Abstract: In this paper an improvement to the GSM authentication protocol is proposed，which is the off-line mutual authentication of GSM based on Elliptic Curve Cryptography and Combined Public Key（CPK） technology.The proposed protocol utilizes asymmetric key cryptography in no need of setting up the third certificate agent，be able to resolve the problems in the production distribution and management of the key and the validation of the certificates in great network environment.The proposed protocol provides mutual authentication，requires less storage，avoids replay attack，consumes smaller network bandwidth，be capable of stream key’s updating every time.

摘要： 针对目前GSM网络认证和密钥协商过程中存在的安全隐患，提出了基于椭圆曲线组合公钥技术的GSM离线双向认证，在引入了非对称密钥加密的同时却不需要引入可信任第三方CA机构，能有效解决大规模网络环境中密钥生产、分发、存储管理与证书验证难等问题。实验分析表明，该方案不仅实现了GSM的双向认证，而且与其它方案相比，节省了网络带宽，降低了对存储空间的要求，且每次认证都实现了加密密钥刷新。