CN114760029A - Identity authentication method and device - Google Patents
Identity authentication method and device Download PDFInfo
- Publication number
- CN114760029A CN114760029A CN202011569190.0A CN202011569190A CN114760029A CN 114760029 A CN114760029 A CN 114760029A CN 202011569190 A CN202011569190 A CN 202011569190A CN 114760029 A CN114760029 A CN 114760029A
- Authority
- CN
- China
- Prior art keywords
- authentication
- message
- key
- identity
- access controller
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 238000012795 verification Methods 0.000 claims description 168
- 238000004364 calculation method Methods 0.000 claims description 114
- 238000004422 calculation algorithm Methods 0.000 claims description 86
- 238000012545 processing Methods 0.000 claims description 70
- 230000004044 response Effects 0.000 claims description 55
- 238000009795 derivation Methods 0.000 claims description 43
- 238000012790 confirmation Methods 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 17
- 230000002457 bidirectional effect Effects 0.000 abstract description 10
- 230000005540 biological transmission Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 7
- 229910052618 mica group Inorganic materials 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0414—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3242—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the application discloses an identity authentication method, when a request device and an authentication access controller adopt an entity authentication protocol of a symmetric key to carry out bidirectional identity authentication, identity information of the request device is transmitted in a form of a ciphertext in a message transmission process, so that the safety of real identity information of the request device in the identity authentication process is ensured. In addition, after verifying that the identity of the requesting device is legal, the authentication access controller correspondingly sends a first authentication message to a first authentication server trusted by the requesting device, so that the first authentication server is used for recording the behavior of the requesting device for requesting to access the network, objective evidence is provided for the subsequent network access point charging, and the network access point is effectively prevented from maliciously charging users who do not attempt to access the network in the service area.
Description
Technical Field
The present application relates to the field of network communication security technologies, and in particular, to an identity authentication method and apparatus.
Background
Currently, communication networks typically require two-way authentication to be performed between a user and a network access point to ensure that a legitimate user can communicate with a legitimate network. However, in the existing entity authentication scheme, the privacy information of the user cannot be protected generally, and the problem that the network access point performs malicious charging to cause abnormal charging to the user can exist.
Disclosure of Invention
In order to solve the technical problems, the application provides an identity authentication method and an identity authentication device, an entity authentication protocol of a symmetric key is adopted, the identity of an entity and the confidentiality of related information are guaranteed, meanwhile, bidirectional identity authentication between a request device and an authentication access controller is realized, and a legal user is ensured to access a legal network; and can prevent malicious charging by a network access point for users who are not attempting to access the network within their service area. Meanwhile, the ability of resisting quantum computing attack or dictionary brute force cracking attack of the protocol is enhanced by selecting and adopting key exchange computation and by ingenious details and process design.
The embodiment of the application discloses the following technical scheme:
in a first aspect, an embodiment of the present application provides an identity authentication method, including:
the method comprises the steps that a request device sends an authentication request message to an authentication access controller, wherein the authentication request message comprises an identity information ciphertext of the request device; the identity information ciphertext of the request equipment is obtained by encrypting the encrypted data including the identity of the request equipment by using the public key of the encryption certificate;
the authentication access controller sends a first authentication request message carrying an identity information ciphertext of the request device to a trusted second authentication server, receives a first authentication response message sent by the second authentication server, and obtains a certificate storing random number generated by the first authentication server trusted by the request device and an identity authentication key generated by the first authentication server from the first authentication response message, wherein the certificate storing random number and the identity authentication key are generated after the first authentication server decrypts the identity information ciphertext of the request device and determines that the identity of the request device is legal according to the decrypted identity of the request device; the identity authentication key is calculated according to calculation data comprising the first authentication server and a pre-shared encryption key of the request device;
the request equipment receives a first verification message sent by the authentication access controller, and sends a second verification message to the authentication access controller, wherein the first verification message comprises the authentication random number, and the second verification message comprises a first identity authentication code and a first message integrity check code; the first authentication code is generated by the requesting device by computing information including the authentication random number using its pre-shared authentication key with the first authentication server; the first message integrity check code is generated by the request device through calculation of other fields including the second verification message except the first message integrity check code by using a message integrity check key between the request device and the authentication access controller; the message integrity check key is obtained by calculation according to information including the identity authentication key;
the authentication access controller verifies the first message integrity check code, and after the verification is passed, the identity of the request equipment is determined to be legal, and an authentication completion message and a first certificate storage message are generated;
the request equipment verifies the second message integrity check code in the authentication completion message, and after the verification is passed, the identity of the authentication access controller is determined to be legal; the second message integrity check code is generated by the authentication access controller through calculation of the message integrity check key on other fields including the authentication completion message except the second message integrity check code;
and the first authentication server verifies the first authentication code in the first authentication storage message, and generates and stores a request passing record of the requesting device after the first authentication code passes the verification.
In a second aspect, an embodiment of the present application provides an authentication access controller, including:
a receiving unit, configured to receive an authentication request message sent by a requesting device, where the authentication request message includes an identity information ciphertext of the requesting device; the identity information ciphertext of the request equipment is obtained by encrypting the encrypted data including the identity of the request equipment by using the public key of the encryption certificate;
a sending unit, configured to send a first authentication request message carrying an identity information ciphertext of the requesting device to a second authentication server trusted by the authentication access controller;
the receiving unit is further configured to receive a first authentication response message sent by the second authentication server, and obtain, from the first authentication response message, a credential storing random number generated by a first authentication server trusted by the requesting device and an identity authentication key generated by the first authentication server; the identity authentication key is calculated according to calculation data comprising the first authentication server and a pre-shared encryption key of the request device;
the sending unit is further configured to send a first verification message to the requesting device, where the first verification message includes the authentication nonce;
the receiving unit is further configured to receive a second verification message sent by the requesting device, where the second verification message includes a first authentication code and a first message integrity check code; the first message integrity check code is generated by the request device through calculation of other fields including the second verification message except the first message integrity check code by using a message integrity check key between the request device and the authentication access controller; wherein, the message integrity check key is generated by calculation according to the information including the identity authentication key;
the processing unit is used for verifying the first message integrity check code, determining the identity of the request equipment to be legal after the verification is passed, and generating an authentication completion message and a first certificate storage message;
the sending unit is further configured to send the authentication completion message to the requesting device, and send the first credential storage message to the second authentication server.
In a third aspect, an embodiment of the present application provides a requesting device, including:
a sending unit, configured to send an authentication request message to an authentication access controller, where the authentication request message includes an identity information ciphertext of the requesting device; the identity information ciphertext of the request equipment is obtained by encrypting the encrypted data including the identity of the request equipment by using the public key of the encryption certificate;
a receiving unit, configured to receive a first verification message sent by the authentication access controller, where the first verification message includes an authentication random number;
a processing unit, configured to calculate, using a pre-shared authentication check key of a first authentication server trusted by the requesting device, a first authentication code for information including the authentication random number; calculating and generating a first message integrity check code by using a message integrity check key pair between the request equipment and the authentication access controller, wherein the message integrity check key pair comprises other fields except the first message integrity check code in a second verification message; wherein the message integrity check key is calculated from information including an identity authentication key calculated from calculation data including a pre-shared encryption key of the requesting device and the first authentication server;
the sending unit is further configured to send the second verification message to the authentication access controller, where the second verification message includes the first identity authentication code and the first message integrity check code;
the receiving unit is further configured to receive an authentication completion message sent by the authentication access controller;
the processing unit is further configured to verify a second message integrity check code in the authentication completion message, and after the verification is passed, determine that the identity of the authentication access controller is legal; the second message integrity check code is generated by the authentication access controller through calculation of other fields including the authentication completion message except the second message integrity check code by using the message integrity check key.
In a fourth aspect, an embodiment of the present application provides a first authentication server, where the first authentication server is an authentication server trusted by a requesting device, and the first authentication server includes:
the processing unit is used for decrypting an identity information ciphertext of the request equipment by using a private key corresponding to the encrypted certificate to obtain an identity of the request equipment, determining the legality of the request equipment according to the identity of the request equipment, and generating a certificate random number and an identity authentication key after determining that the identity of the request equipment is legal, wherein the identity authentication key is obtained by calculation according to calculation data including a pre-shared encrypted key of the first authentication server and the request equipment;
the processing unit is further configured to verify the first authentication code in the first authentication message, and generate and store a request passing record of the requesting device after the first authentication code passes the verification.
In a fifth aspect, an embodiment of the present application provides a second authentication server, where the second authentication server is an authentication server trusted by an authentication access controller, and includes:
a receiving unit, configured to receive a first authentication request message carrying an identity information ciphertext of a requesting device, sent by the authentication access controller;
a sending unit, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes a certificate storing random number generated by a first authentication server trusted by the requesting device and an identity authentication key generated by the first authentication server;
the receiving unit is further configured to receive a first authentication message sent by the authentication access controller, where the first authentication message includes a first identity authentication code.
According to the technical scheme, when the request equipment and the authentication access controller adopt the entity authentication protocol of the symmetric key to carry out bidirectional identity authentication, the identity information of the request equipment is transmitted in a form of ciphertext in the message transmission process, so that the safety of the real identity information of the request equipment in the identity authentication process is ensured. In addition, after the authentication access controller verifies that the identity of the requesting device is legal, the authentication access controller correspondingly sends a first authentication message to a first authentication server trusted by the requesting device, so that the first authentication server is utilized to record the behavior of the requesting device for requesting to access the network, objective evidence is provided for the charging of a subsequent network access point, and the malicious charging of a user who does not attempt to access the network in a service area of the network access point is effectively prevented.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the description below are only some embodiments of the present application, and for those skilled in the art, other drawings may be obtained according to these drawings without inventive labor.
Fig. 1 is a schematic diagram of an identity authentication method according to an embodiment of the present application;
fig. 2 is a schematic diagram of an identity authentication method in a non-roaming case according to an embodiment of the present application, where "+" denotes an optional field or an optional operation;
fig. 3 is a schematic diagram of an identity authentication method in a roaming case provided in an embodiment of the present application, where "+" denotes an optional field or an optional operation;
fig. 4 is a block diagram of an architecture of an authentication access controller AAC according to an embodiment of the present application;
fig. 5 is a block diagram illustrating a structure of a request device REQ according to an embodiment of the present disclosure;
fig. 6 is a block diagram illustrating a structure of a first authentication server AS-REQ according to an embodiment of the present application;
fig. 7 is a block diagram of a second authentication server AS-AAC according to an embodiment of the present disclosure.
Detailed Description
In a communication network, a requesting device may access a network through an authentication access controller, and in order to ensure that the requesting device accessing the network is a legitimate device and that the network to which the user has requested access is a legitimate network, two-way authentication is typically required between the authentication access controller and the requesting device.
For example, in a scenario that the requesting device accesses the wireless network through the authentication access controller, the requesting device may be a terminal device such as a mobile phone, a Personal Digital Assistant (PDA), a tablet computer, and the authentication access controller may be a wireless access point. In a scenario where the requesting device accesses the wired network through the authentication access controller, the requesting device may be a terminal device such as a desktop computer or a notebook computer, and the authentication access controller may be a switch or a router. In a scenario that the requesting device accesses a fourth/fifth Generation mobile communication technology (the 4th/5th Generation mobile communication technology, abbreviated as 4G/5G) network through the authentication access controller, the requesting device may be a mobile phone, and the authentication access controller may be a base station. Of course, the method and the device are also applicable to various data communication scenes such as other wired networks, near field communication networks and the like.
In the process of identity authentication of the request device, the request device needs to provide real identity information of itself so that the authentication access controller can perform identity authentication on the request device, for example, the identity information may be an identity of the request device, and the identity may carry private and sensitive information such as an identity number, a home address, bank card information, a geographic location, and the like.
In order to solve the above technical problem, an embodiment of the present application provides an identity authentication method, in which a requesting device sends an authentication request message to an authentication access controller, where the authentication request message includes an identity information ciphertext of the requesting device, and the identity information ciphertext is obtained by encrypting, by the requesting device, encrypted data including an identity of the requesting device using a public key of an encryption certificate; the authentication access controller sends a first authentication request message carrying an identity information ciphertext of the request device to a trusted second authentication server, receives a first authentication response message sent by the second authentication server, and obtains a certificate storage random number generated by the first authentication server trusted by the request device after the identity of the request device is determined to be legal and an identity authentication key generated by the first authentication server from the first authentication response message, wherein the identity authentication key is obtained by calculation according to calculation data comprising a pre-shared encryption key of the first authentication server and the request device; the method comprises the steps that a request device receives a first verification message sent by an authentication access controller, the first verification message comprises an authentication random number, and sends a second verification message to the authentication access controller, the second verification message comprises a first authentication code and a first message integrity check code, the first authentication code is generated by the request device through calculation of a pre-shared authentication check key of the request device and a first authentication server on information comprising the authentication random number, and the first message integrity check code is generated by the request device through calculation of a message integrity check key between the request device and the authentication access controller on fields comprising the second verification message except the first message integrity check code; the authentication access controller verifies the first message integrity check code, after the verification is passed, the identity of the request equipment is determined to be legal, and an authentication completion message and a first certificate storing message are generated; the request equipment verifies a second message integrity check code in the authentication completion message, after the verification is passed, the identity of the authentication access controller is determined to be legal, and the second message integrity check code is generated by the authentication access controller through calculation of other fields including the authentication completion message except the second message integrity check code by utilizing the message integrity check key; and the first authentication server verifies the first authentication code in the first authentication message, and generates and stores a request passing record of the requesting device after the verification is passed.
Therefore, when the request equipment and the authentication access controller adopt the entity authentication protocol of the symmetric key to carry out bidirectional identity authentication, the identity information of the request equipment is transmitted in a form of ciphertext, and therefore the safety of the real identity information of the request equipment in the identity authentication process is ensured. In addition, after the authentication access controller verifies that the identity of the requesting device is legal, the authentication access controller correspondingly sends a first authentication message including a first identity authentication code generated by the requesting device to a first authentication server trusted by the requesting device, so that the first authentication server generates and stores a record of the requesting device requesting to access the network according to the first identity authentication code, provides objective evidence for charging of a subsequent network access point, and effectively prevents the network access point from maliciously charging users who do not attempt to access the network in a service area of the network access point.
