A method and apparatus for identity authentication
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA IWNCOMM
- Filing Date
- 2020-12-26
- Publication Date
- 2026-06-05
Smart Images

Figure CN114760041B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network communication security technology, and in particular to an identity authentication method and apparatus. Background Technology
[0002] In communication networks, two-way authentication is typically required between the requesting device and the authentication access controller to ensure that the requesting device is a legitimate user and that the network it is accessing is legitimate. Furthermore, peer-to-peer transmission in blockchain technology also requires establishing trust relationships between different nodes; therefore, node authentication is also crucial.
[0003] Currently, existing entity authentication schemes either uniformly use digital certificates or pre-shared keys as identity credentials. However, in some practical application scenarios, there are situations where one end uses a digital certificate as identity credential and the other end uses a pre-shared key, posing a challenge to entity authentication mechanisms. Furthermore, during the transmission of authentication messages, entity identity information is often exposed. This identity information typically includes several private or sensitive details, such as ID card numbers, home addresses, bank card information, geographical location information, or affiliated organization information. If intercepted by attackers and used for illegal activities, the consequences would be disastrous. Therefore, how to complete entity authentication without exposing sensitive identity information has become a top priority. Summary of the Invention
[0004] To address the aforementioned technical issues, this application provides an identity authentication method and apparatus that enables bidirectional identity authentication between entities when the requesting device uses a pre-shared key and the authentication access controller uses a digital certificate as identity credential, as well as entity identity protection.
[0005] In view of the above, the first aspect of this application provides an identity authentication method, comprising:
[0006] The authentication access controller receives an identity-encrypted message sent by a requesting device. The identity-encrypted message includes the encrypted identity information of the requesting device and the authentication code of the requesting device. The authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and an agreed-upon cryptographic algorithm to process information including the encrypted identity information of the requesting device. The encrypted identity information of the requesting device is generated by the requesting device using the public key of an encryption certificate to encrypt data including the device's identity identifier and a second key.
[0007] The authentication access controller sends a first authentication request message to a first authentication server it trusts. The first authentication request message includes the identity encrypted message and the identity information of the authentication access controller. The identity information of the authentication access controller is generated based on information including the digital certificate of the authentication access controller.
[0008] The authentication access controller receives a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, and a first digital signature of the first authentication server. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The second authentication result information ciphertext is generated by the second authentication server using a second key to encrypt information including the second authentication result information. The second authentication result information includes a second verification result of the identity authentication code of the requesting device. The first digital signature is a digital signature generated by the first authentication server from signature data including the second authentication result information ciphertext.
[0009] The authentication access controller verifies the first digital signature using the public key of the first authentication server. If the verification is successful, the authentication access controller sends a third authentication response message to the requesting device. The third authentication response message includes encrypted identity authentication result information. The encrypted identity authentication result information is generated by the authentication access controller encrypting encrypted data, including the first authentication result information and the first message authentication code of the second authentication server, using a message encryption key.
[0010] The requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information in the third authentication response message to obtain the first authentication result information and the first message authentication code of the second authentication server;
[0011] The requesting device uses a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server to verify the first message authentication code of the second authentication server. If the verification is successful, the device determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the requesting device determines that the authentication result of the authentication access controller is valid, it sends a fourth authentication response message to the authentication access controller; or...
[0012] The requesting device uses a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server to verify the first message authentication code of the second authentication server. If the verification is successful, the requesting device sends a fourth authentication response message to the authentication access controller and determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or...
[0013] The requesting device uses a pre-shared key with the second authentication server and employs a cryptographic algorithm agreed upon with the second authentication server to verify the first message authentication code of the second authentication server; if the first message authentication code of the second authentication server is verified successfully, the requesting device determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the requesting device sends a fourth authentication response message to the authentication access controller.
[0014] The fourth authentication response message includes a second key ciphertext, which is generated by encrypting encrypted data, including the second key, using the message encryption key.
[0015] After receiving the fourth authentication response message, the authentication access controller decrypts the second key ciphertext using the message encryption key to obtain the second key, decrypts the second authentication result information ciphertext using the second key to obtain the second authentication result information, and determines the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
[0016] A second aspect of this application provides a requesting device, comprising:
[0017] The calculation module is used to encrypt encrypted data, including the identity identifier of the requesting device and the second key, using the public key of the encryption certificate to generate ciphertext of the identity information of the requesting device, and to calculate and generate the identity authentication code of the requesting device by using a pre-shared key of a second authentication server trusted by the requesting device and a cryptographic algorithm agreed upon with the second authentication server.
[0018] The sending module is used to send an identity encrypted message to the authentication access controller. The identity encrypted message includes the identity information encrypted of the requesting device and the identity authentication code of the requesting device.
[0019] The receiving module is configured to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes encrypted identity authentication result information. The encrypted identity authentication result information is generated by the authentication access controller encrypting encrypted data, including first authentication result information and a first message authentication code of the second authentication server, using a message encryption key. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information.
[0020] The decryption module is used to decrypt the ciphertext of the identity authentication result information in the third authentication response message using the message encryption key to obtain the first authentication result information and the first message authentication code of the second authentication server;
[0021] The verification module is used to verify the first message authentication code of the second authentication server using a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server. If the verification is successful, the determining module determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the determining module determines that the authentication result of the authentication access controller is valid, the sending module sends a fourth authentication response message to the authentication access controller; or...
[0022] The sending module uses a pre-shared key with the second authentication server and an agreed-upon cryptographic algorithm to verify the first message authentication code of the second authentication server. If the verification is successful, the sending module sends a fourth authentication response message to the authentication access controller, and the determining module determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or...
[0023] The module is used to verify the first message authentication code of the second authentication server using a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server; if the first message authentication code of the second authentication server is verified, the determining module determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the sending module sends a fourth authentication response message to the authentication access controller.
[0024] The fourth authentication response message includes a second key ciphertext, which is generated by encrypting encrypted data, including the second key, using the message encryption key.
[0025] A third aspect of this application provides an authentication access controller, comprising:
[0026] The receiving module is configured to receive an identity-encrypted message sent by a requesting device. The identity-encrypted message includes the encrypted identity information of the requesting device and the authentication code of the requesting device. The authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the encrypted identity information of the requesting device. The encrypted identity information of the requesting device is generated by the requesting device using the public key of an encryption certificate to encrypt data including the identity identifier and a second key of the requesting device.
[0027] The sending module is configured to send a first authentication request message to a first authentication server trusted by the authentication access controller. The first authentication request message includes the identity encrypted message and the identity information of the authentication access controller. The identity information of the authentication access controller is generated based on information including the digital certificate of the authentication access controller.
[0028] The receiving module is further configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, and a first digital signature of the first authentication server. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The second authentication result information ciphertext is generated by the second authentication server using a second key to encrypt information including the second authentication result information. The second authentication result information includes a second verification result of the identity authentication code of the requesting device. The first digital signature is a digital signature generated by the first authentication server from signature data including the second authentication result information ciphertext.
[0029] The verification module is used to verify the first digital signature using the public key of the first authentication server.
[0030] The sending module is further configured to send a third authentication response message to the requesting device if the verification is successful. The third authentication response message includes encrypted identity authentication result information. The encrypted identity authentication result information is generated by the authentication access controller encrypting encrypted data, including the first authentication result information and the first message authentication code of the second authentication server, using a message encryption key.
[0031] The receiving module is further configured to receive a fourth authentication response message sent by the requesting device, the fourth authentication response message including a second key ciphertext, the second key ciphertext being generated by encrypting encrypted data including the second key using the message encryption key;
[0032] The decryption module is used to decrypt the second key ciphertext using the message encryption key to obtain the second key, and to decrypt the second authentication result information ciphertext using the second key to obtain the second authentication result information.
[0033] The determining module is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
[0034] A fourth aspect of this application provides a first authentication server, which is an authentication server trusted by an authentication access controller, comprising:
[0035] The receiving module is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes an identity ciphertext message and the identity information of the authentication access controller. The identity ciphertext message includes ciphertext of the requesting device's identity information and the identity authentication code of the requesting device. The identity authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the ciphertext of the requesting device's identity information. The ciphertext of the requesting device's identity information is generated by the requesting device using the public key of its encryption certificate to encrypt encrypted data including the requesting device's identity identifier and a second key. The identity information of the authentication access controller is generated based on information including the digital certificate of the authentication access controller.
[0036] The sending module is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, and a first digital signature of the first authentication server. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The second authentication result information ciphertext is generated by the second authentication server using a second key to encrypt encrypted data including the second authentication result information. The second authentication result information includes a second verification result of the identity authentication code of the requesting device. The first digital signature is a digital signature generated by the first authentication server on signature data including the second authentication result information ciphertext.
[0037] A fifth aspect of this application provides a second authentication server, which is an authentication server that requests device trust, comprising:
[0038] The receiving module is configured to receive a second authentication request message sent by a first authentication server. The second authentication request message includes first authentication result information, an encrypted identity message, and a second digital signature; or the second authentication request message includes first authentication result information, an encrypted identity message, and a second message authentication code. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The encrypted identity message includes encrypted identity information of the requesting device and an authentication code of the requesting device. The authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the encrypted identity information of the requesting device. The encrypted identity information of the requesting device is generated by the requesting device using the public key of an encryption certificate to encrypt encrypted data including the identity identifier and a second key of the requesting device. The second digital signature is generated by the first authentication server calculating signature data including the first authentication result information and the encrypted identity message, or the second message authentication code is generated by the first authentication server calculating information including the first authentication result information and the encrypted identity message.
[0039] The verification module is used to verify the second digital signature using the public key of the first authentication server or to verify the second message authentication code using a pre-shared key with the first authentication server. If the verification is successful, the module uses the private key corresponding to the encryption certificate to decrypt the ciphertext of the requesting device's identity information to obtain the identity identifier of the requesting device and the second key. The module also determines the pre-shared key with the requesting device based on the identity identifier of the requesting device and uses the pre-shared key to verify the identity authentication code of the requesting device to obtain a second verification result.
[0040] The generation module is used to generate second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate second authentication result information ciphertext, calculate and generate a first message authentication code for the second authentication server based on the information including the first authentication result information, and calculate and generate a third digital signature based on the signature data including the second authentication result information ciphertext or calculate and generate a third message authentication code based on the information including the second authentication result information ciphertext.
[0041] The sending module is configured to send a second authentication response message to the first authentication server. The second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted text of the second authentication result information, and the third digital signature. Alternatively, the second authentication response message may include the first authentication result information, the first message authentication code of the second authentication server, the encrypted text of the second authentication result information, and the third message authentication code.
[0042] As can be seen from the above, in the identity authentication method provided in this application, the requesting device uses a pre-shared key as its identity credential, and the authentication access controller uses a digital certificate as its identity credential. During the identity authentication process, the requesting device first sends an encrypted identity message to the authentication access controller. This encrypted identity message includes encrypted identity information of the requesting device and an identity authentication code generated using the pre-shared key. The authentication access controller generates a first authentication request message based on the information including the encrypted identity message and its own identity information, and sends this first authentication request message to a first authentication server trusted by the requesting device. A second authentication server trusted by the requesting device verifies the legitimacy of the requesting device's identity based on the requesting device's identity authentication code. The first authentication server trusted by the authentication access controller verifies the legitimacy of the authentication access controller's identity based on the authentication access controller's digital certificate. After verification, the first authentication server sends information including the first authentication result and the second authentication service information to the authentication access controller. The authentication access controller receives a first authentication response message containing a first message authentication code, a second authentication result information ciphertext, and a first digital signature of the first authentication server. The authentication access controller verifies the first digital signature in the first authentication response message using the public key of the first authentication server. If the verification is successful, it sends a third authentication response message to the requesting device. The requesting device uses a message encryption key to decrypt the ciphertext of the authentication result information in the third authentication response message to obtain the first authentication result information and the first message authentication code of the second authentication server. After the first message authentication code of the second authentication server is verified, the requesting device determines the authentication result of the authentication access controller based on the first authentication result information. When the authentication access controller is determined to be legitimate, a fourth authentication response message including a second key ciphertext is sent to the authentication access controller, enabling the authentication access controller to decrypt the second key ciphertext to obtain the second key, and use the second key to decrypt the second authentication result information ciphertext to obtain the second authentication result information, from which the authentication result of the requesting device is determined.
[0043] This enables two-way authentication between the access controller and the requesting device, laying the foundation for ensuring that only legitimate users can access the legitimate network. Furthermore, the entity's identity information and / or authentication results are transmitted in encrypted form, ensuring the security of private information during transmission and achieving entity identity protection. Attached Figure Description
[0044] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0045] Figure 1 A schematic diagram illustrating an identity authentication method provided in an embodiment of this application;
[0046] Figure 2 A schematic diagram illustrating a method for requesting a device REQ and negotiating an encryption key for an access controller AAC, provided in an embodiment of this application;
[0047] Figure 3 This is a schematic diagram of an identity authentication method provided in an embodiment of this application, where "*" represents an optional field or optional operation;
[0048] Figure 4 This is a schematic diagram of an identity authentication method provided in an embodiment of this application, where "*" represents an optional field or optional operation;
[0049] Figure 5 This is a schematic diagram of an identity authentication method provided in an embodiment of this application, where "*" represents an optional field or optional operation;
[0050] Figure 6 This is a schematic diagram of an identity authentication method provided in an embodiment of this application, where "*" represents an optional field or optional operation;
[0051] Figure 7 A structural block diagram of a request device REQ provided in an embodiment of this application;
[0052] Figure 8 A structural block diagram of an authentication access controller (AAC) provided in this application embodiment;
[0053] Figure 9 A structural block diagram of a first authentication server AS-AAC provided in an embodiment of this application;
[0054] Figure 10 This is a structural block diagram of a second authentication server AS-REQ provided in an embodiment of this application. Detailed Implementation
[0055] In a communication network, a requesting device can access the network through an authentication access controller. To ensure that the requesting device is a legitimate user and that the network accessed by the requesting device is a legitimate network, two-way identity authentication (MIA) is required between the authentication access controller and the requesting device.
[0056] Taking current wireless and mobile communication scenarios as examples, in scenarios where a requesting device accesses a wireless network through an authentication access controller, the requesting device can be a terminal device such as a mobile phone, a personal digital assistant (PDA), or a tablet computer, while the authentication access controller can be a network-side device such as a wireless access point or a wireless router. In scenarios where a requesting device accesses a wired network through an authentication access controller, the requesting device can be a terminal device such as a desktop computer or a laptop computer, while the authentication access controller can be a network-side device such as a switch or a router. In scenarios where a requesting device accesses a 4G / 5G network through an authentication access controller, the requesting device can be a terminal device such as a mobile phone or a tablet computer, while the authentication access controller can be a network-side device such as a base station. Of course, this application is also applicable to various data communication scenarios, including other wired networks and short-range communication networks.
[0057] However, existing entity authentication schemes either uniformly use digital certificates or pre-shared keys as identity credentials. For practical applications where one end uses a digital certificate and the other a pre-shared key, no simple and effective authentication mechanism has been proposed. Furthermore, the direct exposure of the entity's identity information during the transmission of authentication messages compromises its security.
[0058] To address the aforementioned technical problems, this application provides an identity authentication method. For application scenarios where the requesting device uses a pre-shared key and the authentication access controller uses a digital certificate authentication method, a first authentication server trusted by the authentication access controller verifies the legality of the authentication access controller's digital certificate to obtain a first verification result. A second authentication server trusted by the requesting device verifies the requesting device's identity authentication code to obtain a second verification result. The requesting device and the authentication access controller determine the legitimacy of the other entity based on the verification result corresponding to the other entity, thereby achieving bidirectional identity authentication between the authentication access controller and the requesting device, ensuring that only legitimate users can communicate with legitimate networks. Furthermore, the entity's private information, such as identity identifiers and authentication result information, is transmitted in encrypted form, ensuring the security of private information during transmission and achieving entity identity protection.
[0059] For ease of explanation, in this embodiment of the application, the identity authentication method of the present application will be described using the requesting device (REQuester, abbreviated as REQ), the authentication access controller (AAC, abbreviated as AAC), and the authentication server (AS, abbreviated as AS) as examples.
[0060] In this system, the AS trusted by AAC is called the first authentication server (AS-AAC), and the AS trusted by REQ is called the second authentication server (AS-REQ). AS-AAC holds digital certificates and corresponding private keys conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems. AS-AAC can verify the identity and legitimacy of AAC, and AS-REQ can verify the identity and legitimacy of REQ. The Certificate Server-Decrypt (CS-DEC) holds encryption certificates and corresponding private keys conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems. There can be one or multiple encryption certificates. CS-DEC can be a standalone server or reside within AS-AAC and / or AS-REQ. AS-AAC and AS-REQ can be the same AS or different ASs. When AS-AAC and AS-REQ are the same, it is a non-roaming situation. When AS-AAC and AS-REQ are different, it is a roaming situation. In this case, AS-AAC and AS-REQ have a valid pre-shared key. Alternatively, when AS-REQ holds a digital certificate and the corresponding private key that conforms to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, AS-AAC and AS-REQ know each other's digital certificate or the public key in the digital certificate.
[0061] REQ can be one endpoint participating in the authentication process, establishing a connection with AAC, accessing services provided by AAC, and accessing AS through AAC. REQ is aware of CS-DEC's encryption certificate or the public key within the encryption certificate. REQ and its trusted AS-REQ have a valid pre-shared key. AAC can be another endpoint participating in the authentication process, establishing a connection with REQ, providing services, communicating with REQ, and directly accessing AS-AAC. AAC holds digital certificates conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, along with the corresponding private keys. In some application scenarios, AAC is also aware of CS-DEC's encryption certificate or the public key within the encryption certificate.
