| 摘要 |
A method for mutual authentication between a subscriber and a communications network, in which a random number is generated at the subscriber's terminal. The random number is sent to the authentication sub-system managing the authentication of the subscriber for the access to the network, e.g., together with a subscriber's identifier. At the authentication sub-system, the identifier is used for checking the credentials of the subscriber. During the authentication process, parameters related to the subscriber's identifier are generated at the authentication sub-system, and the random number is encrypted using a session key formed using such parameters. The encrypted random number is then sent back to the subscriber's terminal, together with information needed to terminal in order to reconstruct the session key. After having reconstructed the session key, the subscriber's terminal decrypts the random number and checks matching with its generated random number. The matching between the two numbers allows the verification, by the subscriber, that the access point to which he/she is connecting is not a fake access point. |
