiment, in the mobile terminal device security authentication system based on the elliptic curve algorithm, the digital signature of the message sent by the second user equipment is ∂4=(r 4,s 4),r 4=x 4 modns 4=d -1(N 1+r 4 k B)modnx 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dGdis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID AID BRC 4
the first user equipment sends a message with a digital signature of ∂5=(r 5,s 5),r 5=x 5 modns 5=h -1(N 5+r 5 k A)modnx 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hGhis a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID AID BRC 5K 1
the method mainly aims at one-to-one equipment communication, and the user equipment firstly carries out identity Authentication through a 5G network Authentication protocol 5G Authentication and Key Agreement protocol (5G-Authentication and Key Agreement, 5G-AKA) and establishes a security channel. When the user equipment UE performs D2D communication, the user equipment UE performs authentication and key agreement with a neighboring device through an elliptic curve cryptography algorithm. It provides a secure device discovery, mutual Authentication and Key Agreement (AKA) mechanism. Secondly, it is resistant to common attacks such as eavesdropping, replay attacks and man-in-the-middle attacks, it also prevents casual attacks, and it also enables all resource-constrained devices to enjoy D2D communication, as it involves only a small performance overhead. In the using process of the invention, the user equipment can carry out D2D communication safely, conveniently and efficiently.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (8)

1. A mobile terminal equipment safety certification method based on an elliptic curve algorithm is characterized by comprising the following steps:
an access and mobile management function module in the 5G network generates a main private key and a main public key, and generates a public and private key pair for each user device passing the authentication by using an elliptic curve algorithm, and stores the public key of each user device;
the first user equipment generates a digital signature of the first user equipment by using an elliptic curve algorithm, and generates a first message for broadcasting by using the digital signature and the identity ID; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1,s 1),r 1=x 1 modns 1=a -1(ID A+r 1 k A)modnx 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aGGis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais a private key of the first user equipment;
the second user equipment generates a digital signature of the second user equipment by utilizing an elliptic curve algorithm, generates a request message and sends the request message to the access and mobile management function module; the request message includes the identity ID of the second user equipment, the digital signature ∂ of the second user equipment2Time stampt 1ID of first user equipment anda digital signature of a user device; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modns 2=b -1(ID B+r 2 k B)modnx 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bGbis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobile management function module respectively verifies the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modns 3=c -1(R+r 3 x)modnx 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cGcis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF; the access and mobility management function module verifies the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment, and the method specifically includes: the jointInbound and mobility management function module pair time stampingt 1Verifying the validity of the key; if the time stampt 1If the identity ID of the first user equipment is legal, the access and mobile management function module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment; if the identity ID of the first user equipment and the identity ID of the second user equipment are both legal, the access and mobile management function module verifies the digital signature of the first user equipment according to the stored public key of the first user equipment and verifies the digital signature of the second user equipment according to the stored public key of the second user equipment;
the first user equipment passes the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR
The second user equipment passes the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dGdis a random number, and is a random number,t 4a timestamp for the second message;
the first user equipment verifies the digital signature of the message sent by the second user equipment through the public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hGhIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG
The second user equipment verifies the digital signature of the message sent by the first user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
2. The elliptic curve algorithm-based mobile terminal device security authentication method as claimed in claim 1, wherein the access and mobility management function module in the 5G network generates a master private key and a master public key, and further comprising:
initializing the system of the 5G network to generate the order ofnA subgroup of (a).
3. The elliptic curve algorithm-based mobile terminal device security authentication method as claimed in claim 1, wherein the second user device passes through a master public key and a random numberRVerifying the digital signature of the AMF, which specifically comprises the following steps:
time stamp of second notification message by the second user equipmentt 3Verifying the validity of the key;
if the second user equipment is legal, the second user equipment passes the master public key and the random numberRThe digital signature of the AMF is verified.
4. The elliptic curve algorithm-based mobile terminal equipment security authentication method as claimed in claim 1, wherein the digital signature of the message sent by the second user equipment is ∂4=(r 4,s 4),r 4=x 4 modns 4=d -1(N 1+r 4 k B)modnx 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dGdis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID AID BRC 4
5. the elliptic curve algorithm-based mobile terminal equipment security authentication method as claimed in claim 1, wherein the digital signature of the message sent by the first user equipment is ∂5=(r 5,s 5),r 5=x 5 modns 5=h -1(N 5+r 5 k A)modnx 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hGhis a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID AID BRC 5K 1
6. a mobile terminal device security authentication system based on an elliptic curve algorithm is characterized by comprising:
the access and mobile management function module initialization module is used for generating a main private key and a main public key through the access and mobile management function module in the 5G network, generating a public and private key pair for each user device passing the authentication by utilizing an elliptic curve algorithm, and storing the public key of each user device;
the first user equipment broadcasting module is used for generating a digital signature of the first user equipment by utilizing an elliptic curve algorithm and generating a first message for broadcasting by the digital signature and the identity ID; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1s 1),r 1=x 1 modns 1=a -1(ID A+r 1 k A)modnx 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aGGis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais a private key of the first user equipment;
the second user equipment request module is used for generating a digital signature of the second user equipment by utilizing an elliptic curve algorithm, generating a request message and sending the request message to the access and mobile management function module; the request message includes the identity ID of the second user equipment, the digital signature ∂ of the second user equipment2Time stampt 1The identity ID of the first user equipment and the digital signature of the first user equipment; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modns 2=b -1(ID B+r 2 k B)modnx 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bGbis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobile management functional module verification module is used for verifying the digital signature of the first user equipment and the digital signature of the second user equipment respectively by the access and mobile management functional module according to the stored public key of the first user equipment and the stored public key of the second user equipment; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modns 3=c -1(R+r 3 x)modnx 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cGcis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF; the access and mobility management function module authentication module specifically includes: a time stamp verification unit for time stamp-pair by the access and mobility management function modulet 1Verifying the validity of the key; an ID verification unit for verifying the ID when the time stamp is generatedt 1When the identity ID of the first user equipment and the identity ID of the second user equipment are legal, the access and mobile management functional module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment; the signature verification unit is used for verifying the digital signature of the first user equipment according to the stored public key of the first user equipment and verifying the digital signature of the second user equipment according to the stored public key of the second user equipment when the identity ID of the first user equipment and the identity ID of the second user equipment are both legal;
a first user equipment storage module for the first user equipment to pass the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR
A second user equipment verification module for the second user equipment to pass the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dGdis a random number, and is a random number,t 4a timestamp for the second message;
the first session key generation module is used for verifying the digital signature of the message sent by the second user equipment by the first user equipment through a public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hGhIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG
The second session key generation module is used for verifying the digital signature of the message sent by the first user equipment by the second user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
7. The elliptic curve algorithm-based mobile terminal device security authentication system as claimed in claim 6, wherein the second user equipment verification module specifically comprises:
a time stamp verification unit for time stamp of the second notification message by the second user equipmentt 3Verifying the validity of the key;
a signature verification unit for passing the master public key and the random number by the second user equipment when the time stamp is legalRThe digital signature of the AMF is verified.
8. Elliptic curve algorithm based on claim 6The mobile terminal equipment safety certification system is characterized in that the second user equipment sends a message with the digital signature of ∂4=(r 4,s 4),r 4=x 4 modns 4=d -1(N 1+r 4 k B)modnx 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dGdis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID AID BRC 4
the first user equipment sends a message with a digital signature of ∂5=(r 5,s 5),r 5=x 5 modns 5=h -1(N 5+r 5 k A)modnx 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hGhis a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID AID BRC 5K 1
CN202110427184.XA 2021-04-21 2021-04-21 Mobile terminal equipment security authentication method and system based on elliptic curve algorithm Active CN112822025B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110427184.XA CN112822025B (en) 2021-04-21 2021-04-21 Mobile terminal equipment security authentication method and system based on elliptic curve algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110427184.XA CN112822025B (en) 2021-04-21 2021-04-21 Mobile terminal equipment security authentication method and system based on elliptic curve algorithm