It should be noted that the Identity Authentication method provided in the embodiment of the present application is used to implement bidirectional Identity Authentication (MIA for short) for authenticating the access controller and the requesting device.
For convenience of introduction, in the embodiments of the present application, an identity Authentication method will be described by taking a request device (REQ), an Authentication Access Controller (AAC), and an Authentication Server (AS) AS an example.
Wherein REQ trusted AS is referred to AS a first authentication server AS-REQ, and AAC trusted AS is referred to AS a second authentication server AS-AAC. The REQ may be an endpoint participating in the authentication process, establishing a connection with AAC, accessing services provided by AAC, and accessing AS through AAC. AAC can be another end point participating in the identity authentication process, establishes connection with REQ, provides service, and can directly access AS-AAC; AS-AAC has direct access to AS-REQ. When REQ is the same AS the AS trusted by AAC, AS-AAC and AS-REQ may be the same AS; when REQ is different from AAC trusted AS, AS-AAC is a different AS than AS-REQ, when roaming occurs.
In the adoption ofBefore the entity authentication protocol of the symmetric key realizes the bidirectional identity authentication between the REQ and the AAC, a pre-shared certificate-storing verification key K is arranged between the REQ and the AS-REQREQ_AS,KREQ_ASThe same static key, preset or distributed for REQ and AS-REQ, both REQ and AAC have an ID that can identify themselves. A Certificate decryption server (CS-DEC) holds an encryption Certificate and a private key corresponding to the encryption Certificate which are in accordance with ISO/IEC 9594-8/ITU X.509 and specified by other standards or other technical systems, and the CS-DEC can be an independent server or can reside in AS-REQ; and REQ knows the encryption certificate or the public key in the encryption certificate.
An identity authentication method shown in fig. 1 is described below, and the method includes:
s101, REQ sends an authentication request message ATTACH to AAC.
Identity information ciphertext EncPub containing REQ in ATTACHAS。EncPubASIs that the REQ includes its own identity ID with a public key pair of cryptographic certificatesREQThe encrypted data inside is obtained by encryption. Therefore, in the process of transmitting the message, the illegal molecules are prevented from acquiring the real identity of the REQ, and the safety of the real identity of the REQ is ensured. In this application, an encrypted object is referred to as encrypted data.
Optionally, REQ calculates EncPubASMay also include the identity encryption key Nonce generated by the REQ in the encrypted dataREQIDI.e. the REQ may also include the ID with a public key pair of an encryption certificateREQAnd NonceREQIDEncrypting the encrypted data inside to obtain identity information ciphertext EncPubAS。
Optionally, Security capability parameters information Security capabilities supported by REQ may also be included in the ATTACHREQ,Security capabilitiesREQIncluding REQ-supported authentication suite (one or more authentication methods included in the authentication suite), integrity check algorithm, HASH (HASH) algorithm, key exchange algorithm, and/or key derivation algorithm, etc., for AAC to select a specific Security policy capabilities to be usedAAC。
Optionally, at least one identity Route of REQ trusted authentication server may also be included in the ATTACHASSo that AAC is according to RouteASAnd the identity of the authentication server trusted by the authentication server determines a second authentication server AS-AAC.
Optionally, the ATTACH may further include a first random number Nonce generated by REQREQ。
S102, AAC sends a first authentication request message AACVeri to its trusted AS-AAC.
The AACVeri comprises identity information ciphertext EncPub of the REQ carried in ATTACHAS。
Optionally, if the ATTACH includes the identity Route of the REQ trusted at least one authentication serverASAAC needs to be based on Route in ATTACH before sending AACVeriASAnd the identity of the authentication server trusted by the authentication server determines a second authentication server AS-AAC. Specifically, if a joint trust authentication server exists between REQ and AAC, it may be determined that the authentication server is a non-roaming case at this time, that is, the AS-AAC and the AS-REQ are the same authentication server; if there is no co-trusted authentication server between REQ and AAC, it can be determined that this is a roaming case, i.e. AS-AAC and AS-REQ are two independent authentication servers.
Optionally, the identity ID of AAC may also be included in the AACVeriAACAnd/or AAC generated second random number NonceAAC. If the ATTACH transmitted by REQ to AAC includes NonceREQThe Nonce may also be included in the AACVeri that AAC transmits to AS-AACREQ。
S103, AAC receives a first authentication response message ASVeri sent by AS-AAC.
The ASVeri comprises a certificate-storing random number and an identity authentication key IAK which are generated by the AS-REQ after the identity of the REQ is verified to be legal.
It should be noted that, if the AS-REQ and the AS-AAC are the same authentication server, that is, in a non-roaming situation, at this time, the AS-AAC (of course, the AS-REQ) may be used to represent the authentication server that REQ and AAC trust together, and then the AAC sends the authentication server carrying EncPub to the AS-AAC (also may be represented AS the AS-REQ), and the authentication server carries EncPubASAACVeri, AS-AAC (Or AS-REQ) to obtain the decryption EncPub using the private key corresponding to the encrypted certificateASThe obtained IDREQAnd according to the IDREQJudging whether the identity of the REQ is legal or not, and if so, generating a random number Nonce for storing the certificateAS_AAC(also can be expressed as Nonce)AS_REQ) And identity authentication key IAK, and will include NonceAS_AAC(also can be expressed as Nonce)AS_REQ) ASVeri with IAK is sent to AAC. Wherein, the pair of EncPubASMay be performed by the CS-DEC in an interactive, trusted relationship with AS-AAC (also denoted AS-REQ) and may also be performed by AS-AAC (also denoted AS-REQ). Wherein, IAK is a pre-shared encryption key K of AS-AAC (also can be expressed AS AS-REQ) including self and REQ by adopting a key derivation algorithm agreed with REQREQ_ASThe calculation data is obtained by calculation. In the present application, a calculation target used in arithmetic operation is referred to as calculation data.
If AS-REQ and AS-AAC are different authentication servers, namely roaming situation, AAC sends EncPub carrying EncPub to AS-AAC at the momentASThe AACVeri and the AS-AAC generate a second authentication request message AS-AACVeri according to the AACVeri and send the AS-AACVeri to the AS-REQ, wherein the AS-AACVeri carries EncPubAS. AS-REQ obtains and utilizes private key corresponding to the encryption certificate to decrypt EncPubASThe obtained IDREQAccording to IDREQJudging whether the identity of the REQ is legal or not, and if so, generating a random number Nonce for storing the certificateAS_REQAnd an identity authentication key IAK, which will include NonceAS_REQSending a second authentication response message AS-REQVeri including IAK to AS-AAC, generating ASVeri by AS-AAC according to AS-REQVeri, and including NonceAS_REQASVeri with IAK is sent to AAC. Wherein, the pair of EncPubASMay be performed by the CS-DEC, which has an interactive, trusted relationship with the AS-REQ, and may also be performed by the AS-REQ. The IAK is a pre-shared encryption key K of the AS-REQ and the REQ by adopting a key derivation algorithm agreed with the REQREQ_ASThe calculation data is obtained by calculation.
Optionally, when AACVeri includes a NonceREQAnd NonceAACThe authentication server calculates IAThe calculation data at K further includes NonceREQAnd NonceAAC。
Optionally, when identity information ciphertext EncPub of REQASThe encrypted data further comprises an identity encryption key NonceREQIDIn the non-roaming case, AS-AAC (which may of course also be denoted AS-REQ) may also make use of the decrypted EncPubASThe obtained NonceREQIDFor IDREQEncrypting to obtain the identity identification ciphertext of the REQ, wherein the ASVeri can also comprise the identity identification ciphertext of the REQ; in roaming cases, the AS-REQ can also utilize decrypted EncPubASThe obtained NonceREQIDFor IDREQEncrypting to obtain the identity identification ciphertext of the REQ, wherein the AS-REQVeri and the ASVeri can also comprise the identity identification ciphertext of the REQ; the identity cryptogram of the REQ may be a Nonce that is utilizedREQIDFor IDREQThe result of the XOR operation, i.e.
Optionally, when the AACVeri includes IDAACAnd/or NonceAACWhen, ASVeri may also include IDAACAnd/or NonceAAC. Correspondingly, after AAC receives ASVeri, the ID in the ASVeri can be judgedAACIdentity ID with itselfAACWhether they are consistent and/or whether it is judged that the Nonce in ASVeri is consistentAACWith self-generated NonceAACAnd if the two are consistent, continuing to execute subsequent operations, and if the two are not consistent, discarding the ASVeri.
Optionally, a pre-shared encryption key EK is arranged between AAC and AS-AACAAC_ASAs-AAC can utilize EKAAC_ASEncrypting information including IAK to obtain identity authentication key ciphertext EncDataAS_AACUsing EncDataAS_AACReplacing IAK in ASVeri.
S104, AAC sends a first authentication message AACAuth to REQ.
The AACAuth includes a certificate-storing random number.
Optionally, the AACAuth may further include a first key exchange parameter KeyInfoAAC。KeyInfoAACThe AAC utilizes the identity authentication key IAK to encrypt and calculate information including the self-generated temporary public key by adopting a symmetric encryption algorithm to obtain a result. AAC calculation KeyInfoAACIn the method, a hash value of IAK, i.e. hash (IAK), may be calculated first, and then exclusive or operation may be performed on the hash (IAK) and information including the temporary public key generated by AAC to generate KeyInfoAAC. Alternatively, AAC calculates KeyInfoAACIn the method, the extended identity authentication key EIAK is calculated, and then the EIAK and the information including the temporary public key generated by AAC are subjected to XOR operation to generate KeyInfoAACWhere EIAK is calculated by a key derivation algorithm based on the IAK and other information included (other information used by AAC and REQ is the same and optional, such as a specific string, etc.). Wherein the temporary public key produced by AAC is a temporary public key in an AAC-produced temporary public-private key pair.
Optionally, if the ASVeri carries the identity authentication key ciphertext EncDataAS_AACAAC then needs to utilize its pre-shared encryption key EK with AS-AACAAC_ASDecrypting encDataAS_AACIAK is obtained.
Optionally, if Security capabilities are included in ATTACHREQThen AAC may be based on Security capabilitiesREQDetermining the specific Security policies used by itselfAACAnd Security capabilities are combinedAACAdded to AACAuth and sent to REQ. Security capabilitiesAACAn identity authentication method, an integrity check algorithm, a hash algorithm, a key exchange algorithm and/or a key derivation algorithm, etc. representing the AAC determination.
Optionally, when ASVeri further includes the id ciphertext of REQ, AAC may add the id ciphertext of REQ to AACAuth and send it to REQ, that is, AACAuth may further include
Optionally, AAC may also identifyAAC、NonceAACAnd NonceREQAny one or more of these is added to AACAuth and sent to REQ.
S105, REQ uses the pre-shared certificate-storing verification key IK with AS-REQREQ_ASComputing the computed data including the certified random number to generate a first identity authentication code MICREQAnd calculating and generating a first message integrity check code MacTag by using the message integrity check key between the first message integrity check key and the AAC for other fields except the first message integrity check code in the second verification messageREQ。
Optionally, the REQ may generate a second key exchange parameter, KeyInfoREQFor example, after the REQ receives the AACAuth, the identity authentication key IAK may be used to encrypt and calculate information including the temporary public key generated by the REQ by using a symmetric encryption algorithm to generate the KeyInfoREQ. Simply, REQ calculates hash value HASH (IAK) of IAK, and generates KeyInfo by XOR operation of HASH (IAK) and information including temporary public key generated by REQREQ(ii) a Or, the REQ calculates the extended identity authentication key EIAK first, and then performs an exclusive or operation on the EIAK and information including the temporary public key generated by the REQ to generate KeyInfoREQWherein EIAK is calculated by a key derivation algorithm from the information including the IAK and other information (other information used by AAC and REQ is the same and optional, such as a specific string, etc.). Wherein, the IAK utilized by the REQ is that the REQ adopts a key derivation algorithm agreed with the AS-REQ to carry out pre-sharing encryption key K comprising the IAK and the AS-REQREQ_ASThe calculation data is obtained by calculation.
Optionally, when AACAuth includes NonceREQAnd NonceAACWhen REQ calculates IAK, the calculation data of REQ may further include NonceREQAnd NonceAAC。
The message integrity check key between REQ and AAC may be shared in advance between REQ and AAC, or may be generated by negotiation between REQ and AAC. The method for generating the message integrity check key by the negotiation of REQ and AAC comprises the following steps: REQ may be based on the inclusion of KeyInfoREQCorresponding temporary private key and key infoAACPerforming key exchange calculation on the recovered temporary public key to obtain a first key K1, and combining K1 with NonceAAC、NonceREQAnd other information (REQ and AAC adopted thereforHis information is the same and optional, such as a particular string, etc.), a message integrity check key is calculated using a key derivation algorithm. The key exchange refers to a key exchange algorithm such as Diffie-Hellman (DH for short). KeyinfoREQThe corresponding temporary private key is the temporary private key in the temporary public-private key pair generated by the REQ.
Optionally, when AACAuth includes NonceREQWhen REQ is used, the Nonce in AACAuth can be verifiedREQNonce generated with REQREQIf the consistency is consistent, the subsequent operation is continuously executed, and if the consistency is not consistent, the AACAuth is discarded.
Optionally, when AACAuth includesComputing MICREQThe calculation data used may also includeThat is, the REQ can adopt a message integrity check algorithm agreed with the AS-REQ by itself and utilize IKREQ_ASTo is composed ofMIC generated by computing computed data including certificate-storing random numberREQ。
Optionally, when AACAuth includesREQ may be based on NonceREQIDAnd own identity IDREQFor in AACAuthCarrying out verification; in one way, REQ can utilize NonceREQIDAndrecovering ID by performing XOR operationREQAnd then comparing the recovered IDREQWith REQ's own IDREQWhether or not to be consistentAlternatively, REQ will NonceREQIDAnd ID of itselfREQPerforming XOR operation, comparing the result of XOR operation with that in AACAuthWhether the two are consistent; if the two-dimensional code is consistent with each other, the subsequent operation is continuously executed, and if the two-dimensional code is not consistent with each other, the AACAuth is discarded.
S106, REQ sends a second authentication message REQAuth to AAC.
