Method realizing public key acquiring, certificater verification and bidirectional identification of entity

Abstract

The invention relates to a method for achieving public key acquisition, certificate validation and authentication of an entity. The method comprises the following steps: (1) transmitting a message 2 to an entity A by an entity B; (2) transmitting a message 3 to a credible third party TP by the entity A after receiving the message 2; (3) determining response RepTA after the credible third party TP receives the message 3; (4) returning a message 4 to the entity A by the credible third party TP; (5) executing step (6) after the entity A receives the message 4 from the credible third party TP; (6) returning a message 5 to the entity B by the entity A; and (7) processing the message 5 after the entity B receives the message 5 from the entity A to obtain the authentication result of the entity A. The method can achieve public key acquisition, certificate validation and authentication of the entity by fusing in one protocol, thereby facilitating the execution efficiency and the effect of the protocol and facilitating the combination with various public acquisition and public key certificate state enquiry protocols. The method suits with a user-access point-server network structure accessed to the network to meet the authentication requirement of the access network.

Description

technical field [0001] The invention relates to a method for realizing public key acquisition, certificate verification and identification of entities. Background technique [0002] In the current computer network and communication network, before the user logs into the network for secure communication, entity authentication between the user and the network must be completed, either one-way authentication or two-way authentication. The authentication mechanism used is generally divided into two categories: based on symmetric key algorithm and based on public key (asymmetric key) algorithm. [0003] The authentication mechanism based on the public key algorithm and technology requires that the participant entity must have a pair of keys, that is, a public-private key pair, and the public key needs to be notified to other participant entities. Available notification methods include out-of-band notification method and certificate method, among which the out-of-band notificatio...

AI Technical Summary

Problems solved by technology

First of all, the user device may have limited storage resources, or the user is not willing to store the certificate revocation list CRL at all, which makes it impossible to download the certificate revocation list CRL periodically

Although there is no resource limitation in the access network, there may be issues such as policy restrictions in the access network

Secondly, when the user uses an online query mechanism such as the online certificate status protocol OCSP, the user needs to execute a separate online certificate status protocol OSCP and other protocols through the background server. These protocols often run on the HTTP protocol and belong to the application layer protocol. Using these protocols directly will be very complicated until the authentication of the network is completed

Even if it can be used, it needs to be completed through the structure of user-server and access point-server, which does not conform to the structure of user-access point-server, and cannot be directly and conveniently applied

Images