WO2022135418A1 - Identity authentication method and apparatus - Google Patents

Identity authentication method and apparatus Download PDF

Info

Publication number
WO2022135418A1
WO2022135418A1 PCT/CN2021/140178 CN2021140178W WO2022135418A1 WO 2022135418 A1 WO2022135418 A1 WO 2022135418A1 CN 2021140178 W CN2021140178 W CN 2021140178W WO 2022135418 A1 WO2022135418 A1 WO 2022135418A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
identity
key
message
access controller
Prior art date
Application number
PCT/CN2021/140178
Other languages
French (fr)
Chinese (zh)
Inventor
铁满霞
曹军
赵晓荣
赖晓龙
李琴
张变玲
黄振海
王月辉
Original Assignee
西安西电捷通无线网络通信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西安西电捷通无线网络通信股份有限公司 filed Critical 西安西电捷通无线网络通信股份有限公司
Publication of WO2022135418A1 publication Critical patent/WO2022135418A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0414Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden during transmission, i.e. party's identity is protected against eavesdropping, e.g. by using temporary identifiers, but is known to the other party or parties involved in the communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present application relates to the technical field of network communication security, and in particular, to an identity authentication method and device.
  • communication networks usually require two-way identity authentication between users and network access points to ensure that legitimate users can access legitimate networks.
  • the form of pre-shared key but in some scenarios in practical applications, one end uses a digital certificate as an identity credential, and the other end uses a pre-shared key as an identity credential, which poses a challenge to the entity identity authentication mechanism.
  • the identity information of the entity is directly exposed, and sometimes, the identity information of the entity contains some private or sensitive information of the entity, such as ID number, home address, bank card information, etc. If someone intercepted and then used it to engage in illegal activities, the consequences would be unimaginable. How to complete entity identification without exposing sensitive identity information has become a top priority.
  • the present application provides an identity authentication method and device, which can realize the two-way identity authentication of the entity and the identification of the entity in the case that the requesting device adopts a digital certificate and the authentication access controller adopts a pre-shared key as the identity credential.
  • Identity protection
  • an identity authentication method including:
  • the authentication access controller receives the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the first identity information ciphertext; the first identity information ciphertext is the public key pair of the encryption certificate used by the requesting device, including The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;
  • the authentication access controller sends a first authentication request message to its trusted first authentication server, where the first authentication request message includes the ciphertext of the first identity information and the identity authentication of the authentication access controller
  • the identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server, and adopts the cryptographic algorithm agreed with the first authentication server to pair all data including It is calculated and generated from the information including the ciphertext of the first identity information;
  • the authentication access controller receives a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information
  • the digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information.
  • the information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server.
  • An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;
  • the authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , send a third authentication response message to the requesting device, the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller using a message encryption key Generated by encrypting the encrypted data including the first authentication result information and the first digital signature;
  • the requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key to obtain the first authentication result information and the first digital signature;
  • the requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device determines the first digital signature according to the first verification result in the first authentication result information.
  • the identity authentication result of the authentication access controller when the requesting device determines that the identity authentication result of the authentication access controller is legal, it sends a fourth authentication response message to the authentication access controller; or,
  • the requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device sends a fourth authentication response message to the authentication access controller and sends a fourth authentication response message to the authentication access controller.
  • the first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,
  • the requesting device verifies the first digital signature by using the public key of the second authentication server; if the verification of the first digital signature passes, the requesting device verifies the first digital signature according to the first authentication result information.
  • a verification result determines the identity authentication result of the authentication access controller; the requesting device sends a fourth authentication response message to the authentication access controller;
  • the fourth authentication response message includes a second key ciphertext
  • the second key ciphertext is generated by encrypting information including the second key by using the message encryption key
  • the authentication access controller After receiving the fourth authentication response message, the authentication access controller decrypts the second key ciphertext by using the message encryption key to obtain a second key, and uses the second key to encrypt the second key.
  • the ciphertext of the second authentication result information is decrypted to obtain second authentication result information, and the identity authentication result of the requesting device is determined according to the second verification result in the second authentication result information.
  • a second aspect of the present application provides a requesting device, including:
  • An encryption module configured to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate to generate a ciphertext of the first identity information, the identity of the requesting device the information includes a digital certificate for the requesting device, and the first identity key includes a second key;
  • a sending module configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the first identity information ciphertext;
  • the receiving module is configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller.
  • the incoming controller encrypts the encrypted data including the first authentication result information and the first digital signature by using the message encryption key; the first authentication result information includes the first verification of the authentication access controller.
  • the first digital signature is a digital signature calculated and generated by the second authentication server trusted by the requesting device on the signature data including the first authentication result information;
  • a decryption module for decrypting the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature
  • a verification module configured to use the public key of the second authentication server to verify the first digital signature, and if the verification is passed, the determination module determines the authentication according to the first verification result in the first authentication result information The identity authentication result of the access controller; when the determining module determines that the identity authentication result of the authentication access controller is valid, the sending module sends a fourth authentication response message to the authentication access controller; or ,
  • the sending module sends a fourth authentication response message to the authentication access controller and the determination module is based on the The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,
  • the determination module determines according to the first verification result in the first authentication result information the identity authentication result of the authentication access controller; the sending module sends a fourth authentication response message to the authentication access controller;
  • the fourth authentication response message includes a second key ciphertext
  • the second key ciphertext is generated by the encryption module using a message encryption key to encrypt information including the second key .
  • a third aspect of the present application provides an authentication access controller, including:
  • a receiving module configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes a first identity information ciphertext; the first identity information ciphertext is a public key pair that the requesting device utilizes an encryption certificate to include: The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;
  • a sending module configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the authentication access control
  • the identity authentication code of the authentication access controller; the authentication access controller's identity authentication code is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the password agreed with the first authentication server.
  • the algorithm calculates and generates the information including the ciphertext of the first identity information;
  • the receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information
  • the digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information.
  • the information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server.
  • An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;
  • a verification module configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting a cryptographic algorithm agreed with the first authentication server;
  • the sending module is further configured to send a third authentication response message to the requesting device if the verification is passed, where the third authentication response message includes the ciphertext of the identity authentication result information, and the ciphertext of the identity authentication result information is the
  • the authentication access controller uses a message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature;
  • the receiving module is further configured to receive a fourth authentication response message sent by the requesting device, where the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is encrypted by using the message
  • the key is generated by encrypting the information including the second key
  • a decryption module configured to decrypt the second key ciphertext by using the message encryption key to obtain a second key, and use the second key to decrypt the second authentication result information ciphertext to obtain a second authentication result information;
  • a determination module configured to determine the identity authentication result of the requesting device according to the second verification result in the second authentication result information.
  • a fourth aspect of the present application provides a first authentication server, including:
  • the receiving module is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the identity authentication code of the authentication access controller, the first authentication request message
  • An identity information ciphertext is generated by the requesting device by encrypting the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate, and the identity information of the requesting device includes The digital certificate of the requesting device, the first identity key includes a second key, and the identity authentication code of the authentication access controller is the authentication access controller using the pre-preset with the first authentication server.
  • a shared key which is calculated and generated from the information including the ciphertext of the first identity information by using the cryptographic algorithm agreed with the first authentication server;
  • a sending module configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, the first digital signature of the second authentication server trusted by the requesting device, The ciphertext of the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result
  • the information including the information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code.
  • the server uses the pre-shared key with the authentication access controller, and uses the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information.
  • a fifth aspect of the present application provides a second authentication server, including:
  • a receiving module configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature or the second authentication
  • the request message includes the first authentication result information, the ciphertext of the first identity information and the second message authentication code; wherein, the ciphertext of the first identity information is the identity of the requesting device that is used by the requesting device using the public key of the encryption certificate information and information including the first identity key of the requesting device are encrypted and generated, the identity information of the requesting device includes the digital certificate of the requesting device, and the first identity key includes the second key;
  • the The second digital signature is calculated and generated by the first authentication server on the signature data including the first authentication result information and the ciphertext of the first identity information, or the second message authentication code is the first authentication code.
  • An authentication server calculates and generates the information including the first authentication result information and the ciphertext of the first identity information;
  • a verification module configured to verify the second digital signature using the public key of the first verification server or verify the second message verification code using the pre-shared key with the first verification server, if the verification is passed, then Decrypt the ciphertext of the first identity information with the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;
  • a generating module configured to generate the second authentication result information according to the information including the second authentication result, and use the second key to encrypt the information including the second authentication result information to generate the second authentication result Information ciphertext, calculating the signature data including the first authentication result information to generate a first digital signature, calculating the signature data including the second authentication result information ciphertext to generate a third digital signature or The information including the ciphertext of the second authentication result information is calculated to generate a third message authentication code;
  • a sending module configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result
  • the ciphertext of the information and the third digital signature or the second authentication response message includes the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the third message Authentication code.
  • a sixth aspect of the present application provides a requesting device, including:
  • the processor is configured to call the program instructions stored in the memory, and execute the method on the requesting device side in the first aspect according to the obtained program.
  • a seventh aspect of the present application provides an authentication access controller, including:
  • the processor is configured to call the program instructions stored in the memory, and execute the method for identifying the access controller side in the first aspect according to the obtained program.
  • An eighth aspect of the present application provides a first authentication server, including:
  • the processor is configured to call the program instructions stored in the memory, and execute the method on the first authentication server side in the first aspect according to the obtained program.
  • a ninth aspect of the present application provides a second authentication server, including:
  • the processor is configured to call the program instructions stored in the memory, and execute the method on the second authentication server side in the first aspect according to the obtained program.
  • a tenth aspect of the present application provides a computer storage medium, where the computer storage medium stores computer-executable instructions, where the computer-executable instructions are used to cause the computer to execute the method described in the first aspect.
  • the requesting device uses a digital certificate as its identity credential
  • the authentication access controller uses a pre-shared key as its identity credential.
  • Send an identity ciphertext message to the authentication access controller the identity ciphertext message includes the first identity information ciphertext, that is, the requesting device uses the public key of the encryption certificate to pair the identity information of the requesting device and the first identity secret of the requesting device.
  • the key and the agreed cryptographic algorithm calculate the information including the first identity information ciphertext to generate an identity authentication code that authenticates the access controller, and send the ciphertext carrying the first identity information and the authentication access controller to the first authentication server.
  • the first authentication request message of the identity authentication code of the controller, the second authentication server trusted by the requesting device verifies the legality of the digital certificate of the requesting device, and the first authentication server authenticates the identity of the authentication access controller. After the verification is completed, the first authentication server sends a first authentication response message to the authentication access controller.
  • the first authentication response message includes the first authentication result information, the first digital signature of the second authentication server, the second authentication response The ciphertext of the authentication result information and the first message authentication code of the first authentication server, and then the authentication access controller uses the pre-shared key with the first authentication server and the agreed cryptographic algorithm to verify the first message authentication code of the first authentication server , after the verification is passed, send the third authentication response message carrying the ciphertext of the identity authentication result information to the requesting device, and the requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the first authentication result information, and obtains the authentication access from it.
  • the authentication result of the controller when it is determined that the identity of the authentication access controller is valid, the authentication access controller sends a fourth authentication response message including the ciphertext of the second key to the authentication access controller, and the authentication access controller uses the message encryption key to decrypt the first authentication response message.
  • the second key is obtained from the two-key ciphertext, and the second authentication result information ciphertext is decrypted with the second key to obtain the second authentication result information, and the verification result of the requesting device is obtained from the second authentication result information, so as to realize the requesting device.
  • the two-way identity authentication of the access controller and the authentication access controller lays the foundation for ensuring that only legitimate users can access the legitimate network.
  • the entity's identity information and/or identity authentication result information is transmitted in the form of cipher text, which ensures the security of private information during the transmission process and realizes the entity's identity protection.
  • FIG. 1 is a schematic diagram of an identity authentication method provided by an embodiment of the present application.
  • FIG. 2 is a schematic diagram of a method for requesting a device REQ and an authentication access controller AAC to negotiate a message encryption key according to an embodiment of the present application;
  • FIG. 3 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;
  • FIG. 4 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;
  • FIG. 5 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;
  • FIG. 6 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;
  • FIG. 7 is a structural block diagram of a requesting device REQ provided by an embodiment of the present application.
  • FIG. 8 is a structural block diagram of an authentication access controller AAC according to an embodiment of the present application.
  • FIG. 9 is a structural block diagram of a first authentication server AS-AAC according to an embodiment of the present application.
  • FIG. 10 is a structural block diagram of a second authentication server AS-REQ provided by an embodiment of the application.
  • FIG. 11 is a structural block diagram of another requesting device REQ provided by an embodiment of the present application.
  • FIG. 12 is a structural block diagram of another authentication access controller AAC provided by an embodiment of the present application.
  • FIG. 13 is a structural block diagram of another first authentication server AS-AAC provided by an embodiment of the present application.
  • FIG. 14 is a structural block diagram of another second authentication server AS-REQ provided by an embodiment of the present application.
  • the requesting device can access the network through the authentication access controller.
  • the authentication between the access controller and the requesting device needs to be performed.
  • MIA Mutual Identity Authentication
  • the requesting device can be a mobile phone, a personal digital assistant (PDA), a tablet computer, etc.
  • the terminal device, the authentication access controller can be a network side device such as a wireless access point and a wireless router.
  • the requesting device may be a terminal device such as a desktop computer or a notebook computer, and the authentication access controller may be a network-side device such as a switch or a router.
  • the requesting device may be a terminal device such as a mobile phone and a tablet computer.
  • the authentication access controller may be a network side device such as a base station.
  • the present application is also applicable to various data communication scenarios such as other wired networks and short-range communication networks.
  • the identity certificate of the entity is either in the form of a digital certificate or a pre-shared key.
  • the pre-shared key is used as an identity certificate, no concise and effective authentication mechanism is proposed.
  • the identity information of the entity is directly exposed, so that its security cannot be guaranteed.
  • an embodiment of the present application provides an identity authentication method.
  • the authentication access controller trusts the application scenario.
  • the first authentication server verifies the identity authentication code of the authentication access controller to obtain the first verification result
  • the second authentication server trusted by the requesting device verifies the legality of the digital certificate of the requesting device to obtain the second verification result
  • the requesting device and the authentication access control The device determines whether the other entity is legal according to the corresponding verification results of the counterpart entity, and realizes the two-way identity authentication between the authentication access controller and the requesting device, thus laying the foundation for ensuring that only legal users can communicate with the legal network.
  • the private information of the entity such as identity identification, authentication result information, etc., is transmitted in the form of cipher text, which ensures the security of the private information during the transmission process and realizes the identity protection of the entity.
  • REQ request device
  • AAC authentication Access Controller
  • AS authentication server
  • the AS trusted by AAC is called the first authentication server AS-AAC, and the AS trusted by REQ is called the second authentication server AS-REQ.
  • AS-REQ holds digital certificates and private keys corresponding to digital certificates that comply with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems.
  • AS-AAC can verify the legitimacy of AAC's identity.
  • AS-REQ Can verify the legitimacy of REQ's digital certificate.
  • AS-AAC and AS-REQ can be the same AS or different ASs. When AS-AAC is the same as AS-REQ, it is a non-roaming situation; when AS-AAC is different from AS-REQ, it is a roaming situation.
  • AS-AAC and AS-REQ trust each other and know each other's digital certificate or the public key in the digital certificate.
  • the certificate decryption server (Certificate Sever-Decrypt, CS-DEC for short) holds the encryption certificate and the private key corresponding to the encryption certificate in accordance with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems, and its encryption certificate There can be one or more, and the CS-DEC can be a standalone server or reside in AS-AAC and/or AS-REQ.
  • REQ can be an endpoint participating in the authentication process, establish a connection with AAC, access services provided by AAC, and access AS through AAC, REQ holds ISO/IEC 9594-8/ITU X.509, other standards or other technical systems
  • REQ knows the digital certificate of AS-REQ or the public key in the digital certificate, and knows the encryption certificate of CS-DEC or the public key in the encryption certificate.
  • the AAC can be another endpoint that participates in the authentication process, establishes a connection with the REQ, provides services, communicates with the REQ, and can directly access the AS-AAC, with a pre-shared key between the AAC and the AS-AAC, and in some If you know the encryption certificate of CS-DEC or the public key in the encryption certificate.
  • the AAC receives the identity ciphertext message REQInit sent by the REQ.
  • the REQInit includes the first identity information ciphertext EncPub AS_REQ .
  • EncPub AS_REQ is generated by REQ using the public key of the encrypted certificate to encrypt the encrypted data including the identity information of REQ and the first identity key of REQ;
  • the identity information of REQ includes the digital certificate Cert REQ of REQ, the first identity
  • the keys include the second key Nonce REQPub .
  • the AAC sends a first authentication request message AACVeri to the AS-AAC it trusts.
  • the AACVeri includes the identification code MIC AAC of EncPub AS_REQ and AAC.
  • the MIC AAC is calculated and generated by the AAC using the pre-shared key K AAC_AS with the AS-AAC and the cryptographic algorithm agreed with the AS-AAC on the information including the EncPub AS_REQ .
  • the cryptographic algorithm agreed by AAC and AS-AAC may be a hash algorithm.
  • K AAC_AS By using the K AAC_AS , combined with the hash algorithm, other fields including the MIC AAC field in AACVeri, such as the information including EncPub AS_REQ , are processed A hash value is obtained by the hash operation, and the hash value is used as the identification code MIC AAC of the AAC .
  • the AS-AAC verifies the MIC AAC to obtain the first verification result Res AAC
  • the AS-REQ trusted by the REQ verifies the Cert REQ obtained by decrypting the EncPub AS_REQ to obtain the second verification result Res REQ .
  • AS-AAC the authentication server trusted by REQ and AAC
  • AS-AAC the authentication server trusted by REQ and AAC
  • AS-AAC the authentication server trusted by REQ and AAC
  • AS-AAC the authentication server trusted by REQ and AAC
  • AS-AAC the authentication server trusted by REQ and AAC
  • AS-AAC the authentication server trusted by REQ and AAC
  • AS-AAC the authentication server trusted by REQ and AAC
  • AS-AAC can also be expressed as AS-REQ
  • the Cert REQ obtained by decrypting the EncPub AS_REQ can be verified to obtain Res REQ .
  • the decryption operation of EncPub AS_REQ can be performed by the certificate decryption server CS-DEC, CS-DEC decrypts EncPub AS_REQ by using the private key corresponding to the encrypted certificate, and AS-AAC (also can be expressed as AS-REQ) from CS-DEC Obtain the Cert REQ that decryption obtains; Or, AS-AAC (also can be expressed as AS-REQ) utilizes the private key corresponding to the encryption certificate of CS-DEC residing in AS-AAC (also can be expressed as AS-REQ) to decrypt EncPub AS_REQ get Cert REQ .
  • AS-AAC (which can also be expressed as AS-REQ) first determines the pre-shared key K AAC_AS with AAC and the agreed cryptographic algorithm, and then uses the K AAC_AS to use the cryptographic algorithm to Include other fields before the MIC AAC field in AACVeri, such as information including EncPub AS_REQ , calculate the MIC AAC locally, and then compare the calculated MIC AAC with the received MIC AAC to complete the verification of the MIC AAC .
  • the AS- AAC determines the K AAC_AS and the cryptographic algorithm, it can pre-determine the effective pre-shared key K AAC_AS and the cryptographic algorithm with the AAC;
  • the AAC can determine the valid pre-shared key K AAC_AS and the cryptographic algorithm it has with the AAC according to the ID AAC .
  • AS-AAC (may also be expressed as AS-REQ) generates first authentication result information Pub AAC according to the information including the Res AAC , and generates second authentication result information Pub according to the information including the Res REQ REQ , use the Nonce REQPub obtained by decrypting EncPub AS_REQ to encrypt the information including Pub REQ to obtain the second authentication result information ciphertext (for example, the Nonce REQPub and Pub REQ can be XORed to generate the second authentication result information ciphertext i.e.
  • the K AAC_AS calculates and generate the first message authentication code MIC AS_AAC of AS-AAC on the information including the ciphertext of the second authentication result information using the cryptographic algorithm (also can be expressed as AS-REQ).
  • the first message authentication code MIC AS_REQ ) the signature data including the Pub AAC is calculated to generate the first digital signature Sig AS_AAC1 (also can be expressed as Sig AS_REQ1 ), according to the Pub AAC , the Sig AS_AAC1 ( It can also be expressed as Sig AS_REQ1 ), the ciphertext of the second authentication result information, and the information including the MIC AS_AAC (also expressed as MIC AS_REQ ) to generate the first authentication response message ASVeri.
  • the AS-AAC verifies the MIC AAC to obtain the Res AAC , and the AS-REQ decrypts the EncPub AS_REQ to obtain the Res AAC. The validity of Cert REQ is verified to obtain Res REQ .
  • AS-AAC uses the pre-shared key K AAC_AS with the AAC, uses the cryptographic algorithm agreed with the AAC to verify the MIC AAC to obtain Res AAC , and generates the first authentication result according to the information including the Res AAC Information Pub AAC , calculate and generate a second digital signature Sig AS_AAC2 for the signature data including the Pub AAC and the EncPub AS_REQ , and send the second authentication request message AS-AACVeri to AS-REQ, in the AS-AACVeri Including the Pub AAC , the EncPub AS_REQ and the Sig AS_AAC2 .
  • Sig AS_AAC2 can be replaced by MIC AS_AAC2
  • MIC AS_AAC2 is that AS-AAC utilizes the pre-shared key with AS-REQ, adopts the cryptographic algorithm agreed with AS-REQ to pair the Pub AAC and EncPub AS_REQ .
  • the message calculates the generated second message authentication code.
  • AS-REQ uses the public key of AS-AAC to verify Sig AS_AAC2 or uses the pre-shared key with AS-AAC to verify MIC AS_AAC2 using the cryptographic algorithm agreed with AS-AAC.
  • the Cert REQ obtained by the described EncPub AS_REQ is verified for validity to obtain the Res REQ , and then the second authentication result information Pub REQ is generated according to the information including the Res REQ , and the Nonce REQPub obtained by decrypting the described EncPub AS_REQ is used to decipher the information including the Pub REQ .
  • the information is encrypted to generate the second authentication result information ciphertext, and the first digital signature Sig AS_REQ1 is calculated and generated for the signature data including the Pub AAC , and the signature data including the second authentication result information ciphertext is calculated and generated.
  • the third digital signature Sig AS_REQ3 and sends a second authentication response message AS-REQVeri to AS-AAC, the AS-REQVeri includes the Pub AAC , the Sig AS_REQ1 , the second authentication result information ciphertext and all Sig AS_REQ3 described above.
  • Sig AS_REQ3 can be replaced with MIC AS_REQ3
  • MIC AS_REQ3 is that AS-REQ uses the pre-shared key with AS-AAC, and adopts the cryptographic algorithm agreed with AS-AAC to pair the ciphertext including the second authentication result information.
  • the information calculates the generated third message authentication code.
  • AS-AAC uses the public key of AS-REQ to verify the Sig AS_REQ3 , or uses the pre-shared key with AS-REQ to verify the MIC AS_REQ3 using the cryptographic algorithm agreed with AS-REQ.
  • K AAC_AS adopt the cryptographic algorithm agreed with AAC to calculate and generate the first message authentication code MIC AS_AAC of AS-AAC on the information including the ciphertext of the second authentication result information, and according to including the Pub AAC , the described Information including Sig AS_REQ1 , the ciphertext of the second authentication result information, and the MIC AS_AAC generates the first authentication response message ASVeri.
  • the AAC receives the first authentication response message ASVeri sent by the AS-AAC.
  • the ASVeri includes the first authentication result information, the first digital signature Sig AS_REQ1 , the ciphertext of the second authentication result information and the first message authentication code MIC AS_AAC of the AS-AAC.
  • the AAC uses the pre-shared key with the AS-AAC, and uses the cryptographic algorithm agreed with the AS-AAC to verify the MIC AS_AAC .
  • AAC utilizes the pre-shared key K AAC_AS with AS-AAC and adopts the cryptographic algorithm agreed with AS-AAC to calculate and generate MIC AS_AAC for the information including the ciphertext of the second authentication result information, and compare the calculated MIC AS_AAC with the received MIC AS_AAC .
  • the received MIC AS_AACs are compared. If they are consistent, the MIC AS_AAC verification is passed. If they are inconsistent, the ASVeri is discarded.
  • AAC sends a third authentication response message AACAuth to REQ.
  • the AACAuth includes the ciphertext EncData AAC of the identity authentication result information.
  • the EncData AAC is generated by the AAC encrypting the encrypted data including the first authentication result information and the first digital signature Sig AS_REQ1 by using the message encryption key.
  • the encrypted object is called encrypted data.
  • REQ decrypts the EncData AAC by using the message encryption key to obtain the first authentication result information and Sig AS_REQ1 .
  • REQ verifies the Sig AS_REQ1 by using the public key of AS-REQ.
  • the REQ determines the identity authentication result of the AAC according to the Res AAC in the first authentication result information.
  • the REQ can determine whether the AAC is legal according to the Res AAC in the first authentication result information.
  • REQ sends a fourth authentication response message REQAuth to the AAC.
  • the REQAuth includes the second key ciphertext EncData REQ .
  • EncData REQ is generated by REQ encrypting information including Nonce REQPub by using a message encryption key.
  • the execution order of S107 to S109 does not affect the specific implementation of the present application.
  • the execution order of S107 to S109 can be set according to requirements.
  • the REQ determines that AAC is legal execute S109 again.
  • the REQ determines that the AAC is illegal, the REQ selects whether to execute S109 according to the local policy. Considering the efficiency, the preferred solution is not to execute and end the current authentication process.
  • AAC uses the message encryption key to decrypt the EncData REQ to obtain the Nonce REQPub , uses the Nonce REQPub to decrypt the ciphertext of the second authentication result information to obtain the second authentication result information, and determines the identity of the REQ according to the Res REQ in the second authentication result information Identification results.
  • the AAC can determine whether the REQ is legal according to the Res REQ in the second authentication result information.
  • the application scenario in which a digital certificate is used for the requesting device and the pre-shared key authentication method is used for the authentication access controller uses the pre-shared key agreed with the authentication access controller to verify the identity authentication code of the authentication access controller to obtain a first verification result, which is verified by the second authentication server trusted by the requesting device.
  • the digital certificate of the requesting device is verified to obtain the second verification result, and the requesting device and the authentication access controller obtain the verification results corresponding to the counterpart entity respectively, so as to determine whether the counterpart entity is legal, and realize the authentication between the access controller and the requesting device.
  • Two-way authentication lays the foundation for ensuring that only legitimate users can access legitimate networks.
  • the private information of the entity such as identity identification, authentication result information, etc.
  • AAC can generate a message integrity check code.
  • the AACAuth of S105 may also include the first message integrity check code MacTag AAC , and MacTag AAC is calculated and generated by AAC using the message integrity check key to include other fields in AACAuth except MacTag AAC ; then in REQ Before determining the identity authentication result of the AAC, REQ can use the message integrity check key to verify the MacTag AAC , and then determine the identity authentication result of the AAC after the verification is passed.
  • REQ can also generate message integrity check codes.
  • the REQAuth of S109 may further include the second message integrity check code MacTag REQ , where MacTag REQ is calculated and generated by REQ using the message integrity check key to include other fields in REQAuth except MacTag REQ .
  • the AAC can use the message integrity check key to verify the MacTag REQ , and then determine the identity authentication result of the REQ after the verification is passed.
  • the AAC verifies the MacTag REQ , it should use the message integrity check key pair to include other fields in REQAuth except the MacTag REQ to generate the MacTag REQ locally, and compare the locally calculated MacTag REQ with the received REQAuth. Whether the MacTag REQs are consistent, if they are consistent, the verification is passed; if they are inconsistent, the verification fails.
  • REQInit of S101 may also include the digital signature Sig REQ of REQ, and the signature data of Sig REQ includes other fields before Sig REQ in REQInit, then before AAC determines the identity authentication result of REQ, AAC also needs to determine Sig REQ Whether the REQ has passed the verification, and if it is determined that the Sig REQ has passed the verification, the identity verification result of the REQ is then determined according to the Res REQ in the second verification result information.
  • the object to be signed is called signature data.
  • AAC determines whether the Sig REQ is verified through the following methods:
  • An implementation manner is that when the second authentication result information further includes Cert REQ , the AAC uses the Cert REQ in the second authentication result information to verify the Sig REQ , and determines whether the Sig REQ is verified according to the verification result.
  • AS-REQ uses the Cert REQ obtained by decrypting the EncPub AS_REQ to verify the Sig REQ , if the verification is passed, then continue to perform subsequent operations, and send the first authentication response message ASVeri to the AAC, if the verification fails If passed, the first authentication response message ASVeri will not be sent to the AAC; therefore, if the AAC can receive the ASVeri, the AAC determines that the Sig REQ has passed the verification.
  • information such as random numbers and identity identifiers generated by the requesting device and/or the authentication access controller may be transmitted in messages exchanged in the identity authentication process.
  • the random number and/or ID carried in the received message should be the same as the random number and/or ID carried in the sent message. Loss or tampering of parameter information. Therefore, in some embodiments, the reliability of the authentication result can also be ensured by comparing whether the random numbers and/or identity identifiers in the received and received messages are consistent.
  • the AACVeri of S102 may also include the first random number Nonce AAC generated by the ID AAC and/or AAC of the AAC , correspondingly, the ASVeri of S103 also includes ID AAC and/or Nonce AAC ; then in Before S105, the AAC can verify the consistency of the ID AAC in ASVeri and the ID AAC of the AAC itself (that is, the ID AAC sent by AAC through AACVeri), and/or, generate the Nonce AAC and AAC in ASVeri The consistency of the Nonce AAC (that is, the Nonce AAC sent by the AAC through the AACVeri) is verified, and if the verification is passed, the AAC executes S105 again.
  • the first authentication result information may further include ID AAC
  • the encrypted data of EncData AAC in AACAuth of S105 also includes ID AAC
  • REQ also needs to Verify the consistency of the ID AAC in the first authentication result information and the ID AAC obtained by decrypting the EncData AAC , if the verification is passed, then REQ determines the identity authentication of the AAC according to the Res AAC in the first authentication result information result.
  • the REQ may also perform consistency verification on the second random number Nonce REQ generated by the REQ and/or the identity ID REQ of the REQ.
  • the identity information of REQ may also include ID REQ
  • the first identity key may also include a third key Nonce REQID
  • the encrypted data of the first identity information ciphertext EncPub AS_REQ not only includes Cert REQ and Nonce REQPub
  • Nonce REQID it is also possible to use Nonce REQID to encrypt the information including ID REQ to generate the identity ciphertext of REQ (simple, the identity ciphertext of REQ can be Nonce REQID and ID REQ).
  • ID REQ is generated by XOR operation, namely ), then the ASVeri of S103 also includes the identity ciphertext of REQ, and the encrypted data of the EncData AAC in the AACAuth of S105 also includes the identity ciphertext of REQ; Correspondingly, before REQ determines the identity authentication result of AAC, REQ also It is necessary to verify the identity ciphertext of the REQ obtained by decrypting the EncData AAC according to its own identity ID REQ and the Nonce REQID . The specific verification includes: REQ uses the Nonce REQID to verify the REQ including the REQ's own identity ID REQ .
  • the information is encrypted to generate the ciphertext of the REQ's identity, and the generated ciphertext of the REQ's identity is verified with the ciphertext of the REQ's identity obtained by decrypting the EncData AAC ; or, the REQ uses the Nonce REQID to decrypt the ciphertext of the REQ's identity.
  • the ID REQ is obtained, and the ID REQ obtained by decryption is subjected to consistency verification with the ID REQ of the REQ itself; if the verification is passed, the REQ determines the identity authentication result of the AAC according to the Res AAC in the first authentication result information.
  • the REQInit of S101 may also include Nonce REQ
  • the AACVeri of S102 and the ASVeri of S103 may also include Nonce REQ
  • the encrypted data of EncData AAC in AACAuth of S105 also includes Nonce REQ .
  • REQ needs to verify the consistency between the Nonce REQ obtained by decrypting the EncData AAC and the Nonce REQ generated by REQ. Res AAC determines the identity authentication result of AAC.
  • the identity ID AAC of the AAC, the first authentication result information, etc. are transmitted in plain text. Considering the security of AAC sensitive information, the above information can also be transmitted in cipher text.
  • the AACVeri of S102 may further include the second identity information ciphertext EncPub AS_AAC , where the EncPub AS_AAC is a pair of the second identity secret including ID AAC and AAC using the public key of the encryption certificate by AAC
  • the second identity key includes the fourth key Nonce AACPub and the fifth key Nonce AACID .
  • the ASVeri of S103 includes the first authentication result information, Sig AS_REQ1 , the ciphertext of the identity identification of AAC, the ciphertext of the second authentication result information, and MIC AS_AAC .
  • the first authentication result information exists in the form of cipher text (for example, the Nonce AACPub is used to encrypt and generate the information including the Pub AAC . ); AAC's identity ciphertext is generated by AS-AAC using the Nonce AACID to encrypt the information including the ID AAC (simple, it can be generated for the XOR operation, i.e. ).
  • the AAC can verify the ciphertext of the AAC's identity according to the AAC's own identity ID AAC and the fifth key Nonce AACID .
  • the specific verification includes: AAC uses the Nonce AACID Encrypt the information including the AAC's own identity ID AAC to generate the AAC's identity ciphertext, and perform consistency verification between the generated AAC's identity ciphertext and the AAC's identity ciphertext received in the ASVeri of S103 Or, AAC uses Nonce AACID to decrypt AAC's identity ciphertext to obtain ID AAC , and verifies the consistency between the decrypted ID AAC and AAC's own identity ID AAC , and sends AACAuth to REQ after the verification is passed.
  • the encrypted data of the EncData AAC in the AACAuth of S105 also includes the Nonce AACPub ;
  • REQ can utilize the Nonce AACPub obtained by decrypting the EncData AAC to decrypt the first authentication result information and obtain The first verification result Res AAC , and then the identity authentication result of the AAC is determined according to the first verification result Res AAC .
  • the message encryption key used by REQ and AAC can be obtained through negotiation or shared in advance. Therefore, this embodiment also provides a method for REQ and AAC to negotiate a message encryption key, see FIG. 2 , the method includes:
  • the AAC sends a key request message AACInit to the REQ.
  • the AACInit includes the key exchange parameter KeyInfo AAC of the AAC, and the KeyInfo AAC includes the temporary public key of the AAC, wherein the key exchange refers to a key exchange algorithm such as Diffie-Hellman (DH for short) .
  • the AACInit may also include the first random number Nonce AAC generated by AAC .
  • the AACInit may also include Security capabilities AAC ,
  • Security capabilities AAC represents the security capability parameter information supported by AAC, including the identity authentication suite supported by AAC (the identity authentication suite includes one or more identity authentication methods), symmetric encryption algorithm, Integrity verification algorithm and/or key derivation algorithm, etc., for REQ to select and use a specific security policy, REQ can select the specific security policy Security capabilities REQ used by REQ according to Security capabilities AAC .
  • Security capabilities REQ means that REQ determines the identity authentication method, symmetric encryption algorithm, integrity check algorithm and/or key derivation algorithm to be used accordingly.
  • REQ performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter KeyInfo REQ including REQ and the temporary public key included in KeyInfo AAC to generate a first key, and according to the information including the first key
  • the message encryption key is calculated using a key derivation algorithm.
  • the REQ can perform the key exchange calculation according to the temporary private key corresponding to the KeyInfo REQ and the temporary public key included in the KeyInfo AAC to generate the first key K1, and combine K1 to include Information including Nonce AAC and the second random number Nonce REQ generated by REQ, use the negotiated or preset key derivation algorithm to calculate the message encryption key.
  • the negotiated key derivation algorithm may be the key derivation algorithm selected by the REQ according to the Security capabilities AAC sent by the AAC.
  • KeyInfo REQ is the key exchange parameter generated by REQ, including the temporary public key of REQ.
  • the temporary private key corresponding to KeyInfo REQ is a temporary private key generated by REQ and corresponding to the temporary public key of REQ, that is, the temporary public key and the temporary private key are a pair of temporary public and private keys.
  • REQ sends an identity ciphertext message REQInit to the AAC.
  • the REQInit includes KeyInfo REQ , so that AAC calculates and obtains the message encryption key according to the information including the temporary private key corresponding to KeyInfo AAC and the temporary public key included in KeyInfo REQ .
  • the temporary private key corresponding to the KeyInfo AAC is a temporary private key generated by the AAC and corresponding to the temporary public key of the AAC, that is, the temporary public key and the temporary private key are a pair of temporary public and private keys.
  • the REQInit may also include Security capabilities REQ .
  • the REQInit may also include the Nonce REQ , so that the AAC can be calculated according to the information including the temporary private key corresponding to the KeyInfo AAC , the temporary public key included in the KeyInfo REQ , the Nonce AAC and the Nonce REQ .
  • the message encryption key may also include Security capabilities REQ .
  • the REQInit may also include the Nonce REQ , so that the AAC can be calculated according to the information including the temporary private key corresponding to the KeyInfo AAC , the temporary public key included in the KeyInfo REQ , the Nonce AAC and the Nonce REQ .
  • the message encryption key may also include Security capabilities REQ .
  • the REQInit may also include the Nonce AAC , and the AAC may verify the consistency of the Nonce AAC in the REQInit and the Nonce AAC generated by the AAC before calculating the message encryption key, to ensure that the REQInit received by the AAC is a response to AACInit information.
  • AAC performs key exchange calculation according to the temporary private key corresponding to the KeyInfo AAC and the temporary public key included in the KeyInfo REQ to generate the first key, and uses the encrypted key according to the information including the first key.
  • the key derivation algorithm computes the message encryption key.
  • the AAC may perform key exchange calculation according to the temporary private key corresponding to the KeyInfo AAC and the temporary public key included in the KeyInfo REQ to generate the first key K1 , combine K1 with the information including the Nonce AAC and the Nonce REQ , and use the negotiated or preset key derivation algorithm to calculate the message encryption key.
  • the negotiated key derivation algorithm may be the key derivation algorithm selected and used by the AAC according to the Security capabilities REQ sent by the REQ.
  • REQ and AAC can also generate a message integrity check key.
  • the implementation manner in which the REQ and the AAC each generate the message integrity check key is the same as the implementation manner in which the REQ and the AAC each generate the message encryption key exemplified in the embodiment of FIG. 2 .
  • AAC can use the key derivation algorithm to derive a string of key data in the manner of the embodiment in FIG. 2, and the key data can be used as both a message encryption key and a message integrity check key, or, the key data can be used as a message encryption key and a message integrity check key.
  • a part of the key data in the key data is used as the message encryption key, and the other part of the key data is used as the message integrity check key;
  • AAC can also use the key derivation algorithm to derive two strings of the same value in stages by using the key derivation algorithm in the embodiment of FIG. 2 Or different key data, one string is used as the message encryption key, and the other string is used as the message integrity check key.
  • REQ can use the key derivation algorithm to derive a string of key data in the manner of the embodiment of FIG.
  • the key data can be used as both a message encryption key and a message integrity check key, or the key data can be used as A part of the key data is used as the message encryption key, and the other part of the key data is used as the message integrity check key;
  • the key data, one string is used as the message encryption key, and the other string is used as the message integrity check key.
  • the embodiment of the present application also provides a method for determining the first authentication server and/or the second authentication server used in this authentication process by utilizing the information exchange between the AAC and the REQ:
  • AAC adds the identity ID AS_AAC of at least one authentication server trusted by AAC in AACInit of S201, then REQ can determine the identity ID AS_REQ of at least one authentication server trusted by itself according to the ID AS_AAC .
  • REQ selects at least one identification server from ID AS_AAC and is the identification of the identification server trusted by itself as ID AS_REQ , if the selection fails, then REQ uses the identification of at least one identification server trusted by itself as ID AS_REQ (wherein , select the success corresponding to the non-roaming situation, and select the failure corresponding to the roaming situation), add the ID AS_REQ to the REQInit of S203 and send it to the AAC.
  • AAC can determine the first authentication server according to ID AS_AAC and ID AS_REQ . For example, AAC can determine whether there is at least one identical authentication server identity in ID AS_REQ and ID AS_AAC . If there is, it is a non-roaming situation. In the identification of at least one authentication server mutually trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication server AS-AAC participating in identity authentication according to ID AS_AAC . AAC, and sends the ID AS_REQ to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID AS_REQ .
  • the AAC may not need to send the ID AS_AAC to the REQ, but the REQ adds the ID AS_REQ of at least one authentication server trusted by itself to the REQInit of S203 and sends it to the AAC.
  • the specific implementation of determining the first authentication server and/or the second authentication server participating in the identity authentication according to the ID AS_REQ and the identity ID AS_AAC of at least one authentication server trusted by the AAC itself is as in the previous embodiment.
  • the identity authentication method provided by the embodiment of the present application will be introduced in combination with the application scenarios of non-roaming and roaming: (1) in the case of non-roaming, the identity authentication method of REQ identity protection; (2) in the case of non-roaming, the identity authentication method of REQ and AAC (3) In the case of roaming, the identity authentication method of REQ identity protection; (4) In the case of roaming, the identity authentication method of REQ and AAC identity protection.
  • AS-AAC can be used to represent (of course, AS-REQ can also be used to represent) an authentication server jointly trusted by REQ and AAC.
  • AS-REQ can also be used to represent
  • the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation.
  • the identification method includes:
  • AAC generates Nonce AAC and KeyInfo AAC , and generates Security capabilities AAC as required.
  • the AAC sends a key request message AACInit to the REQ.
  • the AACInit includes Nonce AAC , KeyInfo AAC and Security capabilities AAC .
  • Security capabilities AAC is an optional field, indicating the security capability parameter information supported by AAC, including the identity authentication suite, symmetric encryption algorithm and/or key derivation algorithm supported by AAC (the same below).
  • REQ sends an identity ciphertext message REQInit to the AAC.
  • the REQInit includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , EncPub AS_REQ and Sig REQ .
  • the signature data of Sig REQ includes other fields before Sig REQ in REQInit, such as including Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ and EncPub AS_REQ ; Nonce AAC should be equal to the corresponding field in AACInit; encrypted data of EncPub AS_REQ Including ID REQ , Cert REQ , Nonce REQID and Nonce REQPub ;
  • Security capabilities REQ is an optional field, whether REQ generates Security capabilities REQ depends on whether the AACInit sent by AAC to REQ carries Security capabilities AAC .
  • Security capabilities REQ represents the selection of a specific security policy made by REQ according to the Security capabilities AAC , that is, the identity authentication method, symmetric encryption algorithm and/or key deriv
  • AAC receives REQInit, and performs the following operations, including:
  • the AAC sends a first authentication request message AACVeri to the AS-AAC.
  • the AACVeri includes EncPub AS_REQ , Nonce REQ , ID AAC , Nonce AAC and MIC AAC .
  • EncPub AS_REQ , Nonce REQ should be equal to the corresponding field in REQInit respectively;
  • ID AAC , Nonce AAC are the Nonce AAC that the ID AAC of AAC and AAC produce;
  • MIC AAC is that AAC utilizes the pre-shared key K with AS-AAC AAC_AS , the hash value obtained by using the hash algorithm agreed with AS-AAC to calculate the information including other fields before the MIC AAC in AACVeri.
  • AAC uses the K AAC_AS and adopts the hash algorithm to include EncPub AS_REQ , Nonce REQ , ID AAC and Nonce AAC The information is calculated to obtain MIC AAC .
  • AS-AAC After receiving the AACVeri, AS-AAC performs the following operations, including:
