| 摘要 |
<p>An authentication system of a terminal on a public switched telephone network comprises a security node associated with a local exchange (10) and a network terminal (14). For one-way authentication, the terminal (14) responds to a call initiation by sending a unique authentication code (R) comprising a number (m) and a secret key (Sj) encrypted according to a first algorithm (F), the secret key being specific to the terminal. The security node constructs the expected authentication code (E) from the number (m), using the first algorithm (F) and a second key which is a function of a terminal identification number (TN), and compares the expected code (E) with the received code (R). In two-way authentication, the security node responds to the call initiation by sending a transaction number (n) to the terminal (14) encrypted according to a second algorithm (fj). The terminal (14) generates the authentication code (R) as a function of the first algorithm (F), the secret key (Sj) and the transaction number (n). The authentication code (R) is sent back to the security node. An expected code (E) is compared with the received one (R) in the same way. In both cases, a match between expected and received authentication codes (E and R) constitutes authentication of the terminal (14), allowing the user access to the network.</p> |
