Identity authentication method and system without CA

Abstract

The invention discloses an identity authentication method and system without CA. The method comprises the following steps: receiving a master station public key in master station asymmetric keys and a pre-stored first signature of the master station public key sent by a master station after receiving an identity authentication instruction; performing secondary signature on the master station public key sent by the master station after receiving the identity authentication instruction by using a security chip private key to obtain a second signature of the master station public key; when the two signatures are the same, generating a first random number; encrypting the first random number by using the master station public key, and sending an encryption result of the first random number to the master station; receiving a second random number sent by the master station; and when the first random number and the second random number are the same, judging that the master station passes the identity authentication, and sending an identity authentication pass result to the master station. According to the identity authentication method and system disclosed by the invention, the participation of an online CA is not required in an authentication process, thereby reducing the communication flow, eliminating the role of the third party CA and reducing the complexity of interaction.

Description

Technical field [0001] The present invention relates to the technical field of trusted computing, in particular to a CA-free identity authentication method and system. Background technique [0002] The authentication of asymmetric keys usually adopts a certificate, and a third-party authentication is provided through a CA (Certificate Management Authority). In the Internet scenario, it is difficult for communication parties to exchange keys through other secure methods such as meetings, so a third-party CA is required to ensure the security of the keys. However, if third-party certification is provided through CA in the industrial control system, not only the communication traffic is large, the interaction complexity is high, but also the communication bandwidth and communication stability of the industrial control system using 485 and wireless communication methods are far less reliable than the Internet. Provide third-party certification, the communication rate is low, and the...

AI Technical Summary

Problems solved by technology

However, in the industrial control system, if third-party certification is provided through CA, not only the communication traffic is large and the interaction complexity is high, but also for the industrial control system using 485, wireless and other communication methods, its communication bandwidth and communication stability are far less reliable than the Internet. Provide third-party certification, low communication rate, poor communication stability, unable to meet the certification requirements of industrial control systems

Images