  • AS-AAC determines the pre-shared key K AAC_AS with AAC and a hash algorithm according to the ID AAC in AACVeri, uses the K AAC_AS and uses the hash algorithm to locally calculate the MIC for other fields before the MIC AAC in AACVeri AAC , and compare it with the received MIC AAC . If the same, the MIC AAC verification is passed, and AS-AAC determines that the AAC's identity authentication result is legal. If it is different, the MIC AAC verification fails.
  • the policy performs the following operations, including: discarding the AACVeri, or determining that the identity authentication result of the AAC is invalid, etc.
  • the AS-AAC sends the first authentication response message ASVeri to the AAC.
  • the ASVeri includes Nonce REQ , Pub AAC , Sig AS_AAC1 , ID AAC , Nonce AAC , and MIC AS_AAC .
  • ID REQ , Nonce REQ , ID AAC , and Nonce AAC should be equal to the corresponding fields in AACVeri respectively;
  • the signature data of Sig AS_AAC1 includes Nonce REQ , Pub AAC ;
  • MIC AS_AAC is that AS-AAC utilizes the K AAC_AS , adopts the hash algorithm agreed with the AAC pair including ID AAC , Nonce AAC and generated by the calculation of the information included.
  • AAC utilizes the K AAC_AS , adopts the hash algorithm agreed with AS-AAC to include ID AAC , Nonce AAC and The MIC AS_AAC is calculated locally and compared with the received MIC AS_AAC . If they are the same, the MIC AS_AAC verification is passed. If they are different, the MIC AS_AAC verification fails.
  • AAC sends a third authentication response message AACAuth to REQ.
  • the AACAuth includes Nonce AAC , Nonce REQ , EncData AAC and MacTag AAC .
  • Nonce REQ and Nonce AAC are optional fields and are respectively equal to Nonce REQ and Nonce AAC generated by AAC in REQInit.
  • EncData AAC 's encrypted data includes Nonce REQ , Pub AAC , Sig AS_AAC1 and ID AAC , and Nonce REQ , Pub AAC , Sig AS_AAC1 are derived from ASVeri, and ID AAC should be equal to AAC's own identity ID AAC .
  • the calculation process of the MacTag AAC is as follows: using the message integrity check key and the integrity check algorithm to calculate and generate the MacTag AAC for the information including other fields in AACAuth except the MacTag AAC .
  • REQ After receiving the AACAuth, REQ performs the following operations, including:
  • AACAuth carries Nonce REQ and/or Nonce AAC , check whether the Nonce REQ is the same as the Nonce REQ generated by REQ, and/or, check whether the Nonce AAC is the same as the Nonce AAC in AACInit;
  • the verification process is: use the message integrity check key and use the integrity check algorithm to calculate the MacTag AAC locally for the information including the other fields in AACAuth except the MacTag AAC (this calculation method is the same as the way AAC calculates the MacTag AAC . ) to compare the calculated MacTag AAC with the received MacTag AAC .
  • REQ sends a fourth authentication response message REQAuth to the AAC.
  • the REQAuth includes Nonce AAC , Nonce REQ , EncData REQ and MacTag REQ .
  • Nonce REQ and Nonce AAC are optional fields, and should be equal to Nonce REQ generated by REQ and Nonce AAC in AACInit respectively;
  • the encrypted data of EncData REQ includes Nonce REQPub .
  • the calculation process of the MacTag REQ is as follows: using the message integrity check key and the integrity check algorithm to calculate and generate the MacTag REQ for information including other fields in REQAuth except the MacTag REQ .
  • the AAC After receiving the REQAuth, the AAC performs the following operations, including:
  • Nonce REQ and/or Nonce AAC are carried in REQAuth, check whether the Nonce REQ is the same as the Nonce REQ in REQInit, and/or, check whether the Nonce AAC is the same as the Nonce AAC generated by AAC;
  • the verification process is: use the message integrity check key and use the integrity check algorithm to calculate the MacTag REQ locally for the information including other fields in REQAuth except the MacTag REQ (this calculation method is the same as the way REQ calculates the MacTag REQ . ) and compare the calculated MacTag REQ with the received MacTag REQ .
  • the identification of the AAC and the REQ is realized respectively, that is, the two-way identification of the REQ and the AAC is realized, and the identification ID REQ of the REQ, the digital certificate Cert REQ , the identification result, etc. are transmitted in cipher text throughout the process. , to realize the identity protection of REQ.
  • the operation of verifying Sig REQ in S313 can also be changed to be performed first in S307, where Sig REQ can be passed to AS-AAC through AACVeri of S306, then in S307, AS-AAC also uses Cert REQ Verify the Sig REQ , and perform subsequent operations after the verification is passed.
  • the AAC does not verify the Sig REQ in S313, and the Pub REQ may not include the Cert REQ in this case.
  • AS-AAC can be used to represent (of course, AS-REQ can also be used to represent) an authentication server jointly trusted by REQ and AAC.
  • AS-REQ can also be used to represent
  • the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation.
  • the identification method includes:
  • AAC generates Nonce AAC and KeyInfo AAC , and generates Security capabilities AAC as required.
  • the AAC sends a key request message AACInit to the REQ.
  • the AACInit includes Nonce AAC , KeyInfo AAC and Security capabilities AAC . Among them, Security capabilities AAC is an optional field.
  • REQ sends an identity ciphertext message REQInit to the AAC.
  • the REQInit includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , EncPub AS_REQ and Sig REQ .
  • EncPub AS_REQ is generated by REQ using the public key of the encryption certificate to encrypt the encrypted data including ID REQ , Cert REQ , Nonce REQPub and Nonce REQID ;
  • the signature data of Sig REQ includes other fields before Sig REQ in REQInit, For example, it includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , and EncPub AS_REQ ;
  • Security capabilities REQ is an optional field, and whether REQ generates Security capabilities REQ depends on whether the AACInit sent by AAC to REQ carries Security capabilities AAC .
  • the AAC After receiving REQInit, the AAC performs the following operations, including:
  • the AAC sends a first authentication request message AACVeri to the AS-AAC.
  • the AACVeri includes EncPub AS_REQ , Nonce REQ , EncPub AS_AAC , Nonce AAC and MIC AAC .
  • Nonce REQ shall be equal to the corresponding field in REQInit
  • Nonce AAC shall be equal to Nonce AAC generated by AAC .
  • EncPub AS_AAC is generated by AAC using the public key of the encryption certificate to encrypt information including ID AAC , Nonce AACID , Nonce AACPub ;
  • MIC AAC is AAC using the pre-shared key K AAC_AS with AS-AAC, using the same as AS-AAC
  • the hash value calculated by the agreed hash algorithm for other fields before the MIC AAC in AACVeri.
  • AS-AAC After receiving the AACVeri, AS-AAC performs the following operations, including:
  • AS-AAC determines the pre-shared key K AAC_AS with AAC and a hash algorithm according to ID AAC , and uses the K AAC_AS to calculate the MIC AAC locally for other fields before the MIC AAC in the AACVeri by using the hash algorithm , and compare it with the received MIC AAC . If they are the same, the MIC AAC verification is passed, and AS-AAC determines that the AAC's identity authentication result is legal. If they are different, the MIC AAC verification fails. Perform the following operations, including: discarding the AACVeri, or determining that the identity authentication result of the AAC is invalid, etc.
  • the AS-AAC sends the first authentication response message ASVeri to the AAC.
  • the ASVeri includes Nonce REQ , Sig AS_AAC1 , Nonce AAC , and MIC AS_AAC .
  • ID REQ , Nonce REQ , ID AAC , and Nonce AAC should be respectively equal to the corresponding fields in AACVeri.
  • the signature data of Sig AS_AAC1 includes Nonce REQ and MIC AS_AAC is an AS-AAC utilizing the K AAC_AS , using the hash algorithm agreed with AAC on pairs including Nonce AAC and generated by the calculation of the information included.
  • AAC utilizes the K AAC_AS and adopts the hash algorithm agreed with AS-AAC to include Nonce AAC and
  • the MIC AS_AAC is calculated locally with the information included, and it is compared with the received MIC AS_AAC . If it is the same, the MIC AS_AAC verification is passed, and if it is different, the MIC AS_AAC verification fails;
  • AAC sends a third authentication response message AACAuth to REQ.
  • the AACAuth includes Nonce AAC , Nonce REQ , EncData AAC and MacTag AAC .
  • Nonce REQ and Nonce AAC are optional fields, and should be equal to Nonce REQ and Nonce AAC generated by AAC in REQInit respectively.
  • EncData AAC 's encrypted data includes Nonce REQ , Sig AS_AAC1 , Nonce AACPub and ID AAC , where, Nonce REQ , Sig AS_AAC1 is derived from ASVeri; the calculation process of MacTag AAC is described in the embodiment of FIG. 3 .
  • REQ After receiving the AACAuth, REQ performs the following operations, including:
  • REQ sends a fourth authentication response message REQAuth to the AAC.
  • the REQAuth includes Nonce AAC , Nonce REQ , EncData REQ and MacTag REQ .
  • Nonce REQ and Nonce AAC are optional fields, and should be equal to Nonce REQ generated by REQ and Nonce AAC in AACInit respectively.
  • EncData REQ 's encrypted data includes Nonce REQPub .
  • the calculation process of MacTag REQ is described in relation to the embodiment of FIG. 3 .
  • AAC After receiving REQAuth, AAC performs the following operations, including:
  • REQAuth carries Nonce AAC and/or Nonce REQ , check whether Nonce AAC and Nonce AAC generated by AAC are the same, and/or, check whether Nonce REQ is the same as Nonce REQ in REQInit;
  • the identification of AAC and REQ is realized respectively, that is, the two-way identification of REQ and AAC is realized, and the identification ID REQ of REQ, the digital certificate Cert REQ , the identification result and the identification ID AAC of AAC are realized. , authentication results, etc. are transmitted in cipher text throughout the process to realize the identity protection of REQ and AAC.
  • verifying Sig REQ in S413 can also be changed to be performed first in S407, where Sig REQ can be passed to AS-AAC through AACVeri of S406, then in S407, AS-AAC also needs to verify Sig REQ , and then perform subsequent operations after the verification is passed; in this case, the AAC no longer verifies the Sig REQ in S413 , and the Pub REQ may not include the Cert REQ in this case.
  • the identification method includes:
  • AAC generates Nonce AAC and KeyInfo AAC , and generates Security capabilities AAC as required.
  • the AAC sends a key request message AACInit to the REQ.
  • the AACInit includes Nonce AAC , KeyInfo AAC , Security capabilities AAC and ID AS_AAC .
  • Security capabilities AAC and ID AS_AAC are optional fields
  • ID AS_AAC represents the identity of at least one authentication server trusted by AAC, which is used to make REQ determine whether there is a mutually trusted authentication server (the same below) according to ID AS_AAC .
  • the REQ After receiving the AACInit, the REQ performs the following operations, including:
  • REQ sends an identity ciphertext message REQInit to the AAC.
  • the REQInit includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , ID AS_REQ , EncPub AS_REQ and Sig REQ .
  • Nonce AAC should be equal to the corresponding field in AACInit;
  • the signature data of Sig REQ includes other fields before Sig REQ in REQInit, such as Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , ID AS_REQ and EncPub AS_REQ ; EncPub AS_REQ
  • the encrypted data includes ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
  • ID AS_REQ represents the identity of at least one authentication server trusted by REQ.
  • ID AS_AAC exists in AACInit
  • REQ tries to select at least one authentication server from its trusted authentication servers with ID AS_AAC The same authentication server is used as ID AS_REQ . If the selection fails, at least one authentication server trusted by itself is used as ID AS_REQ ; when ID AS_AAC does not exist in AACInit, REQ uses at least one authentication server trusted by itself as ID AS_REQ (the same below) .
  • the AAC After receiving REQInit, the AAC performs the following operations, including:
  • ID AS_REQ is carried in REQInit and the ID AS_AAC is carried in AACInit , then AAC judges whether ID AS_REQ and ID AS_AAC have at least one identical identification server identity. In the identity of an authentication server trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication server AS-AAC participating in identity authentication according to ID AS_AAC , and send the ID AS_REQ to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID AS_REQ ; or,
  • the AAC determines whether the ID AS_REQ and the authentication server trusted by the AAC have at least one identical ID of the authentication server. If so, it is a non-roaming situation. In the identity identifier of at least one authentication server trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication participating in identity authentication according to the authentication server trusted by itself.
  • the server AS-AAC sends the ID AS_REQ to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID AS_REQ ;
  • the result determined in this embodiment should be a roaming situation.
  • the AAC sends the first authentication request message AACVeri to the AS-AAC.
  • the AACVeri includes Nonce AAC , Nonce REQ , ID AS_REQ , EncPub AS_REQ , ID AAC and MIC AAC .
  • ID AS_REQ is an optional field
  • MIC AAC is calculated by AAC using the pre-shared key K AAC_AS with AS-AAC and using the hash algorithm agreed with AS-AAC to calculate the information including other fields before MIC AAC in AACVeri hash value of .
  • AS-AAC After receiving the AACVeri, AS-AAC performs the following operations, including:
  • AS-AAC determines the second authentication server AS-REQ according to ID AS_REQ ; if it does not exist, it means that AS-AAC has confirmed AS-REQ;
  • AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
  • the AS-AACVeri includes Nonce AAC , Nonce REQ , EncPub AS_REQ , ID AAC , Pub AAC and Sig AS_AAC2 .
  • Nonce AAC , Nonce REQ , EncPub AS_REQ , and ID AAC should be respectively equal to the corresponding fields in AACVeri; the signature data of Sig AS_AAC2 includes other fields before Sig AS_AAC2 in AS-AACVeri.
  • the AS-REQ sends the first decryption request message AS-REQReq to the CS-DEC.
  • the AS-REQReq includes EncPub AS_REQ .
  • CS-DEC decrypts EncPub AS_REQ by using the private key corresponding to the encrypted certificate to obtain ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
  • the CS-DEC sends the first decryption response message CS-DECRep to the AS-REQ.
  • the CS-DECRep includes ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
  • the AS-REQ After receiving the CS-DECRep, the AS-REQ performs the following operations, including:
  • the AS-REQ sends the second authentication response message AS-REQVeri to the AS-AAC.
  • the AS-REQVeri includes Nonce REQ , Pub AAC , Sig AS_REQ1 , ID AAC , Nonce AAC , and Sig AS_REQ3 .
  • ID REQ , Nonce REQID and Nonce REQPub should be respectively equal to the corresponding fields in CS-DECRep;
  • the signature data of Sig AS_REQ1 includes Nonce REQ , Pub AAC ;
  • the signature data of Sig AS_REQ3 includes ID AAC , Nonce AAC ,
  • AS-AAC receives the AS-REQVeri, it performs the following operations, including:
  • the AS-AAC sends the first authentication response message ASVeri to the AAC.
  • the ASVeri includes Nonce REQ , Pub AAC , Sig AS_REQ1 , ID AAC , Nonce AAC , and MIC AS_AAC .
  • Nonce REQ , Pub AAC , Sig AS_REQ1 , ID AAC , Nonce AAC Should be equal to the corresponding fields in AS-REQVeri respectively;
  • MIC AS_AAC is that AS-AAC utilizes the K AAC_AS , adopts the hash algorithm agreed with AAC to include ID AAC , Nonce AAC and The hash value calculated with the information included.
  • AAC sends a third authentication response message AACAuth to REQ.
  • the AACAuth includes Nonce AAC , Nonce REQ , EncData AAC and MacTag AAC .
  • Nonce REQ and Nonce AAC are optional fields, which should be respectively equal to Nonce REQ and Nonce AAC generated by AAC in REQInit;
  • EncData AAC is that AAC utilizes a message encryption key, and adopts a symmetric encryption algorithm to include
  • the encrypted data including Nonce REQ , Pub AAC , Sig AS_REQ1 and ID AAC are encrypted and generated; for the calculation process of MacTag AAC , refer to the related content of the embodiment in FIG. 3 .
  • REQ After receiving the AACAuth, REQ performs the following operations, including:
  • Verification process is referring to the relevant content of the embodiment of Fig. 3;
  • REQ sends a fourth authentication response message REQAuth to the AAC.
  • the REQAuth includes Nonce AAC , Nonce REQ , EncData REQ and MacTag REQ .
  • Nonce REQ and Nonce AAC are optional fields, should be equal to the Nonce AAC in the Nonce REQ and AACInit that REQ generates respectively;
  • the encrypted data of EncData REQ includes Nonce REQPub ;
  • the calculation process of MacTag REQ refers to the relevant content of the embodiment of Fig. 3.
  • AAC After receiving REQAuth, AAC performs the following operations, including:
  • Verification process is referring to the relevant content of the embodiment of Fig. 3;
  • the identity authentication of the AAC and the REQ is realized respectively in the case of roaming, that is, the bidirectional identity authentication of the REQ and the AAC is realized, and the authentication result of the REQ is transmitted in cipher text throughout the whole process to realize the identity protection of the REQ.
  • the operation of verifying Sig REQ in S521 can also be changed to be executed first in S513, wherein Sig REQ can be passed to AS-REQ through AACVeri of S506 and AS-AACVeri of S508, then in S513 , AS-REQ also uses Cert REQ to verify Sig REQ , and then performs subsequent operations after the verification is passed.
  • AS-REQ also uses Cert REQ to verify Sig REQ , and then performs subsequent operations after the verification is passed.
  • the AAC no longer verifies the Sig REQ in S521, and the Cert REQ may not be included in the Pub REQ at this time.
  • the second digital signature Sig AS_AAC2 in S507 and S508 can be replaced with the second message authentication code MIC AS_AAC2 , wherein MIC AS_AAC2 is that AS-AAC utilizes the pre-shared key with AS-REQ, adopts the pre-shared key with AS-REQ
  • the third digital signature Sig AS_REQ3 in S513 and S514 can be replaced with the third message authentication code MIC AS_REQ3 , wherein MIC AS_REQ3 is the hash algorithm agreed with AS-AAC by AS-REQ using the pre-shared key with AS-AAC For ID AAC , Nonce AAC , Nonce AAC in AS-REQVeri, The hash value calculated by the field inside; then in S515, the AS-AAC verification Sig AS_REQ3 is replaced by the verification MIC AS_REQ3 .
  • the identification method includes:
  • AAC generates Nonce AAC and KeyInfo AAC , and generates Security capabilities AAC as required.
  • the AAC sends a key request message AACInit to the REQ.
  • the AACInit includes Nonce AAC , KeyInfo AAC , Security capabilities AAC and ID AS_AAC . Among them, Security capabilities AAC and ID AS_AAC are optional fields.
  • REQ sends an identity ciphertext message REQInit to the AAC.
  • the REQInit includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , ID AS_REQ , EncPub AS_REQ and Sig REQ .
  • Nonce AAC should be equal to the corresponding field in AACInit;
  • Security capabilities REQ and ID AS_REQ are optional fields;
  • the encrypted data of EncPub AS_REQ includes ID REQ , Cert REQ , Nonce REQID and Nonce REQPub ;
  • the signature data of Sig REQ includes Sig in REQInit
  • Other fields before REQ include, for example, Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , ID AS_REQ and EncPub AS_REQ .
  • the AAC After receiving REQInit, the AAC performs the following operations, including:
  • the AAC sends a first authentication request message AACVeri to the AS-AAC.
  • the AACVeri includes REQInit, EncPub AS_AAC , Nonce AAC and MIC AAC .
  • EncPub AS_AAC is generated by AAC using the public key of the encryption certificate to encrypt information including ID AAC , Nonce AACID , Nonce AACPub ;
  • MIC AAC is AAC using the pre-shared key K AAC_AS with AS-AAC, using the same AS-AAC pre-shared key K AAC_AS.
  • the hash value calculated by the hash algorithm of the AAC convention for other fields before the MIC AAC in AACVeri.
  • the AS-AAC sends the second decryption request message AS-AACReq to the CS-DEC.
  • the AS-AACReq includes EncPub AS_AAC .
  • CS-DEC decrypts EncPub AS_AAC by using the private key corresponding to the encryption certificate to obtain ID AAC , Nonce AACPub and Nonce AACID .
  • the CS-DEC sends the second decryption response message CS-DECRep to the AS-AAC.
  • the CS-DECRep includes ID AAC , Nonce AACPub and Nonce AACID .
  • the AS-AAC After receiving the CS-DECRep, the AS-AAC performs the following operations, including:
  • AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
  • the AS-AACVeri includes REQInit, and Sig AS_AAC2 .
  • the signature data of Sig AS_AAC2 includes other fields before Sig AS_AAC2 in AS-AACVeri.
  • the AS-REQ After receiving the AS-AACVeri, the AS-REQ uses the public key of the AS-AAC to verify the Sig AS_AAC2 .
  • the AS-REQ sends the first decryption request message AS-REQReq to the CS-DEC.
  • the AS-REQReq includes EncPub AS_REQ .
  • CS-DEC decrypts EncPub AS_REQ by using the private key corresponding to the encrypted certificate to obtain ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
  • the CS-DEC sends the first decryption response message CS-DECRep to the AS-REQ.
  • the CS-DECRep includes ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
  • the AS-REQ After receiving the CS-DECRep, the AS-REQ performs the following operations, including:
  • the AS-REQ sends the second authentication response message AS-REQVeri to the AS-AAC.
  • the AS-REQVeri includes Nonce REQ , Sig AS_REQ1 , Nonce AAC , and Sig AS_REQ3 , where the signature data of Sig AS_REQ1 includes Nonce REQ and The signature data of Sig AS_REQ3 includes Nonce AAC and
  • the AS-AAC sends a first authentication response message ASVeri to the AAC.
  • the ASVeri includes Nonce REQ , Sig AS_REQ1 , Nonce AAC , and MIC AS_AAC .
  • Nonce REQ , Sig AS_REQ1 , Nonce AAC Should be equal to the corresponding fields in AS-REQVeri respectively;
  • MIC AS_AAC is that AS-AAC utilizes the K AAC_AS , adopts the hash algorithm agreed with AAC to include Nonce AAC and The hash value calculated with the information included.
  • AAC sends a third authentication response message AACAuth to REQ.
  • the AACAuth includes Nonce AAC , Nonce REQ , EncData AAC and MacTag AAC .
  • Nonce REQ and Nonce AAC are optional fields, and should be equal to the Nonce AAC generated by Nonce REQ and AAC in REQInit respectively;
  • EncData AAC is that AAC utilizes a message encryption key, and adopts a symmetric encryption algorithm to include Nonce REQ ,
  • the encrypted data including Nonce AACPub , Sig AS_REQ1 and ID AAC are encrypted and generated; the calculation method of MacTag AAC is described in the embodiment of FIG. 3 .
  • REQ After receiving the AACAuth, REQ performs the following operations, including:
  • AACAuth will be discarded immediately; after all the above checks and verifications are passed, the identity authentication result of AAC will be determined according to Res AAC in Pub AAC ; secondary identification process;
  • REQ sends a fourth authentication response message REQAuth to the AAC.
  • the REQAuth includes Nonce AAC , Nonce REQ , EncData REQ and MacTag REQ .
  • Nonce AAC and Nonce REQ are optional fields, and should be equal to the Nonce REQ generated by Nonce AAC and REQ in AACInit respectively;
  • the encrypted data of EncData REQ includes Nonce REQPub ;
  • the calculation process of MacTag REQ is described in relation to the embodiment as shown in Figure 3 .
  • AAC After receiving REQAuth, AAC performs the following operations, including:
  • the identity authentication of the AAC and the REQ in the case of roaming is realized respectively, that is, the bidirectional identity authentication of the REQ and the AAC is realized, and the authentication results of the REQ and AAC are transmitted in cipher text throughout the whole process, realizing the REQ and AAC. identity protection.
  • the second digital signature Sig AS_AAC2 in S610 and S611 can be replaced with the second message authentication code MIC AS_AAC2 , where MIC AS_AAC2 is the pre-shared key used by AS-AAC with AS-REQ, and the The hash algorithm agreed by REQ includes the hash value calculated by other fields before MIC AS_AAC2 in AS-AACVeri; then the AS-REQ verification Sig AS_AAC2 in S612 is replaced by the verification MIC AS_AAC2 .
  • the third digital signature Sig AS_REQ3 in S616 and S617 can be replaced with a third message authentication code MIC AS_REQ3 , wherein MIC AS_REQ3 is the hash algorithm agreed with AS-AAC by AS-REQ using the pre-shared key with AS-AAC For including AS-REQVeri in Nonce AAC and The hash value calculated by the field including the field; then in S618, the AS-AAC verification Sig AS_REQ3 is replaced by the verification MIC AS_REQ3 .
  • each message may also carry a hash value HASH X_Y , and the hash value HASH X_Y is calculated by the sender entity X of the message using the hash algorithm on the latest pre-order message sent by the peer entity Y received. obtained, which is used by the peer entity Y to verify whether the entity X has received the complete latest pre-order message.
  • HASH REQ_AAC represents the hash value calculated by REQ on the latest pre-order message sent by the received AAC
  • HASH AAC_REQ represents the hash value calculated by AAC on the latest pre-order message sent by the received REQ
  • HASH AAC_AS-AAC represents the hash value calculated by AAC on the received Hash value calculated by the latest pre-order message sent by the received AS-AAC
  • HASH AS-AAC_AAC represents the hash value calculated by AS-AAC for the latest pre-order message sent by the received AAC
  • HASH AS-AAC_AS-REQ represents the AS-AAC Hash value calculated for the latest pre-order message sent by AS-REQ received
  • HASH AS-REQ_AS-AAC indicates the hash value calculated by AS-REQ for the latest pre-order message sent by AS-AAC received.
  • HASH X_Y may not exist in the message or meaningless.
  • entity Y uses the hash algorithm to calculate the hash value locally for the latest pre-order message previously sent to entity X, and compares it with the hash value HASH X_Y carried in the received message. If they are consistent, Then execute the following steps, otherwise discard or end the current authentication process.
  • the pre-order message sent by the peer entity Y to the entity X refers to the received message M sent by the peer entity Y to the entity X before the entity X sends the message M to the peer entity Y.
  • the latest pre-order message sent by peer entity Y to entity X refers to the latest message sent by peer entity Y to entity X before entity X sends message M to peer entity Y. If the message M sent by entity X to its peer entity Y is the first message exchanged between entity X and entity Y, then there is no peer entity Y to the entity before entity X sends message M to its peer entity Y The preorder message sent by X.
  • an embodiment of the present application further provides a requesting device 700 , including:
  • the encryption module 710 is configured to use the public key of the encryption certificate to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device to generate a ciphertext of the first identity information, the ciphertext of the requesting device.
  • the identity information includes a digital certificate of the requesting device, and the first identity key includes a second key;
  • a sending module 720 configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the ciphertext of the first identity information;
  • a receiving module 730 configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication result information ciphertext.
  • the access controller uses a message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature; the first authentication result information includes the first authentication result information for the authentication access controller.
  • Verification result the first digital signature is a digital signature calculated and generated by a second authentication server trusted by the requesting device on the signature data including the first authentication result information;
  • a decryption module 740 configured to decrypt the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;
  • the verification module 750 is configured to use the public key of the second authentication server to verify the first digital signature. If the verification is passed, the determination module 760 determines the first digital signature according to the first verification result in the first authentication result information. The identity authentication result of the authentication access controller; when the determination module 760 determines that the identity authentication result of the authentication access controller is legal, the sending module 720 sends a fourth authentication response message to the authentication access controller; or ,
  • the verification module 750 is configured to use the public key of the second authentication server to verify the first digital signature. If the verification is passed, the sending module 720 sends a fourth authentication response message and a determination module to the authentication access controller. 760 Determine the identity authentication result of the authentication access controller according to the first verification result in the first authentication result information; or,
  • the verification module 750 is configured to use the public key of the second authentication server to verify the first digital signature; if the verification of the first digital signature is passed, the determination module 760 determines the first digital signature according to the first authentication result information.
  • a verification result determines the identity authentication result of the authentication access controller; the sending module 720 sends a fourth authentication response message to the authentication access controller;
  • the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by the encryption module 710 using a message encryption key to encrypt information including the second key.
  • the receiving module 730 is further configured to: receive a key request message sent by the authentication access controller, where the key request message includes the authentication access controller. key exchange parameters of the controller; the requesting device further includes:
  • a calculation module configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller , calculate the message encryption key by using a key derivation algorithm according to the information including the first key;
  • the identity ciphertext message also includes the key exchange parameter of the requesting device.
  • the key request message further includes a first random number generated by the authentication access controller; then the calculation module is specifically configured to: The message encryption key is calculated using information including the number and the second random number generated by the requesting device; correspondingly, the identity ciphertext message also includes the second random number.
  • the key request message further includes security capability parameter information supported by the authentication access controller; the determining module 760 is further configured to determine a specific security policy used by the requesting device according to the security capability parameter information ; then the identity ciphertext message also includes the specific security policy.
  • the key request message also includes the identity of at least one authentication server trusted by the authentication access controller; then the determining module 760 is further configured to identify at least one authentication server trusted by the authentication access controller.
  • the identity identifier of the server determines the identity identifier of at least one authentication server trusted by the requesting device; the identity ciphertext message also includes the identity identifier of at least one authentication server trusted by the requesting device.
  • the identity ciphertext message sent by the sending module 720 further includes the identity identifier of at least one authentication server trusted by the requesting device.
  • the identity information of the requesting device further includes the identity of the requesting device; the first identity key further includes a third key; then the first authentication response message also includes the requesting device The identity ciphertext of the requesting device; the identity ciphertext of the requesting device is generated by using the third key to encrypt the information including the identity of the requesting device;
  • the encrypted data of the ciphertext of the identity authentication result information in the third authentication response message also includes the ciphertext of the identity identification of the requesting device; the decryption module decrypts the ciphertext of the identity authentication result information and obtains the ciphertext of the requesting device. ID ciphertext;
  • the verification module 750 is further configured to encrypt the identity of the requesting device according to the identity of the requesting device and the third key. text to verify.
  • the third authentication response message received by the receiving module 730 also includes the first message integrity check code; before the determination module 760 determines the identity authentication result of the authentication access controller, the verification module 750 also uses The first message integrity check code is verified by using a message integrity check key; wherein, the message integrity check key and the message encryption key are generated in the same manner.
  • the fourth authentication response message sent by the sending module 720 further includes a second message integrity check code, where the second message integrity check code is the key pair used by the requesting device for message integrity check. Including the calculation and generation of other fields except the second message integrity check code in the fourth authentication response message; wherein, the message integrity check key and the message encryption key are generated in the same manner .
  • the first authentication result information is generated by encrypting the information including the first authentication result of the authentication access controller by using the fourth key;
  • the encrypted data of the ciphertext of the identity authentication result information also includes the fourth key;
  • the decryption module 740 decrypts the ciphertext of the identity authentication result information to obtain the fourth key, and the decryption module 740 is further configured to use the fourth key to decrypt the first authentication result information to obtain the first verification result.
  • the message sent by the requesting device to the authentication access controller further includes a hash value calculated by the requesting device on the received latest pre-order message sent by the authentication access controller.
  • an embodiment of the present application further provides an authentication access controller 800, including:
  • the receiving module 810 is configured to receive the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the first identity information ciphertext; the first identity information ciphertext is the public key pair of the encryption certificate used by the requesting device The information including the identity information of the requesting device and the first identity key of the requesting device is encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key including the second key;
  • a sending module 820 configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the ciphertext of the first identity information and the authentication access
  • the identity authentication code of the controller is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the pre-shared key with the first authentication server.
  • the cryptographic algorithm is generated by calculating the information including the ciphertext of the first identity information;
  • the receiving module 810 is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first digital signature of the second authentication server trusted by the requesting device , the second authentication result information ciphertext and the first message authentication code of the first authentication server; the first authentication result information includes the first authentication result for the authentication access controller, the first number
  • the signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result information.
  • the information including the result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code of the first authentication server.
  • the authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;
  • a verification module 830 configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting a cryptographic algorithm agreed with the first authentication server;
  • the sending module 820 is further configured to send a third authentication response message to the requesting device if the verification is passed, where the third authentication response message includes the ciphertext of the identity authentication result information, and the ciphertext of the identity authentication result information is the
  • the authentication access controller encrypts and generates encrypted data including the first authentication result information and the first digital signature by using a message encryption key;
  • the receiving module 810 is further configured to receive a fourth authentication response message sent by the requesting device, where the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is encrypted by using the message.
  • the key pair is generated by encrypting the information including the second key;
  • the decryption module 840 is configured to use the message encryption key to decrypt the second key ciphertext to obtain a second key, and use the second key to decrypt the second authentication result information ciphertext to obtain a second key. Identification result information;
  • the determining module 850 is configured to determine the identity authentication result of the requesting device according to the second verification result in the second authentication result information.
  • the sending module 820 is further configured to: send a key request message to the requesting device, where the key request message includes the key for authenticating the access controller exchange parameters; then the identity ciphertext message also includes the key exchange parameters of the requesting device; the authentication access controller further includes:
  • a calculation module configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device , and calculate the message encryption key by using a key derivation algorithm according to the information including the first key.
  • the key request message further includes a first random number generated by the authentication access controller; correspondingly, the identity ciphertext message further includes a second random number generated by the requesting device;
  • the calculation module is specifically configured to calculate the message encryption key according to information including the first key, the first random number and the second random number.
  • the identity ciphertext message further includes the first random number; before the computing module calculates the message encryption key, the verification module 830 is further configured to verify the first random number in the identity ciphertext message. The consistency of a random number and the first random number generated by the authentication access controller is verified.
  • the key request message further includes an identity identifier of at least one authentication server trusted by the authentication access controller; correspondingly, the identity ciphertext message also includes at least one authentication server trusted by the requesting device.
  • the identity identifier of the authentication server; the determining module 850 is further configured to determine the identity identifier of at least one authentication server trusted by the requesting device in the identity ciphertext message and the authentication access controller trusted by the authentication access controller in the key request message.
  • the identity identifier of at least one authentication server determines the first authentication server.
  • the identity ciphertext message also includes the identity of the at least one authentication server trusted by the requesting device; the determining module 850 is further configured to determine the identity of the at least one authentication server trusted by the requesting device and the identity of the at least one authentication server trusted by the requesting device. Identify the identity of the authentication server trusted by the access controller, and determine the first authentication server.
  • the first authentication request message further includes the identity of the authentication access controller and/or the first random number generated by the authentication access controller; correspondingly, the first authentication response The message also includes the identity identifier of the authentication access controller and/or the first random number; before the sending module 820 sends the third authentication response message, the verification module 830 is further configured to respond to the first authentication response message Verify the consistency of the identity of the authentication access controller and the identity of the authentication access controller itself in the authentication access controller; and/or, to the first random number in the first authentication response message The consistency with the first random number generated by the authentication access controller is verified.
  • the first authentication request message further includes a ciphertext of second identity information, where the ciphertext of the second identity information is the authentication access controller using an encrypted certificate to pair the authentication access controller with the ciphertext.
  • the identity identifier and the information including the second identity key for identifying the access controller are encrypted and generated, and the second identity key includes a fourth key and a fifth key;
  • the first authentication response message further includes the identity ciphertext of the authentication access controller; the first authentication result information includes the authentication access controller using the fourth key pair.
  • the information including the first verification result of the authentication access controller is encrypted and generated; the ciphertext of the identity identification of the authentication access controller is to use the fifth key to encrypt the information including the identification of the authentication access controller.
  • the verification module 830 is further configured to: verify the ciphertext of the identity identification of the identification access controller according to the identification of the identification access controller itself and the fifth key; if the verification is passed, the sending module 820 Then, send a third authentication response message to the requesting device; wherein, the encrypted data of the ciphertext of the identity authentication result information in the third authentication response message further includes the fourth key.
  • the third authentication response message sent by the sending module 820 further includes a first message integrity check code
  • the first message integrity check code is the message integrity used by the authentication access controller.
  • the verification key pair includes the calculation and generation of other fields in the third authentication response message except the first message integrity verification code; wherein, the message integrity verification key is the same as the message encryption key. The keys are generated in the same way.
  • the fourth authentication response message received by the receiving module 810 also includes a second message integrity check code; then before the determination module 850 determines the identity authentication result of the requesting device, the verification module 830 is also used for The second message integrity check code is verified using a message integrity check key; wherein the message integrity check key and the message encryption key are generated in the same manner.
  • the determining module 850 is further configured to: determine the digital signature of the requesting device. Whether the verification is passed, if it is determined that the digital signature verification of the requesting device is passed, then the identity authentication result of the requesting device is determined according to the second verification result in the second authentication result information.
  • the determining module 850 determines whether the digital signature of the requesting device passes the verification in the following manner:
  • the second authentication server verifies the digital signature of the requesting device by using the digital certificate of the requesting device. If the receiving module 810 receives the first authentication response message, the determining module 850 determines the digital signature of the requesting device. The signature has been verified; or,
  • the verification module 830 uses the digital certificate of the requesting device to verify the digital signature of the requesting device, and the determining module 850 determines according to the verification result Whether the digital signature of the requesting device is verified.
  • the message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the requesting device; the authentication The message sent by the access controller to the first authentication server further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the first authentication server.
  • an embodiment of the present application further provides a first authentication server 900, including:
  • the receiving module 910 is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the identity authentication code of the authentication access controller, the The first identity information ciphertext is generated by the requesting device by encrypting the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate, and the identity information of the requesting device is generated. It includes the digital certificate of the requesting device, the first identity key includes a second key, and the authentication code of the authentication access controller is the authentication code that the authentication access controller uses with the first authentication server. a pre-shared key, which is calculated and generated from the information including the ciphertext of the first identity information by using the cryptographic algorithm agreed with the first authentication server;
  • a sending module 920 configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information and a first digital signature of a second authentication server trusted by the requesting device , the second authentication result information ciphertext and the first message authentication code of the first authentication server; the first authentication result information includes the first authentication result for the authentication access controller, the first number
  • the signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result information.
  • the information including the result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code of the first authentication server.
  • the authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information.
  • the first authentication server 900 further includes:
  • the first verification module is used to verify the identity authentication code of the authentication access controller to obtain a first verification result, and decrypt the ciphertext of the first identity information by using the private key corresponding to the encryption certificate to obtain the digital code of the requesting device. the certificate and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;
  • the first generation module is configured to generate the first identification result information according to the information including the first verification result, generate the second identification result information according to the information including the second verification result, and use the
  • the second key encrypts the information including the second authentication result information to generate the ciphertext of the second authentication result information, calculates the signature data including the first authentication result information to generate the first digital signature, and generates the first digital signature for the information including the first authentication result information.
  • the information including the ciphertext of the second authentication result information is calculated to generate the first message authentication code of the first authentication server;
  • the second generating module is configured to, based on information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the first message authentication code of the first authentication server The first authentication response message is generated.
  • the first authentication server 900 further includes:
  • a second verification module configured to verify the identity authentication code of the authentication access controller to obtain a first verification result
  • a third generating module configured to generate the first authentication result information according to the information including the first verification result, and sign the first authentication result information and the ciphertext of the first identity information.
  • the sending module is further configured to send a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second authentication request message.
  • the digital signature or the second authentication request message includes the first authentication result information, the ciphertext of the first identity information, and the second message authentication code;
  • the receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information
  • the ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the third message authentication code; wherein the first authentication result information
  • the digital signature is calculated and generated by the second authentication server on the signature data including the first authentication result information
  • the third digital signature is the encryption of the second authentication result information including the second authentication result information by the second authentication server.
  • the signature data including the text is calculated and generated or the third message authentication code is generated by the second authentication server on the information including the cipher text of the second authentication result information;
  • a third verification module configured to use the public key of the second authentication server to verify the third digital signature or to verify the third message authentication code using the pre-shared key with the second authentication server;
  • the fourth generation module is used to calculate and generate the first message authentication code of the first authentication server for the information including the ciphertext of the second authentication result information, if the verification is passed, according to the information including the first authentication result Information including the information, the first digital signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server generates the first authentication response message.
  • the message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the authentication access controller.
  • the message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server for the latest pre-order message sent by the second authentication server received.
  • an embodiment of the present application further provides a second authentication server 1000, including:
  • the receiving module 1010 is configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature or the second authentication request message.
  • the authentication request message includes the first authentication result information, the ciphertext of the first identity information, and the second message authentication code; wherein, the ciphertext of the first identity information is the request device using the public key of the encryption certificate to include the request device's ciphertext.
  • the identity information and the information including the first identity key of the requesting device are encrypted and generated, the identity information of the requesting device includes the digital certificate of the requesting device, and the first identity key includes the second key;
  • the second digital signature is calculated and generated by the first authentication server on the signature data including the first authentication result information and the ciphertext of the first identity information, or the second message authentication code is the The first authentication server calculates and generates the information including the first authentication result information and the ciphertext of the first identity information;
  • a verification module 1020 configured to verify the second digital signature by using the public key of the first authentication server or verify the second message authentication code by using the pre-shared key with the first authentication server, if the verification is passed, Then use the private key corresponding to the encryption certificate to decrypt the ciphertext of the first identity information to obtain the digital certificate of the requesting device and the second key, and verify the validity of the digital certificate of the requesting device to obtain the second verification result. ;
  • a generating module 1030 configured to generate the second authentication result information according to the information including the second verification result, and use the second key to encrypt the information including the second authentication result information to generate the second authentication
  • the result information ciphertext, the signature data including the first authentication result information is calculated to generate a first digital signature, and the signature data including the second authentication result information ciphertext is calculated to generate a third digital signature or a pair of signatures.
  • Information including the second authentication result information ciphertext is calculated to generate a third message authentication code;
  • a sending module 1040 configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication
  • the result information ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the second authentication result information ciphertext and the third authentication result information. message authentication code.
  • the message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest pre-order message sent by the first authentication server.
  • an embodiment of the present application further provides a requesting device REQ, including:
  • the processor 1102 is configured to call the program instructions stored in the memory 1101, and execute according to the obtained program to realize the steps of REQ execution in the foregoing embodiment.
  • the requesting device may implement the corresponding processes implemented by REQ in each method of the embodiments of the present application, which will not be repeated here for brevity.
  • an embodiment of the present application further provides an authentication access controller AAC, including:
  • the processor 1202 is configured to call the program instructions stored in the memory 1201, and execute the program according to the obtained program, so as to realize the steps performed by the AAC in the foregoing embodiment.
  • the authentication access controller may implement the corresponding processes implemented by the AAC in the various methods in the embodiments of the present application, which will not be repeated here for brevity.
  • an embodiment of the present application further provides a first authentication server AS-AAC, including:
  • memory 1301 for storing program instructions
  • the processor 1302 is configured to call the program instructions stored in the memory 1301, and execute according to the obtained program to realize the steps performed by the AS-AAC in the foregoing embodiment.
  • the first authentication server may implement the corresponding processes implemented by the AS-AAC in each method in the embodiments of the present application, and for brevity, details are not described herein again.
  • an embodiment of the present application further provides a second authentication server AS-REQ, including:
  • memory 1401 for storing program instructions
  • the processor 1402 is configured to call the program instructions stored in the memory 1401, and execute according to the obtained program to realize the steps performed by the AS-REQ in the above-mentioned embodiment.
  • the second authentication server may implement the corresponding processes implemented by the AS-REQ in each method in the embodiments of the present application, which will not be repeated here for brevity.
  • the aforementioned program may be stored in a computer-readable storage medium, and when the program is executed, the execution includes the above The steps of the method embodiment; and the aforementioned storage medium may be at least one of the following media: read-only memory (English: Read-Only Memory, abbreviation: ROM), RAM, magnetic disk or optical disk and other various programs that can store programs medium of code.
  • ROM Read-Only Memory
  • each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. place.
  • the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts.
  • the device and system embodiments described above are only schematic, wherein the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed in the present application is an identity authentication method and apparatus. The method comprises: an authentication access controller (AAC) receives an identity ciphertext message sent by a requesting device REQ, the identity ciphertext message comprising a first identity information ciphertext generated by encrypting, by the REQ, information comprising identity information of and a first identity key of the REQ by using a public key of an encryption certificate; the AAC sends, to a first authentication server, a first authentication request message comprising the first identity information ciphertext and an identity authentication code of the AAC; the first authentication server verifies AAC identity legitimacy according to the identity authentication code of the AAC to generate first authentication result information; a second authentication server verifies REQ identity legitimacy according to a digital certificate of the REQ to generate second authentication result information; the REQ and the AAC respectively obtain the authentication result information of peer ends to implement bidirectional identity authentication. Moreover, entity sensitive information is transmitted in the form of a ciphertext to ensure entity security.