The REQAuth includes MICREQAnd MactagREQ。
Optionally, KeyInfo may be included in REQAuthREQ. Optionally, when AACAuth includes NonceAACWhen REQ may be a NonceAACAdded to REQAuth.
S107, AAC to MacTagREQAnd performing verification, and generating an authentication completion message AACFinith and a first authentication message AACUpdate after the verification is passed.
MacTagREQThe verification process of (2) comprises: if MacTagREQUtilizing the message integrity check key pair between REQ and AAC for REQ including the division MacTag in REQAUthREQThe other fields except the field are generated by calculation, and the AAC verifies the MacTagREQWhen it comes time, the message integrity check key pair between it and the REQ should be used, including the MacTag-by-REQAuthREQMactag is generated by other field calculationREQThe MacTag obtained by calculationREQAnd Mactag in REQAuthREQAnd comparing, if the REQAUT is consistent with the REQAUT, passing the verification, and determining that the identity of the REQ is legal, and if the REQAUT is not consistent with the REQAUT, executing the following operations according to a local policy, including discarding REQAUT or determining that the identity of the REQ is illegal.
The message integrity check key between AAC and REQ may be pre-shared between AAC and REQ, or may be generated by negotiation between AAC and REQ. The method for generating the message integrity check key by the negotiation of AAC and REQ comprises the following steps: AAC may be based on inclusion of KeyInfoAACCorresponding temporary private key and key infoREQPerforming key exchange calculation on the recovered temporary public key to obtain a first key K1, and combining K1 with NonceAAC、NonceREQAnd other information (other information employed by AAC and REQ is the same and optional, such as a specific string, etc.), the message integrity check key is calculated using a key derivation algorithm. KeyInfoAACThe corresponding temporary private key is a temporary private key in a temporary public and private key pair generated by AAC and is generated by KeyInfoREQThe temporary public key recovered is the temporary public key in the temporary public-private key pair generated by the REQ.
Optionally, when REQAUth includes NonceAACWhen AAC is verifying MacTagREQPreviously, nonces in REQAuth may also be certified a prioriAACWith self-generated NonceAACAnd if the operation is consistent with the operation, continuing to execute the subsequent operation, and if the operation is not consistent with the operation, discarding REQAuth.
Optionally, AAC may also allocate a temporary identity TID for REQREQnewFor associating TIDs withREQnewAdded to aaccinish and aaccupdate.
In addition, in order to realize identity authentication of REQ on AAC, AAC also generates a second message integrity check code MacTagAACAnd applying the MacTagAACAdded to AACFinish. MactagAACThe message integrity check key pair between AAC and REQ can be utilized for AAC, including the division of MacTag in the authentication completion message AACFinithAACAnd other fields except the field are calculated and generated.
Optionally, after the identity of the REQ is verified by AAC to be legitimate, a session key for ensuring subsequent secure communication of the REQ and AAC may also be calculated. Specifically, AAC may be based on including KeyInfoAACCorresponding temporary private key and key infoREQPerforming key exchange calculation on the recovered temporary public key to obtain a first key K1, and combining K1IDAACAnd other information (other information employed by AAC and REQ is the same and optional, such as a special string, etc.), the session key (including the data encryption key and/or the data integrity check key) is calculated using a key derivation algorithm.
In the above manner, when calculating the session key, AAC may calculate a string of key data by using a key derivation algorithm, where the key data may be used as a data encryption key and/or a data integrity check key, or use a part of the key data as a data encryption key and another part of the key data as a data integrity check key.
S108, AAC sends an authentication complete message aaccinish to REQ.
The AACFinish includes MactagAAC. If AAC distributes temporary identity TID for REQREQnewIf the AACFinith also includes TIDREQnew。
S109, REQ to MacTag in AACFinishAACAnd (5) carrying out verification, and determining the identity of the AAC to be legal after the verification is passed.
MacTagAACThe verification process of (2) comprises: if MacTagAACUsing the message integrity check key pair between AAC and REQ for AAC includes the division of MacTag in AACFinithAACOther fields than those generated by calculation, REQ verifies MacTagAACWhen the method is used, the message integrity check key pair between the method and AAC is divided by MacTag in AACFinithAACMactag is generated by other field calculationAACThe MacTag obtained by calculationAACAnd Mactag in AACFinishAACAnd comparing, if the AAC identity is consistent with the AAC identity, the AAC identity is determined to be legal, and if the AAC identity is not consistent with the AAC identity, performing the following operation according to a local policy, including discarding the AAC identity or determining that the AAC identity is illegal.
Optionally, after the REQ determines that the identity of AAC is legal, the TID may be savedREQnewSo as to use the TID in the subsequent identity authentication processREQnewReplacing the real identification of the user.
Optionally, after the REQ verifies that the identity of AAC is legal, a session key for ensuring subsequent secure communication of the REQ and AAC can be calculated. Specifically, the REQ may be determined to include KeyInfoREQCorresponding temporary private key and key infoAACThe recovered temporary public key is subjected to key exchange calculation to obtain a first key K1, and K1 is combinedIDAACAnd other information (other information employed by REQ and AAC is the same and optional, such as a specific string, etc.), the session key (including the data encryption key and/or the data integrity check key) is calculated using a key derivation algorithm. From KeyInfoAACThe recovered temporary public key is a temporary public key in an AAC-generated temporary public-private key pair.
When calculating the session key in the above manner, the REQ may calculate a string of key data by using a key derivation algorithm, where the key data may be used as a data encryption key and/or a data integrity check key, or use a part of key data in the key data as a data encryption key and another part of key data as a data integrity check key.
S110, AAC sends a first evidence storing message AACUpdate to AS-REQ.
The AACUpdate comprises MIC carried in REQAUthREQ。
In the non-roaming case, AAC may send aaccuprate directly to AS-AAC (which may be expressed AS-REQ).
In roaming case, after AAC generates AACUpdate, AACUpdate is sent to AS-AAC; further, the AS-AAC generates a second evidence storing message ASupdate according to AACUpdate, wherein the ASupdate comprises MICREQAnd sends ASUpdate to the AS-REQ.
The AACUpdate may also include a temporary identity TID allocated by AAC for REQREQnew。
Optionally, the aaccuprate may further include a second identity authentication code MICAAC。MICAACIs pre-shared check key IK of AAC utilization and AS-AACAAC_ASApplying pre-shared message integrity check algorithm to MIC in AACUpdateAACThe other previous field calculations are generated.
S111, AS-REQ vs MICREQAnd (4) carrying out verification, and generating and storing the request passing record of the REQ after the verification passes.
AS-REQ may also save the TID when the request to generate and store the REQ is recordedREQnew。
If in AACUpdateAlso includes MICAACThen in the non-roaming case, AS-AAC (which may of course be denoted AS AS-REQ) vs. MICREQAnd MICAACVerification is performed, i.e. AS-AAC (which of course can also be denoted AS-REQ) utilizes its pre-shared check key IK with AACAAC_ASLocally computing MICAACAnd pre-shared credential verification key IK with REQREQ_ASComputing MIC locallyREQThen calculating the obtained MICAACAnd MIC in AACUpdateAACComparing, and calculating the MICREQAnd MIC in AACUpdateREQAnd comparing, and if the two are consistent, passing the verification.
If the AACUpdate also comprises MICAACThen, in case of roaming, the AS-AAC is used to compare MICAACVerification is carried out, namely the AS-AAC utilizes the pre-shared check key IK with the AACAAC_ASLocally computing MICAACThe calculated MICAACAnd MIC in AACUpdateAACAnd comparing, if the AS-AAC data and the AS-REQ data are consistent, the AS-AAC data passes verification, the AS-AAC data regenerates ASupdate after the AS-AAC data passes verification, and the ASupdate is sent to the AS-REQ. Further, MIC in ASupdate by AS-REQREQAuthentication is performed, i.e. its pre-shared credential check key IK with REQ is utilized by AS-REQREQ_ASLocally computing MICREQThe MIC obtained by calculationREQMIC in ASUpdateREQIf the two REQ requests match, the verification is passed, and a request pass record of the REQ can be generated and stored.
In practical applications, S108 may be executed first and then S110 may be executed, S110 may be executed first and then S108 may be executed, or S108 and S110 may be executed simultaneously.
Optionally, the AAC may first perform S110, that is, send the first authentication code MIC in the first authentication message, and perform S111 on the first authentication code MIC in the first authentication messageREQAfter the verification is passed, a first authentication confirmation message is generated for preventing REQ from intentionally sending a wrong first authentication code MICREQTo evade billing. After receiving the first certificate-deposit confirmation message, AAC executes S108, that is, sends the authentication completion message to REQ.
According to the technical scheme, when the request equipment and the authentication access controller adopt the entity authentication protocol of the symmetric key to carry out bidirectional identity authentication, the identity information of the request equipment is transmitted in a form of a ciphertext, so that the safety of the real identity information of the request equipment in the identity authentication process is ensured. In addition, after the authentication access controller verifies that the identity of the requesting device is legal, the authentication access controller correspondingly sends a first authentication message to a first authentication server trusted by the requesting device, so that the first authentication server is utilized to record the behavior of the requesting device for requesting to access the network, objective evidence is provided for the charging of a subsequent network access point, and the malicious charging of a user who does not attempt to access the network in a service area of the network access point is effectively prevented.
Based on the foregoing embodiments, the identity authentication method provided by the embodiments of the present application is described below for both non-roaming and roaming cases.
Referring to fig. 2, an embodiment of an identity authentication method in a non-roaming situation, in which an AS-AAC (which may also be referred to AS-REQ) may be used to represent an authentication server that AAC and REQ jointly trust, includes:
s201, REQ Generation NonceREQ、NonceREQIDAnd EncPubASGenerating Security capabilities as requiredREQ。
S202, REQ sends an authentication request message ATTACH to AAC.
The ATTACH includes Security capabilitiesREQ、EncPubAS、RouteASAnd NonceREQ. Wherein EncPubASPublic key pair including ID using cryptographic certificate for REQREQ、NonceREQIDCalculating identity information ciphertext of the REQ by using the encrypted data; routeASAn identification of the authentication server indicating REQ trust; security capabilitiesREQOptional fields are security capability parameter information supported by the REQ, including identity authentication suite, integrity check algorithm, HASH (HASH) algorithm, key exchange algorithm, and/or key derivation algorithm supported by the REQ (hereinafter the same).
S203, AAC generation NonceAAC。
AAC according to RouteASAnd judging whether the REQ trusted authentication server is the same as the self trusted authentication server or not, and if so, determining that the REQ trusted authentication server is not in a roaming condition, wherein the REQ and the AAC have a co-trusted authentication server in the embodiment.
S204, AAC sends a first authentication request message AACVeri to AS-AAC.
The AACVeri comprises EncPubAS、NonceREQ、IDAACAnd NonceAAC. Wherein EncPubASAnd NonceREQShall be equal to the corresponding field in ATTACH, respectively; IDAACIs an optional field.
After S205 and AS-AAC receive the AACVeri, the following operations (unless otherwise specified or logically connected, the following actions numbered (1) and (2) … … are not necessarily ordered according to the numbering, and the same applies throughout) are performed, including:
(1) decrypting EncPub with the private key of the encryption certificateASGet IDREQAnd NonceREQIDAccording to IDREQJudging whether the identity of the REQ is legal, if so, continuing to execute subsequent operation, and if not, discarding the AACVeri;
(2) calculating to generate an IAK;
AS-AAC utilizes pre-shared encryption key K between it and REQREQ_ASBinding includes IDREQ、NonceREQ、IDAAC、NonceAACThe IAK is calculated by adopting a key derivation algorithm agreed with REQ in advance to calculate the internal calculation data.
(3) Generating a random number Nonce for authenticationAS_AAC;
(5) Optionally, AS-AAC utilizes its pre-shared encryption key EK with AACAAC_ASGenerating EncData by encrypting information including IAKAS_AAC。
S206, the AS-AAC sends a first authentication response message ASVeri to the AAC.
The ASVeri comprisesNonceREQ、IDAAC、NonceAAC、NonceAS_AACAnd an IAK. Wherein, IDAACIs an optional field, if and only if the ID in AACVeriAACExists and exists; ID (identity)AAC、NonceAACShould be equal to the corresponding field in AACVeri, respectively; if EncData existsAS_AACWhen AS-AAC utilizes EncDataAS_AACReplacing IAK in ASVeri.
After S207 and AAC receive ASVeri, the following operations are executed, including:
(1) check the Nonce in ASVeriAACNonce generated with AACAACIf the two are consistent, if the ID exists in the ASVeriAACCheck the ID in ASVeriAACIdentity ID with AAC itselfAACWhether the two are consistent; if any one is inconsistent, discarding the ASVeri;
(2) obtaining IAK;
inclusion of EncData in ASVeriAS_AACIn case of (1), then the pre-shared encryption key EK between it and AS-AAC is utilizedAAC_ASDecrypting encDataAS_AACObtaining an IAK;
(3) generating EIAK by calculation using a key derivation algorithm based on information including IAK and other information (other information used by AAC and REQ is the same and optional, such as a specific string, etc.);
(4) and generating KeyInfo by calculationAAC;
Wherein, AAC generates KeyInfo by XOR operation of EIAK and information including temporary public key generated by AACAAC。
S208, AAC sends a first authentication message AACAuth to REQ.
The AACAuth includes Security capabilitiesAAC、KeyInfoAAC、NonceREQ、IDAAC、NonceAACAnd NonceAS_AAC. Wherein,NonceREQ、NonceAAC、NonceAS_AACshould be equal to the corresponding field in ASVeri, respectively. Security capabilitiesAACIs an optional field, representing AAC according to Security capabilitiesREQThe choice of the particular Security policy to be made, i.e. the identity authentication method, integrity check algorithm, HASH (HASH) algorithm, key exchange algorithm and/or key derivation algorithm, etc. (see below) used for AAC determination, if and only if Security capabilities are present in the ATTACHREQOnly then do Security capabilities existAAC。
After receiving the AACAuth, the S209, REQ performs the following operations including:
(2) Checking the recovered IDREQIdentity ID with REQ itselfREQIf the two are consistent, the nonces in AACAuth are checkedREQWith REQ generated NonceREQWhether the two are consistent; if any one is inconsistent, discarding AACAuth;
(3) calculating the IAK;
REQ utilizes pre-shared encryption key K with AS-AACREQ_ASBinding includes IDREQ、NonceREQ、IDAAC、NonceAACAnd calculating the IAK by adopting a key derivation algorithm agreed with the AS-AAC in advance according to the included calculation data. The calculation data used by REQ to calculate IAK is the same AS the calculation data used by AS-AAC to calculate IAK in S205.
(4) Generating EIAK by calculation using a key derivation algorithm based on information including IAK and other information (other information used by AAC and REQ is the same and optional, such as a specific string, etc.);
(5) and generating KeyInfo by calculationREQ;
REQ EIAK and including REQ generationCarrying out XOR operation on the information including the temporary public key to generate KeyInfoREQ。
(6) Calculating a message integrity checking key;
REQ is based on inclusion of KeyInfoREQCorresponding temporary private key and key infoAACPerforming key exchange calculation on the recovered temporary public key to obtain a first key K1, and combining K1 with NonceREQ、NonceAACAnd other information (other information used by REQ and AAC is the same and optional, such as a specific string, etc.), the message integrity check key is calculated using a key derivation algorithm.
(7) Calculating MICREQ;
(8) Computing MacTagREQ。
S210, REQ sends a second authentication message REQAuth to AAC.
The REQAuth includes NonceAAC、KeyInfoREQ、MICREQAnd MactagREQ. Wherein, NonceAACShould equal Nonce in AACAuthAAC;MICREQREQ utilizes pre-shared certificate-storing check key IK between the REQ and AS-AACREQ_ASThe pair of the message integrity check algorithm pre-shared with the AS-AAC is adopted to comprise the NonceAS_AACThe calculation data is obtained by calculation. MactagREQIs REQ to use the message integrity check key pair including the MacTag-Subdivision in REQAuthREQAnd calculating the information in other fields except the field.
After S211 and AAC receive REQAuth, the following operations are executed, including:
(1) checking the Nonce in REQAuthAACNonce generated with AACAACIf not, discarding REQAUth;
(2) calculating a message integrity check key;
AAC includes KeyInfoAACCorresponding temporary private key and key infoREQThe recovered temporary public key is subjected to key exchange calculation to obtain a first key K1, and K1 is combined with NonceREQ、NonceAACAnd other information (other information used by AAC and REQ are identical and optional, such as special wordsString, etc.), a message integrity check key is calculated using a key derivation algorithm.
(3) Verification of MacTagREQ;
AAC uses message integrity check key pairs including MacTag-divided in REQAuthREQThe MacTag is obtained by locally calculating the information in other fieldsREQ(this calculation method and REQ calculation MacTagREQIn the same manner as above), the calculated MacTag is comparedREQAnd Mactag in REQAuthREQAnd if the REQAUt is consistent with the REQAUt, determining that the identity of the REQ is legal, and if the REQAUt is not consistent with the REQAUt, discarding the REQAUt.
(4) Temporary identity TID generated for REQ allocationREQnew;
(5) Optionally, calculating MICAAC。
S212, AAC sends a first credentialing message aaccuprate to AS-AAC.
The AACUpdate comprisesIDAAC、NonceAAC、TIDREQnew、MICREQAnd MICAAC. Wherein, IDAAC、MICAACIs an optional field; MICAACIs that AAC utilizes a pre-shared check key IK between the AAC and AS-AACAAC_ASAdopting a pre-shared message integrity check algorithm with AS-AAC to check MIC in AACUpdateAACThe other previous fields are calculated. For example, when AACUpdate includesIDAAC、NonceAAC、TIDREQnew、MICREQAnd MICAACTime, MICAACIs AAC using said IKAAC_ASUsing said message integrity check algorithm to check the field in AACUpdateIDAAC、NonceAAC、TIDREQnewAnd MICREQAnd (4) calculating.
After receiving the AACUpdate, the AS 213 and the AS-AAC execute the following operations, including:
(1) if MIC is present in AACUpdateAACThen, the MIC is verifiedAAC;
Pre-shared verification key IK between AS-AAC utilization and AACAAC_ASApplying pre-shared message integrity check algorithm with AAC to MIC in AACUpdateAACThe MIC is calculated from the previous other fieldsAACComparing the calculated MICsAACAnd MIC in AACUpdateAACIf not, discarding the AACUpdate.
(2) And verifying MICREQ;
Pre-shared credential verification key IK between AS-AAC utilization and REQREQ_ASUsing pre-shared message integrity check algorithm pairs including NonceAS_AACComputing the data to obtain MICREQComparing the calculated MICsREQAnd MIC in AACUpdateREQIf not, discarding the AACUpdate.
(3) The request for generating and storing REQ is recorded, and the TID is storedREQnew;
(4) Optionally, calculating MICAS_AAC。
S214, the AS-AAC sends a first authentication acknowledgement message ASAck to the AAC.
The ASAck includes an IDAAC、NonceAACAnd MICAS_AAC. Wherein, IDAAC、MICAS_AACIs an optional field; MICAS_AACIs that the AS-AAC utilizes a pre-shared check key IK between the AS-AAC and the AACAAC_ASApplying message integrity check algorithm pre-shared with AAC to MIC in ASAckAS_AACThe other previous fields are calculated.
After receiving the ASAck, S215 and AAC execute the following operations including:
(1) if there is an ID in ASAckAACThen check IDAACIdentity ID of AACAACThe same;
(2) and examination NonceAACWhether or not to react with AACCheng NonceAACThe same;
(3) if MIC is present in ASAckAS_AACThen, the MIC is verifiedAS_AAC;
Pre-shared verification key IK between AAC utilization and AS-AACAAC_ASAdopting a message integrity check algorithm pre-shared with AS-AAC to carry out MIC in ASAckAS_AACThe MIC is calculated from the previous other fieldsAS_AACComparing the calculated MICsAS_AACAnd MIC in ASAckAS_AACWhether they are consistent.
(4) After the above check and verification are passed, calculating MacTagAAC(ii) a If any step of the checking and the verification fails, the ASAck is immediately discarded;
(5) calculating a session key;
AAC incorporates K1 calculated in S211NonceREQ、IDAAC、NonceAACAnd other information (other information used by AAC and REQ is the same and optional, such as a specific string, etc.), a session key is calculated using a key derivation algorithm for subsequent secure communication of REQ and AAC.
S216, AAC sends an authentication complete message AACFinish to REQ.
The AACFinith includes TIDREQnewAnd MacTagAAC. Among them, MacTagAACIs that AAC utilizes the message integrity check key pair to include MacTag divided in AACFinithAACThe information of other fields except the field is obtained by local calculation; TIDREQnewShall correspond to TID in AACUpdateREQnewThe same is true.
After receiving the AACFinish, the S217, REQ performs the following operations, including:
(1) verification of MacTagAAC;
REQ uses the message integrity check key pair including the MacTag divided in AACFinithAACThe MacTag is obtained by locally calculating the information in other fieldsAAC(this calculation method is similar to the AAC calculation MacTagAACIn the same manner as described above), compared with the calculatedMacTagAACAnd Mactag in AACFinishAACAnd if the AAC identities are not consistent, discarding the AAC contacts.
(2) And saving the TIDREQnew;
(3) Calculating a session key;
REQ binds K1 calculated in S209NonceREQ、IDAAC、NonceAACAnd other information (other information used for REQ and AAC is the same and optional, such as a specific character string, etc.), a session key is calculated by using a key derivation algorithm for subsequent secure communication of REQ and AAC.
Thereby, identity authentication for REQ and AAC, i.e. bidirectional identity authentication for REQ and AAC, is achieved at S211 and S217, respectively.
Referring to fig. 3, an embodiment of an identity authentication method in roaming condition is shown, where the identity authentication method includes:
s301, REQ Generation NonceREQ、NonceREQIDAnd EncPubASGenerating Security capabilities as requiredREQ。
S302, REQ sends an authentication request message ATTACH to AAC.
The ATTACH includes Security capabilitiesREQ、EncPubAS、RouteASAnd NonceREQ. Wherein EncPubASPublic key pair including ID using cryptographic certificate for REQREQ、NonceREQIDIdentity information ciphertext of the REQ calculated from the included encryption data. RouteASAn identification of the authentication server indicating REQ trust; security capabilitiesREQAre optional fields.
S303, AAC Generation NonceAAC。
AAC according to RouteASJudging whether the REQ trusted authentication server is the same AS the authentication server trusted by the authentication server, if not, determining that the roaming situation is the case, wherein the REQ trusted AS-REQ and the AAC trusted AS-AAC in the embodiment are two independent authenticationsAnd (4) identifying the server.
S304, AAC sends a first authentication request message AACVeri to AS-AAC.
The AACVeri comprises EncPubAS、NonceREQ、IDAAC、NonceAACAnd RouteAS. Wherein EncPubAS、NonceREQAnd RouteASShould be equal to the corresponding field in ATTACH respectively; ID (identity)AACAre optional fields.
S305, after the AS-AAC receives AACVeri, according to RoutASDetermining the AS-REQ, and sending a second authentication request message AS-AACVeri to the AS-REQ.
Wherein the AS-AACVeri is generated according to the AACVeri, and the AS-AACVeri comprises EncPubAS、NonceREQ、IDAACAnd NonceAAC。EncPubAS、NonceREQ、IDAACAnd NonceAACShould be equal to the corresponding field in the AACVeri, respectively.
S306, after the AS-REQ receives the AS-AACVeri, the following operations are executed, including:
(1) decrypting EncPub with the private key of the encryption certificateASGet IDREQAnd NonceREQIDAccording to IDREQJudging whether the identity of the REQ is legal, if so, continuing to execute subsequent operation, and if not, discarding the AAC-ASVeri;
(2) generating a random number Nonce for authenticationAS_REQ。
(4) Calculating the IAK;
AS-REQ utilizes a pre-shared encryption key K between it and REQREQ_ASBinding includes IDREQ、NonceREQ、IDAAC、NonceAACThe IAK is calculated by adopting a key derivation algorithm agreed with REQ in advance to calculate the internal calculation data.
(5) Optionally, AS-REQ utilizes its pre-shared encryption key EK with AS-AACASGenerating EncData by encrypting information including IAKAS_REQ。
S307, the AS-REQ sends a second authentication response message AS-REQVeri to the AS-AAC.
The AS-REQVeri comprisesIDAAC、NonceAAC、NonceAS_REQAnd an IAK. Wherein, IDAAC、NonceAACShould be equal to the corresponding field in the AS-AACVeri, respectively; if EncData existsAS_REQWhen AS-REQ utilizes EncDataAS_REQInstead of IAK in AS-REQVeri.
S308, after the AS-AAC receives the AS-REQVeri, the following operations are executed, including:
(1) obtaining IAK; when EncData exists in AS-REQVeriAS_REQWhen using its pre-shared encryption key EK with AS-REQASFor EncDataAS_REQDecrypting to obtain an IAK;
(2) optionally, the AS-AAC utilizes a pre-shared encryption key EK between the AS-AAC and AACAAC_ASGenerating EncData by encrypting information including IAKAS_AAC。
S309, the AS-AAC sends a first authentication response message ASVeri to the AAC.
The ASVeri comprisesNonceREQ、IDAAC、NonceAAC、NonceAS_REQAnd an IAK. Wherein, IDAACIs an optional field, and NonceREQ、IDAACAnd NonceAACShould be equal to the corresponding field in AACVeri, respectively; if EncData existsAS_AACWhen AS-AAC will utilize EncDataAS_AACReplacing IAK in ASVeri.
After S310 and AAC receive ASVeri, the following operations are executed, including:
(1) check the Nonce in ASVeriAACNonce generated with AACAACIf the two are consistent, if the ID exists in the ASVeriAACCheck the ID in ASVeriAACIdentity ID with AAC itselfAACWhether the two are consistent; if any of the two are inconsistent, discarding the ASVeri;
(2) obtaining IAK;
inclusion of EncData in ASVeriAS_AACIn case of (1), then the pre-shared encryption key EK between it and AS-AAC is utilizedAAC_ASDecrypting encDataAS_AACObtaining an IAK;
(3) generating EIAK by calculation using a key derivation algorithm based on information including IAK and other information (other information used by AAC and REQ is the same and optional, such as a specific string, etc.);
(4) and computing KeyInfoAAC;
Wherein, AAC generates KeyInfo by XOR operation of EIAK and information including temporary public key generated by AACAAC。
S311, AAC sends a first authentication message AACAuth to REQ.
The AACAuth includes Security capabilitiesAAC、KeyInfoAAC、NonceREQ、IDAAC、NonceAACAnd NonceAS_REQ. Wherein,NonceREQ、IDAAC、NonceAAC、NonceAS_REQshould be equal to the corresponding field in ASVeri, respectively; security capabilitiesAACIs an optional field, if and only if Security capabilities are present in the ATTACHREQOnly then do Security capabilities existAAC。
After receiving AACAuth, S312, REQ performs the following operations, including:
(2) And checking and recoveringReissued IDREQIdentity ID with REQ itselfREQIf the two are consistent, the nonces in AACAuth are checkedREQNonce generated with REQREQWhether the two are consistent; if any one is inconsistent, discarding AACAuth;
(3) calculating the IAK;
REQ utilization and pre-shared encryption key K between AS-REQREQ_ASBinding includes IDREQ、NonceREQ、IDAAC、NonceAACAnd calculating the IAK by adopting a key derivation algorithm agreed with the AS-REQ in advance according to the included calculation data. The calculation data used by REQ to calculate IAK is the same AS the calculation data used by AS-REQ to calculate IAK in S306.
(4) Generating EIAK by calculation using a key derivation algorithm based on information including IAK and other information (other information used by AAC and REQ is the same and optional, such as a specific string, etc.);
(5) and computing KeyInfoREQ(ii) a The calculation is the same as described in connection with the embodiment of fig. 2;
(6) calculating a message integrity check key;
REQ is based on inclusion of KeyInfoREQCorresponding temporary private key and key infoAACPerforming key exchange calculation on the recovered temporary public key to obtain a first key K1, and combining K1 with NonceREQ、NonceAACAnd other information (other information used for REQ and AAC is the same and optional, such as a specific string, etc.), the message integrity check key is calculated using a key derivation algorithm.
(7) Calculating MICREQ;
(8) Computing MacTagREQ。
S313, REQ sends a second authentication message REQAuth to AAC.
The REQAuth includes NonceAAC、KeyInfoREQ、MICREQAnd MactagREQ. Wherein, NonceAACShould equal Nonce in AACAuthAAC;MICREQREQ utilizes pre-shared certificate-storing verification key IK between the REQ and AS-REQREQ_ASUsing message integrity check pre-shared with AS-REQAlgorithm pair comprising NonceAS_REQThe calculation data is obtained by calculation. MactagREQIs REQ to use the message integrity check key pair including the MacTag to divide in REQAUthREQThe information in the other fields except the field is calculated locally.
After S314 and AAC receive REQAuth, the following operations are executed, including:
(1) checking the Nonce in REQAuthAACNonce generated with AACAACIf not, discarding REQAUth;
(2) calculating a message integrity check key;
AAC includes KeyInfoAACCorresponding temporary private key and key infoREQPerforming key exchange calculation on the recovered temporary public key to obtain a first key K1, and combining K1 with NonceREQ、NonceAACAnd other information (other information employed by AAC and REQ is the same and optional, such as a specific string, etc.), the message integrity check key is calculated using a key derivation algorithm.
(3) And verifying MacTagREQ;
AAC uses message integrity check key pairs to include MacTag divided in REQAuthREQThe MacTag is obtained by locally calculating the information in other fields except the fieldREQComparing the calculated MacTagREQAnd Mactag in REQAUthREQAnd if the REQAUt is consistent with the REQAUt, determining that the identity of the REQ is legal, and if the REQAUt is not consistent with the REQAUt, discarding the REQAUt.
(4) Temporary identity TID generated for REQ allocationREQnew;
(5) Optionally, AAC computing generates MICAAC。
S315, AAC sends a first authentication storing message AACUpdate to AS-AAC.
The AACUpdate comprisesIDAAC、NonceAAC、TIDREQnew、MICREQAnd MICAAC. Wherein, IDAACIs an optional field;should equal the corresponding field in ASVeri; MICREQShould equal the corresponding field in REQAUth; MICAACIs an optional field, MICAACIs that AAC utilizes a pre-shared check key IK between the AAC and AS-AACAAC_ASAdopting a pre-shared message integrity check algorithm with the AS-AAC to check the MIC in the AACUpdateAACThe other previous fields are calculated.
After S316 and AS-AAC receive AACUpdate, the following operations are executed, including:
(1) when MIC exists in AACUpdateAACWhen, verify MICAAC;
Pre-shared check key IK between AS-AAC utilization and AACAAC_ASApplying pre-shared message integrity check algorithm with AAC to MIC in AACUpdateAACThe MIC is calculated from the previous other fieldsAACTo calculate MICAACAnd MIC in AACUpdateAACFor comparison, if not consistent, discard AACUpdate.
(2) Optionally, generating MIC by AS-AAC calculationAS_AAC。
S317, the AS-AAC sends a second evidence storage message ASUpdate to the AS-REQ.
The ASUpdate includesIDAAC、TIDREQnew、MICREQAnd MICAS_AAC. Wherein,IDAAC、TIDREQnew、MICREQshould be equal to the corresponding field in aaccuprate, respectively; MICAS_AACIs an optional field, MICAS_AACIs that the AS-AAC utilizes a pre-shared check key IK between the AS-REQ and the AS-AACASFor MIC in ASUpdateAS_AACThe other previous fields are calculated locally.
After S318, AS-REQ receives ASupdate, the following operations are executed, including:
(1) when MIC exists in ASUpdateASThen, the MIC was verifiedAS_AAC;
AS-REQ leveraging pre-shared check key IK with AS-AACASFor MIC in ASupdateAS_AACThe previous other fields are calculated locally to get the MICAS_AACComparing the calculated MICsAS_AACMIC in ASUpdateAS_AACAnd if not, discarding the ASUpdate.
(2) Verifying MICREQ;
Pre-shared credential verification key IK between AS-REQ utilization and REQREQ_ASUsing pre-shared message integrity check algorithm pairs including NonceAS_REQCalculating to obtain MICREQComparing the calculated MICsREQAnd MIC in ASUpdateREQAnd if not, discarding the ASUpdate.
(3) And generates and stores the REQ request, stores the TID in ASUpdateREQnew;
(4) Optionally, calculating MICAS_REQ。
S319, the AS-REQ sends a second certificate-deposit confirmation message AS-REQACk to the AS-AAC.
The AS-REQACk includes an IDAACAnd MICAS_REQ. Wherein, IDAACShould equal the corresponding field in ASUpdate; MICAS_REQAS an optional field, is that the AS-REQ utilizes its pre-shared check key IK with the AS-AACASAdopting pre-shared message integrity check algorithm between the MIC and AS-AAC to carry out MIC in AS-REQackAS_REQThe other previous fields are calculated.
S320, after the AS-AAC receives the AS-REQAck, the following operations are executed, including:
(1) if MIC is present in AS-REQACkAS_REQThen, the MIC is verifiedAS_REQ;
Pre-shared credential verification key IK between AS-AAC utilization and AS-REQASApplying message integrity check algorithm pre-shared with AS-REQ to MIC in AS-REQACkAS_REQCalculated from other previous fieldsTo MICAS_REQComparing the calculated MICsAS_REQAnd MIC in AS-REQACkAS_REQIf not, discarding the AS-REQACk.
(2) Optionally, calculating MICAS。
S321, the AS-AAC sends a first existence confirmation message AS-AACAck to the AAC.
The AS-AACAck includes IDAAC、NonceAACAnd MICAS. Wherein, IDAAC、MICASIs an optional field; MICASIs that the AS-AAC utilizes a pre-shared check key IK between the AS-AAC and the AACAAC_ASAdopting a pre-shared message integrity check algorithm with AAC to carry out MIC in AS-AACAckASThe other previous fields are calculated.
S322, after AAC receives AS-AACAck, executing the following operations, including:
(1) if there is ID in AS-AACAckAACThen check IDAACIdentity ID of whether to be identical with AACAACThe same;
(2) and examination NonceAACNonce whether or not to be associated with AAC GenerationAACThe same;
(3) if MIC exists in AS-AACAckASThen, the MIC is verifiedAS;
Pre-shared verification key IK between AAC utilization and AS-AACAAC_ASAdopting a message integrity check algorithm pre-shared with the AS-AAC to carry out MIC in the AS-AACAckASThe MIC is calculated from the previous other fieldsASComparing the calculated MICsASAnd MIC in AS-AACAckASWhether they are consistent.
(4) After the above check and verification are passed, calculating MacTagAAC(ii) a If any step of the checking and the verification fails, discarding the AS-AACAck immediately;
(5) calculating a session key;
AAC binds K1 calculated in S314NonceREQ、IDAAC、NonceAACAnd other information (other information employed by AAC and REQ is the same and optional, such as a specific string, etc.), a session key is calculated using a key derivation algorithm for subsequent secure communication of REQ and AAC.
S323, AAC sends an authentication complete message AACFinish to REQ.
The AACFinith includes TIDREQnewAnd MactagAAC. Wherein, TIDREQnewShall correspond to TID in AACUpdateREQnewThe same; mactagAACIs that AAC utilizes the message integrity check key pair to include MacTag in AACFinithAACThe information in the other fields except the field is calculated locally.
After receiving aacfiniish, the REQ processor performs the following operations, including:
(1) verification of MacTagAAC;
REQ uses the message integrity check key pair including the MacTag divided in AACFinithAACThe MacTag is obtained by locally calculating the information in other fieldsAACComparing the calculated MacTagAACAnd Mactag in AACFinishAACAnd if the AAC identities are not consistent, discarding the AACFinith.
(2) And saving the TIDREQnew;
(3) Calculating a session key;
REQ incorporates K1 calculated in S312NonceREQ、IDAAC、NonceAACAnd other information (other information used for REQ and AAC is the same and optional, such as a specific character string, etc.), a session key is calculated by using a key derivation algorithm for subsequent secure communication of REQ and AAC.
Thereby enabling authentication of REQ and AAC at S314 and S324, respectively, i.e. enabling bidirectional authentication of REQ and AAC.
In the above embodiments, each message may also carry a HASH value HASHX_YThe HASH value HASHX_YIs the sending of the messageThe sending entity X calculates the latest preamble message sent by the opposite entity Y by using a hash algorithm, and is used for verifying whether the entity X receives the complete latest preamble message or not by the opposite entity Y. Wherein, HASHREQ_AACHASH value, HASH, indicating the calculation of REQ on the latest preamble message received from AAC transmissionAAC_REQHASH value, HASH, representing the calculation of AAC on the latest preamble message sent by a received REQAAC_AS-AACHASH value, HASH, representing the calculation of AAC on the latest preamble message sent by the AS-AAC receivedAS-AAC_AACHASH value, HASH, representing the calculation of AS-AAC of the latest preamble message of a received AAC transmissionAS-AAC_AS-REQHASH value, HASH, representing the calculation of AS-AAC on the latest preamble message sent by the AS-REQAS-REQ_AS-AACRepresents the hash value calculated by the AS-REQ on the latest preamble message sent by the received AS-AAC. If the message currently sent by the entity X at the sending party is the first message interacted between the entity X and the entity Y, which means that the entity X does not receive the preamble message sent by the entity Y at the opposite end, the HASH in the messageX_YMay be absent or meaningless.
Correspondingly, after the opposite terminal entity Y receives the message sent by the entity X, if the message contains HASHX_YEntity Y ignores HASH when entity Y has not sent a preamble to entity XX_Y(ii) a When entity Y has sent the preamble message to entity X, entity Y uses the HASH algorithm to locally calculate the HASH value of the latest preamble message sent to entity X before and the HASH value HASH carried in the received messageX_YAnd comparing, if the comparison result is consistent with the comparison result, executing the subsequent steps, otherwise discarding or ending the authentication process.
In the present invention, for an entity X, a preamble message sent from an opposite end entity Y to the entity X means: before the entity X sends the message M to the opposite end entity Y, the received message sent from the opposite end entity Y to the entity X; the latest preamble message sent by the correspondent entity Y to the entity X means: before the entity X sends the message M to the opposite end entity Y, the latest message sent by the opposite end entity Y to the entity X is received. If the message M sent by the entity X to the opposite terminal entity Y is the first message interacted between the entity X and the entity Y, no preamble message sent by the opposite terminal entity Y to the entity X exists before the entity X sends the message M to the opposite terminal entity Y.
The optional fields and optional operations in the corresponding embodiments of fig. 2 and 3 are denoted by "+" in fig. 2 and 3 of the drawings in the specification. The content included in the message according to all the above embodiments is not limited in sequence, and in a case that no particular description is given, the operation sequence of the relevant message after the message is received by the message receiver and the processing sequence of the content included in the message are not limited.
Based on the embodiments of the methods corresponding to fig. 1 to fig. 3, referring to fig. 4, an embodiment of the present application provides an authentication access controller, where the authentication access controller includes:
a receiving unit 401, configured to receive an authentication request message sent by a requesting device, where the authentication request message includes an identity information ciphertext of the requesting device; the identity information ciphertext of the request equipment is obtained by encrypting the encrypted data including the identity of the request equipment by using the public key of the encryption certificate;
a sending unit 402, configured to send a first authentication request message carrying an identity information ciphertext of the requesting device to a second authentication server trusted by the authentication access controller;
the receiving unit 401 is further configured to receive a first authentication response message sent by the second authentication server, and obtain, from the first authentication response message, a credential storing random number generated by a first authentication server trusted by the requesting device and an identity authentication key generated by the first authentication server; the identity authentication key is calculated from calculation data comprising the first authentication server and a pre-shared encryption key of the requesting device;
the sending unit 402 is further configured to send a first verification message to the requesting device, where the first verification message includes the authentication nonce;
the receiving unit 401 is further configured to receive a second verification message sent by the requesting device, where the second verification message includes a first authentication code and a first message integrity check code; the first message integrity check code is generated by the request device through calculation of other fields including the second verification message except the first message integrity check code by using a message integrity check key between the request device and the authentication access controller; the message integrity check key is obtained by calculation according to information including the identity authentication key;
a processing unit 403, configured to verify the first message integrity check code, and after the verification is passed, determine that the identity of the requesting device is legal, and generate an authentication completion message and a first certificate storing message;
the sending unit 402 is further configured to send the authentication completion message to the requesting device, and send the first credential storage message to the second authentication server.
Optionally, the sending unit 402 sends the first certificate storing message first, and after the receiving unit 401 receives the first certificate storing confirmation message, the sending unit 402 sends the authentication completion message to the requesting device.
Optionally, the first verification message further includes a first key exchange parameter generated by the authentication access controller according to the identity authentication key, and the second verification message further includes a second key exchange parameter generated by the requesting device according to the identity authentication key, then the processing unit 403 is further configured to: and performing key exchange calculation according to a temporary private key corresponding to the first key exchange parameter and a temporary public key included in the second key exchange parameter to generate a first key, and calculating the message integrity check key by using a key derivation algorithm according to information including the first key.
Optionally, the processing unit 403 is further configured to: encrypting information including a temporary public key generated by the authentication access controller by using the identity authentication key and a symmetric encryption algorithm to generate a first key exchange parameter; the second key exchange parameter in the second verification message received by the receiving unit 401 is generated by encrypting, by the requesting device, information including the temporary public key generated by the requesting device by using a symmetric encryption algorithm, using the identity authentication key;
the processing unit 403 calculates the message integrity check key, specifically, performs key exchange calculation according to the temporary private key corresponding to the first key exchange parameter and the temporary public key recovered from the second key exchange parameter to generate the first key, and calculates the message integrity check key according to the information including the first key by using the key derivation algorithm.
Optionally, the processing unit 403 is specifically configured to: and calculating a hash value of the identity authentication key, and carrying out XOR operation on the hash value and information including the temporary public key generated by the authentication access controller to generate the first key exchange parameter.
Optionally, the authentication request message received by the receiving unit 401 further includes a first random number generated by the requesting device; the first authentication request message sent by the sending unit 402 further includes the first random number and a second random number generated by the authentication access controller;
the first authentication response message received by the receiving unit 401 further includes the first random number and the second random number; the first verification message sent by the sending unit 402 further includes the first random number and the second random number, the calculation data of the identity authentication key further includes the first random number and the second random number, and the second verification message received by the receiving unit 401 further includes the second random number;
the processing unit 403 is further configured to: verifying the second random number in the first authentication response message and the second random number generated by the authentication access controller for consistency; and verifying the consistency of the second random number in the second verification message and the second random number generated by the authentication access controller.
