This application claims the benefit of Korean Patent Application No. 2003-95403, filed on Dec. 23, 2003, in the Korean Intellectual Property Office, the disclosure of which is incorporated herein in its entirety by reference.
1. Field of the Invention
The present invention relates to a method of mutual authentication between a user and an authentication server, which is an advance procedure for using Internet services, and more particularly, to a method of verifying a server certificate during mutual authentication.
2. Description of the Related Art
There are several ways to access the Internet, such as wireless LAN public network, Point-to-Point Protocol (PPP), and wireless Internet using Code Division Multiple Access (CDMA). For example, network construction according to IEEE 802.11 standards is generally used for a wireless LAN. IEEE 802.11 standards realize a LAN environment such as conventional ethernet or IEEE 802.3 standards without wire. In a wireless LAN public network service, users entering an area called a hot spot must perform an authentication procedure according to proper mechanism provided by the wireless LAN service provider, such as IEEE 802.1x, web-based login, etc.
To provide the net service, a service provider performs an authentication procedure to determine whether the user subscribes to the service. Currently, Extensible Authentication Protocol (EAP) is a protocol used to perform authentication of a user. The EAP does not perform an real authentications, it is a protocol encapsulating and transmitting methods performing the real authentication such as Message Digest number 5 (MD 5), Transport Layer Security (TLS), Secure Remote Password (SRP). Various authentication protocols besides the EAP are used, but the EAP is more flexible and extensible, and it tends to be selected for roaming among service providers and different networks.
Especially, EAP-TLS is used to transmit TLS packets inside of the EAP and performs mutual authentication and key exchange using a certificate based on a Public Key Infrastructure (PKI). EAP-Tunneled TLS (EAP-TTLS) is a protocol in which users use passwords and servers perform mutual authentications and key exchange using the certificate. In the EAP-TLS and the EAP-TTLS protocol the validity of the certificate sent from the server must be verified in order to authenticate the server. However, some network device cannot access the Internet until the authentication has been completed(e.g. in a wireless LAN public network service based on IEEE 802.1x standards). Thus, it is impossible to use Certificate Revocation List (CRL) to verify the server certificate on-line or to perform a certificate verification inquiry using an On-line Certificate Status Protocol (OCSP).