公开(公告)号：US06574730B1

公开(公告)日：2003-06-03

申请号：US08797699

申请日：1997-02-11

Applicant: Robert Andrew Bissell ,  Kevin Paul Bosworth ,  Michael John Britnell ,  Peter Maxwell Harding ,  Richard Middleton Hicks ,  Jonathan James Kingan ,  Michael Victor Meyerstein ,  Keith Eric Nolde ,  John Rabson ,  Jonathan Crispin Ranger ,  David Anthony Roberts ,  Mark Jonathan Stirland ,  Richard Paul Swale

Inventor： Robert Andrew Bissell ,  Kevin Paul Bosworth ,  Michael John Britnell ,  Peter Maxwell Harding ,  Richard Middleton Hicks ,  Jonathan James Kingan ,  Michael Victor Meyerstein ,  Keith Eric Nolde ,  John Rabson ,  Jonathan Crispin Ranger ,  David Anthony Roberts ,  Mark Jonathan Stirland ,  Richard Paul Swale

IPC: H04L932

CPC classification number: H04L63/08 ,  H04L9/0822 ,  H04L9/3271 ,  H04L63/0428 ,  H04L2209/56 ,  H04Q3/0029 ,  H04Q2213/13339 ,  H04Q2213/13515

Abstract: An authentication system of a terminal on a public switched telephone network provides a security node associated with a local exchange and a network terminal. For one-way authentication, the terminal responds to a call initiation by sending a unique authentication code comprising a number and a secret key encrypted according to a first algorithm, the secret key being specific to the terminal. The security node constructs the expected authentication code from the number, using the first algorithm and a second key which is a function of a terminal identification number, and compares the expected code with the received code. In two-way authentication, the security node responds to the call initiation by sending a transaction number to the terminal encrypted according to a second algorithm. The terminal generates the authentication code as a function of the first algorithm, the secret key and the transaction number. The authentication code is sent back to the security node. An expected code is compared with the received one in the same way. In both cases, a match between expected and received authentication codes constitutes authentication of the terminal allowing the user access to the network.

Abstract translation: 公共交换电话网络上的终端的认证系统提供与本地交换机和网络终端相关联的安全节点。 对于单向认证，终端通过发送包括根据第一算法加密的号码和秘密密钥的唯一认证码来响应呼叫发起，秘密密钥特定于终端。 安全节点使用第一算法和作为终端标识号的函数的第二密钥从该号码构建期望的认证码，并将预期代码与接收到的代码进行比较。 在双向认证中，安全节点通过向根据第二算法加密的终端发送交易号码来响应呼叫发起。 终端根据第一算法，密钥和交易号生成认证码。 验证码被发送回安全节点。 将预期代码与收到的代码以相同的方式进行比较。 在这两种情况下，预期和接收的认证码之间的匹配构成允许用户访问网络的终端的认证。