Description

一种身份鉴别方法和装置A kind of identity authentication method and device
相关申请的交叉引用CROSS-REFERENCE TO RELATED APPLICATIONS
本申请要求在2020年12月26日提交中国专利局、申请号为202011569210.4、申请名称为“一种身份鉴别方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202011569210.4 and the application title "An identity authentication method and device" filed with the China Patent Office on December 26, 2020, the entire contents of which are incorporated into this application by reference .
技术领域technical field
本申请涉及网络通信安全技术领域,特别是涉及一种身份鉴别方法和装置。The present application relates to the technical field of network communication security, and in particular, to an identity authentication method and device.
背景技术Background technique
目前,通信网络通常要求在用户和网络接入点之间执行双向身份鉴别,确保合法用户访问合法网络,在已有的实体鉴别方案中,实体的身份要么统一采用数字证书,要么实体之间采用预共享密钥的形式,但在实际应用中某些场景下,面临一端采用数字证书作为身份凭证、另一端采用预共享密钥作为身份凭证的情况,这对实体身份鉴别机制提出了挑战。At present, communication networks usually require two-way identity authentication between users and network access points to ensure that legitimate users can access legitimate networks. The form of pre-shared key, but in some scenarios in practical applications, one end uses a digital certificate as an identity credential, and the other end uses a pre-shared key as an identity credential, which poses a challenge to the entity identity authentication mechanism.
另外,在身份鉴别过程中,直接暴露实体的身份信息,而某些时候,实体的身份信息包含了实体的若干私密或敏感信息,譬如身份证号、家庭住址、银行卡信息等,若被攻击者截获继而被其利用从事非法活动,后果将不堪设想,如何在不暴露身份敏感信息的前提下完成实体身份鉴别成为当务之急。In addition, in the process of identity authentication, the identity information of the entity is directly exposed, and sometimes, the identity information of the entity contains some private or sensitive information of the entity, such as ID number, home address, bank card information, etc. If someone intercepted and then used it to engage in illegal activities, the consequences would be unimaginable. How to complete entity identification without exposing sensitive identity information has become a top priority.
发明内容SUMMARY OF THE INVENTION
为了解决上述技术问题,本申请提供了一种身份鉴别方法和装置,能够实现在请求设备采用数字证书、鉴别接入控制器采用预共享密钥作为身份凭证的情况下实体双向身份鉴别以及实体的身份保护。In order to solve the above-mentioned technical problems, the present application provides an identity authentication method and device, which can realize the two-way identity authentication of the entity and the identification of the entity in the case that the requesting device adopts a digital certificate and the authentication access controller adopts a pre-shared key as the identity credential. Identity protection.
有鉴于此,本申请第一方面提供了一种身份鉴别方法,包括:In view of this, the first aspect of the present application provides an identity authentication method, including:
鉴别接入控制器接收请求设备发送的身份密文消息,所述身份密文消息包括第一身份信息密文;所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的;所述请求设备的身份信息包括所述请求设备的数字证书;所述第一身份密钥包括第二密钥;The authentication access controller receives the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the first identity information ciphertext; the first identity information ciphertext is the public key pair of the encryption certificate used by the requesting device, including The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;
所述鉴别接入控制器向其信任的第一鉴别服务器发送第一鉴别请求消息,所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码;所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的;The authentication access controller sends a first authentication request message to its trusted first authentication server, where the first authentication request message includes the ciphertext of the first identity information and the identity authentication of the authentication access controller The identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server, and adopts the cryptographic algorithm agreed with the first authentication server to pair all data including It is calculated and generated from the information including the ciphertext of the first identity information;
所述鉴别接入控制器接收所述第一鉴别服务器发送的第一鉴别响应消息,所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名,所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的,所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果,所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥,采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的;The authentication access controller receives a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information The digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information. The information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server. An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;
所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码,若验证通过,向所述请求设备发送第三鉴别响应消息,所述第三鉴别响应消息中包括身份鉴别结果信息密文,所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的;The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , send a third authentication response message to the requesting device, the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller using a message encryption key Generated by encrypting the encrypted data including the first authentication result information and the first digital signature;
所述请求设备利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名;The requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key to obtain the first authentication result information and the first digital signature;
所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则所述请求设备根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;当所述请求设备确定所述鉴别接入控制器的身份鉴别结果为合法时,向所述鉴别接入控制器发送第四鉴别响应消息;或者,The requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device determines the first digital signature according to the first verification result in the first authentication result information. The identity authentication result of the authentication access controller; when the requesting device determines that the identity authentication result of the authentication access controller is legal, it sends a fourth authentication response message to the authentication access controller; or,
所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则所述请求设备向所述鉴别接入控制器发送第四鉴别响应消息以及根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;或者,The requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device sends a fourth authentication response message to the authentication access controller and sends a fourth authentication response message to the authentication access controller. The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,
所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证;若所述第一数字签名验证通过,则所述请求设备根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;所述请求设备向所述鉴别接入控制器发送第四鉴别响应消息;The requesting device verifies the first digital signature by using the public key of the second authentication server; if the verification of the first digital signature passes, the requesting device verifies the first digital signature according to the first authentication result information. A verification result determines the identity authentication result of the authentication access controller; the requesting device sends a fourth authentication response message to the authentication access controller;
其中,所述第四鉴别响应消息包括第二密钥密文,所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的;Wherein, the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by encrypting information including the second key by using the message encryption key;
所述鉴别接入控制器接收到所述第四鉴别响应消息后,利用所述消息加密密钥解密所述第二密钥密文得到第二密钥,利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息,根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。After receiving the fourth authentication response message, the authentication access controller decrypts the second key ciphertext by using the message encryption key to obtain a second key, and uses the second key to encrypt the second key. The ciphertext of the second authentication result information is decrypted to obtain second authentication result information, and the identity authentication result of the requesting device is determined according to the second verification result in the second authentication result information.
本申请第二方面提供了一种请求设备,包括:A second aspect of the present application provides a requesting device, including:
加密模块,用于利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成第一身份信息密文,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥;An encryption module, configured to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate to generate a ciphertext of the first identity information, the identity of the requesting device the information includes a digital certificate for the requesting device, and the first identity key includes a second key;
发送模块,用于向鉴别接入控制器发送身份密文消息,所述身份密文消息包括所述第一身份信息密文;a sending module, configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the first identity information ciphertext;
接收模块,用于接收所述鉴别接入控制器发送的第三鉴别响应消息,所述第三鉴别响应消息中包括身份鉴别结果信息密文,所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和第一数字签名在内的加密数据加密生成的;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述请求设备信任的第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名;The receiving module is configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller. The incoming controller encrypts the encrypted data including the first authentication result information and the first digital signature by using the message encryption key; the first authentication result information includes the first verification of the authentication access controller. As a result, the first digital signature is a digital signature calculated and generated by the second authentication server trusted by the requesting device on the signature data including the first authentication result information;
解密模块,用于利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名;A decryption module for decrypting the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;
验证模块,用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;当所述确定模块确定所述鉴别接入控制器的身份鉴别结果为合法时,所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息;或者,A verification module, configured to use the public key of the second authentication server to verify the first digital signature, and if the verification is passed, the determination module determines the authentication according to the first verification result in the first authentication result information The identity authentication result of the access controller; when the determining module determines that the identity authentication result of the authentication access controller is valid, the sending module sends a fourth authentication response message to the authentication access controller; or ,
用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息以及确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;或者,For using the public key of the second authentication server to verify the first digital signature, if the verification is passed, the sending module sends a fourth authentication response message to the authentication access controller and the determination module is based on the The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,
用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证;若所述第一数字签名验证通过,则确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息;for verifying the first digital signature by using the public key of the second authentication server; if the first digital signature is verified, the determination module determines according to the first verification result in the first authentication result information the identity authentication result of the authentication access controller; the sending module sends a fourth authentication response message to the authentication access controller;
其中,所述第四鉴别响应消息包括第二密钥密文,所述第二密钥密文是所述加密模块利用消息加密密钥对包括所述第二密钥在内的信息加密生成的。Wherein, the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by the encryption module using a message encryption key to encrypt information including the second key .
本申请第三方面提供了一种鉴别接入控制器,包括:A third aspect of the present application provides an authentication access controller, including:
接收模块,用于接收请求设备发送的身份密文消息,所述身份密文消息包括第一身份信息密文;所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的;所述请求设备的身份信息包括所述请求设备的数字证书;所述第一身份密钥包括第二密钥;A receiving module, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes a first identity information ciphertext; the first identity information ciphertext is a public key pair that the requesting device utilizes an encryption certificate to include: The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;
发送模块,用于向所述鉴别接入控制器信任的第一鉴别服务器发送第一鉴别请求消息,所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码;所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的;A sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the authentication access control The identity authentication code of the authentication access controller; the authentication access controller's identity authentication code is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the password agreed with the first authentication server. The algorithm calculates and generates the information including the ciphertext of the first identity information;
所述接收模块还用于接收所述第一鉴别服务器发送的第一鉴别响应消息,所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名,所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的,所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果,所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥,采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的;The receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information The digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information. The information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server. An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;
验证模块,用于利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码;a verification module, configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting a cryptographic algorithm agreed with the first authentication server;
所述发送模块,还用于若验证通过,向所述请求设备发送第三鉴别响应消息,所述第三鉴别响应消 息中包括身份鉴别结果信息密文,所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的;The sending module is further configured to send a third authentication response message to the requesting device if the verification is passed, where the third authentication response message includes the ciphertext of the identity authentication result information, and the ciphertext of the identity authentication result information is the The authentication access controller uses a message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature;
所述接收模块,还用于接收所述请求设备发送的第四鉴别响应消息,所述第四鉴别响应消息包括第二密钥密文,所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的;The receiving module is further configured to receive a fourth authentication response message sent by the requesting device, where the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is encrypted by using the message The key is generated by encrypting the information including the second key;
解密模块,用于利用所述消息加密密钥解密所述第二密钥密文得到第二密钥,利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息;A decryption module, configured to decrypt the second key ciphertext by using the message encryption key to obtain a second key, and use the second key to decrypt the second authentication result information ciphertext to obtain a second authentication result information;
确定模块,用于根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。A determination module, configured to determine the identity authentication result of the requesting device according to the second verification result in the second authentication result information.
本申请第四方面提供了一种第一鉴别服务器,包括:A fourth aspect of the present application provides a first authentication server, including:
接收模块,用于接收鉴别接入控制器发送的第一鉴别请求消息,所述第一鉴别请求消息中包括第一身份信息密文和所述鉴别接入控制器的身份鉴别码,所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥,所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的;The receiving module is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the identity authentication code of the authentication access controller, the first authentication request message An identity information ciphertext is generated by the requesting device by encrypting the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate, and the identity information of the requesting device includes The digital certificate of the requesting device, the first identity key includes a second key, and the identity authentication code of the authentication access controller is the authentication access controller using the pre-preset with the first authentication server. a shared key, which is calculated and generated from the information including the ciphertext of the first identity information by using the cryptographic algorithm agreed with the first authentication server;
发送模块,用于向所述鉴别接入控制器发送第一鉴别响应消息,所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名,所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的,所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果,所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥,采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的。A sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, the first digital signature of the second authentication server trusted by the requesting device, The ciphertext of the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result The information including the information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code. The server uses the pre-shared key with the authentication access controller, and uses the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information.
本申请第五方面提供了一种第二鉴别服务器,包括:A fifth aspect of the present application provides a second authentication server, including:
接收模块,用于接收第一鉴别服务器发送的第二鉴别请求消息,所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二数字签名或所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二消息鉴别码;其中,所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥;所述第二数字签名是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成的或所述第二消息鉴别码是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成的;A receiving module, configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature or the second authentication The request message includes the first authentication result information, the ciphertext of the first identity information and the second message authentication code; wherein, the ciphertext of the first identity information is the identity of the requesting device that is used by the requesting device using the public key of the encryption certificate information and information including the first identity key of the requesting device are encrypted and generated, the identity information of the requesting device includes the digital certificate of the requesting device, and the first identity key includes the second key; the The second digital signature is calculated and generated by the first authentication server on the signature data including the first authentication result information and the ciphertext of the first identity information, or the second message authentication code is the first authentication code. An authentication server calculates and generates the information including the first authentication result information and the ciphertext of the first identity information;
验证模块,用于利用所述第一鉴别服务器的公钥验证所述第二数字签名或利用与所述第一鉴别服务器的预共享密钥验证所述第二消息鉴别码,若验证通过,则利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥,对所述请求设备的数字证书进行合法性验证得到第二验证结果;A verification module, configured to verify the second digital signature using the public key of the first verification server or verify the second message verification code using the pre-shared key with the first verification server, if the verification is passed, then Decrypt the ciphertext of the first identity information with the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;
生成模块,用于根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息,利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文,对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名,对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名或对包括所述第二鉴别结果信息密文在内的信息计算生成第三消息鉴别码;A generating module, configured to generate the second authentication result information according to the information including the second authentication result, and use the second key to encrypt the information including the second authentication result information to generate the second authentication result Information ciphertext, calculating the signature data including the first authentication result information to generate a first digital signature, calculating the signature data including the second authentication result information ciphertext to generate a third digital signature or The information including the ciphertext of the second authentication result information is calculated to generate a third message authentication code;
发送模块,用于向所述第一鉴别服务器发送的第二鉴别响应消息,所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三消息鉴别码。A sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result The ciphertext of the information and the third digital signature or the second authentication response message includes the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the third message Authentication code.
本申请第六方面提供了一种请求设备,包括:A sixth aspect of the present application provides a requesting device, including:
存储器,用于存储程序指令;memory for storing program instructions;
处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行上述第一方面中请求设备侧的方法。The processor is configured to call the program instructions stored in the memory, and execute the method on the requesting device side in the first aspect according to the obtained program.
本申请第七方面提供了一种鉴别接入控制器,包括:A seventh aspect of the present application provides an authentication access controller, including:
存储器,用于存储程序指令;memory for storing program instructions;
处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行上述第一方面中鉴别接入控制器侧的方法。The processor is configured to call the program instructions stored in the memory, and execute the method for identifying the access controller side in the first aspect according to the obtained program.
本申请第八方面提供了一种第一鉴别服务器,包括:An eighth aspect of the present application provides a first authentication server, including:
存储器,用于存储程序指令;memory for storing program instructions;
处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行上述第一方面中第一鉴别服务器侧的方法。The processor is configured to call the program instructions stored in the memory, and execute the method on the first authentication server side in the first aspect according to the obtained program.
本申请第九方面提供了一种第二鉴别服务器,包括:A ninth aspect of the present application provides a second authentication server, including:
存储器,用于存储程序指令;memory for storing program instructions;
处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行上述第一方面中第二鉴别服务器侧的方法。The processor is configured to call the program instructions stored in the memory, and execute the method on the second authentication server side in the first aspect according to the obtained program.
本申请第十方面提供了一种计算机存储介质,所述计算机存储介质存储有计算机可执行指令,所述计算机可执行指令用于使所述计算机执行上述第一方面所述的方法。A tenth aspect of the present application provides a computer storage medium, where the computer storage medium stores computer-executable instructions, where the computer-executable instructions are used to cause the computer to execute the method described in the first aspect.
由上可知:在本申请提供的一种身份鉴别方法中,请求设备采用数字证书作为其身份凭证,鉴别接入控制器采用预共享密钥作为其身份凭证,在身份鉴别过程中,请求设备先向鉴别接入控制器发送身份密文消息,该身份密文消息中包括第一身份信息密文,即请求设备利用加密证书的公钥对包括请求设备的身份信息和请求设备的第一身份密钥在内的信息加密生成的密文,其中,请求设备的身份信息包括其数字证书,第一身份密钥包括第二密钥,鉴别接入控制器利用与其信任的第一鉴别服务器的预共享密钥和约定的密码算法对包括第一身份信息密文在内的信息计算生成鉴别接入控制器的身份鉴别码,并向第一鉴别服务器发送携带有第一身份信息密文和鉴别接入控制器的身份鉴别码的第一鉴别请求消息,由请求设备信任的第二鉴别服务器对请求设备的数字证书的合法性进行验证,由所述第一鉴别服务器对鉴别接入控制器的身份鉴别码进行验证,完成验证后,第一鉴别服务器向鉴别接入控制器发送第一鉴别响应消息,第一鉴别响应消息中包括第一鉴别结果信息、第二鉴别服务器的第一数字签名、第二鉴别结果信息密文及第一鉴别服务器的第一消息鉴别码,然后鉴别接入控制器利用与第一鉴别服务器的预共享密钥和约定的密码算法验证第一鉴别服务器的第一消息鉴别码,验证通过后,向请求设备发送携带身份鉴别结果信息密文的第三鉴别响应消息,请求设备利用消息加密密钥解密身份鉴别结果信息密文得到第一鉴别结果信息,并从中获得鉴别接入控制器的验证结果,当确定鉴别接入控制器身份合法时,向鉴别接入控制器发送包括第二密钥密文的第四鉴别响应消息,鉴别接入控制器利用消息加密密钥解密第二密钥密文得到第二密钥,利用第二密钥对第二鉴别结果信息密文解密得到第二鉴别结果信息,从第二鉴别结果信息中获取请求设备的验证结果,从而实现请求设备和鉴别接入控制器的双向身份鉴别,为保证只有合法用户才能访问合法网络奠定基础。并且,实体的身份信息和/或身份鉴别结果信息以密文形式传输,保障私密信息在传输过程中的安全性,实现实体的身份保护。It can be seen from the above: in an identity authentication method provided by this application, the requesting device uses a digital certificate as its identity credential, and the authentication access controller uses a pre-shared key as its identity credential. Send an identity ciphertext message to the authentication access controller, the identity ciphertext message includes the first identity information ciphertext, that is, the requesting device uses the public key of the encryption certificate to pair the identity information of the requesting device and the first identity secret of the requesting device. The ciphertext generated by the encryption of the information including the key, wherein the identity information of the requesting device includes its digital certificate, the first identity key includes the second key, and the authentication access controller utilizes the pre-sharing with the first authentication server it trusts. The key and the agreed cryptographic algorithm calculate the information including the first identity information ciphertext to generate an identity authentication code that authenticates the access controller, and send the ciphertext carrying the first identity information and the authentication access controller to the first authentication server. The first authentication request message of the identity authentication code of the controller, the second authentication server trusted by the requesting device verifies the legality of the digital certificate of the requesting device, and the first authentication server authenticates the identity of the authentication access controller. After the verification is completed, the first authentication server sends a first authentication response message to the authentication access controller. The first authentication response message includes the first authentication result information, the first digital signature of the second authentication server, the second authentication response The ciphertext of the authentication result information and the first message authentication code of the first authentication server, and then the authentication access controller uses the pre-shared key with the first authentication server and the agreed cryptographic algorithm to verify the first message authentication code of the first authentication server , after the verification is passed, send the third authentication response message carrying the ciphertext of the identity authentication result information to the requesting device, and the requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the first authentication result information, and obtains the authentication access from it. The authentication result of the controller, when it is determined that the identity of the authentication access controller is valid, the authentication access controller sends a fourth authentication response message including the ciphertext of the second key to the authentication access controller, and the authentication access controller uses the message encryption key to decrypt the first authentication response message. The second key is obtained from the two-key ciphertext, and the second authentication result information ciphertext is decrypted with the second key to obtain the second authentication result information, and the verification result of the requesting device is obtained from the second authentication result information, so as to realize the requesting device. The two-way identity authentication of the access controller and the authentication access controller lays the foundation for ensuring that only legitimate users can access the legitimate network. In addition, the entity's identity information and/or identity authentication result information is transmitted in the form of cipher text, which ensures the security of private information during the transmission process and realizes the entity's identity protection.
附图说明Description of drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that are used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments of the present application, and for those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.
图1为本申请实施例提供的一种身份鉴别方法的示意图;1 is a schematic diagram of an identity authentication method provided by an embodiment of the present application;
图2为本申请实施例提供的一种请求设备REQ和鉴别接入控制器AAC协商消息加密密钥的方法的示意图;2 is a schematic diagram of a method for requesting a device REQ and an authentication access controller AAC to negotiate a message encryption key according to an embodiment of the present application;
图3为本申请实施例提供的一种身份鉴别方法的示意图,其中“*”表示可选的字段或可选的操作;3 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;
图4为本申请实施例提供的一种身份鉴别方法的示意图,其中“*”表示可选的字段或可选的操作;4 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;
图5为本申请实施例提供的一种身份鉴别方法的示意图,其中“*”表示可选的字段或可选的操作;5 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;
图6为本申请实施例提供的一种身份鉴别方法的示意图,其中“*”表示可选的字段或可选的操作;6 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;
图7为本申请实施例提供的一种请求设备REQ的结构框图;7 is a structural block diagram of a requesting device REQ provided by an embodiment of the present application;
图8为本申请实施例提供的一种鉴别接入控制器AAC的结构框图;FIG. 8 is a structural block diagram of an authentication access controller AAC according to an embodiment of the present application;
图9为本申请实施例提供的一种第一鉴别服务器AS-AAC的结构框图;FIG. 9 is a structural block diagram of a first authentication server AS-AAC according to an embodiment of the present application;
图10为本申请实施例提供的一种第二鉴别服务器AS-REQ的结构框图;10 is a structural block diagram of a second authentication server AS-REQ provided by an embodiment of the application;
图11为本申请实施例提供的另一种请求设备REQ的结构框图;11 is a structural block diagram of another requesting device REQ provided by an embodiment of the present application;
图12为本申请实施例提供的另一种鉴别接入控制器AAC的结构框图;12 is a structural block diagram of another authentication access controller AAC provided by an embodiment of the present application;
图13为本申请实施例提供的另一种第一鉴别服务器AS-AAC的结构框图;13 is a structural block diagram of another first authentication server AS-AAC provided by an embodiment of the present application;
图14为本申请实施例提供的另一种第二鉴别服务器AS-REQ的结构框图。FIG. 14 is a structural block diagram of another second authentication server AS-REQ provided by an embodiment of the present application.
具体实施方式Detailed ways
在通信网络中,请求设备可以通过鉴别接入控制器访问网络,为了确保访问网络的请求设备属于合法用户,以及请求设备访问的网络为合法网络,鉴别接入控制器和请求设备之间需要进行双向身份鉴别(Mutual Identity Authentication,简称MIA)。In a communication network, the requesting device can access the network through the authentication access controller. In order to ensure that the requesting device accessing the network belongs to a legitimate user and the network that the requesting device accesses is a legitimate network, the authentication between the access controller and the requesting device needs to be performed. Mutual Identity Authentication (MIA for short).
以目前的无线通信和移动通信场景为例,在请求设备通过鉴别接入控制器接入无线网络的场景下,请求设备可以为手机、个人数字助理(Personal Digital Assitant,简称PDA)、平板电脑等终端设备,鉴别接入控制器可以是无线接入点、无线路由器等网络侧设备。在请求设备通过鉴别接入控制器接入有线网络的场景下,请求设备可以为台式机、笔记本电脑等终端设备,鉴别接入控制器可以是交换机或路由器等网络侧设备。在请求设备通过鉴别接入控制器接入第四/五代移动通信技术(The 4th/5th Generation mobile communication technology,简称4G/5G)网络的场景下,请求设备可以为手机、平板电脑等终端设备,鉴别接入控制器可以为基站等网络侧设备。当然,本申请同样适用于其他有线网络、近距离通信网络等各种数据通信场景。Taking the current wireless communication and mobile communication scenarios as an example, in the scenario where the requesting device accesses the wireless network through the authentication access controller, the requesting device can be a mobile phone, a personal digital assistant (PDA), a tablet computer, etc. The terminal device, the authentication access controller can be a network side device such as a wireless access point and a wireless router. In the scenario where the requesting device accesses the wired network through the authentication access controller, the requesting device may be a terminal device such as a desktop computer or a notebook computer, and the authentication access controller may be a network-side device such as a switch or a router. In the scenario where the requesting device accesses the 4th/5th Generation mobile communication technology (4G/5G) network through the authentication access controller, the requesting device may be a terminal device such as a mobile phone and a tablet computer. The authentication access controller may be a network side device such as a base station. Of course, the present application is also applicable to various data communication scenarios such as other wired networks and short-range communication networks.
然而,在目前已有的实体鉴别方案中,实体的身份凭证要么统一采用数字证书的形式,要么统一采用预共享密钥的形式,而针对实际应用中一端采用数字证书作为身份凭证、另一端采用预共享密钥作为身份凭证的情况,并没有提出简洁、有效的身份鉴别机制。并且在身份鉴别消息的传输过程中,直接暴露实体的身份信息,导致其安全性无法得到保障。However, in the existing entity authentication scheme, the identity certificate of the entity is either in the form of a digital certificate or a pre-shared key. When the pre-shared key is used as an identity certificate, no concise and effective authentication mechanism is proposed. In addition, in the transmission process of the identity authentication message, the identity information of the entity is directly exposed, so that its security cannot be guaranteed.
为了解决上述技术问题,本申请实施例提供了一种身份鉴别方法,针对请求设备采用数字证书,鉴别接入控制器采用预共享密钥的鉴别方式的应用场景,由鉴别接入控制器信任的第一鉴别服务器验证鉴别接入控制器的身份鉴别码得到第一验证结果,由请求设备信任的第二鉴别服务器验证请求设备数字证书的合法性得到第二验证结果,请求设备和鉴别接入控制器分别依据对方实体所对应的验证结果来确定对方实体是否合法,实现鉴别接入控制器与请求设备之间的双向身份鉴别,从而为确保只有合法用户才能与合法网络通信奠定基础。并且实体的私密信息如身份标识、鉴别结果信息等以密文形式传输,保障了私密信息在传输过程中的安全性,实现实体的身份保护。In order to solve the above technical problem, an embodiment of the present application provides an identity authentication method. For the application scenario in which the requesting device adopts a digital certificate and the authentication access controller adopts the pre-shared key authentication method, the authentication access controller trusts the application scenario. The first authentication server verifies the identity authentication code of the authentication access controller to obtain the first verification result, and the second authentication server trusted by the requesting device verifies the legality of the digital certificate of the requesting device to obtain the second verification result, and the requesting device and the authentication access control The device determines whether the other entity is legal according to the corresponding verification results of the counterpart entity, and realizes the two-way identity authentication between the authentication access controller and the requesting device, thus laying the foundation for ensuring that only legal users can communicate with the legal network. In addition, the private information of the entity, such as identity identification, authentication result information, etc., is transmitted in the form of cipher text, which ensures the security of the private information during the transmission process and realizes the identity protection of the entity.
为便于介绍,在本申请实施例中,将以请求设备(REQuester,简称REQ)、鉴别接入控制器(Authentication Access Controller,简称AAC)和鉴别服务器(Authentication Server,简称AS)为例对本申请的身份鉴别方法进行介绍。For ease of introduction, in the embodiments of the present application, a request device (REQuester, referred to as REQ), an authentication access controller (Authentication Access Controller, referred to as AAC) and an authentication server (Authentication Server, referred to as AS) will be used as examples to describe the requirements of the present application. The identification method is introduced.
其中,AAC信任的AS称为第一鉴别服务器AS-AAC,REQ信任的AS称为第二鉴别服务器AS-REQ。AS-REQ持有符合ISO/IEC 9594-8/ITU X.509、其他标准或其他技术体系规定的数字证书和数字证书对应的私钥,AS-AAC能够验证AAC的身份合法性,AS-REQ能够验证REQ的数字证书的合法性。AS-AAC和AS-REQ可以是同一AS也可以是不同的AS,当AS-AAC与AS-REQ相同时,即非漫游情况;当AS-AAC与AS-REQ不相同时,即漫游情况,此时AS-AAC与AS-REQ之间具有有效的预共享密钥,或者,当AS-AAC持有符合ISO/IEC 9594-8/ITU X.509、其他标准或其他技术体系规定的数字证书和数字证书对应的私钥时,AS-AAC与AS-REQ相互信任,且知晓对方的数字证书或数字证书中的公钥。证书解密服务器(Certificate Sever-Decrypt,简称CS-DEC)持有符合ISO/IEC 9594-8/ITU X.509、其他标准或其他技术体系规定的加密证书和加密证书对应的私钥,其加密证书可以有一张也可以有多张,CS-DEC可以是独立的服务器,也可以驻留在AS-AAC和/或AS-REQ中。The AS trusted by AAC is called the first authentication server AS-AAC, and the AS trusted by REQ is called the second authentication server AS-REQ. AS-REQ holds digital certificates and private keys corresponding to digital certificates that comply with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems. AS-AAC can verify the legitimacy of AAC's identity. AS-REQ Can verify the legitimacy of REQ's digital certificate. AS-AAC and AS-REQ can be the same AS or different ASs. When AS-AAC is the same as AS-REQ, it is a non-roaming situation; when AS-AAC is different from AS-REQ, it is a roaming situation. At this time, there is a valid pre-shared key between AS-AAC and AS-REQ, or when AS-AAC holds a digital certificate that complies with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems When the private key corresponding to the digital certificate is used, AS-AAC and AS-REQ trust each other and know each other's digital certificate or the public key in the digital certificate. The certificate decryption server (Certificate Sever-Decrypt, CS-DEC for short) holds the encryption certificate and the private key corresponding to the encryption certificate in accordance with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems, and its encryption certificate There can be one or more, and the CS-DEC can be a standalone server or reside in AS-AAC and/or AS-REQ.
REQ可以是参与身份鉴别过程的一个端点,与AAC建立连接,访问AAC提供的服务,且通过AAC访问AS,REQ持有符合ISO/IEC 9594-8/ITU X.509、其他标准或其他技术体系规定的数字证书和数字证书对应的私钥,REQ知晓AS-REQ的数字证书或数字证书中的公钥,并知晓CS-DEC的加密证书或加密证书中的公钥。AAC可以是参与身份鉴别过程的另一个端点,与REQ建立连接,提供服务,并与REQ通信,且可直接访问AS-AAC,AAC与AS-AAC之间具有预共享密钥,且在某些情况下知晓CS-DEC的加密证书或加密证书中的公钥。REQ can be an endpoint participating in the authentication process, establish a connection with AAC, access services provided by AAC, and access AS through AAC, REQ holds ISO/IEC 9594-8/ITU X.509, other standards or other technical systems For the specified digital certificate and the private key corresponding to the digital certificate, REQ knows the digital certificate of AS-REQ or the public key in the digital certificate, and knows the encryption certificate of CS-DEC or the public key in the encryption certificate. The AAC can be another endpoint that participates in the authentication process, establishes a connection with the REQ, provides services, communicates with the REQ, and can directly access the AS-AAC, with a pre-shared key between the AAC and the AS-AAC, and in some If you know the encryption certificate of CS-DEC or the public key in the encryption certificate.
下面结合图1,说明本申请实施例提供的一种身份鉴别方法,该方法包括:1, an identity authentication method provided by the embodiment of the present application is described, and the method includes:
S101、AAC接收REQ发送的身份密文消息REQInit。S101. The AAC receives the identity ciphertext message REQInit sent by the REQ.
所述REQInit中包括第一身份信息密文EncPub AS_REQ。其中,EncPub AS_REQ是REQ利用加密证书的公钥对包括REQ的身份信息和REQ的第一身份密钥在内的加密数据加密生成的;REQ的身份信息包括REQ的数字证书Cert REQ,第一身份密钥包括第二密钥Nonce REQPubThe REQInit includes the first identity information ciphertext EncPub AS_REQ . Wherein, EncPub AS_REQ is generated by REQ using the public key of the encrypted certificate to encrypt the encrypted data including the identity information of REQ and the first identity key of REQ; the identity information of REQ includes the digital certificate Cert REQ of REQ, the first identity The keys include the second key Nonce REQPub .
S102、AAC向其信任的AS-AAC发送第一鉴别请求消息AACVeri。S102. The AAC sends a first authentication request message AACVeri to the AS-AAC it trusts.
所述AACVeri中包括EncPub AS_REQ和AAC的身份鉴别码MIC AAC。其中,MIC AAC是AAC利用与AS-AAC的预共享密钥K AAC_AS,采用与AS-AAC约定的密码算法对包括EncPub AS_REQ在内的信息计算生成的。作为一个示例,AAC与AS-AAC约定的密码算法可以是杂凑算法,通过利用所述K AAC_AS,结合杂凑算法对包括AACVeri中MIC AAC字段之前的其他字段,如包括EncPub AS_REQ在内的信息,进行杂凑运算得到杂凑值,将该杂凑值作为AAC的身份鉴别码MIC AAC。如此,由AS-AAC对MIC AAC进行验证得到第一验证结果Res AAC,由REQ信任的AS-REQ对解密EncPub AS_REQ得到的Cert REQ进行验证得到第二验证结果Res REQThe AACVeri includes the identification code MIC AAC of EncPub AS_REQ and AAC. The MIC AAC is calculated and generated by the AAC using the pre-shared key K AAC_AS with the AS-AAC and the cryptographic algorithm agreed with the AS-AAC on the information including the EncPub AS_REQ . As an example, the cryptographic algorithm agreed by AAC and AS-AAC may be a hash algorithm. By using the K AAC_AS , combined with the hash algorithm, other fields including the MIC AAC field in AACVeri, such as the information including EncPub AS_REQ , are processed A hash value is obtained by the hash operation, and the hash value is used as the identification code MIC AAC of the AAC . In this way, the AS-AAC verifies the MIC AAC to obtain the first verification result Res AAC , and the AS-REQ trusted by the REQ verifies the Cert REQ obtained by decrypting the EncPub AS_REQ to obtain the second verification result Res REQ .
需要说明的是,当AAC信任的AS-AAC和REQ信任的AS-REQ为同一个鉴别服务器时,REQ和AAC共同信任的鉴别服务器可以用AS-AAC(当然也可以用AS-REQ)来表示。此情形下,可以由 AS-AAC(也可以表示为AS-REQ)对所述MIC AAC进行验证得到Res AAC,对解密EncPub AS_REQ得到的所述Cert REQ进行合法性验证得到Res REQ。其中,对EncPub AS_REQ的解密操作可以由证书解密服务器CS-DEC执行,CS-DEC利用所述加密证书对应的私钥解密EncPub AS_REQ,AS-AAC(也可以表示为AS-REQ)从CS-DEC获取解密得到的Cert REQ;或者,AS-AAC(也可以表示为AS-REQ)利用驻留在AS-AAC(也可以表示为AS-REQ)中的CS-DEC的加密证书对应的私钥解密EncPub AS_REQ得到Cert REQ。在验证所述MIC AAC时,AS-AAC(也可以表示为AS-REQ)先确定与AAC的预共享密钥K AAC_AS和约定的密码算法,再利用所述K AAC_AS,采用所述密码算法对包括AACVeri中MIC AAC字段之前的其他字段,如包括EncPub AS_REQ在内的信息,在本地计算生成MIC AAC,然后将计算出的MIC AAC与接收到的MIC AAC进行比较,从而完成对MIC AAC的验证。AS-AAC在确定所述K AAC_AS和密码算法时,可以预先确知与AAC具有的有效的预共享密钥K AAC_AS和密码算法;此外,AACVeri中还可以携带AAC的身份标识ID AAC,AS-AAC可以根据ID AAC确定与AAC具有的有效的预共享密钥K AAC_AS和密码算法。 It should be noted that when the AS-AAC trusted by AAC and the AS-REQ trusted by REQ are the same authentication server, the authentication server trusted by REQ and AAC can be represented by AS-AAC (of course, AS-REQ can also be used) . In this case, the MIC AAC can be verified by AS-AAC (which can also be expressed as AS-REQ) to obtain Res AAC , and the Cert REQ obtained by decrypting the EncPub AS_REQ can be verified to obtain Res REQ . Wherein, the decryption operation of EncPub AS_REQ can be performed by the certificate decryption server CS-DEC, CS-DEC decrypts EncPub AS_REQ by using the private key corresponding to the encrypted certificate, and AS-AAC (also can be expressed as AS-REQ) from CS-DEC Obtain the Cert REQ that decryption obtains; Or, AS-AAC (also can be expressed as AS-REQ) utilizes the private key corresponding to the encryption certificate of CS-DEC residing in AS-AAC (also can be expressed as AS-REQ) to decrypt EncPub AS_REQ get Cert REQ . When verifying the MIC AAC , AS-AAC (which can also be expressed as AS-REQ) first determines the pre-shared key K AAC_AS with AAC and the agreed cryptographic algorithm, and then uses the K AAC_AS to use the cryptographic algorithm to Include other fields before the MIC AAC field in AACVeri, such as information including EncPub AS_REQ , calculate the MIC AAC locally, and then compare the calculated MIC AAC with the received MIC AAC to complete the verification of the MIC AAC . When the AS- AAC determines the K AAC_AS and the cryptographic algorithm, it can pre-determine the effective pre-shared key K AAC_AS and the cryptographic algorithm with the AAC; The AAC can determine the valid pre-shared key K AAC_AS and the cryptographic algorithm it has with the AAC according to the ID AAC .
接着,AS-AAC(也可以表示为AS-REQ)根据包括所述Res AAC在内的信息生成第一鉴别结果信息Pub AAC,根据包括所述Res REQ在内的信息生成第二鉴别结果信息Pub REQ,利用解密EncPub AS_REQ得到的Nonce REQPub对包括Pub REQ在内的信息加密得到第二鉴别结果信息密文(例如,可以将Nonce REQPub与Pub REQ进行异或运算生成第二鉴别结果信息密文即
Figure PCTCN2021140178-appb-000001
),并利用所述K AAC_AS,采用所述密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成AS-AAC的第一消息鉴别码MIC AS_AAC(也可以表示为AS-REQ的第一消息鉴别码MIC AS_REQ),对包括所述Pub AAC在内的签名数据计算生成第一数字签名Sig AS_AAC1(也可以表示为Sig AS_REQ1),根据包括所述Pub AAC、所述Sig AS_AAC1(也可以表示为Sig AS_REQ1)、所述第二鉴别结果信息密文和所述MIC AS_AAC(也可以表示为MIC AS_REQ)在内的信息生成第一鉴别响应消息ASVeri。 Next, AS-AAC (may also be expressed as AS-REQ) generates first authentication result information Pub AAC according to the information including the Res AAC , and generates second authentication result information Pub according to the information including the Res REQ REQ , use the Nonce REQPub obtained by decrypting EncPub AS_REQ to encrypt the information including Pub REQ to obtain the second authentication result information ciphertext (for example, the Nonce REQPub and Pub REQ can be XORed to generate the second authentication result information ciphertext i.e.
Figure PCTCN2021140178-appb-000001
), and utilize the K AAC_AS to calculate and generate the first message authentication code MIC AS_AAC of AS-AAC on the information including the ciphertext of the second authentication result information using the cryptographic algorithm (also can be expressed as AS-REQ The first message authentication code MIC AS_REQ ), the signature data including the Pub AAC is calculated to generate the first digital signature Sig AS_AAC1 (also can be expressed as Sig AS_REQ1 ), according to the Pub AAC , the Sig AS_AAC1 ( It can also be expressed as Sig AS_REQ1 ), the ciphertext of the second authentication result information, and the information including the MIC AS_AAC (also expressed as MIC AS_REQ ) to generate the first authentication response message ASVeri.
当AAC信任的AS-AAC和REQ信任的AS-REQ为两个不同的鉴别服务器时,此情形下,由AS-AAC验证所述MIC AAC得到Res AAC,由AS-REQ对解密EncPub AS_REQ得到的Cert REQ进行合法性验证得到Res REQWhen the AS-AAC trusted by AAC and the AS-REQ trusted by REQ are two different authentication servers, in this case, the AS-AAC verifies the MIC AAC to obtain the Res AAC , and the AS-REQ decrypts the EncPub AS_REQ to obtain the Res AAC. The validity of Cert REQ is verified to obtain Res REQ .
具体地,AS-AAC利用与AAC的预共享密钥K AAC_AS,采用与AAC约定的密码算法对所述MIC AAC进行验证得到Res AAC,根据包括所述Res AAC在内的信息生成第一鉴别结果信息Pub AAC,对包括所述Pub AAC和所述EncPub AS_REQ在内的签名数据计算生成第二数字签名Sig AS_AAC2,并向AS-REQ发送第二鉴别请求消息AS-AACVeri,所述AS-AACVeri中包括所述Pub AAC、所述EncPub AS_REQ和所述Sig AS_AAC2。其中,Sig AS_AAC2可替换为MIC AS_AAC2,MIC AS_AAC2是AS-AAC利用与AS-REQ的预共享密钥,采用与AS-REQ约定的密码算法对包括所述Pub AAC、所述EncPub AS_REQ在内的信息计算生成的第二消息鉴别码。 Specifically, AS-AAC uses the pre-shared key K AAC_AS with the AAC, uses the cryptographic algorithm agreed with the AAC to verify the MIC AAC to obtain Res AAC , and generates the first authentication result according to the information including the Res AAC Information Pub AAC , calculate and generate a second digital signature Sig AS_AAC2 for the signature data including the Pub AAC and the EncPub AS_REQ , and send the second authentication request message AS-AACVeri to AS-REQ, in the AS-AACVeri Including the Pub AAC , the EncPub AS_REQ and the Sig AS_AAC2 . Wherein, Sig AS_AAC2 can be replaced by MIC AS_AAC2 , MIC AS_AAC2 is that AS-AAC utilizes the pre-shared key with AS-REQ, adopts the cryptographic algorithm agreed with AS-REQ to pair the Pub AAC and EncPub AS_REQ . The message calculates the generated second message authentication code.
然后,AS-REQ利用AS-AAC的公钥验证Sig AS_AAC2或者利用与AS-AAC的预共享密钥采用与AS-AAC约定的密码算法验证MIC AS_AAC2,验证通过后,由AS-REQ对解密所述EncPub AS_REQ得到的Cert REQ进行合法性验证得到Res REQ,再根据包括Res REQ在内的信息生成第二鉴别结果信息Pub REQ,利用解密所述EncPub AS_REQ得到的Nonce REQPub对包括Pub REQ在内的信息加密生成第二鉴别结果信息密文,并对包括所述Pub AAC在内的签名数据计算生成第一数字签名Sig AS_REQ1,对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名Sig AS_REQ3,并向AS-AAC发送第二鉴别响应消息AS-REQVeri,所述AS-REQVeri中包括所述Pub AAC、所述Sig AS_REQ1、所述第二鉴别结果信息密文和所述Sig AS_REQ3。其中,Sig AS_REQ3可替换为MIC AS_REQ3,MIC AS_REQ3是AS-REQ利用与AS-AAC的预共享密钥,采用与AS-AAC约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的第三消息鉴别码。 Then, AS-REQ uses the public key of AS-AAC to verify Sig AS_AAC2 or uses the pre-shared key with AS-AAC to verify MIC AS_AAC2 using the cryptographic algorithm agreed with AS-AAC. The Cert REQ obtained by the described EncPub AS_REQ is verified for validity to obtain the Res REQ , and then the second authentication result information Pub REQ is generated according to the information including the Res REQ , and the Nonce REQPub obtained by decrypting the described EncPub AS_REQ is used to decipher the information including the Pub REQ . The information is encrypted to generate the second authentication result information ciphertext, and the first digital signature Sig AS_REQ1 is calculated and generated for the signature data including the Pub AAC , and the signature data including the second authentication result information ciphertext is calculated and generated. The third digital signature Sig AS_REQ3 , and sends a second authentication response message AS-REQVeri to AS-AAC, the AS-REQVeri includes the Pub AAC , the Sig AS_REQ1 , the second authentication result information ciphertext and all Sig AS_REQ3 described above. Wherein, Sig AS_REQ3 can be replaced with MIC AS_REQ3 , and MIC AS_REQ3 is that AS-REQ uses the pre-shared key with AS-AAC, and adopts the cryptographic algorithm agreed with AS-AAC to pair the ciphertext including the second authentication result information. The information calculates the generated third message authentication code.
AS-AAC利用AS-REQ的公钥验证所述Sig AS_REQ3,或者利用与AS-REQ的预共享密钥采用与AS-REQ约定的密码算法验证MIC AS_REQ3,验证通过后,由AS-AAC利用所述K AAC_AS,采用与AAC约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成AS-AAC的第一消息鉴别码MIC AS_AAC,并根据包括所述Pub AAC、所述Sig AS_REQ1、所述第二鉴别结果信息密文和所述MIC AS_AAC在内的信息生成所述第一鉴别响应消息ASVeri。 AS-AAC uses the public key of AS-REQ to verify the Sig AS_REQ3 , or uses the pre-shared key with AS-REQ to verify the MIC AS_REQ3 using the cryptographic algorithm agreed with AS-REQ. Describe K AAC_AS , adopt the cryptographic algorithm agreed with AAC to calculate and generate the first message authentication code MIC AS_AAC of AS-AAC on the information including the ciphertext of the second authentication result information, and according to including the Pub AAC , the described Information including Sig AS_REQ1 , the ciphertext of the second authentication result information, and the MIC AS_AAC generates the first authentication response message ASVeri.
S103、AAC接收AS-AAC发送的第一鉴别响应消息ASVeri。S103. The AAC receives the first authentication response message ASVeri sent by the AS-AAC.
所述ASVeri中包括第一鉴别结果信息、第一数字签名Sig AS_REQ1、第二鉴别结果信息密文和AS-AAC的第一消息鉴别码MIC AS_AACThe ASVeri includes the first authentication result information, the first digital signature Sig AS_REQ1 , the ciphertext of the second authentication result information and the first message authentication code MIC AS_AAC of the AS-AAC.
S104、AAC利用与AS-AAC的预共享密钥,采用与AS-AAC约定的密码算法验证所述MIC AS_AACS104, the AAC uses the pre-shared key with the AS-AAC, and uses the cryptographic algorithm agreed with the AS-AAC to verify the MIC AS_AAC .
若验证通过,则执行S105。其中,AAC利用与AS-AAC的预共享密钥K AAC_AS采用与AS-AAC约定的密码算法对包括第二鉴别结果信息密文在内的信息计算生成MIC AS_AAC,将计算出的MIC AS_AAC与接收到的MIC AS_AAC进行比较,若一致,则MIC AS_AAC验证通过,若不一致,则丢弃ASVeri。 If the verification is passed, execute S105. Wherein, AAC utilizes the pre-shared key K AAC_AS with AS-AAC and adopts the cryptographic algorithm agreed with AS-AAC to calculate and generate MIC AS_AAC for the information including the ciphertext of the second authentication result information, and compare the calculated MIC AS_AAC with the received MIC AS_AAC . The received MIC AS_AACs are compared. If they are consistent, the MIC AS_AAC verification is passed. If they are inconsistent, the ASVeri is discarded.
S105、AAC向REQ发送第三鉴别响应消息AACAuth。S105, AAC sends a third authentication response message AACAuth to REQ.
所述AACAuth中包括身份鉴别结果信息密文EncData AAC。其中,EncData AAC是AAC利用消息加密密钥对包括第一鉴别结果信息和第一数字签名Sig AS_REQ1在内的加密数据加密生成的。本申请中,将被加密的对象称为加密数据。 The AACAuth includes the ciphertext EncData AAC of the identity authentication result information. The EncData AAC is generated by the AAC encrypting the encrypted data including the first authentication result information and the first digital signature Sig AS_REQ1 by using the message encryption key. In this application, the encrypted object is called encrypted data.
S106、REQ利用消息加密密钥解密EncData AAC得到第一鉴别结果信息和Sig AS_REQ1S106, REQ decrypts the EncData AAC by using the message encryption key to obtain the first authentication result information and Sig AS_REQ1 .
S107、REQ利用AS-REQ的公钥验证所述Sig AS_REQ1S107, REQ verifies the Sig AS_REQ1 by using the public key of AS-REQ.
S108、REQ根据第一鉴别结果信息中的Res AAC确定AAC的身份鉴别结果。 S108. The REQ determines the identity authentication result of the AAC according to the Res AAC in the first authentication result information.
由于Res AAC可以反映出AAC是否合法,因此REQ可以根据第一鉴别结果信息中的Res AAC确定AAC是否合法。 Since the Res AAC can reflect whether the AAC is legal, the REQ can determine whether the AAC is legal according to the Res AAC in the first authentication result information.
S109、REQ向AAC发送第四鉴别响应消息REQAuth。S109, REQ sends a fourth authentication response message REQAuth to the AAC.
所述REQAuth中包括第二密钥密文EncData REQ。其中,EncData REQ是REQ利用消息加密密钥对包括Nonce REQPub在内的信息加密生成的。 The REQAuth includes the second key ciphertext EncData REQ . Among them, EncData REQ is generated by REQ encrypting information including Nonce REQPub by using a message encryption key.
需要说明的是:S107至S109的执行顺序并不影响本申请的具体实现,在实际应用中,可根据需求设定S107至S109的执行顺序。优选建议,先执行S107,当REQ对所述Sig AS_REQ1验证不通过,则丢弃AACAuth,当REQ对所述Sig AS_REQ1验证通过后,再执行S108,当REQ确定AAC为合法时,再执行S109,当REQ确定AAC为不合法时,则REQ根据本地策略选择是否执行S109,考虑到效率,优选方案为不执行并结束本次鉴别过程。 It should be noted that the execution order of S107 to S109 does not affect the specific implementation of the present application. In practical applications, the execution order of S107 to S109 can be set according to requirements. Preferably, it is recommended to execute S107 first, and discard AACAuth when REQ fails to verify the Sig AS_REQ1 , and then execute S108 after the REQ has passed the Sig AS_REQ1 verification. When the REQ determines that AAC is legal, execute S109 again. When the REQ determines that the AAC is illegal, the REQ selects whether to execute S109 according to the local policy. Considering the efficiency, the preferred solution is not to execute and end the current authentication process.
S110、AAC利用消息加密密钥解密所述EncData REQ得到Nonce REQPub,利用Nonce REQPub对第二鉴别结果信息密文解密得到第二鉴别结果信息,根据第二鉴别结果信息中的Res REQ确定REQ的身份鉴别结果。 S110, AAC uses the message encryption key to decrypt the EncData REQ to obtain the Nonce REQPub , uses the Nonce REQPub to decrypt the ciphertext of the second authentication result information to obtain the second authentication result information, and determines the identity of the REQ according to the Res REQ in the second authentication result information Identification results.
由于Res REQ可以反映出REQ是否合法,因此AAC可以根据第二鉴别结果信息中的Res REQ确定REQ是否合法。 Since the Res REQ can reflect whether the REQ is legal, the AAC can determine whether the REQ is legal according to the Res REQ in the second authentication result information.
由上述技术方案可以看出,在对请求设备和鉴别接入控制器进行双向身份鉴别时,针对请求设备采用数字证书,鉴别接入控制器采用预共享密钥的鉴别方式的应用场景,由鉴别接入控制信任的第一鉴别服务器利用与鉴别接入控制器约定的预共享密钥对鉴别接入控制器的身份鉴别码进行验证得到第一验证结果,由请求设备信任的第二鉴别服务器对请求设备的数字证书进行验证得到第二验证结果,请求设备和鉴别接入控制器分别获取对方实体所对应的验证结果,可以确定对方实体是否合法,实现鉴别接入控制器与请求设备之间的双向身份鉴别,为确保只有合法用户才能访问合法网络奠定基础。并且实体的私密信息如身份标识、鉴别结果信息等以密文形式传输,保障私密信息在传输过程中的安全性,实现实体的身份保护。It can be seen from the above technical solutions that when performing bidirectional identity authentication between the requesting device and the authentication access controller, the application scenario in which a digital certificate is used for the requesting device and the pre-shared key authentication method is used for the authentication access controller. The first authentication server trusted by the access control uses the pre-shared key agreed with the authentication access controller to verify the identity authentication code of the authentication access controller to obtain a first verification result, which is verified by the second authentication server trusted by the requesting device. The digital certificate of the requesting device is verified to obtain the second verification result, and the requesting device and the authentication access controller obtain the verification results corresponding to the counterpart entity respectively, so as to determine whether the counterpart entity is legal, and realize the authentication between the access controller and the requesting device. Two-way authentication lays the foundation for ensuring that only legitimate users can access legitimate networks. In addition, the private information of the entity, such as identity identification, authentication result information, etc., is transmitted in the form of cipher text, which ensures the security of the private information during the transmission process and realizes the identity protection of the entity.
为保障鉴别结果的可靠性,AAC可以生成消息完整性校验码。例如,S105的AACAuth中还可以包括第一消息完整性校验码MacTag AAC,MacTag AAC是AAC利用消息完整性校验密钥对包括AACAuth中除MacTag AAC外的其他字段计算生成的;则在REQ确定AAC的身份鉴别结果之前,REQ可以利用消息完整性校验密钥验证MacTag AAC,验证通过后再确定AAC的身份鉴别结果。其中,REQ验证MacTag AAC时,应利用所述消息完整性校验密钥对包括AACAuth中除MacTag AAC外的其他字段在本地计算生成MacTag AAC,并对比本地计算的MacTag AAC与接收到的AACAuth中的MacTag AAC是否一致,若一致,则验证通过,若不一致,则验证不通过。 To ensure the reliability of the authentication result, AAC can generate a message integrity check code. For example, the AACAuth of S105 may also include the first message integrity check code MacTag AAC , and MacTag AAC is calculated and generated by AAC using the message integrity check key to include other fields in AACAuth except MacTag AAC ; then in REQ Before determining the identity authentication result of the AAC, REQ can use the message integrity check key to verify the MacTag AAC , and then determine the identity authentication result of the AAC after the verification is passed. Wherein, when REQ verifies MacTag AAC , it should use the message integrity check key pair to include other fields in AACAuth except MacTag AAC to generate MacTag AAC locally, and compare the locally calculated MacTag AAC with the received AACAuth Whether the MacTag AACs are consistent. If they are consistent, the verification passes. If they are inconsistent, the verification fails.
同样的,REQ也可以生成消息完整性校验码。例如,S109的REQAuth中还可以包括第二消息完整性校验码MacTag REQ,MacTag REQ是REQ利用消息完整性校验密钥对包括REQAuth中除MacTag REQ外的其他字段计算生成的。相应的,在AAC确定REQ的身份鉴别结果之前,AAC可以利用消息完整性校验密钥验证MacTag REQ,验证通过后再确定REQ的身份鉴别结果。其中,AAC验证MacTag REQ时,应利用所述消息完整性校验密钥对包括REQAuth中除MacTag REQ外的其他字段在本地计算生成MacTag REQ,并对比本地计算的MacTag REQ与接收到的REQAuth中的MacTag REQ是否一致,若一致,则验证通过,若不一致,则验证不通过。 Similarly, REQ can also generate message integrity check codes. For example, the REQAuth of S109 may further include the second message integrity check code MacTag REQ , where MacTag REQ is calculated and generated by REQ using the message integrity check key to include other fields in REQAuth except MacTag REQ . Correspondingly, before the AAC determines the identity authentication result of the REQ, the AAC can use the message integrity check key to verify the MacTag REQ , and then determine the identity authentication result of the REQ after the verification is passed. Wherein, when the AAC verifies the MacTag REQ , it should use the message integrity check key pair to include other fields in REQAuth except the MacTag REQ to generate the MacTag REQ locally, and compare the locally calculated MacTag REQ with the received REQAuth. Whether the MacTag REQs are consistent, if they are consistent, the verification is passed; if they are inconsistent, the verification fails.
需要说明的是,REQ和AAC利用的消息完整性校验密钥的生成方式在下一实施例中介绍。It should be noted that the generation method of the message integrity check key used by REQ and AAC will be introduced in the next embodiment.
请参考图1,S101的REQInit中还可以包括REQ的数字签名Sig REQ,Sig REQ的签名数据包括REQInit中Sig REQ之前的其他字段,则在AAC确定REQ的身份鉴别结果之前,AAC还要确定Sig REQ是否验证通过,若确定Sig REQ验证通过,则再根据所述第二鉴别结果信息中的Res REQ确定REQ的身份鉴别结果。本申请中,将被签名的对象称为签名数据。其中,AAC确定Sig REQ是否验证通过包括以下方式: Please refer to FIG. 1, REQInit of S101 may also include the digital signature Sig REQ of REQ, and the signature data of Sig REQ includes other fields before Sig REQ in REQInit, then before AAC determines the identity authentication result of REQ, AAC also needs to determine Sig REQ Whether the REQ has passed the verification, and if it is determined that the Sig REQ has passed the verification, the identity verification result of the REQ is then determined according to the Res REQ in the second verification result information. In this application, the object to be signed is called signature data. Among them, AAC determines whether the Sig REQ is verified through the following methods:
一种实现方式为,当所述第二鉴别结果信息中还包括Cert REQ时,AAC利用所述第二鉴别结果信息中的Cert REQ验证所述Sig REQ,根据验证结果确定Sig REQ是否验证通过。另一种实现方式为,AS-REQ利用解密所述EncPub AS_REQ得到的Cert REQ验证所述Sig REQ,若验证通过,则继续执行后续操作,并向AAC发送第一鉴别响应消息ASVeri,若验证不通过,则不会向AAC发送第一鉴别响应消息ASVeri;因此,若AAC能够接收到ASVeri,则AAC确定所述Sig REQ已验证通过。 An implementation manner is that when the second authentication result information further includes Cert REQ , the AAC uses the Cert REQ in the second authentication result information to verify the Sig REQ , and determines whether the Sig REQ is verified according to the verification result. Another implementation is that AS-REQ uses the Cert REQ obtained by decrypting the EncPub AS_REQ to verify the Sig REQ , if the verification is passed, then continue to perform subsequent operations, and send the first authentication response message ASVeri to the AAC, if the verification fails If passed, the first authentication response message ASVeri will not be sent to the AAC; therefore, if the AAC can receive the ASVeri, the AAC determines that the Sig REQ has passed the verification.
需要说明的是,请求设备和/或鉴别接入控制器产生的随机数、身份标识等信息可以在身份鉴别过程交互的消息中进行传递。正常情况下,接收的消息中携带的随机数和/或身份标识与发送的消息中携带的随机数和/或身份标识应该相同,但在遇到网络抖动或攻击等情况时,可能造成消息中参数信息的丢失或篡改。因此在一些实施例中,还可以通过比较收发消息中的随机数和/或身份标识是否一致来保障鉴别结果的可靠性。It should be noted that information such as random numbers and identity identifiers generated by the requesting device and/or the authentication access controller may be transmitted in messages exchanged in the identity authentication process. Under normal circumstances, the random number and/or ID carried in the received message should be the same as the random number and/or ID carried in the sent message. Loss or tampering of parameter information. Therefore, in some embodiments, the reliability of the authentication result can also be ensured by comparing whether the random numbers and/or identity identifiers in the received and received messages are consistent.
请参考图1,S102的AACVeri中还可以包括AAC的身份标识ID AAC和/或AAC生成的第一随机数Nonce AAC,相应地,S103的ASVeri中还包括ID AAC和/或Nonce AAC;则在S105之前,AAC可以对ASVeri中的ID AAC和AAC自身的身份标识ID AAC(也就是AAC通过AACVeri发出去的ID AAC)的一致性进行验证,和/或,对ASVeri中的Nonce AAC和AAC生成的Nonce AAC(也就是AAC通过AACVeri发出去的Nonce AAC)的一致性进行验证,若验证通过,则AAC再执行S105。 Please refer to Fig. 1, the AACVeri of S102 may also include the first random number Nonce AAC generated by the ID AAC and/or AAC of the AAC , correspondingly, the ASVeri of S103 also includes ID AAC and/or Nonce AAC ; then in Before S105, the AAC can verify the consistency of the ID AAC in ASVeri and the ID AAC of the AAC itself (that is, the ID AAC sent by AAC through AACVeri), and/or, generate the Nonce AAC and AAC in ASVeri The consistency of the Nonce AAC (that is, the Nonce AAC sent by the AAC through the AACVeri) is verified, and if the verification is passed, the AAC executes S105 again.
在另一些实施例中,所述第一鉴别结果信息中还可以包括ID AAC,S105的AACAuth中的EncData AAC的加密数据还包括ID AAC,则在REQ确定AAC的身份鉴别结果之前,REQ还要对所述第一鉴别结果信息中的ID AAC和解密EncData AAC得到的ID AAC的一致性进行验证,若验证通过,则REQ再根据所述第一鉴别结果信息中的Res AAC确定AAC的身份鉴别结果。 In other embodiments, the first authentication result information may further include ID AAC , and the encrypted data of EncData AAC in AACAuth of S105 also includes ID AAC , then before REQ determines the identity authentication result of AAC, REQ also needs to Verify the consistency of the ID AAC in the first authentication result information and the ID AAC obtained by decrypting the EncData AAC , if the verification is passed, then REQ determines the identity authentication of the AAC according to the Res AAC in the first authentication result information result.
当然,为了保障鉴别结果的可靠性,REQ也可以对REQ生成的第二随机数Nonce REQ和/或REQ的身份标识ID REQ进行一致性验证。 Of course, in order to ensure the reliability of the authentication result, the REQ may also perform consistency verification on the second random number Nonce REQ generated by the REQ and/or the identity ID REQ of the REQ.
请参考图1,在S101中,REQ的身份信息还可以包括ID REQ,第一身份密钥还可以包括第三密钥Nonce REQID,则第一身份信息密文EncPub AS_REQ的加密数据不仅包括Cert REQ和Nonce REQPub,还可以包括ID REQ和Nonce REQID。相应的,在生成第二鉴别结果信息密文时,还可以利用Nonce REQID对包括ID REQ在内的信息加密生成REQ的身份标识密文(简单的,REQ的身份标识密文可以为Nonce REQID与ID REQ进行异或运算生成的即
Figure PCTCN2021140178-appb-000002
),则S103的ASVeri中还包括REQ的身份标识密文,S105的AACAuth中的EncData AAC的加密数据还包括REQ的身份标识密文;相应地,在REQ确定AAC的身份鉴别结果之前,REQ还需要根据自身的身份标识ID REQ和所述Nonce REQID对解密EncData AAC得到的REQ的身份标识密文进行验证,具体验证包括:REQ利用所述Nonce REQID对包括REQ自身的身份标识ID REQ在内的信息加密生成REQ的身份标识密文,并将生成的REQ的身份标识密文与解密EncData AAC得到的REQ的身份标识密文进行一致性验证;或者,REQ利用Nonce REQID解密REQ的身份标识密文得到ID REQ,将解密得到的ID REQ与REQ自身的身份标识ID REQ进行一致性验证;若验证通过,则REQ再根据第一鉴别结果信息中的Res AAC确定AAC的身份鉴别结果。 Please refer to FIG. 1 , in S101, the identity information of REQ may also include ID REQ , the first identity key may also include a third key Nonce REQID , then the encrypted data of the first identity information ciphertext EncPub AS_REQ not only includes Cert REQ and Nonce REQPub , can also include ID REQ and Nonce REQID . Correspondingly, when generating the second authentication result information ciphertext, it is also possible to use Nonce REQID to encrypt the information including ID REQ to generate the identity ciphertext of REQ (simple, the identity ciphertext of REQ can be Nonce REQID and ID REQ). ID REQ is generated by XOR operation, namely
Figure PCTCN2021140178-appb-000002
), then the ASVeri of S103 also includes the identity ciphertext of REQ, and the encrypted data of the EncData AAC in the AACAuth of S105 also includes the identity ciphertext of REQ; Correspondingly, before REQ determines the identity authentication result of AAC, REQ also It is necessary to verify the identity ciphertext of the REQ obtained by decrypting the EncData AAC according to its own identity ID REQ and the Nonce REQID . The specific verification includes: REQ uses the Nonce REQID to verify the REQ including the REQ's own identity ID REQ . The information is encrypted to generate the ciphertext of the REQ's identity, and the generated ciphertext of the REQ's identity is verified with the ciphertext of the REQ's identity obtained by decrypting the EncData AAC ; or, the REQ uses the Nonce REQID to decrypt the ciphertext of the REQ's identity. The ID REQ is obtained, and the ID REQ obtained by decryption is subjected to consistency verification with the ID REQ of the REQ itself; if the verification is passed, the REQ determines the identity authentication result of the AAC according to the Res AAC in the first authentication result information.
当然,S101的REQInit中还可以包括Nonce REQ,相应地,S102的AACVeri和S103的ASVeri中还可以包括Nonce REQ,S105的AACAuth中的EncData AAC的加密数据还包括Nonce REQ。相应地,在REQ确定AAC的身份鉴别结果之前,REQ需要将解密EncData AAC得到的Nonce REQ与REQ生成的Nonce REQ的一致性进行验证,若验证通过,则REQ再根据第一鉴别结果信息中的Res AAC确定AAC的身份鉴别结果。 Of course, the REQInit of S101 may also include Nonce REQ , correspondingly, the AACVeri of S102 and the ASVeri of S103 may also include Nonce REQ , and the encrypted data of EncData AAC in AACAuth of S105 also includes Nonce REQ . Correspondingly, before REQ determines the identity authentication result of AAC, REQ needs to verify the consistency between the Nonce REQ obtained by decrypting the EncData AAC and the Nonce REQ generated by REQ. Res AAC determines the identity authentication result of AAC.
在上述实施例中,AAC的身份标识ID AAC、第一鉴别结果信息等是以明文形式传输的,考虑到AAC敏感信息的安全性,还可以采用密文形式传输上述信息。 In the above embodiment, the identity ID AAC of the AAC, the first authentication result information, etc. are transmitted in plain text. Considering the security of AAC sensitive information, the above information can also be transmitted in cipher text.
请参考图1,在一些实施例中,S102的AACVeri中还可以包括第二身份信息密文EncPub AS_AAC,所述EncPub AS_AAC是AAC利用加密证书的公钥对包括ID AAC和AAC的第二身份密钥在内的信息加密生成的,第二身份密钥包括第四密钥Nonce AACPub和第五密钥Nonce AACID。相应的,S103的ASVeri中包括第一鉴别结果信息、Sig AS_REQ1、AAC的身份标识密文、第二鉴别结果信息密文和MIC AS_AAC。其中,第一鉴别结果信息以密文形式存在(例如用所述Nonce AACPub对包括Pub AAC在内的信息加密生成的,简单的,可以为异或运算生成的即
Figure PCTCN2021140178-appb-000003
);AAC的身份标识密文是AS-AAC利用所述Nonce AACID对包括所述ID AAC在内的信息加密生成的(简单的,可以为异或运算生成的即
Figure PCTCN2021140178-appb-000004
Figure PCTCN2021140178-appb-000005
)。 Referring to FIG. 1 , in some embodiments, the AACVeri of S102 may further include the second identity information ciphertext EncPub AS_AAC , where the EncPub AS_AAC is a pair of the second identity secret including ID AAC and AAC using the public key of the encryption certificate by AAC The second identity key includes the fourth key Nonce AACPub and the fifth key Nonce AACID . Correspondingly, the ASVeri of S103 includes the first authentication result information, Sig AS_REQ1 , the ciphertext of the identity identification of AAC, the ciphertext of the second authentication result information, and MIC AS_AAC . Wherein, the first authentication result information exists in the form of cipher text (for example, the Nonce AACPub is used to encrypt and generate the information including the Pub AAC .
Figure PCTCN2021140178-appb-000003
); AAC's identity ciphertext is generated by AS-AAC using the Nonce AACID to encrypt the information including the ID AAC (simple, it can be generated for the XOR operation, i.e.
Figure PCTCN2021140178-appb-000004
Figure PCTCN2021140178-appb-000005
).
基于此,AAC在接收到S103的ASVeri后,可以根据AAC自身的身份标识ID AAC和所述第五密钥Nonce AACID对AAC的身份标识密文进行验证,具体验证包括:AAC利用所述Nonce AACID对包括AAC自身的身份标识ID AAC在内的信息加密生成AAC的身份标识密文,并将生成的AAC的身份标识密文与接收到S103的ASVeri中的AAC的身份标识密文进行一致性验证;或者,AAC利用Nonce AACID解密AAC的身份标识密文得到ID AAC,并将解密得到的ID AAC与AAC自身的身份标识ID AAC的一致性进行验证,验证通过后,再向REQ发送AACAuth。其中,S105的AACAuth中的EncData AAC的加密数据还包括所述Nonce AACPub;相应地,在REQ确定AAC的身份鉴别结果之前,REQ可以利用解密EncData AAC得到的Nonce AACPub对第一鉴别结果信息解密得到第一验证结果Res AAC,再根据第一验证结果Res AAC确定AAC的身份鉴别结果。 Based on this, after receiving the ASVeri of S103, the AAC can verify the ciphertext of the AAC's identity according to the AAC's own identity ID AAC and the fifth key Nonce AACID . The specific verification includes: AAC uses the Nonce AACID Encrypt the information including the AAC's own identity ID AAC to generate the AAC's identity ciphertext, and perform consistency verification between the generated AAC's identity ciphertext and the AAC's identity ciphertext received in the ASVeri of S103 Or, AAC uses Nonce AACID to decrypt AAC's identity ciphertext to obtain ID AAC , and verifies the consistency between the decrypted ID AAC and AAC's own identity ID AAC , and sends AACAuth to REQ after the verification is passed. Wherein, the encrypted data of the EncData AAC in the AACAuth of S105 also includes the Nonce AACPub ; Correspondingly, before REQ determines the identity authentication result of AAC, REQ can utilize the Nonce AACPub obtained by decrypting the EncData AAC to decrypt the first authentication result information and obtain The first verification result Res AAC , and then the identity authentication result of the AAC is determined according to the first verification result Res AAC .
以上实施例中,REQ与AAC使用的消息加密密钥可以是二者协商得到的也可以是预先共享的,因 此本实施例还提供一种REQ和AAC协商消息加密密钥的方法,参见图2,所述方法包括:In the above embodiment, the message encryption key used by REQ and AAC can be obtained through negotiation or shared in advance. Therefore, this embodiment also provides a method for REQ and AAC to negotiate a message encryption key, see FIG. 2 , the method includes:
S201、AAC向REQ发送密钥请求消息AACInit。S201. The AAC sends a key request message AACInit to the REQ.
所述AACInit中包括AAC的密钥交换参数KeyInfo AAC,KeyInfo AAC包括AAC的临时公钥,其中,密钥交换是指如迪菲·赫尔曼(Diffie-Hellman,简称DH)等密钥交换算法。所述AACInit中还可以包括AAC生成的第一随机数Nonce AACThe AACInit includes the key exchange parameter KeyInfo AAC of the AAC, and the KeyInfo AAC includes the temporary public key of the AAC, wherein the key exchange refers to a key exchange algorithm such as Diffie-Hellman (DH for short) . The AACInit may also include the first random number Nonce AAC generated by AAC .
所述AACInit中还可以包括Security capabilities AAC,Security capabilities AAC表示AAC支持的安全能力参数信息,包括AAC支持的身份鉴别套件(身份鉴别套件中包含一种或多种身份鉴别方法)、对称加密算法、完整性校验算法和/或密钥导出算法等,以供REQ选择使用的特定安全策略,则REQ可以根据Security capabilities AAC选择REQ使用的特定安全策略Security capabilities REQ。Security capabilities REQ表示REQ相应确定使用的身份鉴别方法、对称加密算法、完整性校验算法和/或密钥导出算法等。 The AACInit may also include Security capabilities AAC , Security capabilities AAC represents the security capability parameter information supported by AAC, including the identity authentication suite supported by AAC (the identity authentication suite includes one or more identity authentication methods), symmetric encryption algorithm, Integrity verification algorithm and/or key derivation algorithm, etc., for REQ to select and use a specific security policy, REQ can select the specific security policy Security capabilities REQ used by REQ according to Security capabilities AAC . Security capabilities REQ means that REQ determines the identity authentication method, symmetric encryption algorithm, integrity check algorithm and/or key derivation algorithm to be used accordingly.
S202、REQ根据包括REQ的密钥交换参数KeyInfo REQ对应的临时私钥和KeyInfo AAC所包括的临时公钥进行密钥交换计算生成第一密钥,根据包括所述第一密钥在内的信息利用密钥导出算法计算消息加密密钥。 S202, REQ performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter KeyInfo REQ including REQ and the temporary public key included in KeyInfo AAC to generate a first key, and according to the information including the first key The message encryption key is calculated using a key derivation algorithm.
若S201的AACInit中还包括AAC生成的Nonce AAC,则REQ可以根据包括KeyInfo REQ对应的临时私钥和KeyInfo AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合包括Nonce AAC和REQ生成的第二随机数Nonce REQ在内的信息,利用协商的或预置的密钥导出算法计算消息加密密钥。协商的密钥导出算法可以是REQ根据AAC发送的Security capabilities AAC而选择使用的密钥导出算法。其中,KeyInfo REQ是REQ产生的密钥交换参数,包括REQ的临时公钥。KeyInfo REQ对应的临时私钥是REQ产生的对应于REQ的临时公钥的临时私钥,即所述临时公钥和临时私钥是一对临时公私钥对。 If the AACInit of S201 also includes the Nonce AAC generated by the AAC , the REQ can perform the key exchange calculation according to the temporary private key corresponding to the KeyInfo REQ and the temporary public key included in the KeyInfo AAC to generate the first key K1, and combine K1 to include Information including Nonce AAC and the second random number Nonce REQ generated by REQ, use the negotiated or preset key derivation algorithm to calculate the message encryption key. The negotiated key derivation algorithm may be the key derivation algorithm selected by the REQ according to the Security capabilities AAC sent by the AAC. Among them, KeyInfo REQ is the key exchange parameter generated by REQ, including the temporary public key of REQ. The temporary private key corresponding to KeyInfo REQ is a temporary private key generated by REQ and corresponding to the temporary public key of REQ, that is, the temporary public key and the temporary private key are a pair of temporary public and private keys.
S203、REQ向AAC发送身份密文消息REQInit。S203, REQ sends an identity ciphertext message REQInit to the AAC.
所述REQInit中包括KeyInfo REQ,以便AAC根据包括KeyInfo AAC对应的临时私钥和KeyInfo REQ所包括的临时公钥在内的信息计算得到消息加密密钥。其中,KeyInfo AAC对应的临时私钥是AAC产生的对应于AAC的临时公钥的临时私钥,即所述临时公钥和临时私钥是一对临时公私钥对。 The REQInit includes KeyInfo REQ , so that AAC calculates and obtains the message encryption key according to the information including the temporary private key corresponding to KeyInfo AAC and the temporary public key included in KeyInfo REQ . The temporary private key corresponding to the KeyInfo AAC is a temporary private key generated by the AAC and corresponding to the temporary public key of the AAC, that is, the temporary public key and the temporary private key are a pair of temporary public and private keys.
所述REQInit中还可以包括Security capabilities REQ。所述REQInit中还可以包括Nonce REQ,以便AAC根据包括所述KeyInfo AAC对应的临时私钥、所述KeyInfo REQ所包括的临时公钥、所述Nonce AAC和所述Nonce REQ在内的信息计算得到该消息加密密钥。 The REQInit may also include Security capabilities REQ . The REQInit may also include the Nonce REQ , so that the AAC can be calculated according to the information including the temporary private key corresponding to the KeyInfo AAC , the temporary public key included in the KeyInfo REQ , the Nonce AAC and the Nonce REQ . The message encryption key.
所述REQInit中还可以包括Nonce AAC,进而AAC可以在计算消息加密密钥之前,对REQInit中的Nonce AAC和AAC生成的Nonce AAC的一致性进行验证,以确保AAC接收的REQInit是对AACInit的响应消息。 The REQInit may also include the Nonce AAC , and the AAC may verify the consistency of the Nonce AAC in the REQInit and the Nonce AAC generated by the AAC before calculating the message encryption key, to ensure that the REQInit received by the AAC is a response to AACInit information.
S204、AAC根据包括KeyInfo AAC对应的临时私钥和KeyInfo REQ所包括的临时公钥进行密钥交换计算生成所述第一密钥,根据包括所述第一密钥在内的信息利用所述密钥导出算法计算消息加密密钥。 S204. AAC performs key exchange calculation according to the temporary private key corresponding to the KeyInfo AAC and the temporary public key included in the KeyInfo REQ to generate the first key, and uses the encrypted key according to the information including the first key. The key derivation algorithm computes the message encryption key.
若所述REQInit中还包括所述Nonce REQ,则AAC可以根据包括所述KeyInfo AAC对应的临时私钥和所述KeyInfo REQ所包括的临时公钥进行密钥交换计算生成所述第一密钥K1,将K1结合包括所述Nonce AAC和所述Nonce REQ在内的信息,利用协商的或预置的密钥导出算法计算该消息加密密钥。其中,协商的密钥导出算法可以是AAC根据REQ发送的Security capabilities REQ而选择使用的密钥导出算法。 If the REQInit also includes the Nonce REQ , the AAC may perform key exchange calculation according to the temporary private key corresponding to the KeyInfo AAC and the temporary public key included in the KeyInfo REQ to generate the first key K1 , combine K1 with the information including the Nonce AAC and the Nonce REQ , and use the negotiated or preset key derivation algorithm to calculate the message encryption key. The negotiated key derivation algorithm may be the key derivation algorithm selected and used by the AAC according to the Security capabilities REQ sent by the REQ.
需要说明的是,在图2实施例中,REQ和AAC也可以生成消息完整性校验密钥。REQ和AAC各自生成消息完整性校验密钥的实施方式与图2实施例中示例的REQ和AAC各自生成消息加密密钥的实施方式相同。例如,AAC可以通过图2实施例的方式利用密钥导出算法导出一串密钥数据,该密钥数据既可以作为消息加密密钥又可以作为消息完整性校验密钥,或者,将该密钥数据中的一部分密钥数据作为消息加密密钥,将另一部分密钥数据作为消息完整性校验密钥;AAC也可以通过图2实施例的方式利用密钥导出算法分次导出两串相同或不同的密钥数据,一串作为消息加密密钥,一串作为消息完整性校验密钥。REQ可以通过图2实施例的方式利用密钥导出算法导出一串密钥数据,该密钥数据既可以作为消息加密密钥又可以作为消息完整性校验密钥,或者,将该密钥数据中的一部分密钥数据作为消息加密密钥,将另一部分密钥数据作为消息完整性校验密钥;REQ也可以通过图2实施例的方式利用密钥导出算法分次导出两串相同或不同的密钥数据,一串作为消息加密密钥,一串作为消息完整性校验密钥。It should be noted that, in the embodiment of FIG. 2, REQ and AAC can also generate a message integrity check key. The implementation manner in which the REQ and the AAC each generate the message integrity check key is the same as the implementation manner in which the REQ and the AAC each generate the message encryption key exemplified in the embodiment of FIG. 2 . For example, AAC can use the key derivation algorithm to derive a string of key data in the manner of the embodiment in FIG. 2, and the key data can be used as both a message encryption key and a message integrity check key, or, the key data can be used as a message encryption key and a message integrity check key. A part of the key data in the key data is used as the message encryption key, and the other part of the key data is used as the message integrity check key; AAC can also use the key derivation algorithm to derive two strings of the same value in stages by using the key derivation algorithm in the embodiment of FIG. 2 Or different key data, one string is used as the message encryption key, and the other string is used as the message integrity check key. REQ can use the key derivation algorithm to derive a string of key data in the manner of the embodiment of FIG. 2, and the key data can be used as both a message encryption key and a message integrity check key, or the key data can be used as A part of the key data is used as the message encryption key, and the other part of the key data is used as the message integrity check key; The key data, one string is used as the message encryption key, and the other string is used as the message integrity check key.
本申请实施例还提供了利用AAC和REQ之间信息交互来确定本次鉴别过程所使用的第一鉴别服务器和/或第二鉴别服务器的方法:The embodiment of the present application also provides a method for determining the first authentication server and/or the second authentication server used in this authentication process by utilizing the information exchange between the AAC and the REQ:
请参考图2,AAC在S201的AACInit中添加AAC信任的至少一个鉴别服务器的身份标识ID AS_AAC,则REQ可以根据所述ID AS_AAC确定自身信任的至少一个鉴别服务器的身份标识ID AS_REQ。具体实现时,REQ从ID AS_AAC中选取至少一个鉴别服务器且是自身信任的鉴别服务器的身份标识作为ID AS_REQ,若 选取失败,则REQ将自身信任的至少一个鉴别服务器的身份标识作为ID AS_REQ(其中,选取成功对应非漫游情况,选取失败对应漫游情况),将该ID AS_REQ添加至S203的REQInit中发送给AAC。进而,AAC可以根据ID AS_AAC和ID AS_REQ确定第一鉴别服务器,例如AAC可以判断ID AS_REQ和ID AS_AAC中是否存在至少一个相同的鉴别服务器的身份标识,若存在,即为非漫游情况,AAC从上述至少一个REQ和AAC共同信任的鉴别服务器的身份标识中,确定参与身份鉴别的第一鉴别服务器;若不存在,则为漫游情况,AAC需要根据ID AS_AAC确定参与身份鉴别的第一鉴别服务器AS-AAC,并将ID AS_REQ发送给AS-AAC,以便AS-AAC根据ID AS_REQ确定第二鉴别服务器AS-REQ。 Referring to FIG. 2 , AAC adds the identity ID AS_AAC of at least one authentication server trusted by AAC in AACInit of S201, then REQ can determine the identity ID AS_REQ of at least one authentication server trusted by itself according to the ID AS_AAC . When specifically implemented, REQ selects at least one identification server from ID AS_AAC and is the identification of the identification server trusted by itself as ID AS_REQ , if the selection fails, then REQ uses the identification of at least one identification server trusted by itself as ID AS_REQ (wherein , select the success corresponding to the non-roaming situation, and select the failure corresponding to the roaming situation), add the ID AS_REQ to the REQInit of S203 and send it to the AAC. Further, AAC can determine the first authentication server according to ID AS_AAC and ID AS_REQ . For example, AAC can determine whether there is at least one identical authentication server identity in ID AS_REQ and ID AS_AAC . If there is, it is a non-roaming situation. In the identification of at least one authentication server mutually trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication server AS-AAC participating in identity authentication according to ID AS_AAC . AAC, and sends the ID AS_REQ to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID AS_REQ .
作为另一种实现方式,AAC可以不必向REQ发送ID AS_AAC,而由REQ将自身信任的至少一个鉴别服务器的身份标识ID AS_REQ添加至S203的REQInit中发送给AAC。根据ID AS_REQ和AAC自身信任的至少一个鉴别服务器的身份标识ID AS_AAC确定参与身份鉴别的第一鉴别服务器和/或第二鉴别服务器的具体实现方式如前一种实施方式。 As another implementation manner, the AAC may not need to send the ID AS_AAC to the REQ, but the REQ adds the ID AS_REQ of at least one authentication server trusted by itself to the REQInit of S203 and sends it to the AAC. The specific implementation of determining the first authentication server and/or the second authentication server participating in the identity authentication according to the ID AS_REQ and the identity ID AS_AAC of at least one authentication server trusted by the AAC itself is as in the previous embodiment.
由于REQ和AAC信任的鉴别服务器可以相同也可以不同,当REQ和AAC信任的鉴别服务器相同时,即为非漫游情况;当REQ和AAC信任的鉴别服务器不同时,即为漫游的情况。下面结合非漫游和漫游的应用场景,对本申请实施例提供的身份鉴别方法进行介绍:(一)非漫游情况下,REQ身份保护的身份鉴别方法;(二)非漫游情况下,REQ和AAC身份保护的身份鉴别方法;(三)漫游情况下,REQ身份保护的身份鉴别方法;(四)漫游情况下,REQ和AAC身份保护的身份鉴别方法。Since the authentication servers trusted by REQ and AAC can be the same or different, when the authentication servers trusted by REQ and AAC are the same, it is a non-roaming situation; when the authentication servers trusted by REQ and AAC are different, it is a roaming situation. In the following, the identity authentication method provided by the embodiment of the present application will be introduced in combination with the application scenarios of non-roaming and roaming: (1) in the case of non-roaming, the identity authentication method of REQ identity protection; (2) in the case of non-roaming, the identity authentication method of REQ and AAC (3) In the case of roaming, the identity authentication method of REQ identity protection; (4) In the case of roaming, the identity authentication method of REQ and AAC identity protection.
参见图3,为上述(一)情况下一种身份鉴别方法的实施例。其中,可以用AS-AAC表示(当然也可以用AS-REQ表示)REQ和AAC共同信任的鉴别服务器。在该实施例中,REQ和AAC之间的消息加密密钥协商过程被并行地融合到了身份鉴别过程中,更便于工程实施。该身份鉴别方法包括:Referring to FIG. 3, it is an embodiment of an identity authentication method in the above-mentioned (1) case. Among them, AS-AAC can be used to represent (of course, AS-REQ can also be used to represent) an authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation. The identification method includes:
S301、AAC生成Nonce AAC和KeyInfo AAC,根据需要生成Security capabilites AACS301, AAC generates Nonce AAC and KeyInfo AAC , and generates Security capabilites AAC as required.
S302、AAC向REQ发送密钥请求消息AACInit。S302. The AAC sends a key request message AACInit to the REQ.
所述AACInit中包括Nonce AAC、KeyInfo AAC和Security capabilites AAC。其中,Security capabilites AAC为可选字段,表示AAC支持的安全能力参数信息,包括AAC支持的身份鉴别套件、对称加密算法和/或密钥导出算法等(下文同)。 The AACInit includes Nonce AAC , KeyInfo AAC and Security capabilites AAC . Among them, Security capabilites AAC is an optional field, indicating the security capability parameter information supported by AAC, including the identity authentication suite, symmetric encryption algorithm and/or key derivation algorithm supported by AAC (the same below).
S303、REQ接收到AACInit后,执行下述操作(若无特别说明或逻辑上的关系,本文中以(1)、(2)……编号的动作并不因为有编号而存在必然的先后顺序,全文同),包括:S303. After REQ receives AACInit, perform the following operations (if there is no special description or logical relationship, the actions numbered in (1), (2)... The same as the full text), including:
(1)、生成Nonce REQ和KeyInfo REQ(1), generate Nonce REQ and KeyInfo REQ ;
(2)、根据需要生成Security capabilities REQ(2), generate Security capabilities REQ as needed;
(3)、根据包括KeyInfo REQ对应的临时私钥和KeyInfo AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合Nonce AAC、Nonce REQ及其他信息(REQ和AAC采用的其他信息是相同的且可选的,譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥;这一步可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行; (3), according to including the temporary private key corresponding to KeyInfo REQ and the temporary public key included in KeyInfo AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce AAC , Nonce REQ and other information (REQ and AAC adopt other information is the same and optional, such as a specific string, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; this step can be moved to the subsequent need Execute when the message encryption key and the message integrity check key are used;
(4)、生成Nonce REQID和Nonce REQPub(4), generate Nonce REQID and Nonce REQPub ;
(5)、利用加密证书的公钥计算EncPub AS_REQ(5), utilize the public key of encryption certificate to calculate EncPub AS_REQ ;
(6)、计算REQ的数字签名Sig REQ(6), calculate the digital signature Sig REQ of REQ .
S304、REQ向AAC发送身份密文消息REQInit。S304, REQ sends an identity ciphertext message REQInit to the AAC.
所述REQInit中包括Nonce AAC、Nonce REQ、Security capabilities REQ、KeyInfo REQ、EncPub AS_REQ及Sig REQ。其中,Sig REQ的签名数据包括REQInit中Sig REQ之前的其他字段,例如包括Nonce AAC、Nonce REQ、Security capabilities REQ、KeyInfo REQ及EncPub AS_REQ;Nonce AAC应等于AACInit中的相应字段;EncPub AS_REQ的加密数据包括ID REQ、Cert REQ、Nonce REQID和Nonce REQPub;Security capabilities REQ为可选字段,REQ是否生成Security capabilities REQ取决于AAC向REQ发送的AACInit中是否携带Security capabilities AAC。Security capabilities REQ表示REQ根据Security capabilites AAC作出的特定安全策略的选择,即REQ确定使用的身份鉴别方法、对称加密算法和/或密钥导出算法等(下文同)。 The REQInit includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , EncPub AS_REQ and Sig REQ . Among them, the signature data of Sig REQ includes other fields before Sig REQ in REQInit, such as including Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ and EncPub AS_REQ ; Nonce AAC should be equal to the corresponding field in AACInit; encrypted data of EncPub AS_REQ Including ID REQ , Cert REQ , Nonce REQID and Nonce REQPub ; Security capabilities REQ is an optional field, whether REQ generates Security capabilities REQ depends on whether the AACInit sent by AAC to REQ carries Security capabilities AAC . Security capabilities REQ represents the selection of a specific security policy made by REQ according to the Security capabilites AAC , that is, the identity authentication method, symmetric encryption algorithm and/or key derivation algorithm, etc. determined by REQ (the same below).
S305、AAC接收到REQInit,执行下述操作,包括:S305, AAC receives REQInit, and performs the following operations, including:
(1)、检查REQInit中的Nonce AAC与AAC生成的Nonce AAC是否一致,若不一致,则丢弃REQInit; (1) Check whether the Nonce AAC in REQInit is consistent with the Nonce AAC generated by AAC , if not, discard REQInit;
(2)、根据包括所述KeyInfo AAC对应的临时私钥和所述KeyInfo REQ所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合Nonce AAC、Nonce REQ及其他信息(AAC和REQ采用的其他信息是相同的且可选的,譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥;当然,这一步也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行。 (2), according to including the temporary private key corresponding to the KeyInfo AAC and the temporary public key included in the KeyInfo REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce AAC , Nonce REQ and other information ( Other information used by AAC and REQ is the same and optional, such as specific strings, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step It can also be moved to the execution when the message encryption key and the message integrity check key need to be used later.
(3)、计算生成MIC AAC(3), calculate and generate MIC AAC .
S306、AAC向AS-AAC发送第一鉴别请求消息AACVeri。S306. The AAC sends a first authentication request message AACVeri to the AS-AAC.
所述AACVeri中包括EncPub AS_REQ、Nonce REQ、ID AAC、Nonce AAC及MIC AAC。其中,EncPub AS_REQ、Nonce REQ应分别等于REQInit中的相应字段;ID AAC、Nonce AAC是AAC的身份标识ID AAC和AAC产生 的Nonce AAC;MIC AAC是AAC利用与AS-AAC的预共享密钥K AAC_AS,采用与AS-AAC约定的杂凑算法对AACVeri中MIC AAC之前的其他字段在内的信息计算得到的杂凑值。例如,当AACVeri中依次包括EncPub AS_REQ、Nonce REQ、ID AAC、Nonce AAC及MIC AAC时,AAC利用所述K AAC_AS,采用所述杂凑算法对包括EncPub AS_REQ、Nonce REQ、ID AAC和Nonce AAC在内的信息计算得到MIC AACThe AACVeri includes EncPub AS_REQ , Nonce REQ , ID AAC , Nonce AAC and MIC AAC . Wherein, EncPub AS_REQ , Nonce REQ should be equal to the corresponding field in REQInit respectively; ID AAC , Nonce AAC are the Nonce AAC that the ID AAC of AAC and AAC produce; MIC AAC is that AAC utilizes the pre-shared key K with AS-AAC AAC_AS , the hash value obtained by using the hash algorithm agreed with AS-AAC to calculate the information including other fields before the MIC AAC in AACVeri. For example, when AACVeri includes EncPub AS_REQ , Nonce REQ , ID AAC , Nonce AAC and MIC AAC in sequence, AAC uses the K AAC_AS and adopts the hash algorithm to include EncPub AS_REQ , Nonce REQ , ID AAC and Nonce AAC The information is calculated to obtain MIC AAC .
S307、AS-AAC接收到AACVeri后,执行下述操作,包括:S307. After receiving the AACVeri, AS-AAC performs the following operations, including:
(1)、验证MIC AAC得到Res AAC,根据包括Res AAC和ID AAC在内的信息生成Pub AAC(1), verify that MIC AAC obtains Res AAC , and generate Pub AAC according to the information including Res AAC and ID AAC ;
其中,AS-AAC根据AACVeri中的ID AAC确定与AAC的预共享密钥K AAC_AS和杂凑算法,利用所述K AAC_AS,采用所述杂凑算法对AACVeri中MIC AAC之前的其他字段在本地计算出MIC AAC,并将其和接收到的MIC AAC进行比较,若相同,则MIC AAC验证通过,AS-AAC判定AAC的身份鉴别结果为合法,若不同,则MIC AAC验证不通过,AS-AAC根据本地策略执行如下操作,包括:丢弃AACVeri,或者判定AAC的身份鉴别结果为不合法等。 Wherein, AS-AAC determines the pre-shared key K AAC_AS with AAC and a hash algorithm according to the ID AAC in AACVeri, uses the K AAC_AS and uses the hash algorithm to locally calculate the MIC for other fields before the MIC AAC in AACVeri AAC , and compare it with the received MIC AAC . If the same, the MIC AAC verification is passed, and AS-AAC determines that the AAC's identity authentication result is legal. If it is different, the MIC AAC verification fails. The policy performs the following operations, including: discarding the AACVeri, or determining that the identity authentication result of the AAC is invalid, etc.
(2)、利用加密证书对应的私钥解密EncPub AS_REQ得到ID REQ、Cert REQ、Nonce REQID和Nonce REQPub,验证Cert REQ的合法性得到Res REQ,根据包括Res REQ和Cert REQ在内的信息生成Pub REQ(2) Decrypt EncPub AS_REQ with the private key corresponding to the encrypted certificate to obtain ID REQ , Cert REQ , Nonce REQID and Nonce REQPub , verify the legitimacy of Cert REQ to obtain Res REQ , and generate Pub according to the information including Res REQ and Cert REQ REQ ;
(3)、利用Nonce REQID对ID REQ进行异或运算得到
Figure PCTCN2021140178-appb-000006
利用Nonce REQPub对Pub REQ进行异或运算得到
Figure PCTCN2021140178-appb-000007
(3), use Nonce REQID to perform XOR operation on ID REQ to get
Figure PCTCN2021140178-appb-000006
Using Nonce REQPub to XOR the Pub REQ to get
Figure PCTCN2021140178-appb-000007
(4)、计算第一数字签名Sig AS_AAC1,计算AS-AAC的第一消息鉴别码MIC AS_AAC(4) Calculate the first digital signature Sig AS_AAC1 , and calculate the first message authentication code MIC AS_AAC of the AS-AAC.
S308、AS-AAC向AAC发送第一鉴别响应消息ASVeri。S308, the AS-AAC sends the first authentication response message ASVeri to the AAC.
所述ASVeri中包括
Figure PCTCN2021140178-appb-000008
Nonce REQ、Pub AAC、Sig AS_AAC1、ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000009
Figure PCTCN2021140178-appb-000010
及MIC AS_AAC。其中,ID REQ、Nonce REQ、ID AAC、Nonce AAC应分别等于AACVeri中的相应字段;Sig AS_AAC1的签名数据包括
Figure PCTCN2021140178-appb-000011
Nonce REQ、Pub AAC;MIC AS_AAC是AS-AAC利用所述K AAC_AS,采用与AAC约定的杂凑算法对包括ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000012
在内的信息计算生成的。 The ASVeri includes
Figure PCTCN2021140178-appb-000008
Nonce REQ , Pub AAC , Sig AS_AAC1 , ID AAC , Nonce AAC ,
Figure PCTCN2021140178-appb-000009
Figure PCTCN2021140178-appb-000010
and MIC AS_AAC . Among them, ID REQ , Nonce REQ , ID AAC , and Nonce AAC should be equal to the corresponding fields in AACVeri respectively; the signature data of Sig AS_AAC1 includes
Figure PCTCN2021140178-appb-000011
Nonce REQ , Pub AAC ; MIC AS_AAC is that AS-AAC utilizes the K AAC_AS , adopts the hash algorithm agreed with the AAC pair including ID AAC , Nonce AAC and
Figure PCTCN2021140178-appb-000012
generated by the calculation of the information included.
S309、AAC接收到ASVeri后,执行下述操作,包括:S309. After AAC receives ASVeri, it performs the following operations, including:
(1)、检查ASVeri中的ID AAC、Nonce AAC是否分别与AAC自身的身份标识ID AAC、AAC生成的Nonce AAC相同;若不同,则丢弃ASVeri; (1), check whether ID AAC and Nonce AAC in AVSeri are the same as AAC's own identity ID AAC and Nonce AAC generated by AAC, respectively; if they are different, discard ASVeri;
(2)、验证MIC AS_AAC;若验证不通过,则丢弃ASVeri; (2), verify the MIC AS_AAC ; if the verification fails, discard the ASVeri;
其中,AAC利用所述K AAC_AS,采用与AS-AAC约定的杂凑算法对包括ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000013
Figure PCTCN2021140178-appb-000014
在内的信息在本地计算出MIC AS_AAC,并将其与接收到的MIC AS_AAC进行比较,若相同,则MIC AS_AAC验证通过,若不同,则MIC AS_AAC验证不通过。 Wherein, AAC utilizes the K AAC_AS , adopts the hash algorithm agreed with AS-AAC to include ID AAC , Nonce AAC and
Figure PCTCN2021140178-appb-000013
Figure PCTCN2021140178-appb-000014
The MIC AS_AAC is calculated locally and compared with the received MIC AS_AAC . If they are the same, the MIC AS_AAC verification is passed. If they are different, the MIC AS_AAC verification fails.
(3)、利用消息加密密钥计算身份鉴别结果信息密文EncData AAC(3), utilize the message encryption key to calculate the identity authentication result information ciphertext EncData AAC ;
(4)、计算第一消息完整性校验码MacTag AAC(4) Calculate the first message integrity check code MacTag AAC .
S310、AAC向REQ发送第三鉴别响应消息AACAuth。S310. AAC sends a third authentication response message AACAuth to REQ.
所述AACAuth中包括Nonce AAC、Nonce REQ、EncData AAC和MacTag AAC。其中,Nonce REQ和Nonce AAC为可选字段,且分别等于REQInit中的Nonce REQ和AAC生成的Nonce AAC。EncData AAC的加密数据包括
Figure PCTCN2021140178-appb-000015
Nonce REQ、Pub AAC、Sig AS_AAC1和ID AAC,且
Figure PCTCN2021140178-appb-000016
Nonce REQ、Pub AAC、Sig AS_AAC1来源于ASVeri,ID AAC应等于AAC自身的身份标识ID AAC。MacTag AAC的计算过程为:利用消息完整性校验密钥采用完整性校验算法对包括AACAuth中除MacTag AAC外的其他字段在内的信息计算生成MacTag AACThe AACAuth includes Nonce AAC , Nonce REQ , EncData AAC and MacTag AAC . Among them, Nonce REQ and Nonce AAC are optional fields and are respectively equal to Nonce REQ and Nonce AAC generated by AAC in REQInit. EncData AAC 's encrypted data includes
Figure PCTCN2021140178-appb-000015
Nonce REQ , Pub AAC , Sig AS_AAC1 and ID AAC , and
Figure PCTCN2021140178-appb-000016
Nonce REQ , Pub AAC , Sig AS_AAC1 are derived from ASVeri, and ID AAC should be equal to AAC's own identity ID AAC . The calculation process of the MacTag AAC is as follows: using the message integrity check key and the integrity check algorithm to calculate and generate the MacTag AAC for the information including other fields in AACAuth except the MacTag AAC .
S311、REQ接收到AACAuth后,执行下述操作,包括:S311. After receiving the AACAuth, REQ performs the following operations, including:
(1)、若AACAuth中携带Nonce REQ和/或Nonce AAC,则检查Nonce REQ是否与REQ生成的Nonce REQ相同,和/或,检查Nonce AAC是否与AACInit中的Nonce AAC相同; (1) If AACAuth carries Nonce REQ and/or Nonce AAC , check whether the Nonce REQ is the same as the Nonce REQ generated by REQ, and/or, check whether the Nonce AAC is the same as the Nonce AAC in AACInit;
(2)、验证MacTag AAC(2), verify MacTag AAC ;
验证过程为:利用消息完整性校验密钥采用完整性校验算法对包括AACAuth中除MacTag AAC外的其他字段在内的信息在本地计算MacTag AAC(该计算方式与AAC计算MacTag AAC的方式相同),将计算的MacTag AAC与接收到的MacTag AAC比较。 The verification process is: use the message integrity check key and use the integrity check algorithm to calculate the MacTag AAC locally for the information including the other fields in AACAuth except the MacTag AAC ( this calculation method is the same as the way AAC calculates the MacTag AAC . ) to compare the calculated MacTag AAC with the received MacTag AAC .
(3)、利用消息加密密钥解密EncData AAC得到
Figure PCTCN2021140178-appb-000017
Nonce REQ、Pub AAC、Sig AS_AAC1和ID AAC(3), decrypt the EncData AAC using the message encryption key to obtain
Figure PCTCN2021140178-appb-000017
Nonce REQ , Pub AAC , Sig AS_AAC1 and ID AAC ;
(4)、利用Nonce REQID
Figure PCTCN2021140178-appb-000018
进行异或运算恢复ID REQ,检查ID REQ、Nonce REQ是否分别与REQ自身的身份标识ID REQ、REQ生成的Nonce REQ相同; (4), use Nonce REQID to pair
Figure PCTCN2021140178-appb-000018
Perform XOR operation to restore ID REQ , and check whether ID REQ and Nonce REQ are the same as the Nonce REQ generated by REQ's own identity ID REQ and REQ respectively;
(5)、检查Pub AAC中的ID AAC和解密得到的ID AAC是否一致; (5), check whether the ID AAC in the Pub AAC is consistent with the ID AAC obtained by decryption;
(6)、利用AS-AAC的公钥验证Sig AS_AAC1(6), utilize the public key of AS-AAC to verify Sig AS_AAC1 ;
(7)、若上述检查与验证中任一步不通过,则立即丢弃AACAuth;若上述检查和验证均通过后,根据Pub AAC中的Res AAC确定AAC的身份鉴别结果;若AAC为不合法,则结束本次鉴别过程; (7) If any one of the above checks and verifications fails, discard AACAuth immediately; if the above checks and verifications pass, determine the identity authentication result of AAC according to Res AAC in Pub AAC ; if AAC is illegal, then end the identification process;
(8)、利用消息加密密钥计算第二密钥密文EncData REQ(8), utilize the message encryption key to calculate the second key ciphertext EncData REQ ;
(9)、计算第二消息完整性校验码MacTag REQ(9) Calculate the second message integrity check code MacTag REQ .
S312、REQ向AAC发送第四鉴别响应消息REQAuth。S312. REQ sends a fourth authentication response message REQAuth to the AAC.
所述REQAuth中包括Nonce AAC、Nonce REQ、EncData REQ及MacTag REQ。其中,Nonce REQ和Nonce AAC为可选字段,且应分别等于REQ生成的Nonce REQ和AACInit中的Nonce AAC;EncData REQ的加密数据包括Nonce REQPub。MacTag REQ的计算过程为:利用消息完整性校验密钥采用完整性校验算法对包括REQAuth中除MacTag REQ外的其他字段在内的信息计算生成MacTag REQThe REQAuth includes Nonce AAC , Nonce REQ , EncData REQ and MacTag REQ . Among them, Nonce REQ and Nonce AAC are optional fields, and should be equal to Nonce REQ generated by REQ and Nonce AAC in AACInit respectively; the encrypted data of EncData REQ includes Nonce REQPub . The calculation process of the MacTag REQ is as follows: using the message integrity check key and the integrity check algorithm to calculate and generate the MacTag REQ for information including other fields in REQAuth except the MacTag REQ .
S313、AAC接收到REQAuth后,执行下述操作,包括:S313. After receiving the REQAuth, the AAC performs the following operations, including:
(1)、若REQAuth中携带Nonce REQ和/或Nonce AAC,则检查Nonce REQ是否与REQInit中的Nonce REQ相同,和/或,检查Nonce AAC是否与AAC生成的Nonce AAC相同; (1) If the Nonce REQ and/or Nonce AAC are carried in REQAuth, check whether the Nonce REQ is the same as the Nonce REQ in REQInit, and/or, check whether the Nonce AAC is the same as the Nonce AAC generated by AAC;
(2)、验证MacTag REQ(2), verify MacTag REQ ;
验证过程为:利用消息完整性校验密钥采用完整性校验算法对包括REQAuth中除MacTag REQ外的其他字段在内的信息在本地计算MacTag REQ(该计算方式与REQ计算MacTag REQ的方式相同),并将计算的MacTag REQ与接收到的MacTag REQ进行比较。 The verification process is: use the message integrity check key and use the integrity check algorithm to calculate the MacTag REQ locally for the information including other fields in REQAuth except the MacTag REQ ( this calculation method is the same as the way REQ calculates the MacTag REQ . ) and compare the calculated MacTag REQ with the received MacTag REQ .
(3)、利用消息加密密钥解密EncData REQ得到Nonce REQPub(3), utilize message encryption key to decrypt EncData REQ to obtain Nonce REQPub ;
(4)、利用Nonce REQPub
Figure PCTCN2021140178-appb-000019
进行异或运算恢复Pub REQ(4), use Nonce REQPub to pair
Figure PCTCN2021140178-appb-000019
Perform XOR operation to restore Pub REQ ;
(5)、利用Pub REQ中的Cert REQ验证Sig REQ(5), utilize the Cert REQ in the Pub REQ to verify the Sig REQ ;
(6)、上述检查及验证均通过,则根据Pub REQ中的Res REQ确定REQ的身份鉴别结果;上述检查与验证中任一项不通过,则立即丢弃REQAuth。 (6) If the above checks and verifications are all passed, the identity authentication result of REQ is determined according to Res REQ in Pub REQ ; if any of the above checks and verifications fail, REQAuth will be discarded immediately.
由此,在S311和S313分别实现对AAC和对REQ的身份鉴别,即实现REQ和AAC的双向身份鉴别,并且REQ的身份标识ID REQ、数字证书Cert REQ、鉴别结果等全程以密文形式传输,实现REQ的身份保护。 Thus, at S311 and S313, the identification of the AAC and the REQ is realized respectively, that is, the two-way identification of the REQ and the AAC is realized, and the identification ID REQ of the REQ, the digital certificate Cert REQ , the identification result, etc. are transmitted in cipher text throughout the process. , to realize the identity protection of REQ.
需要说明的是,S313中验证Sig REQ的操作也可以改为在S307中先行执行,其中,Sig REQ可以通过S306的AACVeri传递至AS-AAC,则在S307中,AS-AAC还要利用Cert REQ验证Sig REQ,验证通过后再执行后续操作,此情形下,在S313中AAC不再验证Sig REQ,此时Pub REQ中可以不包括Cert REQIt should be noted that the operation of verifying Sig REQ in S313 can also be changed to be performed first in S307, where Sig REQ can be passed to AS-AAC through AACVeri of S306, then in S307, AS-AAC also uses Cert REQ Verify the Sig REQ , and perform subsequent operations after the verification is passed. In this case, the AAC does not verify the Sig REQ in S313, and the Pub REQ may not include the Cert REQ in this case.
参见图4,为上述(二)情况下一种身份鉴别方法的实施例。其中,可以用AS-AAC表示(当然也可以用AS-REQ表示)REQ和AAC共同信任的鉴别服务器。在该实施例中,REQ和AAC之间的消息加密密钥协商过程被并行地融合到了身份鉴别过程中,更便于工程实施。该身份鉴别方法包括:Referring to FIG. 4 , it is an embodiment of an identity authentication method in the above-mentioned (2) situation. Among them, AS-AAC can be used to represent (of course, AS-REQ can also be used to represent) an authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation. The identification method includes:
S401、AAC生成Nonce AAC和KeyInfo AAC,根据需要生成Security capabilities AACS401, AAC generates Nonce AAC and KeyInfo AAC , and generates Security capabilities AAC as required.
S402、AAC向REQ发送密钥请求消息AACInit。S402. The AAC sends a key request message AACInit to the REQ.
所述AACInit中包括Nonce AAC、KeyInfo AAC和Security capabilites AAC。其中,Security capabilities AAC为可选字段。 The AACInit includes Nonce AAC , KeyInfo AAC and Security capabilites AAC . Among them, Security capabilities AAC is an optional field.
S403、REQ接收到AACInit后,执行下述操作,包括:S403. After REQ receives AACInit, the following operations are performed, including:
(1)、生成Nonce REQ和KeyInfo REQ(1), generate Nonce REQ and KeyInfo REQ ;
(2)、根据需要生成Security capabilities REQ(2), generate Security capabilities REQ as needed;
(3)、根据包括KeyInfo REQ对应的临时私钥和KeyInfo AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合Nonce AAC、Nonce REQ及其他信息(REQ和AAC采用的其他信息是相同的且可选的,譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥;当然,这一步也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行; (3), according to including the temporary private key corresponding to KeyInfo REQ and the temporary public key included in KeyInfo AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce AAC , Nonce REQ and other information (REQ and AAC adopt other information is the same and optional, such as specific strings, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step can also be moved to Execute when the message encryption key and message integrity check key need to be used later;
(4)、生成Nonce REQID和Nonce REQPub(4), generate Nonce REQID and Nonce REQPub ;
(5)、利用加密证书的公钥计算EncPub AS_REQ(5), utilize the public key of encryption certificate to calculate EncPub AS_REQ ;
(6)、计算Sig REQ(6), calculate Sig REQ .
S404、REQ向AAC发送身份密文消息REQInit。S404, REQ sends an identity ciphertext message REQInit to the AAC.
所述REQInit中包括Nonce AAC、Nonce REQ、Security capabilities REQ、KeyInfo REQ、EncPub AS_REQ及Sig REQ。其中,EncPub AS_REQ是REQ利用加密证书的公钥对包括ID REQ、Cert REQ、Nonce REQPub和Nonce REQID在内的加密数据进行加密生成的;Sig REQ的签名数据包括REQInit中Sig REQ之前的其他字段,例如包括Nonce AAC、Nonce REQ、Security capabilities REQ、KeyInfo REQ及EncPub AS_REQ;Security capabilities REQ为可选字段,REQ是否生成Security capabilities REQ取决于AAC向REQ发送的AACInit中是否携带Security capabilities AACThe REQInit includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , EncPub AS_REQ and Sig REQ . Among them, EncPub AS_REQ is generated by REQ using the public key of the encryption certificate to encrypt the encrypted data including ID REQ , Cert REQ , Nonce REQPub and Nonce REQID ; the signature data of Sig REQ includes other fields before Sig REQ in REQInit, For example, it includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , and EncPub AS_REQ ; Security capabilities REQ is an optional field, and whether REQ generates Security capabilities REQ depends on whether the AACInit sent by AAC to REQ carries Security capabilities AAC .
S405、AAC接收到REQInit后,执行如下操作,包括:S405. After receiving REQInit, the AAC performs the following operations, including:
(1)、检查REQInit中的Nonce AAC与AAC生成的Nonce AAC是否一致,若不一致,则丢弃REQInit; (1) Check whether the Nonce AAC in REQInit is consistent with the Nonce AAC generated by AAC , if not, discard REQInit;
(2)、根据包括所述KeyInfo AAC对应的临时私钥和所述KeyInfo REQ所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合Nonce AAC、Nonce REQ及其他信息(AAC和REQ采用的其他信息是 相同的且可选的,譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥;当然,这一步也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行。 (2), according to including the temporary private key corresponding to the KeyInfo AAC and the temporary public key included in the KeyInfo REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce AAC , Nonce REQ and other information ( Other information used by AAC and REQ is the same and optional, such as specific strings, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step It can also be moved to the execution when the message encryption key and the message integrity check key need to be used later.
(3)、生成Nonce AACPub和Nonce AACID(3), generate Nonce AACPub and Nonce AACID ;
(4)、利用加密证书的公钥计算生成EncPub AS_AAC(4), utilize the public key calculation of encryption certificate to generate EncPub AS_AAC ;
(5)、计算生成MIC AAC(5), calculate and generate MIC AAC .
S406、AAC向AS-AAC发送第一鉴别请求消息AACVeri。S406. The AAC sends a first authentication request message AACVeri to the AS-AAC.
所述AACVeri中包括EncPub AS_REQ、Nonce REQ、EncPub AS_AAC、Nonce AAC及MIC AAC。其中,Nonce REQ应等于REQInit中的相应字段,Nonce AAC应等于AAC生成的Nonce AAC。EncPub AS_AAC是AAC利用加密证书的公钥对包括ID AAC、Nonce AACID、Nonce AACPub在内的信息加密生成的;MIC AAC是AAC利用与AS-AAC的预共享密钥K AAC_AS,采用与AS-AAC约定的杂凑算法对AACVeri中MIC AAC之前的其他字段计算的杂凑值。 The AACVeri includes EncPub AS_REQ , Nonce REQ , EncPub AS_AAC , Nonce AAC and MIC AAC . Among them, Nonce REQ shall be equal to the corresponding field in REQInit, and Nonce AAC shall be equal to Nonce AAC generated by AAC . EncPub AS_AAC is generated by AAC using the public key of the encryption certificate to encrypt information including ID AAC , Nonce AACID , Nonce AACPub ; MIC AAC is AAC using the pre-shared key K AAC_AS with AS-AAC, using the same as AS-AAC The hash value calculated by the agreed hash algorithm for other fields before the MIC AAC in AACVeri.
S407、AS-AAC接收到AACVeri后,执行下述操作,包括:S407. After receiving the AACVeri, AS-AAC performs the following operations, including:
(1)、利用加密证书对应的私钥解密EncPub AS_AAC得到ID AAC、Nonce AACID和Nonce AACPub(1), decrypt EncPub AS_AAC with the private key corresponding to the encryption certificate to obtain ID AAC , Nonce AACID and Nonce AACPub ;
(2)、验证MIC AAC得到Res AAC,根据包括Res AAC和ID AAC在内的信息生成Pub AAC(2), verify that MIC AAC obtains Res AAC , and generate Pub AAC according to the information including Res AAC and ID AAC ;
其中,AS-AAC根据ID AAC确定与AAC的预共享密钥K AAC_AS和杂凑算法,利用所述K AAC_AS,采用所述杂凑算法对所述AACVeri中MIC AAC之前的其他字段在本地计算出MIC AAC,并将其和接收到的MIC AAC进行比较,若相同,则MIC AAC验证通过,AS-AAC判定AAC的身份鉴别结果为合法,若不同,则MIC AAC验证不通过,AS-AAC根据本地策略执行如下操作,包括:丢弃AACVeri,或者判定AAC的身份鉴别结果为不合法等。 Wherein, AS-AAC determines the pre-shared key K AAC_AS with AAC and a hash algorithm according to ID AAC , and uses the K AAC_AS to calculate the MIC AAC locally for other fields before the MIC AAC in the AACVeri by using the hash algorithm , and compare it with the received MIC AAC . If they are the same, the MIC AAC verification is passed, and AS-AAC determines that the AAC's identity authentication result is legal. If they are different, the MIC AAC verification fails. Perform the following operations, including: discarding the AACVeri, or determining that the identity authentication result of the AAC is invalid, etc.
(3)、利用加密证书对应的私钥解密EncPub AS_REQ得到ID REQ、Cert REQ、Nonce REQID和Nonce REQPub(3), decrypt EncPub AS_REQ with the private key corresponding to the encryption certificate to obtain ID REQ , Cert REQ , Nonce REQID and Nonce REQPub ;
(4)、验证Cert REQ的合法性得到Res REQ,根据包括Res REQ和Cert REQ在内的信息生成Pub REQ(4), verify the legitimacy of Cert REQ to obtain Res REQ , and generate Pub REQ according to the information including Res REQ and Cert REQ ;
(5)、利用Nonce REQID对ID REQ进行异或运算得到REQ的身份标识密文
Figure PCTCN2021140178-appb-000020
利用Nonce AACID对ID AAC进行异或运算得到AAC的身份标识密文
Figure PCTCN2021140178-appb-000021
利用Nonce AACPub对Pub AAC进行异或运算得到
Figure PCTCN2021140178-appb-000022
利用Nonce REQPub对Pub REQ进行异或运算得到
Figure PCTCN2021140178-appb-000023
Figure PCTCN2021140178-appb-000024
(5), use Nonce REQID to perform XOR operation on ID REQ to obtain the identity ciphertext of REQ
Figure PCTCN2021140178-appb-000020
Using Nonce AACID to XOR the ID AAC to get the ciphertext of the AAC's identity
Figure PCTCN2021140178-appb-000021
Using Nonce AACPub to XOR Pub AAC to get
Figure PCTCN2021140178-appb-000022
Using Nonce REQPub to XOR the Pub REQ to get
Figure PCTCN2021140178-appb-000023
Figure PCTCN2021140178-appb-000024
(6)、计算第一数字签名Sig AS_AAC1和AS-AAC的第一消息鉴别码MIC AS_AAC(6) Calculate the first digital signature Sig AS_AAC1 and the first message authentication code MIC AS_AAC of AS-AAC.
S408、AS-AAC向AAC发送第一鉴别响应消息ASVeri。S408, the AS-AAC sends the first authentication response message ASVeri to the AAC.
所述ASVeri中包括
Figure PCTCN2021140178-appb-000025
Nonce REQ
Figure PCTCN2021140178-appb-000026
Sig AS_AAC1
Figure PCTCN2021140178-appb-000027
Figure PCTCN2021140178-appb-000028
Nonce AAC
Figure PCTCN2021140178-appb-000029
和MIC AS_AAC。其中,ID REQ、Nonce REQ、ID AAC、Nonce AAC应分别等于AACVeri中的相应字段。Sig AS_AAC1的签名数据包括
Figure PCTCN2021140178-appb-000030
Nonce REQ
Figure PCTCN2021140178-appb-000031
Figure PCTCN2021140178-appb-000032
MIC AS_AAC是AS-AAC利用所述K AAC_AS,采用与AAC约定的杂凑算法对包括
Figure PCTCN2021140178-appb-000033
Figure PCTCN2021140178-appb-000034
Nonce AAC
Figure PCTCN2021140178-appb-000035
在内的信息计算生成的。 The ASVeri includes
Figure PCTCN2021140178-appb-000025
Nonce REQ ,
Figure PCTCN2021140178-appb-000026
Sig AS_AAC1 ,
Figure PCTCN2021140178-appb-000027
Figure PCTCN2021140178-appb-000028
Nonce AAC ,
Figure PCTCN2021140178-appb-000029
and MIC AS_AAC . Among them, ID REQ , Nonce REQ , ID AAC , and Nonce AAC should be respectively equal to the corresponding fields in AACVeri. The signature data of Sig AS_AAC1 includes
Figure PCTCN2021140178-appb-000030
Nonce REQ and
Figure PCTCN2021140178-appb-000031
Figure PCTCN2021140178-appb-000032
MIC AS_AAC is an AS-AAC utilizing the K AAC_AS , using the hash algorithm agreed with AAC on pairs including
Figure PCTCN2021140178-appb-000033
Figure PCTCN2021140178-appb-000034
Nonce AAC and
Figure PCTCN2021140178-appb-000035
generated by the calculation of the information included.
S409、AAC接收到ASVeri后,执行下述操作,包括:S409. After AAC receives ASVeri, it performs the following operations, including:
(1)、利用Nonce AACID
Figure PCTCN2021140178-appb-000036
进行异或运算恢复ID AAC查ID AAC、Nonce AAC是否分别与AAC自身的身份标识ID AAC、AAC生成的Nonce AAC相同;若不同,则丢弃ASVeri; (1), using Nonce AACID pair
Figure PCTCN2021140178-appb-000036
Perform XOR operation to restore ID AAC , check whether ID AAC and Nonce AAC are the same as AAC's own identity ID AAC and Nonce AAC generated by AAC respectively; if they are different, discard ASVeri;
(2)、验证MIC AS_AAC;若验证不通过,则丢弃ASVeri; (2), verify the MIC AS_AAC ; if the verification fails, discard the ASVeri;
其中,AAC利用所述K AAC_AS,采用与AS-AAC约定的杂凑算法对包括
Figure PCTCN2021140178-appb-000037
Nonce AAC
Figure PCTCN2021140178-appb-000038
在内的信息在本地计算出MIC AS_AAC,并将其与接收到的MIC AS_AAC进行比较,若相同,则MIC AS_AAC验证通过,若不同,则MIC AS_AAC验证不通过; Wherein, AAC utilizes the K AAC_AS and adopts the hash algorithm agreed with AS-AAC to include
Figure PCTCN2021140178-appb-000037
Nonce AAC and
Figure PCTCN2021140178-appb-000038
The MIC AS_AAC is calculated locally with the information included, and it is compared with the received MIC AS_AAC . If it is the same, the MIC AS_AAC verification is passed, and if it is different, the MIC AS_AAC verification fails;
(3)、利用消息加密密钥计算生成EncData AAC(3), utilize message encryption key to calculate and generate EncData AAC ;
(4)、计算生成MacTag AAC(4), calculate and generate MacTag AAC .
S410、AAC向REQ发送第三鉴别响应消息AACAuth。S410. AAC sends a third authentication response message AACAuth to REQ.
所述AACAuth中包括Nonce AAC、Nonce REQ、EncData AAC和MacTag AAC。其中,Nonce REQ和Nonce AAC为可选字段,且应分别等于REQInit中Nonce REQ、AAC生成的Nonce AAC。EncData AAC的加密数据包括
Figure PCTCN2021140178-appb-000039
Nonce REQ
Figure PCTCN2021140178-appb-000040
Sig AS_AAC1、Nonce AACPub和ID AAC,其中,
Figure PCTCN2021140178-appb-000041
Figure PCTCN2021140178-appb-000042
Nonce REQ
Figure PCTCN2021140178-appb-000043
Sig AS_AAC1来源于ASVeri;MacTag AAC的计算过程如图3实施例中相关描述。 The AACAuth includes Nonce AAC , Nonce REQ , EncData AAC and MacTag AAC . Among them, Nonce REQ and Nonce AAC are optional fields, and should be equal to Nonce REQ and Nonce AAC generated by AAC in REQInit respectively. EncData AAC 's encrypted data includes
Figure PCTCN2021140178-appb-000039
Nonce REQ ,
Figure PCTCN2021140178-appb-000040
Sig AS_AAC1 , Nonce AACPub and ID AAC , where,
Figure PCTCN2021140178-appb-000041
Figure PCTCN2021140178-appb-000042
Nonce REQ ,
Figure PCTCN2021140178-appb-000043
Sig AS_AAC1 is derived from ASVeri; the calculation process of MacTag AAC is described in the embodiment of FIG. 3 .
S411、REQ接收到AACAuth后,执行下述操作,包括:S411. After receiving the AACAuth, REQ performs the following operations, including:
(1)、若AACAuth中存在Nonce REQ和/或Nonce AAC,则检查Nonce REQ是否与REQ生成的Nonce REQ相同,和/或,检查Nonce AAC是否与AACInit中的Nonce AAC相同; (1) If there is Nonce REQ and/or Nonce AAC in AACAuth, check whether the Nonce REQ is the same as the Nonce REQ generated by REQ, and/or, check whether the Nonce AAC is the same as the Nonce AAC in AACInit;
(2)、验证MacTag AAC;验证过程如图3实施例中相关描述; (2), verify MacTag AAC ; The verification process is described in the relevant description in the embodiment of Fig. 3;
(3)、利用消息加密密钥解密EncData AAC得到
Figure PCTCN2021140178-appb-000044
Nonce REQ
Figure PCTCN2021140178-appb-000045
Sig AS_AAC1、Nonce AACPub和ID AAC(3), decrypt the EncData AAC using the message encryption key to obtain
Figure PCTCN2021140178-appb-000044
Nonce REQ ,
Figure PCTCN2021140178-appb-000045
Sig AS_AAC1 , Nonce AACPub and ID AAC ;
(4)、利用Nonce REQID
Figure PCTCN2021140178-appb-000046
进行异或运算恢复ID REQ,利用Nonce AACPub
Figure PCTCN2021140178-appb-000047
Figure PCTCN2021140178-appb-000048
进行异或运算恢复Pub AAC(4), use Nonce REQID to pair
Figure PCTCN2021140178-appb-000046
Perform XOR operation to restore ID REQ , use Nonce AACPub to pair
Figure PCTCN2021140178-appb-000047
Figure PCTCN2021140178-appb-000048
Perform XOR operation to restore Pub AAC ;
(5)、检查ID REQ、Nonce REQ是否分别与REQ自身的身份标识ID REQ、REQ生成的Nonce REQ是否相同; (5), check whether ID REQ and Nonce REQ are the same as the Nonce REQ generated by REQ's own identity ID REQ and REQ respectively;
(6)、检查Pub AAC中的ID AAC是否与解密得到的ID AAC一致; (6), check whether the ID AAC in the Pub AAC is consistent with the ID AAC obtained by decryption;
(7)、利用AS-AAC的公钥验证Sig AS_AAC1(7), utilize the public key of AS-AAC to verify Sig AS_AAC1 ;
(8)、若上述检查与验证中任一步不通过,则立即丢弃AACAuth;若上述检查和验证均通过后,根据Pub AAC中的Res AAC确定AAC的身份鉴别结果;若确定AAC为不合法,则结束本次鉴别过程; (8) If any one of the above checks and verifications fails, discard AACAuth immediately; if the above checks and verifications pass, determine the identity authentication result of AAC according to Res AAC in Pub AAC ; if it is determined that AAC is illegal, then end the identification process;
(9)、利用消息加密密钥计算生成EncData REQ(9), utilize message encryption key to calculate and generate EncData REQ ;
(10)、计算生成MacTag REQ(10), calculate and generate MacTag REQ .
S412、REQ向AAC发送第四鉴别响应消息REQAuth。S412. REQ sends a fourth authentication response message REQAuth to the AAC.
所述REQAuth中包括Nonce AAC、Nonce REQ、EncData REQ和MacTag REQ。其中,Nonce REQ和Nonce AAC为可选字段,且应分别等于REQ生成的Nonce REQ、AACInit中的Nonce AAC。EncData REQ的加密数据包括Nonce REQPub。MacTag REQ的计算过程如图3实施例中相关描述。 The REQAuth includes Nonce AAC , Nonce REQ , EncData REQ and MacTag REQ . Among them, Nonce REQ and Nonce AAC are optional fields, and should be equal to Nonce REQ generated by REQ and Nonce AAC in AACInit respectively. EncData REQ 's encrypted data includes Nonce REQPub . The calculation process of MacTag REQ is described in relation to the embodiment of FIG. 3 .
S413、AAC接收到REQAuth后,执行下述操作,包括:S413. After receiving REQAuth, AAC performs the following operations, including:
(1)、若REQAuth中携带Nonce AAC和/或Nonce REQ,则检查Nonce AAC和AAC生成的Nonce AAC是否相同,和/或,检查Nonce REQ是否与REQInit中的Nonce REQ相同; (1) If REQAuth carries Nonce AAC and/or Nonce REQ , check whether Nonce AAC and Nonce AAC generated by AAC are the same, and/or, check whether Nonce REQ is the same as Nonce REQ in REQInit;
(2)、验证MacTag REQ;验证过程如图3实施例中相关描述; (2), verify MacTag REQ ; The verification process is described in relation to the embodiment as shown in Figure 3;
(3)、利用消息加密密钥解密EncData REQ得到Nonce REQPub(3), utilize message encryption key to decrypt EncData REQ to obtain Nonce REQPub ;
(4)、利用Nonce REQPub
Figure PCTCN2021140178-appb-000049
进行异或运算恢复Pub REQ(4), use Nonce REQPub to pair
Figure PCTCN2021140178-appb-000049
Perform XOR operation to restore Pub REQ ;
(5)、利用Pub REQ中的Cert REQ验证Sig REQ(5), utilize the Cert REQ in the Pub REQ to verify the Sig REQ ;
(6)、上述检查及验证均通过,则根据Pub REQ中的Res REQ确定REQ的身份鉴别结果;上述检查与验证中任一步不通过,则立即丢弃REQAuth。 (6) If the above checks and verifications are all passed, the identity authentication result of REQ is determined according to the Res REQ in the Pub REQ ; if any step of the above checks and verifications fails, REQAuth is immediately discarded.
由此,在S411和S413分别实现对AAC和对REQ的身份鉴别,即实现REQ和AAC的双向身份鉴别,并且REQ的身份标识ID REQ、数字证书Cert REQ、鉴别结果及AAC的身份标识ID AAC、鉴别结果等全程以密文形式传输,实现REQ和AAC的身份保护。 Thus, at S411 and S413, the identification of AAC and REQ is realized respectively, that is, the two-way identification of REQ and AAC is realized, and the identification ID REQ of REQ, the digital certificate Cert REQ , the identification result and the identification ID AAC of AAC are realized. , authentication results, etc. are transmitted in cipher text throughout the process to realize the identity protection of REQ and AAC.
需要说明的是,S413中验证Sig REQ的操作也可以改为在S407中先行执行,其中,Sig REQ可以通过S406的AACVeri传递至AS-AAC,则在S407中,AS-AAC还需要验证Sig REQ,验证通过后再执行后续操作;此情形下,在S413中AAC不再验证Sig REQ,此时Pub REQ中可以不包括Cert REQIt should be noted that the operation of verifying Sig REQ in S413 can also be changed to be performed first in S407, where Sig REQ can be passed to AS-AAC through AACVeri of S406, then in S407, AS-AAC also needs to verify Sig REQ , and then perform subsequent operations after the verification is passed; in this case, the AAC no longer verifies the Sig REQ in S413 , and the Pub REQ may not include the Cert REQ in this case.
参见图5,为上述(三)情况下一种身份鉴别方法的实施例,在该实施例中,REQ和AAC之间的消息加密密钥协商过程被并行地融合到了身份鉴别过程中,更便于工程实施。该身份鉴别方法包括:Referring to FIG. 5, it is an embodiment of an identity authentication method in the above (3) situation. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient Project implementation. The identification method includes:
S501、AAC生成Nonce AAC和KeyInfo AAC,根据需要生成Security capabilities AACS501, AAC generates Nonce AAC and KeyInfo AAC , and generates Security capabilities AAC as required.
S502、AAC向REQ发送密钥请求消息AACInit。S502. The AAC sends a key request message AACInit to the REQ.
所述AACInit中包括Nonce AAC、KeyInfo AAC、Security capabilities AAC和ID AS_AAC。其中,Security capabilities AAC和ID AS_AAC为可选字段,且ID AS_AAC表示AAC信任的至少一个鉴别服务器的身份标识,用于使得REQ根据ID AS_AAC确定是否存在共同信任的鉴别服务器(下文同)。 The AACInit includes Nonce AAC , KeyInfo AAC , Security capabilities AAC and ID AS_AAC . Among them, Security capabilities AAC and ID AS_AAC are optional fields, and ID AS_AAC represents the identity of at least one authentication server trusted by AAC, which is used to make REQ determine whether there is a mutually trusted authentication server (the same below) according to ID AS_AAC .
S503、REQ接收到AACInit后,执行下述操作,包括:S503. After receiving the AACInit, the REQ performs the following operations, including:
(1)、生成Nonce REQ、Nonce REQID、Nonce REQPub和KeyInfo REQ(1), generate Nonce REQ , Nonce REQID , Nonce REQPub and KeyInfo REQ ;
(2)、根据需要生成ID AS_REQ和Security capabilities REQ(2), generate ID AS_REQ and Security capabilities REQ as needed;
(3)、根据包括KeyInfo REQ对应的临时私钥和KeyInfo AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合Nonce AAC、Nonce REQ及其他信息(REQ和AAC采用的其他信息是相同的且可选的,譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥;当然,本步骤也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行。 (3), according to including the temporary private key corresponding to KeyInfo REQ and the temporary public key included in KeyInfo AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce AAC , Nonce REQ and other information (REQ and AAC adopt other information is the same and optional, such as specific strings, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step can also be moved to Execute when the message encryption key and message integrity check key need to be used later.
(4)、利用加密证书的公钥计算生成EncPub AS_REQ(4), utilize the public key calculation of encryption certificate to generate EncPub AS_REQ ;
(5)、计算REQ的数字签名Sig REQ(5), calculate the digital signature Sig REQ of REQ .
S504、REQ向AAC发送身份密文消息REQInit。S504, REQ sends an identity ciphertext message REQInit to the AAC.
所述REQInit中包括Nonce AAC、Nonce REQ、Security capabilities REQ、KeyInfo REQ、ID AS_REQ、EncPub AS_REQ及Sig REQ。其中,Nonce AAC应等于AACInit中的相应字段;Sig REQ的签名数据包括REQInit中Sig REQ之前的其他字段,例如包括Nonce AAC、Nonce REQ、Security capabilities REQ、KeyInfo REQ、ID AS_REQ及EncPub AS_REQ;EncPub AS_REQ的加密数据包括ID REQ、Cert REQ、Nonce REQID和Nonce REQPub。Security capabilities REQ和ID AS_REQ为可选字段,且ID AS_REQ表示REQ信任的至少一个鉴别服务器的身份标识,当AACInit中存在ID AS_AAC时,REQ尽量从其信任的鉴别服务器中选择至少一个与ID AS_AAC中相同的鉴别服务器作为ID AS_REQ,若选择失败,则将自身信任的至少一个鉴别服务器作为ID AS_REQ;当AACInit 中不存在ID AS_AAC时,REQ将自身信任的至少一个鉴别服务器作为ID AS_REQ(下文同)。 The REQInit includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , ID AS_REQ , EncPub AS_REQ and Sig REQ . Among them, Nonce AAC should be equal to the corresponding field in AACInit; the signature data of Sig REQ includes other fields before Sig REQ in REQInit, such as Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , ID AS_REQ and EncPub AS_REQ ; EncPub AS_REQ The encrypted data includes ID REQ , Cert REQ , Nonce REQID and Nonce REQPub . Security capabilities REQ and ID AS_REQ are optional fields, and ID AS_REQ represents the identity of at least one authentication server trusted by REQ. When ID AS_AAC exists in AACInit, REQ tries to select at least one authentication server from its trusted authentication servers with ID AS_AAC The same authentication server is used as ID AS_REQ . If the selection fails, at least one authentication server trusted by itself is used as ID AS_REQ ; when ID AS_AAC does not exist in AACInit, REQ uses at least one authentication server trusted by itself as ID AS_REQ (the same below) .
S505、AAC接收到REQInit后,执行下述操作,包括:S505. After receiving REQInit, the AAC performs the following operations, including:
(1)、检查REQInit中的Nonce AAC与AAC生成的Nonce AAC是否一致,若不一致,则丢弃REQInit; (1) Check whether the Nonce AAC in REQInit is consistent with the Nonce AAC generated by AAC , if not, discard REQInit;
(2)、根据包括所述KeyInfo AAC对应的临时私钥和所述KeyInfo REQ所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合Nonce AAC、Nonce REQ及其他信息(AAC和REQ采用的其他信息是相同的且可选的,譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥; (2), according to including the temporary private key corresponding to the KeyInfo AAC and the temporary public key included in the KeyInfo REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce AAC , Nonce REQ and other information ( Other information used by AAC and REQ is the same and optional, such as a specific character string, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key;
(3)、计算生成MIC AAC(3), calculate and generate MIC AAC ;
(4)、若REQInit中携带ID AS_REQ且AACInit中携带ID AS_AAC,则AAC判断ID AS_REQ和ID AS_AAC是否存在至少一个相同的鉴别服务器的身份标识,若存在,即为非漫游情况,AAC从上述至少一个REQ和AAC共同信任的鉴别服务器的身份标识中,确定参与身份鉴别的第一鉴别服务器;若不存在,则为漫游情况,AAC需要根据ID AS_AAC确定参与身份鉴别的第一鉴别服务器AS-AAC,并将ID AS_REQ发送给AS-AAC,以便AS-AAC根据ID AS_REQ确定第二鉴别服务器AS-REQ;或者, (4) If the ID AS_REQ is carried in REQInit and the ID AS_AAC is carried in AACInit , then AAC judges whether ID AS_REQ and ID AS_AAC have at least one identical identification server identity. In the identity of an authentication server trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication server AS-AAC participating in identity authentication according to ID AS_AAC , and send the ID AS_REQ to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID AS_REQ ; or,
若REQInit中携带ID AS_REQ但AACInit中不携带ID AS_AAC,则AAC判断ID AS_REQ和AAC所信任的鉴别服务器是否存在至少一个相同的鉴别服务器的身份标识,若存在,即为非漫游情况,AAC从上述至少一个REQ和AAC共同信任的鉴别服务器的身份标识中,确定参与身份鉴别的第一鉴别服务器;若不存在,则为漫游情况,AAC需要根据自身信任的鉴别服务器确定参与身份鉴别的第一鉴别服务器AS-AAC,并将ID AS_REQ发送给AS-AAC,以便AS-AAC根据ID AS_REQ确定第二鉴别服务器AS-REQ; If the ID AS_REQ is carried in REQInit but the ID AS_AAC is not carried in AACInit , the AAC determines whether the ID AS_REQ and the authentication server trusted by the AAC have at least one identical ID of the authentication server. If so, it is a non-roaming situation. In the identity identifier of at least one authentication server trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication participating in identity authentication according to the authentication server trusted by itself. The server AS-AAC sends the ID AS_REQ to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID AS_REQ ;
需要说明的是,此实施例判断出的结果应为漫游情况。It should be noted that the result determined in this embodiment should be a roaming situation.
S506、AAC向AS-AAC发送第一鉴别请求消息AACVeri。S506. The AAC sends the first authentication request message AACVeri to the AS-AAC.
所述AACVeri中包括Nonce AAC、Nonce REQ、ID AS_REQ、EncPub AS_REQ、ID AAC及MIC AAC。其中,ID AS_REQ为可选字段;MIC AAC是AAC利用与AS-AAC的预共享密钥K AAC_AS,采用与AS-AAC约定的杂凑算法对AACVeri中MIC AAC之前的其他字段在内的信息计算得到的杂凑值。 The AACVeri includes Nonce AAC , Nonce REQ , ID AS_REQ , EncPub AS_REQ , ID AAC and MIC AAC . Among them, ID AS_REQ is an optional field; MIC AAC is calculated by AAC using the pre-shared key K AAC_AS with AS-AAC and using the hash algorithm agreed with AS-AAC to calculate the information including other fields before MIC AAC in AACVeri hash value of .
S507、AS-AAC接收到AACVeri后,执行下述操作,包括:S507. After receiving the AACVeri, AS-AAC performs the following operations, including:
(1)、验证MIC AAC得到Res AAC,根据包括Res AAC和ID AAC在内的信息生成Pub AAC;验证MIC AAC的过程参见图3实施例中相关内容; (1), verify MIC AAC and obtain Res AAC , generate Pub AAC according to the information including Res AAC and ID AAC ; The process of verifying MIC AAC refers to relevant content in the embodiment of Fig. 3;
(2)、若AACVeri中存在ID AS_REQ,则AS-AAC根据ID AS_REQ确定第二鉴别服务器AS-REQ;若不存在,则表示AS-AAC已确知AS-REQ; (2), if there is ID AS_REQ in AACVeri, then AS-AAC determines the second authentication server AS-REQ according to ID AS_REQ ; if it does not exist, it means that AS-AAC has confirmed AS-REQ;
(3)、计算生成第二数字签名Sig AS_AAC2(3), calculate and generate the second digital signature Sig AS_AAC2 .
S508、AS-AAC向AS-REQ发送第二鉴别请求消息AS-AACVeri。S508, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
所述AS-AACVeri中包括Nonce AAC、Nonce REQ、EncPub AS_REQ、ID AAC、Pub AAC和Sig AS_AAC2。其中,Nonce AAC、Nonce REQ、EncPub AS_REQ、ID AAC应分别等于AACVeri中的相应字段;Sig AS_AAC2的签名数据包括AS-AACVeri中Sig AS_AAC2之前的其他字段。 The AS-AACVeri includes Nonce AAC , Nonce REQ , EncPub AS_REQ , ID AAC , Pub AAC and Sig AS_AAC2 . Among them, Nonce AAC , Nonce REQ , EncPub AS_REQ , and ID AAC should be respectively equal to the corresponding fields in AACVeri; the signature data of Sig AS_AAC2 includes other fields before Sig AS_AAC2 in AS-AACVeri.
S509、AS-REQ接收到AS-AACVeri后,利用AS-AAC的公钥验证Sig AS_AAC2S509, after AS-REQ receives AS-AACVeri, it uses the public key of AS-AAC to verify Sig AS_AAC2 .
若验证通过,则执行S510。If the verification is passed, execute S510.
S510、AS-REQ向CS-DEC发送第一解密请求消息AS-REQReq。S510. The AS-REQ sends the first decryption request message AS-REQReq to the CS-DEC.
所述AS-REQReq中包括EncPub AS_REQThe AS-REQReq includes EncPub AS_REQ .
S511、CS-DEC利用加密证书对应的私钥解密EncPub AS_REQ得到ID REQ、Cert REQ、Nonce REQID和Nonce REQPubS511 , CS-DEC decrypts EncPub AS_REQ by using the private key corresponding to the encrypted certificate to obtain ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
S512、CS-DEC向AS-REQ发送第一解密响应消息CS-DECRep。S512. The CS-DEC sends the first decryption response message CS-DECRep to the AS-REQ.
所述CS-DECRep中包括ID REQ、Cert REQ、Nonce REQID和Nonce REQPubThe CS-DECRep includes ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
S513、AS-REQ接收到CS-DECRep后,执行下述操作,包括:S513. After receiving the CS-DECRep, the AS-REQ performs the following operations, including:
(1)、验证Cert REQ的合法性得到Res REQ,根据包括Res REQ和Cert REQ在内的信息生成Pub REQ(1), verify the legitimacy of Cert REQ to obtain Res REQ , and generate Pub REQ according to the information including Res REQ and Cert REQ ;
(2)、利用Nonce REQID对ID REQ进行异或运算得到
Figure PCTCN2021140178-appb-000050
利用Nonce REQPub对Pub REQ进行异或运算得到
Figure PCTCN2021140178-appb-000051
(2), use Nonce REQID to perform XOR operation on ID REQ to get
Figure PCTCN2021140178-appb-000050
Using Nonce REQPub to XOR the Pub REQ to get
Figure PCTCN2021140178-appb-000051
(3)、计算第一数字签名Sig AS_REQ1和第三数字签名Sig AS_REQ3(3) Calculate the first digital signature Sig AS_REQ1 and the third digital signature Sig AS_REQ3 .
S514、AS-REQ向AS-AAC发送第二鉴别响应消息AS-REQVeri。S514. The AS-REQ sends the second authentication response message AS-REQVeri to the AS-AAC.
所述AS-REQVeri中包括
Figure PCTCN2021140178-appb-000052
Nonce REQ、Pub AAC、Sig AS_REQ1、ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000053
和Sig AS_REQ3。其中,ID REQ、Nonce REQID和Nonce REQPub应分别等于CS-DECRep中的相应字段;Sig AS_REQ1的签名数据包括
Figure PCTCN2021140178-appb-000054
Nonce REQ、Pub AAC;Sig AS_REQ3的签名数据包括ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000055
The AS-REQVeri includes
Figure PCTCN2021140178-appb-000052
Nonce REQ , Pub AAC , Sig AS_REQ1 , ID AAC , Nonce AAC ,
Figure PCTCN2021140178-appb-000053
and Sig AS_REQ3 . Among them, ID REQ , Nonce REQID and Nonce REQPub should be respectively equal to the corresponding fields in CS-DECRep; the signature data of Sig AS_REQ1 includes
Figure PCTCN2021140178-appb-000054
Nonce REQ , Pub AAC ; the signature data of Sig AS_REQ3 includes ID AAC , Nonce AAC ,
Figure PCTCN2021140178-appb-000055
S515、AS-AAC接收到AS-REQVeri后,执行下述操作,包括:S515. After the AS-AAC receives the AS-REQVeri, it performs the following operations, including:
(1)、利用AS-REQ的公钥验证Sig AS_REQ3,若验证不通过,则丢弃AS-REQVeri; (1), use the public key of AS-REQ to verify Sig AS_REQ3 , if the verification fails, discard AS-REQVeri;
(2)、计算AS-AAC的第一消息鉴别码MIC AS_AAC(2) Calculate the first message authentication code MIC AS_AAC of the AS-AAC.
S516、AS-AAC向AAC发送第一鉴别响应消息ASVeri。S516. The AS-AAC sends the first authentication response message ASVeri to the AAC.
所述ASVeri中包括
Figure PCTCN2021140178-appb-000056
Nonce REQ、Pub AAC、Sig AS_REQ1、ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000057
Figure PCTCN2021140178-appb-000058
和MIC AS_AAC。其中,
Figure PCTCN2021140178-appb-000059
Nonce REQ、Pub AAC、Sig AS_REQ1、ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000060
应分别等于AS-REQVeri中的相应字段;MIC AS_AAC是AS-AAC利用所述K AAC_AS,采用与AAC约定的杂凑算法对包括ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000061
在内的信息计算的杂凑值。 The ASVeri includes
Figure PCTCN2021140178-appb-000056
Nonce REQ , Pub AAC , Sig AS_REQ1 , ID AAC , Nonce AAC ,
Figure PCTCN2021140178-appb-000057
Figure PCTCN2021140178-appb-000058
and MIC AS_AAC . in,
Figure PCTCN2021140178-appb-000059
Nonce REQ , Pub AAC , Sig AS_REQ1 , ID AAC , Nonce AAC ,
Figure PCTCN2021140178-appb-000060
Should be equal to the corresponding fields in AS-REQVeri respectively; MIC AS_AAC is that AS-AAC utilizes the K AAC_AS , adopts the hash algorithm agreed with AAC to include ID AAC , Nonce AAC and
Figure PCTCN2021140178-appb-000061
The hash value calculated with the information included.
S517、AAC接收到ASVeri后,执行下述操作,包括:S517. After AAC receives ASVeri, it performs the following operations, including:
(1)、检查ASVeri中的ID AAC、Nonce AAC是否分别AAC自身的身份标识ID AAC、AAC生成的Nonce AAC相同;若不同,则丢弃ASVeri; (1), check whether the ID AAC and Nonce AAC in the AVSeri are the same as the ID AAC and the Nonce AAC generated by the AAC's own identification ID AAC , respectively; if they are different, discard the ASVeri;
(2)、验证MIC AS_AAC,若验证不通过,则丢弃ASVeri;验证过程参见图3实施例的相关内容; (2), verify the MIC AS_AAC , if the verification fails, then discard ASVeri; the verification process refers to the relevant content of the embodiment of FIG. 3;
(3)、利用消息加密密钥计算EncData AAC;计算MacTag AAC(3), utilize the message encryption key to calculate EncData AAC ; calculate MacTag AAC .
S518、AAC向REQ发送第三鉴别响应消息AACAuth。S518, AAC sends a third authentication response message AACAuth to REQ.
所述AACAuth中包括Nonce AAC、Nonce REQ、EncData AAC和MacTag AAC。其中,Nonce REQ、Nonce AAC为可选字段,应分别等于REQInit中的Nonce REQ、AAC生成的Nonce AAC;EncData AAC是AAC利用消息加密密钥,采用对称加密算法对包括
Figure PCTCN2021140178-appb-000062
Nonce REQ、Pub AAC、Sig AS_REQ1和ID AAC在内的加密数据加密生成的;MacTag AAC的计算过程参见图3实施例的相关内容。 The AACAuth includes Nonce AAC , Nonce REQ , EncData AAC and MacTag AAC . Among them, Nonce REQ and Nonce AAC are optional fields, which should be respectively equal to Nonce REQ and Nonce AAC generated by AAC in REQInit; EncData AAC is that AAC utilizes a message encryption key, and adopts a symmetric encryption algorithm to include
Figure PCTCN2021140178-appb-000062
The encrypted data including Nonce REQ , Pub AAC , Sig AS_REQ1 and ID AAC are encrypted and generated; for the calculation process of MacTag AAC , refer to the related content of the embodiment in FIG. 3 .
S519、REQ接收到AACAuth后,执行下述操作,包括:S519. After receiving the AACAuth, REQ performs the following operations, including:
(1)、若AACAuth中存在Nonce REQ和/或Nonce AAC,则检查Nonce REQ是否与REQ生成的Nonce REQ相同,和/或,检查Nonce AAC是否与AACInit中的Nonce AAC相同; (1) If there is Nonce REQ and/or Nonce AAC in AACAuth, check whether the Nonce REQ is the same as the Nonce REQ generated by REQ, and/or, check whether the Nonce AAC is the same as the Nonce AAC in AACInit;
(2)、验证MacTag AAC;验证过程参见图3实施例的相关内容; (2), verify MacTag AAC ; Verification process is referring to the relevant content of the embodiment of Fig. 3;
(3)、利用消息加密密钥解密EncData AAC得到
Figure PCTCN2021140178-appb-000063
Nonce REQ、Pub AAC、Sig AS_REQ1和ID AAC(3), decrypt the EncData AAC using the message encryption key to obtain
Figure PCTCN2021140178-appb-000063
Nonce REQ , Pub AAC , Sig AS_REQ1 and ID AAC ;
(4)、利用Nonce REQID
Figure PCTCN2021140178-appb-000064
进行异或运算恢复ID REQ(4), use Nonce REQID to pair
Figure PCTCN2021140178-appb-000064
Perform XOR operation to restore ID REQ ;
(5)、检查ID REQ、Nonce REQ是否分别与REQ自身的身份标识ID REQ、REQ生成的Nonce REQ相同; (5), check whether ID REQ and Nonce REQ are the same as the Nonce REQ generated by REQ's own identity ID REQ and REQ respectively;
(6)、检查解密得到的ID AAC和Pub AAC中的ID AAC是否一致; (6), check whether the ID AAC in the decrypted ID AAC and the ID AAC in the Pub AAC are consistent;
(7)、利用AS-REQ的公钥验证Sig S_REQ1(7), utilize the public key of AS-REQ to verify Sig S_REQ1 ;
(8)、若上述检查与验证中任一步不通过,则立即丢弃AACAuth;若上述检查和验证均通过后,根据Pub AAC中的Res AAC确定AAC的身份鉴别结果;若AAC为不合法,则结束本次鉴别过程; (8) If any one of the above checks and verifications fails, discard AACAuth immediately; if the above checks and verifications pass, determine the identity authentication result of AAC according to Res AAC in Pub AAC ; if AAC is illegal, then end the identification process;
(9)、利用消息加密密钥计算EncData REQ(9), utilize message encryption key to calculate EncData REQ ;
(10)、计算MacTag REQ(10), calculate MacTag REQ .
S520、REQ向AAC发送第四鉴别响应消息REQAuth。S520. REQ sends a fourth authentication response message REQAuth to the AAC.
所述REQAuth中包括Nonce AAC、Nonce REQ、EncData REQ和MacTag REQ。其中,Nonce REQ和Nonce AAC为可选字段,应分别等于REQ生成的Nonce REQ和AACInit中的Nonce AAC;EncData REQ的加密数据包括Nonce REQPub;MacTag REQ的计算过程参见图3实施例的相关内容。 The REQAuth includes Nonce AAC , Nonce REQ , EncData REQ and MacTag REQ . Wherein, Nonce REQ and Nonce AAC are optional fields, should be equal to the Nonce AAC in the Nonce REQ and AACInit that REQ generates respectively; The encrypted data of EncData REQ includes Nonce REQPub ; The calculation process of MacTag REQ refers to the relevant content of the embodiment of Fig. 3.
S521、AAC接收到REQAuth后执行下述操作,包括:S521. After receiving REQAuth, AAC performs the following operations, including:
(1)、若REQAuth中存在Nonce AAC和/或Nonce REQ,则检查Nonce AAC是否与AAC生成的Nonce AAC相同,和/或,检查Nonce REQ是否与REQInit中的Nonce REQ相同; (1) If there is Nonce AAC and/or Nonce REQ in REQAuth, check whether the Nonce AAC is the same as the Nonce AAC generated by AAC, and/or, check whether the Nonce REQ is the same as the Nonce REQ in REQInit;
(2)、验证MacTag REQ;验证过程参见图3实施例的相关内容; (2), verify MacTag REQ ; Verification process is referring to the relevant content of the embodiment of Fig. 3;
(3)、利用消息加密密钥解密EncData REQ得到Nonce REQPub(3), utilize message encryption key to decrypt EncData REQ to obtain Nonce REQPub ;
(4)、利用Nonce REQPub
Figure PCTCN2021140178-appb-000065
进行异或运算恢复Pub REQ(4), use Nonce REQPub to pair
Figure PCTCN2021140178-appb-000065
Perform XOR operation to restore Pub REQ ;
(5)、利用Pub REQ中的Cert REQ验证Sig REQ(5), utilize the Cert REQ in the Pub REQ to verify the Sig REQ ;
(6)、上述检查及验证均通过,则根据Pub REQ中的Res REQ确定REQ的身份鉴别结果;上述检查与验证中任一步不通过,则立即丢弃REQAuth。 (6) If the above checks and verifications are all passed, the identity authentication result of REQ is determined according to the Res REQ in the Pub REQ ; if any step of the above checks and verifications fails, REQAuth is immediately discarded.
由此,在S519和S521分别实现漫游情况下对AAC和对REQ的身份鉴别,即实现REQ和AAC的双向身份鉴别,并且REQ的鉴别结果全程以密文传输,实现REQ的身份保护。Therefore, in S519 and S521, the identity authentication of the AAC and the REQ is realized respectively in the case of roaming, that is, the bidirectional identity authentication of the REQ and the AAC is realized, and the authentication result of the REQ is transmitted in cipher text throughout the whole process to realize the identity protection of the REQ.
需要说明的是,(1)、S521中验证Sig REQ的操作也可以改为在S513中先行执行,其中,Sig REQ可以通过S506的AACVeri及S508的AS-AACVeri传递至AS-REQ,则在S513中,AS-REQ还要利用Cert REQ验证Sig REQ,验证通过后再执行后续操作。此情形下,在S521中AAC不再验证Sig REQ,此时Pub REQ中可以不包括Cert REQ。(2)、S507、S508中的第二数字签名Sig AS_AAC2可以替换为第二消息鉴别码MIC AS_AAC2,其中,MIC AS_AAC2是AS-AAC利用与AS-REQ的预共享密钥,采用与AS-REQ约定的杂凑算法对包括AS-AACVeri中MIC AS_AAC2之前的其他字段计算的杂凑值;则S509中AS-REQ验证Sig AS_AAC2替换为验证MIC AS_AAC2。S513、S514中的第三数字签名Sig AS_REQ3可以替换为第三消息鉴别码MIC AS_REQ3,其中,MIC AS_REQ3是AS-REQ利用与AS-AAC的预共享密钥,采用与AS-AAC约定的 杂凑算法对包括AS-REQVeri中的ID AAC、Nonce AAC
Figure PCTCN2021140178-appb-000066
在内的字段计算的杂凑值;则S515中AS-AAC验证Sig AS_REQ3替换为验证MIC AS_REQ3It should be noted that (1), the operation of verifying Sig REQ in S521 can also be changed to be executed first in S513, wherein Sig REQ can be passed to AS-REQ through AACVeri of S506 and AS-AACVeri of S508, then in S513 , AS-REQ also uses Cert REQ to verify Sig REQ , and then performs subsequent operations after the verification is passed. In this case, the AAC no longer verifies the Sig REQ in S521, and the Cert REQ may not be included in the Pub REQ at this time. (2) The second digital signature Sig AS_AAC2 in S507 and S508 can be replaced with the second message authentication code MIC AS_AAC2 , wherein MIC AS_AAC2 is that AS-AAC utilizes the pre-shared key with AS-REQ, adopts the pre-shared key with AS-REQ The hash value calculated by the agreed hash algorithm for other fields including the MIC AS_AAC2 in the AS-AACVeri; then the AS-REQ verification Sig AS_AAC2 in S509 is replaced by the verification MIC AS_AAC2 . The third digital signature Sig AS_REQ3 in S513 and S514 can be replaced with the third message authentication code MIC AS_REQ3 , wherein MIC AS_REQ3 is the hash algorithm agreed with AS-AAC by AS-REQ using the pre-shared key with AS-AAC For ID AAC , Nonce AAC , Nonce AAC in AS-REQVeri,
Figure PCTCN2021140178-appb-000066
The hash value calculated by the field inside; then in S515, the AS-AAC verification Sig AS_REQ3 is replaced by the verification MIC AS_REQ3 .
参见图6,为上述(四)情况下一种身份鉴别方法的实施例,在该实施例中,REQ和AAC之间的消息加密密钥协商过程被并行地融合到了身份鉴别过程中,更便于工程实施。该身份鉴别方法包括:Referring to FIG. 6, it is an embodiment of an identity authentication method in the above-mentioned (4) situation. In this embodiment, the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, which is more convenient Project implementation. The identification method includes:
S601、AAC生成Nonce AAC和KeyInfo AAC,根据需要生成Security capabilities AACS601, AAC generates Nonce AAC and KeyInfo AAC , and generates Security capabilities AAC as required.
S602、AAC向REQ发送密钥请求消息AACInit。S602. The AAC sends a key request message AACInit to the REQ.
所述AACInit中包括Nonce AAC、KeyInfo AAC、Security capabilities AAC和ID AS_AAC。其中,Security capabilities AAC和ID AS_AAC为可选字段。 The AACInit includes Nonce AAC , KeyInfo AAC , Security capabilities AAC and ID AS_AAC . Among them, Security capabilities AAC and ID AS_AAC are optional fields.
S603、REQ接收到AACInit后,执行下述操作,包括:S603. After REQ receives AACInit, the following operations are performed, including:
(1)、生成Nonce REQ、Nonce REQID、Nonce REQPub和KeyInfo REQ(1), generate Nonce REQ , Nonce REQID , Nonce REQPub and KeyInfo REQ ;
(2)、根据需要生成ID AS_REQ和Security capabilities REQ(2), generate ID AS_REQ and Security capabilities REQ as needed;
(3)、根据包括KeyInfo REQ对应的临时私钥和KeyInfo AAC所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合Nonce AAC、Nonce REQ及其他信息(REQ和AAC采用的其他信息是相同的且可选的,譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥;当然,本步骤也可以移至在后续需要使用消息加密密钥、消息完整性校验密钥时再执行; (3), according to including the temporary private key corresponding to KeyInfo REQ and the temporary public key included in KeyInfo AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce AAC , Nonce REQ and other information (REQ and AAC adopt other information is the same and optional, such as specific strings, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; of course, this step can also be moved to Execute when the message encryption key and message integrity check key need to be used later;
(4)、利用加密证书的公钥计算EncPub AS_REQ(4), utilize the public key of encryption certificate to calculate EncPub AS_REQ ;
(5)、计算REQ的数字签名Sig REQ(5), calculate the digital signature Sig REQ of REQ .
S604、REQ向AAC发送身份密文消息REQInit。S604. REQ sends an identity ciphertext message REQInit to the AAC.
所述REQInit中包括Nonce AAC、Nonce REQ、Security capabilities REQ、KeyInfo REQ、ID AS_REQ、EncPub AS_REQ及Sig REQ。其中,Nonce AAC应等于AACInit中的相应字段;Security capabilities REQ和ID AS_REQ为可选字段;EncPub AS_REQ的加密数据包括ID REQ、Cert REQ、Nonce REQID和Nonce REQPub;Sig REQ的签名数据包括REQInit中Sig REQ之前的其他字段,例如包括Nonce AAC、Nonce REQ、Security capabilities REQ、KeyInfo REQ、ID AS_REQ及EncPub AS_REQThe REQInit includes Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , ID AS_REQ , EncPub AS_REQ and Sig REQ . Among them, Nonce AAC should be equal to the corresponding field in AACInit; Security capabilities REQ and ID AS_REQ are optional fields; the encrypted data of EncPub AS_REQ includes ID REQ , Cert REQ , Nonce REQID and Nonce REQPub ; the signature data of Sig REQ includes Sig in REQInit Other fields before REQ include, for example, Nonce AAC , Nonce REQ , Security capabilities REQ , KeyInfo REQ , ID AS_REQ and EncPub AS_REQ .
S605、AAC接收到REQInit后,执行下述操作,包括:S605. After receiving REQInit, the AAC performs the following operations, including:
(1)、检查REQInit中的Nonce AAC与AAC生成的Nonce AAC是否一致,若不一致,则丢弃REQInit; (1) Check whether the Nonce AAC in REQInit is consistent with the Nonce AAC generated by AAC , if not, discard REQInit;
(2)、根据包括所述KeyInfo AAC对应的临时私钥和所述KeyInfo REQ所包括的临时公钥进行密钥交换计算生成第一密钥K1,将K1结合Nonce AAC、Nonce REQ及其他信息(AAC和REQ采用的其他信息是相同的且可选的,譬如特定字符串等)利用协商的或预置的密钥导出算法计算消息加密密钥和消息完整性校验密钥; (2), according to including the temporary private key corresponding to the KeyInfo AAC and the temporary public key included in the KeyInfo REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce AAC , Nonce REQ and other information ( Other information used by AAC and REQ is the same and optional, such as a specific character string, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key;
(3)、利用加密证书的公钥计算EncPub AS_AAC(3), utilize the public key of encryption certificate to calculate EncPub AS_AAC ;
(4)、计算生成MIC AAC(4), calculate and generate MIC AAC ;
(5)、确定参与身份鉴别的AS-AAC的过程同图5实施例相关内容。(5) The process of determining the AS-AAC participating in the identity authentication is the same as the related content of the embodiment in FIG. 5 .
S606、AAC向AS-AAC发送第一鉴别请求消息AACVeri。S606. The AAC sends a first authentication request message AACVeri to the AS-AAC.
所述AACVeri中包括REQInit、EncPub AS_AAC、Nonce AAC和MIC AAC。其中,EncPub AS_AAC是AAC利用加密证书的公钥对包括ID AAC、Nonce AACID、Nonce AACPub在内的信息加密生成的;MIC AAC是AAC利用与AS-AAC的预共享密钥K AAC_AS,采用与AS-AAC约定的杂凑算法对AACVeri中MIC AAC之前的其他字段计算的杂凑值。 The AACVeri includes REQInit, EncPub AS_AAC , Nonce AAC and MIC AAC . Among them, EncPub AS_AAC is generated by AAC using the public key of the encryption certificate to encrypt information including ID AAC , Nonce AACID , Nonce AACPub ; MIC AAC is AAC using the pre-shared key K AAC_AS with AS-AAC, using the same AS-AAC pre-shared key K AAC_AS. - The hash value calculated by the hash algorithm of the AAC convention for other fields before the MIC AAC in AACVeri.
S607、AS-AAC向CS-DEC发送第二解密请求消息AS-AACReq。S607. The AS-AAC sends the second decryption request message AS-AACReq to the CS-DEC.
所述AS-AACReq中包括EncPub AS_AACThe AS-AACReq includes EncPub AS_AAC .
S608、CS-DEC利用加密证书对应的私钥解密EncPub AS_AAC得到ID AAC、Nonce AACPub和Nonce AACIDS608 , CS-DEC decrypts EncPub AS_AAC by using the private key corresponding to the encryption certificate to obtain ID AAC , Nonce AACPub and Nonce AACID .
S609、CS-DEC向AS-AAC发送第二解密响应消息CS-DECRep。S609. The CS-DEC sends the second decryption response message CS-DECRep to the AS-AAC.
所述CS-DECRep中包括ID AAC、Nonce AACPub和Nonce AACIDThe CS-DECRep includes ID AAC , Nonce AACPub and Nonce AACID .
S610、AS-AAC接收到CS-DECRep后,执行下述操作,包括:S610. After receiving the CS-DECRep, the AS-AAC performs the following operations, including:
(1)、验证MIC AAC得到Res AAC,根据包括Res AAC和ID AAC在内的信息生成Pub AAC;验证过程参见图4实施例中相关内容; (1), verify MIC AAC to obtain Res AAC , generate Pub AAC according to the information including Res AAC and ID AAC ; The verification process is referring to the relevant content in the embodiment of Fig. 4;
(2)、利用Nonce AACID对ID AAC进行异或运算得到
Figure PCTCN2021140178-appb-000067
利用Nonce AACPub对Pub AAC进行异或运算得到
Figure PCTCN2021140178-appb-000068
(2), use Nonce AACID to XOR the ID AAC to get
Figure PCTCN2021140178-appb-000067
Using Nonce AACPub to XOR Pub AAC to get
Figure PCTCN2021140178-appb-000068
(3)、计算第二数字签名Sig AS_AAC2(3), calculate the second digital signature Sig AS_AAC2 .
S611、AS-AAC向AS-REQ发送第二鉴别请求消息AS-AACVeri。S611. AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
所述AS-AACVeri中包括REQInit、
Figure PCTCN2021140178-appb-000069
和Sig AS_AAC2。其中,Sig AS_AAC2的签名数据包括AS-AACVeri中Sig AS_AAC2之前的其他字段。 The AS-AACVeri includes REQInit,
Figure PCTCN2021140178-appb-000069
and Sig AS_AAC2 . The signature data of Sig AS_AAC2 includes other fields before Sig AS_AAC2 in AS-AACVeri.
S612、AS-REQ接收到AS-AACVeri后,利用AS-AAC的公钥验证Sig AS_AAC2S612. After receiving the AS-AACVeri, the AS-REQ uses the public key of the AS-AAC to verify the Sig AS_AAC2 .
若验证通过,则执行S613。If the verification is passed, execute S613.
S613、AS-REQ向CS-DEC发送第一解密请求消息AS-REQReq。S613. The AS-REQ sends the first decryption request message AS-REQReq to the CS-DEC.
所述AS-REQReq中包括EncPub AS_REQThe AS-REQReq includes EncPub AS_REQ .
S614、CS-DEC利用加密证书对应的私钥解密EncPub AS_REQ得到ID REQ、Cert REQ、Nonce REQID和Nonce REQPubS614, CS-DEC decrypts EncPub AS_REQ by using the private key corresponding to the encrypted certificate to obtain ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
S615、CS-DEC向AS-REQ发送第一解密响应消息CS-DECRep。S615. The CS-DEC sends the first decryption response message CS-DECRep to the AS-REQ.
所述CS-DECRep中包括ID REQ、Cert REQ、Nonce REQID和Nonce REQPubThe CS-DECRep includes ID REQ , Cert REQ , Nonce REQID and Nonce REQPub .
S616、AS-REQ接收到CS-DECRep后,执行下述操作,包括:S616. After receiving the CS-DECRep, the AS-REQ performs the following operations, including:
(1)、利用Cert REQ验证Sig REQ,若验证不通过,则丢弃CS-DECRep; (1), use Cert REQ to verify Sig REQ , if the verification fails, then discard CS-DECRep;
(2)、验证Cert REQ的合法性得到Res REQ,根据包括Res REQ在内的信息生成Pub REQ(2), verify the legitimacy of Cert REQ to obtain Res REQ , and generate Pub REQ according to the information including Res REQ ;
(3)、利用Nonce REQID对ID REQ进行异或运算得到
Figure PCTCN2021140178-appb-000070
利用Nonce REQPub对Pub REQ进行异或运算得到
Figure PCTCN2021140178-appb-000071
(3), use Nonce REQID to perform XOR operation on ID REQ to get
Figure PCTCN2021140178-appb-000070
Using Nonce REQPub to XOR the Pub REQ to get
Figure PCTCN2021140178-appb-000071
(4)、计算生成第一数字签名Sig AS_REQ1和第三数字签名Sig AS_REQ3(4) Calculate and generate the first digital signature Sig AS_REQ1 and the third digital signature Sig AS_REQ3 .
S617、AS-REQ向AS-AAC发送第二鉴别响应消息AS-REQVeri。S617. The AS-REQ sends the second authentication response message AS-REQVeri to the AS-AAC.
所述AS-REQVeri包括
Figure PCTCN2021140178-appb-000072
Nonce REQ
Figure PCTCN2021140178-appb-000073
Sig AS_REQ1
Figure PCTCN2021140178-appb-000074
Figure PCTCN2021140178-appb-000075
Nonce AAC
Figure PCTCN2021140178-appb-000076
和Sig AS_REQ3,其中,Sig AS_REQ1的签名数据包括
Figure PCTCN2021140178-appb-000077
Figure PCTCN2021140178-appb-000078
Nonce REQ
Figure PCTCN2021140178-appb-000079
Sig AS_REQ3的签名数据包括
Figure PCTCN2021140178-appb-000080
Nonce AAC
Figure PCTCN2021140178-appb-000081
The AS-REQVeri includes
Figure PCTCN2021140178-appb-000072
Nonce REQ ,
Figure PCTCN2021140178-appb-000073
Sig AS_REQ1 ,
Figure PCTCN2021140178-appb-000074
Figure PCTCN2021140178-appb-000075
Nonce AAC ,
Figure PCTCN2021140178-appb-000076
and Sig AS_REQ3 , where the signature data of Sig AS_REQ1 includes
Figure PCTCN2021140178-appb-000077
Figure PCTCN2021140178-appb-000078
Nonce REQ and
Figure PCTCN2021140178-appb-000079
The signature data of Sig AS_REQ3 includes
Figure PCTCN2021140178-appb-000080
Nonce AAC and
Figure PCTCN2021140178-appb-000081
S618、AS-AAC接收到AS-REQVeri后,执行下述操作,包括:S618. After the AS-AAC receives the AS-REQVeri, it performs the following operations, including:
(1)、利用AS-REQ的公钥验证Sig AS_REQ3;若验证不通过,则丢弃AS-REQVeri; (1), utilize the public key of AS-REQ to verify Sig AS_REQ3 ; If the verification fails, then discard AS-REQVeri;
(2)、计算AS-AAC的第一消息鉴别码MIC AS_AAC(2) Calculate the first message authentication code MIC AS_AAC of the AS-AAC.
S619、AS-AAC向AAC发送第一鉴别响应消息ASVeri。S619. The AS-AAC sends a first authentication response message ASVeri to the AAC.
所述ASVeri中包括
Figure PCTCN2021140178-appb-000082
Nonce REQ
Figure PCTCN2021140178-appb-000083
Sig AS_REQ1
Figure PCTCN2021140178-appb-000084
Figure PCTCN2021140178-appb-000085
Nonce AAC
Figure PCTCN2021140178-appb-000086
和MIC AS_AAC。其中,
Figure PCTCN2021140178-appb-000087
Nonce REQ
Figure PCTCN2021140178-appb-000088
Figure PCTCN2021140178-appb-000089
Sig AS_REQ1
Figure PCTCN2021140178-appb-000090
Nonce AAC
Figure PCTCN2021140178-appb-000091
应分别等于AS-REQVeri中的相应字段;MIC AS_AAC是AS-AAC利用所述K AAC_AS,采用与AAC约定的杂凑算法对包括
Figure PCTCN2021140178-appb-000092
Figure PCTCN2021140178-appb-000093
Nonce AAC
Figure PCTCN2021140178-appb-000094
在内的信息计算的杂凑值。 The ASVeri includes
Figure PCTCN2021140178-appb-000082
Nonce REQ ,
Figure PCTCN2021140178-appb-000083
Sig AS_REQ1 ,
Figure PCTCN2021140178-appb-000084
Figure PCTCN2021140178-appb-000085
Nonce AAC ,
Figure PCTCN2021140178-appb-000086
and MIC AS_AAC . in,
Figure PCTCN2021140178-appb-000087
Nonce REQ ,
Figure PCTCN2021140178-appb-000088
Figure PCTCN2021140178-appb-000089
Sig AS_REQ1 ,
Figure PCTCN2021140178-appb-000090
Nonce AAC ,
Figure PCTCN2021140178-appb-000091
Should be equal to the corresponding fields in AS-REQVeri respectively; MIC AS_AAC is that AS-AAC utilizes the K AAC_AS , adopts the hash algorithm agreed with AAC to include
Figure PCTCN2021140178-appb-000092
Figure PCTCN2021140178-appb-000093
Nonce AAC and
Figure PCTCN2021140178-appb-000094
The hash value calculated with the information included.
S620、AAC接收到ASVeri后,执行下述操作,包括:S620. After AAC receives ASVeri, the following operations are performed, including:
(1)、利用Nonce AACID
Figure PCTCN2021140178-appb-000095
进行异或运算恢复ID AAC,检查ID AAC、Nonce AAC是否分别与AAC自身的身份标识ID AAC、AAC生成的Nonce AAC相同;若不同,则丢弃ASVeri; (1), using Nonce AACID pair
Figure PCTCN2021140178-appb-000095
Perform XOR operation to restore ID AAC , check whether ID AAC and Nonce AAC are the same as AAC's own identity ID AAC and Nonce AAC generated by AAC respectively; if they are different, discard ASVeri;
(2)、验证MIC AS_AAC;若验证不通过,则丢弃ASVeri;验证过程参见图4实施例中的相关内容; (2), verify MIC AS_AAC ; If verification fails, then discard ASVeri; Verification process refers to the relevant content in the embodiment of Fig. 4;
(3)、利用消息加密密钥计算EncData AAC(3), utilize message encryption key to calculate EncData AAC ;
(4)、计算MacTag AAC(4), calculate MacTag AAC .
S621、AAC向REQ发送第三鉴别响应消息AACAuth。S621. AAC sends a third authentication response message AACAuth to REQ.
所述AACAuth中包括Nonce AAC、Nonce REQ、EncData AAC和MacTag AAC。其中,Nonce REQ和Nonce AAC为可选字段,且应分别等于REQInit中的Nonce REQ和AAC生成的Nonce AAC;EncData AAC是AAC利用消息加密密钥,采用对称加密算法对包括
Figure PCTCN2021140178-appb-000096
Nonce REQ
Figure PCTCN2021140178-appb-000097
Nonce AACPub、Sig AS_REQ1和ID AAC在内的加密数据加密生成的;MacTag AAC的计算方式如图3实施例中相关描述。 The AACAuth includes Nonce AAC , Nonce REQ , EncData AAC and MacTag AAC . Wherein, Nonce REQ and Nonce AAC are optional fields, and should be equal to the Nonce AAC generated by Nonce REQ and AAC in REQInit respectively; EncData AAC is that AAC utilizes a message encryption key, and adopts a symmetric encryption algorithm to include
Figure PCTCN2021140178-appb-000096
Nonce REQ ,
Figure PCTCN2021140178-appb-000097
The encrypted data including Nonce AACPub , Sig AS_REQ1 and ID AAC are encrypted and generated; the calculation method of MacTag AAC is described in the embodiment of FIG. 3 .
S622、REQ接收到AACAuth后,执行下述操作,包括:S622. After receiving the AACAuth, REQ performs the following operations, including:
(1)、若AACAuth中存在Nonce REQ和/或Nonce AAC,则检查Nonce REQ是否与REQ生成的Nonce REQ相同,和/或,检查Nonce AAC是否与AACInit中的Nonce AAC相同; (1) If there is Nonce REQ and/or Nonce AAC in AACAuth, check whether the Nonce REQ is the same as the Nonce REQ generated by REQ, and/or, check whether the Nonce AAC is the same as the Nonce AAC in AACInit;
(2)、验证MacTag AAC;验证过程如图3实施例中相关描述; (2), verify MacTag AAC ; The verification process is described in the relevant description in the embodiment of Fig. 3;
(3)、利用消息加密密钥解密EncData AAC得到
Figure PCTCN2021140178-appb-000098
Nonce REQ
Figure PCTCN2021140178-appb-000099
Nonce AACPub、Sig AS_REQ1和ID AAC(3), decrypt the EncData AAC using the message encryption key to obtain
Figure PCTCN2021140178-appb-000098
Nonce REQ ,
Figure PCTCN2021140178-appb-000099
Nonce AACPub , Sig AS_REQ1 and ID AAC ;
(4)、利用Nonce REQID
Figure PCTCN2021140178-appb-000100
进行异或运算恢复ID REQ,利用Nonce AACPub
Figure PCTCN2021140178-appb-000101
Figure PCTCN2021140178-appb-000102
进行异或运算恢复Pub AAC(4), use Nonce REQID to pair
Figure PCTCN2021140178-appb-000100
Perform XOR operation to restore ID REQ , use Nonce AACPub to pair
Figure PCTCN2021140178-appb-000101
Figure PCTCN2021140178-appb-000102
Perform XOR operation to restore Pub AAC ;
(5)、检查ID REQ、Nonce REQ是否分别与REQ自身的身份标识ID REQ、REQ生成的Nonce REQ相同; (5), check whether ID REQ and Nonce REQ are the same as the Nonce REQ generated by REQ's own identity ID REQ and REQ respectively;
(6)、检查Pub AAC中的ID AAC是否与解密得到的ID AAC一致; (6), check whether the ID AAC in the Pub AAC is consistent with the ID AAC obtained by decryption;
(7)、利用AS-REQ的公钥验证Sig AS_REQ1(7), utilize the public key of AS-REQ to verify Sig AS_REQ1 ;
(8)、上述检查与验证中任一步不通过,则立即丢弃AACAuth;上述检查和验证均通过后,根据Pub AAC中的Res AAC确定AAC的身份鉴别结果;若AAC为不合法,则结束本次鉴别过程; (8) If any one of the above checks and verifications fails, AACAuth will be discarded immediately; after all the above checks and verifications are passed, the identity authentication result of AAC will be determined according to Res AAC in Pub AAC ; secondary identification process;
(9)、利用消息加密密钥计算生成EncData REQ;计算生成MacTag REQ(9), utilize the message encryption key to calculate and generate EncData REQ ; calculate and generate MacTag REQ .
S623、REQ向AAC发送第四鉴别响应消息REQAuth。S623. REQ sends a fourth authentication response message REQAuth to the AAC.
所述REQAuth中包括Nonce AAC、Nonce REQ、EncData REQ和MacTag REQ。其中,Nonce AAC和Nonce REQ为可选字段,且应分别等于AACInit中的Nonce AAC和REQ生成的Nonce REQ;EncData REQ的加密数据包括Nonce REQPub;MacTag REQ的计算过程如图3实施例中相关描述。 The REQAuth includes Nonce AAC , Nonce REQ , EncData REQ and MacTag REQ . Wherein, Nonce AAC and Nonce REQ are optional fields, and should be equal to the Nonce REQ generated by Nonce AAC and REQ in AACInit respectively; The encrypted data of EncData REQ includes Nonce REQPub ; The calculation process of MacTag REQ is described in relation to the embodiment as shown in Figure 3 .
S624、AAC接收到REQAuth后,执行下述操作,包括:S624. After receiving REQAuth, AAC performs the following operations, including:
(1)、若REQAuth中存在Nonce AAC和/或Nonce REQ,则检查Nonce AAC和AAC生成的Nonce AAC是否相同,和/或,检查Nonce REQ是否与REQInit中的Nonce REQ相同; (1) If there is Nonce AAC and/or Nonce REQ in REQAuth, check whether Nonce AAC and Nonce AAC generated by AAC are the same, and/or, check whether Nonce REQ is the same as Nonce REQ in REQInit;
(2)、验证MacTag REQ;验证过程如图3实施例中相关描述; (2), verify MacTag REQ ; The verification process is described in relation to the embodiment as shown in Figure 3;
(3)、利用消息加密密钥解密EncData REQ得到Nonce REQPub(3), utilize message encryption key to decrypt EncData REQ to obtain Nonce REQPub ;
(4)、利用Nonce REQPub
Figure PCTCN2021140178-appb-000103
进行异或运算恢复Pub REQ(4), use Nonce REQPub to pair
Figure PCTCN2021140178-appb-000103
Perform XOR operation to restore Pub REQ ;
(5)、上述检查及验证均通过,则根据Pub REQ中的Res REQ确定REQ的身份鉴别结果;上述检查与验证中任一步不通过,则立即丢弃REQAuth。 (5) If the above checks and verifications are all passed, the identity authentication result of REQ is determined according to the Res REQ in the Pub REQ ; if any step of the above checks and verifications fails, REQAuth is immediately discarded.
由此,在S622和S624分别实现了漫游情况下对AAC和对REQ的身份鉴别,即实现REQ和AAC的双向身份鉴别,并且REQ和AAC的鉴别结果全程以密文传输,实现了REQ和AAC的身份保护。Thus, in S622 and S624, the identity authentication of the AAC and the REQ in the case of roaming is realized respectively, that is, the bidirectional identity authentication of the REQ and the AAC is realized, and the authentication results of the REQ and AAC are transmitted in cipher text throughout the whole process, realizing the REQ and AAC. identity protection.
需要说明的是,S610、S611中的第二数字签名Sig AS_AAC2可以替换为第二消息鉴别码MIC AS_AAC2,其中,MIC AS_AAC2是AS-AAC利用与AS-REQ的预共享密钥,采用与AS-REQ约定的杂凑算法对包括AS-AACVeri中MIC AS_AAC2之前的其他字段计算的杂凑值;则S612中AS-REQ验证Sig AS_AAC2替换为验证MIC AS_AAC2。S616、S617中的第三数字签名Sig AS_REQ3可以替换为第三消息鉴别码MIC AS_REQ3,其中,MIC AS_REQ3是AS-REQ利用与AS-AAC的预共享密钥,采用与AS-AAC约定的杂凑算法对包括AS-REQVeri中的
Figure PCTCN2021140178-appb-000104
Nonce AAC
Figure PCTCN2021140178-appb-000105
在内的字段计算的杂凑值;则S618中AS-AAC验证Sig AS_REQ3替换为验证MIC AS_REQ3It should be noted that the second digital signature Sig AS_AAC2 in S610 and S611 can be replaced with the second message authentication code MIC AS_AAC2 , where MIC AS_AAC2 is the pre-shared key used by AS-AAC with AS-REQ, and the The hash algorithm agreed by REQ includes the hash value calculated by other fields before MIC AS_AAC2 in AS-AACVeri; then the AS-REQ verification Sig AS_AAC2 in S612 is replaced by the verification MIC AS_AAC2 . The third digital signature Sig AS_REQ3 in S616 and S617 can be replaced with a third message authentication code MIC AS_REQ3 , wherein MIC AS_REQ3 is the hash algorithm agreed with AS-AAC by AS-REQ using the pre-shared key with AS-AAC For including AS-REQVeri in
Figure PCTCN2021140178-appb-000104
Nonce AAC and
Figure PCTCN2021140178-appb-000105
The hash value calculated by the field including the field; then in S618, the AS-AAC verification Sig AS_REQ3 is replaced by the verification MIC AS_REQ3 .
在上述各实施例中,每条消息还可以携带一个杂凑值HASH X_Y,该杂凑值HASH X_Y是该消息的发送方实体X利用杂凑算法对接收到的对端实体Y发送的最新前序消息计算得到的,用于对端实体Y来验证实体X是否接收到完整的最新前序消息。其中,HASH REQ_AAC表示REQ对接收到的AAC发送的最新前序消息计算的杂凑值,HASH AAC_REQ表示AAC对接收到的REQ发送的最新前序消息计算的杂凑值,HASH AAC_AS-AAC表示AAC对接收到的AS-AAC发送的最新前序消息计算的杂凑值,HASH AS-AAC_AAC表示AS-AAC对接收到的AAC发送的最新前序消息计算的杂凑值,HASH AS-AAC_AS-REQ表示AS-AAC对接收到的AS-REQ发送的最新前序消息计算的杂凑值,HASH AS-REQ_AS-AAC表示AS-REQ对接收到的AS-AAC发送的最新前序消息计算的杂凑值。若发送方实体X当前发送的消息为实体X和实体Y之间交互的首条消息,意味着实体X未曾收到对端实体Y发送的前序消息,则该条消息中HASH X_Y可以不存在或者无意义。 In each of the above embodiments, each message may also carry a hash value HASH X_Y , and the hash value HASH X_Y is calculated by the sender entity X of the message using the hash algorithm on the latest pre-order message sent by the peer entity Y received. obtained, which is used by the peer entity Y to verify whether the entity X has received the complete latest pre-order message. Among them, HASH REQ_AAC represents the hash value calculated by REQ on the latest pre-order message sent by the received AAC, HASH AAC_REQ represents the hash value calculated by AAC on the latest pre-order message sent by the received REQ, and HASH AAC_AS-AAC represents the hash value calculated by AAC on the received Hash value calculated by the latest pre-order message sent by the received AS-AAC, HASH AS-AAC_AAC represents the hash value calculated by AS-AAC for the latest pre-order message sent by the received AAC, HASH AS-AAC_AS-REQ represents the AS-AAC Hash value calculated for the latest pre-order message sent by AS-REQ received, HASH AS-REQ_AS-AAC indicates the hash value calculated by AS-REQ for the latest pre-order message sent by AS-AAC received. If the message currently sent by the sender entity X is the first message in the interaction between entity X and entity Y, it means that entity X has not received the pre-order message sent by the peer entity Y, then HASH X_Y may not exist in the message or meaningless.
对应的,对端实体Y接收到实体X发送的消息后,若该条消息中包含HASH X_Y,则当实体Y未曾向实体X发送过前序消息时,实体Y忽略HASH X_Y;当实体Y曾向实体X发送过前序消息时,实体Y利用杂凑算法对之前向实体X发送的最新前序消息在本地计算杂凑值,并与接收到的消息中携带的杂凑值HASH X_Y比较,若一致,则执行后续步骤,否则丢弃或者结束本次鉴别过程。 Correspondingly, after the peer entity Y receives the message sent by the entity X, if the message contains HASH X_Y , then when the entity Y has not sent the preorder message to the entity X, the entity Y ignores the HASH X_Y ; When sending a pre-order message to entity X, entity Y uses the hash algorithm to calculate the hash value locally for the latest pre-order message previously sent to entity X, and compares it with the hash value HASH X_Y carried in the received message. If they are consistent, Then execute the following steps, otherwise discard or end the current authentication process.
本发明中,对实体X而言,对端实体Y向实体X发送的前序消息指的是:实体X向对端实体Y发送消息M之前,接收过的对端实体Y向实体X发送的消息;对端实体Y向实体X发送的最新前序消息指的是:实体X向对端实体Y发送消息M之前,接收的对端实体Y向实体X发送的最新一条消息。若实体X向其对端实体Y发送的消息M是实体X和实体Y之间交互的第一条消息,则实体X向其对端实体Y发送消息M之前,不存在对端实体Y向实体X发送的前序消息。In the present invention, for the entity X, the pre-order message sent by the peer entity Y to the entity X refers to the received message M sent by the peer entity Y to the entity X before the entity X sends the message M to the peer entity Y. Message; the latest pre-order message sent by peer entity Y to entity X refers to the latest message sent by peer entity Y to entity X before entity X sends message M to peer entity Y. If the message M sent by entity X to its peer entity Y is the first message exchanged between entity X and entity Y, then there is no peer entity Y to the entity before entity X sends message M to its peer entity Y The preorder message sent by X.
上述图3至图6所对应实施例中的可选字段和可选操作,在说明书附图的图3至图6中用“*”表示。以上所有实施例涉及的消息中所包括的各个内容不限定顺序,并且在没有特别说明的情况下,不限定消息接收方收到消息后对相关消息的操作顺序以及对消息中所包括的内容进行处理的顺序。The optional fields and optional operations in the embodiments corresponding to FIG. 3 to FIG. 6 are represented by “*” in FIG. 3 to FIG. 6 of the accompanying drawings. The contents included in the messages involved in all the above embodiments are not limited in order, and unless otherwise specified, the order of operations performed by the message receiver on the related messages after receiving the message and the content included in the message are not limited. order of processing.
基于图1至图6所对应的方法实施例,参见图7,本申请实施例还提供了一种请求设备700,包括:Based on the method embodiments corresponding to FIGS. 1 to 6 , and referring to FIG. 7 , an embodiment of the present application further provides a requesting device 700 , including:
加密模块710,用于利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成第一身份信息密文,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥;The encryption module 710 is configured to use the public key of the encryption certificate to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device to generate a ciphertext of the first identity information, the ciphertext of the requesting device. the identity information includes a digital certificate of the requesting device, and the first identity key includes a second key;
发送模块720,用于向鉴别接入控制器发送身份密文消息,所述身份密文消息包括所述第一身份信息密文;A sending module 720, configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the ciphertext of the first identity information;
接收模块730,用于接收所述鉴别接入控制器发送的第三鉴别响应消息,所述第三鉴别响应消息中包括身份鉴别结果信息密文,所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和第一数字签名在内的加密数据加密生成的;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述请求设备信任的第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名;A receiving module 730, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication result information ciphertext. The access controller uses a message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature; the first authentication result information includes the first authentication result information for the authentication access controller. Verification result, the first digital signature is a digital signature calculated and generated by a second authentication server trusted by the requesting device on the signature data including the first authentication result information;
解密模块740,用于利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名;A decryption module 740, configured to decrypt the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;
验证模块750,用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则确定模块760根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;当确定模块760确定所述鉴别接入控制器的身份鉴别结果为合法时,发送模块720向所述鉴别接入控制器发送第四鉴别响应消息;或者,The verification module 750 is configured to use the public key of the second authentication server to verify the first digital signature. If the verification is passed, the determination module 760 determines the first digital signature according to the first verification result in the first authentication result information. The identity authentication result of the authentication access controller; when the determination module 760 determines that the identity authentication result of the authentication access controller is legal, the sending module 720 sends a fourth authentication response message to the authentication access controller; or ,
验证模块750用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则发送模块720向所述鉴别接入控制器发送第四鉴别响应消息以及确定模块760根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;或者,The verification module 750 is configured to use the public key of the second authentication server to verify the first digital signature. If the verification is passed, the sending module 720 sends a fourth authentication response message and a determination module to the authentication access controller. 760 Determine the identity authentication result of the authentication access controller according to the first verification result in the first authentication result information; or,
验证模块750用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证;若所述第一数字签名验证通过,则确定模块760根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;发送模块720向所述鉴别接入控制器发送第四鉴别响应消息;The verification module 750 is configured to use the public key of the second authentication server to verify the first digital signature; if the verification of the first digital signature is passed, the determination module 760 determines the first digital signature according to the first authentication result information. A verification result determines the identity authentication result of the authentication access controller; the sending module 720 sends a fourth authentication response message to the authentication access controller;
其中,所述第四鉴别响应消息包括第二密钥密文,所述第二密钥密文是加密模块710利用消息加密密钥对包括所述第二密钥在内的信息加密生成的。The fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by the encryption module 710 using a message encryption key to encrypt information including the second key.
可选的,在发送模块720发送身份密文消息之前,接收模块730还用于:接收所述鉴别接入控制器发送的密钥请求消息,所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数;所述请求设备还包括:Optionally, before the sending module 720 sends the identity ciphertext message, the receiving module 730 is further configured to: receive a key request message sent by the authentication access controller, where the key request message includes the authentication access controller. key exchange parameters of the controller; the requesting device further includes:
计算模块,用于根据包括所述请求设备的密钥交换参数对应的临时私钥和所述鉴别接入控制器的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥,根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥;A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller , calculate the message encryption key by using a key derivation algorithm according to the information including the first key;
则所述身份密文消息中还包括所述请求设备的密钥交换参数。Then, the identity ciphertext message also includes the key exchange parameter of the requesting device.
可选的,所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数;则所述计算模块具体用于:根据包括所述第一密钥、所述第一随机数和所述请求设备生成的第二随机数在内的信息计算所述消息加密密钥;对应的,所述身份密文消息中还包括所述第二随机数。Optionally, the key request message further includes a first random number generated by the authentication access controller; then the calculation module is specifically configured to: The message encryption key is calculated using information including the number and the second random number generated by the requesting device; correspondingly, the identity ciphertext message also includes the second random number.
可选的,所述密钥请求消息中还包括所述鉴别接入控制器支持的安全能力参数信息;确定模块760还用于根据所述安全能力参数信息确定所述请求设备使用的特定安全策略;则所述身份密文消息中还包括所述特定安全策略。Optionally, the key request message further includes security capability parameter information supported by the authentication access controller; the determining module 760 is further configured to determine a specific security policy used by the requesting device according to the security capability parameter information ; then the identity ciphertext message also includes the specific security policy.
可选的,所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识;则确定模块760还用于根据所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识,确定所述请求设备信任的至少一个鉴别服务器的身份标识;则所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识。Optionally, the key request message also includes the identity of at least one authentication server trusted by the authentication access controller; then the determining module 760 is further configured to identify at least one authentication server trusted by the authentication access controller. The identity identifier of the server determines the identity identifier of at least one authentication server trusted by the requesting device; the identity ciphertext message also includes the identity identifier of at least one authentication server trusted by the requesting device.
可选的,发送模块720发送的身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识。Optionally, the identity ciphertext message sent by the sending module 720 further includes the identity identifier of at least one authentication server trusted by the requesting device.
可选的,所述请求设备的身份信息还包括所述请求设备的身份标识;所述第一身份密钥还包括第三密钥;则所述第一鉴别响应消息中还包括所述请求设备的身份标识密文;所述请求设备的身份标识密文是利用所述第三密钥对包括所述请求设备的身份标识在内的信息加密生成的;Optionally, the identity information of the requesting device further includes the identity of the requesting device; the first identity key further includes a third key; then the first authentication response message also includes the requesting device The identity ciphertext of the requesting device; the identity ciphertext of the requesting device is generated by using the third key to encrypt the information including the identity of the requesting device;
所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述请求设备的身份标识密文;所述解密模块解密所述身份鉴别结果信息密文还得到所述请求设备的身份标识密文;The encrypted data of the ciphertext of the identity authentication result information in the third authentication response message also includes the ciphertext of the identity identification of the requesting device; the decryption module decrypts the ciphertext of the identity authentication result information and obtains the ciphertext of the requesting device. ID ciphertext;
则在确定模块760确定所述鉴别接入控制器的身份鉴别结果之前,验证模块750还用于根据所述请求设备自身的身份标识和所述第三密钥对所述请求设备的身份标识密文进行验证。Then, before the determination module 760 determines the identity authentication result of the authentication access controller, the verification module 750 is further configured to encrypt the identity of the requesting device according to the identity of the requesting device and the third key. text to verify.
可选的,接收模块730接收的第三鉴别响应消息中还包括第一消息完整性校验码;则在确定模块760确定所述鉴别接入控制器的身份鉴别结果之前,验证模块750还用于利用消息完整性校验密钥对所述第一消息完整性校验码进行验证;其中,所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Optionally, the third authentication response message received by the receiving module 730 also includes the first message integrity check code; before the determination module 760 determines the identity authentication result of the authentication access controller, the verification module 750 also uses The first message integrity check code is verified by using a message integrity check key; wherein, the message integrity check key and the message encryption key are generated in the same manner.
可选的,发送模块720发送的第四鉴别响应消息中还包括第二消息完整性校验码,所述第二消息完整性校验码是所述请求设备利用消息完整性校验密钥对包括所述第四鉴别响应消息中除所述第二消息完整性校验码外的其他字段计算生成的;其中,所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Optionally, the fourth authentication response message sent by the sending module 720 further includes a second message integrity check code, where the second message integrity check code is the key pair used by the requesting device for message integrity check. Including the calculation and generation of other fields except the second message integrity check code in the fourth authentication response message; wherein, the message integrity check key and the message encryption key are generated in the same manner .
可选的,所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的;所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥;Optionally, the first authentication result information is generated by encrypting the information including the first authentication result of the authentication access controller by using the fourth key; The encrypted data of the ciphertext of the identity authentication result information also includes the fourth key;
则解密模块740解密所述身份鉴别结果信息密文还得到所述第四密钥,解密模块740还用于利用所述第四密钥解密所述第一鉴别结果信息得到第一验证结果。Then, the decryption module 740 decrypts the ciphertext of the identity authentication result information to obtain the fourth key, and the decryption module 740 is further configured to use the fourth key to decrypt the first authentication result information to obtain the first verification result.
可选的,所述请求设备向所述鉴别接入控制器发送的消息还包括所述请求设备对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值。Optionally, the message sent by the requesting device to the authentication access controller further includes a hash value calculated by the requesting device on the received latest pre-order message sent by the authentication access controller.
参见图8,本申请实施例还提供了一种鉴别接入控制器800,包括:Referring to FIG. 8, an embodiment of the present application further provides an authentication access controller 800, including:
接收模块810,用于接收请求设备发送的身份密文消息,所述身份密文消息包括第一身份信息密文;所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的;所述请求设备的身份信息包括所述请求设备的数字证书;所述第一身份密钥包括第二密钥;The receiving module 810 is configured to receive the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the first identity information ciphertext; the first identity information ciphertext is the public key pair of the encryption certificate used by the requesting device The information including the identity information of the requesting device and the first identity key of the requesting device is encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key including the second key;
发送模块820,用于向所述鉴别接入控制器信任的第一鉴别服务器发送第一鉴别请求消息,所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码;所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的;A sending module 820, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the ciphertext of the first identity information and the authentication access The identity authentication code of the controller; the identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the pre-shared key with the first authentication server. The cryptographic algorithm is generated by calculating the information including the ciphertext of the first identity information;
接收模块810还用于接收所述第一鉴别服务器发送的第一鉴别响应消息,所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名,所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的,所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果,所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥,采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的;The receiving module 810 is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first digital signature of the second authentication server trusted by the requesting device , the second authentication result information ciphertext and the first message authentication code of the first authentication server; the first authentication result information includes the first authentication result for the authentication access controller, the first number The signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result information. The information including the result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code of the first authentication server. The authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;
验证模块830,用于利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码;A verification module 830, configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting a cryptographic algorithm agreed with the first authentication server;
发送模块820,还用于若验证通过,向所述请求设备发送第三鉴别响应消息,所述第三鉴别响应消息中包括身份鉴别结果信息密文,所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的;The sending module 820 is further configured to send a third authentication response message to the requesting device if the verification is passed, where the third authentication response message includes the ciphertext of the identity authentication result information, and the ciphertext of the identity authentication result information is the The authentication access controller encrypts and generates encrypted data including the first authentication result information and the first digital signature by using a message encryption key;
接收模块810,还用于接收所述请求设备发送的第四鉴别响应消息,所述第四鉴别响应消息包括第二密钥密文,所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的;The receiving module 810 is further configured to receive a fourth authentication response message sent by the requesting device, where the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is encrypted by using the message. The key pair is generated by encrypting the information including the second key;
解密模块840,用于利用所述消息加密密钥解密所述第二密钥密文得到第二密钥,利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息;The decryption module 840 is configured to use the message encryption key to decrypt the second key ciphertext to obtain a second key, and use the second key to decrypt the second authentication result information ciphertext to obtain a second key. Identification result information;
确定模块850,用于根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。The determining module 850 is configured to determine the identity authentication result of the requesting device according to the second verification result in the second authentication result information.
可选的,在接收所述身份密文消息之前,发送模块820还用于:向所述请求设备发送密钥请求消息,所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数;则所述身份密文消息中还包括所述请求设备的密钥交换参数;所述鉴别接入控制器还包括:Optionally, before receiving the identity ciphertext message, the sending module 820 is further configured to: send a key request message to the requesting device, where the key request message includes the key for authenticating the access controller exchange parameters; then the identity ciphertext message also includes the key exchange parameters of the requesting device; the authentication access controller further includes:
计算模块,用于根据包括所述鉴别接入控制器的密钥交换参数对应的临时私钥和所述请求设备的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥,根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥。A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device , and calculate the message encryption key by using a key derivation algorithm according to the information including the first key.
可选的,所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数;对应的,所述身份密文消息中还包括所述请求设备生成的第二随机数;所述计算模块具体用于:根据包括所述第一密钥、所述第一随机数和所述第二随机数在内的信息计算所述消息加密密钥。Optionally, the key request message further includes a first random number generated by the authentication access controller; correspondingly, the identity ciphertext message further includes a second random number generated by the requesting device; The calculation module is specifically configured to calculate the message encryption key according to information including the first key, the first random number and the second random number.
可选的,所述身份密文消息中还包括所述第一随机数;在所述计算模块计算所述消息加密密钥之前,验证模块830还用于对所述身份密文消息中的第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证。Optionally, the identity ciphertext message further includes the first random number; before the computing module calculates the message encryption key, the verification module 830 is further configured to verify the first random number in the identity ciphertext message. The consistency of a random number and the first random number generated by the authentication access controller is verified.
可选的,所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识;对应的,所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识;确定模块850还用于根据所述身份密文消息中所述请求设备信任的至少一个鉴别服务器的身份标识和所述密钥请求消息中所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识,确定所述第一鉴别服务器。Optionally, the key request message further includes an identity identifier of at least one authentication server trusted by the authentication access controller; correspondingly, the identity ciphertext message also includes at least one authentication server trusted by the requesting device. The identity identifier of the authentication server; the determining module 850 is further configured to determine the identity identifier of at least one authentication server trusted by the requesting device in the identity ciphertext message and the authentication access controller trusted by the authentication access controller in the key request message. The identity identifier of at least one authentication server determines the first authentication server.
可选的,所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识;确定模块850还用于根据所述请求设备信任的至少一个鉴别服务器的身份标识和所述鉴别接入控制器信任的鉴别服务器的身份标识,确定所述第一鉴别服务器。Optionally, the identity ciphertext message also includes the identity of the at least one authentication server trusted by the requesting device; the determining module 850 is further configured to determine the identity of the at least one authentication server trusted by the requesting device and the identity of the at least one authentication server trusted by the requesting device. Identify the identity of the authentication server trusted by the access controller, and determine the first authentication server.
可选的,所述第一鉴别请求消息中还包括所述鉴别接入控制器的身份标识和/或所述鉴别接入控制器生成的第一随机数;对应的,所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识和/或所述第一随机数;在发送模块820发送第三鉴别响应消息之前,验证模块830还用于对所述第一鉴别响应消息中的所述鉴别接入控制器的身份标识和所述鉴别接入控制器自身的身份标识的一致性进行验证; 和/或,对所述第一鉴别响应消息中的所述第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证。Optionally, the first authentication request message further includes the identity of the authentication access controller and/or the first random number generated by the authentication access controller; correspondingly, the first authentication response The message also includes the identity identifier of the authentication access controller and/or the first random number; before the sending module 820 sends the third authentication response message, the verification module 830 is further configured to respond to the first authentication response message Verify the consistency of the identity of the authentication access controller and the identity of the authentication access controller itself in the authentication access controller; and/or, to the first random number in the first authentication response message The consistency with the first random number generated by the authentication access controller is verified.
可选的,所述第一鉴别请求消息中还包括第二身份信息密文,所述第二身份信息密文是所述鉴别接入控制器利用加密证书对包括所述鉴别接入控制器的身份标识和所述鉴别接入控制器的第二身份密钥在内的信息加密生成的,所述第二身份密钥包括第四密钥和第五密钥;Optionally, the first authentication request message further includes a ciphertext of second identity information, where the ciphertext of the second identity information is the authentication access controller using an encrypted certificate to pair the authentication access controller with the ciphertext. The identity identifier and the information including the second identity key for identifying the access controller are encrypted and generated, and the second identity key includes a fourth key and a fifth key;
相应的,所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识密文;所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的;所述鉴别接入控制器的身份标识密文是利用所述第五密钥对包括所述鉴别接入控制器的身份标识在内的信息加密生成的;Correspondingly, the first authentication response message further includes the identity ciphertext of the authentication access controller; the first authentication result information includes the authentication access controller using the fourth key pair. The information including the first verification result of the authentication access controller is encrypted and generated; the ciphertext of the identity identification of the authentication access controller is to use the fifth key to encrypt the information including the identification of the authentication access controller. Generated;
验证模块830还用于:根据所述鉴别接入控制器自身的身份标识和所述第五密钥对所述鉴别接入控制器的身份标识密文进行验证;若验证通过,则发送模块820再向所述请求设备发送第三鉴别响应消息;其中,所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥。The verification module 830 is further configured to: verify the ciphertext of the identity identification of the identification access controller according to the identification of the identification access controller itself and the fifth key; if the verification is passed, the sending module 820 Then, send a third authentication response message to the requesting device; wherein, the encrypted data of the ciphertext of the identity authentication result information in the third authentication response message further includes the fourth key.
可选的,发送模块820发送的所述第三鉴别响应消息中还包括第一消息完整性校验码,所述第一消息完整性校验码是所述鉴别接入控制器利用消息完整性校验密钥对包括所述第三鉴别响应消息中除所述第一消息完整性校验码外的其他字段计算生成的;其中,所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Optionally, the third authentication response message sent by the sending module 820 further includes a first message integrity check code, and the first message integrity check code is the message integrity used by the authentication access controller. The verification key pair includes the calculation and generation of other fields in the third authentication response message except the first message integrity verification code; wherein, the message integrity verification key is the same as the message encryption key. The keys are generated in the same way.
可选的,接收模块810接收的所述第四鉴别响应消息中还包括第二消息完整性校验码;则在确定模块850确定所述请求设备的身份鉴别结果之前,验证模块830还用于利用消息完整性校验密钥验证所述第二消息完整性校验码;其中,所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Optionally, the fourth authentication response message received by the receiving module 810 also includes a second message integrity check code; then before the determination module 850 determines the identity authentication result of the requesting device, the verification module 830 is also used for The second message integrity check code is verified using a message integrity check key; wherein the message integrity check key and the message encryption key are generated in the same manner.
可选的,当所述身份密文消息中还包括所述请求设备的数字签名时,在确定所述请求设备的身份鉴别结果之前,确定模块850还用于:确定所述请求设备的数字签名是否验证通过,若确定所述请求设备的数字签名验证通过,则再根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。Optionally, when the identity ciphertext message also includes the digital signature of the requesting device, before determining the identity authentication result of the requesting device, the determining module 850 is further configured to: determine the digital signature of the requesting device. Whether the verification is passed, if it is determined that the digital signature verification of the requesting device is passed, then the identity authentication result of the requesting device is determined according to the second verification result in the second authentication result information.
可选的,确定模块850通过以下方式确定所述请求设备的数字签名是否验证通过:Optionally, the determining module 850 determines whether the digital signature of the requesting device passes the verification in the following manner:
所述第二鉴别服务器利用所述请求设备的数字证书对所述请求设备的数字签名进行验证,若接收模块810接收到所述第一鉴别响应消息,则确定模块850确定所述请求设备的数字签名已验证通过;或者,The second authentication server verifies the digital signature of the requesting device by using the digital certificate of the requesting device. If the receiving module 810 receives the first authentication response message, the determining module 850 determines the digital signature of the requesting device. The signature has been verified; or,
当所述第二鉴别结果信息中还包括所述请求设备的数字证书时,由验证模块830利用所述请求设备的数字证书对所述请求设备的数字签名进行验证,确定模块850根据验证结果确定所述请求设备的数字签名是否验证通过。When the second authentication result information also includes the digital certificate of the requesting device, the verification module 830 uses the digital certificate of the requesting device to verify the digital signature of the requesting device, and the determining module 850 determines according to the verification result Whether the digital signature of the requesting device is verified.
可选的,所述鉴别接入控制器向所述请求设备发送的消息还包括所述鉴别接入控制器对接收到的所述请求设备发送的最新前序消息计算的杂凑值;所述鉴别接入控制器向所述第一鉴别服务器发送的消息还包括所述鉴别接入控制器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值。Optionally, the message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the requesting device; the authentication The message sent by the access controller to the first authentication server further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the first authentication server.
参见图9,本申请实施例还提供了一种第一鉴别服务器900,包括:Referring to FIG. 9, an embodiment of the present application further provides a first authentication server 900, including:
接收模块910,用于接收鉴别接入控制器发送的第一鉴别请求消息,所述第一鉴别请求消息中包括第一身份信息密文和所述鉴别接入控制器的身份鉴别码,所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥,所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的;The receiving module 910 is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the identity authentication code of the authentication access controller, the The first identity information ciphertext is generated by the requesting device by encrypting the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate, and the identity information of the requesting device is generated. It includes the digital certificate of the requesting device, the first identity key includes a second key, and the authentication code of the authentication access controller is the authentication code that the authentication access controller uses with the first authentication server. a pre-shared key, which is calculated and generated from the information including the ciphertext of the first identity information by using the cryptographic algorithm agreed with the first authentication server;
发送模块920,用于向所述鉴别接入控制器发送第一鉴别响应消息,所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名,所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的,所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果,所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥,采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的。A sending module 920, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information and a first digital signature of a second authentication server trusted by the requesting device , the second authentication result information ciphertext and the first message authentication code of the first authentication server; the first authentication result information includes the first authentication result for the authentication access controller, the first number The signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result information. The information including the result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code of the first authentication server. The authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information.
可选的,所述第一鉴别服务器900还包括:Optionally, the first authentication server 900 further includes:
第一验证模块,用于对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果,利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥,对所述请求设备的数字证书进行合法性验证得到第二验证结果;The first verification module is used to verify the identity authentication code of the authentication access controller to obtain a first verification result, and decrypt the ciphertext of the first identity information by using the private key corresponding to the encryption certificate to obtain the digital code of the requesting device. the certificate and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;
第一生成模块,用于根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息,根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息,利用所述第二密钥对包括第二鉴别结果信息 在内的信息加密生成第二鉴别结果信息密文,对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名,对包括所述第二鉴别结果信息密文在内的信息计算生成第一鉴别服务器的第一消息鉴别码;The first generation module is configured to generate the first identification result information according to the information including the first verification result, generate the second identification result information according to the information including the second verification result, and use the The second key encrypts the information including the second authentication result information to generate the ciphertext of the second authentication result information, calculates the signature data including the first authentication result information to generate the first digital signature, and generates the first digital signature for the information including the first authentication result information. The information including the ciphertext of the second authentication result information is calculated to generate the first message authentication code of the first authentication server;
第二生成模块,用于根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The second generating module is configured to, based on information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the first message authentication code of the first authentication server The first authentication response message is generated.
可选的,第一鉴别服务器900还包括:Optionally, the first authentication server 900 further includes:
第二验证模块,用于对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果;a second verification module, configured to verify the identity authentication code of the authentication access controller to obtain a first verification result;
第三生成模块,用于根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息,对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成第二数字签名或对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成第二消息鉴别码;A third generating module, configured to generate the first authentication result information according to the information including the first verification result, and sign the first authentication result information and the ciphertext of the first identity information. Data calculation to generate a second digital signature or calculation of information including the first authentication result information and the ciphertext of the first identity information to generate a second message authentication code;
所述发送模块,还用于向第二鉴别服务器发送第二鉴别请求消息,所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二数字签名或所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二消息鉴别码;The sending module is further configured to send a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second authentication request message. The digital signature or the second authentication request message includes the first authentication result information, the ciphertext of the first identity information, and the second message authentication code;
所述接收模块,还用于接收所述第二鉴别服务器发送的第二鉴别响应消息,所述第二鉴别响应消息中包括所述第一鉴别结果信息、第一数字签名、第二鉴别结果信息密文和第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、第一数字签名、第二鉴别结果信息密文和第三消息鉴别码;其中,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的;所述第三数字签名是所述第二鉴别服务器对包括所述第二鉴别结果信息密文在内的签名数据计算生成的或所述第三消息鉴别码是所述第二鉴别服务器对包括所述第二鉴别结果信息密文在内的信息计算生成的;The receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information The ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the third message authentication code; wherein the first authentication result information The digital signature is calculated and generated by the second authentication server on the signature data including the first authentication result information; the third digital signature is the encryption of the second authentication result information including the second authentication result information by the second authentication server. The signature data including the text is calculated and generated or the third message authentication code is generated by the second authentication server on the information including the cipher text of the second authentication result information;
第三验证模块,用于利用所述第二鉴别服务器的公钥验证所述第三数字签名或利用与所述第二鉴别服务器的预共享密钥验证所述第三消息鉴别码;a third verification module, configured to use the public key of the second authentication server to verify the third digital signature or to verify the third message authentication code using the pre-shared key with the second authentication server;
第四生成模块,用于若验证通过,则对包括所述第二鉴别结果信息密文在内的信息计算生成所述第一鉴别服务器的第一消息鉴别码,根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The fourth generation module is used to calculate and generate the first message authentication code of the first authentication server for the information including the ciphertext of the second authentication result information, if the verification is passed, according to the information including the first authentication result Information including the information, the first digital signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server generates the first authentication response message.
可选的,所述第一鉴别服务器向所述鉴别接入控制器发送的消息还包括所述第一鉴别服务器对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值;所述第一鉴别服务器向所述第二鉴别服务器发送的消息还包括所述第一鉴别服务器对接收到的所述第二鉴别服务器发送的最新前序消息计算的杂凑值。Optionally, the message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the authentication access controller. ; The message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server for the latest pre-order message sent by the second authentication server received.
参见图10,本申请实施例还提供了一种第二鉴别服务器1000,包括:Referring to FIG. 10, an embodiment of the present application further provides a second authentication server 1000, including:
接收模块1010,用于接收第一鉴别服务器发送的第二鉴别请求消息,所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二数字签名或所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二消息鉴别码;其中,所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥;所述第二数字签名是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成的或所述第二消息鉴别码是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成的;The receiving module 1010 is configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature or the second authentication request message. The authentication request message includes the first authentication result information, the ciphertext of the first identity information, and the second message authentication code; wherein, the ciphertext of the first identity information is the request device using the public key of the encryption certificate to include the request device's ciphertext. The identity information and the information including the first identity key of the requesting device are encrypted and generated, the identity information of the requesting device includes the digital certificate of the requesting device, and the first identity key includes the second key; The second digital signature is calculated and generated by the first authentication server on the signature data including the first authentication result information and the ciphertext of the first identity information, or the second message authentication code is the The first authentication server calculates and generates the information including the first authentication result information and the ciphertext of the first identity information;
验证模块1020,用于利用所述第一鉴别服务器的公钥验证所述第二数字签名或利用与所述第一鉴别服务器的预共享密钥验证所述第二消息鉴别码,若验证通过,则利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥,对所述请求设备的数字证书进行合法性验证得到第二验证结果;A verification module 1020, configured to verify the second digital signature by using the public key of the first authentication server or verify the second message authentication code by using the pre-shared key with the first authentication server, if the verification is passed, Then use the private key corresponding to the encryption certificate to decrypt the ciphertext of the first identity information to obtain the digital certificate of the requesting device and the second key, and verify the validity of the digital certificate of the requesting device to obtain the second verification result. ;
生成模块1030,用于根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息,利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文,对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名,对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名或对包括所述第二鉴别结果信息密文在内的信息计算生成第三消息鉴别码;A generating module 1030, configured to generate the second authentication result information according to the information including the second verification result, and use the second key to encrypt the information including the second authentication result information to generate the second authentication The result information ciphertext, the signature data including the first authentication result information is calculated to generate a first digital signature, and the signature data including the second authentication result information ciphertext is calculated to generate a third digital signature or a pair of signatures. Information including the second authentication result information ciphertext is calculated to generate a third message authentication code;
发送模块1040,用于向所述第一鉴别服务器发送的第二鉴别响应消息,所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三消息鉴别码。A sending module 1040, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication The result information ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the second authentication result information ciphertext and the third authentication result information. message authentication code.
可选的,所述第二鉴别服务器向所述第一鉴别服务器发送的消息还包括所述第二鉴别服务器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值。Optionally, the message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest pre-order message sent by the first authentication server.
参见图11,本申请实施例还提供了一种请求设备REQ,包括:Referring to FIG. 11 , an embodiment of the present application further provides a requesting device REQ, including:
存储器1101,用于存储程序指令;a memory 1101 for storing program instructions;
处理器1102,用于调用所述存储器1101中存储的程序指令,按照获得的程序执行以实现上述实施例中的REQ执行的步骤。The processor 1102 is configured to call the program instructions stored in the memory 1101, and execute according to the obtained program to realize the steps of REQ execution in the foregoing embodiment.
应理解,该请求设备可以实现本申请实施例的各个方法中由REQ实现的相应流程,为了简洁,在此不再赘述。It should be understood that the requesting device may implement the corresponding processes implemented by REQ in each method of the embodiments of the present application, which will not be repeated here for brevity.
参见图12,本申请实施例还提供了一种鉴别接入控制器AAC,包括:Referring to FIG. 12 , an embodiment of the present application further provides an authentication access controller AAC, including:
存储器1201,用于存储程序指令;a memory 1201 for storing program instructions;
处理器1202,用于调用所述存储器1201中存储的程序指令,按照获得的程序执行以实现上述实施例中的AAC执行的步骤。The processor 1202 is configured to call the program instructions stored in the memory 1201, and execute the program according to the obtained program, so as to realize the steps performed by the AAC in the foregoing embodiment.
应理解,该鉴别接入控制器可以实现本申请实施例的各个方法中由AAC实现的相应流程,为了简洁,在此不再赘述。It should be understood that the authentication access controller may implement the corresponding processes implemented by the AAC in the various methods in the embodiments of the present application, which will not be repeated here for brevity.
参见图13,本申请实施例还提供了一种第一鉴别服务器AS-AAC,包括:Referring to FIG. 13 , an embodiment of the present application further provides a first authentication server AS-AAC, including:
存储器1301,用于存储程序指令; memory 1301 for storing program instructions;
处理器1302,用于调用所述存储器1301中存储的程序指令,按照获得的程序执行以实现上述实施例中的AS-AAC执行的步骤。The processor 1302 is configured to call the program instructions stored in the memory 1301, and execute according to the obtained program to realize the steps performed by the AS-AAC in the foregoing embodiment.
应理解,该第一鉴别服务器可以实现本申请实施例的各个方法中由AS-AAC实现的相应流程,为了简洁,在此不再赘述。It should be understood that the first authentication server may implement the corresponding processes implemented by the AS-AAC in each method in the embodiments of the present application, and for brevity, details are not described herein again.
参见图14,本申请实施例还提供了一种第二鉴别服务器AS-REQ,包括:Referring to FIG. 14, an embodiment of the present application further provides a second authentication server AS-REQ, including:
存储器1401,用于存储程序指令; memory 1401 for storing program instructions;
处理器1402,用于调用所述存储器1401中存储的程序指令,按照获得的程序执行以实现上述实施例中的AS-REQ执行的步骤。The processor 1402 is configured to call the program instructions stored in the memory 1401, and execute according to the obtained program to realize the steps performed by the AS-REQ in the above-mentioned embodiment.
应理解,该第二鉴别服务器可以实现本申请实施例的各个方法中由AS-REQ实现的相应流程,为了简洁,在此不再赘述。It should be understood that the second authentication server may implement the corresponding processes implemented by the AS-REQ in each method in the embodiments of the present application, which will not be repeated here for brevity.
本领域普通技术人员可以理解:实现上述方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成,前述程序可以存储于计算机可读取存储介质中,该程序在执行时,执行包括上述方法实施例的步骤;而前述的存储介质可以是下述介质中的至少一种:只读存储器(英文:Read-Only Memory,缩写:ROM)、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by program instructions related to hardware, the aforementioned program may be stored in a computer-readable storage medium, and when the program is executed, the execution includes the above The steps of the method embodiment; and the aforementioned storage medium may be at least one of the following media: read-only memory (English: Read-Only Memory, abbreviation: ROM), RAM, magnetic disk or optical disk and other various programs that can store programs medium of code.
需要说明的是,本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于设备及***实施例而言,由于其与方法实施例相一致和对应,所以描述得比较简单,相关之处参见方法实施例的部分说明即可。以上所描述的设备及***实施例仅是示意性的,其中作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理模块,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性劳动的情况下,即可以理解并实施。It should be noted that each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. place. In particular, for the device and system embodiments, since they are consistent with and correspond to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts. The device and system embodiments described above are only schematic, wherein the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.
以上所述,仅为本申请的一种具体实施方式,但本申请的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本申请揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本申请的保护范围之内。因此,本申请的保护范围应该以权利要求的保护范围为准。The above is only a specific embodiment of the present application, but the protection scope of the present application is not limited to this. Substitutions should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims (53)

  1. 一种身份鉴别方法,其特征在于,所述方法包括:An identity authentication method, characterized in that the method comprises:
    鉴别接入控制器接收请求设备发送的身份密文消息,所述身份密文消息包括第一身份信息密文;所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的;所述请求设备的身份信息包括所述请求设备的数字证书;所述第一身份密钥包括第二密钥;The authentication access controller receives the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the first identity information ciphertext; the first identity information ciphertext is the public key pair of the encryption certificate used by the requesting device, including The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;
    所述鉴别接入控制器向其信任的第一鉴别服务器发送第一鉴别请求消息,所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码;所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的;The authentication access controller sends a first authentication request message to its trusted first authentication server, where the first authentication request message includes the ciphertext of the first identity information and the identity authentication of the authentication access controller The identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server, and adopts the cryptographic algorithm agreed with the first authentication server to pair all data including It is calculated and generated from the information including the ciphertext of the first identity information;
    所述鉴别接入控制器接收所述第一鉴别服务器发送的第一鉴别响应消息,所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名,所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的,所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果,所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥,采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的;The authentication access controller receives a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information The digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information. The information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server. An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;
    所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码,若验证通过,向所述请求设备发送第三鉴别响应消息,所述第三鉴别响应消息中包括身份鉴别结果信息密文,所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的;The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , send a third authentication response message to the requesting device, the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller using a message encryption key Generated by encrypting the encrypted data including the first authentication result information and the first digital signature;
    所述请求设备利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名;The requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key to obtain the first authentication result information and the first digital signature;
    所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则所述请求设备根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;当所述请求设备确定所述鉴别接入控制器的身份鉴别结果为合法时,向所述鉴别接入控制器发送第四鉴别响应消息;或者,The requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device determines the first digital signature according to the first verification result in the first authentication result information. The identity authentication result of the authentication access controller; when the requesting device determines that the identity authentication result of the authentication access controller is legal, it sends a fourth authentication response message to the authentication access controller; or,
    所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则所述请求设备向所述鉴别接入控制器发送第四鉴别响应消息以及根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;或者,The requesting device verifies the first digital signature by using the public key of the second authentication server, and if the verification is passed, the requesting device sends a fourth authentication response message to the authentication access controller and sends a fourth authentication response message to the authentication access controller. The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,
    所述请求设备利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证;若所述第一数字签名验证通过,则所述请求设备根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;所述请求设备向所述鉴别接入控制器发送第四鉴别响应消息;The requesting device verifies the first digital signature by using the public key of the second authentication server; if the verification of the first digital signature passes, the requesting device verifies the first digital signature according to the first authentication result information. A verification result determines the identity authentication result of the authentication access controller; the requesting device sends a fourth authentication response message to the authentication access controller;
    其中,所述第四鉴别响应消息包括第二密钥密文,所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的;Wherein, the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by encrypting information including the second key by using the message encryption key;
    所述鉴别接入控制器接收到所述第四鉴别响应消息后,利用所述消息加密密钥解密所述第二密钥密文得到第二密钥,利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息,根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。After receiving the fourth authentication response message, the authentication access controller uses the message encryption key to decrypt the second key ciphertext to obtain a second key, and uses the second key to encrypt the second key. The ciphertext of the second authentication result information is decrypted to obtain second authentication result information, and the identity authentication result of the requesting device is determined according to the second verification result in the second authentication result information.
  2. 根据权利要求1所述的方法,其特征在于,在所述鉴别接入控制器接收请求设备发送的身份密文消息之前,所述方法还包括:The method according to claim 1, wherein before the authentication access controller receives the identity ciphertext message sent by the requesting device, the method further comprises:
    所述鉴别接入控制器向所述请求设备发送密钥请求消息,所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数;The authentication access controller sends a key request message to the requesting device, where the key request message includes key exchange parameters of the authentication access controller;
    所述请求设备根据包括所述请求设备的密钥交换参数对应的临时私钥和所述鉴别接入控制器的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥,根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥;The requesting device performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller to generate the first key, Calculate the message encryption key using a key derivation algorithm according to the information including the first key;
    则所述身份密文消息中还包括所述请求设备的密钥交换参数;Then the identity ciphertext message also includes the key exchange parameter of the requesting device;
    所述鉴别接入控制器根据包括所述鉴别接入控制器的密钥交换参数对应的临时私钥和所述请求设备的密钥交换参数所包括的临时公钥进行密钥交换计算生成所述第一密钥,根据包括所述第一密钥在内的信息利用所述密钥导出算法计算所述消息加密密钥。The authentication access controller performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device to generate the said authentication access controller. a first key, and the message encryption key is calculated using the key derivation algorithm according to the information including the first key.
  3. 根据权利要求2所述的方法,其特征在于,所述密钥请求消息中还包括所述鉴别接入控制器生 成的第一随机数;The method according to claim 2, wherein the key request message further includes a first random number generated by the authentication access controller;
    则所述请求设备计算所述消息加密密钥具体包括:Then the requesting device to calculate the message encryption key specifically includes:
    所述请求设备根据包括所述第一密钥、所述第一随机数和所述请求设备生成的第二随机数在内的信息计算所述消息加密密钥;The requesting device calculates the message encryption key according to information including the first key, the first random number, and the second random number generated by the requesting device;
    对应的,所述身份密文消息中还包括所述第二随机数;Correspondingly, the identity ciphertext message also includes the second random number;
    则所述鉴别接入控制器计算所述消息加密密钥具体包括:Then, calculating the message encryption key by the authentication access controller specifically includes:
    所述鉴别接入控制器根据包括所述第一密钥、所述第一随机数和所述第二随机数在内的信息计算所述消息加密密钥。The authenticated access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.
  4. 根据权利要求3所述的方法,其特征在于,所述身份密文消息中还包括所述第一随机数;则在所述鉴别接入控制器计算所述消息加密密钥之前,所述方法还包括:The method according to claim 3, wherein the identity ciphertext message further includes the first random number; then before the authentication access controller calculates the message encryption key, the method Also includes:
    所述鉴别接入控制器对所述身份密文消息中的第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证,且确定一致性验证通过。The authentication access controller verifies the consistency between the first random number in the identity ciphertext message and the first random number generated by the authentication access controller, and determines that the consistency verification passes.
  5. 根据权利要求2所述的方法,其特征在于,所述密钥请求消息中还包括所述鉴别接入控制器支持的安全能力参数信息;所述方法还包括:The method according to claim 2, wherein the key request message further includes security capability parameter information supported by the authentication access controller; the method further includes:
    所述请求设备根据所述安全能力参数信息确定所述请求设备使用的特定安全策略;则所述身份密文消息中还包括所述特定安全策略。The requesting device determines the specific security policy used by the requesting device according to the security capability parameter information; then the identity ciphertext message also includes the specific security policy.
  6. 根据权利要求2所述的方法,其特征在于,所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识;则所述方法还包括:The method according to claim 2, wherein the key request message further includes the identity of at least one authentication server trusted by the authentication access controller; then the method further includes:
    所述请求设备根据所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识,确定所述请求设备信任的至少一个鉴别服务器的身份标识;则所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识;则所述方法还包括:The requesting device determines the identity of the at least one authentication server trusted by the requesting device according to the identity of the at least one authentication server trusted by the authentication access controller; then the identity ciphertext message also includes the request the identity of at least one authentication server trusted by the device; then the method further includes:
    所述鉴别接入控制器根据所述身份密文消息中所述请求设备信任的至少一个鉴别服务器的身份标识和所述密钥请求消息中所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识,确定所述第一鉴别服务器。The authentication access controller is based on the identity of the at least one authentication server trusted by the requesting device in the identity ciphertext message and the identity of the at least one authentication server trusted by the authentication access controller in the key request message. The identity identifier is used to determine the first authentication server.
  7. 根据权利要求1所述的方法,其特征在于,所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识;则所述方法还包括:The method according to claim 1, wherein the identity ciphertext message further includes an identity identifier of at least one authentication server trusted by the requesting device; then the method further includes:
    所述鉴别接入控制器根据所述请求设备信任的至少一个鉴别服务器的身份标识和所述鉴别接入控制器信任的鉴别服务器的身份标识,确定所述第一鉴别服务器。The authentication access controller determines the first authentication server according to the identity of at least one authentication server trusted by the requesting device and the identity of the authentication server trusted by the authentication access controller.
  8. 根据权利要求1所述的方法,其特征在于,所述第一鉴别请求消息中还包括所述鉴别接入控制器的身份标识和/或所述鉴别接入控制器生成的第一随机数;The method according to claim 1, wherein the first authentication request message further includes the identity of the authentication access controller and/or the first random number generated by the authentication access controller;
    对应的,所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识和/或所述第一随机数;Correspondingly, the first authentication response message further includes the identity identifier of the authentication access controller and/or the first random number;
    则在所述鉴别接入控制器向所述请求设备发送第三鉴别响应消息之前,所述方法还包括:Then, before the authentication access controller sends a third authentication response message to the requesting device, the method further includes:
    所述鉴别接入控制器对所述第一鉴别响应消息中的所述鉴别接入控制器的身份标识和所述鉴别接入控制器自身的身份标识的一致性进行验证,和/或,对所述第一鉴别响应消息中的所述第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证;且确定一致性验证通过。The authentication access controller verifies the consistency of the identity identifier of the authentication access controller in the first authentication response message and the identity identifier of the authentication access controller itself, and/or, verifies the identity of the authentication access controller. The consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller is verified; and it is determined that the consistency verification is passed.
  9. 根据权利要求1所述的方法,其特征在于,所述请求设备的身份信息还包括所述请求设备的身份标识;所述第一身份密钥还包括第三密钥;The method according to claim 1, wherein the identity information of the requesting device further comprises an identity identifier of the requesting device; the first identity key further comprises a third key;
    则所述第一鉴别响应消息中还包括所述请求设备的身份标识密文,所述请求设备的身份标识密文是利用所述第三密钥对包括所述请求设备的身份标识在内的信息加密生成的;Then the first authentication response message also includes the identity ciphertext of the requesting device, and the ciphertext of the identity of the requesting device is obtained by using the third key pair including the identity of the requesting device. information generated by encryption;
    则所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述请求设备的身份标识密文;Then the encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the identity ciphertext of the requesting device;
    则在所述请求设备确定所述鉴别接入控制器的身份鉴别结果之前,所述方法还包括:Then, before the requesting device determines the identity authentication result of the authentication access controller, the method further includes:
    所述请求设备利用消息加密密钥解密所述身份鉴别结果信息密文还得到所述请求设备的身份标识密文,并根据所述请求设备自身的身份标识和所述第三密钥对所述请求设备的身份标识密文进行验证;且确定验证通过。The requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key, and obtains the ciphertext of the identity identification of the requesting device. The ciphertext of the ID of the requesting device is verified; and it is determined that the verification is passed.
  10. 根据权利要求1所述的方法,其特征在于,所述身份密文消息中还包括所述请求设备生成的第二随机数,则所述第一鉴别请求消息中还包括所述第二随机数,所述第一鉴别响应消息中还包括所述第二随机数;The method according to claim 1, wherein the identity ciphertext message further includes a second random number generated by the requesting device, and the first authentication request message further includes the second random number , the first authentication response message also includes the second random number;
    则所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第二随机数;Then the encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the second random number;
    则在所述请求设备确定所述鉴别接入控制器的身份鉴别结果之前,所述方法还包括:Then, before the requesting device determines the identity authentication result of the authentication access controller, the method further includes:
    所述请求设备利用消息加密密钥解密所述身份鉴别结果信息密文还得到所述第二随机数,并验证其与所述请求设备生成的第二随机数的一致性;且确定一致性验证通过。The requesting device decrypts the ciphertext of the identity authentication result information by using the message encryption key to obtain the second random number, and verifies its consistency with the second random number generated by the requesting device; and determines the consistency verification pass.
  11. 根据权利要求2所述的方法,其特征在于,所述第三鉴别响应消息中还包括第一消息完整性校 验码,所述第一消息完整性校验码是所述鉴别接入控制器利用消息完整性校验密钥对包括所述第三鉴别响应消息中除所述第一消息完整性校验码外的其他字段计算生成的;所述鉴别接入控制器的消息完整性校验密钥与所述鉴别接入控制器的消息加密密钥的生成方式相同;The method according to claim 2, wherein the third authentication response message further includes a first message integrity check code, and the first message integrity check code is the authentication access controller. It is calculated and generated by using the message integrity check key to include other fields in the third authentication response message except the first message integrity check code; the message integrity check of the authentication access controller The key is the same as the generation method of the message encryption key of the authentication access controller;
    则在所述请求设备确定所述鉴别接入控制器的身份鉴别结果之前,所述方法还包括:Then, before the requesting device determines the identity authentication result of the authentication access controller, the method further includes:
    所述请求设备利用消息完整性校验密钥对所述第一消息完整性校验码进行验证;且确定验证通过;所述请求设备的消息完整性校验密钥与所述请求设备的消息加密密钥的生成方式相同。The requesting device verifies the first message integrity check code by using a message integrity check key; and it is determined that the verification is passed; the message integrity check key of the requesting device and the message of the requesting device are Encryption keys are generated in the same way.
  12. 根据权利要求2所述的方法,其特征在于,所述请求设备发送的所述第四鉴别响应消息中还包括第二消息完整性校验码,所述第二消息完整性校验码是所述请求设备利用消息完整性校验密钥对包括所述第四鉴别响应消息中除所述第二消息完整性校验码外的其他字段计算生成的;所述请求设备的消息完整性校验密钥与所述请求设备的消息加密密钥的生成方式相同;The method according to claim 2, wherein the fourth authentication response message sent by the requesting device further includes a second message integrity check code, and the second message integrity check code is the The requesting device uses the message integrity check key to calculate and generate other fields including the fourth authentication response message except the second message integrity check code; the message integrity check of the requesting device The key is generated in the same manner as the message encryption key of the requesting device;
    相应的,在所述鉴别接入控制器确定所述请求设备的身份鉴别结果之前,所述方法还包括:Correspondingly, before the authentication access controller determines the identity authentication result of the requesting device, the method further includes:
    所述鉴别接入控制器利用消息完整性校验密钥验证所述第二消息完整性校验码;且确定验证通过;所述鉴别接入控制器的消息完整性校验密钥与所述鉴别接入控制器的消息加密密钥的生成方式相同。The authentication access controller verifies the second message integrity check code by using a message integrity check key; and it is determined that the verification is passed; the message integrity check key of the authentication access controller is the same as the The message encryption key that authenticates the access controller is generated in the same way.
  13. 根据权利要求1所述的方法,其特征在于,所述第一鉴别请求消息中还包括第二身份信息密文,所述第二身份信息密文是所述鉴别接入控制器利用加密证书的公钥对包括所述鉴别接入控制器的身份标识和所述鉴别接入控制器的第二身份密钥在内的信息加密生成的,所述第二身份密钥包括第四密钥和第五密钥;The method according to claim 1, wherein the first authentication request message further includes a ciphertext of second identity information, and the ciphertext of the second identity information is the ciphertext of the authentication access controller using an encrypted certificate The public key is generated by encrypting the information including the identity of the authentication access controller and the second identity key of the authentication access controller, and the second identity key includes the fourth key and the first key. five keys;
    相应的,所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识密文,所述鉴别接入控制器的身份标识密文是利用所述第五密钥对包括所述鉴别接入控制器的身份标识在内的信息加密生成的;所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的;则所述方法还包括:Correspondingly, the first authentication response message also includes the identity ciphertext of the authentication access controller, and the identity ciphertext of the authentication access controller uses the fifth key pair to include the The information including the identity identifier of the authentication access controller is encrypted and generated; the first authentication result information is encrypted by using the fourth key to encrypt the information including the first verification result of the authentication access controller generated; then the method further includes:
    所述鉴别接入控制器根据自身的身份标识和所述第五密钥对所述鉴别接入控制器的身份标识密文进行验证,若验证通过,则再向所述请求设备发送第三鉴别响应消息;The authentication access controller verifies the ciphertext of the identity identification of the authentication access controller according to its own identity and the fifth key, and if the verification passes, then sends a third authentication to the requesting device. response message;
    则所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥;Then the encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the fourth key;
    则所述请求设备利用所述消息加密密钥解密所述身份鉴别结果信息密文还得到所述第四密钥,并利用所述第四密钥解密所述第一鉴别结果信息得到所述第一验证结果。Then the requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the fourth key, and uses the fourth key to decrypt the first authentication result information to obtain the fourth key. A verification result.
  14. 根据权利要求1所述的方法,其特征在于,当所述身份密文消息中还包括所述请求设备的数字签名时,在所述鉴别接入控制器确定所述请求设备的身份鉴别结果之前,所述方法还包括:The method according to claim 1, wherein when the identity ciphertext message further includes the digital signature of the requesting device, before the authentication access controller determines the identity authentication result of the requesting device , the method also includes:
    所述鉴别接入控制器确定所述请求设备的数字签名是否验证通过。The authentication access controller determines whether the digital signature of the requesting device passes the verification.
  15. 根据权利要求14所述的方法,其特征在于,所述鉴别接入控制器根据下列方式确定所述请求设备的数字签名是否验证通过:The method according to claim 14, wherein the authentication access controller determines whether the digital signature of the requesting device is verified according to the following manner:
    所述第二鉴别服务器利用所述请求设备的数字证书对所述请求设备的数字签名进行验证,若所述鉴别接入控制器接收到所述第一鉴别响应消息,则所述鉴别接入控制器确定所述请求设备的数字签名已验证通过;或者,The second authentication server verifies the digital signature of the requesting device by using the digital certificate of the requesting device, and if the authentication access controller receives the first authentication response message, the authentication access control The controller determines that the digital signature of the requesting device has been verified; or,
    当所述第二鉴别结果信息中还包括所述请求设备的数字证书时,所述鉴别接入控制器利用所述请求设备的数字证书对所述请求设备的数字签名进行验证,根据验证结果确定所述请求设备的数字签名是否验证通过。When the second authentication result information further includes the digital certificate of the requesting device, the authentication access controller verifies the digital signature of the requesting device by using the digital certificate of the requesting device, and determines according to the verification result Whether the digital signature of the requesting device is verified.
  16. 根据权利要求1至15任一项所述的方法,其特征在于,所述鉴别接入控制器信任的第一鉴别服务器和所述请求设备信任的第二鉴别服务器是同一个鉴别服务器,则所述方法还包括:The method according to any one of claims 1 to 15, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, and the The method also includes:
    所述第一鉴别服务器对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果,利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥,对所述请求设备的数字证书进行合法性验证得到第二验证结果,根据包括所述第一验证结果在内的信息生成第一鉴别结果信息,根据包括所述第二验证结果在内的信息生成第二鉴别结果信息,利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文,对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名,对包括所述第二鉴别结果信息密文在内的信息计算生成所述第一消息鉴别码,根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The first authentication server verifies the identity authentication code of the authentication access controller to obtain a first verification result, and decrypts the ciphertext of the first identity information by using the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the second key, perform legality verification on the digital certificate of the requesting device to obtain a second verification result, generate first authentication result information according to the information including the first verification result, and generate the first authentication result information according to the information including the first verification result. The information including the second authentication result is used to generate the second authentication result information, and the information including the second authentication result information is encrypted by using the second key to generate the ciphertext of the second authentication result information. The signature data including the information is calculated to generate a first digital signature, and the information including the ciphertext of the second authentication result information is calculated to generate the first message authentication code. Information including the first digital signature, the ciphertext of the second authentication result information, and the first message authentication code generates the first authentication response message.
  17. 根据权利要求1至15任一项所述的方法,其特征在于,所述鉴别接入控制器信任的第一鉴别服务器和所述请求设备信任的第二鉴别服务器是两个不同的鉴别服务器;则所述方法还包括:The method according to any one of claims 1 to 15, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers; Then the method further includes:
    所述第一鉴别服务器对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果,根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息,对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成第二数字签名或对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成第二消息鉴别码;The first authentication server verifies the identity authentication code of the authentication access controller to obtain a first authentication result, generates the first authentication result information according to the information including the first authentication result, and verifies the information including the first authentication result. The signature data including the first authentication result information and the ciphertext of the first identity information is calculated to generate a second digital signature or the information including the first authentication result information and the ciphertext of the first identity information is calculated. generating a second message authentication code;
    所述第一鉴别服务器向第二鉴别服务器发送第二鉴别请求消息,所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二数字签名或所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二消息鉴别码;由所述第二鉴别服务器利用所述第一鉴别服务器的公钥验证所述第二数字签名或由所述第二鉴别服务器利用与所述第一鉴别服务器的预共享密钥验证所述第二消息鉴别码,若验证通过,则由所述第二鉴别服务器利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥,对所述请求设备的数字证书进行合法性验证得到第二验证结果,根据包括所述第二验证结果在内的信息生成第二鉴别结果信息,利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文,对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名,对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名或对包括所述第二鉴别结果信息密文在内的信息计算生成第三消息鉴别码;The first authentication server sends a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature Or the second authentication request message includes the first authentication result information, the first identity information ciphertext and the second message authentication code; the second authentication server uses the first authentication server's The public key verifies the second digital signature or the second authentication server uses the pre-shared key with the first authentication server to verify the second message authentication code, if the verification is passed, the second authentication The server decrypts the ciphertext of the first identity information using the private key corresponding to the encrypted certificate to obtain the digital certificate of the requesting device and the second key, and verifies the validity of the digital certificate of the requesting device to obtain the second verification result , generate the second authentication result information according to the information including the second authentication result, use the second key to encrypt the information including the second authentication result information to generate the second authentication result information ciphertext, The signature data including the first authentication result information is calculated to generate a first digital signature, and the signature data including the ciphertext of the second authentication result information is calculated to generate a third digital signature, or a third digital signature is generated by calculating the signature data including the second authentication result information. Information calculation including information ciphertext generates a third message authentication code;
    所述第一鉴别服务器接收所述第二鉴别服务器发送的第二鉴别响应消息,所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三消息鉴别码;The first authentication server receives a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication The result information ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the second authentication result information ciphertext and the third authentication result information. message authentication code;
    所述第一鉴别服务器利用所述第二鉴别服务器的公钥验证所述第三数字签名或所述第一鉴别服务器利用与所述第二鉴别服务器的预共享密钥验证所述第三消息鉴别码,若验证通过,则所述第一鉴别服务器对包括所述第二鉴别结果信息密文在内的信息计算生成所述第一鉴别服务器的第一消息鉴别码,根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The first authentication server verifies the third digital signature using the public key of the second authentication server or the first authentication server verifies the third message authentication using a pre-shared key with the second authentication server If the verification is passed, the first authentication server calculates the information including the ciphertext of the second authentication result information to generate the first message authentication code of the first authentication server. The information including the result information, the first digital signature, the ciphertext of the second authentication result information and the first message authentication code of the first authentication server generates the first authentication response message.
  18. 根据权利要求1至15任一项所述的方法,其特征在于,该方法还包括:The method according to any one of claims 1 to 15, wherein the method further comprises:
    所述请求设备向所述鉴别接入控制器发送的消息还包括所述请求设备对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值;The message sent by the requesting device to the authentication access controller further includes a hash value calculated by the requesting device on the received latest pre-order message sent by the authentication access controller;
    则所述鉴别接入控制器收到所述请求设备发送的消息时,对接收到的消息中的杂凑值进行验证,且确定验证通过;Then, when the authentication access controller receives the message sent by the requesting device, it verifies the hash value in the received message, and determines that the verification is passed;
    所述鉴别接入控制器向所述请求设备发送的消息还包括所述鉴别接入控制器对接收到的所述请求设备发送的最新前序消息计算的杂凑值;The message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the requesting device;
    则所述请求设备收到所述鉴别接入控制器发送的消息时,对接收到的消息中的杂凑值进行验证,且确定验证通过;Then, when the requesting device receives the message sent by the authentication access controller, it verifies the hash value in the received message, and determines that the verification is passed;
    所述鉴别接入控制器向所述第一鉴别服务器发送的消息还包括所述鉴别接入控制器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值;The message sent by the authentication access controller to the first authentication server further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the first authentication server;
    则所述第一鉴别服务器收到所述鉴别接入控制器发送的消息时,对接收到的消息中的杂凑值进行验证,且确定验证通过;Then, when the first authentication server receives the message sent by the authentication access controller, it verifies the hash value in the received message, and determines that the verification is passed;
    所述第一鉴别服务器向所述鉴别接入控制器发送的消息还包括所述第一鉴别服务器对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值;The message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the authentication access controller;
    则所述鉴别接入控制器收到所述第一鉴别服务器发送的消息时,对接收到的消息中的杂凑值进行验证,且确定验证通过;Then, when the authentication access controller receives the message sent by the first authentication server, it verifies the hash value in the received message, and determines that the verification is passed;
    所述第一鉴别服务器向所述第二鉴别服务器发送的消息还包括所述第一鉴别服务器对接收到的所述第二鉴别服务器发送的最新前序消息计算的杂凑值;The message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the second authentication server;
    则所述第二鉴别服务器收到所述第一鉴别服务器发送的消息时,对接收到的消息中的杂凑值进行验证,且确定验证通过;Then, when the second authentication server receives the message sent by the first authentication server, it verifies the hash value in the received message, and determines that the verification is passed;
    所述第二鉴别服务器向所述第一鉴别服务器发送的消息还包括所述第二鉴别服务器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值;The message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest pre-order message sent by the first authentication server;
    则所述第一鉴别服务器收到所述第二鉴别服务器发送的消息时,对接收到的消息中的杂凑值进行验证,且确定验证通过。Then, when the first authentication server receives the message sent by the second authentication server, it verifies the hash value in the received message, and determines that the verification is passed.
  19. 一种请求设备,其特征在于,所述请求设备包括:A requesting device, characterized in that the requesting device comprises:
    加密模块,用于利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成第一身份信息密文,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥;An encryption module, configured to encrypt the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate to generate a ciphertext of the first identity information, the identity of the requesting device the information includes a digital certificate for the requesting device, and the first identity key includes a second key;
    发送模块,用于向鉴别接入控制器发送身份密文消息,所述身份密文消息包括所述第一身份信息密文;a sending module, configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the first identity information ciphertext;
    接收模块,用于接收所述鉴别接入控制器发送的第三鉴别响应消息,所述第三鉴别响应消息中包括身份鉴别结果信息密文,所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和第一数字签名在内的加密数据加密生成的;所述第一鉴别结果信息中包括对所述鉴别 接入控制器的第一验证结果,所述第一数字签名是所述请求设备信任的第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名;The receiving module is configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext, and the identity authentication result information ciphertext is the authentication access controller. The incoming controller encrypts the encrypted data including the first authentication result information and the first digital signature by using the message encryption key; the first authentication result information includes the first verification of the authentication access controller. As a result, the first digital signature is a digital signature calculated and generated by the second authentication server trusted by the requesting device on the signature data including the first authentication result information;
    解密模块,用于利用所述消息加密密钥解密所述身份鉴别结果信息密文得到所述第一鉴别结果信息和所述第一数字签名;A decryption module for decrypting the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;
    验证模块,用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;当所述确定模块确定所述鉴别接入控制器的身份鉴别结果为合法时,所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息;或者,A verification module, configured to use the public key of the second authentication server to verify the first digital signature, and if the verification is passed, the determination module determines the authentication according to the first verification result in the first authentication result information The identity authentication result of the access controller; when the determining module determines that the identity authentication result of the authentication access controller is valid, the sending module sends a fourth authentication response message to the authentication access controller; or ,
    用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证,若验证通过,则所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息以及确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;或者,For using the public key of the second authentication server to verify the first digital signature, if the verification is passed, the sending module sends a fourth authentication response message to the authentication access controller and the determination module is based on the The first verification result in the first authentication result information determines the identity authentication result of the authentication access controller; or,
    用于利用所述第二鉴别服务器的公钥对所述第一数字签名进行验证;若所述第一数字签名验证通过,则确定模块根据所述第一鉴别结果信息中的第一验证结果确定所述鉴别接入控制器的身份鉴别结果;所述发送模块向所述鉴别接入控制器发送第四鉴别响应消息;for verifying the first digital signature by using the public key of the second authentication server; if the first digital signature is verified, the determination module determines according to the first verification result in the first authentication result information the identity authentication result of the authentication access controller; the sending module sends a fourth authentication response message to the authentication access controller;
    其中,所述第四鉴别响应消息包括第二密钥密文,所述第二密钥密文是所述加密模块利用消息加密密钥对包括所述第二密钥在内的信息加密生成的。Wherein, the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is generated by the encryption module using a message encryption key to encrypt information including the second key .
  20. 根据权利要求19所述的请求设备,其特征在于,在所述发送模块发送身份密文消息之前,所述接收模块还用于:接收所述鉴别接入控制器发送的密钥请求消息,所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数;所述请求设备还包括:The requesting device according to claim 19, wherein before the sending module sends the identity ciphertext message, the receiving module is further configured to: receive a key request message sent by the authentication access controller, the The key request message includes the key exchange parameters of the authentication access controller; the requesting device further includes:
    计算模块,用于根据包括所述请求设备的密钥交换参数对应的临时私钥和所述鉴别接入控制器的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥,根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥;A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller , calculate the message encryption key by using a key derivation algorithm according to the information including the first key;
    则所述身份密文消息中还包括所述请求设备的密钥交换参数。Then, the identity ciphertext message also includes the key exchange parameter of the requesting device.
  21. 根据权利要求20所述的请求设备,其特征在于,所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数;则所述计算模块具体用于:根据包括所述第一密钥、所述第一随机数和所述请求设备生成的第二随机数在内的信息计算所述消息加密密钥;The requesting device according to claim 20, wherein the key request message further includes the first random number generated by the authentication access controller; then the calculation module is specifically configured to: Calculate the message encryption key with information including the first key, the first random number, and the second random number generated by the requesting device;
    对应的,所述身份密文消息中还包括所述第二随机数。Correspondingly, the identity ciphertext message further includes the second random number.
  22. 根据权利要求20所述的请求设备,其特征在于,所述密钥请求消息中还包括所述鉴别接入控制器支持的安全能力参数信息;所述确定模块还用于:根据所述安全能力参数信息确定所述请求设备使用的特定安全策略;则所述身份密文消息中还包括所述特定安全策略。The requesting device according to claim 20, wherein the key request message further includes security capability parameter information supported by the authentication access controller; the determining module is further configured to: according to the security capability The parameter information determines the specific security policy used by the requesting device; then the identity ciphertext message also includes the specific security policy.
  23. 根据权利要求20所述的请求设备,其特征在于,所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识;则所述确定模块还用于:根据所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识,确定所述请求设备信任的至少一个鉴别服务器的身份标识;则所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识。The requesting device according to claim 20, wherein the key request message further includes an identity identifier of at least one authentication server trusted by the authentication access controller; then the determining module is further configured to: The identity identifier of at least one authentication server trusted by the authentication access controller determines the identity identifier of at least one authentication server trusted by the requesting device; then the identity ciphertext message also includes at least one authentication server trusted by the requesting device. The identity of the authentication server.
  24. 根据权利要求19所述的请求设备,其特征在于,所述发送模块发送的身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识。The requesting device according to claim 19, wherein the identity ciphertext message sent by the sending module further includes an identity identifier of at least one authentication server trusted by the requesting device.
  25. 根据权利要求19所述的请求设备,其特征在于,所述请求设备的身份信息还包括所述请求设备的身份标识;所述第一身份密钥还包括第三密钥;则所述第一鉴别响应消息中还包括所述请求设备的身份标识密文;所述请求设备的身份标识密文是利用所述第三密钥对包括所述请求设备的身份标识在内的信息加密生成的;The requesting device according to claim 19, wherein the identity information of the requesting device further comprises an identity identifier of the requesting device; the first identity key further comprises a third key; then the first identity key further comprises a third key; The authentication response message also includes the identity ciphertext of the requesting device; the identity ciphertext of the requesting device is generated by encrypting the information including the identity of the requesting device by using the third key;
    所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述请求设备的身份标识密文;所述解密模块解密所述身份鉴别结果信息密文还得到所述请求设备的身份标识密文;The encrypted data of the ciphertext of the identity authentication result information in the third authentication response message also includes the ciphertext of the identity identification of the requesting device; the decryption module decrypts the ciphertext of the identity authentication result information and obtains the ciphertext of the requesting device. ID ciphertext;
    则在所述确定模块确定所述鉴别接入控制器的身份鉴别结果之前,所述验证模块还用于:根据所述请求设备自身的身份标识和所述第三密钥对所述请求设备的身份标识密文进行验证。Then, before the determination module determines the identity authentication result of the authentication access controller, the verification module is further configured to: verify the identity of the requesting device according to the identity of the requesting device and the third key. Identity ciphertext for verification.
  26. 根据权利要求20所述的请求设备,其特征在于,所述接收模块接收的第三鉴别响应消息中还包括第一消息完整性校验码;The requesting device according to claim 20, wherein the third authentication response message received by the receiving module further includes a first message integrity check code;
    则在所述确定模块确定所述鉴别接入控制器的身份鉴别结果之前,所述验证模块还用于:利用消息完整性校验密钥对所述第一消息完整性校验码进行验证;其中,所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Then, before the determination module determines the identity authentication result of the authentication access controller, the verification module is further configured to: verify the first message integrity check code with a message integrity check key; Wherein, the message integrity check key and the message encryption key are generated in the same manner.
  27. 根据权利要求20所述的请求设备,其特征在于,所述发送模块发送的第四鉴别响应消息中还包括第二消息完整性校验码,所述第二消息完整性校验码是所述请求设备利用消息完整性校验密钥对包括所述第四鉴别响应消息中除所述第二消息完整性校验码外的其他字段计算生成的;其中,所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。The requesting device according to claim 20, wherein the fourth authentication response message sent by the sending module further includes a second message integrity check code, and the second message integrity check code is the The requesting device uses the message integrity check key to calculate and generate other fields including the fourth authentication response message except the second message integrity check code; wherein, the message integrity check key The same way as the message encryption key is generated.
  28. 根据权利要求19所述的请求设备,其特征在于,所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的;所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥;The requesting device according to claim 19, wherein the first authentication result information is generated by encrypting the information including the first authentication result of the authentication access controller by using the fourth key ; The encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the fourth key;
    则所述解密模块解密所述身份鉴别结果信息密文还得到所述第四密钥,所述解密模块还用于:利用所述第四密钥解密所述第一鉴别结果信息得到第一验证结果。Then the decryption module decrypts the ciphertext of the identity authentication result information to obtain the fourth key, and the decryption module is also used for: decrypting the first authentication result information by using the fourth key to obtain the first verification result.
  29. 根据权利要求19至28任一项所述的请求设备,其特征在于,所述请求设备向所述鉴别接入控制器发送的消息还包括所述请求设备对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值。The requesting device according to any one of claims 19 to 28, wherein the message sent by the requesting device to the authentication access controller further comprises the requesting device's response to the authentication access control received by the requesting device. The hash value calculated by the latest preorder message sent by the server.
  30. 一种鉴别接入控制器,其特征在于,所述鉴别接入控制器包括:An authentication access controller, characterized in that the authentication access controller comprises:
    接收模块,用于接收请求设备发送的身份密文消息,所述身份密文消息包括第一身份信息密文;所述第一身份信息密文是所述请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的;所述请求设备的身份信息包括所述请求设备的数字证书;所述第一身份密钥包括第二密钥;A receiving module, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes a first identity information ciphertext; the first identity information ciphertext is a public key pair that the requesting device utilizes an encryption certificate to include: The identity information of the requesting device and the information including the first identity key of the requesting device are encrypted and generated; the identity information of the requesting device includes the digital certificate of the requesting device; the first identity key includes the second key;
    发送模块,用于向所述鉴别接入控制器信任的第一鉴别服务器发送第一鉴别请求消息,所述第一鉴别请求消息中包括所述第一身份信息密文和所述鉴别接入控制器的身份鉴别码;所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的;A sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the authentication access control The identity authentication code of the authentication access controller; the authentication access controller's identity authentication code is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the password agreed with the first authentication server. The algorithm calculates and generates the information including the ciphertext of the first identity information;
    所述接收模块还用于接收所述第一鉴别服务器发送的第一鉴别响应消息,所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名,所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的,所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果,所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥,采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的;The receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and a first number of the second authentication server trusted by the requesting device signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first authentication result information The digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair including the second authentication result information. The information including the authentication result information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first message authentication code of the first authentication server. An authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information;
    验证模块,用于利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法验证所述第一鉴别服务器的第一消息鉴别码;a verification module, configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting a cryptographic algorithm agreed with the first authentication server;
    所述发送模块,还用于若验证通过,向所述请求设备发送第三鉴别响应消息,所述第三鉴别响应消息中包括身份鉴别结果信息密文,所述身份鉴别结果信息密文是所述鉴别接入控制器利用消息加密密钥对包括第一鉴别结果信息和所述第一数字签名在内的加密数据加密生成的;The sending module is further configured to send a third authentication response message to the requesting device if the verification is passed, where the third authentication response message includes the ciphertext of the identity authentication result information, and the ciphertext of the identity authentication result information is the The authentication access controller uses a message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature;
    所述接收模块,还用于接收所述请求设备发送的第四鉴别响应消息,所述第四鉴别响应消息包括第二密钥密文,所述第二密钥密文是利用所述消息加密密钥对包括所述第二密钥在内的信息加密生成的;The receiving module is further configured to receive a fourth authentication response message sent by the requesting device, where the fourth authentication response message includes a second key ciphertext, and the second key ciphertext is encrypted by using the message The key is generated by encrypting the information including the second key;
    解密模块,用于利用所述消息加密密钥解密所述第二密钥密文得到第二密钥,利用所述第二密钥对所述第二鉴别结果信息密文进行解密得到第二鉴别结果信息;A decryption module, configured to decrypt the second key ciphertext by using the message encryption key to obtain a second key, and use the second key to decrypt the second authentication result information ciphertext to obtain a second authentication result information;
    确定模块,用于根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。A determination module, configured to determine the identity authentication result of the requesting device according to the second verification result in the second authentication result information.
  31. 根据权利要求30所述的鉴别接入控制器,其特征在于,在接收所述身份密文消息之前,所述发送模块还用于:向所述请求设备发送密钥请求消息,所述密钥请求消息中包括所述鉴别接入控制器的密钥交换参数;则所述身份密文消息中还包括所述请求设备的密钥交换参数;The authentication access controller according to claim 30, wherein before receiving the identity ciphertext message, the sending module is further configured to: send a key request message to the requesting device, the key The request message includes the key exchange parameter of the authentication access controller; then the identity ciphertext message also includes the key exchange parameter of the requesting device;
    所述鉴别接入控制器还包括:The authentication access controller also includes:
    计算模块,用于根据包括所述鉴别接入控制器的密钥交换参数对应的临时私钥和所述请求设备的密钥交换参数所包括的临时公钥进行密钥交换计算生成第一密钥,根据包括所述第一密钥在内的信息利用密钥导出算法计算所述消息加密密钥。A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device , and calculate the message encryption key by using a key derivation algorithm according to the information including the first key.
  32. 根据权利要求31所述的鉴别接入控制器,其特征在于,所述密钥请求消息中还包括所述鉴别接入控制器生成的第一随机数;对应的,所述身份密文消息中还包括所述请求设备生成的第二随机数;The authentication access controller according to claim 31, wherein the key request message further includes a first random number generated by the authentication access controller; correspondingly, in the identity ciphertext message Also includes a second random number generated by the requesting device;
    所述计算模块具体用于:根据包括所述第一密钥、所述第一随机数和所述第二随机数在内的信息计算所述消息加密密钥。The calculation module is specifically configured to calculate the message encryption key according to information including the first key, the first random number and the second random number.
  33. 根据权利要求32所述的鉴别接入控制器,其特征在于,所述身份密文消息中还包括所述第一随机数;The authentication access controller according to claim 32, wherein the identity ciphertext message further includes the first random number;
    在所述计算模块计算所述消息加密密钥之前,所述验证模块还用于:对所述身份密文消息中的第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证。Before the calculation module calculates the message encryption key, the verification module is further configured to: compare the first random number in the identity ciphertext message and the first random number generated by the authentication access controller Consistency is verified.
  34. 根据权利要求31所述的鉴别接入控制器,其特征在于,所述密钥请求消息中还包括所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识;对应的,所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识;The authentication access controller according to claim 31, wherein the key request message further includes an identity identifier of at least one authentication server trusted by the authentication access controller; correspondingly, the identity key The message also includes the identity identifier of at least one authentication server trusted by the requesting device;
    所述确定模块还用于:根据所述身份密文消息中所述请求设备信任的至少一个鉴别服务器的身份标识和所述密钥请求消息中所述鉴别接入控制器信任的至少一个鉴别服务器的身份标识,确定所述第一鉴别服务器。The determining module is further configured to: according to the identity of the at least one authentication server trusted by the requesting device in the identity ciphertext message and the at least one authentication server trusted by the authentication access controller in the key request message The identity identifier of the first authentication server is determined.
  35. 根据权利要求30所述的鉴别接入控制器,其特征在于,所述身份密文消息中还包括所述请求设备信任的至少一个鉴别服务器的身份标识;The authentication access controller according to claim 30, wherein the identity ciphertext message further includes an identity identifier of at least one authentication server trusted by the requesting device;
    所述确定模块还用于:根据所述请求设备信任的至少一个鉴别服务器的身份标识和所述鉴别接入控制器信任的鉴别服务器的身份标识,确定所述第一鉴别服务器。The determining module is further configured to: determine the first authentication server according to the identity of at least one authentication server trusted by the requesting device and the identity of the authentication server trusted by the authentication access controller.
  36. 根据权利要求30所述的鉴别接入控制器,其特征在于,所述第一鉴别请求消息中还包括所述鉴别接入控制器的身份标识和/或所述鉴别接入控制器生成的第一随机数;The authentication access controller according to claim 30, wherein the first authentication request message further includes the identity of the authentication access controller and/or the first authentication generated by the authentication access controller. a random number;
    对应的,所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识和/或所述第一随机数;Correspondingly, the first authentication response message further includes the identity identifier of the authentication access controller and/or the first random number;
    则在所述发送模块发送第三鉴别响应消息之前,所述验证模块还用于:对所述第一鉴别响应消息中的所述鉴别接入控制器的身份标识和所述鉴别接入控制器自身的身份标识的一致性进行验证;和/或,对所述第一鉴别响应消息中的所述第一随机数和所述鉴别接入控制器生成的第一随机数的一致性进行验证。Then, before the sending module sends the third authentication response message, the verification module is further configured to: verify the identity of the authentication access controller and the authentication access controller in the first authentication response message. and/or, verifying the consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller.
  37. 根据权利要求30所述的鉴别接入控制器,其特征在于,所述第一鉴别请求消息中还包括第二身份信息密文,所述第二身份信息密文是所述鉴别接入控制器利用加密证书的公钥对包括所述鉴别接入控制器的身份标识和所述鉴别接入控制器的第二身份密钥在内的信息加密生成的,所述第二身份密钥包括第四密钥和第五密钥;The authentication access controller according to claim 30, wherein the first authentication request message further includes a second identity information ciphertext, and the second identity information ciphertext is the authentication access controller The information including the identity of the authentication access controller and the second identity key of the authentication access controller are encrypted and generated by using the public key of the encryption certificate, and the second identity key includes the fourth identity key. key and fifth key;
    相应的,所述第一鉴别响应消息中还包括所述鉴别接入控制器的身份标识密文;所述第一鉴别结果信息是利用所述第四密钥对包括所述鉴别接入控制器的第一验证结果在内的信息加密生成的;所述鉴别接入控制器的身份标识密文是利用所述第五密钥对包括所述鉴别接入控制器的身份标识在内的信息加密生成的;Correspondingly, the first authentication response message further includes the identity ciphertext of the authentication access controller; the first authentication result information includes the authentication access controller using the fourth key pair. The information including the first verification result of the authentication access controller is encrypted and generated; the ciphertext of the identity identification of the authentication access controller is to use the fifth key to encrypt the information including the identification of the authentication access controller. Generated;
    所述验证模块还用于:根据所述鉴别接入控制器自身的身份标识和所述第五密钥对所述鉴别接入控制器的身份标识密文进行验证;若验证通过,则所述发送模块再向所述请求设备发送第三鉴别响应消息;其中,所述第三鉴别响应消息中的身份鉴别结果信息密文的加密数据还包括所述第四密钥。The verification module is further configured to: verify the ciphertext of the identity identification of the identification access controller according to the identification of the identification access controller itself and the fifth key; if the verification is passed, the The sending module sends a third authentication response message to the requesting device, wherein the encrypted data of the ciphertext of the identity authentication result information in the third authentication response message further includes the fourth key.
  38. 根据权利要求31所述的鉴别接入控制器,其特征在于,所述发送模块发送的第三鉴别响应消息中还包括第一消息完整性校验码,所述第一消息完整性校验码是所述鉴别接入控制器利用消息完整性校验密钥对包括所述第三鉴别响应消息中除所述第一消息完整性校验码外的其他字段计算生成的;其中,所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。The authentication access controller according to claim 31, wherein the third authentication response message sent by the sending module further includes a first message integrity check code, the first message integrity check code is calculated and generated by the authentication access controller using a message integrity check key pair including other fields in the third authentication response message except the first message integrity check code; wherein, the message The integrity check key is generated in the same manner as the message encryption key.
  39. 根据权利要求31所述的鉴别接入控制器,其特征在于,所述接收模块接收的所述第四鉴别响应消息中还包括第二消息完整性校验码;The authentication access controller according to claim 31, wherein the fourth authentication response message received by the receiving module further includes a second message integrity check code;
    则在所述确定模块确定所述请求设备的身份鉴别结果之前,所述验证模块还用于利用消息完整性校验密钥验证所述第二消息完整性校验码;其中,所述消息完整性校验密钥与所述消息加密密钥的生成方式相同。Then, before the determination module determines the identity authentication result of the requesting device, the verification module is further configured to verify the second message integrity check code by using a message integrity check key; wherein, the message integrity The verification key is generated in the same manner as the message encryption key.
  40. 根据权利要求30所述的鉴别接入控制器,其特征在于,当所述身份密文消息中还包括所述请求设备的数字签名时,在确定所述请求设备的身份鉴别结果之前,所述确定模块还用于:确定所述请求设备的数字签名是否验证通过,若确定所述请求设备的数字签名验证通过,则再根据所述第二鉴别结果信息中的第二验证结果确定所述请求设备的身份鉴别结果。The authentication access controller according to claim 30, wherein when the identity ciphertext message further includes the digital signature of the requesting device, before determining the identity authentication result of the requesting device, the The determining module is further configured to: determine whether the digital signature of the requesting device has passed the verification, and if it is determined that the digital signature of the requesting device has passed the verification, then determine the request according to the second verification result in the second authentication result information The authentication result of the device.
  41. 根据权利要求40所述的鉴别接入控制器,其特征在于,所述确定模块通过以下方式确定所述请求设备的数字签名是否验证通过:The authentication access controller according to claim 40, wherein the determining module determines whether the digital signature of the requesting device is verified by the following methods:
    所述第二鉴别服务器利用所述请求设备的数字证书对所述请求设备的数字签名进行验证,若所述接收模块接收到所述第一鉴别响应消息,则所述确定模块确定所述请求设备的数字签名已验证通过;或者,The second authentication server verifies the digital signature of the requesting device by using the digital certificate of the requesting device, and if the receiving module receives the first authentication response message, the determining module determines the requesting device 's digital signature has been verified; or,
    当所述第二鉴别结果信息中还包括所述请求设备的数字证书时,由所述验证模块利用所述请求设备的数字证书对所述请求设备的数字签名进行验证,所述确定模块根据验证结果确定所述请求设备的数字签名是否验证通过。When the second authentication result information also includes the digital certificate of the requesting device, the verification module verifies the digital signature of the requesting device by using the digital certificate of the requesting device, and the determining module verifies the digital signature of the requesting device according to the verification As a result, it is determined whether the digital signature of the requesting device passes the verification.
  42. 根据权利要求30至41任一项所述的鉴别接入控制器,其特征在于,所述鉴别接入控制器向所述请求设备发送的消息还包括所述鉴别接入控制器对接收到的所述请求设备发送的最新前序消息计算的杂凑值;The authenticated access controller according to any one of claims 30 to 41, wherein the message sent by the authenticated access controller to the requesting device further includes the received The hash value calculated by the latest pre-order message sent by the requesting device;
    所述鉴别接入控制器向所述第一鉴别服务器发送的消息还包括所述鉴别接入控制器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值。The message sent by the authentication access controller to the first authentication server further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the first authentication server.
  43. 一种第一鉴别服务器,其特征在于,所述第一鉴别服务器包括:A first authentication server, characterized in that the first authentication server comprises:
    接收模块,用于接收鉴别接入控制器发送的第一鉴别请求消息,所述第一鉴别请求消息中包括第一身份信息密文和所述鉴别接入控制器的身份鉴别码,所述第一身份信息密文是请求设备利用加密证书的 公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥,所述鉴别接入控制器的身份鉴别码是所述鉴别接入控制器利用与所述第一鉴别服务器的预共享密钥,采用与所述第一鉴别服务器约定的密码算法对包括所述第一身份信息密文在内的信息计算生成的;The receiving module is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the first identity information ciphertext and the identity authentication code of the authentication access controller, the first authentication request message An identity information ciphertext is generated by the requesting device by encrypting the information including the identity information of the requesting device and the first identity key of the requesting device by using the public key of the encryption certificate, and the identity information of the requesting device includes The digital certificate of the requesting device, the first identity key includes a second key, and the authentication code of the authentication access controller is the authentication code that the authentication access controller uses to pre-register with the first authentication server. a shared key, which is calculated and generated from the information including the ciphertext of the first identity information by using the cryptographic algorithm agreed with the first authentication server;
    发送模块,用于向所述鉴别接入控制器发送第一鉴别响应消息,所述第一鉴别响应消息包括第一鉴别结果信息、所述请求设备信任的第二鉴别服务器的第一数字签名、第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码;所述第一鉴别结果信息中包括对所述鉴别接入控制器的第一验证结果,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的数字签名,所述第二鉴别结果信息密文是利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成的,所述第二鉴别结果信息中包括对所述请求设备的数字证书的第二验证结果,所述第一鉴别服务器的第一消息鉴别码是所述第一鉴别服务器利用与所述鉴别接入控制器的预共享密钥,采用与所述鉴别接入控制器约定的密码算法对包括所述第二鉴别结果信息密文在内的信息计算生成的。A sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, the first digital signature of the second authentication server trusted by the requesting device, The ciphertext of the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server on the signature data including the first authentication result information, and the ciphertext of the second authentication result information is obtained by using the second key pair to include the second authentication result The information including the information is encrypted and generated, the second authentication result information includes the second verification result of the digital certificate of the requesting device, and the first message authentication code of the first authentication server is the first authentication code. The server uses the pre-shared key with the authentication access controller, and uses the cryptographic algorithm agreed with the authentication access controller to calculate and generate the information including the ciphertext of the second authentication result information.
  44. 根据权利要求43所述的第一鉴别服务器,其特征在于,所述第一鉴别服务器还包括:The first authentication server of claim 43, wherein the first authentication server further comprises:
    第一验证模块,用于对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果,利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥,对所述请求设备的数字证书进行合法性验证得到第二验证结果;The first verification module is used to verify the identity authentication code of the authentication access controller to obtain a first verification result, and decrypt the ciphertext of the first identity information by using the private key corresponding to the encryption certificate to obtain the digital code of the requesting device. the certificate and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;
    第一生成模块,用于根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息,根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息,利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文,对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名,对包括所述第二鉴别结果信息密文在内的信息计算生成第一鉴别服务器的第一消息鉴别码;The first generation module is configured to generate the first identification result information according to the information including the first verification result, generate the second identification result information according to the information including the second verification result, and use the The second key encrypts the information including the second authentication result information to generate the ciphertext of the second authentication result information, calculates the signature data including the first authentication result information to generate the first digital signature, and generates the first digital signature for the information including the first authentication result information. The information including the ciphertext of the second authentication result information is calculated to generate the first message authentication code of the first authentication server;
    第二生成模块,用于根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The second generating module is configured to, based on information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the first message authentication code of the first authentication server The first authentication response message is generated.
  45. 根据权利要求43所述的第一鉴别服务器,其特征在于,所述第一鉴别服务器还包括:The first authentication server of claim 43, wherein the first authentication server further comprises:
    第二验证模块,用于对所述鉴别接入控制器的身份鉴别码进行验证得到第一验证结果;a second verification module, configured to verify the identity authentication code of the authentication access controller to obtain a first verification result;
    第三生成模块,用于根据包括所述第一验证结果在内的信息生成所述第一鉴别结果信息,对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成第二数字签名或对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成第二消息鉴别码;A third generating module, configured to generate the first authentication result information according to the information including the first verification result, and sign the first authentication result information and the ciphertext of the first identity information. Data calculation to generate a second digital signature or calculation of information including the first authentication result information and the ciphertext of the first identity information to generate a second message authentication code;
    所述发送模块,还用于向第二鉴别服务器发送第二鉴别请求消息,所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二数字签名或所述第二鉴别请求消息中包括所述第一鉴别结果信息、所述第一身份信息密文和所述第二消息鉴别码;The sending module is further configured to send a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second authentication request message. The digital signature or the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second message authentication code;
    所述接收模块,还用于接收所述第二鉴别服务器发送的第二鉴别响应消息,所述第二鉴别响应消息中包括所述第一鉴别结果信息、第一数字签名、第二鉴别结果信息密文和第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、第一数字签名、第二鉴别结果信息密文和第三消息鉴别码;其中,所述第一数字签名是所述第二鉴别服务器对包括所述第一鉴别结果信息在内的签名数据计算生成的;所述第三数字签名是所述第二鉴别服务器对包括所述第二鉴别结果信息密文在内的签名数据计算生成的或所述第三消息鉴别码是所述第二鉴别服务器对包括所述第二鉴别结果信息密文在内的信息计算生成的;The receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information The ciphertext and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the ciphertext of the second authentication result information and the third message authentication code; wherein the first authentication result information The digital signature is calculated and generated by the second authentication server on the signature data including the first authentication result information; the third digital signature is the encryption of the second authentication result information including the second authentication result information by the second authentication server. The signature data including the text is calculated and generated or the third message authentication code is generated by the second authentication server on the information including the cipher text of the second authentication result information;
    第三验证模块,用于利用所述第二鉴别服务器的公钥验证所述第三数字签名或利用与所述第二鉴别服务器的预共享密钥验证所述第三消息鉴别码;a third verification module, configured to use the public key of the second authentication server to verify the third digital signature or to verify the third message authentication code using the pre-shared key with the second authentication server;
    第四生成模块,用于若验证通过,则对包括所述第二鉴别结果信息密文在内的信息计算生成所述第一鉴别服务器的第一消息鉴别码,根据包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第一鉴别服务器的第一消息鉴别码在内的信息生成所述第一鉴别响应消息。The fourth generation module is used to calculate and generate the first message authentication code of the first authentication server for the information including the ciphertext of the second authentication result information, if the verification is passed, according to the information including the first authentication result Information including the information, the first digital signature, the ciphertext of the second authentication result information, and the first message authentication code of the first authentication server generates the first authentication response message.
  46. 根据权利要求43至45任一项所述的第一鉴别服务器,其特征在于,所述第一鉴别服务器向所述鉴别接入控制器发送的消息还包括所述第一鉴别服务器对接收到的所述鉴别接入控制器发送的最新前序消息计算的杂凑值;所述第一鉴别服务器向所述第二鉴别服务器发送的消息还包括所述第一鉴别服务器对接收到的所述第二鉴别服务器发送的最新前序消息计算的杂凑值。The first authentication server according to any one of claims 43 to 45, characterized in that the message sent by the first authentication server to the authentication access controller further includes the message received by the first authentication server on the received The hash value calculated by the latest pre-order message sent by the authentication access controller; the message sent by the first authentication server to the second authentication server also includes the second authentication server received by the first authentication server. The hash value calculated by the latest preorder message sent by the authentication server.
  47. 一种第二鉴别服务器,其特征在于,所述第二鉴别服务器包括:A second authentication server, characterized in that the second authentication server comprises:
    接收模块,用于接收第一鉴别服务器发送的第二鉴别请求消息,所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二数字签名或所述第二鉴别请求消息中包括第一鉴别结果信息、第一身份信息密文和第二消息鉴别码;其中,所述第一身份信息密文是请求设备利用加密证书的公钥对包括所述请求设备的身份信息和所述请求设备的第一身份密钥在内的信息加密生成的,所述请求设备的身份信息包括所述请求设备的数字证书,所述第一身份密钥包括第二密钥;所述第二数字签名是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的签名数据计算生成的或所 述第二消息鉴别码是所述第一鉴别服务器对包括所述第一鉴别结果信息和所述第一身份信息密文在内的信息计算生成的;A receiving module, configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the ciphertext of the first identity information and the second digital signature or the second authentication The request message includes the first authentication result information, the ciphertext of the first identity information and the second message authentication code; wherein, the ciphertext of the first identity information is the identity of the requesting device that is used by the requesting device using the public key of the encryption certificate information and information including the first identity key of the requesting device are encrypted and generated, the identity information of the requesting device includes the digital certificate of the requesting device, and the first identity key includes the second key; the The second digital signature is calculated and generated by the first authentication server on the signature data including the first authentication result information and the ciphertext of the first identity information, or the second message authentication code is the first authentication code. An authentication server calculates and generates the information including the first authentication result information and the ciphertext of the first identity information;
    验证模块,用于利用所述第一鉴别服务器的公钥验证所述第二数字签名或利用与所述第一鉴别服务器的预共享密钥验证所述第二消息鉴别码,若验证通过,则利用加密证书对应的私钥解密所述第一身份信息密文得到所述请求设备的数字证书和所述第二密钥,对所述请求设备的数字证书进行合法性验证得到第二验证结果;A verification module, configured to verify the second digital signature using the public key of the first verification server or verify the second message verification code using the pre-shared key with the first verification server, if the verification is passed, then Decrypt the ciphertext of the first identity information with the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the second key, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;
    生成模块,用于根据包括所述第二验证结果在内的信息生成所述第二鉴别结果信息,利用所述第二密钥对包括第二鉴别结果信息在内的信息加密生成第二鉴别结果信息密文,对包括所述第一鉴别结果信息在内的签名数据计算生成第一数字签名,对包括所述第二鉴别结果信息密文在内的签名数据计算生成第三数字签名或对包括所述第二鉴别结果信息密文在内的信息计算生成第三消息鉴别码;A generating module, configured to generate the second authentication result information according to the information including the second authentication result, and use the second key to encrypt the information including the second authentication result information to generate the second authentication result Information ciphertext, calculating the signature data including the first authentication result information to generate a first digital signature, calculating the signature data including the second authentication result information ciphertext to generate a third digital signature or The information including the ciphertext of the second authentication result information is calculated to generate a third message authentication code;
    发送模块,用于向所述第一鉴别服务器发送的第二鉴别响应消息,所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三数字签名或所述第二鉴别响应消息中包括所述第一鉴别结果信息、所述第一数字签名、所述第二鉴别结果信息密文和所述第三消息鉴别码。A sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result The ciphertext of the information and the third digital signature or the second authentication response message includes the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the third message Authentication code.
  48. 根据权利要求47所述的第二鉴别服务器,其特征在于,所述第二鉴别服务器向所述第一鉴别服务器发送的消息还包括所述第二鉴别服务器对接收到的所述第一鉴别服务器发送的最新前序消息计算的杂凑值。The second authentication server according to claim 47, wherein the message sent by the second authentication server to the first authentication server further comprises the second authentication server receiving the first authentication server The hash value computed by the latest preorder message sent.
  49. 一种请求设备,其特征在于,所述请求设备包括:A requesting device, characterized in that the requesting device comprises:
    存储器,用于存储程序指令;memory for storing program instructions;
    处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行如权利要求1~18任一项中请求设备侧的方法。The processor is configured to call the program instructions stored in the memory, and execute the method on the requesting device side in any one of claims 1 to 18 according to the obtained program.
  50. 一种鉴别接入控制器,其特征在于,所述鉴别接入控制器包括:An authentication access controller, characterized in that the authentication access controller comprises:
    存储器,用于存储程序指令;memory for storing program instructions;
    处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行如权利要求1~18任一项中鉴别接入控制器侧的方法。The processor is configured to call the program instructions stored in the memory, and execute the method for authenticating the access controller side according to any one of claims 1 to 18 according to the obtained program.
  51. 一种第一鉴别服务器,其特征在于,所述第一鉴别服务器包括:A first authentication server, characterized in that the first authentication server comprises:
    存储器,用于存储程序指令;memory for storing program instructions;
    处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行如权利要求1~18任一项中第一鉴别服务器侧的方法。The processor is configured to call the program instructions stored in the memory, and execute the method on the first authentication server side according to the obtained program according to any one of claims 1 to 18 .
  52. 一种第二鉴别服务器,其特征在于,所述第二鉴别服务器包括:A second authentication server, characterized in that the second authentication server comprises:
    存储器,用于存储程序指令;memory for storing program instructions;
    处理器,用于调用所述存储器中存储的程序指令,按照获得的程序执行如权利要求1~18任一项中第二鉴别服务器侧的方法。The processor is configured to invoke the program instructions stored in the memory, and execute the method on the second authentication server side in any one of claims 1 to 18 according to the obtained program.
  53. 一种计算机存储介质,其特征在于,所述计算机存储介质存储有计算机可执行指令,所述计算机可执行指令用于使所述计算机执行权利要求1至18任一项所述的方法。A computer storage medium, characterized in that, the computer storage medium stores computer-executable instructions, and the computer-executable instructions are used to cause the computer to execute the method of any one of claims 1 to 18 .
PCT/CN2021/140178 2020-12-26 2021-12-21 Identity authentication method and apparatus WO2022135418A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011569210.4 2020-12-26
CN202011569210.4A CN114760038A (en) 2020-12-26 2020-12-26 Identity authentication method and device

Publications (1)

Publication Number Publication Date
WO2022135418A1 true WO2022135418A1 (en) 2022-06-30

Family

ID=82157412

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/140178 WO2022135418A1 (en) 2020-12-26 2021-12-21 Identity authentication method and apparatus

Country Status (2)

Country Link
CN (1) CN114760038A (en)
WO (1) WO2022135418A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1564626A (en) * 2004-03-22 2005-01-12 西安电子科技大学 Radio LAN security access method based on roaming key exchange authentication protocal
US20050114680A1 (en) * 2003-04-29 2005-05-26 Azaire Networks Inc. (A Delaware Corporation) Method and system for providing SIM-based roaming over existing WLAN public access infrastructure
CN101420694A (en) * 2008-12-16 2009-04-29 天津工业大学 WAPI-XG1 access and fast switch authentication method
CN101631114A (en) * 2009-08-19 2010-01-20 西安西电捷通无线网络通信有限公司 Identity authentication method based on public key certificate and system thereof
US20100037302A1 (en) * 2006-12-18 2010-02-11 China Iwncomm Co, Ltd Peer-to-peer access control method of triple unit structure
CN102752306A (en) * 2012-07-09 2012-10-24 广州杰赛科技股份有限公司 Digital media management method and system based on identification

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050114680A1 (en) * 2003-04-29 2005-05-26 Azaire Networks Inc. (A Delaware Corporation) Method and system for providing SIM-based roaming over existing WLAN public access infrastructure
CN1564626A (en) * 2004-03-22 2005-01-12 西安电子科技大学 Radio LAN security access method based on roaming key exchange authentication protocal
US20100037302A1 (en) * 2006-12-18 2010-02-11 China Iwncomm Co, Ltd Peer-to-peer access control method of triple unit structure
CN101420694A (en) * 2008-12-16 2009-04-29 天津工业大学 WAPI-XG1 access and fast switch authentication method
CN101631114A (en) * 2009-08-19 2010-01-20 西安西电捷通无线网络通信有限公司 Identity authentication method based on public key certificate and system thereof
CN102752306A (en) * 2012-07-09 2012-10-24 广州杰赛科技股份有限公司 Digital media management method and system based on identification

Also Published As

Publication number Publication date
CN114760038A (en) 2022-07-15

Similar Documents

Publication Publication Date Title
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
JP2002532985A (en) Improved subscriber authentication protocol
WO2022135391A1 (en) Identity authentication method and apparatus, and storage medium, program and program product
WO2022135392A1 (en) Identity authentication method and apparatus, device, chip, storage medium, and program
WO2022135379A1 (en) Identity authentication method and apparatus
WO2022135394A1 (en) Identity authentication method and apparatus, storage medium, program, and program product
WO2022135383A1 (en) Identity authentication method and apparatus
WO2022135388A1 (en) Identity authentication method and apparatus, device, chip, storage medium, and program
WO2022135399A1 (en) Identity authentication method, authentication access controller, request device, storage medium, program, and program product
WO2022135418A1 (en) Identity authentication method and apparatus
WO2022135385A1 (en) Identity authentication method and apparatus
WO2022135384A1 (en) Identity authentication method and apparatus
WO2022135387A1 (en) Identity authentication method and apparatus
WO2022135386A1 (en) Method and device for identity authentication
WO2022135404A1 (en) Identity authentication method and device, storage medium, program, and program product
WO2022135377A1 (en) Identity authentication method and apparatus, and device, chip, storage medium and program
WO2022135382A1 (en) Identity authentication method and apparatus
WO2022135393A1 (en) Identity authentication method, authentication access controller, requesting device, authentication server, storage medium, program, and program product
WO2022135378A1 (en) Identity authentication method and apparatus
WO2022135398A1 (en) Identity authentication method and apparatus, device, chip, storage medium, and program
WO2022135380A1 (en) Identity authentication method and apparatus
WO2022135401A1 (en) Identity authentication method and apparatus, storage medium, program, and program product
Omori et al. Extended inter-device digital rights sharing and transfer based on device-owner equality verification using homomorphic encryption
WO2022135376A1 (en) Identity authentication method and apparatus
WO2022135413A1 (en) Identity authentication method, authentication access controller, requesting device, storage medium, program, and program product

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21909414

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21909414

Country of ref document: EP

Kind code of ref document: A1