Oma DM best practices II: MD5 Security Authentication

Tian haili

2012-02-27

 

DM is now one of the essential services required by domestic operators. The DM service operator can understand the user terminal situation and data usage, and the customer service mode has changed. The terminal manufacturer can reduce the after-sales cost and configure parameters and upgrade the subsequent versions more conveniently. China Mobile calls the DM Service enhanced after-sales service. This series of articles provides best practices for CMCC's DM business such as terminal self-registration, security authentication, parameter collection, and parameter configuration.

 

Security authentication is required for all businesses except self-registration in cmccdm.

 

1. authentication process

The following uses MD5/base64 as an example to describe the process of mutual authentication between the terminal and server.

In the figure,

-The credential in the rounded corner box is calculated using Username: password and nonce;

-The nextnonce in the box is sent to the other party so that the other party can use it for the next computation of credential;

-The Value in the ellipse represents the result of peer authentication.

 

2. Computation of credential

Settings:

H: use MD5 for hash calculation;

Credential: MD5 hash calculation result

B64: base64encode Calculation

The Credential calculation method is as follows:

Credential = H (b64 (H (uasername: password): nonce)

Note:

The nextnonce shown in the process in the figure cannot be directly used in the nonce in the formula. nextnonce performs the baseencode operation for network transmission. Therefore, nextnoncedecode can be used for Credential calculation only after being used.