METHOD, SYSTEM AND AUTHENTICATION CENTRE FOR AUTHENTICATING IN END-TO-END COMMUNICATIONS BASED ON A MOBILE NETWORK
First Claim
1. A method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC, the method comprising:
- negotiating an authentication mode between the first service entity and the EAC, wherein the negotiated authentication mode comprises;
an authentication mechanism between the first service entity and the EAC, an authentication mechanism between the second service entity and the EAC, a mechanism of authentication inquiring, a mechanism for generating a derived key, and an authentication mechanism between the first service entity and the second service entity;
performing a mutual authentication between the EAC and the first service entity according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode, and performing a mutual authentication between the EAC and the second service entity according to the authentication mechanism between the second service entity and the EAC comprised in the negotiated authentication mode;
if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode, and generating a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating a derived key comprised in the negotiated authentication mode; and
the first service entity and the second service entity authenticating each other according to the shared derived key and the authentication mechanism between the first service entity and the second service entity comprised in the negotiated authentication mode, and generating a session key for protecting the service.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.
-
Citations
27 Claims
-
1. A method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC, the method comprising:
-
negotiating an authentication mode between the first service entity and the EAC, wherein the negotiated authentication mode comprises;
an authentication mechanism between the first service entity and the EAC, an authentication mechanism between the second service entity and the EAC, a mechanism of authentication inquiring, a mechanism for generating a derived key, and an authentication mechanism between the first service entity and the second service entity;performing a mutual authentication between the EAC and the first service entity according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode, and performing a mutual authentication between the EAC and the second service entity according to the authentication mechanism between the second service entity and the EAC comprised in the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode, and generating a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating a derived key comprised in the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the authentication mechanism between the first service entity and the second service entity comprised in the negotiated authentication mode, and generating a session key for protecting the service. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for authenticating service entities, applied to a service entity and an EAC, comprising:
-
negotiating an authentication mode between the service entity and the EAC, wherein the negotiated authentication mode comprises an authentication mechanism between the service entity and the EAC; and performing a mutual authentication between the service entity and the EAC according to the authentication mechanism comprised in the negotiated authentication mode. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of authentication inquiring, applied to a system comprising a first service entity requesting a service, a second service entity providing the service and an EAC, wherein, a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC are respectively performed, the EAC allocates temporary identities respectively for the first service entity and the second service entity and acquires the shared key materials respectively for protecting the communications with the first service entity and the second service entity, and with the EAC, the first service entity negotiates an authentication mode comprising a mechanism of authentication inquiring and a mechanism for generating a derived key;
- the method comprising;
if the first service entity requests the service provided by the second service entity, authenticating authorities of the first service entity and the second service entity according to the temporary identities of the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode; and calculating a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating the derived key comprised in the negotiated authentication mode, the temporary identities of the first service entity and the second service entity, and the shared key material for protecting the communication with the first service entity. - View Dependent Claims (12, 13, 14, 15, 16)
- the method comprising;
-
17. A system for authenticating in end-to-end communications based on a mobile network, comprising a first service entity requesting a service, a second service entity providing a service and an EAC, wherein,
the first service entity is configured to negotiate with the EAC an authentication mode comprising at least one mechanism related with authentication, to perform a mutual authentication between the first service sentity and the EAC according to the negotiated authentication mode, to request a service from the second service entity, and to perform a mutual authentication between the first service entity and the second service entity according to the shared derived key for protecting the communication between the first service entity and the second service entity according to the negotiated authentication mode; -
the second service entity is configured to authenticate the EAC according to the negotiated authentication mode, and to perform the mutual authentication between the second service entity and the first service entity according to the shared derived key for protecting the communication between the first service entity and the second service entity according to the negotiated authentication mode if the first service entity requests the service; and the EAC is configured to respectively perform the mutual authentication between the EAC and the first service entity and that between EAC and the second service entity according to the negotiated authentication mode, and when the first service requests the service, to provide an authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode and to generate the shared derived key for protecting the communication between the first service entity and the second service entity. - View Dependent Claims (18, 19)
-
-
20. A system for authenticating service entities, comprising a service entity and an EAC, wherein,
the service entity is configured to negotiate with the EAC an authentication mode which comprises an authentication mechanism between the service entity and the EAC, and perform a mutual authentication between the service entity and the EAC according to the authentication mechanism comprised in the negotiated authentication mode.
-
22. A system of authentication inquiring, comprising a first service entity requesting a service, a second service entity providing the service and an EAC, wherein,
the first service entity is configured to negotiate with the EAC an authentication mode which comprises a mechanism of authentication inquiring and a mechanism for generating a derived key; - and
the EAC is configured to, when the first service entity requests the service, authenticate the authorities of the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode, and to generate a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating the derived key comprised in the negotiated authentication mode. - View Dependent Claims (23)
- and
-
24. An authentication centre, comprising:
-
a first module, configured to negotiate an authentication mode of a service entity, wherein the authentication mode comprises an authentication mechanism between the service entity and the authentication centre; and a second module, configured to authenticate the service entity according to the authentication mechanism comprised in the authentication mode negotiated by the first module. - View Dependent Claims (25, 26, 27)
-
Specification