CN1625101A - Strong authentication method based on symmetric encryption algorithm - Google Patents

Abstract

A strong identification method based on symmetrical code computation method, and the process is: through the establishment of radio link, the attestation device sends the request of identification to the user, and returns the identity information to the server, the server finds the identification code key and information integrity code key in the database, establishes conversations with the user, the server and the user both orderly through the random number producing to use the identification code key of the user to encrypt, the identification device decodes through the code key of the opposing party, identify the results after to-and-fro for three times, the server and the user encode and decode the broadcasting code key through producing the conversation, and use information integrity code key and the relative information to compute the integrity value of identification exchange, the identification device compares the identification results, and decides whether the user can be added in the network, and realizes the online correspondence and broadcasting communication from basic station to users.

Description

A kind of strong discrimination method based on symmetric cryptographic algorithm

Technical field

The present invention relates in communication network, guarantee validated user accesses network resource, avoid its a kind of user of checking who is subjected to false server deception and the discrimination method of server both sides legal identity.

Background technology

In network communication field, use the most generally and realize that by ppp protocol the point-to-point link transmits data, adopt CHAP agreement (Challenge Handshake AuthenticationProtocol) to finish the identity of PPP link is differentiated, this CHAP agreement is for addressing inquires to the authentication protocol of shaking hands.The link both sides are called for short the PPPLCP protocol negotiation by the extendible LCP of point-to-point, and link is configured and tests to PPP.After the PPP link is set up, to differentiate earlier then according to identification result, whether decision allows link to enter the Network Control Protocol NCP negotiation in (Network Control Protocol) stage to connectionist's identity.CHAP carries out once " three-way handshake " by the both sides in the PPP link, finishes the other side's identity is differentiated.Its discriminating is after the PPPLCP agreement enters out state (opened), and discriminating side initiates the CHAP of opposite end is differentiated that its process is roughly as follows:

1. differentiate that direction sent CHAP challenge by the side of discriminating, challenge data is a random number or pseudo random number.

2. after being received CHAP challenge by discriminating side,, share the certain computation rules of information foundation such as password, obtain a uni-directional hash value as replying of inquiry sent to discriminating side with challenge data.

3. after receive and replys discriminating side, also according to identical computation rule, utilize and share key in this locality, information calculations such as challenge data go out the hashed value of an expectation, compare the hash result of CHAP response result and expectation, if consistent, then crossed identity and differentiate by the discriminating square tube, otherwise for differentiating failure.

The CHAP agreement is applicable to that mainly network access server NAS (Network Access Server) connects the circuit switching from public switch telephone network PSTN or integrated services digital network ISDN, dials in the discriminating of connection or proprietary connection identity.

Promptly only the user is differentiated because the CHAP agreement is a unidirectional authentication protocol, rather than, therefore can not prevent Replay Attack the two-way authentication protocol between user and server.And the CHAP agreement is not differentiated identity separately and is extracted, thereby can not use in roaming environments.And the CHAP agreement does not support session key to derive, and can not be used for secure communication subsequently.

Another kind uses maximum communication transport protocols in network communication field be radius protocol.

Because network access server NAS links to each other with the external world by Moden pond or other interface.The user enters network sharing information and resource by these interfaces, just need carry out identity to the user who enters network by these interfaces and differentiate, finishes the granted access to the user.RADIUS (RemoteAuthentication Dial-up User Service) need design for this just.It is a kind of standard of communicating by letter between network access server and a shared authentication server.According to this communication specification, the webserver is realized differentiating to the user who visits it by sharing authentication server.NAS and authentication server are according to mutual their authentication information, authorization message and the configuration information of standard.RADIUS gives authentication server and differentiates client (being NAS or authenticator) to the information processing standard, finishes discriminating to the client of visit NAS by these processing specifications, authorizes and configuration.

Put it briefly, the RADIUS authentication protocol has following principal character:

1), model of client

RADIUS with NAS as client.The main task of client is mutual (purpose is to collect user's authentication information) of finishing with calling party, sends the authentication information collected and the identification result that server sends it back is replied to server.The authentication server end is called the RADIUS authentication server, and it differentiates request msg according to the user that client sends, and user identity is differentiated, and returned identification result.

