CN112822025B - Mobile terminal equipment security authentication method and system based on elliptic curve algorithm - Google Patents
Mobile terminal equipment security authentication method and system based on elliptic curve algorithm Download PDFInfo
- Publication number
- CN112822025B CN112822025B CN202110427184.XA CN202110427184A CN112822025B CN 112822025 B CN112822025 B CN 112822025B CN 202110427184 A CN202110427184 A CN 202110427184A CN 112822025 B CN112822025 B CN 112822025B
- Authority
- CN
- China
- Prior art keywords
- user equipment
- digital signature
- random number
- message
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/70—Services for machine-to-machine communication [M2M] or machine type communication [MTC]
Abstract
The invention relates to a mobile terminal device security authentication method and system based on an elliptic curve algorithm. The method mainly aims at one-to-one equipment communication, and user equipment firstly carries out identity authentication through a 5G network authentication protocol 5G-AKA to establish a security channel. When the user equipment UE performs D2D communication, the user equipment UE performs authentication and key agreement with a neighboring device through an elliptic curve cryptography algorithm. It provides a secure device discovery, mutual authentication and key agreement mechanism. Secondly, it is resistant to common attacks such as eavesdropping, replay attacks and man-in-the-middle attacks, it also prevents casual attacks, and it also enables all resource-constrained devices to enjoy D2D communication, as it involves only a small performance overhead. In the using process of the invention, the user equipment can carry out D2D communication safely, conveniently and efficiently.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a mobile terminal equipment security authentication method and system based on an elliptic curve algorithm.
Background
A fifth generation cellular network 5G is emerging which has features of high speed, low latency and more efficient resource allocation. Device-to-Device (D2D) communication is to allow neighboring mobile devices to communicate directly. Providing numerous advantages to conventional cellular networks makes it one of the promising functions in 5G. First, it improves overall network efficiency: the users can directly communicate without depending on the base station, thereby reducing the flow of the base station and allowing more concurrent users to access a Core Network (GC). And also further increases spectral efficiency, improving the overall throughput of the 5G network. Second, D2D communication is a contributing factor to smart city applications such as wireless sensor networks and vehicle-to-all networks. Therefore, D2D technology can bring mobile users to faster networks through new applications. Furthermore, the Third Generation Partnership Project (3 GPP) issued a feasibility study for D2D communication and covered some basic requirements such as optimized paths, device discovery procedures and public safety applications. However, it faces more security challenges. For example, it is vulnerable to passive attacks such as eavesdropping and active attacks such as message making, pick-up behavior, etc.
Disclosure of Invention
The invention aims to provide a mobile terminal equipment security authentication method and system based on an elliptic curve algorithm so as to improve the security performance of D2D communication.
In order to achieve the purpose, the invention provides the following scheme:
a mobile terminal equipment security authentication method based on an elliptic curve algorithm comprises the following steps:
an access and mobile management function module in the 5G network generates a main private key and a main public key, and generates a public and private key pair for each user device passing the authentication by using an elliptic curve algorithm, and stores the public key of each user device;
the first user equipment generates a digital signature of the first user equipment by using an elliptic curve algorithm, and generates a first message for broadcasting by using the digital signature and the identity ID; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1,s 1),r 1=x 1 modn,s 1=a -1(ID A+r 1 k A)modn,x 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aG,Gis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais a private key of the first user equipment;
the second user equipment generates the second user equipment by utilizing an elliptic curve algorithmGenerates a request message and sends the request message to the access and mobile management function module; the request message includes the identity ID of the second user equipment, the digital signature ∂ of the second user equipment2Time stampt 1The identity ID of the first user equipment and the digital signature of the first user equipment; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modn,s 2=b -1(ID B+r 2 k B)modn,x 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bG,bis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobile management function module respectively verifies the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modn,s 3=c -1(R+r 3 x)modn,x 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cG,cis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF;
the first user equipment passes the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR;
The second user equipment passes the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dG,dis a random number, and is a random number,t 4a timestamp for the second message;
the first user equipment verifies the digital signature of the message sent by the second user equipment through the public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hG,hIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG;
The second user equipment verifies the digital signature of the message sent by the first user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
Optionally, the access and mobility management functional module in the 5G network generates a master private key and a master public key, and before that, the method further includes:
initializing the system of the 5G network to generate the order ofnA subgroup of (a).
