Processing

Please wait...

Settings

Settings

Goto Application

1. CN112533202 - Identity authentication method and device

Office
China
Application Number 201910815346.X
Application Date 30.08.2019
Publication Number 112533202
Publication Date 19.03.2021
Publication Kind A
IPC
H04W 12/06
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
06Authentication
H04W 12/08
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
08Access security
H04W 12/041
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
04Key management
041Key generation or derivation
H04L 9/08
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
08Key distribution
H04L 9/32
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system
H04L 29/06
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
H04L 9/0866
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
0866involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
H04L 9/3242
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3236using cryptographic hash functions
3242involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
H04L 63/0414
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0407wherein the identity of one or more communicating identities is hidden
0414during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
H04L 63/0869
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
0869for achieving mutual authentication
H04L 63/1458
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1441Countermeasures against malicious traffic
1458Denial of Service
H04W 12/06
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements; Authentication; Protecting privacy or anonymity
06Authentication
Applicants HUAWEI TECHNOLOGIES CO., LTD.
华为技术有限公司
Inventors JIANG WEIYU
江伟玉
LIU BINGYANG
刘冰洋
WAN JUNJIE
万俊杰
Agents 北京三高永信知识产权代理有限责任公司 11138
Title
(EN) Identity authentication method and device
(ZH) 身份鉴别方法及装置
Abstract
(EN)
The invention provides an identity authentication method and device, and belongs to the technical field of communication. According to the scheme provided by the invention, the terminal equipment sends the network access request carrying the temporary privacy identity identifier to the network equipment when having the network access requirement, and performs message interaction and verification with the network equipment according to the verification key corresponding to the temporary privacy identity identifier, and therefore the identity authentication process is completed. The network device can identify the anonymous identity of the user without maintaining an identity database, it can be guaranteed that privacy of the user is not leaked, meanwhile, due to the fact that the network device can filter out false request packets on the front side of the identity management server in the identity identification process, and the processing pressure of the network device is greatly reduced. In this way, a large number of processing resources are prevented from being occupied, processing of normal request packets is not affected, and normal operation of network services can be guaranteed.

(ZH)
本申请提供了一种身份鉴别方法及装置,属于通信技术领域。本申请提供的方案,通过终端设备在有网络接入需求时,向网络设备发送携带有临时隐私身份标识的接入网络请求,并根据该临时隐私身份标识对应的验证密钥,来与网络设备之间进行消息交互和验证,从而完成身份鉴别流程,而网络设备无需维护身份资料库就能够实现对用户匿名身份的鉴别,能够保证用户隐私不被泄露,同时,由于网络设备在身份鉴别过程中可以在身份管理服务器前侧即过滤掉虚假请求包,大大降低了网络设备的处理压力,也就避免了处理资源大量被占用,不会影响对正常请求包进行处理,能够保证网络服务的正常运行。

Also published as