Authentication key negotiation method for users in the pki domain to access resources in the ibc domain

Abstract

The invention discloses an authentication key negotiation method for users in the PKI domain to access resources in the IBC domain. The main operation steps are: A. Apply for access: the user in the PKI domain sends an authentication server in the domain to access the resources in the IBC domain request, the PKI domain authentication server authenticates the legitimacy of the user's identity and then forwards the user's access request to the authentication server in the IBC domain; B. Generate a user index and send it; C. Two-way identity authentication and negotiation session key: the session key is determined by the session key D. Re-authentication: When the user part of the session key exceeds its life cycle, but the authentication server part of the session key is still in its life cycle, If the user in the PKI domain still needs to access the resources in the IBC domain, fast re-authentication can be performed; E, the session is terminated. The method can effectively realize authentication key negotiation for users in the PKI domain to access resources in the IBC domain, consumes less resources and has high security.

Description

technical field [0001] The invention belongs to the technical field of cross-heterogeneous domain authentication and key agreement in information communication. Background technique [0002] For various applications in a distributed network environment, such as virtual enterprises, instant messaging systems, etc., users and the information resources they want to access are often in different trust domains. Different trust domains may be based on different cryptosystems, such as Kerberos-based cryptosystems, PKI (Public Key Infrastructure)-based cryptosystems, and IBC (Identity-Based Cryptography)-based cryptosystems. The authentication key agreement method between homogeneous domains has been researched a lot, and has been standardized and widely used. There are also many researches on the authentication key agreement method used between two domains of PKI and Kerberos. However, the authentication key agreement method when users in the PKI domain access resources in the IB...

AI Technical Summary

Problems solved by technology

However, a large number of certificates are used many times in this document. The certificates will consume a lot of resources in the process of transmission and storage, which is inconsistent with the original intention of people to design the IBC cryptographic system; the way of identity mapping is not direct, and it is feasible in real applications. Sex is not high

Moreover, this document only uses identity mapping and trust transfer to realize the idea of ​​authentication. There is no specific solution process, and it can only be regarded as a new idea of ​​cross-domain authorization rather than a solution that can be directly realized.