Optionally, the accessing and mobility management function module verifies the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment, and specifically includes:
the access and mobility management function module timestampst 1Verifying the validity of the key;
if the time stampt 1If the identity ID of the first user equipment is legal, the access and mobile management function module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment;
and if the identity ID of the first user equipment and the identity ID of the second user equipment are both legal, the access and mobile management functional module verifies the digital signature of the first user equipment according to the stored public key of the first user equipment and verifies the digital signature of the second user equipment according to the stored public key of the second user equipment.
Optionally, the second user equipment uses the master public key and the random numberRVerifying the digital signature of the AMF, which specifically comprises the following steps:
time stamp of second notification message by the second user equipmentt 3Verifying the validity of the key;
if the second user equipment is legal, the second user equipment passes the master public key and the random numberRThe digital signature of the AMF is verified.
Optionally, the second user equipment sends a message with a digital signature of ∂4=(r 4,s 4),r 4=x 4 modn,s 4=d -1(N 1+r 4 k B)modn,x 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dG,dis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID A⊕ID B⊕R⊕C 4。
optionally, the first user equipment sends a message with a digital signature of ∂5=(r 5,s 5),r 5=x 5 modn,s 5=h -1(N 5+r 5 k A)modn,x 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hG,his a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID A⊕ID B⊕R⊕C 5⊕K 1 。
the invention also provides a mobile terminal equipment safety certification system based on the elliptic curve algorithm, which comprises the following steps:
the access and mobile management function module initialization module is used for generating a main private key and a main public key through the access and mobile management function module in the 5G network, generating a public and private key pair for each user device passing the authentication by utilizing an elliptic curve algorithm, and storing the public key of each user device;
the first user equipment broadcasting module is used for generating a digital signature of the first user equipment by utilizing an elliptic curve algorithm and generating a first message for broadcasting by the digital signature and the identity ID; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1,s 1),r 1=x 1 modn,s 1=a -1(ID A+r 1 k A)modn,x 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aG,Gis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais a private key of the first user equipment;
the second user equipment request module is used for generating a digital signature of the second user equipment by utilizing an elliptic curve algorithm, generating a request message and sending the request message to the access and mobile management function module; the request message includes the identity ID of the second user equipment, the digital signature ∂ of the second user equipment2Time stampt 1The identity ID of the first user equipment and the digital signature of the first user equipment; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modn,s 2=b -1(ID B+r 2 k B)modn,x 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bG,bis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobile management functional module verification module is used for verifying the digital signature of the first user equipment and the digital signature of the second user equipment respectively by the access and mobile management functional module according to the stored public key of the first user equipment and the stored public key of the second user equipment; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modn,s 3=c -1(R+r 3 x)modn,x 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cG,cis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF;
a first user equipment storage module for the first user equipment to pass the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR;
A second user equipment verification module for the second user equipment to pass the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dG,dis a random number, and is a random number,t 4a timestamp for the second message;
the first session key generation module is used for verifying the digital signature of the message sent by the second user equipment by the first user equipment through a public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hG,hIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG;
The second session key generation module is used for verifying the digital signature of the message sent by the first user equipment by the second user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
Optionally, the access and mobility management function module authentication module specifically includes:
a time stamp verification unit for time stamp-pair by the access and mobility management function modulet 1Verifying the validity of the key;
an ID verification unit for verifying the ID when the time stamp is generatedt 1When the identity ID of the first user equipment and the identity ID of the second user equipment are legal, the access and mobile management functional module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment;
and the signature verification unit is used for verifying the digital signature of the first user equipment according to the stored public key of the first user equipment and verifying the digital signature of the second user equipment according to the stored public key of the second user equipment when the identity ID of the first user equipment and the identity ID of the second user equipment are both legal.
Optionally, the second user equipment verification module specifically includes:
a time stamp verification unit for time stamp of the second notification message by the second user equipmentt 3Verifying the validity of the key;
a signature verification unit for passing the master public key and the random number by the second user equipment when the time stamp is legalRThe digital signature of the AMF is verified.
