Bidirectional access authentication method

Abstract

The invention relates to a mutual access authentication method, which comprises the following steps: 1) a first entity sends an access authentication request group to a second entity, the second entity verifies whether the sign of the first entity is correct, if it is, calculates the shared primary key of the second entity; 2) the second entity generates an access response group and sends to the first entity, the first entity verifies whether the sign of the access response group is correct, if it is, calculates the shared primary key of the first entity; 3) the first entity sends an access authentication acknowledgement group to the second entity, the second entity verifies the integrity of the access authentication acknowledgement; if the verification succeeds, the shared primary keys of the first and second entities are consistent, completing the access authentication. The access authentication method of mutual authentication, provided in this invention, is based on the identity mechanism and can be used for the verification of identity validity with simple operation and wide application range.

Description

field of invention [0001] The invention relates to a two-way access authentication method. Background technique [0002] For wireless networks, such as wireless local area network or wireless metropolitan area network, etc., its security problems are far more serious than wired Ethernet. For example, radio frequency identification tags (RFID), mobile terminals and access points of wireless personal area networks also face security issues. Before secure communication, the security authentication problem between the reader and the electronic tag in RFID must be effectively solved. Security authentication between mobile terminal and access point of wireless personal area network. Now the information of the electronic tag can be read as long as the card reader with the same function is used, and the same problem exists between the mobile terminal and the access point. Currently, there is no effective security solution in the field of RFID to solve this problem. [0003] The A...

AI Technical Summary

Problems solved by technology

[0007] 3. Each access point must establish a secure channel with the background authentication server in advance, and this secure channel generally needs to be manually established, which is not conducive to system expansion

[0008] 4. Poor security reliability

[0013] 3. Key management adopts time synchronization method, and state management is complicated

The enabling and disabling of new keys depends on time judgment, and maintaining a synchronized clock in a distributed system is more complicated

Multiple system states and complicated management

[0014] The Chinese national standard GB15629.11 overcomes some disadvantages of the above-mentioned security protocols, but it cannot be directly used to solve the security access problem of RFID. It mainly has the following shortcomings: because it is based on the digital certificate mechanism, the excessive communication and management load Not suitable for RFID field

[0016] However, the identity-based public key mechanism also has its own shortcomings, that is, the identity of the other party is the public key, which cannot be changed arbitrarily, lacks an effective mechanism for management, cannot manage entity identities flexibly, and is difficult to verify the validity of user identities

Images