[0062] The following is combined with Figure 1 This application provides an embodiment of an identity authentication method, which includes:
[0063] S101, AAC receives the identity-encrypted message REQInit sent by REQ.
[0064] The REQInit contains REQ's identity information encrypted EncPub. AS_REQ The REQ's identification code MIC REQ Among them, EncPub AS_REQ REQ uses the public key of the encryption certificate to include REQ's identity ID. REQ Second key Nonce REQPub The encrypted data, including the MIC, is generated through encryption. REQ REQ utilizes the pre-shared key K with AS-REQ REQ_AS The cryptographic algorithm agreed upon with AS-REQ is used for EncPub. AS_REQ The information included is calculated and generated. In this application, the object to be encrypted is referred to as encrypted data.
[0065] As an example of this application, the cryptographic algorithm agreed upon by REQ and AS-REQ can be a hash algorithm, utilizing the K... REQ_AS A hash algorithm is used to analyze the MICs in REQInit. REQ Other fields previously included, such as EncPub AS_REQ The information, including the REQ information, is hashed to obtain a hash value, which serves as the REQ's authentication code (MIC). REQ .
[0066] In this embodiment, REQ will MIC REQ As identity information, AAC will use its own digital certificate Cert. AAC As identity information, AS-REQ can be used to verify MIC. REQ To verify the legitimacy of the REQ identity, AS-AAC can perform verification on the Cert. AAC A legitimacy verification is performed to determine the legitimacy of the AAC identity.
[0067] S102, AAC sends a first authentication request message AACVeri to the AS-AAC it trusts.
[0068] The AACVeri includes the identity information of REQInit and AAC. The AAC's identity information is based on Cert... AAC The information generated, including Cert, can be... AAC Plaintext, or Cert AACThe encrypted text. For example, when the AAC's identity information is Cert... AAC When encrypting the text, AAC uses the public key of the encryption certificate to include Cert. AAC EncPub is generated from encrypted data, including data from the EncPub database. AS_AAC .
[0069] It should be noted that when the AS-AAC trusted by AAC and the AS-REQ trusted by REQ are the same authentication server, the authentication server jointly trusted by REQ and AAC can be represented by AS-AAC (or AS-REQ). In this case, the authentication server is determined by AS-AAC (which can also be represented as AS-REQ) for the Certification. AAC and the MIC in the REQInit REQ Perform verification. Specifically, use AS-AAC (also known as AS-REQ) to verify Cert. AAC The legality of Res was verified by the first result. AAC EncPub is decrypted using the private key corresponding to the encryption certificate of the CS-DEC residing in AS-AAC (which can also be represented as AS-REQ). AS_REQ Get ID REQ and Nonce REQPub Or EncPub AS_REQ Send the decryption code to the CS-DEC with which you have an interactive and trust relationship, and obtain the decrypted ID. REQ and Nonce REQPub and according to ID REQ Determine the pre-shared key K agreed with REQ. REQ_AS And cryptographic algorithms, utilizing the K REQ_AS The cryptographic algorithm described above is used to analyze the MIC in REQInit. REQ The second verification result, Res, was obtained through verification. REQ According to the Res AAC The information included generates the first identification result information Pub AAC According to the Res REQ The information included generates the second identification result information Pub REQ Then use Nonce REQPub For including Pub REQ The information, including the Nonce, is encrypted to generate a second authentication result ciphertext, such as the Nonce itself. REQPub With Pub REQ Perform an XOR operation, and the ciphertext of the second authentication result is Pub. REQ ⊕Nonce REQPub Using the K REQ_AS The cryptographic algorithm is used to target Pub. AACThe information included is used to calculate and generate the first message authentication code (MIC) for AS-AAC. AS_AAC (It can also be represented as the first message authentication code MIC of AS-REQ) AS_REQ The first digital signature Sig is generated by calculating the signature data, including the encrypted information of the second authentication result. AS_AAC1 (can also be represented as Sig) AS_REQ1 According to the Pub AAC The MIC AS_AAC (can also be represented as MIC) AS_REQ The second authentication result information ciphertext and the Sig AS_AAC1 (can also be represented as Sig) AS_REQ1 The information, including the first authentication response message ASVeri, is generated.
[0070] When the AS-AAC trusted by AAC and the AS-REQ trusted by REQ are two different authentication servers, in this case, AS-AAC is responsible for authentication of Certification. AAC The first verification result, Res, is obtained by performing a validity verification. AAC According to the Res AAC The information included generates the first identification result information Pub AAC For including the Pub AAC The second digital signature Sig is generated by calculating the signature data, including REQInit. AS_AAC2 And send a second authentication request message AS-AACVeri to AS-REQ, wherein AS-AACVeri includes the Pub AAC The REQInit and the Sig AS_AAC2 Among them, Sig AS_AAC2 Can be replaced with MIC AS_AAC2 MIC AS_AAC2 AS-AAC uses a pre-shared key with AS-REQ and employs a cryptographic algorithm agreed upon with AS-REQ to access the Pub database. AAC The second message authentication code is generated by calculating the information including REQInit. AS-REQ uses the AS-AAC public key to verify the Sig. AS_AAC2 Alternatively, the MIC can be verified using a pre-shared key with AS-AAC and a cryptographic algorithm agreed upon with AS-AAC. AS_AAC2 If the verification passes, AS-REQ will use the private key corresponding to the encryption certificate of CS-DEC residing in AS-REQ to decrypt EncPub. AS_REQ Get ID REQ and Nonce REQPub Or EncPub AS_REQSend the decryption code to the CS-DEC with which you have an interactive and trust relationship, and retrieve the decrypted ID from the CS-DEC. REQ and Nonce REQPub and according to ID REQ Determine the pre-shared key K agreed with REQ. REQ_AS And cryptographic algorithms, utilizing the K REQ_AS The cryptographic algorithm described above is used to analyze the MIC in REQInit. REQ The second verification result, Res, was obtained through verification. REQ According to the Res REQ The information included generates the second identification result information Pub REQ Using Nonce REQPub For including Pub REQ The information, including the encryption of the data, generates a second authentication result ciphertext, such as AS-REQ using nonce. REQPub For including Pub REQ Generated by XOR operation on the information included As the encrypted second authentication result information, using the K REQ_AS The cryptographic algorithm is used to target the Pub account. AAC The information included in the calculation generates the first message authentication code (MIC) for the AS-REQ. AS_REQ A third digital signature Sig is generated from the signature data, including the encrypted information of the second authentication result. AS_REQ3 And send a second authentication response message AS-REQVeri to AS-AAC, wherein the AS-REQVeri includes the Pub AAC The MIC AS_REQ The second authentication result information ciphertext and the Sig AS_REQ3 Among them, Sig AS_REQ3 Can be replaced with MIC AS_REQ3 MIC AS_REQ3 The third message authentication code is generated by AS-REQ using a pre-shared key with AS-AAC and employing a cryptographic algorithm agreed upon with AS-AAC, calculating the ciphertext including the second authentication result information. AS-AAC uses AS-REQ's public key to verify the Sig. AS_REQ3 Alternatively, the MIC can be verified using a pre-shared key with AS-REQ and a cryptographic algorithm agreed upon with AS-REQ. AS_REQ3 After successful verification, a first digital signature Sig is generated from the signature data, including the encrypted information of the second authentication result. AS_AAC1 According to the Pub AAC The MIC AS_REQ The second authentication result information ciphertext and the SigAS_AAC1 The information included generates the first authentication response message ASVeri.
[0071] S103, AAC receives the first authentication response message ASVeri sent by AS-AAC.
[0072] The ASVeri is based on information including the first identification result Pub. AAC The first message authentication code (MIC) of AS-REQ AS_REQ The second authentication result information ciphertext and the first digital signature Sig of AS-AAC AS_AAC1 The information generated, including.
[0073] Among them, Pub AAC Includes Cert AAC The first verification result Res AAC ;MIC AS_REQ AS-REQ utilizes the aforementioned K REQ_AS The cryptographic algorithm agreed upon with REQ is used for Pub. AAC Information generated by calculations, including those in the Pub. REQ Includes MIC REQ The second verification result Res REQ The second authentication result information is encrypted using AS-REQ with a Nonce. REQPub For including Pub REQ The information, including the ciphertext, is generated using encryption; Sig AS_AAC1 It is generated by AS-AAC from the signature data, including the encrypted information of the second authentication result.
[0074] S104, AAC uses the AS-AAC public key to access the Sig... AS_AAC1 Verification is required.
[0075] If the verification passes, proceed to step S105; if the verification fails, discard ASVeri.
[0076] S105, AAC sends a third authentication response message AACAuth to REQ.
[0077] The AACAuth includes encrypted identity authentication result information EncData. AAC EncData AAC AAC uses a symmetric encryption algorithm with a message encryption key to encrypt the Pub file. AAC and the MIC AS_REQ The encrypted data, including the encrypted data, is generated using encryption. The message encryption key can be negotiated between REQ and AAC, or it can be pre-shared between REQ and AAC. The method for REQ and AAC to negotiate the message encryption key will be described later.
[0078] S106, REQ uses the message encryption key to encrypt EncData in AACAuth. AAC Decrypt to get Pub AAC and MIC AS_REQ .
[0079] S107, REQ utilizes the pre-shared key K with AS-REQ REQ_AS The MIC is verified using a cryptographic algorithm agreed upon with AS-REQ. AS_REQ .
[0080] S108, REQ (based on Pub) AAC Res in AAC Determine the identity verification result of AAC.
[0081] Due to Res AAC It can reflect whether AAC is valid, therefore REQ can be based on Pub. AAC Res in AAC Determining whether an AAC is legitimate lays the foundation for ensuring that a REQ can access legitimate networks.
[0082] S109, REQ sends the fourth authentication response message REQAuth to AAC.
[0083] The REQAuth includes a second key ciphertext EncData. REQ EncData REQ REQ uses the aforementioned message encryption key and a symmetric encryption algorithm to encrypt the Nonce. REQPub The encrypted data, including the encrypted data, was generated.
[0084] It should be noted that the execution order of S107 to S109 does not affect the specific implementation of this application. In practical applications, the execution order of S107 to S109 can be set according to requirements. A preferred suggestion is to execute S107 first, and then execute S109 when REQ responds to the MIC. AS_REQ If verification fails, AACAuth is discarded, and the REQ is applied to the MIC. AS_REQ After successful verification, proceed to step S108. If REQ determines that AAC is valid, proceed to step S109. If REQ determines that AAC is invalid, REQ will choose whether to proceed to step S109 based on its local policy. Considering efficiency, the preferred solution is not to proceed to step S109 and end the current authentication process.
[0085] S110 and AAC use the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPubThe encrypted information of the second authentication result is decrypted to obtain Pub. REQ According to Pub REQ Res in REQ Determine the identity verification result of REQ.
[0086] Due to Res REQ It can reflect whether the REQ is valid, therefore AAC can be based on Pub. REQ Res in REQ Determining whether a request for authorization (REQ) is valid lays the foundation for ensuring that only valid REQs can access the network.
[0087] As can be seen from the above, the identity authentication method provided in this application embodiment is designed for application scenarios where the requesting device uses a pre-shared key and the authentication access controller uses a digital certificate. A first authentication server trusted by the authentication access controller verifies the legality of the digital certificate of the authentication access controller to obtain a first verification result. A second authentication server trusted by the requesting device verifies the identity authentication code of the requesting device using the pre-shared key shared with the requesting device to obtain a second verification result. The requesting device and the authentication access controller determine the legitimacy of the other entity based on the verification result corresponding to the other entity, thereby achieving bidirectional identity authentication between the authentication access controller and the requesting device. This lays the foundation for ensuring that only legitimate users can communicate with legitimate networks. Furthermore, the entity's private information, such as identity identifiers and authentication result information, is transmitted in encrypted form, ensuring the security of private information during transmission and achieving entity identity protection.
[0088] Please refer to Figure 1 If the identity information of AAC in S102's AACVeri is transmitted in ciphertext form, then the encrypted data that generates the identity information of AAC includes not only Cert AAC It may also include a fourth key, Nonce. AACPub That is, AAC uses the public key pair of the encryption certificate, including Cert. AAC and Nonce AACPub EncPub is generated from encrypted data, including data from the EncPub database. AS_AAC Nonce AACPub Used for including Pub AAC The information, including the encryption, is encrypted; correspondingly, the first authentication result information included in S103's ASVeri is stored in ciphertext form, for example, using the Nonce. AACPub For including Pub AAC Pub is generated by performing an XOR operation on the information contained within. AAC ⊕Nonce AACPub .
[0089] Furthermore, if the AAC identity information in S102's AACVeri is transmitted in ciphertext form, then the encrypted data that generates the AAC identity information can include not only Cert AAC and Nonce AACPub It can also include ID AAC and the fifth key Nonce AACID That is, AAC uses the public key pair of the encryption certificate, including Cert. AAC ID AAC Nonce AACPub and Nonce AACID EncPub is generated from encrypted data, including data from the EncPub database. AS_AAC Nonce AACID Used for including ID AAC The information is encrypted; correspondingly, the ASVeri in S103 also includes the ciphertext of the AAC's identity. The ciphertext of the AAC's identity can be encrypted by AS-AAC using the Nonce. AACID For including ID AAC The information, including the data, is encrypted and generated. Simply put, AS-AAC uses nonce. AACID For including ID AAC The information included is XORed to generate the result.
[0090] In other words, when AAC's identity information is obtained by AAC using the public key pair of the CS-DEC encryption certificate, including the nonce... AACPub and Nonce AACID At least one key in, Cert AAC ID AAC When encrypted data is generated, the corresponding Pub in S103's ASVeri is also encrypted. AAC and / or ID AAC It exists in encrypted form. Among them, the ID in ASVeri... AAC When it exists in plaintext form, AAC can also store the ID in ASVeri. AAC With AAC's own identity ID AAC The consistency of the ID in ASVeri is verified; AAC When it exists in encrypted form, AAC uses its own identity ID. AAC and the Nonce AACID Verify the encrypted identity of AAC, specifically by AAC using Nonce. AACID For AAC's own identity ID AACThe information, including the ciphertext, is encrypted to generate the AAC's identity ciphertext, and then the generated AAC identity ciphertext is verified against the AAC identity ciphertext in S103's ASVeri; alternatively, the AAC uses a nonce... AACID Decrypting the ciphertext of AAC's identity identifier yields the ID. AAC and compare it with AAC's own identity ID. AAC The consistency is verified. If the verification passes, AAC then executes S105, which sends AACAuth to REQ.
[0091] In the embodiment where the AAC identity information is transmitted in encrypted form, the EncData in AACAuth in S105... AAC It can also be that AAC uses message encryption key pairs including MIC AS_REQ Nonce AACPub The encrypted data, including the data itself, is generated using encryption. Correspondingly, in S106, REQ obtains Pub. AAC and MIC AS_REQ Specifically, this is achieved by using the message encryption key to encrypt EncData. AAC Decrypt to obtain MIC AS_REQ and using decryption of EncData AAC The Nonce obtained AACPub right Decrypt to get Pub AAC .
[0092] In other embodiments, if in REQAuth of S109, REQ generates EncData REQ This includes not only Nonce REQPub Encryption can also be applied to IDs. REQ Encryption, i.e., EncData REQ The encrypted data includes Nonce REQPub and ID REQ In this case, Pub REQ It also includes ID REQ In S110, AAC uses the message encryption key to pair the EncData in REQAuth. REQ Decryption also yields the ID REQ and the decrypted ID REQ With Pub REQ ID in REQ Perform consistency verification. After successful verification, AAC will then proceed according to the Pub. REQ Res in REQ Determine the identity verification result of REQ.
[0093] Please refer to Figure 1 To ensure the reliability of the authentication results, before REQ determines the identity authentication result of AAC in S108, REQ can also determine the digital signature Sig of AAC. AAC Whether the verification passed, if confirmed, Sig AAC If the verification passes, the REQ will then be processed according to the Pub. AAC Res in AAC Determine the identity authentication result of AAC. Specifically, REQ determines Sig. AAC Whether the verification passes includes the following methods:
[0094] One implementation is that when the AACVeri of S102 also includes the digital signature Sig of AAC... AAC At that time, the Sig AAC It is AAC pairs including AACVeri in Sig AAC Other fields previously calculated, such as AAC calculating Sig from signature data including REQInit and AAC's identity information, are also used. AAC Then AS-AAC uses the Cert information in the AAC's identity information. AAC Verify the Sig AAC After successful verification, subsequent operations are performed. Therefore, if REQ can receive the AACAuth from S105, REQ determines Sig. AAC Verified.
[0095] Another implementation is that when the S105's AACAuth also includes the AAC digital signature Sig... AAC At that time, correspondingly, the Pub AAC It also includes Cert AAC The Sig AAC It is AAC pair including Sig in AACAuth AAC Other fields calculated previously, such as AAC pairs including EncData, are also included. AAC The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, in S108, REQ also needs to utilize Pub. AAC Cert in AAC Verify the Sig AAC Based on the verification results, the Sig is determined. AAC Has the verification passed?
[0096] It should be noted that the random numbers and identity identifiers generated by REQ and / or AAC can be transmitted in the messages exchanged during the identity authentication process. Normally, the random numbers and / or identity identifiers carried in the received message should be the same as those carried in the sent message. However, in situations such as network jitter or attacks, the parameter information in the messages may be lost or tampered with. Therefore, in some embodiments of this application, the reliability of the authentication result can also be ensured by comparing whether the random numbers and / or identity identifiers in the sent and received messages are consistent. Specifically:
[0097] Please refer to Figure 1 The AAC Veri of S102 can also include the AAC's identity ID. AAC and / or the first random number Nonce generated by AAC AAC Correspondingly, the ASVeri of S103 can also include ID. AAC and / or Nonce AAC Thus, before AAC sends AACAuth in S105 (i.e., AAC sends the ID in ASVeri), AAC can first check the ID in ASVeri. AAC and AAC's own identity ID AAC (That is, the ID sent by AAC through AACVeri) AAC Verify the consistency of ) and / or, the Nonce in ASVeri AAC Nonce generated by AAC AAC (That is, the Nonce sent by AAC through AACCVeri) AAC The consistency of the AAC is verified. If the verification passes, the AAC then executes S105.
[0098] In S101, REQInit can also include a second random number, Nonce, generated by REQ. REQ and / or EncPub in REQInit AS_REQ The encrypted data also includes a third key, Nonce. REQID Therefore, ASVeri in S103 can also include Nonce. REQ and / or the REQ's identity ciphertext, the REQ's identity ciphertext being obtained using a Nonce. REQID For including ID REQ Information generated using encryption (e.g., using Nonce) REQID For including ID REQ Generate by performing an XOR operation on the information included. (As the encrypted identity of REQ); then in S105's AACAuth, EncData is generated. AAC The encrypted data includes not only Pub AACand MIC AS_REQ It also includes Nonce REQ and / or the encrypted identity of the REQ; correspondingly, prior to S108, the REQ also needed to use its own identity ID. REQ and the Nonce REQID Decrypting EncData AAC Verify the encrypted identity of the obtained REQ, and / or decrypt the EncData. AAC The Nonce obtained REQ Nonce generated by REQ REQ A consistency verification is performed. After successful verification, REQ then determines the AAC's authentication result. This is followed by decrypting EncData. AAC The verification of the obtained REQ identity ciphertext specifically includes: REQ using Nonce REQID For the identity ID of REQ itself REQ The information, including the REQ identifier, is encrypted to generate a ciphertext REQ identity, and then the generated ciphertext REQ identity is combined with the decrypted EncData. AAC The identity ciphertext obtained from the REQ is used for consistency verification; alternatively, the REQ utilizes the Nonce. REQID Decrypting the REQ's ciphertext yields the ID. REQ Then decrypt the obtained ID REQ and REQ's own identity ID REQ Perform consistency verification.
[0099] In the above embodiments, the message encryption key used by REQ and AAC can be obtained through negotiation between the two. Therefore, this embodiment also provides a method for REQ and AAC to negotiate the message encryption key, see [link to documentation]. Figure 2 The method includes:
[0100] S201, AAC sends a key request message AACInit to REQ.
[0101] The AACInit includes the AAC key exchange parameter KeyInfo. AAC KeyInfo AAC This includes the temporary public key generated by AAC, where key exchange refers to key exchange algorithms such as Diffie-Hellman (DH). The AACInit may also include the first random number (Nonce) generated by AAC. AAC .
[0102] In addition, the AACInit may also include security capabilities. AACSecurity capabilities AAC This indicates the security capabilities supported by AAC, including the authentication suites (which contain one or more authentication methods), symmetric encryption algorithms, integrity verification algorithms, and / or key derivation algorithms supported by AAC. These parameters allow REQ to select specific security policies to use. REQ can then base its decisions on these security capabilities. AAC Select the specific security policy (Security capabilities) used by REQ. REQ Security capabilities REQ The REQ indicates the authentication method, symmetric encryption algorithm, integrity verification algorithm, and / or key derivation algorithm used.
[0103] S202, REQ is based on the key exchange parameter KeyInfo, which includes REQ. REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used to perform key exchange calculation to generate a first key, and the message encryption key is calculated using a key derivation algorithm based on information including the first key.
[0104] If S201's AACInit also includes the Nonce generated by AAC... AAC Then REQ can be based on KeyInfo. REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC The second random number Nonce generated by REQ REQ The information, including the message encryption key, is calculated using a negotiated or pre-defined key derivation algorithm. The negotiated key derivation algorithm can be based on the Security capabilities sent by the AAC according to the REQ. AAC The chosen key derivation algorithm. KeyInfo REQ This refers to the key exchange parameters generated by REQ, including the temporary public key generated by REQ. KeyInfo REQ The corresponding temporary private key is the temporary private key generated by REQ that corresponds to the temporary public key of REQ, that is, the temporary public key and the temporary private key are a pair of temporary public-private keys.
[0105] S203, REQ sends the identity-encrypted message REQInit to AAC.
[0106] The REQInit includes the KeyInfo. REQSo that AAC can be based on including KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The message encryption key is calculated from the information including the temporary public key. Among them, KeyInfo... AAC The corresponding temporary private key is the temporary private key generated by AAC that corresponds to the temporary public key of AAC. That is, the temporary public key and the temporary private key are a pair of temporary public-private keys.
[0107] The REQInit may also include security capabilities. REQ The REQInit may also include a Nonce. REQ So that AAC can use the KeyInfo as a basis. AAC The corresponding temporary private key, the KeyInfo REQ The included temporary public key, the Nonce AAC and the Nonce REQ The encryption key for the message is calculated from the information included.
[0108] The REQInit may also include the Nonce. AAC Therefore, AAC can check the Nonce in REQInit before calculating the message encryption key. AAC Nonce generated by AAC AAC The consistency is verified to ensure that the REQInit received by AAC is a response message to AACInit.
[0109] S204, AAC based on including KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used to perform key exchange calculations to generate the first key, and the message encryption key is calculated using the key derivation algorithm based on information including the first key.
[0110] If the REQInit also includes the Nonce REQ Then AAC can be based on the KeyInfo. AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC and the Nonce REQ The information, including the message's encryption key, is calculated using a negotiated or pre-defined key derivation algorithm. The negotiated key derivation algorithm can be the Security capabilities sent by AAC based on the REQ. REQThe key export algorithm to be used.
[0111] It should be noted that, in Figure 2 In this embodiment, REQ and AAC can also generate message integrity verification keys. The implementation methods for REQ and AAC to generate message integrity verification keys are the same as those for... Figure 2 The implementation methods for generating message encryption keys for REQ and AAC in the examples are the same. For example, AAC can be generated through... Figure 2 The embodiment uses a key derivation algorithm to derive a string of key data. This key data can be used as both a message encryption key and a message integrity verification key. Alternatively, a portion of the key data can be used as a message encryption key, and the other portion as a message integrity verification key. AAC can also... Figure 2 The implementation method utilizes a key derivation algorithm to derive two identical or different key data sequences in stages: one sequence serves as the message encryption key, and the other as the message integrity verification key. REQ can be... Figure 2 The embodiment uses a key derivation algorithm to derive a string of key data. This key data can be used as both a message encryption key and a message integrity verification key. Alternatively, a portion of the key data can be used as the message encryption key, and the other portion as the message integrity verification key. REQ can also be achieved through... Figure 2 The implementation method uses a key derivation algorithm to derive two strings of identical or different key data in stages. One string is used as the message encryption key, and the other string is used as the message integrity verification key.
[0112] This application also provides a method for determining the first authentication server and / or the second authentication server used in the current authentication process by utilizing information exchange between AAC and REQ:
[0113] Please refer to Figure 2 In S201's AACInit, AAC adds the identity ID of at least one authentication server trusted by AAC. AS_AAC Then REQ can be based on the ID. AS_AAC Identify the identity ID of at least one authentication server that you trust. AS_REQ In practice, REQ is derived from ID. AS_AAC Select at least one authentication server that it trusts as the ID. AS_REQ If the selection fails, REQ will use at least one authentication server it trusts as its ID. AS_REQ (Where, successful selection corresponds to a non-roaming situation, and failed selection corresponds to a roaming situation), and the ID... AS_REQ Add it to REQInit in S203 and send it to AAC. Then, AAC can use it based on the ID.AS_AAC and ID AS_REQ The primary authentication server (AS-AAC) is determined; for example, AAC can determine the ID. AS_REQ and ID AS_AAC If at least one identical authentication server identifier exists, it indicates a non-roaming situation. AAC determines the first authentication server to participate in authentication from among the at least one authentication server identifier trusted by both REQ and AAC. If no such identifier exists, it indicates a roaming situation, and AAC needs to determine the first authentication server based on the ID. AS_AAC Determine the first authentication server AS-AAC involved in identity authentication and set the ID. AS_REQ Send to AS-AAC so that AS-AAC can use the ID AS_REQ Determine the second authentication server AS-REQ.
[0114] As another implementation, AAC may not need to send ID to REQ. AS_AAC The REQ adds the identity ID of at least one trusted authentication server to the REQInit of S203. AS_REQ According to ID AS_REQ The identity ID of the authentication server trusted by AAC itself. AS_AAC The specific implementation of the first authentication server and / or the second authentication server participating in the identity authentication process is as described in the previous implementation method.
[0115] Since the authentication servers trusted by REQ and AAC can be the same or different, when the authentication servers trusted by REQ and AAC are the same, it is a non-roaming situation; when the authentication servers trusted by REQ and AAC are different, it is a roaming situation. The following describes the identity authentication method provided in the embodiments of this application, combining non-roaming and roaming application scenarios. Specifically, it mainly introduces the following four situations: (i) Identity authentication method protected by REQ identity in non-roaming situations; (ii) Identity authentication method protected by both REQ and AAC identity in non-roaming situations; (iii) Identity authentication method protected by REQ identity in roaming situations; (iv) Identity authentication method protected by both REQ and AAC identity in roaming situations.
[0116] See Figure 3 This is an embodiment of an identity authentication method under the above-described (i) scenario. AS-AAC (or AS-REQ) can be used to represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier for engineering implementation. The identity authentication method includes:
[0117] S301, AAC generates Nonce AACand KeyInfo AAC Generate security capabilities as needed AAC .
[0118] S302, AAC sends a key request message AACInit to REQ.
[0119] The AACInit includes Nonce AAC KeyInfo AAC and security capabilities AAC Among them, security capabilities AAC This is an optional field that represents the security capabilities supported by AAC, including the authentication suites, symmetric encryption algorithms, integrity verification algorithms, and / or key derivation algorithms supported by AAC (the same applies below).
[0120] S303. After receiving AACInit, REQ performs the following operations (unless otherwise specified or logically related, the actions numbered (1), (2)... in this document do not necessarily have a sequential order due to their numbering, and the same applies throughout the document), including:
[0121] (1) Generate Nonce REQ and KeyInfo REQ ;
[0122] (2) Generate Security capabilities as needed REQ ;
[0123] (3) Based on KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; the message integrity verification key can be calculated later when it is needed.
[0124] (4) Generate Nonce REQID and Nonce REQPub ;
[0125] (5) Calculate and generate the REQ identity information ciphertext EncPub AS_REQ ;
[0126] (6) Calculate and generate the REQ authentication code MIC REQ .
[0127] S304, REQ sends the encrypted identity message REQInit to AAC.
[0128] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ and MIC REQ Among them, Nonce AAC It should equal the corresponding field in AACInit. Securitycapabilities REQ This is an optional field; REQ specifies whether to generate security capabilities. REQ It depends on whether the AACInit sent by AAC to REQ includes security capabilities. AAC Security capabilities REQ REQ indicates that it is based on security capabilities AAC The selection of a specific security strategy, i.e., the REQ determines the authentication method, symmetric encryption algorithm, integrity verification algorithm, and / or key derivation algorithm to be used (hereinafter the same). EncPub AS_REQ REQ uses the public key pair of the CS-DEC encryption certificate, including the ID. REQ Nonce REQID and Nonce REQPub The encrypted data, including the CS-DEC, is generated using encryption. In this embodiment, CS-DEC resides in AS-AAC (which can also be represented as AS-REQ). MIC REQ REQ utilizes the pre-shared key K with AS-AAC. REQ_AS The cryptographic algorithm agreed upon with AS-AAC is used to process the MIC in REQInit. REQ This is generated from calculations of other fields previously used; for example, when REQInit includes Nonce in sequence. AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ and MIC REQ At that time, REQ utilizes the aforementioned K REQ_ASThe cryptographic algorithm (which may be a hash algorithm) is used to process nonces. AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ The information, including the hash value, is obtained by performing a hash operation on it. This hash value serves as the REQ's authentication code (MIC). REQ .
[0129] S305. After receiving REQInit, AAC performs the following operations, including:
[0130] (1) Check the Nonce in REQInit AAC Nonce generated by AAC AAC Check if they match; if not, discard REQInit.
[0131] (2) Based on the KeyInfo AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm. The message integrity verification key can be calculated later when it is needed.
[0132] S306, AAC sends the first authentication request message AACVeri to AS-AAC.
[0133] The AACVeri includes REQInit and ID. AAC and Cert AAC .
[0134] After receiving the AACVeri, S307 and AS-AAC perform the following operations, including:
[0135] (1) Decrypt EncPub in REQInit using the private key corresponding to the encryption certificate. AS_REQ Get ID REQ Nonce REQID and Nonce REQPub ;
[0136] (2) Verify Cert AAC The legitimacy of ResAAC According to Res AAC and Cert AAC Information generated in Pub AAC ;
[0137] (3) Verify the MIC in REQInit REQ Get Res REQ According to ID REQ and Res REQ Information generated in Pub REQ ;
[0138] AS-AAC utilizes the pre-shared key K with REQ. REQ_AS The cryptographic algorithm agreed upon with REQ is used to process the MIC in REQInit. REQ The other fields were previously calculated locally to determine the MIC. REQ and the MIC in the received REQInit REQ Compare them; if they are the same, then MIC... REQ If the verification passes, AS-AAC determines that the REQ's identity authentication result is valid; if not, MIC... REQ If the verification fails, AS-AAC will perform the following operations according to the local policy, including discarding AACVeri or determining that the REQ's identity authentication result is invalid.
[0139] (4) Put Pub REQ and Nonce REQPub Generate by performing XOR operation ID REQ and Nonce REQID Generate by performing XOR operation
[0140] (5) Calculate the first message authentication code (MIC) of AS-AAC. AS_AAC And the first digital signature Sig AS_AAC1 .
[0141] S308, AS-AAC sends the first authentication response message ASVeri to AAC.
[0142] The ASVeri includes Nonce REQ Pub AAC MIC AS_AAC ID AAC Nonce AAC , and Sig AS_AAC1 .
[0143] Among them, NonceREQ ID AAC Nonce AAC They should be equal to the corresponding fields in AACVeri; MIC AS_AAC AS-AAC utilizes the pre-shared key K with REQ REQ_AS The cryptographic algorithms agreed upon with REQ, such as hash algorithms, are used to include... Nonce REQ Pub AAC The hash value generated by calculating the information included; Sig AS_AAC1 AS-AAC includes ID AAC Nonce AAC , The signature data, including the signature data, is calculated and generated.
[0144] S309. After receiving ASVeri, AAC performs the following operations, including:
[0145] (1) Check the ID in ASVeri AAC Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;
[0146] (2) Verify Sig using AS-AAC public key AS_AAC1 ;
[0147] (3) If any step of the above checks and verifications fails, ASVeri is immediately discarded; if all the above checks and verifications pass, the ciphertext EncData of the identity authentication result is calculated using the message encryption key. AAC ;
[0148] (4) Calculate the digital signature Sig of AAC AAC ;
[0149] (5) Calculate the first message integrity check code MacTag as needed. AAC .
[0150] S310, AAC sends a third authentication response message AACAuth to REQ.
[0151] The AACAuth includes EncData. AAC Sig AAC and MacTag AAC Among them, EncData AAC The encrypted data includes Nonce REQ Pub AACMIC AS_AAC Furthermore, all encrypted data originates from ASVeri. AAC The signature data includes EncData AAC In this application, the object to be signed is referred to as signature data. MacTag AAC This is an optional field, and its calculation process is as follows: Using the message integrity verification key, an integrity verification algorithm is applied to all fields except MacTag in AACAuth. AAC MacTag is calculated from information including other fields. AAC .
[0152] S311. After receiving AACAuth, REQ performs the following operations, including:
[0153] (1) If MacTag exists in AACAuth AAC Then verify MacTag AAC ;
[0154] The verification process is as follows: using the message integrity verification key, an integrity verification algorithm is employed to verify the integrity of all data in AACAuth except for the MacTag. AAC Information including other fields is calculated locally to generate the MacTag. AAC (This calculation method is the same as AAC's calculation of MacTag) AAC (In the same way), and calculate the MacTag AAC With the MacTag in the received AACAuth AAC Compare them.
[0155] (2) Decrypt EncData using the message encryption key AAC get Nonce REQ Pub AAC and MIC AS_AAC ;
[0156] (3) Using Nonce REQID right Perform an XOR operation to obtain the ID REQ Check the ID REQ Is it related to REQ's own identity ID? REQ same;
[0157] (4) Check the Nonce REQ Is it related to the Nonce generated by REQ? REQ same;
[0158] (5) Verify Sig AAC and MIC AS_AAC ;
[0159] REQ utilizes Pub AAC Cert in AAC Verify Sig AAC REQ utilizes the pre-shared key K with AS-AAC. REQ_AS The cryptographic algorithm agreed upon with AS-AAC is used to secure AACAuth, including... Nonce REQ Pub AAC The information included is used to calculate the MIC locally. AS_AAC and the MIC in the received AACAuth AS_AAC Compare them; if they are the same, then MIC... AS_AAC Verification passed; otherwise, MIC... AS_AAC Verification failed.
[0160] (6) If any step of the above checks and verifications fails, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the verification process.
[0161] (7) Calculate EncData using the message encryption key REQ ;
[0162] (8) Calculate the second message integrity check code MacTag REQ .
[0163] S312, REQ sends the fourth authentication response message REQAuth to AAC.
[0164] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce AAC This is an optional field and should be identical to the corresponding field in AACInit; Nonce REQ This is an optional field and should be consistent with the Nonce generated by the REQ. REQ Same. EncData REQ REQ utilizes message encryption key pairs including the Nonce. REQPub ID REQ The encrypted data, including MacTag, is generated using encryption. REQ The calculation process is as follows: using the message integrity verification key, an integrity verification algorithm is applied to all messages in REQAuth except for the MacTag. REQMacTag is generated by calculating information including other fields. REQ .
[0165] S313. After receiving REQAuth, AAC performs the following operations, including:
[0166] (1) If a Nonce exists in REQAuth AAC Then check the Nonce. AAC Nonce generated by AAC AAC Whether they match; if a Nonce exists in REQAuth REQ Then check the Nonce. REQ With the Nonce in the received REQInit REQ Are they consistent?
[0167] (2) Verify MacTag REQ ;
[0168] The verification process is as follows: using the message integrity verification key, an integrity verification algorithm is employed to verify the integrity of all data in REQAuth except for the MacTag. REQ Information including other fields is calculated locally in the MacTag. REQ (This calculation method is the same as REQ calculation of MacTag) REQ (In the same way), calculate the MacTag REQ and the MacTag in the received REQAuth REQ Compare them.
[0169] (3) Use the message encryption key to pair EncData REQ Decryption yields Nonce REQPub and ID REQ ;
[0170] (4) Using Nonce REQPub For ASVeri Perform an XOR operation to get Pub REQ Check the ID obtained from decryption. REQ With Pub REQ ID in REQ Are they consistent?
[0171] (5) If any step of the above checks and verifications fails, the REQAuth will be discarded immediately; if all the above checks and verifications pass, the REQAuth will be discarded according to the Pub. REQ Res in REQ Determine the identity verification result of REQ.
[0172] Therefore, S311 and S313 respectively implement identity authentication for AAC and REQ, that is, realize bidirectional identity authentication for REQ and AAC, and transmit the identity identifier of REQ and the identity authentication results of AAC and REQ in encrypted form to achieve identity protection.
[0173] It should be noted that Sig is calculated in S309. AAC The operation can also be changed to be executed first in S306, that is, in S306, AAC first processes REQInit, ID, etc. AAC and Cert AAC The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, S306's AACeri also includes Sig. AAC In S307, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations will be performed; in this case, AAC in S309 does not need to calculate Sig. AAC Accordingly, S310's AACAuth does not include Sig. AAC In S311, REQ no longer verifies Sig. AAC At this time, Pub AAC Cert may not be included. AAC .
[0174] See Figure 4 This is an embodiment of an identity authentication method under scenario (ii) above. AS-AAC (or AS-REQ) can be used to represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier for engineering implementation. The identity authentication method includes:
[0175] S401, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0176] S402, AAC sends a key request message AACInit to REQ.
[0177] The AACInit includes Nonce AAC KeyInfo AAC and security capabilities AAC Among them, security capabilities AAC This is an optional field.
[0178] After receiving AACInit, S403 and REQ perform the following operations, including:
[0179] (1) Generate Nonce REQ and KeyInfo REQ ;
[0180] (2) Generate Security capabilities as needed REQ ;
[0181] (3) Calculate the message encryption key and the message integrity verification key; the calculation process is as follows: Figure 3 Relevant descriptions in the embodiments;
[0182] (4) Generate Nonce REQID and Nonce REQPub ;
[0183] (5) Calculate and generate the REQ identity information ciphertext EncPub AS_REQ ;
[0184] (6) Calculate and generate the REQ authentication code MIC REQ .
[0185] S404, REQ sends the identity-encrypted message REQInit to AAC.
[0186] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS_REQ and MIC REQ Among them, security capabilities REQ Optional field; EncPub AS_REQ and MIC REQ The calculation process is as follows Figure 3 The relevant descriptions in the embodiments.
[0187] After receiving REQInit, S405 and AAC perform the following operations, including:
[0188] (1) Check the Nonce in REQInit AAC Nonce generated by AAC AAC Check if they match; if not, discard REQInit.
[0189] (2) Calculate the message encryption key and the message integrity verification key; the calculation process is as follows: Figure 3Relevant descriptions in the embodiments;
[0190] (3) Generate Nonce AACID and Nonce AACPub ;
[0191] (4) Calculate and generate EncPub AS_AAC .
[0192] S406, AAC sends the first authentication request message AACVeri to AS-AAC.
[0193] The AACeri includes REQInit and EncPub. AS_AAC Among them, EncPub AS_AAC AAC uses the public key pair of the CS-DEC encryption certificate, including the ID. AAC Cert AAC Nonce AACID Nonce AACPub The encrypted data, including the encrypted data, was generated.
[0194] After receiving the AACVeri, S407 and AS-AAC perform the following operations, including:
[0195] (1) Using the private key corresponding to the encryption certificate, EncPub AS_AAC Decrypt to get ID AAC Cert AAC Nonce AACID and Nonce AACPub And, regarding EncPub in REQInit AS_REQ Decrypt to get ID REQ Nonce REQID and Nonce REQPub ;
[0196] (2) Verify Cert AAC The legitimacy of Res AAC According to Res AAC and Cert AAC Information generated in Pub AAC ;
[0197] (3) Verify the MIC in REQInit REQ Get Res REQ According to ID REQ and Res REQ Information generated in Pub REQ ;MIC REQ See the verification process. Figure 3 Relevant descriptions in the embodiments;
[0198] (4) Nonce AACPub and Pub AAC Generate by performing XOR operation Nonce AACID and ID AAC Generate by performing XOR operation
[0199] (5) Nonce REQPub and Pub REQ Generate by performing XOR operation Nonce REQID and ID REQ Generate by performing XOR operation
[0200] (6) Calculate the first message authentication code (MIC) of AS-AAC. AS_AAC And the first digital signature Sig AS_AAC1 .
[0201] S408, AS-AAC sends the first authentication response message ASVeri to AAC.
[0202] The ASVeri includes Nonce REQ , MIC AS_AAC , Nonce AAC , and Sig AS_AAC1 Among them, Nonce REQ Nonce AAC They should be equal to the corresponding fields in AACVeri; MIC AS_AAC AS-AAC utilizes the pre-shared key K with REQ REQ_AS Using the cryptographic algorithm agreed upon with REQ to handle including Nonce REQ , The information included was calculated and generated. Sig AS_AAC1 AS-AAC includes Nonce AAC , The signature data is generated from the calculation.
[0203] S409. After receiving ASVeri, AAC performs the following operations, including:
[0204] (1) Using Nonce AACID right Perform an XOR operation to recover the IDAAC ;
[0205] (2) Check the Nonce AAC , the recovered ID AAC Are they respectively related to the Nonce generated by AAC? AAC AAC's own identity ID AAC same;
[0206] (3) Verify Sig using AS-AAC public key AS_AAC1 ;
[0207] (4) If any step of the above checks and verifications fails, ASVeri is immediately discarded; if all the above checks and verifications pass, EncData is calculated using a symmetric encryption algorithm with the message encryption key. AAC ;
[0208] (5) Calculate Sig AAC ;
[0209] (6) Calculate MacTag as needed AAC .
[0210] S410, AAC sends a third authentication response message AACAuth to REQ.
[0211] The AACAuth includes EncData. AAC Sig AAC and MacTag AAC Among them, EncData AAC The encrypted data includes Nonce REQ , MIC AS_AAC and Nonce AACPub ; Nonce REQ , MIC AS_AAC It should equal the corresponding field in ASVeri. Sig AAC The signature data includes EncData AAC MacTag AAC See the calculation process. Figure 3 Description of relevant content in the implementation examples.
[0212] S411. After receiving AACAuth, REQ performs the following operations, including:
[0213] (1) If MacTag exists in AACAuth AAC Then verify MacTag AAC The verification process can be found in [link / reference]. Figure 3 Description of relevant content in the implementation examples;
[0214] (2) Decrypt EncData using the message encryption key AAC get Nonce REQ , MIC AS_AAC and Nonce AACPub ;
[0215] (3) Using Nonce REQID right Perform an XOR operation to recover the ID REQ Using Nonce AACPub right Perform an XOR operation to restore Pub AAC ;
[0216] (4) Check the recovered ID REQ The Nonce obtained through decryption REQ Are they respectively related to REQ's own identity ID? REQ Nonce generated by REQ REQ same;
[0217] (5) Verify Sig AAC and MIC AS_AAC ;
[0218] REQ utilizes Pub AAC Cert in AAC Verify Sig AAC REQ utilizes the pre-shared key K with AS-AAC. REQ_AS The cryptographic algorithm agreed upon with AS-AAC is used to secure AACAuth, including... Nonce REQ , The information included is used to calculate the MIC locally. AS_AAC and the MIC in the received AACAuth AS_AAC Compare them; if they are the same, then MIC... AS_AAC Verification passed; otherwise, MIC... AS_AAC Verification failed.
[0219] (6) If any of the above checks and verifications fails, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, the verification process ends.
[0220] (7) Calculate EncData using the message encryption key REQ ;
[0221] (8) Calculate MacTag REQ ; see calculation process Figure 3 Description of relevant content in the implementation examples.
[0222] S412, REQ sends the fourth authentication response message REQAuth to AAC.
[0223] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce AAC This is an optional field and should be identical to the corresponding field in AACInit; Nonce REQ This is an optional field and should be consistent with the Nonce generated by the REQ. REQ Same. EncData REQ The encrypted data includes Nonce REQPub and ID REQ .
[0224] S413. After receiving REQAuth, AAC performs the following operations, including:
[0225] (1) If a Nonce exists in REQAuth AAC Then check the Nonce. AAC Nonce generated by AAC AAC Whether they match; if a Nonce exists in REQAuth REQ Then check the Nonce. REQ With the Nonce in the received REQInit REQ Are they consistent?
[0226] (2) Verify MacTag REQ The verification process can be found in [link / reference]. Figure 3 Description of relevant content in the implementation examples;
[0227] (3) Use the message encryption key to pair EncData REQ Decryption to obtain Nonce REQPub and ID REQ ;
[0228] (4) Using Nonce REQPub For ASVeri Perform an XOR operation to restore Pub REQ Check the ID obtained from decryption. REQWith Pub REQ ID in REQ Are they consistent?
[0229] (5) If any step of the above checks and verifications fails, the REQAuth will be discarded immediately; if all the above checks and verifications pass, the REQAuth will be discarded according to the Pub. REQ Res in REQ Determine the identity verification result of REQ.
[0230] Therefore, S411 and S413 respectively implement identity authentication for AAC and REQ, that is, realize bidirectional identity authentication between REQ and AAC, and transmit the identity identifier of REQ, the identity identifier of AAC, and the identity authentication results of AAC and REQ in encrypted form to achieve identity protection.
[0231] It should be noted that Sig is calculated in S409. AAC The operation can also be changed to be executed first in S406, that is, in S406, AAC first processes REQInit and EncPub. AS_AAC The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, AACVeri in S406 also includes Sig AAC In S407, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations are performed; in this case, AAC in S409 does not need to calculate Sig. AAC Accordingly, S410's AACAuth does not include Sig. AAC In S411, REQ no longer verifies Sig. AAC At this time, Pub AAC Cert may not be included. AAC .
[0232] See Figure 5 This is an embodiment of an identity authentication method under the above-described (iii) scenario. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which facilitates engineering implementation. The identity authentication method includes:
[0233] S501, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0234] S502, AAC sends a key request message AACInit to REQ.
[0235] The AACInit includes NonceAAC KeyInfo AAC Security capabilities AAC and ID AS_AAC Among them, security capabilities AAC and ID AS_AAC It is an optional field, and ID AS_AAC The identity identifier of at least one authentication server representing AAC trust is used to enable REQ to be based on the ID. AS_AAC Determine if a mutually trusted authentication server exists (the same applies below).
[0236] After receiving AACInit, S503 and REQ perform the following operations, including:
[0237] (1) Generate Nonce REQ and KeyInfo REQ ;
[0238] (2) Generate Nonce REQID and Nonce REQPub ;
[0239] (3) Generate ID as needed AS_REQ and security capabilities REQ ;
[0240] (4) Calculate the message encryption key and the message integrity verification key; the calculation process is as follows: Figure 3 Relevant descriptions in the embodiments;
[0241] (5) Calculate and generate the REQ identity information ciphertext EncPub AS_REQ ;
[0242] (6) Calculate and generate the REQ authentication code MIC REQ .
[0243] S504, REQ sends the encrypted identity message REQInit to AAC.
[0244] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ ID AS_REQ EncPub AS_REQ and MIC REQ Among them, EncPub AS _ REQ The encrypted data includes IDREQ Nonce REQID and Nonce REQPub Nonce AAC It should equal the corresponding field in AACInit; Security capabilities REQ and ID AS_REQ It is an optional field, and ID AS_REQ The identity identifier of at least one authentication server representing REQ trust, when an ID exists in AACInit. AS_AAC At that time, REQ will try to select at least one authentication server from its trusted authentication servers that matches the ID. AS_AAC The same authentication server in the middle as ID AS_REQ If the choice fails, at least one authentication server trusted by the user will be used as the ID. AS_REQ When the ID does not exist in AACInit AS_AAC At that time, REQ uses at least one authentication server it trusts as its ID. AS_REQ (The same applies below). MIC REQ REQ utilizes the pre-shared key K with AS-REQ REQ_AS The cryptographic algorithm agreed upon with AS-REQ is used to process the MIC in REQInit. REQ Other fields were calculated previously; for example, REQ utilizes the K. REQ_AS The cryptographic algorithm, such as a hash algorithm, is used to pair nonces. AAC Nonce REQ Security capabilities REQ KeyInfo REQ ID AS_REQ and EncPub AS_REQ The information, including the hash value, is used to perform a hash operation on the information to obtain the hash value, which serves as the REQ's authentication code (MIC). REQ .
[0245] After receiving REQInit, S505 and AAC perform the following operations, including:
[0246] (1) Check the Nonce in REQInit AAC Nonce generated by AAC AAC Check if they match; if not, discard REQInit.
[0247] (2) Calculate the message encryption key and the message integrity verification key; the calculation process is as follows: Figure 3 Relevant descriptions in the embodiments;
[0248] (3) If REQInit carries IDAS_REQ And AACInit carries an ID AS_AAC Then AAC determines ID AS_REQ and ID AS_AAC If at least one identical authentication server identity exists, it indicates a non-roaming scenario. AAC determines the first authentication server to participate in authentication from among the identity identifiers of at least one authentication server commonly trusted by both REQ and AAC. If no such server exists, it indicates a roaming scenario, and AAC needs to determine the first authentication server based on the ID. AS_AAC Determine the first authentication server AS-AAC involved in identity authentication and set the ID. AS_REQ Send to AS-AAC so that AS-AAC can process the data based on the ID. AS_REQ Determine the second authentication server AS-REQ; or,
[0249] If REQInit carries an ID AS_REQ However, AACInit does not carry an ID. AS_AAC Then AAC determines ID AS_REQ If at least one authentication server with the same identity identifier exists as the authentication server trusted by AAC, then in a non-roaming scenario, AAC determines the first authentication server to participate in identity authentication from among the identity identifiers of at least one authentication server commonly trusted by both REQ and AAC. If none exists, then in a roaming scenario, AAC needs to determine the first authentication server AS-AAC to participate in identity authentication based on its own trusted authentication servers, and then record the ID. AS_REQ Send to AS-AAC so that AS-AAC can process the data based on the ID. AS_REQ Determine the second authentication server AS-REQ;
[0250] It should be noted that the result determined in this embodiment should be the roaming status.
[0251] S506, AAC sends the first authentication request message AACVeri to AS-AAC.
[0252] The AACeri includes REQInit and ID. AAC and Cert AAC .
[0253] After receiving the AACVeri, S507 and AS-AAC perform the following operations, including:
[0254] (1) Verify Cert AAC The legitimacy of Res AAC According to Res AAC and Cert AAC Information generated in Pub AAC ;
[0255] (2) Calculate the second digital signature Sig AS_AAC2 .
[0256] S508, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
[0257] The AS-AACVeri includes REQInit and ID. AAC Pub AAC and Sig AS_AAC2 Among them, REQInit and ID AAC All are derived from AACVeri; Sig AS_AAC2 The signature data includes Sig in AS-AACVeri. AS_AAC2 Other fields mentioned earlier, such as REQInit and ID. AAC and Pub AAC .
[0258] After receiving AS-AACVeri, S509 and AS-REQ use the AS-AAC public key to verify Sig. AS_AAC2 .
[0259] If the verification fails, discard AS-AACVeri.
[0260] S510 and AS-REQ send the first decryption request message AS-REQReq to CS-DEC.
[0261] The AS-REQReq includes EncPub AS_REQ .
[0262] S511, CS-DEC decryption of EncPub AS_REQ Get ID REQ Nonce REQID and Nonce REQPub .
[0263] S512, CS-DEC sends the first decryption response message CS-DECRep to AS-REQ.
[0264] The CS-DECRep includes the decrypted ID. REQ Nonce REQID and Nonce REQPub .
[0265] S513, after receiving CS-DECRep, AS-REQ performs the following operations, including:
[0266] (1) Verify the MIC in REQInit REQ Get ResREQ According to ID REQ and Res REQ Information generated in Pub REQ ;
[0267] Among them, AS-REQ utilizes the pre-shared key K with REQ. REQ_AS The cryptographic algorithm agreed upon with REQ is used to process the MIC in REQInit. REQ The other fields were previously calculated locally to determine the MIC. REQ and the MIC in the received REQInit REQ Compare them; if they are the same, then MIC... REQ If the verification passes, AS-AAC determines that the REQ's identity authentication result is valid; if not, MIC... REQ If the verification fails, AS-AAC will perform the following operations according to the local policy, including discarding AACVeri or determining that the REQ's identity authentication result is invalid.
[0268] (2) Put Pub REQ and Nonce REQPub Generate by performing XOR operation ID REQ and Nonce REQID Generate by performing XOR operation
[0269] (3) Calculate the first message authentication code (MIC) of AS-REQ. AS_REQ and third digital signature Sig AS_REQ3 .
[0270] S514, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.
[0271] The AS-REQVeri includes Nonce REQ Pub AAC MIC AS_REQ ID AAC Nonce AAC , and Sig AS_REQ3 Among them, Nonce REQ Pub AAC ID AAC Nonce AAC They should be equal to the corresponding fields in AS-AACVeri. MIC AS_REQ AS-REQ utilizes the pre-shared key K with REQ. REQ_AS Using the cryptographic algorithm agreed upon with REQ to handle including Nonce REQ Pub AAC The information included was calculated and generated. Sig AS_REQ3 AS-REQ includes ID AAC Nonce AAC , The signature data, including the signature data, is calculated and generated.
[0272] After receiving AS-REQVeri, S515 and AS-AAC perform the following operations, including:
[0273] (1) Verify Sig using the public key of AS-REQ AS_REQ3 If the verification fails, the AS-REQVeri will be discarded.
[0274] (2) Calculate the first digital signature Sig AS_AAC1 .
[0275] S516, AS-AAC sends the first authentication response message ASVeri to AAC.
[0276] The ASVeri includes Nonce REQ Pub AAC MIC AS_REQ ID AAC Nonce AAC , and Sig AS_AAC1 .in, Nonce REQ Pub AAC MIC AS_REQ ID AAC Nonce AAC , These should be equal to the corresponding fields in AS-REQVeri. Sig AS_AAC1 AS-AAC includes ID AAC Nonce AAC , The signature data, including the signature data, is calculated and generated.
[0277] S517. After receiving ASVeri, AAC performs the following operations, including:
[0278] (1) Check the ID in ASVeri AAC Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;
[0279] (2) Verify Sig using AS-AAC public key AS_AAC1 ;
[0280] (3) If any step of the above checks and verifications fails, ASVeri is immediately discarded; if all the above checks and verifications pass, EncData is calculated using the message encryption key. AAC ;
[0281] (4) Calculate the digital signature Sig of AAC AAC ;
[0282] (5) Calculate MacTag as needed AAC The calculation process is the same as... Figure 3 Description of relevant content in the implementation examples.
[0283] S518, AAC sends a third authentication response message AACAuth to REQ.
[0284] The AACAuth includes EncData. AAC Sig AAC and MacTag AAC Among them, MacTag AAC Optional field; EncData AAC The encrypted data includes Nonce REQ Pub AAC and MIC AS_REQ Furthermore, all encrypted data originates from ASVeri. AAC The signature data includes the Sig in AACAuth. AAC Other fields mentioned earlier, such as EncData AAC .
[0285] S519, after receiving AACAuth, REQ performs the following operations, including:
[0286] (1) If MacTag exists in AACAuth AAC Then verify MacTag AAC The verification process can be found in [link / reference]. Figure 3 Description of relevant content in the implementation examples;
[0287] (2) Decrypt EncData using the message encryption key AAC get Nonce REQ Pub AAC and MIC AS_REQ ;
[0288] (3) Using NonceREQID right Perform an XOR operation to recover the ID REQ Check the recovered ID REQ The Nonce obtained through decryption REQ Are they respectively related to REQ's own identity ID? REQ Nonce generated by REQ REQ same;
[0289] (4) Verify Sig AAC and MIC AS_REQ ;
[0290] REQ utilizes Pub AAC Cert in AAC Verify Sig AAC REQ utilizes the pre-shared key K with AS-REQ. REQ_AS The cryptographic algorithm agreed upon with AS-REQ is used to secure AACAuth, including... Nonce REQ Pub AAC The information included is used to calculate the MIC locally. AS_REQ and the MIC in the received AACAuth AS_REQ Compare them; if they are the same, then MIC... AS_REQ Verification passed; otherwise, MIC... AS_REQ Verification failed.
[0291] (5) If any step of the above checks and verifications fails, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the verification process.
[0292] (6) Calculate EncData using the message encryption key REQ ;
[0293] (7) Calculate MacTag REQ ; see calculation process Figure 3 Description of relevant content in the implementation examples.
[0294] S520 and REQ send the fourth authentication response message REQAuth to AAC.
[0295] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, NonceAAC This is an optional field and should be identical to the corresponding field in AACInit; Nonce REQ This is an optional field and should be consistent with the Nonce generated by the REQ. REQ Same. EncData REQ The encrypted data includes Nonce REQPub and ID REQ .
[0296] S521. After receiving REQAuth, AAC performs the following operations, including:
[0297] (1) If a Nonce exists in REQAuth AAC Then check the Nonce. AAC Nonce generated by AAC AAC Whether they match; if a Nonce exists in REQAuth REQ Then check the Nonce. REQ With the Nonce in the received REQInit REQ Are they consistent?
[0298] (2) Verify MacTag REQ The verification process can be found in [link / reference]. Figure 3 Description of relevant content in the implementation examples;
[0299] (3) Use the message encryption key to pair EncData REQ Decryption to obtain Nonce REQPub and ID REQ ;
[0300] (4) Using Nonce REQPub For ASVeri Perform an XOR operation to get Pub REQ Check Pub REQ ID in REQ With the ID obtained from decryption REQ Are they consistent?
[0301] (5) If any step of the above checks and verifications fails, the REQAuth will be discarded immediately; if all the above checks and verifications pass, the REQAuth will be discarded according to the Pub. REQ Res in REQ Determine the identity verification result of REQ.
[0302] Therefore, in S519 and S521 respectively, identity authentication for AAC and REQ is realized in roaming situations, that is, bidirectional identity authentication for REQ and AAC is realized, and the identity identifier of REQ and the identity authentication results of AAC and REQ are transmitted in encrypted form to achieve identity protection.
[0303] It should be noted that (1) Sig is calculated in S517. AAC The operation can also be changed to be executed first in S506, that is, in S506, AAC first processes REQInit, ID, etc. AAC and Cert AAC The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, the AACVeri in S506 also includes Sig. AAC In S507, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations are performed; in this case, AAC in S517 does not need to calculate Sig. AAC Accordingly, S518's AACAuth does not include Sig. AAC In S519, REQ no longer verifies Sig. AAC At this time, Pub AAC Cert may not be included. AAC (2) The second digital signature Sig in S507 and S508 AS_AAC2 It can be replaced with the second message authentication code (MIC). AS_AAC2 , of which MIC AS_AAC2 AS-AAC uses a pre-shared key with AS-REQ and employs a hash algorithm agreed upon with AS-REQ to process MICs in AS-AAC. AS_AAC2 Hash values calculated from other fields previously; AS-REQ verification of Sig in S509 AS_AAC2 Replace with verification MIC AS_AAC2 The third digital signature Sig in S513 and S514 AS_REQ3 It can be replaced with a third message authentication code (MIC). AS_REQ3 , of which MIC AS_REQ3 AS-REQ uses a pre-shared key with AS-AAC and employs a hash algorithm agreed upon with AS-AAC to hash the IDs in AS-REQVeri. AAC Nonce AAC , The hash value calculated from the fields included; AS-AAC verification of Sig in S515 AS_REQ3 Replace with verification MIC AS_REQ3 .
[0304] See Figure 6 This is an embodiment of an identity authentication method under the above-described (iv) scenario. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier for engineering implementation. The identity authentication method includes:
[0305] S601, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0306] S602, AAC sends a key request message AACInit to REQ.
[0307] The AACInit includes Nonce AAC KeyInfo AAC Security capabilities AAC and ID AS_AAC Among them, security capabilities AAC and ID AS_AAC This is an optional field.
[0308] After receiving AACInit, S603 and REQ perform the following operations, including:
[0309] (1) Generate Nonce REQ and KeyInfo REQ ;
[0310] (2) Generate Nonce REQID and Nonce REQPub ;
[0311] (3) Generate ID as needed AS_REQ and security capabilities REQ ;
[0312] (4) Calculate the message encryption key and the message integrity verification key; the calculation process is as follows: Figure 3 Relevant descriptions in the embodiments;
[0313] (5) Calculate and generate the REQ identity information ciphertext EncPub AS_REQ ;
[0314] (6) Calculate and generate the REQ authentication code MIC REQ .
[0315] S604, REQ sends the identity-encrypted message REQInit to AAC.
[0316] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfoREQ ID AS_REQ EncPub AS_REQ and MIC REQ Among them, Nonce AAC It should equal the corresponding field in AACInit; Securitycapabilities REQ and ID AS_REQ This is an optional field. (EncPub) AS_REQ The encrypted data includes ID REQ Nonce REQID and Nonce REQPub MIC REQ REQ utilizes the pre-shared key K with AS-REQ REQ_AS The cryptographic algorithm agreed upon with AS-REQ is used to process the MIC in REQInit. REQ This was generated from calculations performed on other fields previously.
[0317] After receiving REQInit, S605 and AAC perform the following operations, including:
[0318] (1) Check the Nonce in REQInit AAC Nonce generated by AAC AAC Check if they match; if not, discard REQInit.
[0319] (2) Calculate the message encryption key and the message integrity verification key; the calculation process is as follows: Figure 3 Relevant descriptions in the embodiments;
[0320] (3) Generate Nonce AACID and Nonce AACPub ;
[0321] (4) Calculate and generate EncPub AS_AAC ;
[0322] (5) Refer to the method by which AAC determines the first authentication server AS-AAC participating in identity authentication. Figure 5 The following is related to the implementation example; it should be noted that the result determined in this implementation example should be the roaming situation.
[0323] S606, AAC sends the first authentication request message AACVeri to AS-AAC.
[0324] The AACeri includes REQInit and EncPub. AS_AAC Among them, EncPub AS_AAC The encrypted data includes ID AAC Cert AACNonce AACID and Nonce AACPub .
[0325] After receiving AACVeri, S607 and AS-AAC send a second decryption request message AS-AACReq to CS-DEC.
[0326] The AS-AACReq includes EncPub AS_AAC .
[0327] S608, CS-DEC for EncPub AS_AAC Decrypt to get ID AAC Cert AAC Nonce AACID and Nonce AACPub .
[0328] S609, CS-DEC sends a second decryption response message CS-DECRep to AS-AAC.
[0329] The CS-DECRep includes ID. AAC Cert AAC Nonce AACID and Nonce AACPub .
[0330] After receiving CS-DECRep, S610 and AS-AAC perform the following operations, including:
[0331] (1) Verify Cert AAC The legitimacy of Res AAC According to Res AAC and Cert AAC Information generated in Pub AAC ;
[0332] (2) For ID AAC and Nonce AACID Generate by performing XOR operation For Pub AAC and Nonce AACPub Generate by performing XOR operation
[0333] (3) Calculate the second digital signature Sig AS_AAC2 .
[0334] S611, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
[0335] The AS-AACVeri includes REQInit, and Sig AS_AAC2 Among them, Sig AS_AAC2 The signature data includes Sig in AS-AACVeri. AS_AAC2 Other fields mentioned earlier, such as REQInit, and
[0336] After receiving AS-AACVeri, S612 and AS-REQ use the AS-AAC public key to verify Sig. AS_AAC2 .
[0337] If the verification fails, discard AS-AACVeri.
[0338] S613, AS-REQ sends the first decryption request message AS-REQReq to CS-DEC.
[0339] The AS-REQReq includes EncPub AS_REQ .
[0340] S614, CS-DEC for EncPub AS_REQ Decrypt to get ID REQ Nonce REQID and Nonce REQPub .
[0341] S615, CS-DEC sends the first decryption response message CS-DECRep to AS-REQ.
[0342] The CS-DECRep includes the decrypted ID. REQ Nonce REQID and Nonce REQPub .
[0343] S616, after receiving CS-DECRep, AS-REQ performs the following operations, including:
[0344] (1) Verify the MIC in REQInit REQ Get Res REQ According to ID REQ and Res REQ Information generated in Pub REQ ;MIC REQ See the verification process. Figure 5 Relevant content in the embodiments;
[0345] (2) Put Pub REQ and Nonce REQPub Generate by performing XOR operation IDREQ and Nonce REQID Generate by performing XOR operation
[0346] (3) Calculate the first message authentication code (MIC) of AS-REQ. AS_REQ and third digital signature Sig AS_REQ3 .
[0347] S617, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.
[0348] The AS-REQVeri includes Nonce REQ , MIC AS_REQ , Nonce AAC , and Sig AS_REQ3 Among them, Nonce REQ , Nonce AAC They should be equal to the corresponding fields in AS-AACVeri; MIC AS_REQ It is AS-REQ that uses the pre-shared key K with REQ REQ_AS Using the cryptographic algorithm agreed upon with REQ to handle including Nonce REQ , The information included was calculated and generated. Sig AS_REQ3 AS-REQ includes Nonce AAC , The signature data, including the signature data, is calculated and generated.
[0349] S618, after receiving AS-REQVeri, AS-AAC performs the following operations, including:
[0350] (1) Verify Sig using the public key of AS-REQ AS_REQ3 If the verification fails, the AS-REQVeri will be discarded.
[0351] (2) Calculate the first digital signature Sig AS_AAC1 .
[0352] S619, AS-AAC sends the first authentication response message ASVeri to AAC.
[0353] The ASVeri includes Nonce REQ , MICAS_REQ , Nonce AAC , and Sig AS_AAC1 .in, Nonce REQ , MIC AS_REQ , Nonce AAC , These should be equal to the corresponding fields in AS-REQVeri. Sig AS_AAC1 AS-AAC includes Nonce AAC , The signature data, including the signature data, is calculated and generated.
[0354] After receiving ASVeri, S620 and AAC perform the following operations, including:
[0355] (1) Using Nonce AACID right Perform an XOR operation to recover the ID AAC ;
[0356] (2) Check the recovered ID AAC Nonce in ASVeri AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;
[0357] (3) Verify Sig using AS-AAC public key AS_AAC1 ;
[0358] (4) If any step of the above checks and verifications fails, ASVeri is immediately discarded; if all the above checks and verifications pass, EncData is calculated using the message encryption key. AAC ;
[0359] (5) Calculate Sig AAC ;
[0360] (6) Calculate MacTag as needed AAC ; see calculation process Figure 3 Description of relevant content in the implementation examples.
[0361] S621. AAC sends a third authentication response message, AACAuth, to REQ.
[0362] The AACAuth includes EncData.AAC Sig AAC and MacTag AAC Among them, MacTag AAC Optional field; EncData AAC The encrypted data includes Nonce REQ , Nonce AACPub and MIC AS_REQ Sig AAC The signature data includes the Sig in AACAuth. AAC Other fields mentioned earlier, such as EncData AAC .
[0363] S622. After receiving AACAuth, REQ performs the following operations, including:
[0364] (1) If MacTag exists in AACAuth AAC Then verify MacTag AAC The verification process can be found in [link / reference]. Figure 3 Description of relevant content in the implementation examples;
[0365] (2) Decrypt EncData using the message encryption key AAC get Nonce REQ , Nonce AACPub and MIC AS_REQ ;
[0366] (3) Using Nonce REQID right Perform an XOR operation to recover the ID REQ Check the recovered ID REQ The Nonce obtained through decryption REQ Are they respectively related to REQ's own identity ID? REQ Nonce generated by REQ REQ same;
[0367] (4) Using Nonce AACPub right Perform an XOR operation to restore Pub AAC ;
[0368] (5) Verify Sig AAC and MIC AS_REQ ;Sig AAC and MIC AS_REQ See the verification process. Figure 5 Description of relevant content in the implementation examples;
[0369] (6) If any step of the above checks and verifications fails, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the verification process.
[0370] (6) Calculate EncData using the message encryption key REQ ;
[0371] (7) Calculate MacTag REQ ; see calculation process Figure 3 Description of relevant content in the implementation examples.
[0372] S623, REQ sends the fourth authentication response message REQAuth to AAC.
[0373] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce AAC This is an optional field and should be identical to the corresponding field in AACInit; Nonce REQ This is an optional field and should be consistent with the Nonce generated by the REQ. REQ Same. EncData REQ The encrypted data includes Nonce REQPub and ID REQ .
[0374] S624. After receiving REQAuth, AAC performs the following operations, including:
[0375] (1) If a Nonce exists in REQAuth AAC Then check the Nonce. AAC Nonce generated by AAC AAC Whether they match; if a Nonce exists in REQAuth REQ Then check the Nonce. REQ With the Nonce in the received REQInit REQ Are they consistent?
[0376] (2) Verify MacTag REQ The verification process can be found in [link / reference]. Figure 3 Description of relevant content in the implementation examples;
[0377] (3) Use the message encryption key to pair EncDataREQ Decryption to obtain Nonce REQPub and ID REQ ;
[0378] (4) Using Nonce REQPub For ASVeri Perform an XOR operation to get Pub REQ Check the ID obtained from decryption. REQ With Pub REQ ID in REQ Are they consistent?
[0379] (5) If any step of the above checks and verifications fails, the REQAuth will be discarded immediately; if all the above checks and verifications pass, the REQAuth will be discarded according to the Pub. REQ Res in REQ Determine the identity verification result of REQ.
[0380] Therefore, in S622 and S624 respectively, identity authentication for AAC and REQ is implemented in roaming situations, that is, bidirectional identity authentication for REQ and AAC is implemented, and the identity identifier of REQ, the identity identifier of AAC, and the identity authentication results of AAC and REQ are transmitted in encrypted form to achieve identity protection.
[0381] It should be noted that (1) Sig is calculated in S620. AAC The operation can also be changed to be executed first in S606, that is, in S606, AAC first processes REQInit, EncPub, etc. AS_AAC The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, the AACVeri in S606 also includes Sig. AAC In S610, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations are performed; in this case, AAC in S620 does not need to calculate Sig. AAC Accordingly, S621's AACAuth does not include Sig. AAC In S622, REQ no longer verifies Sig. AAC At this time, Pub AAC Cert may not be included. AAC (2) The second digital signature Sig in S610 and S611 AS_AAC2 It can be replaced with the second message authentication code (MIC). AS_AAC2 , of which MIC AS_AAC2 AS-AAC uses a pre-shared key with AS-REQ and employs a hash algorithm agreed upon with AS-REQ to process MICs in AS-AAC. AS_AAC2Hash values calculated from other fields previously; AS-REQ verification of Sig in S612 AS_AAC2 Replace with verification MIC AS_AAC2 The third digital signature Sig in S616 and S617 AS_REQ3 It can be replaced with a third message authentication code (MIC). AS_REQ3 , of which MIC AS_REQ3 AS-REQ utilizes a pre-shared key with AS-AAC and employs a hash algorithm agreed upon with AS-AAC to hash data from AS-REQVeri. Nonce AAC and The hash value calculated from the fields included; AS-AAC verification of Sig in S618 AS_REQ3 Replace with verification MIC AS_REQ3 .
[0382] In the above embodiments, each message may also carry a hash value. X_Y The hash value X_Y This is calculated by the sending entity X using a hash algorithm on the latest preceding message received from the peer entity Y. It is used by the peer entity Y to verify whether entity X has received the complete latest preceding message. Here, HASH... REQ_AAC This represents the hash value calculated by REQ for the latest preceding message sent by AAC. AAC_REQ HASH represents the hash value calculated by AAC for the latest preceding message sent by the received REQ. AAC_AS-AAC HASH represents the hash value calculated by AAC for the latest preceding message received from AS-AAC. AS-AAC_AAC HASH represents the hash value calculated by AS-AAC for the latest preceding message sent by AAC. AS-AAC_AS-REQ HASH represents the hash value calculated by AS-AAC for the latest preceding message sent by AS-REQ. AS-AAC_CS-DEC HASH represents the hash value calculated by AS-AAC for the latest preceding message received from CS-DEC. AS-REQ_AS-AAC HASH represents the hash value calculated by AS-REQ for the latest preceding message sent by AS-AAC. AS-REQ_CS-DEC This represents the hash value calculated by AS-REQ for the latest preceding message sent by CS-DEC. CS-DEC_AS-AAC This represents the hash value calculated by CS-DEC for the latest preceding message sent by AS-AAC. CS-DEC_AS-REQThis represents the hash value calculated by CS-DEC for the latest preceding message sent by the received AS-REQ. If the message currently sent by sender entity X is the first message exchanged between entity X and entity Y, meaning that entity X has not received any preceding messages sent by peer entity Y, then the hash value in this message... X_Y It may not exist or be meaningless.
[0383] Correspondingly, after the peer entity Y receives a message sent by entity X, if the message contains a hash... X_Y If entity Y has not sent a preceding message to entity X, then entity Y ignores the hash. X_Y When entity Y has previously sent a preceding message to entity X, entity Y uses a hash algorithm to calculate a hash value locally for the latest preceding message previously sent to entity X, and then hashes it with the hash value carried in the received message. X_Y If they match, proceed with the next steps; otherwise, discard or end the identification process.
[0384] In this invention, for entity X, the preceding message sent by peer entity Y to entity X refers to any message received by entity X from peer entity Y before entity X sends message M to peer entity Y; the latest preceding message sent by peer entity Y to entity X refers to the latest message received by entity X from peer entity Y before entity X sends message M to peer entity Y. If message M sent by entity X to its peer entity Y is the first message exchanged between entity X and entity Y, then there are no preceding messages sent by peer entity Y to entity X before entity X sends message M to its peer entity Y.
[0385] The above Figures 3 to 6 The optional fields and optional operations in the corresponding embodiments are shown in the accompanying drawings. Figures 3 to 6 The asterisk (*) indicates the content. The order of the various contents included in the messages in all the above embodiments is not limited, and unless otherwise specified, the order in which the message receiver operates on the relevant messages and processes the contents included in the messages is not limited.
[0386] based on Figures 1 to 6 For the corresponding method implementation examples, please refer to... Figure 7 This application embodiment also provides a requesting device 700, including:
[0387] The calculation module 710 is used to encrypt encrypted data, including the identity identifier of the requesting device and the second key, using the public key of the encryption certificate to generate ciphertext of the identity information of the requesting device, and to calculate and generate the identity authentication code of the requesting device by using a pre-shared key of a second authentication server trusted by the requesting device and a cryptographic algorithm agreed with the second authentication server.
[0388] The sending module 720 is used to send an identity encrypted message to the authentication access controller, wherein the identity encrypted message includes the identity information encrypted of the requesting device and the identity authentication code of the requesting device;
[0389] The receiving module 730 is configured to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes encrypted identity authentication result information. The encrypted identity authentication result information is generated by the authentication access controller encrypting encrypted data, including first authentication result information and a first message authentication code of the second authentication server, using a message encryption key. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and employing a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information.
[0390] The decryption module 740 is used to decrypt the ciphertext of the identity authentication result information in the third authentication response message using the message encryption key to obtain the first authentication result information and the first message authentication code of the second authentication server.
[0391] Verification module 750 is used to verify the first message authentication code of the second authentication server using a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server. If the verification is successful, determination module 760 determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When determination module 760 determines that the authentication result of the authentication access controller is valid, sending module 720 sends a fourth authentication response message to the authentication access controller; or...
[0392] Verification module 750 is used to verify the first message authentication code of the second authentication server using a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server. If the verification is successful, sending module 720 sends a fourth authentication response message to the authentication access controller, and determining module 760 determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or...
[0393] The verification module 750 is used to verify the first message authentication code of the second authentication server using a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server; if the first message authentication code of the second authentication server is verified successfully, the determination module 760 determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the sending module 720 sends a fourth authentication response message to the authentication access controller.
[0394] The fourth authentication response message includes a second key ciphertext, which is generated by encrypting encrypted data, including the second key, using the message encryption key.
[0395] Optionally, the receiving module 730 is further configured to: receive a key request message sent by the authentication access controller before the sending module 720 sends the identity ciphertext message to the authentication access controller, wherein the key request message includes the key exchange parameters of the authentication access controller;
[0396] The calculation module 710 is further configured to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.
[0397] The encrypted identity message also includes the key exchange parameters of the requesting device.
[0398] Optionally, the key request message may also include a first random number generated by the authentication access controller;
[0399] The calculation module 710 is specifically used to calculate the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device;
[0400] Correspondingly, the encrypted identity message also includes the second random number.
[0401] Optionally, the encrypted identity message sent by the sending module 720 may also include the first random number.
[0402] Optionally, the key request message may also include security capability parameter information supported by the authentication access controller;
[0403] The determining module 760 is further configured to: determine the specific security policy used by the requesting device based on the security capability parameter information; then the identity encrypted message also includes the specific security policy.
[0404] Optionally, the key request message may also include the identity identifier of at least one authentication server trusted by the authentication access controller;
[0405] The determining module 760 is further configured to: determine the identity identifier of the at least one authentication server trusted by the requesting device based on the identity identifier of the at least one authentication server trusted by the authentication access controller; then the identity encrypted message further includes the identity identifier of the at least one authentication server trusted by the requesting device.
[0406] Optionally, the encrypted identity message sent by the sending module 720 may also include the identity identifier of at least one authentication server trusted by the requesting device.
[0407] Optionally, the encrypted data of the encrypted identity information of the requesting device further includes a third key; then the encrypted data of the encrypted identity authentication result information in the third authentication response message further includes the encrypted identity identifier of the requesting device; the encrypted identity identifier of the requesting device is generated by encrypting information including the identity identifier of the requesting device using the third key;
[0408] The decryption module 740 then uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the ciphertext of the requesting device's identity identifier;
[0409] The verification module 750 is further configured to: verify the encrypted identity of the requesting device based on the identity identifier of the requesting device itself and the third key; if the verification is successful, the determination module 760 then determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information.
[0410] Optionally, the determining module 760 is further configured to: determine whether the digital signature of the authentication access controller has been verified before determining the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; if the digital signature of the authentication access controller has been verified, then determine the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information.
[0411] Optionally, the determining module 760 is specifically used for:
[0412] When the authentication access controller sends a first authentication request message to its trusted first authentication server, which also includes the digital signature of the authentication access controller, the first authentication server uses the digital certificate of the authentication access controller in the first authentication request message to verify the digital signature of the authentication access controller. If the receiving module receives the third authentication response message, it determines that the digital signature of the authentication access controller has been verified successfully; or...
[0413] When the third authentication response message also includes the digital signature of the authentication access controller, the first authentication result information also includes the digital certificate of the authentication access controller; then the digital signature of the authentication access controller is verified using the digital certificate of the authentication access controller in the first authentication result information, and the verification result determines whether the digital signature of the authentication access controller has been verified.
[0414] Optionally, the encrypted data of the identity authentication result information ciphertext in the third authentication response message further includes a fourth key; the first authentication result information is generated by encrypting encrypted data including the first verification result using the fourth key;
[0415] The decryption module 740 is further configured to: decrypt the ciphertext of the identity authentication result information using the message encryption key to obtain the first authentication result information and the fourth key, and decrypt the first authentication result information using the fourth key to obtain the first verification result.
[0416] Optionally, the message sent by the requesting device to the authentication access controller may also include a hash value calculated by the requesting device for the latest preceding message sent by the authentication access controller.
[0417] See Figure 8 This application also provides an authentication access controller 800, including:
[0418] The receiving module 810 is configured to receive an identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device and the identity authentication code of the requesting device. The identity authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the identity information ciphertext of the requesting device. The identity information ciphertext of the requesting device is generated by the requesting device using the public key of an encryption certificate to encrypt encrypted data including the identity identifier and a second key of the requesting device.
[0419] The sending module 820 is used to send a first authentication request message to a first authentication server trusted by the authentication access controller. The first authentication request message includes the identity encrypted message and the identity information of the authentication access controller. The identity information of the authentication access controller is generated based on information including the digital certificate of the authentication access controller.
[0420] The receiving module 810 is further configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, and a first digital signature of the first authentication server. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The second authentication result information ciphertext is generated by the second authentication server using a second key to encrypt information including the second authentication result information. The second authentication result information includes a second verification result of the identity authentication code of the requesting device. The first digital signature is a digital signature generated by the first authentication server from signature data including the second authentication result information ciphertext.
[0421] The verification module 830 is used to verify the first digital signature using the public key of the first authentication server;
[0422] The sending module 820 is further configured to send a third authentication response message to the requesting device if the verification is successful. The third authentication response message includes encrypted identity authentication result information. The encrypted identity authentication result information is generated by the authentication access controller encrypting encrypted data, including the first authentication result information and the first message authentication code of the second authentication server, using a message encryption key.
[0423] The receiving module 810 is further configured to receive a fourth authentication response message sent by the requesting device, the fourth authentication response message including a second key ciphertext, the second key ciphertext being generated by encrypting encrypted data including the second key using the message encryption key;
[0424] The decryption module 840 is used to decrypt the second key ciphertext using the message encryption key to obtain the second key, and to decrypt the second authentication result information ciphertext using the second key to obtain the second authentication result information.
[0425] The determining module 850 is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
[0426] Optionally, the sending module 820 is further configured to: send a key request message to the requesting device before the receiving module receives the identity encrypted message sent by the requesting device, the key request message including the key exchange parameters of the authentication access controller;
[0427] The encrypted identity message also includes the key exchange parameters of the requesting device;
[0428] The authentication access controller 800 also includes:
[0429] The calculation module is used to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.
[0430] Optionally, the key request message further includes a first random number generated by the authentication access controller; correspondingly, the identity ciphertext message further includes a second random number generated by the requesting device; the calculation module is specifically used to calculate the message encryption key based on information including the first key, the first random number, and the second random number.
[0431] Optionally, the identity encrypted message further includes the first random number; then the verification module 830 is further configured to: verify the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller before the calculation module calculates the message encryption key; if the verification passes, the calculation module then calculates the message encryption key.
[0432] Optionally, the key request message may also include the identity identifier of at least one authentication server trusted by the authentication access controller;
[0433] The encrypted identity message also includes the identity identifier of at least one authentication server trusted by the requesting device; the identity identifier of the at least one authentication server trusted by the requesting device is determined by the requesting device based on the identity identifier of the at least one authentication server trusted by the authentication access controller;
[0434] The determining module 850 is further configured to: determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity ciphertext message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
[0435] Optionally, the encrypted identity message may further include the identity identifier of at least one authentication server trusted by the requesting device; the determining module 850 is further configured to: determine the first authentication server based on the identity identifier of the at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
[0436] Optionally, the first authentication request message may further include the identity identifier of the authentication access controller and / or the first random number generated by the authentication access controller; correspondingly, the first authentication response message may further include the identity identifier of the authentication access controller and / or the first random number.
[0437] The verification module 830 is further configured to: verify the consistency between the identity identifier of the authentication access controller in the first authentication response message and the identity identifier of the authentication access controller itself before the sending module 820 sends the third authentication response message; and / or verify the consistency between the first random number in the first authentication response message and the first random number generated by the authentication access controller.
[0438] The sending module 820 is also used to: if the verification is successful, then send the third authentication response message.
[0439] Optionally, the second authentication result information may also include the identity identifier of the requesting device; the encrypted data of the second key ciphertext in the fourth authentication response message may also include the identity identifier of the requesting device;
[0440] The decryption module 840 is also used to: before the determination module 850 determines the identity authentication result of the requesting device, decrypt the second key ciphertext using the message encryption key to obtain the identity identifier of the requesting device;
[0441] The verification module 830 is further configured to: perform consistency verification between the identity identifier of the requesting device obtained by decryption and the identity identifier of the requesting device in the second authentication result information;
[0442] The determination module 850 is specifically used to: if the verification is successful, then determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
[0443] Optionally, the identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data, including the digital certificate of the authentication access controller, the identity identifier of the authentication access controller, and at least one key, using the public key of the encryption certificate; the at least one key includes a fourth key and / or a fifth key, wherein the fourth key is used to encrypt information including the first verification result, and the fifth key is used to encrypt information including the identity identifier of the authentication access controller;
[0444] Accordingly, the first authentication response message includes first authentication result information, the first message authentication code of the second authentication server, the encrypted second authentication result information, the identity identifier of the authentication access controller, and the first digital signature of the first authentication server;
[0445] In the first authentication response message, the first authentication result information is generated by encrypting encrypted data including the first verification result using the fourth key; and / or, the identity identifier of the authentication access controller exists in the form of the ciphertext of the identity identifier of the authentication access controller, which is generated by encrypting encrypted data including the identity identifier of the authentication access controller using the fifth key.
[0446] The verification module 830 is further configured to: verify the encrypted identity of the authentication access controller based on the authentication access controller's own identity identifier and the fifth key;
[0447] The sending module 820 is also used to: if the verification is successful, send a third authentication response message to the requesting device.
[0448] Optionally, the message sent by the authentication access controller to the requesting device may further include a hash value calculated by the authentication access controller for the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server may further include a hash value calculated by the authentication access controller for the latest preamble message received from the first authentication server.
[0449] See Figure 9 This application embodiment also provides a first authentication server 900, including:
[0450] The receiving module 910 is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes an identity ciphertext message and the identity information of the authentication access controller. The identity ciphertext message includes ciphertext of the requesting device's identity information and the identity authentication code of the requesting device. The identity authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the ciphertext of the requesting device's identity information. The ciphertext of the requesting device's identity information is generated by the requesting device using the public key of an encryption certificate to encrypt encrypted data including the requesting device's identity identifier and a second key. The identity information of the authentication access controller is generated based on information including the digital certificate of the authentication access controller.
[0451] The sending module 920 is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, and a first digital signature of the first authentication server. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The second authentication result information ciphertext is generated by the second authentication server using a second key to encrypt encrypted data including the second authentication result information. The second authentication result information includes a second verification result of the identity authentication code of the requesting device. The first digital signature is a digital signature generated by the first authentication server on signature data including the second authentication result information ciphertext.
[0452] Optionally, the identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data, including the digital certificate of the authentication access controller, using the public key of the encryption certificate; correspondingly, the first authentication server 900 further includes: a first decryption module, used to decrypt the identity information using the private key corresponding to the encryption certificate to obtain the digital certificate of the authentication access controller.
[0453] Optionally, when the second authentication server trusted by the requesting device and the first authentication server trusted by the authentication access controller are the same authentication server, the first authentication server 900 further includes:
[0454] The second decryption module is used to decrypt the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate to obtain the identity identifier of the requesting device and the second key.
[0455] The first verification module is used to verify the legality of the digital certificate of the authentication access controller to obtain the first verification result, determine the pre-shared key with the requesting device based on the identity identifier of the requesting device, and use the pre-shared key to verify the identity authentication code of the requesting device to obtain the second verification result.
[0456] The first generation module is configured to generate the first authentication result information based on information including the first verification result, generate the second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate ciphertext of the second authentication result information, calculate and generate the first message authentication code of the first authentication server based on the information including the first authentication result information, and calculate and generate the first digital signature based on the signature data including the ciphertext of the second authentication result information.
[0457] The second generation module is used to generate a first authentication response message based on information including the first authentication result information, the first message authentication code of the first authentication server, the encrypted second authentication result information, and the first digital signature.
[0458] Optionally, when the second authentication server trusted by the requesting device and the first authentication server trusted by the authentication access controller are two different authentication servers, the first authentication server 900 further includes:
[0459] The second verification module is used to verify the legitimacy of the digital certificate of the authentication access controller to obtain a first verification result;
[0460] The third generation module is used to generate the first authentication result information based on information including the first verification result, and to calculate and generate a second digital signature based on the signature data including the first authentication result information and the identity encrypted message, or to calculate and generate a second message authentication code based on the information including the first authentication result information and the identity encrypted message.
[0461] The sending module 920 is further configured to: send a second authentication request message to a second authentication server, wherein the second authentication request message includes the first authentication result information, the encrypted identity message, and the second digital signature, or the second authentication request message includes the first authentication result information, the encrypted identity message, and the second message authentication code; the second authentication server verifies the second digital signature using the public key of the first authentication server or verifies the second message authentication code using a pre-shared key with the first authentication server; if the verification is successful, the second authentication server verifies the identity authentication code of the requesting device in the encrypted identity message to obtain a second verification result; generate the second authentication result information based on the information including the second verification result; encrypt the information including the second authentication result information using the second key to generate encrypted second authentication result information; calculate and generate the first message authentication code of the second authentication server based on the information including the first authentication result information; calculate and generate a third digital signature based on the signature data including the encrypted second authentication result information, or calculate and generate a third message authentication code based on the information including the encrypted second authentication result information.
[0462] The receiving module 910 is further configured to: receive a second authentication response message sent by the second authentication server, wherein the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted second authentication result information, and the third digital signature; or the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted second authentication result information, and the third message authentication code.
[0463] The third verification module is used to verify the third digital signature using the public key of the second authentication server or to verify the third message authentication code using a pre-shared key with the second authentication server.
[0464] The fourth generation module is used to calculate and generate a first digital signature from the signature data, including the ciphertext of the second authentication result information, if the verification is successful, and to generate the first authentication response message based on the information including the first authentication result information, the first message authentication code of the second authentication server, the ciphertext of the second authentication result information, and the first digital signature.
[0465] Optionally, the message sent by the first authentication server to the authentication access controller may also include a hash value calculated by the first authentication server for the latest preceding message received from the authentication access controller; the message sent by the first authentication server to the second authentication server may also include a hash value calculated by the first authentication server for the latest preceding message received from the second authentication server.
[0466] See Figure 10 This application also provides a second authentication server 1000, comprising:
[0467] The receiving module 1010 is configured to receive a second authentication request message sent by a first authentication server. The second authentication request message includes first authentication result information, an identity ciphertext message, and a second digital signature; or the second authentication request message includes first authentication result information, an identity ciphertext message, and a second message authentication code. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The identity ciphertext message includes the identity information ciphertext of the requesting device and the identity authentication code of the requesting device. The identity authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the identity information ciphertext of the requesting device. The identity information ciphertext of the requesting device is generated by the requesting device using the public key of an encryption certificate to encrypt encrypted data including the identity identifier and a second key of the requesting device. The second digital signature is generated by the first authentication server calculating signature data including the first authentication result information and the identity ciphertext message, or the second message authentication code is generated by the first authentication server calculating information including the first authentication result information and the identity ciphertext message.
[0468] The verification module 1020 is used to verify the second digital signature using the public key of the first authentication server or to verify the second message authentication code using a pre-shared key with the first authentication server. If the verification is successful, the module uses the private key corresponding to the encryption certificate to decrypt the ciphertext of the identity information of the requesting device to obtain the identity identifier of the requesting device and the second key. The module also determines the pre-shared key with the requesting device based on the identity identifier of the requesting device and uses the pre-shared key to verify the identity authentication code of the requesting device to obtain a second verification result.
[0469] The generation module 1030 is used to generate second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate second authentication result information ciphertext, calculate and generate a first message authentication code of the second authentication server based on the information including the first authentication result information, and calculate and generate a third digital signature based on the signature data including the second authentication result information ciphertext or calculate and generate a third message authentication code based on the information including the second authentication result information ciphertext.
[0470] The sending module 1040 is used to send a second authentication response message to the first authentication server. The second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted text of the second authentication result information, and the third digital signature. Alternatively, the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted text of the second authentication result information, and the third message authentication code.
[0471] Optionally, the message sent by the second authentication server to the first authentication server may also include a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server.
[0472] Those skilled in the art will understand that all or part of the steps of the above method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it performs the steps of the above method embodiments. The aforementioned storage medium can be at least one of the following media: read-only memory (ROM), RAM, magnetic disk, or optical disk, etc., and other media capable of storing program code.
[0473] It should be noted that the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, for the device and system embodiments, since they are consistent with and correspond to the method embodiments, the description is relatively simple, and relevant parts can be referred to the description of the method embodiments. The device and system embodiments described above are merely illustrative. The modules described as separate components may or may not be physically separate, and the components shown as modules may or may not be physical modules, that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment solution according to actual needs. Those skilled in the art can understand and implement this without creative effort.
[0474] The above description is merely one specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A method for identity verification, characterized in that, The method includes: The authentication access controller receives an identity-encrypted message sent by a requesting device. The identity-encrypted message includes the encrypted identity information of the requesting device and the authentication code of the requesting device. The authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the encrypted identity information of the requesting device. The encrypted identity information of the requesting device is generated by the requesting device using the public key of an encryption certificate to encrypt data including the identity identifier and a second key of the requesting device. The authentication access controller sends a first authentication request message to a first authentication server it trusts. The first authentication request message includes the identity encrypted message and the identity information of the authentication access controller. The identity information of the authentication access controller is generated based on information including the digital certificate of the authentication access controller. The authentication access controller receives a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, and a first digital signature of the first authentication server. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The second authentication result information ciphertext is generated by the second authentication server using a second key to encrypt information including the second authentication result information. The second authentication result information includes a second verification result of the identity authentication code of the requesting device. The first digital signature is a digital signature generated by the first authentication server from signature data including the second authentication result information ciphertext. The authentication access controller verifies the first digital signature using the public key of the first authentication server. If the verification is successful, the authentication access controller sends a third authentication response message to the requesting device. The third authentication response message includes encrypted identity authentication result information. The encrypted identity authentication result information is generated by the authentication access controller encrypting encrypted data, including the first authentication result information and the first message authentication code of the second authentication server, using a message encryption key. The requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information in the third authentication response message to obtain the first authentication result information and the first message authentication code of the second authentication server; The requesting device uses a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server to verify the first message authentication code of the second authentication server. If the verification is successful, the device determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the requesting device determines that the authentication result of the authentication access controller is valid, it sends a fourth authentication response message to the authentication access controller; or... The requesting device uses a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server to verify the first message authentication code of the second authentication server. If the verification is successful, the requesting device sends a fourth authentication response message to the authentication access controller and determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or... The requesting device uses a pre-shared key with the second authentication server and employs a cryptographic algorithm agreed upon with the second authentication server to verify the first message authentication code of the second authentication server; if the first message authentication code of the second authentication server is verified successfully, the requesting device determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the requesting device sends a fourth authentication response message to the authentication access controller. The fourth authentication response message includes a second key ciphertext, which is generated by encrypting encrypted data, including the second key, using the message encryption key. After receiving the fourth authentication response message, the authentication access controller decrypts the second key ciphertext using the message encryption key to obtain the second key, decrypts the second authentication result information ciphertext using the second key to obtain the second authentication result information, and determines the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
2. The method according to claim 1, characterized in that, Before the authentication access controller receives the encrypted identity message sent by the requesting device, the method further includes: The authentication access controller sends a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; The requesting device generates a first key by performing a key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and calculates the message encryption key using a key derivation algorithm based on information including the first key. The encrypted identity message also includes the key exchange parameters of the requesting device; The authentication access controller generates the first key by performing key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and calculates the message encryption key using the key derivation algorithm based on information including the first key.
3. The method according to claim 2, characterized in that, The key request message also includes a first random number generated by the authentication access controller; The specific steps involved in calculating the message encryption key by the requesting device are as follows: The requesting device calculates the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device. Correspondingly, the encrypted identity message also includes the second random number; The specific steps involved in calculating the message encryption key by the authentication access controller are as follows: The authentication access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.
4. The method according to claim 3, characterized in that, The identity-encrypted message further includes the first random number; therefore, before the authentication access controller calculates the message encryption key, the method further includes: The authentication access controller verifies the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller. If the verification passes, the authentication access controller then calculates the message encryption key.
5. The method according to claim 2, characterized in that, The key request message also includes security capability parameter information supported by the authentication access controller; the method further includes: The requesting device determines the specific security policy to be used by the requesting device based on the security capability parameter information; The encrypted identity message also includes the specific security policy.
6. The method according to claim 2, characterized in that, The key request message also includes the identity identifier of at least one authentication server trusted by the authentication access controller; the method further includes: The requesting device determines the identity identifier of at least one authentication server trusted by the authentication access controller. The encrypted identity message further includes the identity identifier of at least one authentication server that the requesting device trusts; the method further includes: The authentication access controller determines the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity ciphertext message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
7. The method according to claim 1, characterized in that, The encrypted identity message also includes the identity identifier of at least one authentication server that the requesting device trusts; then the method further includes: The authentication access controller determines the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
8. The method according to claim 1, characterized in that, The first authentication request message also includes the identity identifier of the authentication access controller and / or a first random number generated by the authentication access controller; Correspondingly, the first authentication response message also includes the identity identifier of the authentication access controller and / or the first random number; Before the authentication access controller sends the third authentication response message, the method further includes: The authentication access controller verifies the consistency between the authentication access controller's identity identifier in the first authentication response message and the authentication access controller's own identity identifier; and / or verifies the consistency between the first random number in the first authentication response message and the first random number generated by the authentication access controller; If the verification is successful, the authentication access controller then sends the third authentication response message.
9. The method according to claim 1, characterized in that, The second authentication result information also includes the identity identifier of the requesting device; the encrypted data of the second key ciphertext in the fourth authentication response message also includes the identity identifier of the requesting device; Before the authentication access controller determines the authentication result of the requesting device, the method further includes: The authentication access controller uses the message encryption key to decrypt the second key ciphertext to obtain the identity identifier of the requesting device, and then verifies its consistency with the identity identifier of the requesting device in the second authentication result information. If the verification is successful, the authentication access controller then determines the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
10. The method according to claim 1, characterized in that, The encrypted data of the requested device's identity information ciphertext also includes a third key; Accordingly, the first authentication response message also includes the encrypted identity of the requesting device; the encrypted identity of the requesting device is generated by encrypting information including the identity of the requesting device using the third key; the encrypted data of the identity authentication result information encrypted data in the third authentication response message also includes the encrypted identity of the requesting device. The requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the ciphertext of the requesting device's identity identifier, and verifies the ciphertext of the requesting device's identity identifier based on the requesting device's own identity identifier and the third key; If the verification is successful, the requesting device then determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information.
11. The method according to claim 1, characterized in that, Before the requesting device determines the authentication result of the authentication access controller, the method further includes: The requesting device determines whether the digital signature of the authentication access controller has been verified. If the digital signature of the authentication access controller has been verified, the device then determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information.
12. The method according to claim 11, characterized in that, The requesting device determines whether the digital signature of the authentication access controller has been verified, specifically including: When the first authentication request message also includes the digital signature of the authentication access controller, the first authentication server uses the digital certificate of the authentication access controller in the first authentication request message to verify the digital signature of the authentication access controller. If the requesting device receives the third authentication response message, the requesting device determines that the digital signature of the authentication access controller has been verified successfully; or... When the third authentication response message also includes the digital signature of the authentication access controller, the first authentication result information also includes the digital certificate of the authentication access controller; then the requesting device uses the digital certificate of the authentication access controller to verify the digital signature of the authentication access controller, and determines whether the digital signature of the authentication access controller has been verified based on the verification result.
13. The method according to claim 1, characterized in that, The identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data, including the digital certificate of the authentication access controller, using the public key of the encryption certificate; Accordingly, the first authentication server obtains the digital certificate of the authentication access controller obtained by decrypting the identity information of the authentication access controller using the private key corresponding to the encryption certificate.
14. The method according to claim 1, characterized in that, The identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data, including the digital certificate of the authentication access controller, the identity identifier of the authentication access controller, and at least one key, using the public key of the encryption certificate; the at least one key includes a fourth key and / or a fifth key, the fourth key is used to encrypt information including the first verification result, and the fifth key is used to encrypt information including the identity identifier of the authentication access controller; Accordingly, the first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, the identity identifier of the authentication access controller, and a first digital signature of the first authentication server; wherein, the first authentication result information is generated by encrypting encrypted data including the first verification result using the fourth key, and / or, the identity identifier of the authentication access controller exists in the form of the identity identifier ciphertext of the authentication access controller, which is generated by encrypting encrypted data including the identity identifier of the authentication access controller using the fifth key; Accordingly, the encrypted identity authentication result information in the third authentication response message is generated by encrypting encrypted data including the first authentication result information, the first message authentication code of the second authentication server, and the fourth key using the message encryption key; After receiving the third authentication response message, the method further includes: The requesting device uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the first authentication result information and the fourth key, and uses the fourth key to decrypt the first authentication result information to obtain the first verification result; and / or, After receiving the first authentication response message, the method further includes: The authentication access controller verifies the encrypted identity of the authentication access controller based on its own identity identifier and the fifth key. If the verification is successful, it then sends a third authentication response message to the requesting device.
15. The method according to any one of claims 1 to 14, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, then the method further includes: The first authentication server verifies the legitimacy of the digital certificate of the authentication access controller to obtain a first verification result. The first authentication server obtains the identity identifier of the requesting device and the second key obtained by decrypting the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate. Based on the identity identifier of the requesting device, the first authentication server determines a pre-shared key with the requesting device. The first authentication server verifies the identity authentication code of the requesting device using the pre-shared key to obtain a second verification result. Based on the information including the first verification result, the first authentication result information is generated. Based on the information including the second verification result, the second authentication result information is generated. Based on the second key, the information including the second authentication result information is encrypted to generate ciphertext of the second authentication result information. The first authentication server calculates and generates a first message authentication code based on the information including the first authentication result information. The first digital signature is calculated and generated based on the signature data including the ciphertext of the second authentication result information. The first authentication response message is generated based on the information including the first authentication result information, the first message authentication code of the first authentication server, the ciphertext of the second authentication result information, and the first digital signature.
16. The method according to any one of claims 1 to 14, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, then the method further includes: The first authentication server verifies the legality of the digital certificate of the authentication access controller to obtain a first verification result, generates the first authentication result information based on the information including the first verification result, and calculates and generates a second digital signature on the signature data including the first authentication result information and the identity encrypted message, or calculates and generates a second message authentication code on the information including the first authentication result information and the identity encrypted message. The first authentication server sends a second authentication request message to the second authentication server. The second authentication request message includes the first authentication result information, the encrypted identity message, and the second digital signature; or the second authentication request message includes the first authentication result information, the encrypted identity message, and the second message authentication code. The second authentication server verifies the second digital signature using the public key of the first authentication server, or verifies the second message authentication code using a pre-shared key with the first authentication server. If the verification is successful, the second authentication server obtains the identity identifier of the requesting device obtained by decrypting the encrypted identity information of the requesting device using the private key corresponding to the encryption certificate. The second key is used to determine a pre-shared key with the requesting device based on the identity identifier of the requesting device. The pre-shared key is used to verify the identity authentication code of the requesting device in the identity ciphertext message to obtain a second verification result. The second authentication result information is generated based on the information including the second verification result. The second key is used to encrypt the information including the second authentication result information to generate second authentication result information ciphertext. The first message authentication code of the second authentication server is calculated and generated based on the information including the first authentication result information. The third digital signature is calculated and generated based on the signature data including the second authentication result information ciphertext, or the third message authentication code is calculated and generated based on the information including the second authentication result information ciphertext. The first authentication server receives a second authentication response message sent by the second authentication server. The second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted second authentication result information, and the third digital signature. Alternatively, the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted second authentication result information, and the third message authentication code. The first authentication server verifies the third digital signature using the public key of the second authentication server, or the first authentication server verifies the third message authentication code using a pre-shared key with the second authentication server. If the verification is successful, the first authentication server calculates and generates a first digital signature from the signature data, including the ciphertext of the second authentication result information, and generates the first authentication response message based on the information including the first authentication result information, the first message authentication code of the second authentication server, the ciphertext of the second authentication result information, and the first digital signature.
17. The method according to any one of claims 1 to 14, characterized in that, The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device for the latest preceding message received from the authentication access controller; When the authentication access controller receives a message from the requesting device, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the authentication access controller to the requesting device also includes a hash value calculated by the authentication access controller for the latest preceding message sent by the requesting device. When the requesting device receives a message from the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the authentication access controller to the first authentication server also includes a hash value calculated by the authentication access controller for the latest preceding message received from the first authentication server; When the first authentication server receives a message from the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the first authentication server to the authentication access controller also includes a hash value calculated by the first authentication server for the latest preceding message sent by the authentication access controller. When the authentication access controller receives a message from the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the first authentication server to the second authentication server also includes a hash value calculated by the first authentication server for the latest preceding message received from the second authentication server; When the second authentication server receives a message from the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the second authentication server to the first authentication server also includes a hash value calculated by the second authentication server for the latest preceding message sent by the first authentication server. When the first authentication server receives a message from the second authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful.
18. A requesting device, characterized in that, The requesting device includes: The calculation module is used to encrypt encrypted data, including the identity identifier of the requesting device and the second key, using the public key of the encryption certificate to generate ciphertext of the identity information of the requesting device, and to calculate and generate the identity authentication code of the requesting device by using a pre-shared key of a second authentication server trusted by the requesting device and a cryptographic algorithm agreed upon with the second authentication server. The sending module is used to send an identity encrypted message to the authentication access controller. The identity encrypted message includes the identity information encrypted of the requesting device and the identity authentication code of the requesting device. The receiving module is configured to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes encrypted identity authentication result information. The encrypted identity authentication result information is generated by the authentication access controller encrypting encrypted data, including first authentication result information and a first message authentication code of the second authentication server, using a message encryption key. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The decryption module is used to decrypt the ciphertext of the identity authentication result information in the third authentication response message using the message encryption key to obtain the first authentication result information and the first message authentication code of the second authentication server; The verification module is used to verify the first message authentication code of the second authentication server using a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server. If the verification is successful, the determining module determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the determining module determines that the authentication result of the authentication access controller is valid, the sending module sends a fourth authentication response message to the authentication access controller; or... The sending module uses a pre-shared key with the second authentication server and an agreed-upon cryptographic algorithm to verify the first message authentication code of the second authentication server. If the verification is successful, the sending module sends a fourth authentication response message to the authentication access controller, and the determining module determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or... The module is used to verify the first message authentication code of the second authentication server using a pre-shared key with the second authentication server and a cryptographic algorithm agreed upon with the second authentication server; if the first message authentication code of the second authentication server is verified, the determining module determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the sending module sends a fourth authentication response message to the authentication access controller. The fourth authentication response message includes a second key ciphertext, which is generated by encrypting encrypted data, including the second key, using the message encryption key.
19. The requesting device according to claim 18, characterized in that, The receiving module is further configured to: receive a key request message sent by the authentication access controller before the sending module sends the identity ciphertext message to the authentication access controller, wherein the key request message includes the key exchange parameters of the authentication access controller; The calculation module is further configured to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and to calculate the message encryption key using a key derivation algorithm based on information including the first key. The encrypted identity message also includes the key exchange parameters of the requesting device.
20. The requesting device according to claim 19, characterized in that, The key request message also includes a first random number generated by the authentication access controller; The calculation module is specifically used to calculate the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device. Correspondingly, the encrypted identity message also includes the second random number.
21. The requesting device according to claim 20, characterized in that, The encrypted identity message sent by the sending module also includes the first random number.
22. The requesting device according to claim 19, characterized in that, The key request message also includes security capability parameter information supported by the authentication access controller; The determining module is further configured to: determine the specific security policy used by the requesting device based on the security capability parameter information; then the identity encrypted message also includes the specific security policy.
23. The requesting device according to claim 19, characterized in that, The key request message also includes the identity identifier of at least one authentication server trusted by the authentication access controller; The determining module is further configured to: determine the identity identifier of at least one authentication server trusted by the requesting device based on the identity identifier of at least one authentication server trusted by the authentication access controller; The encrypted identity message also includes the identity identifier of at least one authentication server trusted by the requesting device.
24. The requesting device according to claim 18, characterized in that, The encrypted identity message sent by the sending module also includes the identity identifier of at least one authentication server trusted by the requesting device.
25. The requesting device according to claim 18, characterized in that, The encrypted data of the requested device's identity information ciphertext also includes a third key; The encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes the identity identifier ciphertext of the requesting device; the identity identifier ciphertext of the requesting device is generated by encrypting information including the identity identifier of the requesting device using the third key; The decryption module then uses the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the ciphertext of the requesting device's identity identifier; The verification module is further configured to: verify the encrypted identity of the requesting device based on the device's own identity identifier and the third key; If the verification is successful, the determining module then determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information.
26. The requesting device according to claim 18, characterized in that, The determining module is further configured to: determine whether the digital signature of the authentication access controller has been verified before determining the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; if the digital signature of the authentication access controller has been verified, then determine the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information.
27. The requesting device according to claim 26, characterized in that, The determining module is specifically used for: When the authentication access controller sends a first authentication request message to its trusted first authentication server, which also includes the digital signature of the authentication access controller, the first authentication server uses the digital certificate of the authentication access controller in the first authentication request message to verify the digital signature of the authentication access controller. If the receiving module receives the third authentication response message, it determines that the digital signature of the authentication access controller has been verified successfully; or... When the third authentication response message also includes the digital signature of the authentication access controller, the first authentication result information also includes the digital certificate of the authentication access controller; then the digital signature of the authentication access controller is verified using the digital certificate of the authentication access controller in the first authentication result information, and the verification result determines whether the digital signature of the authentication access controller has been verified.
28. The requesting device according to claim 18, characterized in that, The encrypted data of the identity authentication result information ciphertext in the third authentication response message also includes a fourth key; the first authentication result information is generated by encrypting encrypted data, including the first verification result, using the fourth key; The decryption module is further configured to: use the message encryption key to decrypt the ciphertext of the identity authentication result information to obtain the first authentication result information and the fourth key, and use the fourth key to decrypt the first authentication result information to obtain the first verification result.
29. The requesting device according to any one of claims 18 to 28, characterized in that, The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device for the latest preceding message received from the authentication access controller.
30. An authentication access controller, characterized in that, The authentication access controller includes: The receiving module is configured to receive an identity-encrypted message sent by a requesting device. The identity-encrypted message includes the encrypted identity information of the requesting device and the authentication code of the requesting device. The authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the encrypted identity information of the requesting device. The encrypted identity information of the requesting device is generated by the requesting device using the public key of an encryption certificate to encrypt data including the identity identifier and a second key of the requesting device. The sending module is configured to send a first authentication request message to a first authentication server trusted by the authentication access controller. The first authentication request message includes the identity encrypted message and the identity information of the authentication access controller. The identity information of the authentication access controller is generated based on information including the digital certificate of the authentication access controller. The receiving module is further configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, and a first digital signature of the first authentication server. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The second authentication result information ciphertext is generated by the second authentication server using a second key to encrypt information including the second authentication result information. The second authentication result information includes a second verification result of the identity authentication code of the requesting device. The first digital signature is a digital signature generated by the first authentication server from signature data including the second authentication result information ciphertext. The verification module is used to verify the first digital signature using the public key of the first authentication server. The sending module is further configured to send a third authentication response message to the requesting device if the verification is successful. The third authentication response message includes encrypted identity authentication result information. The encrypted identity authentication result information is generated by the authentication access controller encrypting encrypted data, including the first authentication result information and the first message authentication code of the second authentication server, using a message encryption key. The receiving module is further configured to receive a fourth authentication response message sent by the requesting device, the fourth authentication response message including a second key ciphertext, the second key ciphertext being generated by encrypting encrypted data including the second key using the message encryption key; The decryption module is used to decrypt the second key ciphertext using the message encryption key to obtain the second key, and to decrypt the second authentication result information ciphertext using the second key to obtain the second authentication result information. The determining module is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
31. The authentication access controller according to claim 30, characterized in that, The sending module is further configured to: send a key request message to the requesting device before the receiving module receives the identity encrypted message sent by the requesting device, wherein the key request message includes the key exchange parameters of the authentication access controller; The encrypted identity message also includes the key exchange parameters of the requesting device; The authentication access controller further includes: The calculation module is used to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.
32. The authentication access controller according to claim 31, characterized in that, The key request message also includes a first random number generated by the authentication access controller; Correspondingly, the encrypted identity message also includes a second random number generated by the requesting device; The calculation module is specifically used to calculate the message encryption key based on information including the first key, the first random number, and the second random number.
33. The authentication access controller according to claim 32, characterized in that, The identity encrypted message also includes the first random number; then the verification module is further configured to: verify the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller before the calculation module calculates the message encryption key; If the verification passes, the calculation module then calculates the message encryption key.
34. The authentication access controller according to claim 31, characterized in that, The key request message also includes the identity identifier of at least one authentication server trusted by the authentication access controller; The encrypted identity message also includes the identity identifier of at least one authentication server that the requesting device trusts; The identity identifier of the at least one authentication server trusted by the requesting device is determined by the requesting device based on the identity identifier of the at least one authentication server trusted by the authentication access controller; The determining module is further configured to: determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity encrypted message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
35. The authentication access controller according to claim 30, characterized in that, The encrypted identity message also includes the identity identifier of at least one authentication server that the requesting device trusts; The determining module is further configured to: determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
36. The authentication access controller according to claim 30, characterized in that, The first authentication request message also includes the identity identifier of the authentication access controller and / or a first random number generated by the authentication access controller; Correspondingly, the first authentication response message also includes the identity identifier of the authentication access controller and / or the first random number; The verification module is further configured to: verify the consistency between the identity identifier of the authentication access controller in the first authentication response message and the identity identifier of the authentication access controller itself before the sending module sends the third authentication response message; And / or, verify the consistency between the first random number in the first authentication response message and the first random number generated by the authentication access controller; The sending module is further configured to: if the verification is successful, then send the third authentication response message.
37. The authentication access controller according to claim 30, characterized in that, The second authentication result information also includes the identity identifier of the requesting device; the encrypted data of the second key ciphertext in the fourth authentication response message also includes the identity identifier of the requesting device; The decryption module is further configured to: before the determining module determines the identity authentication result of the requesting device, decrypt the second key ciphertext using the message encryption key to obtain the identity identifier of the requesting device; The verification module is further configured to: perform consistency verification between the decrypted identity identifier of the requesting device and the identity identifier of the requesting device in the second authentication result information; The determining module is specifically used to: if the verification is successful, then determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.
38. The authentication access controller according to claim 30, characterized in that, The identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data, including the digital certificate of the authentication access controller, the identity identifier of the authentication access controller, and at least one key, using the public key of the encryption certificate; the at least one key includes a fourth key and / or a fifth key, the fourth key is used to encrypt information including the first verification result, and the fifth key is used to encrypt information including the identity identifier of the authentication access controller; Accordingly, the first authentication response message is generated based on information including first authentication result information, the first message authentication code of the second authentication server, the encrypted second authentication result information, the identity identifier of the authentication access controller, and the first digital signature of the first authentication server; In the first authentication response message, the first authentication result information is generated by encrypting encrypted data including the first verification result using the fourth key; and / or, the identity identifier of the authentication access controller exists in the form of the ciphertext of the identity identifier of the authentication access controller, which is generated by encrypting encrypted data including the identity identifier of the authentication access controller using the fifth key. The verification module is further configured to: verify the encrypted identity of the authentication access controller based on the authentication access controller's own identity identifier and the fifth key; The sending module is further configured to: if the verification is successful, send a third authentication response message to the requesting device.
39. The authentication access controller according to any one of claims 30 to 38, characterized in that, The message sent by the authentication access controller to the requesting device also includes a hash value calculated by the authentication access controller for the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server also includes a hash value calculated by the authentication access controller for the latest preamble message received from the first authentication server.
40. A first authentication server, characterized in that, The first authentication server is an authentication server trusted by the authentication access controller, including: The receiving module is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes an identity ciphertext message and the identity information of the authentication access controller. The identity ciphertext message includes ciphertext of the requesting device's identity information and the identity authentication code of the requesting device. The identity authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the ciphertext of the requesting device's identity information. The ciphertext of the requesting device's identity information is generated by the requesting device using the public key of its encryption certificate to encrypt encrypted data including the requesting device's identity identifier and a second key. The identity information of the authentication access controller is generated based on information including the digital certificate of the authentication access controller. The sending module is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information ciphertext, and a first digital signature of the first authentication server. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first message authentication code of the second authentication server is generated by the second authentication server using a pre-shared key with the requesting device and a cryptographic algorithm agreed upon with the requesting device to calculate information including the first authentication result information. The second authentication result information ciphertext is generated by the second authentication server using a second key to encrypt encrypted data including the second authentication result information. The second authentication result information includes a second verification result of the identity authentication code of the requesting device. The first digital signature is a digital signature generated by the first authentication server on signature data including the second authentication result information ciphertext.
41. The first authentication server according to claim 40, characterized in that, The identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data, including the digital certificate of the authentication access controller, using the public key of the encryption certificate; correspondingly, the first authentication server further includes: The first decryption module is used to decrypt the identity information using the private key corresponding to the encryption certificate to obtain the digital certificate of the authentication access controller.
42. The first authentication server according to claim 40, characterized in that, When the second authentication server trusted by the requesting device and the first authentication server trusted by the authentication access controller are the same authentication server, the first authentication server further includes: The second decryption module is used to decrypt the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate to obtain the identity identifier of the requesting device and the second key. The first verification module is used to verify the legality of the digital certificate of the authentication access controller to obtain the first verification result, determine the pre-shared key with the requesting device based on the identity identifier of the requesting device, and use the pre-shared key to verify the identity authentication code of the requesting device to obtain the second verification result. The first generation module is configured to generate the first authentication result information based on information including the first verification result, generate the second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate ciphertext of the second authentication result information, calculate and generate the first message authentication code of the first authentication server based on the information including the first authentication result information, and calculate and generate the first digital signature based on the signature data including the ciphertext of the second authentication result information. The second generation module is used to generate a first authentication response message based on information including the first authentication result information, the first message authentication code of the first authentication server, the encrypted second authentication result information, and the first digital signature.
43. The first authentication server according to claim 40, characterized in that, When the second authentication server trusted by the requesting device and the first authentication server trusted by the authentication access controller are two different authentication servers, the first authentication server further includes: The second verification module is used to verify the legitimacy of the digital certificate of the authentication access controller to obtain a first verification result; The third generation module is used to generate the first authentication result information based on information including the first verification result, and to calculate and generate a second digital signature based on the signature data including the first authentication result information and the identity encrypted message, or to calculate and generate a second message authentication code based on the information including the first authentication result information and the identity encrypted message. The sending module is further configured to: send a second authentication request message to a second authentication server, wherein the second authentication request message includes the first authentication result information, the encrypted identity message, and the second digital signature, or the second authentication request message includes the first authentication result information, the encrypted identity message, and the second message authentication code; the second authentication server verifies the second digital signature using the public key of the first authentication server or verifies the second message authentication code using a pre-shared key with the first authentication server; if the verification is successful, the second authentication server verifies the identity authentication code of the requesting device in the encrypted identity message to obtain a second verification result; generates the second authentication result information based on the information including the second verification result; encrypts the information including the second authentication result information using the second key to generate encrypted second authentication result information; calculates and generates a first message authentication code for the second authentication server based on the information including the first authentication result information; calculates and generates a third digital signature based on the signature data including the encrypted second authentication result information, or calculates and generates a third message authentication code based on the information including the encrypted second authentication result information. The receiving module is further configured to: receive a second authentication response message sent by the second authentication server, wherein the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted second authentication result information, and the third digital signature; or the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted second authentication result information, and the third message authentication code. The third verification module is used to verify the third digital signature using the public key of the second authentication server or to verify the third message authentication code using a pre-shared key with the second authentication server. The fourth generation module is used to calculate and generate a first digital signature from the signature data, including the ciphertext of the second authentication result information, if the verification is successful, and to generate the first authentication response message based on the information including the first authentication result information, the first message authentication code of the second authentication server, the ciphertext of the second authentication result information, and the first digital signature.
44. The first authentication server according to any one of claims 40 to 43, characterized in that, The message sent by the first authentication server to the authentication access controller also includes a hash value calculated by the first authentication server for the latest preamble message received from the authentication access controller; the message sent by the first authentication server to the second authentication server also includes a hash value calculated by the first authentication server for the latest preamble message received from the second authentication server.
45. A second authentication server, characterized in that, The second authentication server includes: The receiving module is configured to receive a second authentication request message sent by a first authentication server. The second authentication request message includes first authentication result information, an encrypted identity message, and a second digital signature; or the second authentication request message includes first authentication result information, an encrypted identity message, and a second message authentication code. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The encrypted identity message includes encrypted identity information of the requesting device and an authentication code of the requesting device. The authentication code of the requesting device is generated by the requesting device using a pre-shared key with a trusted second authentication server and employing a cryptographic algorithm agreed upon with the second authentication server to calculate information including the encrypted identity information of the requesting device. The encrypted identity information of the requesting device is generated by the requesting device using the public key of an encryption certificate to encrypt encrypted data including the identity identifier and a second key of the requesting device. The second digital signature is generated by the first authentication server calculating signature data including the first authentication result information and the encrypted identity message, or the second message authentication code is generated by the first authentication server calculating information including the first authentication result information and the encrypted identity message. The verification module is used to verify the second digital signature using the public key of the first authentication server or to verify the second message authentication code using a pre-shared key with the first authentication server. If the verification is successful, the module uses the private key corresponding to the encryption certificate to decrypt the ciphertext of the identity information of the requesting device to obtain the identity identifier of the requesting device and the second key. The module also determines the pre-shared key with the requesting device based on the identity identifier of the requesting device and uses the pre-shared key to verify the identity authentication code of the requesting device to obtain a second verification result. The generation module is used to generate second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate second authentication result information ciphertext, calculate and generate a first message authentication code for the second authentication server based on the information including the first authentication result information, and calculate and generate a third digital signature based on the signature data including the second authentication result information ciphertext or calculate and generate a third message authentication code based on the information including the second authentication result information ciphertext. The sending module is configured to send a second authentication response message to the first authentication server. The second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the encrypted text of the second authentication result information, and the third digital signature. Alternatively, the second authentication response message may include the first authentication result information, the first message authentication code of the second authentication server, the encrypted text of the second authentication result information, and the third message authentication code.
46. The second authentication server according to claim 45, characterized in that, The message sent by the second authentication server to the first authentication server also includes a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server.