A method and apparatus for identity authentication
By introducing authentication servers and encryption technology, the problem of identity information being easily intercepted in communication networks is solved, and two-way identity authentication between the requesting device and the authentication access controller is realized, ensuring information confidentiality and network security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA IWNCOMM
- Filing Date
- 2020-12-26
- Publication Date
- 2026-07-10
AI Technical Summary
In communication networks, during the two-way authentication process between the requesting device and the authentication access controller, identity information is easily intercepted by attackers, leading to security risks. Furthermore, existing technologies cannot effectively protect private and sensitive information.
An authentication server is introduced to encrypt identity information using encryption certificates and random numbers, and to verify it using digital signatures, ensuring the confidentiality of identity information during transmission and achieving two-way identity authentication.
Protecting the confidentiality of identity information during transmission prevents unauthorized access, ensures that only legitimate users communicate with legitimate networks, and enhances network security.
Smart Images

Figure CN114760039B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network communication security technology, and in particular to an identity authentication method and apparatus. Background Technology
[0002] In communication networks, a requesting device can access the network through an authentication access controller. In situations with high security requirements, the authentication access controller needs to authenticate the requesting device, and the requesting device also needs to authenticate the authentication access controller to ensure that the requesting device is a legitimate user and that the network it is accessing is legitimate. Furthermore, peer-to-peer transmission in blockchain technology also requires establishing trust relationships between different nodes; therefore, node authentication is also crucial.
[0003] During the two-way authentication process between the requesting device and the authentication access controller, both need to provide their own identity information for authentication. However, this identity information typically carries private and sensitive information such as ID card number, home address, bank card information, geographical location information, and affiliated organization information. Furthermore, in practical applications, this identity information is usually contained in the entity's digital certificate, which serves as the entity's identity credential.
[0004] If the identity information of the requesting device or the authentication access controller is intercepted by an attacker and used for illegal purposes during the two-way authentication process between the requesting device and the authentication access controller, it will pose a great security risk to the authentication access controller, the requesting device, and the network. Summary of the Invention
[0005] To address the aforementioned technical issues, this application provides an identity authentication method and apparatus. By introducing an authentication server, the confidentiality of entity identity-related information is ensured while enabling bidirectional identity authentication between the requesting device and the authentication access controller, thus laying the foundation for ensuring that only legitimate users can communicate with legitimate networks.
[0006] In a first aspect, embodiments of this application provide an identity authentication method, including:
[0007] The authentication access controller obtains the identity encrypted message sent by the requesting device. The identity encrypted message includes the identity information encrypted by the requesting device. The identity information encrypted by the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate.
[0008] The authentication access controller sends a first authentication request message to a first authentication server it trusts. The first authentication request message includes the encrypted identity information of the requesting device and the encrypted identity information of the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the digital certificate of the authentication access controller and a second protection random number, using the public key of the encryption certificate.
[0009] The authentication access controller receives a first authentication response message sent by the first authentication server. The first authentication response message includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature. The first authentication result information ciphertext is generated by encrypting information including the first authentication result information using a second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first authentication result information ciphertext. The second authentication result information ciphertext is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.
[0010] The authentication access controller uses the public key of the first authentication server to verify the second digital signature; when the second digital signature is verified, the authentication access controller sends a third authentication response message to the requesting device. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first ciphertext of authentication result information, the first digital signature, and the second protection random number using a message encryption key.
[0011] The requesting device uses the message encryption key to decrypt the ciphertext of the authentication result information to obtain the first ciphertext of the authentication result information, the first digital signature, and the second protection random number;
[0012] The requesting device verifies the first digital signature using the public key of the second authentication server. If the verification passes, the requesting device decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. Based on the first verification result in the first authentication result information, the device determines the authentication result of the authentication access controller. When the requesting device determines that the authentication result of the authentication access controller is valid, it sends a fourth authentication response message to the authentication access controller; or...
[0013] The requesting device verifies the first digital signature using the public key of the second authentication server. If the verification passes, the requesting device sends a fourth authentication response message to the authentication access controller and decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. Based on the first verification result in the first authentication result information, the authentication access controller's identity authentication result is determined; or...
[0014] The requesting device verifies the first digital signature using the public key of the second authentication server; if the first digital signature is verified, the requesting device decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information, and determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the requesting device sends a fourth authentication response message to the authentication access controller.
[0015] The fourth authentication response message includes a first protected random number ciphertext, which is obtained by encrypting information including the first protected random number using the message encryption key.
[0016] After receiving the fourth authentication response message, the authentication access controller uses the message encryption key to decrypt the first protection random number ciphertext to obtain the first protection random number, uses the first protection random number to decrypt the second authentication result information ciphertext to obtain the second authentication result information, and determines the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
[0017] Secondly, embodiments of this application provide an authentication access controller, including:
[0018] The acquisition unit is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate.
[0019] The first sending unit is configured to send a first authentication request message to a first authentication server trusted by the authentication access controller. The first authentication request message includes the encrypted identity information of the requesting device and the encrypted identity information of the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the digital certificate of the authentication access controller and a second protection random number, using the public key of the encryption certificate.
[0020] A first receiving unit is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature. Specifically, the first authentication result information ciphertext is generated by encrypting information including the first authentication result information using a second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is generated by the second authentication server calculating signature data including the first authentication result information ciphertext. The second authentication result information ciphertext is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is generated by the first authentication server calculating signature data including the second authentication result information ciphertext.
[0021] The first verification unit is used to verify the second digital signature using the public key of the first authentication server;
[0022] The second sending unit is configured to send a third authentication response message to the requesting device after the second digital signature is verified. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first ciphertext of authentication result information, the first digital signature, and the second protection random number using a message encryption key.
[0023] The second receiving unit is configured to receive a fourth authentication response message sent by the requesting device. The fourth authentication response message includes a first protected random number ciphertext, which is obtained by encrypting information including the first protected random number using the message encryption key.
[0024] The decryption unit is used to decrypt the first protected random number ciphertext using the message encryption key to obtain the first protected random number, and to decrypt the second authentication result information ciphertext using the first protected random number to obtain the second authentication result information.
[0025] The first determining unit is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
[0026] Thirdly, embodiments of this application provide a requesting device, including:
[0027] The first sending unit is used to send an identity ciphertext message to the authentication access controller. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate.
[0028] The first receiving unit is configured to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including a first ciphertext of authentication result information, a first digital signature, and a second protection random number using a message encryption key. The first ciphertext of authentication result information is generated by encrypting information including the first authentication result information using the second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by a second authentication server trusted by the requesting device on signature data including the first ciphertext of authentication result information.
[0029] The first decryption unit is used to decrypt the ciphertext of the authentication result information using the message encryption key to obtain the first ciphertext of the authentication result information, the first digital signature, and the second protection random number.
[0030] The first verification unit is used to verify the first digital signature using the public key of the second authentication server. If the verification passes, the first decryption unit uses the second protection random number to decrypt the ciphertext of the first authentication result information to obtain the first authentication result information. The first determining unit determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the first determining unit determines that the identity authentication result of the authentication access controller is valid, the second sending unit sends a fourth authentication response message to the authentication access controller; or...
[0031] The second sending unit verifies the first digital signature using the public key of the second authentication server. If the verification passes, the second sending unit sends a fourth authentication response message to the authentication access controller, and the first decryption unit decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. The first determining unit determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; or...
[0032] The first digital signature is verified using the public key of the second authentication server. If the first digital signature is verified, the first decryption unit decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. The first determining unit determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information. The second sending unit sends a fourth authentication response message to the authentication access controller.
[0033] The fourth authentication response message includes a first protected random number ciphertext, which is obtained by encrypting information including the first protected random number using the message encryption key.
[0034] Fourthly, embodiments of this application provide a first authentication server, which is an authentication server trusted by the authentication access controller, and the first authentication server includes:
[0035] The first receiving unit is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device and encrypted identity information of the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the digital certificate of the authentication access controller and a second protection random number, using the public key of the encryption certificate. The encrypted identity information of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate.
[0036] A first sending unit is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature. The first authentication result information ciphertext is generated by encrypting information including the first authentication result information using a second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by a second authentication server trusted by the requesting device on signature data including the first authentication result information ciphertext. The second authentication result information ciphertext is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.
[0037] Fifthly, embodiments of this application provide a second authentication server, which is an authentication server requesting device trust. If the first authentication server trusted by the authentication access controller and the second authentication server requesting device trust are two different authentication servers, then the second authentication server includes:
[0038] The receiving unit is configured to receive a second authentication request message sent by a first authentication server. The second authentication request message includes encrypted first authentication result information, encrypted identity information of the requesting device, and a third digital signature. The third digital signature is a digital signature calculated and generated by the first authentication server from signature data including the encrypted first authentication result information and the encrypted identity information of the requesting device.
[0039] The first verification unit is used to verify the third digital signature using the public key of the first authentication server;
[0040] The decryption unit is used to decrypt the encrypted identity information of the requesting device using the private key corresponding to the encryption certificate when the third digital signature verification is successful, so as to obtain the digital certificate of the requesting device and the first protection random number.
[0041] The second verification unit is used to verify the legitimacy of the digital certificate of the requesting device to obtain a second verification result;
[0042] The generation unit is configured to generate second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the first protection random number to generate second authentication result information ciphertext, calculate and generate a first digital signature on the signature data including the first authentication result information ciphertext, and calculate and generate a fourth digital signature on the signature data including the second authentication result information ciphertext.
[0043] The sending unit is configured to send a second authentication response message to the first authentication server, wherein the second authentication response message includes the first authentication result information ciphertext, the first digital signature, the second authentication result information ciphertext, and the fourth digital signature.
[0044] As can be seen from the above technical solution, by keeping the identity information of both the requesting device and the authentication access controller confidential, the exposure of their identity information during transmission can be prevented. Furthermore, when transmitting the first verification result of the authentication access controller's digital certificate and the second verification result of the requesting device's digital certificate between the first authentication server and the authentication access controller, and between the authentication access controller and the requesting device, keeping the first and second verification results confidential can prevent their exposure during transmission. Therefore, during the process of the requesting device accessing the network through the authentication access controller, attackers cannot obtain private or sensitive information. Moreover, by introducing an authentication server, while ensuring the confidentiality of entity identity-related information, real-time two-way authentication of the requesting device and the authentication access controller is achieved, laying the foundation for ensuring that only legitimate users can communicate with the legitimate network. Attached Figure Description
[0045] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0046] Figure 1 A schematic diagram illustrating an identity authentication method provided in an embodiment of this application;
[0047] Figure 2 A schematic diagram illustrating a method for requesting a device REQ and negotiating an encryption key for an access controller AAC, provided in an embodiment of this application;
[0048] Figure 3 A schematic diagram illustrating an identity authentication method in a non-roaming situation provided in an embodiment of this application;
[0049] Figure 4 A schematic diagram illustrating another identity authentication method in a non-roaming situation provided in an embodiment of this application;
[0050] Figure 5 A schematic diagram illustrating an identity authentication method in a roaming situation provided in an embodiment of this application;
[0051] Figure 6 A schematic diagram illustrating another identity authentication method in roaming situations provided in an embodiment of this application;
[0052] Figure 7 This is a schematic diagram illustrating another identity authentication method in a non-roaming situation provided in the embodiments of this application, wherein "*" represents an optional field or optional operation;
[0053] Figure 8 This is a schematic diagram illustrating another identity authentication method in a non-roaming situation provided in the embodiments of this application, wherein "*" represents an optional field or optional operation;
[0054] Figure 9 This is a schematic diagram illustrating another identity authentication method in roaming situations provided in the embodiments of this application, where "*" represents an optional field or optional operation;
[0055] Figure 10 This is a schematic diagram illustrating another identity authentication method in roaming situations provided in the embodiments of this application, where "*" represents an optional field or optional operation;
[0056] Figure 11 A structural block diagram of an authentication access controller (AAC) provided in this application embodiment;
[0057] Figure 12 A structural block diagram of a request device REQ provided in an embodiment of this application;
[0058] Figure 13 A structural block diagram of a first authentication server AS-AAC provided in an embodiment of this application;
[0059] Figure 14 This is a structural block diagram of a second authentication server AS-REQ provided in an embodiment of this application. Detailed Implementation
[0060] In a communication network, a requesting device can access the network through an authentication access controller. To ensure that the requesting device is a legitimate user, the authentication access controller needs to authenticate the requesting device's identity. Similarly, to ensure that the network the requesting device is accessing is a legitimate network, the requesting device also needs to authenticate the authentication access controller's identity.
[0061] Taking current wireless and mobile communication scenarios as examples, in scenarios where a requesting device accesses a wireless network through an authentication access controller, the requesting device can be a mobile phone, a personal digital assistant (PDA), a tablet computer, or other terminal device, and the authentication access controller can be a wireless access point, a wireless router, or other network-side device. In scenarios where a requesting device accesses a wired network through an authentication access controller, the requesting device can be a desktop computer, a laptop computer, or other terminal device, and the authentication access controller can be a switch or a router, or other network-side device. In scenarios where a requesting device accesses a 4G / 5G network through an authentication access controller, the requesting device can be a mobile phone, a tablet computer, or other terminal device, and the authentication access controller can be a base station, or other network-side device. Of course, this application is also applicable to various data communication scenarios, including other wired networks and short-range communication networks.
[0062] However, the identity information of the requesting device and the authentication access controller is usually contained in the entity's digital certificate, which generally carries private and sensitive information. If, during the two-way authentication process between the requesting device and the authentication access controller, the identity information of the requesting device or the authentication access controller is intercepted by an attacker and used for illegal purposes, it will pose a significant security risk to the authentication access controller, the requesting device, and the network.
[0063] To address the aforementioned technical problems, this application provides an identity authentication method. An authentication access controller obtains an encrypted identity message sent by a requesting device. This encrypted identity message includes encrypted identity information of the requesting device, generated by encrypting encrypted data, including the requesting device's digital certificate and a first protection random number, using the public key of an encryption certificate. This ensures the security of the requesting device's identity information transmitted between the requesting device and the authentication access controller. Then, the authentication access controller sends a first authentication request message to a trusted first authentication server. This first authentication request message includes encrypted identity information of both the requesting device and the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the authentication access controller's digital certificate and a second protection random number, using the public key of an encryption certificate. This also ensures the security of the transmission of the requesting device's identity information and the authentication access controller's identity information between the authentication access controller and the first authentication server. The authentication access controller receives a first authentication response message sent by a first authentication server. The first authentication response message includes encrypted first authentication result information, a first digital signature, encrypted second authentication result information, and a second digital signature. The encrypted first authentication result information is generated by encrypting information including the first authentication result information using the second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on the signature data including the encrypted first authentication result information. The encrypted second authentication result information is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on the signature data including the encrypted second authentication result information. This ensures the security of the transmission of the verification results of the digital certificates of the authentication access controller and the requesting device between the first authentication server and the authentication access controller.After receiving the first authentication response message, the authentication access controller verifies the second digital signature using the public key of the first authentication server. Upon successful verification, it sends a third authentication response message to the requesting device. This third authentication response message includes encrypted authentication result information, which is generated by encrypting encrypted data, including the first authentication result information, the first digital signature, and the second protection random number, using a message encryption key. The requesting device decrypts the encrypted authentication result information using the message encryption key to obtain the first authentication result information, the first digital signature, and the second protection random number. It then verifies the first digital signature using the public key of the second authentication server. Upon successful verification, it further verifies the first authentication result using the second protection random number. The encrypted result information is decrypted to obtain the first authentication result information. Based on the first verification result in the first authentication result information, the authentication result of the authentication access controller is determined. The requesting device sends a fourth authentication response message to the authentication access controller. The fourth authentication response message includes a first protection random number ciphertext, which is obtained by encrypting information including the first protection random number using a message encryption key. The authentication access controller decrypts the first protection random number ciphertext using the message encryption key to obtain the first protection random number. It then decrypts the second authentication result information ciphertext using the first protection random number to obtain the second authentication result information. Based on the second verification result in the second authentication result information, the authentication result of the requesting device is determined.
[0064] The first authentication result information mentioned in this application embodiment is obtained by the authentication access controller's trusted first authentication server verifying the legality of the authentication access controller's digital certificate. The second authentication result information is obtained by the requesting device's trusted second authentication server verifying the legality of the requesting device's digital certificate. The aforementioned first authentication server and second authentication server can be two independent servers used for identity authentication, or the same server used for identity authentication. The above are merely examples of the requesting device, authentication access controller, and authentication server, and should not be construed as limiting the requesting device, authentication access controller, and authentication server. In other possible implementations of this application embodiment, the requesting device, authentication access controller, and authentication server can also be other devices.
[0065] The identity authentication method provided in this application embodiment realizes two-way identity authentication (MIA) between the requesting device and the authentication access controller.
[0066] For ease of explanation, in this embodiment of the application, the identity authentication method of the present application will be described using the requesting device (REQuester, abbreviated as REQ), the authentication access controller (AAC, abbreviated as AAC), and the authentication server (AS, abbreviated as AS) as examples.
[0067] In this system, the AS trusted by AAC is called the first authentication server (AS-AAC), and the AS trusted by REQ is called the second authentication server (AS-REQ). AS-AAC has the ability to verify the legitimacy of AAC digital certificates and holds digital certificates conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, along with their corresponding private keys. AS-REQ has the ability to verify the legitimacy of REQ digital certificates and also holds digital certificates conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, along with their corresponding private keys. Both AS-AAC and AS-REQ have the ability to transmit digital certificates to other ASs for verification and to transmit the verification results to other ASs. When AS-AAC and AS-REQ are different, they trust each other and are aware of each other's digital certificates or the public keys within those certificates. A Certificate Server-Decrypt (CS-DEC) holds encryption certificates and corresponding private keys that comply with ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems. There can be one or multiple encryption certificates. A CS-DEC can be a standalone server or reside in AS-AAC and / or AS-REQ.
[0068] REQ can be one endpoint participating in the authentication process, establishing a connection with AAC, accessing the services provided by AAC, and accessing AS through AAC. REQ holds a digital certificate conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, and the corresponding private key. REQ is aware of AS-REQ's digital certificate or the public key within the digital certificate, and is also aware of CS-DEC's encryption certificate or the public key within the encryption certificate. AAC can be another endpoint participating in the authentication process, establishing a connection with REQ, providing services, communicating with REQ, and directly accessing AS-AAC. AAC holds a digital certificate conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, and the corresponding private key. AAC is aware of AS-AAC's digital certificate or the public key within the digital certificate, and is also aware of CS-DEC's encryption certificate or the public key within the encryption certificate.
[0069] The following is combined with Figure 1 This application provides an embodiment of an identity authentication method, which includes:
[0070] S101, AAC obtains the encrypted identity message REQInit sent by REQ.
[0071] The REQInit contains REQ's identity information encrypted EncPub. AS_REQ Among them, EncPub AS_REQ For REQ, use the public key of the encryption certificate to pair with the digital certificate Cert containing REQ. REQ The encrypted data, including the first protection random number, is generated using encryption. Therefore, during the transmission of identity information between REQ and AAC, REQ's identity information is kept confidential, preventing its exposure during network access. In this application, the object to be encrypted is referred to as encrypted data.
[0072] S102, AAC sends a first authentication request message AACVeri to the AS-AAC it trusts.
[0073] The AAC Veri includes EncPub AS_REQ EncPub, containing AAC's identity information AS_AAC EncPub AS_AAC AAC uses the public key of the encryption certificate to pair with the digital certificate Cert of AAC. AAC The encrypted data, including the second protection random number, is generated using encryption. Therefore, during the transmission of identity information between AAC and AS-AAC, the identity information of both REQ and AAC is kept confidential, preventing their exposure during transmission.
[0074] It should be noted that if the AS-REQ trusted by REQ and the AS-AAC trusted by AAC are the same authentication server, that is, REQ and AAC jointly trust the same authentication server, then the authentication server jointly trusted by REQ and AAC can be represented by AS-AAC (or AS-REQ). In this case, AS-AAC (which can also be represented as AS-REQ) can be used to authenticate EncPub. AS_REQ and EncPub AS_AAC Send it to the certificate decryption server CS-DEC with which you have an interaction and trust relationship for decryption, and obtain the decrypted Certificate. REQ First protection random number, Cert AAC The second protection is a random number, or CS-DEC can reside in AS-AAC (also represented as AS-REQ), and AS-AAC (also represented as AS-REQ) uses the private key corresponding to the encryption certificate of CS-DEC to access EncPub. AS_REQ and EncPub AS_AAC Decrypt to obtain Cert REQ First protection random number, Cert AAC Second protection random number; AS-AAC (also represented as AS-REQ) verification Cert AAC The validity of the result is verified by the first validation result, which verifies the Cert. REQ The legitimacy is verified by a second verification result. Based on the information including the first verification result, a first authentication result is generated. Based on the information including the second verification result, a second authentication result is generated. The information including the first authentication result is encrypted using a second protection random number to generate ciphertext of the first authentication result. The information including the second authentication result is then encrypted using the first protection random number to generate ciphertext of the second authentication result. Finally, a first digital signature, Sig, is calculated from the signature data including the ciphertext of the first authentication result. AS_AAC1 (can also be represented as Sig) AS_REQ1 The second digital signature Sig is generated by calculating the signature data, including the encrypted information of the second authentication result. AS_AAC2 (can also be represented as Sig) AS_REQ2 According to the encrypted information including the first authentication result and the first digital signature Sig AS_AAC1 (can also be represented as Sig) AS_REQ1 The second authentication result information ciphertext and the second digital signature Sig AS_AAC2 (can also be represented as Sig) AS_REQ2 The information, including the first authentication response message ASVeri, is generated.
[0075] If the AS-REQ trusted by REQ and the AS-AAC trusted by AAC are two different authentication servers, then EncPub can be authenticated by AS-AAC. AS_AAC Send it to the CS-DEC with which you have an interaction and trust relationship for decryption, and obtain the decrypted Cert. AAC The second protection random number, or, AS-AAC first uses the private key corresponding to the encryption certificate of CS-DEC residing in AS-AAC to access EncPub. AS_AAC Decryption yields Cert AAC Second protection random number, AS-AAC verification Cert AAC The legitimacy is verified by a first verification result. Based on the information including the first verification result, a first authentication result is generated. A second protection random number is used to encrypt the information including the first authentication result to generate ciphertext of the first authentication result. Then, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ, wherein AS-AACVeri includes the ciphertext of the first authentication result and EncPub. AS_REQ and third digital signature Sig AS_AAC3 Sig AS_AAC3 AS-AAC includes the encrypted information of the first authentication result and EncPub. AS_REQ The signature data, including the one generated, is used to calculate the signature data; after receiving the AS-AACVeri, AS-REQ verifies the Sig using the public key of AS-AAC. AS_AAC3 After successful verification, AS-REQ can access EncPub. AS_REQ Send it to the CS-DEC with which you have an interaction and trust relationship for decryption, and obtain the decrypted Cert. REQ And the first protection random number, or, AS-REQ decrypts EncPub using the private key corresponding to the encryption certificate of the CS-DEC residing in AS-REQ. AS_REQ Get Cert REQ And the first protected random number, AS-REQ verification Cert REQ The legitimacy is verified by a second verification result. Based on the information including the second verification result, a second authentication result is generated. The information including the second authentication result is encrypted using a first protection random number to generate ciphertext of the second authentication result. A fourth digital signature, Sig, is generated by calculating the signature data including the ciphertext of the second authentication result. AS_REQ4 The first digital signature Sig is generated by calculating the signature data, including the encrypted information of the first authentication result. AS_REQ1 AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC, wherein AS-REQVeri includes the encrypted first authentication result information and the first digital signature Sig.AS_REQ1 The second authentication result information ciphertext and the fourth digital signature Sig AS_REQ4 AS-AAC uses the public key of AS-REQ to verify Sig. AS_REQ4 After successful verification, a second digital signature Sig is generated from the signature data, including the encrypted second authentication result information. AS_AAC2 And based on the encrypted information including the first authentication result and the first digital signature Sig AS_REQ1 The second authentication result information ciphertext and the second digital signature Sig AS_AAC2 The information included generates the first authentication response message ASVeri.
[0076] S103, AAC receives the first authentication response message ASVeri sent by AS-AAC.
[0077] The ASVeri includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature.
[0078] S104. AAC uses the AS-AAC public key to verify the second digital signature.
[0079] After successful verification, proceed with the subsequent operations.
[0080] S105, AAC sends a third authentication response message AACAuth to REQ.
[0081] The AACAuth includes the encrypted authentication result information EncData. AAC Among them, EncData AAC The message encryption key is generated by AAC using a symmetric encryption algorithm with a message encryption key to encrypt encrypted data including the ciphertext of the first authentication result, the first digital signature, and the second protection random number. The message encryption key can be negotiated between REQ and AAC, or it can be pre-shared between REQ and AAC. The implementation method for REQ and AAC to negotiate the message encryption key will be described later.
[0082] S106, REQ uses the message encryption key to ciphertext EncData, the authentication result information. AAC Decryption yields the first authentication result ciphertext, the first digital signature, and the second protection random number.
[0083] Due to EncData AAC It is calculated by AAC using a symmetric encryption algorithm with the message encryption key, therefore REQ receives EncData. AAC Then, the EncData can be encrypted using a symmetric encryption algorithm with the aforementioned message encryption key. AACDecryption yields the first authentication result ciphertext, the first digital signature, and the second protection random number.
[0084] S107, REQ uses AS-REQ's public key to verify the first digital signature.
[0085] S108, REQ uses the second protection random number to decrypt the ciphertext of the first authentication result information to obtain the first authentication result information, and determines the identity authentication result of AAC based on the first verification result in the first authentication result information.
[0086] S109, REQ sends the fourth authentication response message REQAuth to AAC.
[0087] The REQAuth includes a first protected random number ciphertext. The first protected random number ciphertext is obtained by REQ encrypting information, including the first protected random number, using the message encryption key.
[0088] It should be noted that the execution order of S107 to S109 does not affect the specific implementation of this application. In practical applications, the execution order of S107 to S109 can be set according to requirements. A preferred approach is to execute S107 first. If the REQ fails to verify the first digital signature, AACAuth is discarded. If the REQ verifies the first digital signature successfully, S108 is executed. If the REQ determines that AAC is valid, S109 is executed. If the REQ determines that AAC is invalid, the REQ chooses whether to execute S109 based on its local policy. Considering efficiency, the preferred solution is not to execute S109 and end the current authentication process.
[0089] S110 and AAC use the message encryption key to decrypt the ciphertext of the first protected random number to obtain the first protected random number, and use the first protected random number to decrypt the ciphertext of the second authentication result information to obtain the second authentication result information.
[0090] S111, AAC determines the identity authentication result of REQ based on the second verification result in the second authentication result information.
[0091] As can be seen from the above technical solution, when transmitting identity information between the requesting device and the authentication access controller, and between the authentication access controller and the authentication server, the identity information of both the requesting device and the authentication access controller is kept confidential, preventing their respective identity information from being exposed during transmission. Furthermore, when transmitting the first verification result of the authentication access controller's digital certificate and the second verification result of the requesting device's digital certificate between the authentication server and the authentication access controller, and between the authentication access controller and the requesting device, the first and second verification results are kept confidential, preventing their exposure during transmission. Therefore, during the requesting device's network access process, attackers cannot obtain private or sensitive information. Moreover, by introducing an authentication server, while ensuring the confidentiality of entity identity-related information, real-time two-way identity authentication between the requesting device and the authentication access controller is achieved, laying the foundation for ensuring that only legitimate users can communicate with the legitimate network.
[0092] In some embodiments, REQInit in S101 may also include the digital signature Sig of REQ. REQ Sig REQ The signature data includes the Sig in REQInit. REQ For the other fields mentioned earlier, AAC also needs to determine Sig before S111. REQ The verification process must pass before S111 can be executed. It should be noted that if AS-REQ and AS-AAC are the same authentication server, then the Sig... REQ Authentication can be performed by AS-AAC (also represented as AS-REQ) or by AAC; if AS-REQ and AS-AAC are two different authentication servers, then the Sig... REQ Verification can be performed using either AS-REQ or AAC. AAC determines Sig. REQ Whether the verification passes includes the following methods:
[0093] As a method of verifying Sig by an authentication server REQ In an embodiment where AS-REQ and AS-AAC are the same authentication server (i.e., non-roaming), when AS-AAC (which can also be represented as AS-REQ) verifies Sig... REQ At that time, Sig REQ It can be carried in S102 in AACPERi and transmitted to AS-AAC (also represented as AS-REQ). AS-AAC (also represented as AS-REQ) uses the decryption of the EncPub. AS_REQ The obtained Cert REQ Verify the SigREQ If the verification passes, subsequent operations are performed to generate and send the first authentication response message, etc.; if the verification fails, subsequent operations are not performed, and therefore the first authentication response message is not generated and sent. Therefore, AAC can determine Sig based on whether or not the first authentication response message is received. REQ Whether the verification passed. If the AAC receives the first authentication response message ASVeri, then the AAC can determine Sig. REQ Verification successful.
[0094] As a method of verifying Sig by an authentication server REQ In another embodiment, when AS-REQ and AS-AAC are two different authentication servers (i.e., roaming), when AS-REQ verifies Sig... REQ At that time, Sig REQ It can be carried in S102's AACVeri, and transmitted to AS-REQ via AS-AACVeri sent from AS-AAC to AS-REQ. AS-REQ then uses the decrypted EncPub to... AS_REQ The obtained Cert REQ Verify the Sig REQ If the verification passes, subsequent operations are performed to generate and send the second authentication response message and the subsequent first authentication response message. If the verification fails, subsequent operations are not performed, and therefore the second authentication response message and the subsequent first authentication response message are not generated and sent. Therefore, the AAC can determine Sig based on whether or not the first authentication response message is received. REQ Whether the verification passed. If the AAC receives the first authentication response message ASVeri, then the AAC can determine Sig. REQ Verification successful.
[0095] As a Sig verified by AAC REQ In an embodiment, when AAC verifies Sig REQ At the same time, the second authentication result information generated by the authentication server also includes Cert. REQ After AAC receives REQAuth from S109, it can use the Cert information in the second authentication result information obtained by decrypting the ciphertext of the second authentication result information. REQ Verify the Sig REQ Thus determining Sig REQ Has the verification passed?
[0096] In other embodiments, REQAuth in S109 may also include the digital signature Sig of REQ. REQ Sig REQ The signature data includes the Signature in REQAuth.REQ In this case, the second authentication result information generated by the authentication server also includes Cert, in addition to the other fields mentioned above. REQ Therefore, before S111, AAC also needs to utilize the Cert information in the second identification result. REQ Verify the Sig REQ Based on the verification results, determine Sig REQ Check if the verification is successful. Only if the verification is successful can S111 be executed.
[0097] In some embodiments, the AAC digital signature Sig in S102 may also include the AAC digital signature. AAC Sig AAC The signature data includes Sig in AACeri. AAC For the other fields mentioned earlier, before S108, REQ also needs to determine Sig. AAC The verification process must pass before S108 can be executed. REQ determines Sig. AAC Whether the verification passes includes the following methods: AS-AAC trusted by AAC utilizes decryption of EncPub in AACVeri. AS_AAC The obtained Cert AAC Verify the Sig AAC The subsequent process will only proceed after successful verification. Therefore, if REQ receives the AACAuth from S105, REQ will determine the Sig. AAC Verified.
[0098] In other embodiments, the AACAuth of S105 may also include the digital signature Sig of the AAC. AAC Sig AAC The signature data includes the Sig in AACAuth. AAC The other fields mentioned earlier, correspondingly, also include Cert in the first authentication result information generated by the authentication server. AAC Therefore, before REQ determines the identity authentication result of AAC in S108, REQ also needs to determine Sig. AAC Whether the verification passes or not, only if the verification passes can the AAC identity authentication result be determined based on the first verification result. Specifically, REQ determines Sig. AAC Whether the verification passes includes the following methods: REQ uses the Cert information in the first authentication result information obtained by decrypting the ciphertext of the first authentication result information. AAC Verify the Sig AAC Based on the verification results, determine Sig AAC Has the verification passed?
[0099] Please refer to Figure 1The messages transmitted between REQ, AAC, and the authentication server may also include parameters such as random numbers generated by AAC and / or REQ, and their respective identity identifiers. Normally, these random numbers and / or identity identifiers should remain unchanged during the authentication process, transmitted through various messages. However, in the event of network jitter or attacks, the random numbers and / or identity identifiers in the messages may be lost or tampered with. Therefore, during authentication, the consistency of the identity identifiers and / or random numbers in the messages can be verified to ensure the reliability and freshness of the authentication results.
[0100] For example, in REQInit of S101, EncPub AS_REQ The encrypted data may also include the REQ's identity ID. REQ and third-protected random number Nonce REQID Nonce REQID Used for ID REQ Encryption is performed. Correspondingly, the ASVeri of S103 can also include the REQ's ciphertext, for example, the REQ's ciphertext could be ID. REQ and Nonce REQID The result of the XOR operation is ID REQ ⊕Nonce REQID In S105's AACAuth, EncData AAC The encrypted data also includes REQ's identity ciphertext, then REQ decrypts the EncData. AAC They also received the encrypted identity information of the REQ, and the REQ then needed to verify their identity ID. REQ and the Nonce REQID Decrypting EncData AAC The obtained REQ identity ciphertext is verified, specifically including: REQ using the Nonce REQID For the identity ID of REQ itself REQ The information, including the REQ identifier, is encrypted to generate a ciphertext REQ identity, and the generated ciphertext REQ identity is then compared with the decrypted EncData. AAC The obtained REQ identity ciphertext is used for consistency verification; or, the REQ uses the Nonce. REQID Decrypting the REQ's ciphertext yields the ID. REQ and compare it with REQ's own identity ID. REQ Perform a consistency verification. If the verification passes, REQ will then execute the step in S108 to determine the identity authentication result of AAC.
[0101] Similarly, in S102's AACPERi, EncPub AS_AAC The encrypted data may also include AAC identity ID. AAC and the fourth protected random number Nonce AACID Nonce AACID Used for ID AAC Encryption is performed. Correspondingly, the ASVeri of S103 can also include the AAC's identity ciphertext, for example, the AAC's identity ciphertext could be ID. AAC and Nonce AACID The result of the XOR operation is ID AAC ⊕Nonce AACID Therefore, before determining the identity authentication result of REQ, AAC also needs to determine its own identity identifier ID. AAC and the Nonce AACID Verification of AAC's identity ciphertext, specifically including: AAC using the Nonce... AACID For AAC's own identity ID AAC The information, including the ciphertext, is encrypted to generate the AAC's identity ciphertext, and the generated AAC identity ciphertext is then compared with the AAC identity ciphertext received in S103; alternatively, the AAC utilizes the Nonce... AACID Decrypting the AAC identity ciphertext yields the ID. AAC and compare it with AAC's own identity ID. AAC Perform a consistency verification. If the verification passes, AAC will then execute the step in S111 to determine the identity authentication result of REQ.
[0102] In some embodiments, if REQInit in S101 also includes a second random number Nonce generated by REQ. REQ The AAC-generated first random number (Nonce) in S102's AACVeri also includes the first random number generated by AAC. AAC and the Nonce REQ Correspondingly, the Nonce can also be included in the ASVeri of S103. REQ and the Nonce AAC In S105's AACAuth, EncData AAC The encrypted data also includes Nonce REQ Therefore, after receiving the ASVeri from S103, AAC also needs to retrieve the Nonce from the ASVeri. AAC Nonce generated by AAC AAC (That is, the Nonce sent by AAC through AACCVeri) AACThe consistency of the data is verified. If the verification passes, AAC then executes the step in S111 to determine the identity authentication result of REQ. After receiving AACAuth from S105, REQ also needs to decrypt the EncData. AAC The Nonce obtained REQ Nonce generated by REQ REQ (That is, the nonce sent by REQ through REQInit) REQ The consistency of the AAC is verified. If the verification passes, REQ will then execute the step of determining the identity authentication result of AAC in S108.
[0103] In some embodiments, to ensure the reliability of the authentication result, AAC can generate a message integrity check code. For example, AACAuth in S105 may also include a first message integrity check code MacTag. AAC MacTag AAC AAC uses message integrity verification key pairs, including those in AACAuth excluding MacTag. AAC The REQ is generated from other fields besides the calculated value. Therefore, the REQ also needs to validate the MacTag. AAC After successful verification, proceed to step S108 to determine the identity authentication result of AAC. REQ verifies MacTag. AAC When using the message integrity verification key pair, the key should include the key pair in AACAuth excluding the MacTag. AAC Other fields are used to calculate and generate MacTag. AAC The calculated MacTag AAC With the MacTag in the received AACAuth AAC The comparison is performed; if they match, the verification passes; otherwise, the verification fails.
[0104] Similarly, REQ can also generate a message integrity check code. For example, REQAuth in S109 can also include a second message integrity check code, MacTag. REQ MacTag REQ REQ uses message integrity verification key pairs, including those in REQAuth excluding MacTag. REQ The calculation is generated from other fields besides the MACTag. Therefore, AAC also needs to verify the MACTag. REQ After successful verification, proceed with the step in S111 to determine the identity authentication result of the REQ. AAC verifies the MacTag. REQ When using the message integrity verification key pair, the key pair should include the REQAuth key except for the MacTag. REQ Other fields are used to calculate and generate MacTag. REQ The calculated MacTagREQ With the MacTag in the received REQAuth REQ The verification is performed by comparing the results. If they match, the verification passes; otherwise, it fails. The methods for generating message integrity verification keys using REQ and AAC will be described in the next embodiment.
[0105] The message encryption key in the above embodiments can be obtained through negotiation between REQ and AAC. Therefore, this embodiment also provides a method for negotiating the message encryption key using REQ and AAC. See [link to documentation]. Figure 2 The method includes:
[0106] S201, AAC sends a key request message AACInit to REQ.
[0107] The AACInit includes the AAC key exchange parameter KeyInfo. AAC KeyInfo AAC This includes the temporary public key of AAC. Key exchange refers to key exchange algorithms such as Diffie-Hellman (DH). The AACInit may also include the first random number (Nonce) generated by AAC. AAC .
[0108] The AACInit may also include security capabilities. AAC Security capabilities AAC This indicates the security capabilities supported by AAC, including the authentication suites (which contain one or more authentication methods), symmetric encryption algorithms, integrity verification algorithms, and / or key derivation algorithms supported by AAC. These parameters allow REQ to select specific security policies to use. REQ can then base its decisions on these security capabilities. AAC Select the specific security policy (Security capabilities) used by REQ. REQ Security capabilities REQ The REQ indicates the authentication method, symmetric encryption algorithm, integrity verification algorithm, and / or key derivation algorithm used.
[0109] S202, REQ is based on the key exchange parameter KeyInfo, which includes REQ. REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used to perform key exchange calculation to generate a first key, and the message encryption key is calculated using a key derivation algorithm based on information including the first key.
[0110] If the AACinit in S201 also includes the Nonce generated by AAC. AAC Then REQ can be based on KeyInfo. REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC The second random number Nonce generated by REQ REQ The information, including the message encryption key, is calculated using a negotiated or pre-defined key derivation algorithm. The negotiated key derivation algorithm can be based on the Security capabilities sent by the AAC according to the REQ. AAC The chosen key derivation algorithm. KeyInfo REQ This refers to the key exchange parameters generated by REQ, including REQ's temporary public key. KeyInfo REQ The corresponding temporary private key is the temporary private key generated by REQ that corresponds to the temporary public key of REQ, that is, the temporary public key and the temporary private key are a pair of temporary public-private keys.
[0111] S203, REQ sends the identity-encrypted message REQInit to AAC.
[0112] The REQInit includes KeyInfo. REQ So that AAC can be based on including KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The message encryption key is calculated from the information including the temporary public key. Among them, KeyInfo... AAC The corresponding temporary private key is the temporary private key generated by AAC that corresponds to the temporary public key of AAC. That is, the temporary public key and the temporary private key are a pair of temporary public-private keys.
[0113] The REQInit may also include security capabilities. REQ The REQInit may also include a Nonce. REQ So that AAC can use the KeyInfo as a basis. AAC The corresponding temporary private key, the KeyInfo REQ The included temporary public key, the Nonce AAC and the Nonce REQ The encryption key for the message is calculated from the information included.
[0114] The REQInit may also include the Nonce. AACTherefore, AAC can check the Nonce in REQInit before calculating the message encryption key. AAC Nonce generated by AAC AAC The consistency is verified to ensure that the REQInit received by AAC is a response message to AACInit.
[0115] S204, AAC based on including KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used to perform key exchange calculations to generate the first key, and the message encryption key is calculated using the key derivation algorithm based on information including the first key.
[0116] If the REQInit also includes the Nonce REQ Then AAC can be based on the KeyInfo. AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC and the Nonce REQ The information, including the message's encryption key, is calculated using a negotiated or pre-defined key derivation algorithm. The negotiated key derivation algorithm can be the Security capabilities sent by AAC based on the REQ. REQ The key export algorithm to be used.
[0117] It should be noted that, in Figure 2 In this embodiment, REQ and AAC can also generate message integrity verification keys. The implementation methods for REQ and AAC to generate message integrity verification keys are the same as... Figure 2 The implementation methods for generating message encryption keys for REQ and AAC in the examples are the same. For example, AAC can be generated through... Figure 2 The embodiment uses a key derivation algorithm to derive a string of key data. This key data can be used as both a message encryption key and a message integrity verification key. Alternatively, a portion of the key data can be used as a message encryption key, and the other portion as a message integrity verification key. AAC can also... Figure 2 The implementation method utilizes a key derivation algorithm to derive two identical or different key data sequences in stages: one sequence serves as the message encryption key, and the other as the message integrity verification key. REQ can be... Figure 2The embodiment uses a key derivation algorithm to derive a string of key data. This key data can be used as both a message encryption key and a message integrity verification key. Alternatively, a portion of the key data can be used as the message encryption key, and the other portion as the message integrity verification key. REQ can also be achieved through... Figure 2 The implementation method uses a key derivation algorithm to derive two strings of identical or different key data in stages. One string is used as the message encryption key, and the other string is used as the message integrity verification key.
[0118] This application also provides a method for determining the first authentication server and / or the second authentication server used in the current authentication process by utilizing information exchange between AAC and REQ:
[0119] Please refer to Figure 2 In S201's AACInit, AAC adds the identity ID of at least one authentication server trusted by AAC. AS_AAC Then REQ is based on the ID. AS_AAC Identify the identity ID of at least one authentication server that you trust. AS_REQ In practice, REQ is derived from ID. AS_AAC Select at least one authentication server that it trusts as its ID. AS_REQ If the selection fails, REQ will use the identity of at least one trusted authentication server as its ID. AS_REQ (Where, successful selection corresponds to a non-roaming situation, and failed selection corresponds to a roaming situation), and the ID... AS_REQ Add it to REQInit in S203 and send it to AAC. Then, AAC can use it based on the ID. AS_AAC and ID AS_REQ The primary authentication server, such as AAC, can be used to determine the ID. AS_REQ and ID AS_AAC If at least one identical authentication server identifier exists, it indicates a non-roaming situation. AAC determines the first authentication server to participate in authentication from among the at least one authentication server identifier trusted by both REQ and AAC. If no such identifier exists, it indicates a roaming situation, and AAC needs to determine the first authentication server based on the ID. AS_AAC Determine the first authentication server AS-AAC involved in identity authentication and set the ID. AS_REQ Send to AS-AAC so that AS-AAC can process the data based on the ID. AS_REQ Determine the second authentication server AS-REQ.
[0120] As another implementation, AAC may not need to send ID to REQ. AS_AACThe REQ adds the identity ID of at least one trusted authentication server to the REQInit of S203. AS_REQ According to ID AS_REQ The identity ID of the authentication server trusted by AAC itself. AS_AAC The specific implementation of the first authentication server and / or the second authentication server participating in the identity authentication process is as described in the previous implementation.
[0121] For the sake of simplicity, in the following examples, the verification of Cert is performed. AAC The first verification result of the legality is represented as Res AAC The first identification result information is used in Pub. AAC Indicates; validates Cert REQ The second verification result obtained from the legality is represented as Res REQ The second identification result information is used in Pub. REQ express.
[0122] Since the authentication servers for REQ and AAC trusts can be the same or different, when the authentication servers for REQ and AAC trusts are the same, it is a non-roaming situation; when the authentication servers for REQ and AAC trusts are different, it is a roaming situation.
[0123] In non-roaming scenarios, AS-AAC (or AS-REQ) can be used to represent an authentication server that is mutually trusted by both REQ and AAC. Furthermore, during the authentication process, the digital signature of the REQ, Sig, can also be verified. REQ and AAC's digital signature Sig AAC Verification can be performed, for example, by using AS-AAC (or AS-REQ) to verify Sig. REQ and Sig AAC Sig can also be verified by AAC. REQ Validated by REQ Sig AAC .
[0124] See Figure 3 In non-roaming scenarios, Sig is verified by AAC. REQ Validated by REQ Sig AAC In one embodiment of the identity authentication method, before execution, both REQ and AAC already possess the message encryption key. The message encryption key can be pre-shared by both parties or obtained through [other means]. Figure 2 The identity authentication method, obtained through negotiation as shown, includes:
[0125] S301, AAC obtains the encrypted identity message REQInit sent by REQ.
[0126] The REQInit contains REQ's identity information encrypted EncPub. AS_REQ and REQ's digital signature Sig REQ .
[0127] S302, AAC sends the first authentication request message AACVeri to AS-AAC.
[0128] The AAC Veri includes EncPub AS_REQ EncPub, containing AAC's identity information AS_AAC .
[0129] S303 and AS-AAC use the private key corresponding to the encryption certificate to access EncPub. AS_REQ and EncPub AS_AAC Decryption yields Cert REQ First protected random number (Nonce) REQPub Cert AAC Second protection random number Nonce AACPub , for Cert AAC and Cert REQ Res is obtained by performing legality verification separately. AAC and Res REQ According to Cert AAC and Res AAC Information generated in Pub AAC According to Cert REQ and Res REQ Information generated in Pub REQ Using Nonce AACPub For including Pub AAC The information, including the first authentication result ciphertext, is generated by encrypting the information and using Nonce. REQPub For including Pub REQ The information, including the first authentication result ciphertext, is encrypted to generate a second authentication result ciphertext. The signature data, including the first authentication result ciphertext, is then used to calculate and generate a first digital signature, Sig. AS_AAC1 The second digital signature Sig is generated by calculating the signature data, including the encrypted information of the second authentication result. AS_AAC2 .
[0130] S304, AAC receives the first authentication response message ASVeri sent by AS-AAC.
[0131] The ASVeri includes the encrypted first authentication result information and Sig. AS_AAC1 The second authentication result information ciphertext and Sig AS_AAC2 .
[0132] S305 and AAC use AS-AAC public key verification Sig AS_AAC2 If the verification passes, the message encryption key pair is used to include the ciphertext of the first authentication result information and the Sig. AS_AAC1 and Nonce AACPub EncData is used to encrypt the data and generate the authentication result information in ciphertext. AAC For EncData AAC The signature data, including the Sig, is calculated to generate the Sig. AAC .
[0133] S306, AAC sends a third authentication response message AACAuth to REQ.
[0134] The AACAuth includes the EncData. AAC and the Sig AAC .
[0135] S307, REQ uses the message encryption key to pair EncData AAC Decryption yields the first authentication result ciphertext, Sig AS_AAC1 and Nonce AACPub .
[0136] S308, REQ utilizes Nonce AACPub Decrypting the ciphertext of the first authentication result yields Pub AAC .
[0137] S309, REQ uses Pub AAC Cert in AAC Verify Sig AAC And, using AS-AAC public key verification Sig AS_AAC1 .
[0138] If all verifications pass, proceed to step S310.
[0139] S310, REQ (based on Pub) AAC Res in AAC Determine the identity verification result of AAC.
[0140] If REQ determines that AAC is valid, execute S311; if REQ determines that AAC is invalid, end the current authentication process.
[0141] S311, REQ utilizes a message encryption key pair including a first protection random number (Nonce). REQPub The information, including the random number ciphertext EncData, is encrypted to obtain the first layer of protection. REQ .
[0142] S312, REQ sends the fourth authentication response message REQAuth to AAC.
[0143] The REQAuth includes the EncData. REQ .
[0144] S313, AAC uses the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPub Decrypting the ciphertext of the second authentication result yields Pub REQ .
[0145] S314, AAC utilizes Pub REQ Cert in REQ Verify the Sig REQ .
[0146] If the verification passes, proceed with step S315.
[0147] S315, AAC according to Pub REQ Res in REQ Determine the identity verification result of REQ.
[0148] It should be noted that the S301 REQInit may not include Sig. REQ And add Sig to REQAuth in S312 REQ That is, in S312, REQ first checks the REQAuth file containing EncData. REQ The signature data, including the Sig, is calculated to generate the Sig. REQ In this case, the Sig verified by AAC in S314 REQ For S312's REQAuth, Sig REQ .
[0149] See Figure 4 In non-roaming scenarios, the Sig is verified by AS-AAC. REQ and Sig AAC In another embodiment of the identity authentication method, before execution, both REQ and AAC already possess the message encryption key. The message encryption key can be pre-shared by both parties or obtained through [other means]. Figure 2 The identity authentication method, obtained through negotiation as shown, includes:
[0150] S401, AAC retrieves the encrypted identity message REQInit sent by REQ.
[0151] The REQInit contains REQ's identity information encrypted EncPub. AS_REQand REQ's digital signature Sig REQ .
[0152] S402, AAC sends the first authentication request message AACVeri to AS-AAC.
[0153] The AACVeri includes REQInit and the ciphertext of AAC's identity information, EncPub. AS_AAC And AAC's digital signature Sig AAC The Sig AAC It is AAC that includes Sig in the AAC Veri. AAC This was generated from calculations performed on other fields previously.
[0154] S403 and AS-AAC decrypt EncPub using the private key corresponding to the encryption certificate. AS_REQ and EncPub AS_AAC Get Cert REQ First protected random number (Nonce) REQPub Cert AAC Second protection random number Nonce AACPub Using Cert REQ Verify the Sig REQ Using Cert AAC Verify the Sig AAC .
[0155] If all verifications pass, then execute S404.
[0156] S404, AS-AAC Validation Cert AAC and Cert REQ The legitimacy of Res AAC and Res REQ According to Res AAC Information generated in Pub AAC According to Res REQ Information generated in Pub REQ Using Nonce AACPub For including Pub AAC The information, including the first authentication result ciphertext, is generated by encrypting the information and using Nonce. REQPub For including Pub REQ The information, including the first authentication result ciphertext, is encrypted to generate a second authentication result ciphertext; the signature data, including the first authentication result ciphertext, is used to calculate and generate a first digital signature Sig. AS_AAC1 The second digital signature Sig is generated by calculating the signature data, including the encrypted information of the second authentication result. AS_AAC2 .
[0157] S405, AAC receives the first authentication response message ASVeri sent by AS-AAC.
[0158] The ASVeri includes the encrypted first authentication result information and Sig. AS_AAC1 The second authentication result information ciphertext and Sig AS_AAC2 .
[0159] S406, AAC uses AS-AAC's public key to verify Sig. AS_AAC2 If the verification passes, the message encryption key pair is used to include the ciphertext of the first authentication result information and the Sig. AS_AAC1 and Nonce AACPub EncData is used to encrypt the data and generate the authentication result information in ciphertext. AAC .
[0160] S407, AAC sends a third authentication response message AACAuth to REQ.
[0161] The AACAuth includes the EncData. AAC .
[0162] S408 and REQ use the message encryption key to pair EncData AAC Decryption yields the first authentication result ciphertext, Sig AS_AAC1 and Nonce AACPub .
[0163] S409 and REQ use AS-AAC public key verification Sig AS_AAC1 .
[0164] If the verification passes, proceed with S410.
[0165] S410, REQ utilizes Nonce AACPub Decrypting the ciphertext of the first authentication result yields Pub AAC .
[0166] S411, REQ (based on Pub) AAC Res in AAC Determine the identity verification result of AAC.
[0167] If REQ determines that AAC is valid, execute S412; if REQ determines that AAC is invalid, end the current authentication process.
[0168] S412, REQ utilizes a message encryption key pair including a first protection random number (Nonce). REQPub The information, including the random number ciphertext EncData, is encrypted to obtain the first layer of protection. REQ .
[0169] S413, REQ sends the fourth authentication response message REQAuth to AAC.
[0170] The REQAuth includes the EncData. REQ .
[0171] S414, AAC uses the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPub Decrypting the ciphertext of the second authentication result yields Pub REQ .
[0172] S415, AAC according to Pub REQ Res in REQ Determine the identity verification result of REQ.
[0173] In roaming scenarios, AS-AAC and AS-REQ trust each other and are aware of each other's digital certificates or the public keys within those certificates. Furthermore, during the authentication process, the digital signature (Sig) of the REQ can also be verified. REQ and AAC's digital signature Sig AAC Validation can be performed, for example, by using AS-REQ to validate the Sig. REQ Sigma was verified by AS-AAC. AAC Sig can also be verified by AAC. REQ Validated by REQ Sig AAC .
[0174] See Figure 5 In roaming situations, Sig is verified by AAC. REQ Validated by REQ Sig AAC In one embodiment of the identity authentication method, before execution, both REQ and AAC already possess the message encryption key. The message encryption key can be pre-shared by both parties or obtained through [other means]. Figure 2 The identity authentication method, obtained through negotiation as shown, includes:
[0175] S501, AAC obtains the encrypted identity message REQInit sent by REQ.
[0176] The REQInit contains REQ's identity information encrypted EncPub. AS_REQ REQ trusts at least one authentication server's identity ID. AS_REQ and REQ's digital signature Sig REQ .
[0177] S502, AAC sends the first authentication request message AACVeri to AS-AAC.
[0178] The AAC Veri includes EncPub AS_REQ ID AS_REQ EncPub, containing AAC's identity information AS_AAC .
[0179] S503, AS-AAC decryption EncPub AS_AAC Get Cert AAC Second protection random number Nonce AACPub .
[0180] S504, AS-AAC Validation Cert AAC The legitimacy of Res AAC According to Cert AAC and Res AAC Information generated in Pub AAC Using Nonce AACPub For including Pub AAC The information, including the first authentication result ciphertext, is encrypted to generate the first authentication result ciphertext and EncPub. AS_REQ The signature data, including the third digital signature Sig, is calculated to generate the third digital signature. AS_AAC3 .
[0181] S505, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
[0182] AS-AAC can be based on the ID. AS_REQ The second authentication server AS-REQ used in this authentication process is determined, and AS-AACVeri is sent to AS-REQ. AS-AACVeri includes the encrypted first authentication result information and EncPub. AS_REQ and Sig AS_AAC3 .
[0183] S506 and AS-REQ use AS-AAC public keys to verify Sig. AS_AAC3 .
[0184] If the verification passes, proceed with S507.
[0185] S507, AS-REQ Decryption EncPub AS_REQ Get Cert REQ and the first protected random number Nonce REQPub .
[0186] S508, AS-REQ verification Cert REQ The legitimacy of Res REQ According to CertREQ and Res REQ Information generated in Pub REQ Using Nonce REQPub For including Pub REQ The information, including the first authentication result ciphertext, is encrypted to generate a second authentication result ciphertext. A first digital signature, Sig, is then calculated from the signature data, including the first authentication result ciphertext. AS_REQ1 A fourth digital signature, Sig, is generated from the signature data, including the ciphertext of the second authentication result information. AS_REQ4 .
[0187] S509, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.
[0188] The AS-REQVeri includes the encrypted first authentication result information and Sig. AS_REQ1 The second authentication result information ciphertext and Sig AS_REQ4 .
[0189] S510 and AS-AAC use the public key of AS-REQ to verify Sig. AS_REQ4 .
[0190] If the verification passes, proceed with step S511.
[0191] S511 and AS-AAC calculate and generate a second digital signature Sig from the signature data, including the ciphertext of the second authentication result information. AS_AAC2 According to the encrypted information including the first identification result and Sig AS_REQ1 The second authentication result information ciphertext and Sig AS_AAC2 The information included generates the first authentication response message ASVeri.
[0192] S512, AS-AAC sends the first authentication response message ASVeri to AAC.
[0193] S513, AAC uses AS-AAC's public key to verify Sig. AS_AAC2 If the verification passes, the message encryption key pair is used to include the ciphertext of the first authentication result information and the Sig. AS_REQ1 and Nonce AACPub EncData is used to encrypt the data and generate the authentication result information in ciphertext. AAC For EncData AAC The signature data, including the Sig, is calculated to generate the Sig. AAC .
[0194] S514, AAC sends a third authentication response message AACAuth to REQ.
[0195] The AACAuth includes the EncData. AAC and the Sig AAC .
[0196] S515 and REQ use message encryption keys to EncData AAC Decryption yields the first authentication result ciphertext, Sig AS_REQ1 and Nonce AACPub .
[0197] S516, REQ utilizes Nonce AACPub Decrypting the ciphertext of the first authentication result yields Pub AAC .
[0198] S517, REQ utilizes Pub AAC Cert in AAC Verify Sig AAC And, using the AS-REQ public key to verify Sig AS_REQ1 .
[0199] If all verifications pass, then execute S518.
[0200] S518, REQ (based on Pub) AAC Res in AAC Determine the identity verification result of AAC.
[0201] If REQ determines that AAC is valid, execute S519; if REQ determines that AAC is invalid, end the current authentication process.
[0202] S519 and REQ utilize message encryption key pairs including a first protection random number (Nonce). REQPub The information, including the random number ciphertext EncData, is encrypted to obtain the first layer of protection. REQ .
[0203] S520 and REQ send the fourth authentication response message REQAuth to AAC.
[0204] The REQAuth includes the EncData. REQ .
[0205] S521, AAC uses the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPub Decrypting the ciphertext of the second authentication result yields Pub REQ .
[0206] S522, AAC using Pub REQ Cert inREQ Verify the Sig REQ .
[0207] If the verification passes, proceed to step S523.
[0208] S523, AAC according to Pub REQ Res in REQ Determine the identity verification result of REQ.
[0209] It should be noted that the REQInit in S501 may also exclude Sig. REQ In S520's REQAuth, add Sig REQ In S520, REQ first checks the REQAuth file containing EncData. REQ The signature data, including the Sig, is calculated to generate the Sig. REQ In this case, the Sig verified by AAC in S522 REQ For S520's REQAuth, Sig REQ .
[0210] See Figure 6 In roaming scenarios, the Sig is verified by AS-AAC. AAC Sigma was verified by AS-REQ. REQ In another embodiment of the identity authentication method, before execution, both REQ and AAC already possess the message encryption key. The message encryption key can be pre-shared by both parties or obtained through [other means]. Figure 2 The identity authentication method, obtained through negotiation as shown, includes:
[0211] S601, AAC obtains the encrypted identity message REQInit sent by REQ.
[0212] The REQInit contains REQ's identity information encrypted EncPub. AS_REQ REQ trusts at least one authentication server's identity ID. AS_REQ and REQ's digital signature Sig REQ .
[0213] S602, AAC sends the first authentication request message AACVeri to AS-AAC.
[0214] The AACVeri includes REQInit and the ciphertext of AAC's identity information, EncPub. AS_AAC And AAC's digital signature Sig AAC The Sig AAC It is AAC that includes Sig in the AAC Veri. AACThis was generated from calculations performed on other fields previously.
[0215] S603, AS-AAC decryption EncPub AS_AAC Get Cert AAC Second protection random number Nonce AACPub Using Cert AAC Verify the Sig AAC .
[0216] If the verification passes, execute S604.
[0217] S604, AS-AAC Validation Cert AAC The legitimacy of Res AAC According to Res AAC Information generated in Pub AAC Using Nonce AACPub For including Pub AAC The information, including the first authentication result ciphertext, is encrypted to generate the first authentication result ciphertext. A third digital signature, Sig, is then calculated from the signature data, including the first authentication result ciphertext and REQInit. AS_AAC3 .
[0218] S605, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
[0219] AS-AAC can be based on the ID. AS_REQ The second authentication server AS-REQ used in this authentication process is determined, and AS-AACVeri is sent to AS-REQ. AS-AACVeri includes REQInit, the encrypted first authentication result information, and Sig. AS_AAC3 .
[0220] S606 and AS-REQ use AS-AAC public keys to verify Sig. AS_AAC3 .
[0221] If the verification passes, proceed with S607.
[0222] S607, AS-REQ Decryption of EncPub in REQInit AS_REQ Get Cert REQ and the first protected random number Nonce REQPub Using Cert REQ Verify Sig in REQInit REQ .
[0223] If the verification passes, proceed to step S608.
[0224] S608, AS-REQ verification CertREQ The legitimacy of Res REQ According to Res REQ Information generated in Pub REQ Using Nonce REQPub For including Pub REQ The information, including the first authentication result ciphertext, is encrypted to generate a second authentication result ciphertext. A first digital signature, Sig, is then calculated from the signature data, including the first authentication result ciphertext. AS_REQ1 A fourth digital signature, Sig, is generated from the signature data, including the ciphertext of the second authentication result information. AS_REQ4 .
[0225] S609, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.
[0226] The AS-REQVeri includes the encrypted first authentication result information and Sig. AS_REQ1 The second authentication result information ciphertext and Sig AS_REQ4 .
[0227] S610 and AS-AAC use the public key of AS-REQ to verify Sig. AS_REQ4 .
[0228] If the verification passes, proceed with step S611.
[0229] S611 and AS-AAC calculate and generate a second digital signature Sig from the signature data, including the ciphertext of the second authentication result information. AS_AAC2 According to the encrypted information including the first identification result and Sig AS_REQ1 The second authentication result information ciphertext and Sig AS_AAC2 The information included generates the first authentication response message ASVeri.
[0230] S612, AS-AAC sends the first authentication response message ASVeri to AAC.
[0231] S613, AAC uses AS-AAC's public key to verify Sig. AS_AAC2 If the verification passes, the message encryption key pair is used to include the ciphertext of the first authentication result information and the Sig. AS_REQ1 and Nonce AACPub EncData is used to encrypt the data and generate the authentication result information in ciphertext. AAC .
[0232] S614, AAC sends a third authentication response message AACAuth to REQ.
[0233] The AACAuth includes the EncData.AAC .
[0234] S615 and REQ use message encryption keys to pair EncData AAC Decryption yields the first authentication result ciphertext, Sig AS_REQ1 and Nonce AACPub .
[0235] S616 and REQ use the AS-REQ public key to verify Sig. AS_REQ1 .
[0236] If the verification passes, proceed to step S617.
[0237] S617, REQ utilizes Nonce AACPub Decrypting the ciphertext of the first authentication result yields Pub AAC .
[0238] S618, REQ (based on Pub) AAC Res in AAC Determine the identity verification result of AAC.
[0239] If REQ determines that AAC is valid, execute S619; if REQ determines that AAC is invalid, end the current authentication process.
[0240] S619 and REQ utilize message encryption key pairs including a first protection random number (Nonce). REQPub The information, including the first layer of protection, is encrypted using a random number ciphertext, EncData. REQ .
[0241] S620 and REQ send the fourth authentication response message REQAuth to AAC.
[0242] The REQAuth includes the EncData. REQ .
[0243] S621, AAC uses the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPub Decrypting the ciphertext of the second authentication result yields Pub REQ .
[0244] S622, AAC according to Pub REQ Res in REQ Determine the identity verification result of REQ.
[0245] See Figure 7This is an embodiment of an identity authentication method in non-roaming scenarios, where AS-AAC (or AS-REQ) can be used to represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier to implement in engineering. Specifically, Sig... REQ Verified by AAC, Sig AAC Verified by REQ, the method includes:
[0246] S701, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0247] S702, AAC sends a key request message AACInit to REQ.
[0248] The AACInit includes Nonce AAC KeyInfo AAC and security capabilities AAC Among them, security capabilities AAC This is an optional field that represents the security capabilities supported by AAC, including the authentication suites, symmetric encryption algorithms, integrity verification algorithms, and / or key derivation algorithms supported by AAC (the same applies throughout the text).
[0249] S703, REQ generates Nonce REQ KeyInfo REQ Nonce REQID and Nonce REQPub Generate security capabilities as needed REQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm. This step can also be performed only when REQ requires the message encryption key and / or message integrity verification key. The encrypted identity information EncPub of REQ is then calculated using the public key of the encryption certificate. AS_REQ ; Calculate SigREQ .
[0250] Among them, security capabilities REQ This is an optional field, indicating that the REQ is based on Security capabilities. AAC The choice of a specific security strategy, i.e., the REQ determines the authentication method, symmetric encryption algorithm, integrity verification algorithm, and / or key derivation algorithm to be used (the same applies throughout the text); whether the REQ generates security capabilities. REQ It depends on whether the AACInit sent by AAC to REQ includes security capabilities. AAC .
[0251] S704, REQ sends the identity-encrypted message REQInit to AAC.
[0252] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ and Sig REQ Among them, Nonce AAC and security capabilities REQ It is an optional field, and Nonce AAC It should equal the corresponding field in AACInit. (EncPub) AS_REQ The encrypted data includes ID REQ Cert REQ Nonce REQID and Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier, such as Nonce, are included in REQInit sequentially. AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ and Sig REQ At that time, Sig REQ The signature data includes the Nonce AAC Nonce REQ Security capabilities REQKeyInfo REQ and EncPub AS_REQ Furthermore, when Nonce is not included in REQInit AAC When using fields, Sig REQ The signature data also includes the Nonce from AACInit. AAC Fields. In this application, the object to be signed is referred to as signature data.
[0253] S705. After receiving the REQInit, AAC performs the following operations (unless otherwise specified or logically related, the actions numbered (1), (2)... in this document do not necessarily have a sequential order due to their numbering. The same applies throughout the document), including:
[0254] (1) If a Nonce exists in REQInit AAC Then check the Nonce. AAC Is it related to the Nonce generated by AAC? AAC If they are the same, discard REQInit; if they are different, discard it.
[0255] (2) Based on KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; of course, this step can also be moved to be performed when AAC needs to use the message encryption key and / or message integrity verification key.
[0256] (3) Generate Nonce AACID and Nonce AACPub ;
[0257] (4) Calculate EncPub using the public key of the encryption certificate AS_AAC .
[0258] S706, AAC sends the first authentication request message AACVeri to AS-AAC.
[0259] The AAC Veri includes EncPub AS_REQ Nonce REQ EncPub AS_AAC and Nonce AAC EncPub AS_AAC The encrypted data includes ID AACCert AAC Nonce AACID and Nonce AACPub And EncPub AS_REQ and Nonce REQ They should be equal to the corresponding fields in REQInit.
[0260] After receiving the AACVeri, S707 and AS-AAC perform the following operations, including:
[0261] (1) Decrypt EncPub using the private key corresponding to the encryption certificate. AS_REQ and EncPub AS_AAC Get ID REQ Cert REQ Nonce REQID Nonce REQPub ID AAC Cert AAC Nonce AACID and Nonce AACPub ;
[0262] (2) Verify Cert respectively AAC and Cert REQ The legitimacy of Res AAC and Res REQ According to Cert AAC and Res AAC Information generated in Pub AAC According to Cert REQ and Res REQ Information generated in Pub REQ ; For ID REQ and Nonce REQID Generate ID by performing an XOR operation REQ ⊕Nonce REQID For Pub REQ and Nonce REQPub Perform an XOR operation to generate the second authentication result ciphertext Pub. REQ ⊕Nonce REQPub , for ID AAC and Nonce AACID Generate ID by performing an XOR operation AAC ⊕Nonce AACID For Pub AAC and Nonce AACPub Perform an XOR operation to generate the first authentication result ciphertext Pub. AAC ⊕Nonce AACPub ;
[0263] (3) Calculate and generate the first digital signature Sig AS_AAC1 Second digital signature Sig AS_AAC2 .
[0264] S708, AS-AAC sends the first authentication response message ASVeri to AAC.
[0265] The ASVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_AAC1 ID AAC ⊕Nonce AACID Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_AAC2 Among them, ID REQ Nonce REQID Nonce REQ Nonce AACPub ID AAC Nonce AACID Nonce AAC Nonce REQPub These should be equal to the corresponding fields in AACVeri. Sig AS_AAC1 The signature data includes ID REQ ⊕Nonce REQID Nonce REQ and Pub AAC ⊕Nonce AACPub ;Sig AS_AAC2 The signature data includes ID AAC ⊕Nonce AACID Nonce AAC and Pub REQ ⊕Nonce REQPub .
[0266] S709. After receiving the ASVeri, AAC performs the following operations, including:
[0267] (1) Using Nonce AACID With ID AAC ⊕Nonce AACID Perform an XOR operation to recover the ID AAC Check the ID AAC Is it consistent with AAC's own identity ID? AAC same;
[0268] (2) Check the Nonce AAC Is it related to the Nonce generated by AAC? AAC same;
[0269] (3) Verify Sig using AS-AAC public key AS_AAC2 ;
[0270] (4) If the above checks and verifications pass, then use the message encryption key to calculate EncData. AAC If any step of the above checks and verifications fails, the ASVeri should be discarded immediately.
[0271] (5) Calculate Sig AAC ;
[0272] (6) Calculate MacTag as needed AAC .
[0273] S710 and AAC send a third authentication response message AACAuth to REQ.
[0274] The AACAuth includes Nonce. REQ Nonce AAC EncData AAC Sig AAC and MacTag AAC Among them, Nonce REQ Nonce AAC and MacTag AAC It is an optional field, and Nonce REQ Nonce AAC They should be equal to the Nonce in REQInit respectively. REQ Nonce generated by AAC AAC EncData AAC The encrypted data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_AAC1 and Nonce AACPub Among them, ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_AAC1 These should be equal to the corresponding fields in ASVeri. Sig AAC The signature data includes the Sig in AACAuth. AACOther fields mentioned earlier; MacTag AAC The calculation process is as follows: using the message integrity verification key, an integrity verification algorithm is applied to all messages in AACAuth except for the MacTag. AAC MacTag is generated by calculating information including other fields. AAC .
[0275] S711. After receiving the AACAuth, REQ performs the following operations, including:
[0276] (1) If a Nonce exists in AACAuth REQ and / or Nonce AAC Then check the Nonce. REQ Nonce generated with REQ REQ Whether they are the same, and / or, check the Nonce. AAC Nonce in the received AACInit AAC Are they the same?
[0277] (2) If MacTag exists in AACAuth AAC Then verify MacTag AAC ;
[0278] The verification process is as follows: using the message integrity verification key, an integrity verification algorithm is employed to verify the integrity of all data in AACAuth except for the MacTag. AAC Information including other fields is calculated locally to generate the MacTag. AAC (This calculation method is the same as AAC's calculation of MacTag) AAC (In the same way), and calculate the MacTag AAC With the MacTag in the received AACAuth AAC Compare them.
[0279] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm. AAC Get ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_AAC1 and Nonce AACPub ;
[0280] (4) Using Nonce REQID For ID REQ ⊕Nonce REQID Perform an XOR operation to recover the ID REQ Check the ID REQIs it consistent with REQ's own identity ID? REQ same;
[0281] (5) Check the Nonce REQ Is it related to the Nonce generated by REQ? REQ same;
[0282] (6) Decrypt the obtained Nonce AACPub With Pub AAC ⊕Nonce AACPub Perform an XOR operation to restore Pub AAC ;
[0283] (7) Verify the Sig using the AS-AAC public key. AS_AAC1 Using Pub AAC Cert in AAC Verify the Sig AAC ;
[0284] (8) If any step of the above checks and verifications fails, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the current verification process.
[0285] (9) Calculate EncData using the message encryption key REQ ;
[0286] (10) Calculate MacTag REQ .
[0287] S712, REQ sends the fourth authentication response message REQAuth to AAC.
[0288] The REQAuth includes a Nonce. REQ Nonce AAC EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub MacTag REQ The calculation process is as follows: using the message integrity verification key, an integrity verification algorithm is applied to all messages in REQAuth except for the MacTag. REQMacTag is generated by calculating information including other fields. REQ .
[0289] S713. After receiving the REQAuth, AAC performs the following operations:
[0290] (1) If a Nonce exists in REQAuth REQ and / or Nonce AAC Then check the Nonce. REQ With the Nonce in the received REQInit REQ Whether they are the same, and / or, check the Nonce. AAC Nonce generated by AAC AAC Are they the same?
[0291] (2) Verify MacTag REQ ;
[0292] The verification process is as follows: using the message integrity verification key, an integrity verification algorithm is employed to verify the integrity of all data in REQAuth except for the MacTag. REQ Information including other fields is calculated locally to generate the MacTag. REQ (This calculation method is the same as REQ calculation of MacTag) REQ (In the same way), and calculate the MacTag REQ MacTag in the received REQAuth REQ Compare them.
[0293] (3) Decrypt EncData using the message encryption key and a symmetric encryption algorithm. REQ Get Nonce REQPub ;
[0294] (4) Nonce REQPub With Pub REQ ⊕Nonce REQPub Perform an XOR operation to restore Pub REQ ;
[0295] (5) According to Pub REQ Cert in REQ Verify Sig in REQInit REQ ;
[0296] (6) If any step of the above checks and verifications fails, the REQAuth will be discarded immediately; if all the above checks and verifications pass, the REQAuth will be discarded according to the Pub. REQ Res in REQ Determine the identity verification result of REQ.
[0297] It should be noted that the S704 REQInit may not include Sig. REQ In S712's REQAuth, add Sig REQ In S712, REQ first checks the REQAuth file containing the Nonce. REQ Nonce AAC and EncData REQ The signature data, including the Sig, is calculated to generate the Sig. REQ In this case, the Sig verified by AAC in S713 REQ For S712's REQAuth, Sig REQ .
[0298] See Figure 8 This is another embodiment of the identity authentication method in non-roaming scenarios, where AS-AAC (or AS-REQ) can be used to represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier to implement in engineering. Wherein, Sig... REQ and Sig AAC Verified by AS-AAC, the method includes:
[0299] S801, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0300] S802, AAC sends a key request message AACInit to REQ.
[0301] The AACInit includes Nonce AAC KeyInfo AAC and security capabilities AAC Among them, security capabilities AAC This is an optional field.
[0302] S803, REQ generates Nonce REQ KeyInfo REQ Nonce REQID and Nonce REQPub Generate security capabilities as needed REQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AACThe included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm. This step can also be performed only when REQ requires the message encryption key and / or message integrity verification key. The encrypted identity information EncPub of REQ is then calculated using the public key of the encryption certificate. AS_REQ ; Calculate Sig REQ .
[0303] S804, REQ sends the identity-encrypted message REQInit to AAC.
[0304] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ and Sig REQ Among them, security capabilities REQ Nonce is an optional field. AAC It should equal the corresponding field in AACInit. (EncPub) AS_REQ The encrypted data includes ID REQ Cert REQ Nonce REQID and Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier.
[0305] After receiving the REQInit, S805 and AAC perform the following operations, including:
[0306] (1) Check the Nonce in REQInit AAC Is it related to the Nonce generated by AAC? AAC If they are the same, discard REQInit; if they are different, discard it.
[0307] (2) Based on KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC NonceREQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm. Of course, this step can also be moved to be performed when AAC needs to use the message encryption key and / or message integrity verification key.
[0308] (3) Generate Nonce AACID and Nonce AACPub ;
[0309] (4) Calculate EncPub using the public key of the encryption certificate AS_AAC ;
[0310] (5) Calculate Sig AAC .
[0311] S806, AAC sends the first authentication request message AACVeri to AS-AAC.
[0312] The AACeri includes REQInit and EncPub. AS_AAC and Sig AAC Among them, EncPub AS_AAC The encrypted data includes ID AAC Cert AAC Nonce AACID and Nonce AACPub Sig AAC The signature data includes Sig in AACeri. AAC Other fields mentioned earlier.
[0313] After receiving the AACVeri, S807 and AS-AAC perform the following operations, including:
[0314] (1) Decrypt EncPub using the private key corresponding to the encryption certificate. AS_AAC and EncPub in REQInit AS_REQ Get ID AAC Cert AAC Nonce AACID Nonce AACPub ID REQ Cert REQ Nonce REQID and Nonce REQPub ;
[0315] (2) Using Cert REQ Verify Sig in REQInit REQ Using Cert AACVerify Sig AAC ;
[0316] (3) If all verifications pass, then verify Cert respectively. AAC and Cert REQ The legitimacy of Res AAC and Res REQ According to Res AAC Information generated in Pub AAC According to Res REQ Information generated in Pub REQ , for ID REQ and Nonce REQID Generate ID by performing an XOR operation REQ ⊕Nonce REQID For Pub REQ and Nonce REQPub Generate Pub by performing XOR operation REQ ⊕Nonce REQPub , for ID AAC and Nonce AACID Generate ID by performing an XOR operation AAC ⊕Nonce AACID For Pub AAC and Nonce AACPub Generate Pub by performing XOR operation AAC ⊕Nonce AACPub ;
[0317] (4) Calculate and generate the first digital signature Sig AS_AAC1 Second digital signature Sig AS_AAC2 .
[0318] S808 and AS-AAC send the first authentication response message ASVeri to AAC.
[0319] The ASVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_AAC1 ID AAC ⊕Nonce AACID Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_AAC2 Among them, ID REQ Nonce REQID Nonce REQ NonceAACPub ID AAC Nonce AACID Nonce AAC Nonce REQPub These should be equal to the corresponding fields in AACVeri. Sig AS_AAC1 The signature data includes ID REQ ⊕Nonce REQID Nonce REQ and Pub AAC ⊕Nonce AACPub ;Sig AS_AAC2 The signature data includes ID AAC ⊕Nonce AACID Nonce AAC and Pub REQ ⊕Nonce REQPub .
[0320] S809. After receiving the ASVeri, AAC performs the following operations, including:
[0321] (1) Using Nonce AACID With ID AAC ⊕Nonce AACID Perform an XOR operation to recover the ID AAC Check the ID AAC Is it consistent with AAC's own identity ID? AAC same;
[0322] (2) Check the Nonce AAC Is it related to the Nonce generated by AAC? AAC same;
[0323] (3) Verify Sig using AS-AAC public key AS_AAC2 ;
[0324] (4) If the above checks and verifications pass, then use the message encryption key to calculate EncData. AAC If any step of the above checks and verifications fails, ASVeri should be discarded immediately.
[0325] (5) Calculate MacTag AAC .
[0326] S810 and AAC send a third authentication response message AACAuth to REQ.
[0327] The AACAuth includes Nonce. REQ Nonce AAC EncData AAC and MacTagAAC Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC EncData AAC The encrypted data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_AAC1 and Nonce AACPub ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_AAC1 They should be equal to the corresponding fields in ASVeri. MacTag AAC The calculation process is as follows Figure 7 As described in the embodiments.
[0328] S811, after receiving the AACAuth, REQ performs the following operations, including:
[0329] (1) If a Nonce exists in AACAuth REQ and / or Nonce AAC Then check the Nonce. REQ Nonce generated with REQ REQ Whether they are the same, and / or, check the Nonce. AAC Nonce in the received AACInit AAC Are they the same?
[0330] (2) Verify MacTag AAC The verification process is as follows: Figure 7 As described in the embodiments;
[0331] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm. AAC Get ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_AAC1 and Nonce AACPub ;
[0332] (4) Using Nonce REQID For ID REQ ⊕Nonce REQID Perform an XOR operation to recover the ID REQ Check the ID REQ With REQ's own identity ID REQ Are they the same?
[0333] (5) Check the Nonce REQ Nonce generated with REQ REQ Are they the same?
[0334] (6) Verify Sig using AS-AAC public key AS_AAC1 ;
[0335] (7) If any step of the above checks and verifications fails, AACAuth will be discarded immediately; if all the above checks and verifications pass, the decrypted Nonce will be used. AACPub With Pub AAC ⊕Nonce AACPub Perform an XOR operation to restore Pub AAC And according to Pub AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the current verification process.
[0336] (8) Calculate EncData using the message encryption key REQ ;
[0337] (9) Calculate MacTag REQ .
[0338] S812, REQ sends the fourth authentication response message REQAuth to AAC.
[0339] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub MacTag REQ The calculation process is as follows Figure 7 As described in the embodiments.
[0340] S813. After receiving the REQAuth, AAC performs the following operations:
[0341] (1) If a Nonce exists in REQAuth REQ and / or Nonce AAC Then check the Nonce. REQ With the Nonce in the received REQInit REQ Whether they are the same, and / or, check the Nonce. AAC Nonce generated by AAC AAC Are they the same?
[0342] (2) Verify MacTag REQ The verification process is as follows: Figure 7 As described in the embodiments;
[0343] (3) After all the above checks and verifications are passed, the EncData is decrypted using a symmetric encryption algorithm with the message encryption key. REQ Get Nonce REQPub If any step of the above checks and verifications fails, the REQAuth will be discarded immediately.
[0344] (4) Nonce REQPub With Pub REQ ⊕Nonce REQPub Perform an XOR operation to restore Pub REQ ;
[0345] (5) According to Pub REQ Res in REQ Determine the identity verification result of REQ.
[0346] See Figure 9 This is an embodiment of an identity authentication method in roaming scenarios. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation. Specifically, Sig... REQ Verified by AAC, Sig AAC Verified by REQ, the method includes:
[0347] S901, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0348] S902, AAC sends a key request message AACInit to REQ.
[0349] The AACInit includes Nonce AAC KeyInfo AAC ID AS_AAC and security capabilities AAC Among them, security capabilities AAC Optional field; ID AS_AAC This is an optional field, representing the identity of at least one authentication server trusted by AAC, used to enable REQ to determine the identity of the authentication server based on the ID. AS_AAC Determine if a mutually trusted authentication server exists (same throughout).
[0350] S903, REQ generates Nonce REQ KeyInfo REQ Nonce REQID and Nonce REQPub Generate ID as needed AS_REQ and security capabilities REQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm. This step can also be performed only when REQ requires the message encryption key and / or message integrity verification key. The encrypted identity information EncPub of REQ is then calculated using the public key of the encryption certificate. AS_REQ ; Calculate Sig REQ .
[0351] Among them, ID AS_REQ and security capabilities REQ This is an optional field. ID AS_REQ The identity identifier of at least one authentication server representing REQ trust, when an ID exists in AACInit. AS_AAC At that time, REQ will try to select at least one authentication server from its trusted authentication servers that matches the ID. AS_AAC The same authentication server in the middle as ID AS_REQ If the choice fails, at least one authentication server trusted by the user will be used as the ID. AS_REQ When the ID does not exist in AACInit AS_AACAt that time, REQ uses at least one authentication server it trusts as its ID. AS_REQ (The same applies below.)
[0352] S904, REQ sends the encrypted identity message REQInit to AAC.
[0353] The REQInit includes Nonce AAC Nonce REQ ID AS_REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ and Sig REQ Among them, Nonce AAC ID AS_REQ and security capabilities REQ It is an optional field, and Nonce AAC It should equal the corresponding field in AACInit. (EncPub) AS_REQ The encrypted data includes ID REQ Cert REQ Nonce REQID and Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier, when Nonce is not included in REQInit. AAC When using fields, Sig REQ The signature data also includes the Nonce from AACInit. AAC Field.
[0354] S905. After receiving the REQInit, AAC performs the following operations, including:
[0355] (1) If a Nonce exists in REQInit AAC Then check the Nonce. AAC Is it related to the Nonce generated by AAC? AAC If they are the same, discard REQInit; if they are different, discard it.
[0356] (2) Based on KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQOther information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; of course, this step can also be moved to be performed when AAC needs to use the message encryption key and / or message integrity verification key.
[0357] (3) Generate Nonce AACID and Nonce AACPub ;
[0358] (4) Calculate EncPub using the public key of the encryption certificate AS_AAC ;
[0359] (5) If REQInit carries ID AS_REQ And AACInit carries an ID AS_AAC Then AAC determines ID AS_REQ and ID AS_AAC If at least one identical authentication server identity exists, it indicates a non-roaming scenario. AAC determines the first authentication server to participate in authentication from among the identity identifiers of at least one authentication server commonly trusted by both REQ and AAC. If no such server exists, it indicates a roaming scenario, and AAC needs to determine the first authentication server based on the ID. AS_AAC Determine the first authentication server AS-AAC involved in identity authentication and set the ID. AS_REQ Send to AS-AAC so that AS-AAC can use the ID AS_REQ Determine the second authentication server AS-REQ; or,
[0360] If REQInit carries an ID AS_REQ However, AACInit does not carry an ID. AS_AAC Then AAC determines ID AS_REQ If at least one authentication server with the same identity identifier exists as the authentication server trusted by AAC, then in a non-roaming scenario, AAC determines the first authentication server to participate in identity authentication from among the identity identifiers of at least one authentication server commonly trusted by both REQ and AAC. If none exists, then in a roaming scenario, AAC needs to determine the first authentication server AS-AAC to participate in identity authentication based on its own trusted authentication servers, and then record the ID. AS_REQ Send to AS-AAC so that AS-AAC can use the ID AS_REQ Determine the second authentication server AS-REQ;
[0361] It should be noted that the result determined in this embodiment is the roaming status.
[0362] S906, AAC sends the first authentication request message AACVeri to AS-AAC.
[0363] The AAC Veri includes EncPub AS_REQ Nonce REQ EncPub AS_AAC Nonce AAC and ID AS_REQ Among them, ID AS_REQ Optional field; EncPub AS_REQ Nonce REQ and ID AS_REQ These should be equal to the corresponding fields in REQInit. (EncPub) AS_AAC The encrypted data includes ID AAC Cert AAC Nonce AACID and Nonce AACPub .
[0364] After receiving the AACVeri, S907 and AS-AAC send the first decryption request message AS-AACReq to the certificate decryption server CS-DEC.
[0365] The AS-AACReq includes EncPub AS_AAC .
[0366] After receiving the AS-AACReq, S908 and CS-DEC decrypt EncPub. AS_AAC Get ID AAC Cert AAC Nonce AACID Nonce AACPub .
[0367] S909 and CS-DEC send the first decryption response message CS-DECRep to AS-AAC.
[0368] The CS-DECRep includes the decrypted ID. AAC Cert AAC Nonce AACID and Nonce AACPub .
[0369] After receiving the CS-DECRep, S910 and AS-AAC perform the following operations, including:
[0370] (1) Verify Cert AAC The legitimacy of Res AAC According to Cert AAC and ResAAC Information generated in Pub AAC ;
[0371] (2) Using Nonce AACPub and Pub AAC Generate Pub by performing XOR operation AAC ⊕Nonce AACPub ;
[0372] (3) Using Nonce AACID and ID AAC Generate ID by performing an XOR operation AAC ⊕Nonce AACID ;
[0373] (4) If ID exists in AACVeri AS_REQ Then AS-AAC is based on ID AS_REQ Determine the second authentication server AS-REQ. If it does not exist, it means that AS-AAC has already confirmed AS-REQ.
[0374] (5) Calculate the third digital signature Sig AS_AAC3 .
[0375] S911, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
[0376] The AS-AACVeri includes EncPub AS_REQ Nonce REQ Nonce AAC Pub AAC ⊕Nonce AACPub ID AAC ⊕Nonce AACID and Sig AS_AAC3 Among them, Sig AS_AAC3 The signature data includes Sig in AS-AACVeri. AS_AAC3 Other fields previously; Nonce REQ Nonce AAC EncPub AS_REQ They should be equal to the corresponding fields in AACVeri; Nonce AACPub ID AAC Nonce AACID These should be equal to the corresponding fields in the first decryption response message CS-DECRep.
[0377] S912 and AS-REQ, after receiving the AS-AACVeri, verify Sig using the AS-AAC public key. AS_AAC3 .
[0378] If the verification passes, then execute S913.
[0379] S913, AS-REQ sends a second decryption request message AS-REQReq to CS-DEC.
[0380] The AS-REQReq includes EncPub AS_REQ The EncPub AS_REQ It should be equal to the corresponding field in AS-AACVeri.
[0381] S914, CS-DEC decryption EncPub AS_REQ Get Cert REQ ID REQ Nonce REQID and Nonce REQPub .
[0382] S915 and CS-DEC send a second decryption response message CS-DECRep to AS-REQ.
[0383] The CS-DECRep includes the decrypted Cert. REQ ID REQ Nonce REQID and Nonce REQPub .
[0384] S916, after receiving the CS-DECRep, AS-REQ performs the following operations, including:
[0385] (1) Verify Cert REQ The legitimacy of Res REQ According to Cert REQ and Res REQ Information generated in Pub REQ ;
[0386] (2) For Pub REQ and Nonce REQPub Generate Pub by performing XOR operation REQ ⊕Nonce REQPub ;
[0387] (3) ID REQ and Nonce REQID Generate ID by performing an XOR operation REQ ⊕Nonce REQID ;
[0388] (4) Calculate the first digital signature Sig AS_REQ1 and the fourth digital signature Sig AS_REQ4 .
[0389] S917, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.
[0390] The AS-REQVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 ID AAC ⊕Nonce AACID Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_REQ4 Among them, ID REQ Nonce REQID Nonce REQPub The values should be equal to the corresponding fields in the second decryption response message CS-DECRep; Nonce REQ ID AAC ⊕Nonce AACID Nonce AAC Pub AAC ⊕Nonce AACPub These should be equal to the corresponding fields in AS-AACVeri. Sig AS_REQ1 The signature data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub ;Sig AS_REQ4 The signature data includes ID AAC ⊕Nonce AACID Nonce AAC Pub REQ ⊕Nonce REQPub .
[0391] S918. After receiving the AS-REQVeri, AS-AAC performs the following operations, including:
[0392] (1) Verify Sig using the public key of AS-REQ AS_REQ4 If the verification fails, the AS-REQVeri will be discarded.
[0393] (2) Calculate the second digital signature Sig AS_AAC2 .
[0394] S919, AS-AAC sends the first authentication response message ASVeri to AAC.
[0395] The ASVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 ID AAC ⊕Nonce AACID Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_AAC2 Among them, ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 ID AAC ⊕Nonce AACID Nonce AAC Pub REQ ⊕Nonce REQPub They should be equal to the corresponding fields in AS-REQVeri. AS_AAC2 The signature data includes ID AAC ⊕Nonce AACID Nonce AAC and Pub REQ ⊕Nonce REQPub .
[0396] After receiving the ASVeri, S920 and AAC perform the following operations, including:
[0397] (1) Using Nonce AACID With ID AAC ⊕Nonce AACID Perform an XOR operation to recover the ID AAC Check the ID AAC Is it consistent with AAC's own identity ID? AAC same;
[0398] (2) Check the Nonce AAC Is it related to the Nonce generated by AAC? AAC same;
[0399] (3) Verify Sig using AS-AAC public key AS_AAC2 ;
[0400] (4) If all the above checks and verifications pass, then use the message encryption key to calculate EncData. AAC If any step of the above checks and verifications fails, ASVeri should be discarded immediately.
[0401] (5) Calculate Sig AAC ;
[0402] (6) Calculate MacTag as needed AAC .
[0403] S921, AAC sends a third authentication response message AACAuth to REQ.
[0404] The AACAuth includes Nonce. REQ Nonce AAC EncData AAC Sig AAC and MacTag AAC Among them, Nonce REQ Nonce AAC and MacTag AAC It is an optional field, and Nonce REQ Nonce AAC They should be equal to the Nonce in REQInit respectively. REQ Nonce generated by AAC AAC EncData AAC The encrypted data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 and Nonce AACPub , where ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 These should be equal to the corresponding fields in ASVeri. Sig AAC The signature data includes the Sig in AACAuth. AAC Other fields mentioned earlier; MacTag AAC The calculation process is as follows Figure 7 As described in the embodiments.
[0405] S922. After receiving the AACAuth, REQ performs the following operations, including:
[0406] (1) If a Nonce exists in AACAuth REQ and / or Nonce AAC Then check the Nonce. REQ Nonce generated with REQ REQ Whether they are the same, and / or, check the Nonce. AAC Nonce in the received AACInit AAC Are they the same?
[0407] (2) If MacTag exists in AACAuth AAC Then verify MacTag AAC The verification process is as follows: Figure 7 As described in the embodiments;
[0408] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm. AAC Get ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 Nonce AACPub ;
[0409] (4) Using Nonce REQID For ID REQ ⊕Nonce REQID Perform an XOR operation to recover the ID REQ Check the ID REQ With REQ's own identity ID REQ Are they the same?
[0410] (5) Check the Nonce REQ Nonce generated with REQ REQ Are they the same?
[0411] (6) Decrypt the obtained Nonce AACPub With Pub AAC ⊕Nonce AACPub Perform an XOR operation to restore Pub AAC ;
[0412] (7) Verify the Sig using the public key of AS-REQ. AS_REQ1 Using Pub AAC Cert in AAC Verify the Sig AAC ;
[0413] (8) If any step of the above checks and verifications fails, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the current verification process.
[0414] (9) Calculate EncData using the message encryption key REQ ;
[0415] (10) Calculate MacTag REQ .
[0416] S923, REQ sends the fourth authentication response message REQAuth to AAC.
[0417] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub MacTag REQ The calculation process is as follows Figure 7 As described in the embodiments.
[0418] S924. After receiving the REQAuth, AAC performs the following operations:
[0419] (1) If a Nonce exists in REQAuth REQ and / or Nonce AAC Then check the Nonce. REQ With the Nonce in the received REQInit REQ Whether they are the same, and / or, check the Nonce. AAC Nonce generated by AAC AAC Are they the same?
[0420] (2) Verify MacTag REQ The verification process is as follows: Figure 7 As described in the embodiments;
[0421] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm. REQGet Nonce REQPub ;
[0422] (4) Nonce REQPub With Pub REQ ⊕Nonce REQPub Perform an XOR operation to restore Pub REQ ;
[0423] (5) Using Pub REQ Cert in REQ Verify Sig in REQInit REQ ;
[0424] (6) After all the above checks and verifications are passed, according to Pub REQ Res in REQ Determine the identity authentication result of REQ. If any step of the above checks and verifications fails, discard REQAuth immediately.
[0425] It should be noted that the S904 REQInit may also exclude Sig. REQ In S923's REQAuth, add Sig REQ In S923, REQ first checks the REQAuth file containing the Nonce. AAC Nonce REQ and EncData REQ The signature data, including the Sig, is calculated to generate the Sig. REQ In this case, the Sig verified by AAC in S924 REQ For S923's REQAuth, Sig REQ .
[0426] See Figure 10 This is another embodiment of the identity authentication method in roaming scenarios. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation. Wherein Sig... REQ Validated by AS-REQ, Sig AAC Verified by AS-AAC, the method includes:
[0427] S1001, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0428] S1002, AAC sends a key request message AACInit to REQ.
[0429] The AACInit includes Nonce AAC KeyInfo AAC ID AS_AAC and security capabilities AAC Among them, security capabilities AAC and ID AS_AAC This is an optional field.
[0430] S1003, REQ generates Nonce REQ KeyInfo REQ Nonce REQID and Nonce REQPub Generate ID as needed AS_REQ and security capabilities REQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm. This step can also be performed only when REQ requires the message encryption key and / or message integrity verification key. The encrypted identity information EncPub of REQ is then calculated using the public key of the encryption certificate. AS_REQ ; Calculate Sig REQ .
[0431] S1004, REQ sends the identity-encrypted message REQInit to AAC.
[0432] The REQInit includes Nonce AAC Nonce REQ ID AS_REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ and Sig REQ Among them, ID AS_REQ and security capabilities REQ Nonce is an optional field. AAC It should equal the corresponding field in AACInit; EncPub AS_REQ The encrypted data includes ID REQCert REQ Nonce REQID and Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier.
[0433] S1005. After receiving the REQInit, AAC performs the following operations, including:
[0434] (1) Check the Nonce in REQInit AAC Is it related to the Nonce generated by AAC? AAC If they are the same, discard REQInit; if they are different, discard it.
[0435] (2) Based on KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; of course, this step can also be moved to be performed when AAC needs to use the message encryption key and / or message integrity verification key.
[0436] (3) Generate Nonce AACID and Nonce AACPub ;
[0437] (4) Calculate EncPub using the public key of the encryption certificate AS_AAC ;
[0438] (5) The method for determining AS-AAC by AAC is the same as... Figure 9 As described in the embodiments;
[0439] (6) Calculate Sig AAC .
[0440] S1006, AAC sends the first authentication request message AACVeri to AS-AAC.
[0441] The AACeri includes REQInit and EncPub. AS_AAC and Sig AAC Among them, EncPub AS_AAC The encrypted data includes ID AAC Cert AAC NonceAACID and Nonce AACPub Sig AAC The signature data includes Sig in AACeri. AAC Other fields mentioned earlier.
[0442] S1007. After receiving the AACVeri, AS-AAC sends the first decryption request message AS-AACReq to CS-DEC.
[0443] The AS-AACReq includes EncPub AS_AAC The EncPub AS_AAC It should be equal to the corresponding field in AACVeri.
[0444] After receiving the AS-AACReq, S1008 and CS-DEC decrypt EncPub. AS_AAC Get ID AAC Cert AAC Nonce AACID Nonce AACPub .
[0445] S1009, CS-DEC sends the first decryption response message CS-DECRep to AS-AAC.
[0446] The CS-DECRep includes the decrypted ID. AAC Cert AAC Nonce AACID and Nonce AACPub .
[0447] After receiving the CS-DECRep, S1010 and AS-AAC perform the following operations, including:
[0448] (1) Using Cert AAC Verify the Sig AAC If the verification fails, CS-DECRep is discarded.
[0449] (2) Verify Cert AAC The legitimacy of Res AAC According to Res AAC Information generated in Pub AAC ;
[0450] (3) Using Nonce AACPub and Pub AAC Perform an XOR operation to get Pub AAC ⊕Nonce AACPub ;
[0451] (4) Using Nonce AACID and ID AAC Perform an XOR operation to obtain the ID AAC ⊕Nonce AACID ;
[0452] (5) The method for AS-AAC to determine the second authentication server AS-REQ is the same as... Figure 9 As described in the embodiments;
[0453] (6) Calculate the third digital signature Sig AS_AAC3 .
[0454] S1011, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
[0455] The AS-AACVeri includes REQInit and Pub. AAC ⊕Nonce AACPub ID AAC ⊕Nonce AACID and Sig AS_AAC3 Among them, Nonce AACPub ID AAC Nonce AACID These should be equal to the corresponding fields in the first decryption response message CS-DECRep. AS_AAC3 The signature data includes Sig in AS-AACVeri. AS_AAC3 Other fields mentioned earlier.
[0456] S1012. After receiving the AS-AACVeri, AS-REQ verifies Sig using the public key of AS-AAC. AS_AAC3 .
[0457] If the verification passes, proceed to step S1013.
[0458] S1013, AS-REQ sends a second decryption request message AS-REQReq to CS-DEC.
[0459] The AS-REQReq includes EncPub AS_REQ The EncPub AS_REQ It should be equal to the corresponding field in AS-AACVeri.
[0460] S1014, CS-DEC decryption of EncPub AS_REQ Get Cert REQ ID REQ Nonce REQID and Nonce REQPub .
[0461] S1015, CS-DEC sends a second decryption response message CS-DECRep to AS-REQ.
[0462] The CS-DECRep includes the decrypted Cert. REQ ID REQ Nonce REQID and Nonce REQPub .
[0463] S1016. After receiving the CS-DECRep, AS-REQ performs the following operations:
[0464] (1) Using Cert REQ Verify the Sig in the REQInit REQ If the verification fails, CS-DECRep is discarded.
[0465] (2) Verify Cert REQ The legitimacy of Res REQ According to Res REQ Information generated in Pub REQ ;
[0466] (3) Using Nonce REQPub and Pub REQ Perform an XOR operation to get Pub REQ ⊕Nonce REQPub ;
[0467] (4) Using Nonce REQID and ID REQ Perform an XOR operation to obtain the ID REQ ⊕Nonce REQID ;
[0468] (5) Calculate the first digital signature Sig AS_REQ1 and the fourth digital signature Sig AS_REQ4 .
[0469] S1017, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.
[0470] The AS-REQVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 ID AAC ⊕Nonce AACID NonceAAC Pub REQ ⊕Nonce REQPub and Sig AS_REQ4 Among them, ID REQ Nonce REQID Nonce REQPub The values should be equal to the corresponding fields in the second decryption response message CS-DECRep; Nonce REQ ID AAC ⊕Nonce AACID Nonce AAC Pub AAC ⊕Nonce AACPub These should be equal to the corresponding fields in AS-AACVeri. Sig AS_REQ1 The signature data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub ;Sig AS_REQ4 The signature data includes ID AAC ⊕Nonce AACID Nonce AAC Pub REQ ⊕Nonce REQPub .
[0471] S1018. After receiving the AS-REQVeri, AS-AAC performs the following operations, including:
[0472] (1) Verify Sig using the public key of AS-REQ AS_REQ4 If the verification fails, the AS-REQVeri will be discarded.
[0473] (2) Calculate the second digital signature Sig AS_AAC2 .
[0474] S1019, AS-AAC sends the first authentication response message ASVeri to AAC.
[0475] The ASVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 ID AAC ⊕Nonce AACID Nonce AAC Pub REQ ⊕Nonce REQPuband Sig AS_AAC2 Sig AS_AAC2 The signature data includes ID AAC ⊕Nonce AACID Nonce AAC and Pub REQ ⊕Nonce REQPub .
[0476] S1020. After receiving the ASVeri, AAC performs the following operations, including:
[0477] (1) Using Nonce AACID With ID AAC ⊕Nonce AACID Perform an XOR operation to recover the ID AAC Check the ID AAC Is it consistent with AAC's own identity ID? AAC same;
[0478] (2) Check the Nonce AAC Nonce generated by AAC AAC Are they the same?
[0479] (3) Verify Sig using AS-AAC public key AS_AAC2 ;
[0480] (4) If all the above checks and verifications pass, then use the message encryption key to calculate EncData. AAC If any step of the above checks and verifications fails, ASVeri should be discarded immediately.
[0481] (5) Calculate MacTag AAC .
[0482] S1021. AAC sends a third authentication response message AACAuth to REQ.
[0483] The AACAuth includes Nonce. REQ Nonce AAC EncData AAC and MacTag AAC Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC EncData AAC The encrypted data includes ID REQ ⊕Nonce REQID Nonce REQPub AAC ⊕Nonce AACPub Sig AS_REQ1 and Nonce AACPub , where ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 They should be equal to the corresponding fields in ASVeri. MacTag AAC The calculation process is as follows Figure 7 As described in the embodiments.
[0484] S1022. After receiving the AACAuth, REQ performs the following operations, including:
[0485] (1) If a Nonce exists in AACAuth REQ and / or Nonce AAC Then check the Nonce. REQ Nonce generated with REQ REQ Whether they are the same, and / or, check the Nonce. AAC Nonce in the received AACInit AAC Are they the same?
[0486] (2) Verify MacTag AAC The verification process is as follows: Figure 7 As described in the embodiments.
[0487] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm. AAC Get ID REQ ⊕Nonce REQID Nonce REQ Pub AAC ⊕Nonce AACPub Sig AS_REQ1 Nonce AACPub ;
[0488] (4) Using Nonce REQID For ID REQ ⊕Nonce REQID Perform an XOR operation to recover the ID REQ Check the ID REQ With REQ's own identity ID REQ Are they the same?
[0489] (5) Check the Nonce REQ Nonce generated with REQREQ Are they the same?
[0490] (6) Verify the Sig using the public key of AS-REQ. AS_REQ1 ;
[0491] (7) If any step of the above checks and verifications fails, AACAuth is immediately discarded; if all the above checks and verifications pass, the decrypted Nonce is then used. AACPub With Pub AAC ⊕Nonce AACPub Perform an XOR operation to restore Pub AAC According to Pub AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the current verification process.
[0492] (8) Calculate EncData using the message encryption key REQ ;
[0493] (9) Calculate MacTag REQ .
[0494] S1023, REQ sends the fourth authentication response message REQAuth to AAC.
[0495] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub MacTag REQ The calculation process is as follows Figure 7 As described in the embodiments.
[0496] S1024. After receiving the REQAuth, AAC performs the following operations:
[0497] (1) If a Nonce exists in REQAuth REQ and / or Nonce AAC Then check the Nonce. REQ With the Nonce in the received REQInit REQ Whether they are the same, and / or, check the Nonce.AAC Nonce generated by AAC AAC Are they the same?
[0498] (2) Verify MacTag REQ The verification process is as follows: Figure 7 As described in the embodiments;
[0499] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm. REQ Get Nonce REQPub ;
[0500] (4) Nonce REQPub With Pub REQ ⊕Nonce REQPub Perform an XOR operation to restore Pub REQ ;
[0501] (5) After all the above checks and verifications are passed, according to Pub REQ Res in REQ Determine the REQ's identity authentication result; if any step of the above checks and verifications fails, discard the REQAuth immediately.
[0502] In the above embodiments, each message may also carry a hash value. X_Y The hash value X_Y This is calculated by the sending entity X using a hash algorithm on the latest preceding message received from the peer entity Y. It is used by the peer entity Y to verify whether entity X has received the complete latest preceding message. Here, HASH... REQ_AAC This represents the hash value calculated by REQ for the latest preceding message sent by AAC. AAC_REQ HASH represents the hash value calculated by AAC for the latest preceding message sent by the received REQ. AAC_AS-AAC HASH represents the hash value calculated by AAC for the latest preceding message received from AS-AAC. AS-AAC_AAC HASH represents the hash value calculated by AS-AAC for the latest preceding message sent by AAC. AS-AAC_AS-REQ HASH represents the hash value calculated by AS-AAC for the latest preceding message sent by AS-REQ. AS-REQ_AS-AAC This represents the hash value calculated by AS-REQ for the latest preceding message received from AS-AAC. If the message currently sent by sender entity X is the first message exchanged between entity X and entity Y, meaning that entity X has not received any preceding messages from peer entity Y, then the hash value in this message... X_Y It may not exist or be meaningless.
[0503] Correspondingly, after the peer entity Y receives a message sent by entity X, if the message contains a hash... X_Y If entity Y has not sent a preceding message to entity X, then entity Y ignores the hash. X_Y When entity Y has previously sent a preceding message to entity X, entity Y uses a hash algorithm to calculate a hash value locally for the latest preceding message previously sent to entity X, and then hashes it with the hash value carried in the received message. X_Y If they match, proceed with the next steps; otherwise, discard or end the identification process.
[0504] In this invention, for entity X, the preceding message sent by peer entity Y to entity X refers to any message received by entity X from peer entity Y before entity X sends message M to peer entity Y; the latest preceding message sent by peer entity Y to entity X refers to the latest message received by entity X from peer entity Y before entity X sends message M to peer entity Y. If message M sent by entity X to its peer entity Y is the first message exchanged between entity X and entity Y, then there are no preceding messages sent by peer entity Y to entity X before entity X sends message M to its peer entity Y.
[0505] The above Figure 7 , Figure 8 , Figure 9 and Figure 10 The optional fields and optional operations in the corresponding embodiments are shown in the accompanying drawings. Figure 7 , Figure 8 , Figure 9 and Figure 10 The asterisk (*) indicates the content. In all the above embodiments, the order of the various contents included in the messages is not limited, and unless otherwise specified, the order in which the message receiver operates on the relevant messages and processes the contents included in the messages is not limited.
[0506] based on Figures 1 to 10 For the corresponding method implementation, please refer to... Figure 11 This application provides an authentication access controller (AAC) including:
[0507] The acquisition unit 1101 is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate.
[0508] The first sending unit 1102 is used to send a first authentication request message to a first authentication server trusted by the authentication access controller. The first authentication request message includes the encrypted identity information of the requesting device and the encrypted identity information of the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the digital certificate of the authentication access controller and the second protection random number, using the public key of the encryption certificate.
[0509] The first receiving unit 1103 is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature. Specifically, the first authentication result information ciphertext is generated by encrypting information including the first authentication result information using a second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is generated by the second authentication server calculating signature data including the first authentication result information ciphertext. The second authentication result information ciphertext is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is generated by the first authentication server calculating signature data including the second authentication result information ciphertext.
[0510] The first verification unit 1104 is used to verify the second digital signature using the public key of the first authentication server;
[0511] The second sending unit 1105 is used to send a third authentication response message to the requesting device after the second digital signature is verified. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first ciphertext of authentication result information, the first digital signature, and the second protection random number using a message encryption key.
[0512] The second receiving unit 1106 is used to receive a fourth authentication response message sent by the requesting device. The fourth authentication response message includes a first protected random number ciphertext, which is obtained by encrypting information including the first protected random number using the message encryption key.
[0513] Decryption unit 1107 is used to decrypt the first protected random number ciphertext using the message encryption key to obtain the first protected random number, and to decrypt the second authentication result information ciphertext using the first protected random number to obtain the second authentication result information;
[0514] The first determining unit 1108 is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
[0515] Optionally, the authentication access controller further includes:
[0516] The third sending unit is used to send a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; the identity ciphertext message obtained by the acquisition unit 1101 also includes the key exchange parameters of the requesting device.
[0517] The calculation unit is configured to perform key exchange calculations to generate a first key based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.
[0518] Optionally, the key request message sent by the third sending unit further includes a first random number generated by the authentication access controller; correspondingly, the identity ciphertext message acquired by the acquisition unit 1101 further includes a second random number generated by the requesting device.
[0519] The calculation unit is further configured to calculate the message encryption key based on information including the first key, the first random number, and the second random number.
[0520] Optionally, the identity encrypted message acquired by the acquisition unit 1101 further includes the first random number; then the authentication access controller further includes:
[0521] The second verification unit is used to verify the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller.
[0522] Optionally, the key request message sent by the third sending unit may also include security capability parameter information supported by the authentication access controller; then the identity ciphertext message obtained by the acquisition unit 1101 may also include a specific security policy, which is determined by the requesting device based on the security capability parameter information.
[0523] Optionally, the key request message sent by the third sending unit further includes the identity identifier of at least one authentication server trusted by the authentication access controller; the identity ciphertext message acquired by the acquisition unit 1101 further includes the identity identifier of at least one authentication server trusted by the requesting device; then the authentication access controller further includes:
[0524] The second determining unit is configured to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity encrypted message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
[0525] Optionally, the identity encrypted message acquired by the acquisition unit 1101 may further include the identity identifier of at least one authentication server trusted by the requesting device; then the authentication access controller may further include:
[0526] The third determining unit is used to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
[0527] Optionally, the encrypted data of the authentication access controller's identity information ciphertext further includes the authentication access controller's identity identifier and a fourth protection random number;
[0528] Correspondingly, the first authentication response message received by the first receiving unit 1103 also includes the ciphertext of the authentication access controller's identity, which is generated by encrypting information including the authentication access controller's identity using the fourth protection random number.
[0529] The authentication access controller further includes:
[0530] The third verification unit is used to verify the encrypted identity of the authentication access controller based on its own identity identifier and the fourth protection random number. After the verification is successful, the first determination unit 1108 then performs the relevant steps.
[0531] Optionally, if the identity encrypted message acquired by the acquisition unit 1101 also includes the digital signature of the requesting device, then before the first determination unit 1108 determines the identity authentication result of the requesting device, the first determination unit 1108 is also used to determine whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, then the identity authentication result of the requesting device is determined according to the second verification result.
[0532] Optionally, the first determining unit 1108 is specifically used for:
[0533] If the second authentication result information obtained by the decryption unit 1107 using the first protection random number to decrypt the second authentication result information ciphertext also includes the digital certificate of the requesting device, then the first determining unit 1108 uses the digital certificate of the requesting device to verify the digital signature of the requesting device, and determines whether the digital signature of the requesting device has passed verification based on the verification result; or...
[0534] The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information of the requesting device to verify the digital signature of the requesting device. If the authentication access controller receives the first authentication response message, it determines that the digital signature of the requesting device has been verified.
[0535] Optionally, the fourth authentication response message received by the second receiving unit 1106 further includes the digital signature of the requesting device, and the second authentication result information obtained by the decryption unit 1107 using the first protection random number to decrypt the encrypted second authentication result information further includes the digital certificate of the requesting device; then, before determining the identity authentication result of the requesting device, the first determining unit 1108 is further used to verify the digital signature of the requesting device using the digital certificate of the requesting device in the second authentication result information. If it is determined that the digital signature of the requesting device passes the verification, then the identity authentication result of the requesting device is determined according to the second verification result.
[0536] Optionally, the fourth authentication response message received by the second receiving unit 1106 further includes a second message integrity check code; the second message integrity check code is calculated by the requesting device using a message integrity check key to include fields in the fourth authentication response message other than the second message integrity check code; the authentication access controller further includes:
[0537] The fourth verification unit is used to verify the integrity check code of the second message; if the verification is successful, the first determination unit 1108 then performs the step of determining the identity authentication result of the requesting device.
[0538] Optionally, the message sent by the authentication access controller to the requesting device may further include a hash value calculated by the authentication access controller for the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server may further include a hash value calculated by the authentication access controller for the latest preamble message received from the first authentication server.
[0539] See Figure 12 This application embodiment also provides a request device REQ, including:
[0540] The first sending unit 1201 is used to send an identity ciphertext message to the authentication access controller. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and the first protection random number, using the public key of the encryption certificate.
[0541] The first receiving unit 1202 is configured to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including first ciphertext of authentication result information, a first digital signature, and a second protection random number using a message encryption key. The first ciphertext of authentication result information is generated by encrypting information including first authentication result information using the second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first ciphertext of authentication result information.
[0542] The first decryption unit 1203 is used to decrypt the ciphertext of the authentication result information using the message encryption key to obtain the first ciphertext of the authentication result information, the first digital signature, and the second protection random number.
[0543] The first verification unit 1204 is used to verify the first digital signature using the public key of the second authentication server. If the verification passes, the first decryption unit 1203 uses the second protection random number to decrypt the ciphertext of the first authentication result information to obtain the first authentication result information. The first determination unit 1205 determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the first determination unit 1205 determines that the identity authentication result of the authentication access controller is valid, the second sending unit 1206 sends a fourth authentication response message to the authentication access controller; or...
[0544] The first verification unit 1204 is used to verify the first digital signature using the public key of the second authentication server. If the verification passes, the second sending unit 1206 sends a fourth authentication response message to the authentication access controller, and the first decryption unit 1203 decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. The first determining unit 1205 determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; or...
[0545] The first verification unit 1204 is used to verify the first digital signature using the public key of the second authentication server; if the first digital signature is verified, the first decryption unit 1203 uses the second protection random number to decrypt the ciphertext of the first authentication result information to obtain the first authentication result information; the first determination unit 1205 determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; and the second sending unit 1206 sends a fourth authentication response message to the authentication access controller.
[0546] The fourth authentication response message includes a first protected random number ciphertext, which is obtained by encrypting information including the first protected random number using the message encryption key.
[0547] Optionally, the requesting device further includes:
[0548] The second receiving unit is configured to receive a key request message sent by the authentication access controller, wherein the key request message includes key exchange parameters of the authentication access controller;
[0549] The first calculation unit is used to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.
[0550] The encrypted identity message sent by the first sending unit 1201 also includes the key exchange parameters of the requesting device.
[0551] Optionally, the key request message received by the second receiving unit may also include a first random number generated by the authentication access controller;
[0552] The first calculation unit is further configured to calculate the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device;
[0553] The encrypted identity message sent by the first sending unit 1201 also includes the second random number.
[0554] Optionally, the encrypted identity message sent by the first sending unit 1201 may also include the first random number.
[0555] Optionally, the key request message received by the second receiving unit further includes security capability parameter information supported by the authentication access controller; the requesting device further includes:
[0556] The second determining unit is used to determine the specific security policy used by the requesting device based on the security capability parameter information.
[0557] The encrypted identity message sent by the first sending unit 1201 also includes the specific security policy.
[0558] Optionally, the key request message received by the second receiving unit further includes the identity identifier of at least one authentication server trusted by the authentication access controller; the requesting device further includes:
[0559] The third determining unit is used to determine the identity identifier of at least one authentication server trusted by the requesting device based on the identity identifier of at least one authentication server trusted by the authentication access controller.
[0560] The encrypted identity message sent by the first sending unit 1201 also includes the identity identifier of at least one authentication server trusted by the requesting device.
[0561] Optionally, the encrypted identity message sent by the first sending unit 1201 may also include the identity identifier of at least one authentication server trusted by the requesting device.
[0562] Optionally, the encrypted data of the encrypted identity information of the requesting device may further include the identity identifier of the requesting device and a third protection random number;
[0563] Correspondingly, the first authentication response message also includes the encrypted identity of the requesting device, which is generated by encrypting information including the identity of the requesting device using the third protection random number;
[0564] The encrypted data in the authentication result information ciphertext of the third authentication response message also includes the identity identifier ciphertext of the requesting device;
[0565] The first decryption unit 1203 decrypts the authentication result information ciphertext to obtain the identity identifier ciphertext of the requesting device; then the requesting device further includes:
[0566] The second verification unit is used to verify the encrypted identity of the requesting device based on its own identity identifier and the third protection random number; after the verification is successful, the first determining unit 1205 performs the step of determining the identity authentication result of the authentication access controller.
[0567] Optionally, before the first determining unit 1205 determines the identity authentication result of the authentication access controller, the first determining unit 1205 is further configured to determine whether the digital signature of the authentication access controller has been verified. If the digital signature of the authentication access controller has been verified, the identity authentication result of the authentication access controller is then determined based on the first verification result.
[0568] Optionally, the first determining unit 1205 is specifically used for:
[0569] When the authentication access controller sends a first authentication request message to its trusted first authentication server, which also includes the digital signature of the authentication access controller, the first authentication server verifies the digital signature of the authentication access controller using the digital certificate of the authentication access controller obtained by decrypting the encrypted identity information of the authentication access controller. If the first receiving unit 1202 receives the third authentication response message, it determines that the digital signature of the authentication access controller has been verified successfully; or...
[0570] When the third authentication response message received by the first receiving unit 1202 also includes the digital signature of the authentication access controller, the first decryption unit 1203 decrypts the encrypted first authentication result information and obtains the first authentication result information, which also includes the digital certificate of the authentication access controller. Then, the first determining unit 1205 uses the digital certificate of the authentication access controller to verify the digital signature of the authentication access controller and determines whether the digital signature of the authentication access controller has been verified based on the verification result.
[0571] Optionally, the third authentication response message received by the first receiving unit 1202 further includes a first message integrity check code; the first message integrity check code is generated by the authentication access controller using a message integrity check key to calculate and generate the other fields in the third authentication response message besides the first message integrity check code; then the requesting device further includes:
[0572] The third verification unit is used to verify the integrity check code of the first message; if the verification is successful, the first determining unit 1205 then performs the step of determining the identity authentication result of the authentication access controller.
[0573] Optionally, the message sent by the requesting device to the authentication access controller may also include a hash value calculated by the requesting device for the latest preceding message sent by the authentication access controller.
[0574] See Figure 13 This application embodiment also provides a first authentication server AS-AAC, which is an authentication server trusted by the authentication access controller, including:
[0575] The first receiving unit 1301 is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device and encrypted identity information of the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the digital certificate of the authentication access controller and a second protection random number, using the public key of the encryption certificate. The encrypted identity information of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate.
[0576] The first sending unit 1302 is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature. The first authentication result information ciphertext is generated by encrypting information including the first authentication result information using a second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by a second authentication server trusted by the requesting device on signature data including the first authentication result information ciphertext. The second authentication result information ciphertext is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.
[0577] Optionally, if the first authentication request message received by the first receiving unit 1301 further includes the digital signature of the authentication access controller, then the first authentication server further includes:
[0578] The first verification unit is used to verify the digital signature of the authentication access controller by using the digital certificate of the authentication access controller obtained by decrypting the ciphertext of the identity information of the authentication access controller.
[0579] Optionally, if the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, then the first authentication server further includes:
[0580] The first acquisition unit is used to acquire the digital certificate of the requesting device, the first protection random number, the digital certificate of the authentication access controller, and the second protection random number obtained by decrypting the ciphertext of the identity information of the requesting device and the ciphertext of the identity information of the authentication access controller using the private key corresponding to the encryption certificate;
[0581] The second verification unit is used to verify the legality of the digital certificate of the authentication access controller to obtain a first verification result, and to verify the legality of the digital certificate of the requesting device to obtain a second verification result.
[0582] The first generation unit is configured to generate first authentication result information based on information including the first verification result, generate second authentication result information based on information including the second verification result, encrypt the information including the first authentication result information using the second protection random number to generate ciphertext of the first authentication result information, encrypt the information including the second authentication result information using the first protection random number to generate ciphertext of the second authentication result information, calculate and generate a first digital signature from signature data including the ciphertext of the first authentication result information, calculate and generate a second digital signature from signature data including the ciphertext of the second authentication result information, and generate a first authentication response message based on information including the ciphertext of the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.
[0583] Optionally, if the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, then the first authentication server further includes:
[0584] The second acquisition unit is used to acquire the digital certificate of the authentication access controller and the second protection random number obtained by decrypting the ciphertext of the identity information of the authentication access controller using the private key corresponding to the encryption certificate;
[0585] The third verification unit is used to verify the legitimacy of the digital certificate of the authentication access controller to obtain a first verification result;
[0586] The second generation unit is used to generate first authentication result information based on information including the first verification result, encrypt the information including the first authentication result information using the second protection random number to generate first authentication result information ciphertext, and calculate and generate a third digital signature on the signature data including the first authentication result information ciphertext and the identity information ciphertext of the requesting device.
[0587] The second sending unit is configured to send a second authentication request message to the second authentication server. The second authentication request message includes the first authentication result information ciphertext, the identity information ciphertext of the requesting device, and the third digital signature.
[0588] The second receiving unit is configured to receive a second authentication response message sent by the second authentication server. The second authentication response message includes the first authentication result information ciphertext, the first digital signature, the second authentication result information ciphertext, and a fourth digital signature. The fourth digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the second authentication result information ciphertext.
[0589] The fourth verification unit is used to verify the fourth digital signature using the public key of the second authentication server;
[0590] The third generation unit is used to calculate and generate a second digital signature from the signature data, including the second authentication result information ciphertext, when the fourth digital signature verification is successful, and to generate a first authentication response message based on the information including the first authentication result information ciphertext, the first digital signature, the second authentication result information ciphertext, and the second digital signature.
[0591] Optionally, the message sent by the first authentication server to the authentication access controller may also include a hash value calculated by the first authentication server for the latest preceding message received from the authentication access controller; the message sent by the first authentication server to the second authentication server may also include a hash value calculated by the first authentication server for the latest preceding message received from the second authentication server.
[0592] See Figure 14 This application embodiment also provides a second authentication server AS-REQ, which is an authentication server requesting device trust. If the first authentication server trusted by the authentication access controller and the second authentication server requesting device trust are two different authentication servers, then the second authentication server includes:
[0593] The receiving unit 1401 is configured to receive a second authentication request message sent by a first authentication server. The second authentication request message includes encrypted first authentication result information, encrypted identity information of the requesting device, and a third digital signature. The third digital signature is a digital signature calculated and generated by the first authentication server from signature data including the encrypted first authentication result information and the encrypted identity information of the requesting device.
[0594] The first verification unit 1402 is used to verify the third digital signature using the public key of the first authentication server;
[0595] The acquisition unit 1403 is used to acquire the digital certificate of the requesting device and the first protection random number obtained by decrypting the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate when the third digital signature verification is passed.
[0596] The second verification unit 1404 is used to verify the legality of the digital certificate of the requesting device to obtain a second verification result;
[0597] The generation unit 1405 is used to generate second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the first protection random number to generate second authentication result information ciphertext, calculate and generate a first digital signature on the signature data including the first authentication result information ciphertext, and calculate and generate a fourth digital signature on the signature data including the second authentication result information ciphertext.
[0598] The sending unit 1406 is used to send a second authentication response message to the first authentication server. The second authentication response message includes the first authentication result information ciphertext, the first digital signature, the second authentication result information ciphertext, and the fourth digital signature.
[0599] Optionally, the message sent by the second authentication server to the first authentication server may also include a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server.
[0600] Those skilled in the art will understand that all or part of the steps of the above method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it performs the steps of the above method embodiments. The aforementioned storage medium can be at least one of the following media: read-only memory (ROM), RAM, magnetic disk, or optical disk, etc., and other media capable of storing program code.
[0601] It should be noted that the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, for the device and system embodiments, since they are consistent with and correspond to the method embodiments, the description is relatively simple, and relevant parts can be referred to the description of the method embodiments. The device and system embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of the solution in this embodiment according to actual needs. Those skilled in the art can understand and implement this without creative effort.
[0602] The above description is merely one specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A method for identity verification, characterized in that, The method includes: The authentication access controller obtains the identity encrypted message sent by the requesting device. The identity encrypted message includes the identity information encrypted by the requesting device. The identity information encrypted by the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate. The authentication access controller sends a first authentication request message to a first authentication server it trusts. The first authentication request message includes the encrypted identity information of the requesting device and the encrypted identity information of the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the digital certificate of the authentication access controller and a second protection random number, using the public key of the encryption certificate. The authentication access controller receives a first authentication response message sent by the first authentication server. The first authentication response message includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature. The first authentication result information ciphertext is generated by encrypting information including the first authentication result information using a second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first authentication result information ciphertext. The second authentication result information ciphertext is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext. The authentication access controller uses the public key of the first authentication server to verify the second digital signature; when the second digital signature is verified, the authentication access controller sends a third authentication response message to the requesting device. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first ciphertext of authentication result information, the first digital signature, and the second protection random number using a message encryption key. The requesting device uses the message encryption key to decrypt the ciphertext of the authentication result information to obtain the first ciphertext of the authentication result information, the first digital signature, and the second protection random number; The requesting device verifies the first digital signature using the public key of the second authentication server. If the verification passes, the requesting device decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. Based on the first verification result in the first authentication result information, the device determines the authentication result of the authentication access controller. When the requesting device determines that the authentication result of the authentication access controller is valid, it sends a fourth authentication response message to the authentication access controller; or... The requesting device verifies the first digital signature using the public key of the second authentication server. If the verification passes, the requesting device sends a fourth authentication response message to the authentication access controller and decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. Based on the first verification result in the first authentication result information, the authentication access controller's identity authentication result is determined; or... The requesting device verifies the first digital signature using the public key of the second authentication server; if the first digital signature is verified, the requesting device decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information, and determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the requesting device sends a fourth authentication response message to the authentication access controller. The fourth authentication response message includes a first protected random number ciphertext, which is obtained by encrypting information including the first protected random number using the message encryption key. After receiving the fourth authentication response message, the authentication access controller uses the message encryption key to decrypt the first protection random number ciphertext to obtain the first protection random number, uses the first protection random number to decrypt the second authentication result information ciphertext to obtain the second authentication result information, and determines the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
2. The method according to claim 1, characterized in that, Before the authentication access controller obtains the encrypted identity message sent by the requesting device, the method further includes: The authentication access controller sends a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; The requesting device generates a first key by performing a key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and calculates the message encryption key using a key derivation algorithm based on information including the first key. Correspondingly, the identity encrypted message also includes the key exchange parameters of the requesting device; The authentication access controller generates the first key by performing key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and calculates the message encryption key using the key derivation algorithm based on information including the first key.
3. The method according to claim 2, characterized in that, The key request message also includes a first random number generated by the authentication access controller; The requesting device further includes calculating the message encryption key as follows: The requesting device calculates the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device. Correspondingly, the encrypted identity message also includes the second random number; The authentication access controller further includes the following steps in calculating the message encryption key: The authentication access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.
4. The method according to claim 3, characterized in that, The encrypted identity message also includes the first random number; Before the authentication access controller calculates the message encryption key, the method further includes: The authentication access controller verifies the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller. If the verification passes, the authentication access controller then calculates the message encryption key.
5. The method according to claim 2, characterized in that, The key request message also includes security capability parameter information supported by the authentication access controller, and the method further includes: The requesting device determines the specific security policy to be used by the requesting device based on the security capability parameter information; The encrypted identity message also includes the specific security policy.
6. The method according to claim 2, characterized in that, The key request message also includes the identity identifier of at least one authentication server trusted by the authentication access controller; the method further includes: The requesting device determines the identity of at least one authentication server trusted by the authentication access controller based on the identity of at least one authentication server trusted by the requesting device. The encrypted identity message further includes the identity identifier of at least one authentication server that the requesting device trusts; the method further includes: The authentication access controller determines the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity ciphertext message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
7. The method according to claim 1, characterized in that, The encrypted identity message also includes the identity identifier of at least one authentication server that the requesting device trusts; the method further includes: The authentication access controller determines the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
8. The method according to claim 1, characterized in that, The encrypted data of the requesting device's identity information ciphertext also includes the requesting device's identity identifier and a third-protection random number; The encrypted data of the authentication access controller's identity information ciphertext also includes the authentication access controller's identity identifier and a fourth protection random number; Correspondingly, the first authentication response message also includes the encrypted identity of the requesting device and the encrypted identity of the authentication access controller; the encrypted identity of the requesting device is generated by encrypting information including the identity of the requesting device using the third protection random number; the encrypted identity of the authentication access controller is generated by encrypting information including the identity of the authentication access controller using the fourth protection random number. The encrypted data in the authentication result information ciphertext of the third authentication response message also includes the identity identifier ciphertext of the requesting device; Before the requesting device determines the authentication result of the authentication access controller, the method further includes: The requesting device uses the message encryption key to decrypt the ciphertext of the authentication result information to obtain the ciphertext of the requesting device's identity. The ciphertext of the requesting device's identity is verified based on the requesting device's own identity and the third protection random number. After the verification is successful, the identity authentication result of the authentication access controller is determined. Before the authentication access controller determines the authentication result of the requesting device, the method further includes: The authentication access controller verifies the encrypted identity of the authentication access controller based on its own identity identifier and the fourth protection random number. After successful verification, the authentication result of the requesting device is determined.
9. The method according to claim 2, characterized in that, The method further includes: The third authentication response message also includes a first message integrity check code, which is generated by the authentication access controller using a message integrity check key to calculate and generate other fields in the third authentication response message besides the first message integrity check code. The message integrity check key of the authentication access controller is generated in the same way as the message encryption key of the authentication access controller. The requesting device verifies the first message integrity check code. If the verification is successful, the requesting device then performs the step of determining the identity authentication result of the authentication access controller. And / or, The fourth authentication response message also includes a second message integrity check code, which is generated by the requesting device using a message integrity check key to calculate other fields in the fourth authentication response message besides the second message integrity check code; the message integrity check key of the requesting device is generated in the same way as the message encryption key of the requesting device. The authentication access controller verifies the second message integrity check code. If the verification passes, the authentication access controller then performs the step of determining the identity authentication result of the requesting device.
10. The method according to claim 1, characterized in that, If the encrypted identity message also includes the digital signature of the requesting device, then before the authentication access controller determines the identity authentication result of the requesting device, the method further includes: The authentication access controller determines whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, the authentication access controller then determines the identity authentication result of the requesting device based on the second verification result.
11. The method according to claim 10, characterized in that, The authentication access controller determines whether the digital signature of the requesting device has been verified, specifically including: If the authentication access controller decrypts the ciphertext of the second authentication result information using the first protection random number, and the second authentication result information obtained also includes the digital certificate of the requesting device, then the authentication access controller verifies the digital signature of the requesting device using the digital certificate of the requesting device, and determines whether the digital signature of the requesting device has passed verification based on the verification result; or... The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information of the requesting device to verify the digital signature of the requesting device. If the authentication access controller receives the first authentication response message, it determines that the digital signature of the requesting device has been verified.
12. The method according to claim 1, characterized in that, The fourth authentication response message also includes the digital signature of the requesting device, and the second authentication result information obtained by the authentication access controller by decrypting the second authentication result information ciphertext using the first protection random number also includes the digital certificate of the requesting device. Before the authentication access controller determines the authentication result of the requesting device, the method further includes: The authentication access controller uses the digital certificate of the requesting device in the second authentication result information to verify the digital signature of the requesting device. If it is determined that the digital signature of the requesting device passes the verification, the authentication access controller then determines the identity authentication result of the requesting device based on the second verification result.
13. The method according to claim 1, characterized in that, Before the requesting device determines the authentication result of the authentication access controller, the method further includes: The requesting device determines whether the digital signature of the authentication access controller has been verified. If the digital signature of the authentication access controller has been verified, the requesting device then determines the identity authentication result of the authentication access controller based on the first verification result.
14. The method according to claim 13, characterized in that, The requesting device determines whether the digital signature of the authentication access controller has been verified, specifically including: When the first authentication request message also includes the digital signature of the authentication access controller, the first authentication server uses the digital certificate of the authentication access controller obtained by decrypting the encrypted identity information of the authentication access controller to verify the digital signature of the authentication access controller. If the requesting device receives the third authentication response message, the requesting device determines that the digital signature of the authentication access controller has been verified successfully; or... When the third authentication response message also includes the digital signature of the authentication access controller, the first authentication result information obtained by the requesting device after decrypting the encrypted first authentication result information also includes the digital certificate of the authentication access controller. Then, the requesting device uses the digital certificate of the authentication access controller in the first authentication result information to verify the digital signature of the authentication access controller, and determines whether the digital signature of the authentication access controller has been verified based on the verification result.
15. The method according to any one of claims 1 to 14, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, then before the first authentication server sends the first authentication response message, the method further includes: The first authentication server obtains the digital certificate of the requesting device, the first protection random number, the digital certificate of the authentication access controller, and the second protection random number obtained by decrypting the ciphertext of the identity information of the requesting device and the ciphertext of the identity information of the authentication access controller using the private key corresponding to the encryption certificate; The first authentication server verifies the legality of the digital certificate of the authentication access controller to obtain a first verification result, verifies the legality of the digital certificate of the requesting device to obtain a second verification result, generates first authentication result information based on information including the first verification result, encrypts the information including the first authentication result information using the second protection random number to generate ciphertext of the first authentication result information, generates second authentication result information based on information including the second verification result, encrypts the information including the second authentication result information using the first protection random number to generate ciphertext of the second authentication result information, calculates and generates a first digital signature on the signature data including the ciphertext of the first authentication result information, calculates and generates a second digital signature on the signature data including the ciphertext of the second authentication result information, and generates a first authentication response message based on information including the ciphertext of the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.
16. The method according to any one of claims 1 to 14, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, then before the first authentication server sends the first authentication response message, the method further includes: The first authentication server obtains the digital certificate of the authentication access controller obtained by decrypting the ciphertext of the identity information of the authentication access controller using the private key corresponding to the encryption certificate and the second protection random number. It performs a legality verification on the digital certificate of the authentication access controller to obtain a first verification result. It generates first authentication result information based on the information including the first verification result. It encrypts the information including the first authentication result information using the second protection random number to generate ciphertext of the first authentication result information. It calculates and generates a third digital signature on the signature data including the ciphertext of the first authentication result information and the ciphertext of the identity information of the requesting device. The first authentication server sends a second authentication request message to the second authentication server. The second authentication request message includes the first authentication result information ciphertext, the identity information ciphertext of the requesting device, and the third digital signature. The second authentication server uses the public key of the first authentication server to verify the third digital signature. After successful verification, the second authentication server verifies the legality of the digital certificate of the requesting device obtained by decrypting the identity information ciphertext of the requesting device using the private key corresponding to the encryption certificate to obtain a second verification result. Based on the information including the second verification result, a second authentication result information is generated. Then, the first protection random number obtained by decrypting the identity information ciphertext of the requesting device is used to encrypt the information including the second authentication result information to generate the second authentication result information ciphertext. A first digital signature is calculated on the signature data including the first authentication result information ciphertext, and a fourth digital signature is calculated on the signature data including the second authentication result information ciphertext. The first authentication server receives a second authentication response message sent by the second authentication server. The second authentication response message includes the first authentication result information ciphertext, the first digital signature, the second authentication result information ciphertext, and the fourth digital signature. The first authentication server uses the public key of the second authentication server to verify the fourth digital signature. If the verification is successful, the first authentication server calculates and generates a second digital signature from the signature data, including the ciphertext of the second authentication result information, and generates a first authentication response message based on the information including the ciphertext of the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.
17. The method according to any one of claims 1 to 14, characterized in that, The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device for the latest preceding message received from the authentication access controller; When the authentication access controller receives a message from the requesting device, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the authentication access controller to the requesting device also includes a hash value calculated by the authentication access controller for the latest preceding message sent by the requesting device. When the requesting device receives a message from the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the authentication access controller to the first authentication server also includes a hash value calculated by the authentication access controller for the latest preceding message received from the first authentication server; When the first authentication server receives a message from the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the first authentication server to the authentication access controller also includes a hash value calculated by the first authentication server for the latest preceding message sent by the authentication access controller. When the authentication access controller receives a message from the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the first authentication server to the second authentication server also includes a hash value calculated by the first authentication server for the latest preceding message received from the second authentication server; When the second authentication server receives a message from the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the second authentication server to the first authentication server also includes a hash value calculated by the second authentication server for the latest preceding message sent by the first authentication server. When the first authentication server receives a message from the second authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful.
18. An authentication access controller, characterized in that, The authentication access controller includes: The acquisition unit is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate. The first sending unit is configured to send a first authentication request message to a first authentication server trusted by the authentication access controller. The first authentication request message includes the encrypted identity information of the requesting device and the encrypted identity information of the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the digital certificate of the authentication access controller and a second protection random number, using the public key of the encryption certificate. A first receiving unit is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature. The first authentication result information ciphertext is generated by encrypting information including the first authentication result information using a second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is generated by the second authentication server trusted by the requesting device calculating signature data including the first authentication result information ciphertext. The second authentication result information ciphertext is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is generated by the first authentication server calculating signature data including the second authentication result information ciphertext. The first verification unit is used to verify the second digital signature using the public key of the first authentication server; The second sending unit is configured to send a third authentication response message to the requesting device after the second digital signature is verified. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first ciphertext of authentication result information, the first digital signature, and the second protection random number using a message encryption key. The second receiving unit is configured to receive a fourth authentication response message sent by the requesting device. The fourth authentication response message includes a first protected random number ciphertext, which is obtained by encrypting information including the first protected random number using the message encryption key. The decryption unit is used to decrypt the first protected random number ciphertext using the message encryption key to obtain the first protected random number, and to decrypt the second authentication result information ciphertext using the first protected random number to obtain the second authentication result information. The first determining unit is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
19. The authentication access controller according to claim 18, characterized in that, The authentication access controller further includes: The third sending unit is used to send a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; the identity ciphertext message obtained by the acquisition unit also includes the key exchange parameters of the requesting device. The calculation unit is configured to perform key exchange calculations to generate a first key based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.
20. The authentication access controller according to claim 19, characterized in that, The key request message sent by the third sending unit also includes a first random number generated by the authentication access controller; correspondingly, the identity ciphertext message acquired by the acquisition unit also includes a second random number generated by the requesting device. The calculation unit is further configured to calculate the message encryption key based on information including the first key, the first random number, and the second random number.
21. The authentication access controller according to claim 20, characterized in that, The identity encrypted message acquired by the acquisition unit also includes the first random number; therefore, the authentication access controller further includes: The second verification unit is used to verify the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller.
22. The authentication access controller according to claim 19, characterized in that, The key request message sent by the third sending unit also includes security capability parameter information supported by the authentication access controller; then the identity ciphertext message obtained by the obtaining unit also includes a specific security policy, which is determined by the requesting device based on the security capability parameter information.
23. The authentication access controller according to claim 19, characterized in that, The key request message sent by the third sending unit also includes the identity identifier of at least one authentication server trusted by the authentication access controller; the identity ciphertext message obtained by the obtaining unit also includes the identity identifier of at least one authentication server trusted by the requesting device. The authentication access controller further includes: The second determining unit is configured to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity encrypted message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
24. The authentication access controller according to claim 18, characterized in that, The encrypted identity message acquired by the acquisition unit also includes the identity identifier of at least one authentication server that the requesting device trusts; therefore, the authentication access controller further includes: The third determining unit is used to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
25. The authentication access controller according to claim 18, characterized in that, The encrypted data of the authentication access controller's identity information ciphertext also includes the authentication access controller's identity identifier and a fourth protection random number; Correspondingly, the first authentication response message received by the first receiving unit also includes the ciphertext of the authentication access controller's identity, which is generated by encrypting information including the authentication access controller's identity using the fourth protection random number. The authentication access controller further includes: The third verification unit is used to verify the encrypted identity of the authentication access controller based on its own identity identifier and the fourth protection random number. After the verification is successful, the first determination unit then performs the relevant steps.
26. The authentication access controller according to claim 18, characterized in that, The identity encrypted message acquired by the acquisition unit also includes the digital signature of the requesting device. Before the first determining unit determines the identity authentication result of the requesting device, the first determining unit is also used to determine whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, the identity authentication result of the requesting device is then determined according to the second verification result.
27. The authentication access controller according to claim 26, characterized in that, The first determining unit is specifically used for: If the second authentication result information obtained by the decryption unit using the first protection random number to decrypt the ciphertext of the second authentication result information also includes the digital certificate of the requesting device, then the first determining unit uses the digital certificate of the requesting device to verify the digital signature of the requesting device, and determines whether the digital signature of the requesting device has passed verification based on the verification result; or... The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information of the requesting device to verify the digital signature of the requesting device. If the authentication access controller receives the first authentication response message, it determines that the digital signature of the requesting device has been verified.
28. The authentication access controller according to claim 18, characterized in that, The fourth authentication response message received by the second receiving unit also includes the digital signature of the requesting device, and the second authentication result information obtained by the decryption unit by decrypting the second authentication result information ciphertext using the first protection random number also includes the digital certificate of the requesting device. Before determining the identity authentication result of the requesting device, the first determining unit is further configured to verify the digital signature of the requesting device using the digital certificate of the requesting device in the second authentication result information. If the digital signature of the requesting device is verified as passed, the identity authentication result of the requesting device is then determined based on the second verification result.
29. The authentication access controller according to claim 19, characterized in that, The fourth authentication response message received by the second receiving unit also includes a second message integrity check code; the authentication access controller further includes: The fourth verification unit is used to verify the integrity check code of the second message; if the verification is successful, the first determining unit then performs the step of determining the identity authentication result of the requesting device.
30. The authentication access controller according to any one of claims 18 to 29, characterized in that, The message sent by the authentication access controller to the requesting device also includes a hash value calculated by the authentication access controller for the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server also includes a hash value calculated by the authentication access controller for the latest preamble message received from the first authentication server.
31. A requesting device, characterized in that, The requesting device includes: The first sending unit is used to send an identity ciphertext message to the authentication access controller. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate. The first receiving unit is configured to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including a first ciphertext of authentication result information, a first digital signature, and a second protection random number using a message encryption key. The first ciphertext of authentication result information is generated by encrypting information including the first authentication result information using the second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by a second authentication server trusted by the requesting device on signature data including the first ciphertext of authentication result information. The first decryption unit is used to decrypt the ciphertext of the authentication result information using the message encryption key to obtain the first ciphertext of the authentication result information, the first digital signature, and the second protection random number. The first verification unit is used to verify the first digital signature using the public key of the second authentication server. If the verification passes, the first decryption unit uses the second protection random number to decrypt the ciphertext of the first authentication result information to obtain the first authentication result information. The first determining unit determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the first determining unit determines that the identity authentication result of the authentication access controller is valid, the second sending unit sends a fourth authentication response message to the authentication access controller; or... The second sending unit verifies the first digital signature using the public key of the second authentication server. If the verification passes, the second sending unit sends a fourth authentication response message to the authentication access controller, and the first decryption unit decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. The first determining unit determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; or... The first digital signature is verified using the public key of the second authentication server. If the first digital signature is verified, the first decryption unit decrypts the ciphertext of the first authentication result information using the second protection random number to obtain the first authentication result information. The first determining unit determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information. The second sending unit sends a fourth authentication response message to the authentication access controller. The fourth authentication response message includes a first protected random number ciphertext, which is obtained by encrypting information including the first protected random number using the message encryption key.
32. The requesting device according to claim 31, characterized in that, The requesting device also includes: The second receiving unit is configured to receive a key request message sent by the authentication access controller, wherein the key request message includes key exchange parameters of the authentication access controller; The first calculation unit is used to generate a first key by performing key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and to calculate the message encryption key using a key derivation algorithm based on information including the first key. The encrypted identity message sent by the first sending unit also includes the key exchange parameters of the requesting device.
33. The requesting device according to claim 32, characterized in that, The key request message received by the second receiving unit also includes a first random number generated by the authentication access controller; The first calculation unit is further configured to calculate the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device; The encrypted identity message sent by the first sending unit also includes the second random number.
34. The requesting device according to claim 32, characterized in that, The key request message received by the second receiving unit also includes security capability parameter information supported by the authentication access controller; The requesting device also includes: The second determining unit is used to determine the specific security policy used by the requesting device based on the security capability parameter information. The encrypted identity message sent by the first sending unit also includes the specific security policy.
35. The requesting device according to claim 32, characterized in that, The key request message received by the second receiving unit also includes the identity identifier of at least one authentication server trusted by the authentication access controller; The requesting device also includes: The third determining unit is used to determine the identity identifier of at least one authentication server trusted by the requesting device based on the identity identifier of at least one authentication server trusted by the authentication access controller. The encrypted identity message sent by the first sending unit also includes the identity identifier of at least one authentication server trusted by the requesting device.
36. The requesting device according to claim 31, characterized in that, The encrypted identity message sent by the first sending unit also includes the identity identifier of at least one authentication server trusted by the requesting device.
37. The requesting device according to claim 31, characterized in that, The encrypted data of the requesting device's identity information ciphertext also includes the requesting device's identity identifier and a third-protection random number; Correspondingly, the encrypted data of the authentication result information ciphertext in the third authentication response message also includes the identity ciphertext of the requesting device, which is generated by encrypting information including the identity ciphertext of the requesting device using the third protection random number; The first decryption unit decrypts the ciphertext of the authentication result information to obtain the ciphertext of the identity of the requesting device; The requesting device further includes: The second verification unit is used to verify the encrypted identity of the requesting device based on the device's own identity identifier and the third protection random number. After successful verification, the first determining unit performs the step of determining the identity authentication result of the authentication access controller.
38. The requesting device according to claim 31, characterized in that, Before the first determining unit determines the identity authentication result of the authentication access controller, the first determining unit is further configured to determine whether the digital signature of the authentication access controller has been verified. If the digital signature of the authentication access controller has been verified, the identity authentication result of the authentication access controller is then determined based on the first verification result.
39. The requesting device according to claim 38, characterized in that, The first determining unit is specifically used for: When the authentication access controller sends a first authentication request message to its trusted first authentication server, which also includes the digital signature of the authentication access controller, the first authentication server verifies the digital signature of the authentication access controller using the digital certificate of the authentication access controller obtained by decrypting the ciphertext of the authentication access controller's identity information. If the first receiving unit receives the third authentication response message, it determines that the digital signature of the authentication access controller has been verified successfully; or... When the third authentication response message received by the first receiving unit also includes the digital signature of the authentication access controller, the first authentication result information obtained by the first decryption unit after decrypting the encrypted first authentication result information also includes the digital certificate of the authentication access controller. Then, the first determining unit uses the digital certificate of the authentication access controller to verify the digital signature of the authentication access controller, and determines whether the digital signature of the authentication access controller has been verified based on the verification result.
40. The requesting device according to claim 31, characterized in that, The third authentication response message received by the first receiving unit further includes a first message integrity check code; therefore, the requesting device further includes: The third verification unit is used to verify the integrity check code of the first message; if the verification is successful, the first determining unit then performs the step of determining the identity authentication result of the authentication access controller.
41. The requesting device according to any one of claims 31 to 40, characterized in that, The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device for the latest preceding message received from the authentication access controller.
42. A first authentication server, characterized in that, The first authentication server is an authentication server trusted by the authentication access controller, including: The first receiving unit is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device and encrypted identity information of the authentication access controller. The encrypted identity information of the authentication access controller is generated by encrypting encrypted data, including the digital certificate of the authentication access controller and a second protection random number, using the public key of the encryption certificate. The encrypted identity information of the requesting device is generated by encrypting encrypted data, including the digital certificate of the requesting device and a first protection random number, using the public key of the encryption certificate. A first sending unit is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes a first authentication result information ciphertext, a first digital signature, a second authentication result information ciphertext, and a second digital signature. The first authentication result information ciphertext is generated by encrypting information including the first authentication result information using a second protection random number. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by a second authentication server trusted by the requesting device on signature data including the first authentication result information ciphertext. The second authentication result information ciphertext is generated by encrypting information including the second authentication result information using the first protection random number. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.
43. The first authentication server according to claim 42, characterized in that, If the first authentication request message received by the first receiving unit also includes the digital signature of the authentication access controller, then the first authentication server further includes: The first verification unit is used to verify the digital signature of the authentication access controller by using the digital certificate of the authentication access controller obtained by decrypting the ciphertext of the identity information of the authentication access controller.
44. The first authentication server according to claim 42, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, then the first authentication server further includes: The first acquisition unit is used to acquire the digital certificate of the requesting device, the first protection random number, the digital certificate of the authentication access controller, and the second protection random number obtained by decrypting the ciphertext of the identity information of the requesting device and the ciphertext of the identity information of the authentication access controller using the private key corresponding to the encryption certificate; The second verification unit is used to verify the legality of the digital certificate of the authentication access controller to obtain a first verification result, and to verify the legality of the digital certificate of the requesting device to obtain a second verification result. The first generation unit is configured to generate first authentication result information based on information including the first verification result, generate second authentication result information based on information including the second verification result, encrypt the information including the first authentication result information using the second protection random number to generate ciphertext of the first authentication result information, encrypt the information including the second authentication result information using the first protection random number to generate ciphertext of the second authentication result information, calculate and generate a first digital signature from signature data including the ciphertext of the first authentication result information, calculate and generate a second digital signature from signature data including the ciphertext of the second authentication result information, and generate a first authentication response message based on information including the ciphertext of the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.
45. The first authentication server according to claim 42, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, then the first authentication server further includes: The second acquisition unit is used to acquire the digital certificate of the authentication access controller and the second protection random number obtained by decrypting the ciphertext of the identity information of the authentication access controller using the private key corresponding to the encryption certificate; The third verification unit is used to verify the legitimacy of the digital certificate of the authentication access controller to obtain a first verification result; The second generation unit is used to generate first authentication result information based on information including the first verification result, encrypt the information including the first authentication result information using the second protection random number to generate first authentication result information ciphertext, and calculate and generate a third digital signature on the signature data including the first authentication result information ciphertext and the identity information ciphertext of the requesting device. The second sending unit is configured to send a second authentication request message to the second authentication server. The second authentication request message includes the first authentication result information ciphertext, the identity information ciphertext of the requesting device, and the third digital signature. The second receiving unit is configured to receive a second authentication response message sent by the second authentication server. The second authentication response message includes the first authentication result information ciphertext, the first digital signature, the second authentication result information ciphertext, and a fourth digital signature. The fourth digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the second authentication result information ciphertext. The fourth verification unit is used to verify the fourth digital signature using the public key of the second authentication server; The third generation unit is used to calculate and generate a second digital signature from the signature data, including the second authentication result information ciphertext, when the fourth digital signature verification is successful, and to generate a first authentication response message based on the information including the first authentication result information ciphertext, the first digital signature, the second authentication result information ciphertext, and the second digital signature.
46. The first authentication server according to any one of claims 42 to 45, characterized in that, The message sent by the first authentication server to the authentication access controller also includes a hash value calculated by the first authentication server for the latest preamble message received from the authentication access controller; the message sent by the first authentication server to the second authentication server also includes a hash value calculated by the first authentication server for the latest preamble message received from the second authentication server.
47. A second authentication server, characterized in that, The second authentication server is the authentication server requesting device trust. If the first authentication server trusted by the access controller and the second authentication server requesting device trust are two different authentication servers, then the second authentication server includes: The receiving unit is configured to receive a second authentication request message sent by a first authentication server. The second authentication request message includes encrypted first authentication result information, encrypted identity information of the requesting device, and a third digital signature. The third digital signature is a digital signature calculated and generated by the first authentication server from signature data including the encrypted first authentication result information and the encrypted identity information of the requesting device. The first verification unit is used to verify the third digital signature using the public key of the first authentication server; The acquisition unit is used to acquire, when the third digital signature verification is successful, the digital certificate of the requesting device and the first protection random number obtained by decrypting the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate; The second verification unit is used to verify the legitimacy of the digital certificate of the requesting device to obtain a second verification result; The generation unit is configured to generate second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the first protection random number to generate second authentication result information ciphertext, calculate and generate a first digital signature on the signature data including the first authentication result information ciphertext, and calculate and generate a fourth digital signature on the signature data including the second authentication result information ciphertext. The sending unit is configured to send a second authentication response message to the first authentication server, wherein the second authentication response message includes the first authentication result information ciphertext, the first digital signature, the second authentication result information ciphertext, and the fourth digital signature.
48. The second authentication server according to claim 47, characterized in that, The message sent by the second authentication server to the first authentication server also includes a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server.