Optionally, the second user equipment sends a message with a digital signature of ∂4=(r 4,s 4),r 4=x 4 modn,s 4=d -1(N 1+r 4 k B)modn,x 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dG,dis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID A⊕ID B⊕R⊕C 4;
the first user equipment sends a message with a digital signature of ∂5=(r 5,s 5),r 5=x 5 modn,s 5=h -1(N 5+r 5 k A)modn,x 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hG,his a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID A⊕ID B⊕R⊕C 5⊕K 1 。
according to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the communication entities in the method provided by the invention carry out mutual authentication, thereby avoiding impersonation attack and ensuring the safety of communication; the user equipment guarantees the freshness of the message through the time stamp. Thereby avoiding replay attacks; in each session in the authentication process, the private key values of the user equipment are different, so that the backward security of the secret key is ensured; the session key is generated by an elliptic curve cryptography algorithm, so that the actual session key can never be transmitted through an unsafe free channel, and the security of the key is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is an authentication diagram of the security authentication method of the mobile terminal device based on the elliptic curve algorithm according to the present invention;
FIG. 2 is an authentication flow chart of the mobile terminal device security authentication method based on the elliptic curve algorithm of the present invention;
fig. 3 is a schematic structural diagram of the mobile terminal device security authentication system based on the elliptic curve algorithm.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is an authentication schematic diagram of the mobile terminal device security authentication method based on the elliptic curve algorithm of the present invention, fig. 2 is an authentication flow chart of the mobile terminal device security authentication method based on the elliptic curve algorithm of the present invention, and as shown in fig. 1 and fig. 2, the mobile terminal device security authentication method based on the elliptic curve algorithm of the present invention includes the following steps:
the method comprises the following steps: and an access and mobile management function module in the 5G network generates a main private key and a main public key, generates a public and private key pair for each user device passing the authentication by using an elliptic curve algorithm, and stores the public key of each user device. The step is an initialization process, and the user equipment UE performs authentication by using an authentication protocol 5G-AKA and a 5G Core Network (5G Core Network, 5 GC) to establish a secure channel, where the 5G Core Network includes an Access and Mobility Management Function (AMF), a Security Anchor Function (SEAF), a Unified Data Management (UDM), an authentication credential storage and processing FunctionCan (Authentication creation reporting and Processing Function, ARPF). The 5G network assigns a temporary identity ID to each user equipment UE, which ID can be updated periodically. Then the Access and Mobility Management Function (AMF) first generates a master private key x, the master public key being Y = xG. A public and private key pair (P, k) is then generated for each user equipment UE by using an Elliptic Curve Diffie-Hellman (ECDH) algorithm, where the private key k ∈ Zn *Where n is the order of the subgroup; the public key P = kG, where G is the reference point of the subgroup. And meanwhile, storing the generated public key P, and sending the public and private key pair (P, k) and G of each user equipment back to the user equipment UE through a secure channel.
Step two: first User Equipment (UE)AFirst, a random number is selecteda∈Zn *Calculating pointsC 1=aGCalculating a valuer 1=x 1 modnWhereinx 1Is thatC 1X coordinate of (2), calculatings 1=a -1(ID A+r 1 k A)modnWherein, in the step (A),a -1is composed ofaDienThe inverse of the multiplication of (a),ID Afor the UEAIs determined by the identity of the user,k Afor the UEAFinally generating a first user equipment UEADigital signature ∂1=(r 1,s 1). The user equipment UE thenABroadcast message first messageM 1={ID A,∂1}。
Step three: when the second user equipment UEBReceiving to UEAAfter broadcasting the information, the UE nowBWant to with UEAConnection is established, then UEBFirst, a random number is selectedb∈Zn *Calculating pointsC 2=bGCalculating a valuer 2=x 2 modnWhereinx 2Is thatC 2X coordinate of (2), calculatings 2=b -1(ID B+r 2 k B)modnWhereinb -1Is composed ofbDienThe inverse of the multiplication of (a),ID Bfor the UEBIs determined by the identity of the user,k Bfor the UEBPrivate key, and finally generates a digital signature ∂2=(r 2,s 2). The D2D connection request message is then sent to the access and mobility management function AMF over the secure channel. Wherein the connection request message includes information that the UE is a UEBIdentity ID information ofID BSignature ∂2Time stampt 1And receiving to the UEAOf broadcast informationID AAnd ∂1。
Step four: slave UE when access and mobile management function AMFBAfter receiving the connection message, the timestamp is first verifiedt 1And if so, continuing. The access and mobility management function AMF will first check the temporary identity in the connection requestID A、ID BWhether it is legal. If they are legitimate, the access and mobility management function AMF will use the stored UEA,UEAPublic key and temporary identity pair signature ∂1,∂2And (6) carrying out verification. If the signature is legitimate, the request continues, otherwise, the request is denied.
If the authentication is passed, the access and mobility management function AMF first generates a random number R and then selects another random numberc∈Zn *Calculating pointsC 3=cGCalculating a valuer 3=x 3 modnWhereinx 3Is thatC 3X coordinate of (2), calculatings 3=c -1(R+r 3 x)modnWhereinc -1Is composed ofcDienThe inverse of the multiplication of (a),xthe digital signature ∂ is finally generated for the AMF's private key3=(r 3,s 3). Then time stampingt 2Random number ofR、UEBOf (2) a public keyP BAMF signature ∂3And sends it to UE together with its public key YANotifying UEAHaving a user equipment UE with which a connection is desiredB(ii) a Access and mobility management function AMF timestampst 3Random number ofR、UEAOf (2) a public keyP AAMF digital signature ∂3And sends it to UE together with its public key YBNotifying UEBMessages may be sent to connect to the UEA。
Step five: first User Equipment (UE)AAfter receiving the message sent by the access and mobile management function AMF, firstly verifying the time stampt 2And if so, continuing. UE (user Equipment)AVerifying signature ∂ by AMF public key Y and R3If the signature is legitimate, the request continues, otherwise, the request is denied. At this time, the UEAThe random value R is saved.
Step six: second user equipment UEBAfter receiving the message sent by the access and mobile management function AMF, firstly verifying the timestamp of the timestampt 3If legal, and if so, verify the signature ∂ by AMF public key Y and R3If the signature is legitimate, the request continues, otherwise, the request is denied. UE (user Equipment)BSelecting a random numberd∈Zn *And calculateC 4=dGCalculating a valueN 1=ID A⊕ID B⊕R⊕C 4Calculating a valuer 4=x 4 modnWhereinx 4Is thatC 4X coordinate of (2), calculatings 4=d -1(N 1+r 4 k B)modnWhereind -1Is composed ofdDienThe inverse of the multiplication of (a),k Bfor the UEBPrivate key, and finally generates a digital signature ∂4=(r 4,s 4). Then the message is sentM 2={ID B,∂4,C 4,t 4Is sent to UEA。
Step seven: when a first user equipment UEAReceiving a slave UEBAfter the message is sent, UEAFirst verifying a timestampt 4Whether the code is legal or not, and if the code is legal, continuing; UE (user Equipment)AGeneratingN 2=ID A⊕ID B⊕R⊕C 4Using UEBPublic key P ofBVerification ∂4. If the authentication is successful, the protocol continues, otherwise the connection is denied. UE (user Equipment)ASelecting a random numberh∈Zn *And calculateC 5=hGThen UEAGenerating session keysK 1=hdGCalculating a valueN 5=ID A⊕ID B⊕R⊕C 5⊕K 1Calculating a valuer 5=x 5 modnWhereinx 5Is thatC 5X coordinate of (2), calculatings 5=h -1(N 5+r 5 k A)modnWhereinh -1Is composed ofhDienMultiplication inverse of (k)AFor the UEAPrivate key, and finally generates a digital signature ∂5=(r 5,s 5). Then the message is sentM 3={ID A,∂5,C 5,t 5Is sent to UEB。
Step eight: when the second user equipment UEBReceiving a slave UEAAfter the transmitted message, the UEBFirst verifying a timestampt 5Whether the code is legal or not, and if the code is legal, continuing; UE (user Equipment)BFirst, a session key is generatedK 2=hdGThen generateN 6=ID A⊕ID B⊕R⊕C 5⊕K 2Use ofN 6And UEAPublic key P ofAVerification ∂5. If the verification is successful, it indicatesN 6AndN 5are equal, so that the UE can be determinedBWith user equipment UEAThe same session key is generated, otherwise the UEBThe connection is denied. User Equipment (UE)BBy session keyK 2Sending the generated feedback message to a first User Equipment (UE)AAnd completing the authentication between the first user equipment and the second user equipment. Last user equipment UEAWith user equipment UEBThe communication is performed by the same session key.
The present invention also provides a mobile terminal device security authentication system based on the elliptic curve algorithm, as shown in fig. 3, the mobile terminal device security authentication system based on the elliptic curve algorithm comprises:
the access and mobility management function module initialization module 301 is configured to generate a main private key and a main public key through an access and mobility management function module in the 5G network, generate a public and private key pair for each authenticated user equipment by using an elliptic curve algorithm, and store the public key of each user equipment.
A first user equipment broadcasting module 302, configured to generate a digital signature of the first user equipment by using an elliptic curve algorithm, and generate a first message from the digital signature and the identity ID for broadcasting; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1,s 1),r 1=x 1 modn,s 1=a -1(ID A+r 1 k A)modn,x 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aG,Gis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais the private key of the first user equipment.
A second user equipment request module 303, configured to generate a digital signature of the second user equipment by using an elliptic curve algorithm, generate a request message, and send the request message to the access and mobility management function module; the request message comprises the ID of the second user equipment and the digital signature of the second user equipmentName ∂2Time stampt 1The identity ID of the first user equipment and the digital signature of the first user equipment; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modn,s 2=b -1(ID B+r 2 k B)modn,x 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bG,bis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobility management function module verification module 304 is configured to verify the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment, respectively; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modn,s 3=c -1(R+r 3 x)modn,x 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cG,cis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF;
a first user device storage module 305, aA user device passes the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR;
A second user device verification module 306 for the second user device to pass the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dG,dis a random number, and is a random number,t 4a timestamp for the second message;
a first session key generation module 307, where the first user equipment verifies a digital signature of a message sent by a second user equipment through a public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hG,hIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG。
A second session key generation module 308, configured to verify, by the second user equipment, the digital signature of the message sent by the first user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
As a specific embodiment, in the mobile terminal device security authentication system based on the elliptic curve algorithm of the present invention, the access and mobility management function module verification module 301 specifically includes:
a time stamp verification unit for time stamp-pair by the access and mobility management function modulet 1Verifying the validity of the key;
an ID verification unit for verifying the ID when the time stamp is generatedt 1When the identity ID of the first user equipment and the identity ID of the second user equipment are legal, the access and mobile management functional module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment;
and the signature verification unit is used for verifying the digital signature of the first user equipment according to the stored public key of the first user equipment and verifying the digital signature of the second user equipment according to the stored public key of the second user equipment when the identity ID of the first user equipment and the identity ID of the second user equipment are both legal.
As a specific embodiment, in the mobile terminal device security authentication system based on an elliptic curve algorithm of the present invention, the second user equipment verification module 303 specifically includes:
a time stamp verification unit for time stamp of the second notification message by the second user equipmentt 3Verifying the validity of the key;
a signature verification unit for passing the master public key and the random number by the second user equipment when the time stamp is legalRThe digital signature of the AMF is verified.
As a specific embodiment, in the mobile terminal device security authentication system based on the elliptic curve algorithm, the digital signature of the message sent by the second user equipment is ∂4=(r 4,s 4),r 4=x 4 modn,s 4=d -1(N 1+r 4 k B)modn,x 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dG,dis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID A⊕ID B⊕R⊕C 4;
the first user equipment sends a message with a digital signature of ∂5=(r 5,s 5),r 5=x 5 modn,s 5=h -1(N 5+r 5 k A)modn,x 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hG,his a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID A⊕ID B⊕R⊕C 5⊕K 1 。
the method mainly aims at one-to-one equipment communication, and the user equipment firstly carries out identity Authentication through a 5G network Authentication protocol 5G Authentication and Key Agreement protocol (5G-Authentication and Key Agreement, 5G-AKA) and establishes a security channel. When the user equipment UE performs D2D communication, the user equipment UE performs authentication and key agreement with a neighboring device through an elliptic curve cryptography algorithm. It provides a secure device discovery, mutual Authentication and Key Agreement (AKA) mechanism. Secondly, it is resistant to common attacks such as eavesdropping, replay attacks and man-in-the-middle attacks, it also prevents casual attacks, and it also enables all resource-constrained devices to enjoy D2D communication, as it involves only a small performance overhead. In the using process of the invention, the user equipment can carry out D2D communication safely, conveniently and efficiently.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.