Publications (2)

Publication Number Publication Date
CN112822025A CN112822025A (en) 2021-05-18
CN112822025B true CN112822025B (en) 2021-07-02

Family

ID=75862508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110427184.XA Active CN112822025B (en) 2021-04-21 2021-04-21 Mobile terminal equipment security authentication method and system based on elliptic curve algorithm

Country Status (1)

Country Link
CN (1) CN112822025B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109768861A (en) * 2019-01-24 2019-05-17 西安电子科技大学 Massive D2D anonymous discovery authentication and key agreement method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019183794A1 (en) * 2018-03-27 2019-10-03 Apple Inc. Subscriber identity privacy protection and network key management

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109768861A (en) * 2019-01-24 2019-05-17 西安电子科技大学 Massive D2D anonymous discovery authentication and key agreement method

Also Published As

Publication number Publication date
CN112822025A (en) 2021-05-18

Similar Documents

Publication Publication Date Title
WO2020177768A1 (en) Network verification method, apparatus, and system
US10841784B2 (en) Authentication and key agreement in communication network
US8578164B2 (en) Method of one-way access authentication
US20110320802A1 (en) Authentication method, key distribution method and authentication and key distribution method
Sun et al. Privacy-preserving device discovery and authentication scheme for D2D communication in 3GPP 5G HetNet
WO2012174959A1 (en) Group authentication method, system and gateway in machine-to-machine communication
CN111970699B (en) Terminal WIFI login authentication method and system based on IPK
CN111565169B (en) Cloud edge authentication method under mobile edge computing architecture, electronic equipment and storage medium
WO2019001169A1 (en) Pmipv6 authentication system and method for identity-based proxy group signature
CN112804680B (en) Mobile terminal equipment safety authentication method and system based on chaotic mapping
CN112602290B (en) Identity authentication method and device and readable storage medium
WO2012003689A1 (en) Distributed dynamic key management methods and apparatuses
CN112333705B (en) Identity authentication method and system for 5G communication network
WO2023283789A1 (en) Secure communication method and apparatus, terminal device, and network device
Zhu et al. Research on authentication mechanism of cognitive radio networks based on certification authority
CN111669275A (en) Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment
CN112822018B (en) Mobile equipment security authentication method and system based on bilinear pairings
CN112822025B (en) Mobile terminal equipment security authentication method and system based on elliptic curve algorithm
CN112887979A (en) Network access method and related equipment
Ming et al. A secure one-to-many authentication and key agreement scheme for industrial IoT
Li et al. Fast authentication for mobile clients in wireless mesh networks
Fanian et al. A symmetric polynomial–based mutual authentication protocol for GSM networks
Li et al. Fast authentication for mobility support in wireless mesh networks
Liu et al. The Wi-Fi device authentication method based on information hiding
CN117499920A (en) Authentication method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant