The authentication method of the object
The invention relates to the field of authentication of objects. The technical result is to increase protection against unauthorized use of network services. In this way, using the identification module (e.g., SIM card) external device is the creation of a query that contains a random number and the cryptogram obtained by processing the random number algorithm 2 using the secret key 2, the transfer request to the identification module, checking identification module cryptogram random numbers, the formation of the identification module response by encrypting the query using algorithm 1 and the random number is 1, the response is returned to the external device, comparing the external device, the received response result of an external device encryption query using algorithm 1 and the secret key 1. 3 C.p. f-crystals, 2 Il. The invention relates to the field of authentication of objects and can be used, for example, for authentication of the mobile terminal (phone) subscriber in the network using an identification module, for example, by using personal smart cards (cards with stroie person).In telecommunication systems GSM (Global System for Mobile communication) authentication of the subscriber in the network is performed by a known procedure (GSM 11.11) as follows. The network sends a Query (random number RAND) to the mobile terminal (MT). MT sends a request to the SIM card using the command RUN GSM ALGORITHM. SIM card encrypts a random number with a secret key Kistored in the SIM card memory, algorithm A3 and retrieves the value of SRES (Answer), through which MT is transmitted to the network.SRES=ENC (Ki, RAND), where SRES is the result of the encryption length 4 bytes, ENC - encryption process, Toi- the secret key length of 16 bytes, RAND is a random number with a length of 16 bytes.The same procedure encryption of the same random number RAND (on the same key using the same encryption algorithm) is performed on the network to retrieve the value of RES. In the case of coincidence of the SRES received from the MT, and RES, calculated in the network, the authentication procedure is successfully completed. The subscriber is allowed to use network services. Authentication of this kind is called internal.The disadvantage of this solution is in principle possible matching secret key Kiby repeated (several tens of sludge is key Toiby examining the results of the command RUN GSM ALGORITHM (Reply) with the help of special algorithms. Determine the secret key is creating duplicate (clone) card, which gives the possibility of unauthorized use of network services.Known methods using authentications counter that limits the number of times of selection of the key Toi(SIM SCAN v/1/21 (Aug. 8 2001). Web: http: // www net.yu/~dejan). After execution of each procedure of the authentication counter value is decremented by one and the count makes the card unusable. Thus limited the number of possible execution command RUN GSM ALGORITHM, and hence the resulting steam is Request-Response, used for matching secret key. A typical initial value of the counter authentication is 100,000. However, the development of computers and improved algorithms selection key result of the selection key (40-60) thousand attempts. Further limitation of the initial value of the counter authentication inconvenience as network subscriber (small lifetime of the card) and network operator (card replacement or update the content of the counter authentication).
Claims1. The authentication method of an object external device using the identification module, is made, for example, in the form of a SIM card, which consists in forming an external device request in the form of a random number, transmitting a request to the identification module, the formation of the identification module response by encrypting the received request using algorithm 1 using the secret key 1, the response is returned to the external device, comparing the external device received the response identification module with the result of an external device encryption query using algorithm 1 and the secret key 1, characterized in that formed an external device, the request contains the random number as a maximum, complete the cryptogram obtained by encrypting the random number algorithm 2 using the secret key 2 2. The method according to p. 1, wherein the query is a random number whose part substituted by the length of the part of the cryptogram.3. The method according to any of paragraphs.1 and 2, characterized in that the encryption algorithm 2 is identical to algorithm 1, and the secret key 2 identical secret key 1.4. The method according to any of paragraphs.1 to 3, characterized in that the identification module includes a count of requests that contain invalid cryptogram, and in the case that the number of requests containing invalid cryptogram, and in the case that the number of requests with the wrong cryptogram preassigned values the work of the identification module is blocked.
FIELD: computers, data protection.
SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.
EFFECT: higher efficiency.