Authentication and key agreement in communication network
US-2018376318-A1 · Dec 27, 2018 · US
Message authentication method and communication method of communication network system, and communication network system
US11375369B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11375369-B2 |
| Application number | US-201816770621-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 7, 2018 |
| Priority date | Dec 8, 2017 |
| Publication date | Jun 28, 2022 |
| Grant date | Jun 28, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A message authentication and communication method for a communication network system comprises: the access control device receiving a communication establishment request sent by the first mobile apparatus; the access control device sending a communication mutual authentication request to the authentication server in response to the communication establishment request; the access control device receiving a mutual authentication response message sent by the authentication server in response to the communication mutual authentication request; the access control device authenticating the mutual authentication response message; when the mutual authentication response message is authenticated successfully, the access control device sending a mutual authentication message to the first mobile apparatus. And the hash chain mechanism and the access control device are used in conjunction with the authentication server to implement the distribution and decentralization of authentication functions, thereby reducing the load of the authentication server and improving the efficiency of authentication.
First claim
Opening claim text (preview).
What is claimed is: 1. A message authentication method of a communication network system, wherein the communication network system comprises an authentication server, an access control device and a plurality of mobile apparatuses, the plurality of mobile apparatuses comprise a first mobile apparatus and a second mobile apparatus, and the message authentication method comprises: the access control device receiving a communication establishment request sent by the first mobile apparatus; the access control device sending a communication mutual authentication request to the authentication server in response to the communication establishment request, the access control device receiving a mutual authentication response message sent by the authentication server in response to the communication mutual authentication request; the access control device authenticating the mutual authentication response message; when the mutual authentication response message is authenticated successfully, the access control device sending a mutual authentication message to the first mobile apparatus; and wherein the mutual authentication response message comprises a first initial authentication key encrypted by a public key of the access control device, a second initial authentication key encrypted by the public key of the access control device, an identification number of the authentication server, a random number r s , a message sequence number and a first message authentication information; wherein the first message authentication information comprises a first characteristic hash value and a first digital signature formed by encrypting the first characteristic hash value with a private key of the authentication server; the first characteristic hash value is obtained by hashing an input of the first initial authentication key, the second initial authentication key, the identification number of the authentication server, the random number r s and the message sequence number, the step of the access control device authenticating the mutual authentication response message comprises: the access control device authenticating the first digital signature of the first message authentication information with a public key of the authentication server; when the first message authentication information is authenticated successfully, the access control device decrypting the first initial authentication key encrypted by the public key of the access control device with a private key, and acquiring a decrypted first initial authentication key; the access control device decrypting the second initial authentication key encrypted by the public key of the access control device with the private key, and acquiring a decrypted second initial authentication key; the access control device calculating hash value obtained by hashing an input of the decrypted first initial authentication key, the decrypted second initial authentication key, the identification number of the authentication server, the random number r s and the message sequence number, and acquiring a second characteristic hash value, the access control device determining whether the first characteristic hash value is consistent with the second characteristic hash value; when the first characteristic hash value is consistent with the second characteristic hash value, the access control device determining that the mutual authentication response message is authenticated successfully. 2. The message authentication method according to claim 1 further comprising: calculating the first initial authentication key according to a first root key and the random number r s ; and/or, calculating the second initial authentication key according to a second root key and the random number r s . 3. The message authentication method according to claim 1 , further comprising: generating a first authentication key sequence according to the first initial authentication key and a random number r a ; extracting a first authentication key from the first authentication key sequence. 4. The message authentication method according to claim 1 , further comprising: generating a second authentication key sequence according to the second initial authentication key and a random number r a ; extracting a second authentication key from the second authentication key sequence. 5. An access control device, wherein, the access control device is applied to a communication network system, the communication network system comprises an authentication server, the access control device and a plurality of mobile apparatuses, the plurality of mobile apparatuses comprise a first mobile apparatus and a second mobile apparatus, and the access control device comprises: a memory, wherein instructions are stored on the memory; and a processor configured to execute the instructions to perform the message authentication method according to claim 1 . 6. The access control device according to claim 5 , wherein, the mutual authentication response message comprises a first initial authentication key encrypted by a public key of the access control device, a second initial authentication key encrypted by the public key of the access control device, an identification number of the authentication server, a random number r s , a message sequence number and a first message authentication information; wherein the first authentication information comprises a first characteristic hash value and a first digital signature formed by encrypting the first characteristic hash value with a private key of the authentication server; the first characteristic hash value is obtained by hashing the input of the first initial authentication key, the second initial authentication key, the identification number of the authentication server, the random number r s and the message sequence number; the message authentication further comprises: authenticating the first digital signature of the first message authentication information with the public key of the authentication server; when the first message authentication information is authenticated successfully, decrypting the first initial authentication key encrypted by a public key of the access control device with a private key, and acquiring a decrypted first initial authentication key; decrypting the second initial authentication key encrypted by a public key of the access control device with the private key, and acquiring a decrypted second initial authentication key, calculating hash value obtained by hashing the input of the decrypted first initial authentication key, the decrypted second initial authentication key, the identification number of the authentication server, the random number r s and the message sequence number, and acquiring a second characteristic hash value; determining whether the first characteristic hash value is consistent with the second characteristic hash value; when the first characteristic hash value is consistent with the second characteristic hash value, determining that the mutual authentication response message is authenticated successfully. 7. A communication network system using the message authentication method according to claim 1 , comprising an authentication server, an access control device and a plurality of mobile apparatuses, the plurality of mobile apparatuses comprise a first mobile apparatus and a second mobile apparatus; wherein, the first mobile apparatus is configured to send a communication establishment request to the access control device, the access control device is configured to send a communication mutual authentication request to the authentication server in response to the communication establishment request; the authentication server is configured to authenticate the communication mutual authentication requ
Assignees
Inventors
Classifications
Wireless · CPC title
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
for mutual authentication (network architectures or network communication protocols for achieving mutual authentication in a packet data network H04L63/0869) · CPC title
of the user plane, e.g. user's traffic · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11375369B2 cover?
- A message authentication and communication method for a communication network system comprises: the access control device receiving a communication establishment request sent by the first mobile apparatus; the access control device sending a communication mutual authentication request to the authentication server in response to the communication establishment request; the access control device …
- Who is the assignee on this patent?
- Datang mobile communications equipment co ltd
- What technology area does this patent fall under?
- Primary CPC classification H04W12/043. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 28 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).