Claims (8)
1. A mobile terminal equipment safety certification method based on an elliptic curve algorithm is characterized by comprising the following steps:
an access and mobile management function module in the 5G network generates a main private key and a main public key, and generates a public and private key pair for each user device passing the authentication by using an elliptic curve algorithm, and stores the public key of each user device;
the first user equipment generates a digital signature of the first user equipment by using an elliptic curve algorithm, and generates a first message for broadcasting by using the digital signature and the identity ID; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1,s 1),r 1=x 1 modn,s 1=a -1(ID A+r 1 k A)modn,x 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aG,Gis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais a private key of the first user equipment;
the second user equipment generates a digital signature of the second user equipment by utilizing an elliptic curve algorithm, generates a request message and sends the request message to the access and mobile management function module; the request message includes the identity ID of the second user equipment, the digital signature ∂ of the second user equipment2Time stampt 1ID of first user equipment anda digital signature of a user device; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modn,s 2=b -1(ID B+r 2 k B)modn,x 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bG,bis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobile management function module respectively verifies the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modn,s 3=c -1(R+r 3 x)modn,x 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cG,cis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF; the access and mobility management function module verifies the digital signature of the first user equipment and the digital signature of the second user equipment according to the stored public key of the first user equipment and the stored public key of the second user equipment, and the method specifically includes: the jointInbound and mobility management function module pair time stampingt 1Verifying the validity of the key; if the time stampt 1If the identity ID of the first user equipment is legal, the access and mobile management function module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment; if the identity ID of the first user equipment and the identity ID of the second user equipment are both legal, the access and mobile management function module verifies the digital signature of the first user equipment according to the stored public key of the first user equipment and verifies the digital signature of the second user equipment according to the stored public key of the second user equipment;
the first user equipment passes the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR;
The second user equipment passes the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dG,dis a random number, and is a random number,t 4a timestamp for the second message;
the first user equipment verifies the digital signature of the message sent by the second user equipment through the public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hG,hIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG;
The second user equipment verifies the digital signature of the message sent by the first user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
2. The elliptic curve algorithm-based mobile terminal device security authentication method as claimed in claim 1, wherein the access and mobility management function module in the 5G network generates a master private key and a master public key, and further comprising:
initializing the system of the 5G network to generate the order ofnA subgroup of (a).
3. The elliptic curve algorithm-based mobile terminal device security authentication method as claimed in claim 1, wherein the second user device passes through a master public key and a random numberRVerifying the digital signature of the AMF, which specifically comprises the following steps:
time stamp of second notification message by the second user equipmentt 3Verifying the validity of the key;
if the second user equipment is legal, the second user equipment passes the master public key and the random numberRThe digital signature of the AMF is verified.
4. The elliptic curve algorithm-based mobile terminal equipment security authentication method as claimed in claim 1, wherein the digital signature of the message sent by the second user equipment is ∂4=(r 4,s 4),r 4=x 4 modn,s 4=d -1(N 1+r 4 k B)modn,x 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dG,dis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID A⊕ID B⊕R⊕C 4。
5. the elliptic curve algorithm-based mobile terminal equipment security authentication method as claimed in claim 1, wherein the digital signature of the message sent by the first user equipment is ∂5=(r 5,s 5),r 5=x 5 modn,s 5=h -1(N 5+r 5 k A)modn,x 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hG,his a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID A⊕ID B⊕R⊕C 5⊕K 1 。
6. a mobile terminal device security authentication system based on an elliptic curve algorithm is characterized by comprising:
the access and mobile management function module initialization module is used for generating a main private key and a main public key through the access and mobile management function module in the 5G network, generating a public and private key pair for each user device passing the authentication by utilizing an elliptic curve algorithm, and storing the public key of each user device;
