Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Access authentication method and system in mobile communication network

A mobile communication and access authentication technology, applied in the field of mobile communication, can solve the problems of inability to do reasonable prevention, man-in-the-middle attacks, attacks, etc.

Inactive Publication Date: 2011-04-27
ZTE CORP
View PDF3 Cites 34 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, if this kind of authentication is used in a network based on IP interconnection, since there may be multiple paths connected between the two networks of the IP network, if an intermediate node of one path is not safe enough, as the intermediate forwarding node in the path is modified Passed authentication parameters may form a man-in-the-middle attack, such as figure 1 shown
[0006] exist figure 1 Among them, if the IP network is used for transmission between the SGSN and the HLR, during the transmission process, if one of the intermediate nodes MN (such as a router) is a malicious node, the intermediate node MN intercepts the authentication message sent by the SGSN to the HLR, and sends the SGSN’s authentication message to the HLR. The SGSN routing information in the UE registration message sent to the HLR is changed to the route of the malicious node SGSN_mal, so that after the modification of the intermediate node MN, although the user registration can still succeed, the user access location recorded by the HLR is SGSN_mal instead of SGSN, In this way, if other users send data to the UE, the access server where the other users are located needs to query the HLR for the current location of the UE, but the routing information of the UE access point returned by the HLR is the information of the malicious node SGSN_mal, so it should have been forwarded to the SGSN The data packet for UE is sent to SGSN_mal, which leads to a typical man-in-the-middle attack
[0007] It can be seen from the above that under the WCDMA authentication mechanism, because the AKA authentication does not protect the routing information of the access point SGSN, the HLR, the terminal, and even the ASN do not know whether there is a man-in-the-middle attack, so reasonable prevention cannot be done.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access authentication method and system in mobile communication network
  • Access authentication method and system in mobile communication network
  • Access authentication method and system in mobile communication network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0073] Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0074] When the UE accesses the network, it must first pass the authentication of the Access Service Node (ASN: Access Service Node). Since the mobile user UE often roams from one access point to another, the ASN and The identity location register (ILR Identity Location Register, ILR) that stores user identity information and location information is often not in the same place. When the two are located in different areas and are interconnected through IP networks or other data networks, background technology figure 1 The man-in-the-middle attack described in .

[0075] The authentication method described in this embodiment at least includes authentication of the UE by the ILR, and may further include authentication of the ILR by the UE and authentication of the ILR by the ASN.

[0076] Among them, the ILR authentication of the UE can ensure t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an access authentication method in a mobile communication network. The method comprises the following steps that: a user terminal generates a random number RANDUE, and acquires a random number RANDILR generated by route identification (RID) and an identity location register (ILR) of an access service node (ASN) in a network when needing to perform authentication; the user terminal calculates to obtain an authentication result RES2ILR by using a pre-shared key K1 and sends the RES2ILR to the ASN; the ASN generates a random number RANDASN and sends the RES2ILR and the random number RANDASN to the ILR; and the ILR calculates to obtain an authentication result XRES2ILR by using the pre-shared key K1 and compares the XRES2ILR with the received RES2ILR; and if the XRES2ILR is consistent with the RES2ILR, the access authentication is successful. Correspondingly, the invention also provides a system for implementing the method. Through the method and the system, Man-in-the-Middle attacks caused by an unreliable network can be effectively avoided.

Description

technical field [0001] The invention relates to the field of mobile communication, in particular to a method and system for access authentication in a mobile communication network. Background technique [0002] Access authentication is a basic requirement for the safe and normal operation of a communication network. Using access authentication, the network can correctly identify user identities, and endow legitimate users with contracted service capabilities, prevent other users from stealing services, and ensure the correctness of billing . [0003] At present, the AKA (Authentication and Key Agreement) authentication method adopted by WCDMA (Wideband Code Division Multiple Access, Wideband Code Division Multiple Access) is one of the relatively complete authentication methods, and WCDMA authentication adopts the shared key method , there is a shared key K between the USIM (Universal Subscriber Identity Module) card of the user terminal and the HLR (Home Location Register,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04W12/06H04L9/32H04W12/069H04W12/122
CPCH04L63/107H04W12/06H04W12/122H04W12/126H04W12/069
Inventor 张世伟符涛吴强
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com