METHOD, SYSTEM AND AUTHENTICATION CENTRE FOR AUTHENTICATING IN END-TO-END COMMUNICATIONS BASED ON A MOBILE NETWORK
First Claim
1. A method of authentication inquiring, wherein the method is applied to a system comprising a first service entity requesting a service, a second service entity providing the service and an EAC, wherein, a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC are respectively performed, the EAC allocates an Interim Service Request Identifier (ISR-ID) to the first service entity and an Interim Authentication Check Identifier (IAC-ID) to the second service entity and acquires the shared key materials respectively for protecting the communications with the first service entity and the second service entity;
- the method comprising;
issuing, by the first service entity, a service request to the second service entity, the service request includes the ISR-ID acquired by the first service entity in the authentication with the EAC;
searching, by the second service entity upon receiving the service request, whether there is the ISR-ID of the first service entity stored locally to identify the first service entity, if not, the second service entity sends an authentication inquiring request to the EAC and carries the ISR-ID of the first service entity and the IAC-ID of the second service entity;
generating, by the EAC upon receiving the authentication inquiring request, a derived key for the first service entity and the second service entity when it is decided that the IAC-ID is valid and the second service entity is entitled to provide the service besides the ISR-ID is valid and the first service entity is entitled to request the service;
returning, by the EAC, to the second service entity an authentication inquiring response which carries the derived key which is acquired by enciphering the shared key material of the second entity and the EAC;
acquiring, by the second service entity, the derived key from the authentication inquiring response by decrypting;
returning, by the second service entity, a service request response to the first service entity;
calculating, by the first service entity, the same derived key by using the same parameters and algorithm used by the EAC.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention discloses a method for authenticating in end-to-end communications based on a mobile network, applied to a system including a first service entity requesting a service, a second service entity providing the service and an entity authentication centre, EAC; respectively performing a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC according to the negotiated authentication mode; if the first service entity requests the second service entity to provide the service, the EAC providing authentication inquiring for the first service entity and the second service entity according to the negotiated authentication mode, and generating a shared derived key according to the negotiated authentication mode; and the first service entity and the second service entity authenticating each other according to the shared derived key and the negotiated authentication mode, and generating a session key for protecting the service.
74 Citations
6 Claims
-
1. A method of authentication inquiring, wherein the method is applied to a system comprising a first service entity requesting a service, a second service entity providing the service and an EAC, wherein, a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC are respectively performed, the EAC allocates an Interim Service Request Identifier (ISR-ID) to the first service entity and an Interim Authentication Check Identifier (IAC-ID) to the second service entity and acquires the shared key materials respectively for protecting the communications with the first service entity and the second service entity;
- the method comprising;
issuing, by the first service entity, a service request to the second service entity, the service request includes the ISR-ID acquired by the first service entity in the authentication with the EAC; searching, by the second service entity upon receiving the service request, whether there is the ISR-ID of the first service entity stored locally to identify the first service entity, if not, the second service entity sends an authentication inquiring request to the EAC and carries the ISR-ID of the first service entity and the IAC-ID of the second service entity; generating, by the EAC upon receiving the authentication inquiring request, a derived key for the first service entity and the second service entity when it is decided that the IAC-ID is valid and the second service entity is entitled to provide the service besides the ISR-ID is valid and the first service entity is entitled to request the service; returning, by the EAC, to the second service entity an authentication inquiring response which carries the derived key which is acquired by enciphering the shared key material of the second entity and the EAC; acquiring, by the second service entity, the derived key from the authentication inquiring response by decrypting; returning, by the second service entity, a service request response to the first service entity; calculating, by the first service entity, the same derived key by using the same parameters and algorithm used by the EAC. - View Dependent Claims (2, 3)
- the method comprising;
-
4. A system for authenticating inquiring, wherein the system comprises:
-
a first service entity requesting a service, a second service entity providing the service and an EAC, wherein, a mutual authentication between the first service entity and the EAC and that between the second service entity and the EAC are respectively performed, the EAC allocates an Interim Service Request Identifier (ISR-ID) to the first service entity and an Interim Authentication Check Identifier (IAC-ID) to the second service entity and acquires the shared key materials respectively for protecting the communications with the first service entity and the second service entity; the first service entity is configured to issue a service request to the second service entity, the service request includes the ISR-ID acquired by the first service entity in the authentication with the EAC; the second service entity is configured to search whether there is the ISR-ID of the first service entity stored locally to identify the first service entity upon receiving the service request, if not, the second service entity sends an authentication inquiring request to the EAC and carries the ISR-ID of the first service entity and the IAC-ID of the second service entity; the EAC is configured to generate a derived key for the first service entity and the second service entity when it is decided that the IAC-ID is valid and the second service entity is entitled to provide the service besides the ISR-ID is valid and the first service entity is entitled to request the service upon receiving the authentication inquiring request; the EAC is further configured to return to the second service entity an authentication inquiring response which carries the derived key which is acquired by enciphering the shared key material of the second entity and the EAC; the second service entity is further configured to acquire the derived key from the authentication inquiring response by decrypting; the second service entity is further configured to return a service request response to the first service entity; the first service entity is further configured to calculate the same derived key by using the same parameters and algorithm used by the EAC. - View Dependent Claims (5, 6)
-
Specification