Oma DM best practices II: MD5 Security Authentication

Source: Internet
Author: User
Tags md5 hash

Tian haili

2012-02-27

 

DM is now one of the essential services required by domestic operators. The DM service operator can understand the user terminal situation and data usage, and the customer service mode has changed. The terminal manufacturer can reduce the after-sales cost and configure parameters and upgrade the subsequent versions more conveniently. China Mobile calls the DM Service enhanced after-sales service. This series of articles provides best practices for CMCC's DM business such as terminal self-registration, security authentication, parameter collection, and parameter configuration.

 

Security authentication is required for all businesses except self-registration in cmccdm.

 

1. authentication process

The following uses MD5/base64 as an example to describe the process of mutual authentication between the terminal and server.

In the figure,

-The credential in the rounded corner box is calculated using Username: password and nonce;

-The nextnonce in the box is sent to the other party so that the other party can use it for the next computation of credential;

-The Value in the ellipse represents the result of peer authentication.

 

2. Computation of credential

Settings:

H: use MD5 for hash calculation;

Credential: MD5 hash calculation result

B64: base64encode Calculation

The Credential calculation method is as follows:

Credential = H (b64 (H (uasername: password): nonce)

Note:

The nextnonce shown in the process in the figure cannot be directly used in the nonce in the formula. nextnonce performs the baseencode operation for network transmission. Therefore, nextnoncedecode can be used for Credential calculation only after being used.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.