the first user equipment broadcasting module is used for generating a digital signature of the first user equipment by utilizing an elliptic curve algorithm and generating a first message for broadcasting by the digital signature and the identity ID; wherein the first message isM 1={ID A,∂1},ID AIs the identity ID of the first user equipment, ∂1Is a digital signature of the first user equipment, ∂1=(r 1,s 1),r 1=x 1 modn,s 1=a -1(ID A+r 1 k A)modn,x 1Is thatC 1Is determined by the x-coordinate of (c),C 1=aG,Gis the reference point for the subgroup(s),nis the order of the sub-group,ais a random number, and is a random number,a -1is composed ofaDienThe inverse of the multiplication of (a),k Ais a private key of the first user equipment;
the second user equipment request module is used for generating a digital signature of the second user equipment by utilizing an elliptic curve algorithm, generating a request message and sending the request message to the access and mobile management function module; the request message includes the identity ID of the second user equipment, the digital signature ∂ of the second user equipment2Time stampt 1The identity ID of the first user equipment and the digital signature of the first user equipment; wherein the digital signature ∂ of the second user equipment2=(r 2,s 2),r 2=x 2 modn,s 2=b -1(ID B+r 2 k B)modn,x 2Is thatC 2Is determined by the x-coordinate of (c),C 2=bG,bis a random number, and is a random number,b -1is composed ofbDienThe inverse of the multiplication of (a),ID Bis the identity ID of the second user equipment,k Bis the private key of the second user equipment;
the access and mobile management functional module verification module is used for verifying the digital signature of the first user equipment and the digital signature of the second user equipment respectively by the access and mobile management functional module according to the stored public key of the first user equipment and the stored public key of the second user equipment; if the verification is passed, the access and mobile management functional module generates a digital signature of the AMF, generates a first notification message and sends the first notification message to the first user equipment, generates a second notification message and sends the second notification message to the second user equipment; the first notification message includes a timestampt 2Random number ofRPublic key of second user equipmentP BAMF digital signature ∂3And a master public key Y; the second notification message includes a timestampt 3Random number ofRPublic key of first user equipmentP AAMF digital signature ∂3And a master public key Y; wherein, ∂3=(r 3,s 3),r 3=x 3 modn,s 3=c -1(R+r 3 x)modn,x 3Is thatC 3Is determined by the x-coordinate of (c),C 3=cG,cis a random number, and is a random number,c -1is composed ofcDienThe inverse of the multiplication of (a),xis the private key of the AMF; the access and mobility management function module authentication module specifically includes: a time stamp verification unit for time stamp-pair by the access and mobility management function modulet 1Verifying the validity of the key; an ID verification unit for verifying the ID when the time stamp is generatedt 1When the identity ID of the first user equipment and the identity ID of the second user equipment are legal, the access and mobile management functional module verifies the legality of the identity ID of the first user equipment and the identity ID of the second user equipment; the signature verification unit is used for verifying the digital signature of the first user equipment according to the stored public key of the first user equipment and verifying the digital signature of the second user equipment according to the stored public key of the second user equipment when the identity ID of the first user equipment and the identity ID of the second user equipment are both legal;
a first user equipment storage module for the first user equipment to pass the master public key and the random numberRVerifying the digital signature of the AMF, and storing the random number after the verification is passedR;
A second user equipment verification module for the second user equipment to pass the master public key and the random numberRVerifying the digital signature of the AMF, generating a digital signature of a message sent by second user equipment by using an elliptic curve algorithm after the verification is passed, generating a second message and sending the second message to the first user equipment; the second message isM 2={ID B,∂4,C 4,t 4Wherein, ∂4Sending a digital signature of the message for the second user equipment,C 4=dG,dis a random number, and is a random number,t 4a timestamp for the second message;
the first session key generation module is used for verifying the digital signature of the message sent by the second user equipment by the first user equipment through a public key of the second user equipment; after the verification is passed, the first user equipment generates a first session key by using an elliptic curve algorithmK 1And a digital signature ∂ of the message sent by the first user equipment5Sending the generated verification message to the second user equipment through the first session key; the verification message isM 3={ID A,∂5,C 5,t 5},C 5=hG,hIs a random number, and is a random number,t 5a timestamp for the authentication message; first session keyK 1=hdG;
The second session key generation module is used for verifying the digital signature of the message sent by the first user equipment by the second user equipment through the public key of the first user equipment; after the verification is passed, the second user equipment generates a second session key which is the same as the first session key by using an elliptic curve algorithm, and feeds back the generated feedback message to the first user equipment through the second session key, thereby completing the authentication between the first user equipment and the second user equipment.
