Résumé: As great progress has been made in mobile communications, many related researches on this topic have been proposed. In most of the proposed protocols so far, it has been assumed that the person using the mobile station is the registrar of the SIM card; as a matter of, the previous protocols for authentication and session key distribution are built upon this assumption. This way, the mobile user can only verify the identity of the owner of the SIM card. This means that the mobile user can only know that who registers the SIM card with which he communicates. Note that the human voice can be forged. To make sure that the speaker at the other end is the right owner of the SIM card, concept of the password is involved to construct the end-to-end security authentication protocol. In the proposed protocol, each mobile user can choose a password. When two mobile users want to communicate with each other, either user can request to perform a end-user identification process. Only when both of the end users input the correct passwords can the correct common session key be established.

Langue: Anglais