2. Authentication In order to verify whether the user has access to the system, the mainstream authentication method is to use authentication authorization to verify the correctness of the digital signature. Traditional authentication is verified by password. The premise of this method is that every user who obtains the password is authorized.
Authentication refers to verifying whether the user has access to the system. Traditional authentication is verified by password. The premise of this method is that every user who obtains the password is authorized.
When a user is created, a password is assigned to the user. The user's password can be specified by the administrator or applied by the user himself.
The weakness of this method is obvious: once the password is stolen or the user is lost, the situation will be very troublesome, and the administrator needs to modify the user's password again, and the user's legal identity must be verified manually before modifying the password.
In order to overcome the shortcomings of this authentication method, a more reliable authentication method is needed. At present, the mainstream authentication method is to use authentication authorization to verify the correctness of digital signature.
Logically, authorization occurs after authentication, but in fact, the two are often a process.
Before explaining what authentication is, let's take a look at what would happen without authentication.
If there is no authentication function, mobile users can access and use any wireless network at will, the interests of operators can not be guaranteed, and the safety of users will be threatened. At the beginning of the development of mobile communication network, this problem was considered and solved: user authentication was used to identify illegal users.
User authentication is to authenticate users who try to access the network and check whether they have permission to access the network. User authentication can protect the network and prevent illegal theft; At the same time, it protects customers in the network by rejecting the "invasion" of fake legitimate customers.
However, the road is one foot high and the magic is ten feet high. I believe everyone has heard of or personally experienced such an event. Some people receive illegal scams and promotional messages such as "Congratulations on winning the first prize, please pay taxes in advance" and "Our company sells various invoices" on their mobile phones, thus being cheated and losing money.
Some even show that it was sent by 1 10. In this case, the user may visit a fake network, so the user also needs to authenticate the network.
Authentication includes two aspects:
This two-way authentication mechanism is AKA (Authentication and Key Agreement) authentication.
Besides AKA authentication, other authentication methods can be used. Before IMS AKA authentication is widely realized, or under certain conditions (such as accessing IMS through fixed ADSL connection), other authentication methods such as HTTP digest authentication can be used.
3G UMTS (Universal Mobile Telecommunication System), EPS (Evolved Packet System) and IMS(IP Multimedia Subsystem) networks all adopt AKA two-way authentication mechanism, and the authentication principle is basically the same. In the 2G network, there is only user authentication, but no network authentication.