Optionally, if the authentication request message received by the receiving unit 401 further includes security capability parameter information supported by the requesting device, the processing unit 403 is further configured to: and determining a specific security policy used by the authentication access controller according to the security capability parameter information, wherein the specific security policy is also included in the first verification message.
Optionally, the authentication request message received by the receiving unit 401 further includes an identity of at least one authentication server trusted by the requesting device, and then the processing unit 403 is further configured to: and determining the second authentication server according to the identity of at least one authentication server trusted by the request equipment and the identity of an authentication server trusted by the authentication access controller in the authentication request message.
Optionally, the processing unit 403 is further configured to: distributing a temporary identity for the requesting equipment; the authentication completion message and the first authentication message sent by the sending unit 402 further include the temporary identity of the requesting device.
Optionally, the receiving unit 401 obtains the identity authentication key specifically by the following means:
decrypting an identity authentication key ciphertext by using the pre-shared encryption key of the second authentication server to obtain the identity authentication key; the identity authentication key ciphertext is generated by the second authentication server encrypting information including the identity authentication key by using a pre-shared encryption key of the authentication access controller.
Optionally, the first authentication request message sent by the sending unit 402 further includes an identity of the authentication access controller; the first authentication response message received by the receiving unit 401 further includes the identity of the authentication access controller;
the processing unit 403 is further configured to: and verifying the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller.
Optionally, the first authentication response message received by the receiving unit 401 further includes an identity ciphertext of the requesting device, and the first verification message sent by the sending unit 402 further includes an identity of the authentication access controller, then the processing unit 403 is further configured to: and when the identity of the request equipment is determined to be legal, calculating and generating a session key for subsequent secret communication according to information including the first key, the identity identification ciphertext of the request equipment and the identity identification of the authentication access controller.
Optionally, the first message integrity check code in the second verification message received by the receiving unit 401 is generated by the requesting device through calculation by using the message integrity check key on fields including the second verification message except the first message integrity check code.
Optionally, the message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller for the latest preamble message sent by the requesting device; the message sent by the authentication access controller to the second authentication server further comprises a hash value calculated by the authentication access controller for the received latest preamble message sent by the second authentication server.
Referring to fig. 5, an embodiment of the present application further provides a requesting device, where the requesting device includes:
a sending unit 501, configured to send an authentication request message to an authentication access controller, where the authentication request message includes an identity information ciphertext of the requesting device; the identity information ciphertext of the request equipment is obtained by encrypting the encrypted data including the identity of the request equipment by using the public key of the encryption certificate;
a receiving unit 502, configured to receive a first verification message sent by the authentication access controller, where the first verification message includes an authentication random number;
a processing unit 503, configured to compute, using a pre-shared authentication check key of a first authentication server trusted by the requesting device, a first authentication code for information including the authentication random number; calculating and generating a first message integrity check code by using a message integrity check key pair between the request equipment and the authentication access controller, wherein the message integrity check key pair comprises other fields except the first message integrity check code in a second verification message; wherein the message integrity check key is calculated from information including an identity authentication key calculated from calculation data including a pre-shared encryption key of the requesting device and the first authentication server;
the sending unit 501 is further configured to send the second verification message to the authentication access controller, where the second verification message includes the first identity authentication code and the first message integrity check code;
the receiving unit 502 is further configured to receive an authentication completion message sent by the authentication access controller;
the processing unit 503 is further configured to verify a second message integrity check code in the authentication completion message, and after the verification is passed, determine that the identity of the authentication access controller is legal; the second message integrity check code is generated by the authentication access controller through calculation of other fields including the authentication completion message except the second message integrity check code by using the message integrity check key.
Optionally, the first verification message further includes a first key exchange parameter generated by the authentication access controller according to an identity authentication key; if the second verification message further includes a second key exchange parameter generated by the requesting device according to the identity authentication key, the processing unit 503 is further configured to: and performing key exchange calculation according to a temporary private key corresponding to the second key exchange parameter and a temporary public key included in the first key exchange parameter to generate a first key, and calculating the message integrity check key by using a key derivation algorithm according to information including the first key.
Optionally, the first key handover parameter in the first verification message received by the receiving unit 502 is generated by encrypting, by the authentication access controller, information including a temporary public key generated by the authentication access controller by using the identity authentication key through a symmetric encryption algorithm; the processing unit 503 is further configured to: encrypting information including the temporary public key generated by the request equipment by using the identity authentication key and a symmetric encryption algorithm to generate a second key exchange parameter;
the processing unit 503 calculates the message integrity check key specifically, perform key exchange calculation according to the temporary private key corresponding to the second key exchange parameter and the temporary public key recovered from the first key exchange parameter to generate the first key, and calculate the message integrity check key according to the information including the first key by using the key derivation algorithm.
Optionally, the processing unit 503 is specifically configured to: and calculating a hash value of the identity authentication key, and performing exclusive-or operation on the hash value and information including the temporary public key generated by the request equipment to generate the second key exchange parameter.
Optionally, the authentication request message sent by the sending unit 501 further includes a first random number generated by the requesting device; the first verification message received by the receiving unit 502 further includes the first random number and a second random number generated by the authentication access controller, the calculation data of the identity authentication key further includes the first random number and the second random number, and the second verification message sent by the sending unit 501 further includes the second random number;
the processing unit 503 is further configured to: verifying consistency of the first random number in the first verification message and the first random number generated by the requesting device.
Optionally, the encrypted data of the identity information ciphertext of the requesting device further includes an identity encryption key generated by the requesting device; the first verification message received by the receiving unit 502 further includes an identity ciphertext of the requesting device; the identity identification ciphertext of the requesting device is obtained by encrypting the identity identification of the requesting device by the first authentication server by using the identity identification encryption key obtained by decrypting the identity information ciphertext of the requesting device;
the processing unit 503 is further configured to: and verifying the identity identification ciphertext of the request equipment in the first verification message according to the identity identification of the request equipment and the identity identification encryption key.
Optionally, the authentication completion message received by the receiving unit 502 further includes a temporary identity identifier allocated by the authentication access controller to the requesting device; the processing unit 503 is further configured to store the temporary identity of the requesting device when determining that the identity of the authenticated access controller is legitimate.
Optionally, the first verification message received by the receiving unit 502 further includes an identity of the authenticated access controller, and then the processing unit 503 is further configured to: and when the identity of the authentication access controller is determined to be legal, calculating and generating a session key for subsequent secret communication according to information including the first key, the identity identification ciphertext of the request device and the identity of the authentication access controller.
Optionally, the processing unit 503 is further configured to calculate, by using the message integrity check key, a first message integrity check code for other fields that include the first message integrity check code in the second verification message;
the second message integrity check code in the authentication complete message received by the receiving unit 502 is calculated and generated by the authentication access controller by using the message integrity check key for the other fields including the authentication complete message except the second message integrity check code.
Optionally, the message sent by the requesting device to the authentication access controller further includes a hash value calculated by the requesting device for the latest preamble message sent by the authentication access controller.
Referring to fig. 6, an embodiment of the present application further provides a first authentication server, where the first authentication server is an authentication server trusted by a requesting device, and the first authentication server includes:
the processing unit 601 is configured to decrypt an identity information ciphertext of the requesting device with a private key corresponding to the encrypted certificate to obtain an identity of the requesting device, determine validity of the requesting device according to the identity of the requesting device, and generate a credential random number and an identity authentication key after determining that the identity of the requesting device is valid; the identity authentication key is calculated according to calculation data comprising the first authentication server and a pre-shared encryption key of the request device;
the processing unit 601 is further configured to verify the first authentication code in the first authentication message, and generate and store a request passing record of the requesting device after the first authentication code passes the verification.
Optionally, the processing unit 601 is further configured to generate a first authentication confirmation message after the first authentication code in the first authentication message is verified.
Optionally, the processing unit 601 is further configured to: and when the request passing record of the request equipment is generated and stored, the temporary identity distributed to the request equipment by the authentication access controller is saved.
Optionally, when the first authentication server is different from a second authentication server trusted by the authentication access controller, the first authentication server further includes:
a receiving unit, configured to receive a second authentication request message sent by the second authentication server; the second authentication request message comprises an identity information ciphertext of the request equipment;
a sending unit, configured to send a second authentication response message to the second authentication server, where the second authentication response message includes the identity authentication key and the certificate storing random number;
the receiving unit is further configured to receive a second authentication message sent by the second authentication server, where the second authentication message includes the first identity authentication code;
the processing unit 601 is specifically configured to verify the first authentication code in the second authentication message.
Optionally, the processing unit 601 is further configured to generate a second authentication confirmation message after the first authentication code in the second authentication message is verified; the sending unit is further configured to send the second certificate verification message to the second authentication server.
Optionally, the message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server on the received latest preamble message sent by the second authentication server.
Referring to fig. 7, an embodiment of the present application further provides a second authentication server, where the second authentication server is an authentication server trusted by an authentication access controller, and includes:
a receiving unit 701, configured to receive a first authentication request message that is sent by the authentication access controller and carries an identity information ciphertext of a requesting device;
a sending unit 702, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes a certificate storing random number generated by a first authentication server trusted by the requesting device and an identity authentication key generated by the first authentication server;
the receiving unit 701 is further configured to receive a first authentication message sent by the authentication access controller, where the first authentication message includes a first identity authentication code.
Optionally, the first certificate storing message received by the receiving unit 701 further includes a second identity authentication code, where the second identity authentication code is generated by the authentication access controller through calculation of other fields before the second identity authentication code in the first certificate storing message by using a pre-shared check key of the authentication access controller and the second authentication server; the second authentication server further comprises:
and the verification unit is used for verifying the correctness of the second identity authentication code by using a pre-shared verification key of the authentication access controller.
Optionally, when the second authentication server is different from the first authentication server trusted by the requesting device, the second authentication server further includes:
the processing unit is used for generating a second authentication request message according to the first authentication request message, wherein the second authentication request message comprises an identity information ciphertext of the request device;
the sending unit 702 is further configured to send the second authentication request message to the first authentication server;
the receiving unit 701 is further configured to receive a second authentication response message sent by the first authentication server, where the second authentication response message includes the identity authentication key and the certificate storing random number;
the processing unit is further configured to generate the first authentication response message according to the second authentication response message;
the processing unit is further configured to generate a second authentication message according to the first authentication message, where the second authentication message includes the first authentication code;
the sending unit 702 is further configured to send the second authentication message to the first authentication server.
Optionally, the receiving unit 701 is further configured to receive a second certificate storing confirmation message generated by the first authentication server; the processing unit is further configured to generate a first certificate storing confirmation message after the receiving unit 701 receives the second certificate storing confirmation message; the sending unit 702 is further configured to send the first deposit acknowledgement message to the authentication access controller.
Optionally, the message sent by the second authentication server to the authentication access controller further includes a hash value calculated by the second authentication server on the received latest preamble message sent by the authentication access controller; the message sent by the second authentication server to the first authentication server further comprises a hash value calculated by the second authentication server on the received latest preamble message sent by the first authentication server.
When the request equipment and the authentication access controller adopt an entity authentication protocol of a symmetric key to carry out bidirectional identity authentication, the identity information of the request equipment is transmitted in a form of ciphertext, so that the safety of the real identity information of the request equipment in the identity authentication process is ensured. In addition, after the authentication access controller verifies that the identity of the requesting device is legal, the authentication access controller correspondingly sends a first authentication message to a first authentication server trusted by the requesting device, so that the first authentication server is utilized to record the behavior of the requesting device for requesting to access the network, objective evidence is provided for the charging of a subsequent network access point, and the malicious charging of a user who does not attempt to access the network in a service area of the network access point is effectively prevented.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium may be at least one of the following media: various media capable of storing program codes, such as Read-Only Memory (ROM), RAM, magnetic disk, or optical disk.
It should be noted that, in this specification, each embodiment is described in a progressive manner, and the same and similar parts between the embodiments are referred to each other, and each embodiment focuses on differences from other embodiments. In particular, the apparatus and system embodiments are described in a relatively simple manner since they correspond to and are consistent with the method embodiments, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described embodiments of the apparatus and system are merely illustrative, and units described as separate components may or may not be physically separate, and components shown as units may or may not be physical units, that is, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Can be understood and implemented by those skilled in the art without inventive effort.
The above description is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (53)
1. A method of identity authentication, the method comprising:
the method comprises the steps that a request device sends an authentication request message to an authentication access controller, wherein the authentication request message comprises an identity information ciphertext of the request device; the identity information ciphertext of the request equipment is obtained by encrypting the encrypted data including the identity of the request equipment by using the public key of the encryption certificate;
the authentication access controller sends a first authentication request message carrying an identity information ciphertext of the request device to a trusted second authentication server, receives a first authentication response message sent by the second authentication server, and obtains a certificate storing random number generated by the first authentication server trusted by the request device and an identity authentication key generated by the first authentication server from the first authentication response message, wherein the certificate storing random number and the identity authentication key are generated after the first authentication server decrypts the identity information ciphertext of the request device and determines that the identity of the request device is legal according to the decrypted identity of the request device; the identity authentication key is calculated according to calculation data comprising the first authentication server and a pre-shared encryption key of the request device;
the request equipment receives a first verification message sent by the authentication access controller, and sends a second verification message to the authentication access controller, wherein the first verification message comprises the authentication random number, and the second verification message comprises a first identity authentication code and a first message integrity check code; the first authentication code is generated by the requesting device by computing information including the authentication random number using its pre-shared authentication key with the first authentication server; the first message integrity check code is generated by the request device through calculation of other fields including the second verification message except the first message integrity check code by using a message integrity check key between the request device and the authentication access controller; wherein, the message integrity check key is generated by calculation according to the information including the identity authentication key;
the authentication access controller verifies the first message integrity check code, and after the first message integrity check code passes the verification, the identity of the request equipment is determined to be legal, and an authentication completion message and a first certificate storage message are generated;
the request equipment verifies the second message integrity check code in the authentication completion message, and after the verification is passed, the identity of the authentication access controller is determined to be legal; the second message integrity check code is generated by the authentication access controller through calculation of the message integrity check key on other fields including the authentication completion message except the second message integrity check code;
and the first authentication server verifies the first authentication code in the first authentication storage message, and generates and stores a request passing record of the requesting device after the first authentication code passes the verification.
2. The method of claim 1, wherein the authentication access controller sends the first authentication message, and the first authentication server generates a first authentication confirmation message after verifying the first authentication code in the first authentication message;
and the authentication access controller receives the first authentication confirmation message and then sends the authentication completion message to the request equipment.
3. The method of claim 1, wherein the message integrity check key is generated by negotiation between the requesting device and the authenticated access controller, and comprises:
the first verification message also comprises a first key exchange parameter generated by the authentication access controller according to the identity authentication key;
the second verification message also comprises a second key exchange parameter generated by the request equipment according to the identity authentication key;
the request equipment performs key exchange calculation according to a temporary private key corresponding to the second key exchange parameter and a temporary public key included in the first key exchange parameter to generate a first key, and calculates the message integrity verification key by using a key derivation algorithm according to information including the first key; and the authentication access controller performs key exchange calculation according to a temporary private key corresponding to the first key exchange parameter and a temporary public key included in the second key exchange parameter to generate the first key, and calculates the message integrity check key by using the key derivation algorithm according to information including the first key.
4. The method of claim 3, wherein the authentication access controller uses the identity authentication key to generate the first key exchange parameter by encrypting information including a temporary public key generated by the authentication access controller by using a symmetric encryption algorithm;
the request equipment encrypts information including a temporary public key generated by the request equipment by using the identity authentication key and a symmetric encryption algorithm to generate a second key exchange parameter;
the requesting device calculates the message integrity check key specifically by performing key exchange calculation according to a temporary private key corresponding to the second key exchange parameter and a temporary public key recovered from the first key exchange parameter to generate the first key, and then calculating the message integrity check key according to the information including the first key by using a key derivation algorithm;
specifically, the calculating of the message integrity check key by the authentication access controller is to perform key exchange calculation according to a temporary private key corresponding to the first key exchange parameter and a temporary public key recovered from the second key exchange parameter to generate the first key, and then calculate the message integrity check key by using the key derivation algorithm according to the information including the first key.
5. The method according to claim 4, wherein said authentication access controller calculates a hash value of said identity authentication key, and generates said first key exchange parameter by xoring said hash value with information including a temporary public key generated by said authentication access controller;
and the request equipment calculates a hash value of the identity authentication key, and generates the second key exchange parameter by carrying out XOR operation on the hash value and information including the temporary public key generated by the request equipment.
6. The method of claim 1, wherein the authentication request message further includes a first random number generated by the requesting device; the first authentication request message further comprises the first random number and a second random number generated by the authentication access controller;
the first random number and the second random number are also included in the first authentication response message; the first verification message further comprises the first random number and the second random number, the calculation data of the identity authentication key further comprises the first random number and the second random number, and the second verification message further comprises the second random number;
before the authenticating access controller sends the first verification message to the requesting device, the method further comprises:
the authentication access controller verifies the consistency of the second random number in the first authentication response message and the second random number generated by the authentication access controller;
before the requesting device sends a second verification message to the authenticating access controller, the method further comprises:
the requesting device verifies consistency of the first random number in the first verification message and the first random number generated by the requesting device;
before the authenticating access controller determines that the identity of the requesting device is legitimate, the method further includes:
the authentication access controller verifies the consistency of the second random number in the second verification message and the second random number generated by the authentication access controller.
7. The method according to claim 1, wherein the authentication request message further includes security capability parameter information supported by the requesting device, the method further comprising:
and the authentication access controller determines a specific security policy used by the authentication access controller according to the security capability parameter information, and the specific security policy is also included in the first verification message.
8. The method according to claim 1, wherein the authentication request message further includes an identity of at least one authentication server trusted by the requesting device, the method further comprising:
and the authentication access controller determines the second authentication server according to the identity of at least one authentication server trusted by the request equipment and the identity of the authentication server trusted by the authentication access controller in the authentication request message.
9. The method of claim 3, wherein the encrypted data of the identity information cryptogram of the requesting device further comprises an identity encryption key generated by the requesting device;
the first authentication response message further includes an identity ciphertext of the requesting device, where the identity ciphertext of the requesting device is obtained by encrypting, by the first authentication server, the identity of the requesting device with the identity encryption key obtained by decrypting the identity information ciphertext of the requesting device; the first verification message also comprises an identity identification ciphertext of the request equipment;
before the requesting device sends a second verification message to the authenticating access controller, the method further comprises:
and the request equipment verifies the identity identification ciphertext of the request equipment in the first verification message according to the identity identification of the request equipment and the identity identification encryption key.
10. The method of claim 1, wherein prior to generating the authentication complete message and the first attestation message, the method further comprises:
if the authentication access controller allocates a temporary identity to the requesting device, the authentication completion message and the first certificate storing message further include the temporary identity of the requesting device;
the first authentication server also stores the temporary identity of the requesting device when the requesting device determines that the identity of the authentication access controller is legal, and the first authentication server also stores the temporary identity of the requesting device when generating and storing a request passing record of the requesting device.
11. The method of claim 1, wherein obtaining the identity authentication key by the authentication access controller comprises: the authentication access controller decrypts an identity authentication key ciphertext by using a pre-shared encryption key of the second authentication server to obtain the identity authentication key; the identity authentication key ciphertext is generated by the second authentication server encrypting information comprising the identity authentication key using a pre-shared encryption key with the authentication access controller.
12. The method of claim 1, wherein the first authentication message further comprises a second authentication code, and the second authentication code is generated by the authentication access controller through calculation of other fields before the second authentication code in the first authentication message by using a pre-shared check key with the second authentication server, and before the first authentication server generates and stores the request passing record of the requesting device, the method further comprises:
the second authentication server verifies the correctness of the second identity authentication code by using a pre-shared verification key with the authentication access controller.
13. The method according to claim 1, wherein the first authentication request message further comprises an identity of the authentication access controller; the first authentication response message further includes an identity of the authentication access controller, and before the authentication access controller sends the first verification message to the requesting device, the method further includes:
the authentication access controller verifies the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller.
14. The method of claim 9, wherein the first authentication message further includes an identity of the authenticating access controller, the method further comprising:
when the identity of the request equipment is determined to be legal, the authentication access controller calculates and generates a session key for subsequent secret communication according to information including the first key, the identity identification ciphertext of the request equipment and the identity identification of the authentication access controller;
and when the identity of the authentication access controller is determined to be legal, the request equipment calculates and generates a session key for subsequent secret communication according to information including the first key, the identity identification ciphertext of the request equipment and the identity identification of the authentication access controller.
15. The method of claim 1, wherein the first authentication server and the second authentication server are different, the method further comprising:
the second authentication server receives a first authentication request message sent by the authentication access controller, generates a second authentication request message according to the first authentication request message, and sends the second authentication request message to the first authentication server; the second authentication request message comprises an identity information ciphertext of the request equipment;
the first authentication server generates a certificate random number, generates and sends a second authentication response message to the second authentication server; the second authentication response message comprises the identity authentication key and the certificate storing random number;
the second authentication server generates the first authentication response message according to the second authentication response message, wherein the first authentication response message comprises the identity authentication key and the certificate storing random number;
after the authentication access controller generates the first authentication message, sending the first authentication message to the second authentication server;
the second authentication server generates a second certificate storing message according to the first certificate storing message and sends the second certificate storing message to the first authentication server; the second certificate storing message comprises the first identity authentication code;
the first authentication server verifies the first authentication code, specifically, the first authentication server verifies the first authentication code in the second authentication message.
16. The method of claim 15, wherein the authentication access controller first sends the first authentication message to the second authentication server, the second authentication server generates a second authentication message according to the first authentication message, sends the second authentication message to the first authentication server, the first authentication server verifies the first identity authentication code in the second authentication message, and generates a second authentication confirmation message after the verification is passed;
the second authentication server generates a first authentication storage confirmation message after receiving the second authentication storage confirmation message, and sends the first authentication storage confirmation message to the authentication access controller;
and the authentication access controller receives the first authentication confirmation message and then sends the authentication completion message to the request equipment.
17. The method according to any one of claims 1 to 16,
the first message integrity check code is generated by the request device through calculation of other fields including the second verification message except the first message integrity check code by using the message integrity check key;
the second message integrity check code is generated by the authentication access controller through calculation of other fields including the authentication completion message except the second message integrity check code by using the message integrity check key.
18. The method according to any of claims 1 to 16, wherein the message sent by said requesting device to said authenticating access controller further comprises a hash value computed by said requesting device on the latest preamble message received from said authenticating access controller;
when the authentication access controller receives the message sent by the request device, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed;
the message sent by the authentication access controller to the request device also comprises a hash value calculated by the authentication access controller on the latest preamble message sent by the request device;
when the request device receives the message sent by the authentication access controller, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed;
the message sent by the authentication access controller to the second authentication server further comprises a hash value calculated by the authentication access controller on the received latest preamble message sent by the second authentication server;
when the second authentication server receives the message sent by the authentication access controller, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed;
the message sent by the second authentication server to the authentication access controller also comprises a hash value calculated by the second authentication server on the received latest preamble message sent by the authentication access controller;
when the authentication access controller receives the message sent by the second authentication server, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed;
the message sent by the first authentication server to the second authentication server also comprises a hash value calculated by the first authentication server on the received latest preorder message sent by the second authentication server;
when the second authentication server receives the message sent by the first authentication server, the hash value in the received message is verified, and the subsequent operation is executed after the verification is passed;
the message sent by the second authentication server to the first authentication server further comprises a hash value calculated by the second authentication server on the received latest preamble message sent by the first authentication server;
when the first authentication server receives the message sent by the second authentication server, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed.
19. An authenticated access controller, characterized in that the authenticated access controller comprises:
a receiving unit, configured to receive an authentication request message sent by a requesting device, where the authentication request message includes an identity information ciphertext of the requesting device; the identity information ciphertext of the request equipment is obtained by encrypting the encrypted data including the identity of the request equipment by using the public key of the encryption certificate;
a sending unit, configured to send a first authentication request message carrying an identity information ciphertext of the requesting device to a second authentication server trusted by the authentication access controller;
the receiving unit is further configured to receive a first authentication response message sent by the second authentication server, and obtain, from the first authentication response message, a credential storing random number generated by a first authentication server trusted by the requesting device and an identity authentication key generated by the first authentication server; the identity authentication key is calculated from calculation data comprising the first authentication server and a pre-shared encryption key of the requesting device;
the sending unit is further configured to send a first verification message to the requesting device, where the first verification message includes the authentication nonce;
the receiving unit is further configured to receive a second verification message sent by the requesting device, where the second verification message includes a first authentication code and a first message integrity check code; the first message integrity check code is generated by the request device through calculation of other fields including the second verification message except the first message integrity check code by using a message integrity check key between the request device and the authentication access controller; wherein, the message integrity check key is generated by calculation according to the information including the identity authentication key;
the processing unit is used for verifying the first message integrity check code, determining the identity of the request equipment to be legal after the verification is passed, and generating an authentication completion message and a first certificate storage message;
the sending unit is further configured to send the authentication completion message to the requesting device, and send the first credential storage message to the second authentication server.
20. The apparatus of claim 19, wherein the sending unit sends the first authentication message, and the sending unit sends the authentication completion message to the requesting device after the receiving unit receives the first authentication confirmation message.
21. The authentication access controller of claim 19, wherein the first verification message further includes a first key exchange parameter generated by the authentication access controller according to the identity authentication key, and the second verification message further includes a second key exchange parameter generated by the requesting device according to the identity authentication key, then the processing unit is further configured to: and performing key exchange calculation according to a temporary private key corresponding to the first key exchange parameter and a temporary public key included in the second key exchange parameter to generate a first key, and calculating the message integrity verification key by using a key derivation algorithm according to information including the first key.
22. The authentication access controller of claim 21, wherein the processing unit is further configured to: encrypting information including a temporary public key generated by the authentication access controller by using the identity authentication key and a symmetric encryption algorithm to generate a first key exchange parameter; the second key exchange parameter in the second verification message received by the receiving unit is generated by encrypting information including the temporary public key generated by the requesting device by using the identity authentication key and adopting a symmetric encryption algorithm;
the calculating, by the processing unit, the message integrity check key specifically includes performing key exchange calculation according to a temporary private key corresponding to the first key exchange parameter and a temporary public key recovered from the second key exchange parameter to generate the first key, and calculating the message integrity check key according to the information including the first key by using the key derivation algorithm.
23. The authentication access controller according to claim 22, wherein the processing unit is specifically configured to: and calculating a hash value of the identity authentication key, and carrying out XOR operation on the hash value and information including the temporary public key generated by the authentication access controller to generate the first key exchange parameter.
24. The authentication access controller of claim 19, wherein the authentication request message received by the receiving unit further includes a first random number generated by the requesting device; the first authentication request message sent by the sending unit further includes the first random number and a second random number generated by the authentication access controller;
the first authentication response message received by the receiving unit further includes the first random number and the second random number; the first verification message sent by the sending unit further includes the first random number and the second random number, the calculation data of the identity authentication key further includes the first random number and the second random number, and the second verification message received by the receiving unit further includes the second random number;
the processing unit is further configured to: verifying the second random number in the first authentication response message and the second random number generated by the authentication access controller for consistency; and verifying the consistency of the second random number in the second verification message and the second random number generated by the authentication access controller.
25. The controller according to claim 19, wherein the authentication request message received by the receiving unit further includes security capability parameter information supported by the requesting device; the processing unit is further configured to: and determining a specific security policy used by the authentication access controller according to the security capability parameter information, wherein the specific security policy is also included in the first verification message.
26. The authentication access controller according to claim 19, wherein the authentication request message received by the receiving unit further includes an identity of at least one authentication server trusted by the requesting device; the processing unit is further configured to: and determining the second authentication server according to the identity of at least one authentication server trusted by the request equipment and the identity of an authentication server trusted by the authentication access controller in the authentication request message.
27. The authentication access controller of claim 19, wherein the processing unit is further configured to: distributing a temporary identity for the requesting equipment; the authentication completion message and the first authentication message sent by the sending unit further include the temporary identity of the requesting device.
28. The authenticated access controller of claim 19, wherein the receiving unit obtains the identity authentication key by: decrypting an identity authentication key ciphertext by using the pre-shared encryption key of the second authentication server to obtain the identity authentication key; the identity authentication key ciphertext is generated by the second authentication server encrypting information including the identity authentication key by using a pre-shared encryption key of the authentication access controller.
29. The authenticated access controller of claim 19, wherein the first authentication request message sent by the sending unit further includes an identity of the authenticated access controller; the first authentication response message received by the receiving unit further includes the identity of the authentication access controller;
the processing unit is further configured to: and verifying the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller.
30. The authentication access controller of claim 21, wherein the first authentication response message received by the receiving unit further includes an identity cipher text of the requesting device, and the first verification message sent by the sending unit further includes an identity of the authentication access controller; the processing unit is further configured to: and when the identity of the request equipment is determined to be legal, calculating and generating a session key for subsequent secret communication according to information including the first key, the identity identification ciphertext of the request equipment and the identity identification of the authentication access controller.
31. The controller according to any of claims 19 to 30, wherein the first message integrity check code in the second verification message received by the receiving unit is calculated by the requesting device using the message integrity check key for fields including the second verification message other than the first message integrity check code.
32. An authentication access controller according to any of claims 19 to 30, wherein the message sent by said authentication access controller to said requesting device further comprises a hash value calculated by said authentication access controller on the last preamble message received sent by said requesting device; the message sent by the authentication access controller to the second authentication server further comprises a hash value calculated by the authentication access controller for the received latest preamble message sent by the second authentication server.
33. A requesting device, characterized in that the requesting device comprises:
a sending unit, configured to send an authentication request message to an authentication access controller, where the authentication request message includes an identity information ciphertext of the requesting device; the identity information ciphertext of the request equipment is obtained by encrypting the encrypted data including the identity of the request equipment by using the public key of the encryption certificate;
a receiving unit, configured to receive a first verification message sent by the authentication access controller, where the first verification message includes an authentication random number;
a processing unit, configured to calculate, using a pre-shared authentication check key of a first authentication server trusted by the requesting device, a first authentication code for information including the authentication random number; calculating and generating a first message integrity check code by using a message integrity check key pair between the request equipment and the authentication access controller, wherein the message integrity check key pair comprises other fields except the first message integrity check code in a second verification message; wherein the message integrity check key is calculated from information including an identity authentication key calculated from calculation data including a pre-shared encryption key of the requesting device and the first authentication server;
the sending unit is further configured to send the second verification message to the authentication access controller, where the second verification message includes the first identity authentication code and the first message integrity check code;
the receiving unit is further configured to receive an authentication completion message sent by the authentication access controller;
the processing unit is further configured to verify a second message integrity check code in the authentication completion message, and after the verification is passed, determine that the identity of the authentication access controller is legal; the second message integrity check code is generated by the authentication access controller through calculation of other fields including the authentication completion message except the second message integrity check code by using the message integrity check key.
34. The requesting device of claim 33, wherein the first authentication message further includes a first key exchange parameter generated by the authenticated access controller based on an identity authentication key; the second verification message further includes a second key exchange parameter generated by the requesting device according to the identity authentication key, and the processing unit is further configured to: and performing key exchange calculation according to a temporary private key corresponding to the second key exchange parameter and a temporary public key included in the first key exchange parameter to generate a first key, and calculating the message integrity verification key by using a key derivation algorithm according to information including the first key.
35. The requesting device of claim 34, wherein the first key handover parameter in the first verification message received by the receiving unit is generated by the authenticated access controller using a symmetric encryption algorithm to encrypt information including a temporary public key generated by the authenticated access controller by using the identity authentication key; the processing unit is further to: encrypting information including the temporary public key generated by the request equipment by using the identity authentication key and a symmetric encryption algorithm to generate a second key exchange parameter;
the calculating, by the processing unit, the message integrity check key specifically includes performing key exchange calculation according to a temporary private key corresponding to the second key exchange parameter and a temporary public key recovered from the first key exchange parameter to generate the first key, and calculating the message integrity check key according to the information including the first key by using the key derivation algorithm.
36. The requesting device of claim 35, wherein the processing unit is specifically configured to: and calculating a hash value of the identity authentication key, and performing exclusive-or operation on the hash value and information including the temporary public key generated by the request equipment to generate the second key exchange parameter.
37. The requesting device of claim 34, wherein the authentication request message sent by the sending unit further includes a first random number generated by the requesting device; the first verification message received by the receiving unit further includes the first random number and a second random number generated by the authentication access controller, the calculation data of the identity authentication key further includes the first random number and the second random number, and the second verification message sent by the sending unit further includes the second random number; the processing unit is further configured to: verifying consistency of the first random number in the first verification message and the first random number generated by the requesting device.
38. The requesting device of claim 34, wherein the encrypted data of the identity information cryptogram of the requesting device further includes an identity encryption key generated by the requesting device;
the first verification message received by the receiving unit further includes an identity identification ciphertext of the requesting device; the identity identification ciphertext of the requesting device is obtained by encrypting the identity identification of the requesting device by the first authentication server by using the identity identification encryption key obtained by decrypting the identity information ciphertext of the requesting device;
the processing unit is further configured to: and verifying the identity identification ciphertext of the request equipment in the first verification message according to the identity identification of the request equipment and the identity identification encryption key.
39. The requesting device of claim 33, wherein the authentication complete message received by the receiving unit further includes a temporary identity assigned by the authentication access controller to the requesting device; the processing unit is further configured to store the temporary identity of the requesting device when determining that the identity of the authenticated access controller is legitimate.
40. The requesting device of claim 38, wherein the first verification message received by the receiving unit further includes an identity of the authenticated access controller, and the processing unit is further configured to: and when the identity of the authentication access controller is determined to be legal, calculating and generating a session key for subsequent secret communication according to information including the first key, the identity identification ciphertext of the request equipment and the identity identification of the authentication access controller.
41. The requesting device of any of claims 33 to 40,
the processing unit is further configured to calculate, by using the message integrity check key, a first message integrity check code for other fields, except the first message integrity check code, included in the second verification message;
the second message integrity check code in the authentication completion message received by the receiving unit is calculated and generated by the authentication access controller by using the message integrity check key for other fields including the authentication completion message except the second message integrity check code.
42. The requesting device of any of claims 33-40, wherein the message sent by said requesting device to said authenticating access controller further comprises a hash value computed by said requesting device on the latest preamble message received from said authenticating access controller.
43. A first authentication server, wherein the first authentication server is an authentication server trusted by a requesting device, the first authentication server comprising:
the processing unit is used for decrypting an identity information ciphertext of the request equipment by using a private key corresponding to the encrypted certificate to obtain an identity of the request equipment, determining the legality of the request equipment according to the identity of the request equipment, and generating a certificate random number and an identity authentication key after determining that the identity of the request equipment is legal, wherein the identity authentication key is obtained by calculation according to calculation data including a pre-shared encrypted key of the first authentication server and the request equipment;
the processing unit is further configured to verify the first authentication code in the first authentication message, and generate and store a request passing record of the requesting device after the first authentication code passes the verification.
44. The first authentication server of claim 43, wherein the processing unit is further configured to generate a first credentialing confirmation message after the first authentication code in the first credentialing message is verified.
45. The first authentication server of claim 43, wherein the processing unit is further configured to save the temporary identity assigned by the authentication access controller to the requesting device when generating and storing the request pass record for the requesting device.
46. The first authentication server of claim 43, wherein said first authentication server is different from a second authentication server trusted by said authentication access controller, further comprising:
a receiving unit, configured to receive a second authentication request message sent by the second authentication server, where the second authentication request message includes an identity information ciphertext of the requesting device;
a sending unit, configured to send a second authentication response message to the second authentication server, where the second authentication response message includes the identity authentication key and the certificate storing random number;
the receiving unit is further configured to receive a second authentication message sent by the second authentication server, where the second authentication message includes the first identity authentication code;
the processing unit is specifically configured to verify the first authentication code in the second authentication message.
47. The first authentication server of claim 46, wherein the processing unit is further configured to generate a second credentialing confirmation message after the first authentication code in the second credentialing message is verified; the sending unit is further configured to send the second certificate verification message to the second authentication server.
48. The first authentication server of any one of claims 43 to 47, wherein the message sent by said first authentication server to said second authentication server further comprises a hash value calculated by said first authentication server on the received latest preamble message sent by said second authentication server.
49. A second authentication server, wherein the second authentication server is an authentication server trusted by an authentication access controller, the second authentication server comprising:
a receiving unit, configured to receive a first authentication request message carrying an identity information ciphertext of a requesting device, sent by the authentication access controller;
a sending unit, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes a certificate storing random number generated by a first authentication server trusted by the requesting device and an identity authentication key generated by the first authentication server;
the receiving unit is further configured to receive a first authentication message sent by the authentication access controller, where the first authentication message includes a first identity authentication code.
50. The second authentication server of claim 49, wherein the first authentication message received by the receiving unit further includes a second authentication code, and the second authentication code is generated by the authentication access controller through calculation on other fields before the second authentication code in the first authentication message by using a pre-shared check key of the authentication access controller and the second authentication server; the second authentication server further comprises:
and the verification unit is used for verifying the correctness of the second identity authentication code by using a pre-shared verification key of the authentication access controller.
51. The second authentication server of claim 49, wherein the second authentication server is different from the first authentication server trusted by the requesting device, the second authentication server further comprising:
the processing unit is used for generating a second authentication request message according to the first authentication request message, wherein the second authentication request message comprises an identity information ciphertext of the request device;
the sending unit is further configured to send the second authentication request message to the first authentication server;
the receiving unit is further configured to receive a second authentication response message sent by the first authentication server, where the second authentication response message includes the identity authentication key and the certificate storing random number;
the processing unit is further configured to generate the first authentication response message according to the second authentication response message;
the processing unit is further configured to generate a second authentication message according to the first authentication message, where the second authentication message includes the first authentication code;
the sending unit is further configured to send the second certificate storing message to the first authentication server.
52. The second authentication server of claim 51, wherein the receiving unit is further configured to receive a second authentication confirmation message generated by the first authentication server; the processing unit is further configured to generate a first certificate storing confirmation message after the receiving unit receives the second certificate storing confirmation message; the sending unit is further configured to send the first deposit confirmation message to the authentication access controller.
53. The second authentication server according to claims 49 to 52, wherein the message sent by the second authentication server to the authentication access controller further comprises a hash value computed by the second authentication server on the received latest preamble message sent by the authentication access controller; the message sent by the second authentication server to the first authentication server further comprises a hash value calculated by the second authentication server on the received latest preamble message sent by the first authentication server.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011569190.0A CN114760029A (en) | 2020-12-26 | 2020-12-26 | Identity authentication method and device |
PCT/CN2021/140035 WO2022135383A1 (en) | 2020-12-26 | 2021-12-21 | Identity authentication method and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011569190.0A CN114760029A (en) | 2020-12-26 | 2020-12-26 | Identity authentication method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114760029A true CN114760029A (en) | 2022-07-15 |
Family
ID=82158812
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011569190.0A Pending CN114760029A (en) | 2020-12-26 | 2020-12-26 | Identity authentication method and device |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN114760029A (en) |
WO (1) | WO2022135383A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115118439B (en) * | 2022-08-29 | 2023-01-20 | 北京智芯微电子科技有限公司 | Method and system for verifying terminal digital identity |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9232338B1 (en) * | 2004-09-09 | 2016-01-05 | At&T Intellectual Property Ii, L.P. | Server-paid internet access service |
CN100389555C (en) * | 2005-02-21 | 2008-05-21 | 西安西电捷通无线网络通信有限公司 | An access authentication method suitable for wired and wireless network |
CN101562814A (en) * | 2009-05-15 | 2009-10-21 | 中兴通讯股份有限公司 | Access method and system for a third-generation network |
GB2556906A (en) * | 2016-11-24 | 2018-06-13 | Trustonic Ltd | Handset identifier verification |
-
2020
- 2020-12-26 CN CN202011569190.0A patent/CN114760029A/en active Pending
-
2021
- 2021-12-21 WO PCT/CN2021/140035 patent/WO2022135383A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2022135383A1 (en) | 2022-06-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111314056B (en) | Heaven and earth integrated network anonymous access authentication method based on identity encryption system | |
JP4546240B2 (en) | User authentication method and system using challenge / response method | |
US8683209B2 (en) | Method and apparatus for pseudonym generation and authentication | |
CN101969638A (en) | Method for protecting international mobile subscriber identity (IMSI) in mobile communication | |
KR20180101870A (en) | Method and system for data sharing using attribute-based encryption in cloud computing | |
CN110176989B (en) | Quantum communication service station identity authentication method and system based on asymmetric key pool | |
JP7531817B2 (en) | Identity authentication method, authentication access controller and request device, storage medium, program, and program product | |
WO2022135391A1 (en) | Identity authentication method and apparatus, and storage medium, program and program product | |
CN114696999A (en) | Identity authentication method and device | |
WO2022135383A1 (en) | Identity authentication method and apparatus | |
CN111245611A (en) | Anti-quantum computing identity authentication method and system based on secret sharing and wearable equipment | |
WO2022135379A1 (en) | Identity authentication method and apparatus | |
CN114760035A (en) | Identity authentication method and device | |
CN114760043A (en) | Identity authentication method and device | |
CN114760034A (en) | Identity authentication method and device | |
CN113301026A (en) | Method for communication between servers | |
CN114760030A (en) | Identity authentication method and device | |
WO2022135401A1 (en) | Identity authentication method and apparatus, storage medium, program, and program product | |
WO2022135384A1 (en) | Identity authentication method and apparatus | |
WO2022135404A1 (en) | Identity authentication method and device, storage medium, program, and program product | |
US20240323188A1 (en) | Method and device for identity authentication | |
CN114760038A (en) | Identity authentication method and device | |
CN114760044A (en) | Identity authentication method and device | |
CN114760041A (en) | Identity authentication method and device | |
CN118138250A (en) | Medical sensor network double-factor identity authentication protocol based on PUF |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |