Method, system and authentication centre for authenticating in end-to-end communications based on a mobile network
First Claim
1. A method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an Entity Authentication Centre, EAC, the method comprising:
- negotiating an authentication mode between the first service entity and the EAC, wherein the negotiated authentication mode comprises;
an authentication mechanism between the first service entity and the EAC, an authentication mechanism between the second service entity and the EAC, a mechanism of authentication inquiring, a mechanism for generating a derived key, and an authentication mechanism between the first service entity and the second service entity;
performing a mutual authentication between the EAC and the first service entity according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode, and performing a mutual authentication between the EAC and the second service entity according to the authentication mechanism between the second service entity and the EAC comprised in the negotiated authentication mode;
if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode, and generating a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating a derived key comprised in the negotiated authentication mode; and
the first service entity and the second service entity authenticating each other according to the shared derived key and the authentication mechanism between the first service entity and the second service entity comprised in the negotiated authentication mode, and generating a session key for protecting the service.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.
-
Citations
20 Claims
-
1. A method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an Entity Authentication Centre, EAC, the method comprising:
-
negotiating an authentication mode between the first service entity and the EAC, wherein the negotiated authentication mode comprises;
an authentication mechanism between the first service entity and the EAC, an authentication mechanism between the second service entity and the EAC, a mechanism of authentication inquiring, a mechanism for generating a derived key, and an authentication mechanism between the first service entity and the second service entity;performing a mutual authentication between the EAC and the first service entity according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode, and performing a mutual authentication between the EAC and the second service entity according to the authentication mechanism between the second service entity and the EAC comprised in the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode, and generating a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating a derived key comprised in the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the authentication mechanism between the first service entity and the second service entity comprised in the negotiated authentication mode, and generating a session key for protecting the service. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of authentication inquiring, applied to a system comprising a first service entity requesting a service, a second service entity providing the service and an Entity Authentication Centre (EAC), wherein, a mutual authentication between the first service entity and the EAC is performed and a mutual authentication between the second service entity and the EAC is performed, the EAC allocates temporary identities respectively for the first service entity and the second service entity and acquires the shared key materials respectively for protecting the communications with the first service entity and the second service entity, and with the EAC, the first service entity negotiates an authentication mode comprising a mechanism of authentication inquiring and a mechanism for generating a derived key;
- the method comprising;
if the first service entity requests the service, authenticating, by the EAC, the authorities of the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode; and generating, by the EAC, a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating a derived key comprised in the negotiated authentication mode, wherein the shared derived key is used for authenticating each other between the first service entity and the second service entity. - View Dependent Claims (8, 9, 10, 11, 12)
- the method comprising;
-
13. A system for authenticating in end-to-end communications based on a mobile network, comprising a first service entity requesting a service, a second service entity providing a service and an Entity Authentication Centre (EAC), wherein,
the first service entity is configured to negotiate with the EAC an authentication mode, wherein the authentication mode comprises: - an authentication mechanism between the first service entity and the EAC, an authentication mechanism between the second service entity and the EAC, a mechanism of authentication inquiring, a mechanism for generating a derived key, and an authentication mechanism between the first service entity and the second service entity, to perform a mutual authentication between the first service entity and the EAC according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode, to request a service from the second service entity, and to perform a mutual authentication between the first service entity and the second service entity according to the shared derived key for protecting the communication between the first service entity and the second service entity according to according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode;
the second service entity is configured to perform a mutual authentication between the second service entity and the EAC according to the authentication mechanism between the second service entity and the EAC comprised in the negotiated authentication mode, and to perform the mutual authentication between the second service entity and the first service entity according to the shared derived key for protecting the communication between the first service entity and the second service entity according to the authentication mechanism between the first service entity and the second service entity comprised in the negotiated authentication mode if the first service entity requests the service; and the EAC is configured to respectively perform the mutual authentication between the EAC and the first service entity according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode, and perform the mutual authentication between the EAC and the second service entity according to the authentication mechanism between the second service entity and the EAC comprised in the negotiated authentication mode, to provide an authentication inquiring for the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode and to generate the shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating a derived key comprised in the negotiated authentication mode. - View Dependent Claims (14, 15)
- an authentication mechanism between the first service entity and the EAC, an authentication mechanism between the second service entity and the EAC, a mechanism of authentication inquiring, a mechanism for generating a derived key, and an authentication mechanism between the first service entity and the second service entity, to perform a mutual authentication between the first service entity and the EAC according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode, to request a service from the second service entity, and to perform a mutual authentication between the first service entity and the second service entity according to the shared derived key for protecting the communication between the first service entity and the second service entity according to according to the authentication mechanism between the first service entity and the EAC comprised in the negotiated authentication mode;
-
16. A system of authentication inquiring, comprising a first service entity requesting a service, a second service entity providing the service and an Entity Authentication Centre (EAC), wherein,
the first service entity is configured to negotiate with the EAC an authentication mode which comprises a mechanism of authentication inquiring and a mechanism for generating a derived key; - and
the EAC is configured to, when the first service entity requests the service, authenticate the authorities of the first service entity and the second service entity according to the mechanism of authentication inquiring comprised in the negotiated authentication mode, and to generate a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating the derived key comprised in the negotiated authentication mode. - View Dependent Claims (17)
- and
-
18. An authentication centre, comprising:
-
a first module, configured to negotiate an authentication mode between a first service entity and the authentication centre, wherein the authentication mode comprises;
an authentication mechanism between the first service entity and the authentication centre, an authentication mechanism between a second service entity and the authentication centre, a mechanism of authentication inquiring, a mechanism for generating a serviced key, and an authentication mechanism between the first service entity and the second service entity;a second module, configured to authenticate the first service entity and the second service entity respectively according to the corresponding authentication mechanism comprised in the authentication mode negotiated by the first module; and a third module, configured to, when the service entity requests the service, provide authentication inquiring for the service entity requesting the service and the service entity providing the service according to the mechanism of authentication inquiring, and to calculate a shared derived key for protecting the communication between the first service entity and the second service entity according to the mechanism for generating a derived key comprised in the authentication mode negotiated by the first module. - View Dependent Claims (19, 20)
-
Specification