2), internet security

Share a pair of privacy key between radius server and the NAS.All communications between them all are subjected to this discriminating protection to key, and certain integrity protection is provided simultaneously.The sensitive data that transmits between this server and NAS (as user password) also is subjected to Confidentiality protection.Radius protocol also provides status attribute and discriminator (Authenticator), to prevent refusal attack, the spoofing attack to client or server.It is the IP security protocol stack that RFC3162 has defined RADIUS use IPSEC, but the support of IPSEC is not but required.

3), extendible design of protocol

The RADIUS message bag constitutes by a relatively-stationary message header and a series of attribute.Attribute adopts " attribute type, length, property value " tlv triple to form, and the user can define other attribute voluntarily, with the advanced radius authentication protocol.

4), authentication scheme flexibly

Radius protocol is supported different authentication protocols, differentiates to realize the user that needs are differentiated.The agreement of differentiating comprises PAP, CHAP, MS-CHAP etc., has also defined support EAP authentication protocol in RFC2869 RADIUSExtensions.

RADIUS realizes the flow process that identity is differentiated:

When the user dials in NAS, NAS request radius server carries out user identity to be differentiated, after obtaining the RADIUS access and responding, and the service that the user obtains wishing.Roughly flow process is as follows for it:

1. dial-in customer and NAS set up PPP (also may for other agreement, as SLIP) and connect, and NAS requires the user to show authentication information.The mode that requirement is shown may be a self-defining notice of landing, and keys in user name and user password to require the user, or the authentication protocol by ppp protocol, transmits user's name information and password information as link frame-forming protocols such as CHAP.

2. the dial-in customer shows authentication information to NAS.

3. NAS has constructed a RADIUS message that is called " Access-Request " (being access request) according to these authentication informations, sends to radius server.Should comprise following content in the Access-Request message: the information such as port numbers of user name, user password, NAS name information (being used as RADIUS uses which to share the foundation of key), user capture.Wherein user password should be subjected to Confidentiality protection.

4. for a NAS, often are furnished with a main radius server and several standby radius servers.If NAS still can not receive response after sending the Access-Request certain hour, then NAS can think that this master server is unreachable.Therefore NAS can select to get in touch with second standby server.Selective rule does not provide in radius protocol: agreement realizes and can select second station server in the certain number of times failure of NAS re-send request may back that the selection server also can circulate.Such as after waiting for the master server answer failed, select second immediately, after waiting for second answer failed, select the 3rd immediately

5. after radius server is received Access-Request, at first find shared key between book server and the NAS according to the name information of NAS.If can not find (for example the NAS name is illegal), then access request should be dropped: if can find, then utilize to share the integrality, legitimacy of key authentication data etc.In RADIUS authentication data storehouse, search corresponding user's clauses and subclauses according to the user name in the request then.Having provided the user in these clauses and subclauses can accessed resources, and for these resources of visit institute must satisfied condition, as the password information that must show etc.RADIUS verifies seriatim according to authentication information whether the user satisfies all discrimination condition.

If 6. the user can not be by all checkings, then RADIUS sends it back " Access-Reject " (access reject) message to NAS, and the expression user can not be by checking.NAS is according to this message, and refusing provides required service for the user.

If 7. all checkings are all passed through, RADIUS sends one " visit is accepted " (Access-Accept) message or the user carried out the another inquiry of taking turns to NAS.The another if desired inquiry of taking turns.Then radius server sends one " visit is addressed inquires to " (Access-Challenge) message to NAS, provides one group of data in this message, requires the user data to be carried out the encryption of corresponding secret key.NAS sends to the dial-in customer with challenge information after receiving this inquiry, the user carries out respective encrypted, and the result is sent to NAS.NAS asks according to user's return results structure new " visit ", and sends to radius server.Server is verified this challenge response, if checking is passed through, then sends " visit an is accepted " message to NAS.

8. visit accepts should comprise in the message service (as PPP or the Telnet service) type that can be the user and provide, corresponding configuration information (as the IP address to PPP, subnet mask etc.).NAS is configured home environment after receiving this message, and starts the respective service to the dial-in customer.

Communication specification about the RADIUS authentication protocol does not here just specifically describe.Can be referring to standards such as RFC2856, RFC2866, RFC2867, RFC2868, RFC2869, RFC2809.

RADIUS is mainly used in dialing PPP and terminal server visit.As time goes on, ever-increasing the Internet and introduce new access technique comprises wireless, DSL, mobile IP and Ethernet, and the router and the webserver (NAS) increase complexity and density.Simple radius protocol can not satisfy the new demand of aaa server aspect discriminating, mandate, charging.

The problem that radius protocol exists:

Mistake is recovered problem: radius protocol is not supported the wrong failover of recovery mechanism, and the result is that different realizations has different failover.

Transmitting stage safety problem: RADIUS has defined the scheme that requires application layer discriminating and integrality in respond packet.And defined an additional discriminating and integrity mechanism in the RADIUS Extended Protocol, and only require requirement in the session of expansion authentication protocol (EAP).Though hiding, attribute supports that RADIUS does not provide the confidentiality of each grouping.When chargeing, the RADIUS account hypothesis is reset and is protected the bill server by the rear end to provide, rather than provides in agreement oneself.

Reliable transmission problem: RADIUS operates on the UDP, and the not behavior of definition re-transmission; Consequently, reliability changes with different realizations.This will be a problem when chargeing, and losing of grouping will directly cause income to be lost.

Act on behalf of support issue: RADIUS does not provide the obvious support to the agency, comprises the agent, is redirected and relaying.Because the behavior of expectation is definition not, different realizations is different.

The message problem that server is initiated: the front has been mentioned RADIUS and has been adopted model of client, though defined the message that radius server is initiated in dynamically differentiating, supports it but is optional.This realize connection as non-request disconnect or stride in the heterogeneous network as required differentiate/authorize again to be to be difficult to realize again.

Auditing possibility problem: RADIUS does not have definition of data object security mechanism, and consequently incredible agency can revise attribute or packets headers and not be found.Together with the support to capability negotiation, this is difficult to determine when disputing.Though data object safety be implemented in DIAMETER not necessarily, capability negotiation is to support.

Capability negotiation problem: RADIUS does not support fault processing, capability negotiation or is the necessary/nonessential sign of attribute.Because RADIUS client and server are not known ability each other, the negotiation that they can not be successful is bipartite accepts service, perhaps in some cases, even can not know which service is implemented.

The other side finds and allocation problem: RADIUS realizes typically requiring server or client's the name and the manual configuration of address, together with corresponding shared secret.This will cause big administrative loads, and drawing template establishment reuses the RADIUS shared secret, and this will cause safe fragility.

Use the CHAP agreement to carry out authentication in sum merely, use the PADIUS agreement to carry out message transmission, all can not solve the two-way discriminating problem between the user and network in the mobile communication, can not effectively prevent the eavesdropping of physical layer, Replay Attack, dictionary attack, have the COMSEC insecurity between user and access server NAS or the authenticator.

Summary of the invention

In the communication network in modern times, the user wants the accesses network resource, at first will carry out the user-network access authentication, and the process of its discriminating is exactly the legitimacy of identifying user identity, could authorize the customer access network resource after discriminating is finished, and the customer access network resource is carried out accounting management.In general, discrimination process is finished by three entities: mobile node MN or title user, authenticator (Authenticator, in access network access server NAS, realize), aaa server (Authentication, Authorization and Accounting, discriminating, mandate and accounting server).Be connected for wireless channel between user MN and authenticator; For wire message way is connected, the communication transport protocols of the two is a radius protocol between authenticator and aaa server.

The objective of the invention is to: provide existing aaa server that user MN networking identity legitimacy is differentiated; prevent physical layer eavesdropping, Replay Attack, resist dictionary attack; also having user MN that aaa server is carried out authenticity differentiates; effectively carry out self-protection; realize in the 3G (Third Generation) Moblie a kind of strong discrimination method of secure communication between user and access server or the authenticator based on symmetric cryptographic algorithm.

The objective of the invention is to realize by following discrimination process:

A kind of strong discrimination method based on symmetric cryptographic algorithm, include total authentication key of user MN and aaa server and the message integrity key that carries out message integrity process, these two encryption key distribution processes are the outer processes of a band, and the communication between user MN and the authenticator is wireless channel; Communication protocol adopts radius protocol between authenticator and the aaa server, and adopts IPSec or TLS or CMS to communicate protection, it is characterized in that discrimination process carries out successively as follows:

A, user MN start shooting in certain sector SC coverage of certain base station controller, set up process by Radio Link, obtain the wireless transfer channel resource;

B, authenticator send identity request to user MN, and request user MN returns its identity information;

C, user MN return the IMSI identity response information of oneself to authenticator, and set up and differentiate session;

D, authenticator be according to the IMSI identity information of user MN, sends to its corresponding aaa server and differentiate request/IMSI;

After e, aaa server are received and differentiated request/IMSI, from corresponding database, find authentication key and the message integrity key of user MN, set up discriminating session with user MN; Aaa server produces its length generally with the same random number R andA of the block length of block cipher, and with the authentication key of user MN, the electronic codebook mode ECB mode of employing block cipher is encrypted and is obtained En (RandA), sends response/En (RandA) to authenticator then;

F, authenticator are received the response/En (RandA) that sends from aaa server, send to user MN then and differentiate request/En (RandA);

G, user MN receive the discriminating request En (RandA) that aaa server sends by authenticator, authentication key deciphering with oneself obtains RandA, and the random number that obtains to send to aaa server by the T conversion responds Rand_A, produce its length simultaneously generally with the same random number R andC of the block length of block cipher, random number R andC and random number response Rand_A and postpone encrypted with authentication key produce En (Randc+Rand_A), send response/En (RandC+Rand_A) to authenticator then;

H, authenticator are received the discriminating response/En (RandC+Rand_A) that user MN sends, and send to aaa server then and differentiate request/En (RandC+Rand_A);

I, aaa server are received discriminating request/En (RandC+Rand_A) that authenticator sends, and at first the authentication key deciphering with user MN obtains RandC and Rand_A, and relatively whether RandA is consistent with Rand_A, if inconsistent, differentiates failure; If differentiate successfully, aaa server responds Rand_C by random number R andC by the random number that the T conversion obtains to send to MN, and encrypt with the authentication key of user MN and to obtain En (Rand_C), identity information IMSI, random number R andA, the RandC with user MN obtains session key SK by the K conversion then; And aaa server calculates whole discriminating exchange integrity value HASH (m) with IMSI, RandA, RandC and message integrity key by MAC; To respond/En (Rand_C)+SK+HASH (m) then and send to authenticator;

J, authenticator are received response/En (Rand_C)+SK+HASH (m) that aaa server sends, and extract session key SK and HASH (m); Broadcast key BK is encrypted with session key SK, and authenticator sends to user MN then and differentiates request/En (Rand_C)+En (BK);

K, user MN receive that discriminating request/En (Rand_C)+En that authenticator sends at first deciphers En (Rand_C) acquisition random number response Rand_C with authentication key, whether more spontaneous random number R andC is consistent with the random number response Rand_C that produces through the aaa server conversion, if consistent, then differentiate successfully; Obtain session key SK according to IMSI, RandA, RandC by the K conversion then, deciphering En (BK) obtains broadcast key BK; According to subscriber identity information ISMI, random number R andA, random number R andC and message integrity key, calculate whole discriminating exchange integrity value HASH (M) again by MAC; To respond HASH (M) then and send to authenticator.

After L, authenticator are received the response HASH (M) that user MN sends, relatively HASH (M) and HASH (m), if unanimity then differentiate successfully, can carry out follow-up processing.

The invention has the advantages that: realized the discrimination process of aaa authentication system, can be used for the MN access service.The characteristics that adopt enough algorithm intensity of symmetrical block cipher and discrimination process entity to constitute, and secret only having by user and aaa server finished discrimination process cleverly, and making discrimination process enough simple, discrimination process is a strong secret discrimination process.Adopt this method in the aaa authentication system, will make system management easy, its key management complexity is O (n).Discrimination method of the present invention is two-way discriminating, and existing user also has the discriminating of aaa server to the user to the discriminating of aaa server; Can carry out self-protection, can prevent the eavesdropping of physical layer, prevent Replay Attack, can resist dictionary attack, can produce session key or assign sessions key, be used for the secure communication between user and the access server NAS.

Description of drawings

Fig. 1 is a bidirectional identification discrimination method procedure chart of the present invention

Fig. 2 is a communication process flow chart of the present invention

Mark death refers to not existence of physical connection among the figure; Mark is set up expression link establishment state; Mark authentication expression discrimination process or differentiates successfully or differentiate failure, token network is represented to use Internet resources, and mark stops representing the state of termination of communicating by letter.

Embodiment

The main example that specifically practice of discrimination method in ppp protocol of describing invention in this section.

In order to set up communication by point-to-point link, each end of ppp link must at first send the LCP grouping so that set and tests data-link.After link establishment well, the opposite end just can be differentiated.Then, PPP must send the NCP grouping so that select and set one or more network layer protocols.In case each selecteed network layer protocol all has been set, just can on link, send from the packet of each network layer protocol.Link will keep communicate configuration constant, close link up to direct LCP and NCP grouping, or when some external events take place (timer expiration of dormant state or network manager interfere).Setting, keep and stopping in the process of point-to-point link, ppp link is through several clearly stages, as shown in Figure 2.This figure does not provide all state exchanges.

Link death (physical connection does not exist)

Link necessarily begins and ends at this stage.When pointing out that physical layer is ready, PPP will enter link establishment phase when an external event (for example carrier sense or network manager set).In this stage, the LCP automaton will be in initial condition, will be to UP event signal of LCP automaton to the conversion of link establishment phase.Attention: after disconnecting with modulator-demodulator, link will return this stage automatically.In with hard-wired link, the weak point that this stage is suitable--only enough existence of detection equipment.

Link establishment phase

LCP is used to exchange configuration information grouping (Configure packets), connects.In case a configuration successful information block (Configure-Ack packet) is sent out and is received, and has just finished exchange, has entered the LCP opening.All config options are all supposed and are Used Defaults, and change unless be configured the clearing house.

Have any to note: the config option that does not only rely on special network layer protocol is just disposed by LCP.In network layer protocol phase, independently the configuration of network layer protocol is handled by Network Control Protocol (NCP) independently.

Any non-LCP grouping that receives in this in stage must quilt abandoning silently.Receive that LCPConfigure-Request (LCP configuration requirement) can make link turn back to link establishment phase from network layer protocol phase or authentication phase.

The discriminating stage

On some links, before allowing the network layer protocol packet switching, an end of link may need the opposite end to be differentiated.The discriminating of acquiescence does not need to execute.Wish that the opposite end differentiates that according to a certain specific authentication protocol it must require to use this authentication protocol at link establishment phase so if once carry out.Should after link establishment, differentiate immediately as far as possible.And the link-quality inspection can take place simultaneously.In once carrying out, forbid to differentiate this way of backward delay indefinitely because of the quality examination grouping of exchange link.Before discriminating is finished, forbid advancing to network layer protocol phase from the discriminating stage.If differentiate failure, should be transitted to the link termination phase by the side of discriminating.In this stage, have only LCP, authentication protocol and link-quality to monitor that the grouping of agreement is allowed to.The grouping of other that receive in this stage must be by abandoning silently.Attention: in realization, only be because overtime or not reply with regard to the failure that causes discriminating be not right.Discriminating should allow certain to transmit again, only after failure is attempted in the discriminating of several times, in the time of unavoidable, just enters the link termination phase.In discriminating, which side has refused the opposing party's discriminating, and which side will be responsible for beginning the link termination phase.

Discrimination method among the present invention just uses in this stage.

Network layer protocol phase

In case PPP has finished the stage of front, each network layer protocol (for example IP, IPX, or AppleTalk) must be set respectively by suitable Network Control Protocol (NCP).Each NCP can be opened and closed at any time.Attention: detect because to need at first once to realize a large amount of time to be used for link-quality, so when waiting for peer setting NCP, execution should be avoided using fixing overtime.When a NCP is in the Opened state, PPP will carry corresponding network layer protocol grouping.When corresponding N CP was not in the Opened state, any network layer protocol that is supported grouping that receives all will be by abandoning silently.Attention: when LCP was in the Opened state, any protocol packet of not supported by this execution must be returned in Protocol-Reject.The agreement of having only support is just by abandoning silently.

In this stage, the link communication amount is by LCP, any possible the constituting jointly of NCP and network layer protocol grouping.

The link termination phase

PPP can stop link at any time.The reason that causes the link termination is a lot: loss of carrier, discriminating failure, link-quality failure, idling cycle timer expiration or keeper close link.LCP stops link with the method for exchange Terminate (termination) grouping.When link just was closed, PPP informing network layer protocol was so that they can take correct action.After exchange Terminate (termination) grouping, execution should notify physical layer to disconnect, so that compulsion links stops, especially when differentiating failure.The sender of Terminate-Request (termination-requirement) after receiving Terminate-Ack (termination-permission), perhaps after restarting the counter expiration, should disconnect connection.Receive the side of Terminate-Request, should wait for that the opposite end goes to cut off, after sending Terminate-Request, at least also will just allow disconnection through a Restart time (reboot time).PPP should advance to the dead stage of link.

Any non-LCP grouping of receiving in this stage, must quilt abandoning silently.It is just enough that attention: LCP closes link, do not need each NCP to send one and stop grouping.On the contrary, a NCP closes the termination that but is not enough to cause ppp link, even that NCP is a current unique NCP who is in the Opened state.

Claims (1)

1, a kind of strong discrimination method based on symmetric cryptographic algorithm; include total authentication key of user MN and aaa server and the message integrity key that carries out message integrity process; these two encryption key distribution processes are the outer processes of a band; communication between user MN and the authenticator is wireless channel: communication protocol adopts radius protocol between authenticator and the aaa server; and adopt IPSec or TLS or CMS to communicate protection, it is characterized in that discrimination process carries out successively as follows:

A, user MN start shooting in certain sector SC coverage of certain base station controller, set up process by Radio Link, obtain the wireless transfer channel resource;

B, authenticator send identity request to user MN, and request user MN returns its identity information;

C, user MN return the IMSI identity response information of oneself to authenticator, and set up and differentiate session;

D, authenticator be according to the IMSI identity information of user MN, sends to its corresponding aaa server and differentiate request/IMSI;

After e, aaa server are received and differentiated request/IMSI, from corresponding database, find authentication key and the message integrity key of user MN, set up discriminating session with user MN; Aaa server produces its length generally with the same random number R andA of the block length of block cipher, and with the authentication key of user MN, the electronic codebook mode ECB mode of employing block cipher is encrypted and is obtained En (RandA), sends response/En (RandA) to authenticator then;

F, authenticator are received the response/En (RandA) that sends from aaa server, send to user MN then and differentiate request/En (RandA);

G, user MN receive the discriminating request En (RandA) that aaa server sends by authenticator, authentication key deciphering with oneself obtains RandA, and the random number that obtains to send to aaa server by the T conversion responds Rand_A, produce its length simultaneously generally with the same random number R andC of the block length of block cipher, random number R andC and random number response Rand_A and postpone encrypted with authentication key produce En (Randc+Rand_A), send response/En (RandC+Rand_A) to authenticator then;

H, authenticator are received the discriminating response/En (RandC+Rand_A) that user MN sends, and send to aaa server then and differentiate request/En (RandC+Rand_A);

I, aaa server are received discriminating request/En (RandC+Rand_A) that authenticator sends, and at first the authentication key deciphering with user MN obtains RandC and Rand_A, and relatively whether RandA is consistent with Rand_A, if inconsistent, differentiates failure; If differentiate successfully, aaa server responds Rand_C by random number R andC by the random number that the T conversion obtains to send to MN, and encrypt with the authentication key of user MN and to obtain En (Rand_C), identity information IMSI, random number R andA, the RandC with user MN obtains session key SK by the K conversion then; And aaa server calculates whole discriminating exchange integrity value HASH (m) with IMSI, RandA, RandC and message integrity key by MAC; To respond/En (Rand_C)+SK+HASH (m) then and send to authenticator;

J, authenticator are received response/En (Rand_C)+SK+HASH (m) that aaa server sends, and extract session key SK and HASH (m); Broadcast key BK is encrypted with session key SK, and authenticator sends to user MN then and differentiates request/En (Rand_C)+En (BK);

After k, user MN receive discriminating request/En (Rand_C)+En (BK) that authenticator sends, at first decipher En (Rand_C) and obtain random number response Rand_C with authentication key, whether more spontaneous random number R andC is consistent with the random number response Rand_C that produces through the aaa server conversion, if consistent, then differentiate successfully; Obtain session key SK according to IMSI, RandA, RandC by the K conversion then, deciphering En (BK) obtains broadcast key BK; According to subscriber identity information ISMI, random number R andA, random number R andC and message integrity key, calculate whole discriminating exchange integrity value HASH (M) again by MAC; To respond HASH (M) then and send to authenticator.

After L, authenticator are received the response HASH (M) that user MN sends, relatively HASH (M) and HASH (m), if unanimity then differentiate successfully, can carry out follow-up processing.

Images