7. The elliptic curve algorithm-based mobile terminal device security authentication system as claimed in claim 6, wherein the second user equipment verification module specifically comprises:
a time stamp verification unit for time stamp of the second notification message by the second user equipmentt 3Verifying the validity of the key;
a signature verification unit for passing the master public key and the random number by the second user equipment when the time stamp is legalRThe digital signature of the AMF is verified.
8. Elliptic curve algorithm based on claim 6The mobile terminal equipment safety certification system is characterized in that the second user equipment sends a message with the digital signature of ∂4=(r 4,s 4),r 4=x 4 modn,s 4=d -1(N 1+r 4 k B)modn,x 4Is thatC 4Is determined by the x-coordinate of (c),C 4=dG,dis a random number, and is a random number,d -1is composed ofdDienThe inverse of the multiplication of (a),N 1=ID A⊕ID B⊕R⊕C 4;
the first user equipment sends a message with a digital signature of ∂5=(r 5,s 5),r 5=x 5 modn,s 5=h -1(N 5+r 5 k A)modn,x 5Is thatC 5Is determined by the x-coordinate of (c),C 5=hG,his a random number, and is a random number,h -1is composed ofhDienThe inverse of the multiplication of (a),N 5=ID A⊕ID B⊕R⊕C 5⊕K 1 。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110427184.XA CN112822025B (en) | 2021-04-21 | 2021-04-21 | Mobile terminal equipment security authentication method and system based on elliptic curve algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110427184.XA CN112822025B (en) | 2021-04-21 | 2021-04-21 | Mobile terminal equipment security authentication method and system based on elliptic curve algorithm |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112822025A CN112822025A (en) | 2021-05-18 |
CN112822025B true CN112822025B (en) | 2021-07-02 |
Family
ID=75862508
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110427184.XA Active CN112822025B (en) | 2021-04-21 | 2021-04-21 | Mobile terminal equipment security authentication method and system based on elliptic curve algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112822025B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109768861A (en) * | 2019-01-24 | 2019-05-17 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019183794A1 (en) * | 2018-03-27 | 2019-10-03 | Apple Inc. | Subscriber identity privacy protection and network key management |
-
2021
- 2021-04-21 CN CN202110427184.XA patent/CN112822025B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109768861A (en) * | 2019-01-24 | 2019-05-17 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
Also Published As
Publication number | Publication date |
---|---|
CN112822025A (en) | 2021-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020177768A1 (en) | Network verification method, apparatus, and system | |
US10841784B2 (en) | Authentication and key agreement in communication network | |
US8578164B2 (en) | Method of one-way access authentication | |
US20110320802A1 (en) | Authentication method, key distribution method and authentication and key distribution method | |
Sun et al. | Privacy-preserving device discovery and authentication scheme for D2D communication in 3GPP 5G HetNet | |
WO2012174959A1 (en) | Group authentication method, system and gateway in machine-to-machine communication | |
CN111970699B (en) | Terminal WIFI login authentication method and system based on IPK | |
CN111565169B (en) | Cloud edge authentication method under mobile edge computing architecture, electronic equipment and storage medium | |
WO2019001169A1 (en) | Pmipv6 authentication system and method for identity-based proxy group signature | |
CN112804680B (en) | Mobile terminal equipment safety authentication method and system based on chaotic mapping | |
CN112602290B (en) | Identity authentication method and device and readable storage medium | |
WO2012003689A1 (en) | Distributed dynamic key management methods and apparatuses | |
CN112333705B (en) | Identity authentication method and system for 5G communication network | |
WO2023283789A1 (en) | Secure communication method and apparatus, terminal device, and network device | |
Zhu et al. | Research on authentication mechanism of cognitive radio networks based on certification authority | |
CN111669275A (en) | Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment | |
CN112822018B (en) | Mobile equipment security authentication method and system based on bilinear pairings | |
CN112822025B (en) | Mobile terminal equipment security authentication method and system based on elliptic curve algorithm | |
CN112887979A (en) | Network access method and related equipment | |
Ming et al. | A secure one-to-many authentication and key agreement scheme for industrial IoT | |
Li et al. | Fast authentication for mobile clients in wireless mesh networks | |
Fanian et al. | A symmetric polynomial–based mutual authentication protocol for GSM networks | |
Li et al. | Fast authentication for mobility support in wireless mesh networks | |
Liu et al. | The Wi-Fi device authentication method based on information hiding | |
CN117499920A (en) | Authentication method, device and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |