移动网络可信匿名认证协议

针对终端接入移动网络缺乏可信性验证问题，提出一种移动网络可信匿名认证协议，移动终端在接入网络时进行身份验证和平台完整性认证。在可信网络连接架构下，给出了可信漫游认证和可信切换认证的具体步骤，在认证时利用移动终端中预存的假名和对应公私钥对实现了用户匿名隐私的保护。安全性分析表明，协议满足双向认证、强用户匿名性、不可追踪性和有条件隐私保护。协议中首次漫游认证需要2轮交互，切换认证需1轮即可完成，消息交换轮数和终端计算代价优于同类可信认证协议。

Trusted and anonymous authentication protocol for mobile networks

The lackness of trusted verification of mobile terminal may affect the security of mobile network. A trusted anonymous authentication protocol for mobile networks was proposed, in which both user identity and platform integrity were authenticated when the mobile terminal accesses the networks. On the basis of trusted network connection architecture, the concrete steps of trusted roaming authentication and trusted handover authentication were described in detail. The authentication used pseudonyms and the corresponding public/private keys to achieve the protection of the user anonymous privacy. The security analysis indicates that the proposed protocol meets mutual authentication, strong user anonymity, untraceability and conditional privacy preservation; moreover, the implementation of the first roaming authentication requires two rounds of communications while the handover authentication protocol just needs one round. The analytic comparisons show that the proposed protocol is efficient in terminal computation and turns of message exchange.