A method and apparatus for identity authentication

By introducing authentication servers and encryption technology, the problem of identity information being easily intercepted in communication networks has been solved, achieving two-way identity authentication and information confidentiality, and ensuring network security.

CN114760045BActive Publication Date: 2026-06-05CHINA IWNCOMM

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
CHINA IWNCOMM
Filing Date
2020-12-26
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In communication networks, during the two-way authentication process between the requesting device and the authentication access controller, private and sensitive identity information is easily intercepted by attackers, leading to security risks.

Method used

An authentication server is introduced to encrypt identity information using encrypted certificates and digital signatures. This identity information is then transmitted between the requesting device and the authentication access controller. The trusted authentication server is used for authentication to ensure information confidentiality.

Benefits of technology

It implements two-way authentication between the requesting device and the authentication access controller, preventing identity information from being leaked during transmission and ensuring that only legitimate users can access the legitimate network.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN114760045B_ABST
    Figure CN114760045B_ABST
Patent Text Reader

Abstract

The application discloses an identity authentication method, which performs secret processing on identity information of a requesting device, prevents the identity information of the requesting device from being exposed in the transmission process, and ensures that an attacker cannot obtain private information of the requesting device. Moreover, by introducing an authentication server, while guaranteeing the confidentiality of entity identity related information, the application realizes real-time two-way identity authentication between the requesting device and an authentication access controller.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of network communication security technology, and in particular to an identity authentication method and apparatus. Background Technology

[0002] In communication networks, a requesting device can access the network through an authentication access controller. In situations with high security requirements, the authentication access controller needs to authenticate the requesting device, and the requesting device also needs to authenticate the authentication access controller to ensure that the requesting device is a legitimate user and that the network it is accessing is legitimate. Furthermore, peer-to-peer transmission in blockchain technology also requires establishing trust relationships between different nodes; therefore, node authentication is also crucial.

[0003] During the two-way authentication process between the requesting device and the authentication access controller, both the requesting device and the authentication access controller need to provide their own identity information for authentication. However, this identity information typically carries private and sensitive information, such as ID card numbers, home addresses, bank card information, geographical location information, and affiliated organization information. Furthermore, in practical applications, the identity information of the requesting device and the authentication access controller is usually contained in the entity's digital certificate, which serves as the entity's identity credential.

[0004] If the identity information of the requesting device or the authentication access controller is intercepted by an attacker and used for illegal purposes during the two-way authentication process between the requesting device and the authentication access controller, it will pose a great security risk to the authentication access controller, the requesting device, and the network. Summary of the Invention

[0005] To address the aforementioned technical issues, this application provides an identity authentication method and apparatus. By introducing an authentication server, the confidentiality of entity identity-related information is ensured while achieving bidirectional identity authentication between the authentication access controller and the requesting device.

[0006] In a first aspect, embodiments of this application provide an identity authentication method, including:

[0007] The authentication access controller obtains the identity encrypted message sent by the requesting device. The identity encrypted message includes the identity information encrypted by the requesting device. The identity information encrypted is generated by encrypting encrypted data, including the digital certificate and second key of the requesting device, using the public key of the encryption certificate.

[0008] The authentication access controller sends a first authentication request message to a first authentication server it trusts. The first authentication request message includes encrypted identity information of the requesting device and the digital certificate of the authentication access controller.

[0009] The authentication access controller receives a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first authentication result information. The second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using the second key. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.

[0010] The authentication access controller uses the public key of the first authentication server to verify the second digital signature. When the second digital signature is verified, it sends a third authentication response message to the requesting device. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first authentication result information and the first digital signature using a message encryption key.

[0011] The requesting device uses the message encryption key to decrypt the ciphertext of the authentication result information to obtain the first authentication result information and the first digital signature;

[0012] The requesting device verifies the first digital signature using the public key of the second authentication server. If the verification passes, it determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the requesting device determines that the authentication result of the authentication access controller is valid, it sends a fourth authentication response message to the authentication access controller; or...

[0013] The requesting device verifies the first digital signature using the public key of the second authentication server. If the verification passes, the requesting device sends a fourth authentication response message to the authentication access controller and determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or...

[0014] The requesting device uses the public key of the second authentication server to verify the first digital signature; if the first digital signature is verified, the requesting device determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the requesting device sends a fourth authentication response message to the authentication access controller.

[0015] The fourth authentication response message includes a second key ciphertext, which is obtained by encrypting information including the second key using the message encryption key.

[0016] After receiving the fourth authentication response message, the authentication access controller uses the message encryption key to decrypt the second key ciphertext to obtain the second key, uses the second key to decrypt the second authentication result information ciphertext to obtain the second authentication result information, and determines the identity authentication result of the requesting device based on the second verification result in the second authentication result information.

[0017] Secondly, embodiments of this application provide an authentication access controller, including:

[0018] The acquisition unit is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device, which is generated by encrypting encrypted data including the digital certificate and second key of the requesting device using the public key of the encryption certificate.

[0019] The first sending unit is configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, wherein the first authentication request message includes encrypted identity information of the requesting device and the digital certificate of the authentication access controller.

[0020] The first receiving unit is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first authentication result information. The second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using the second key. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.

[0021] The first verification unit is used to verify the second digital signature using the public key of the first authentication server;

[0022] The second sending unit is configured to send a third authentication response message to the requesting device when the second digital signature is verified. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first authentication result information and the first digital signature using a message encryption key.

[0023] The second receiving unit is configured to receive a fourth authentication response message sent by the requesting device, wherein the fourth authentication response message includes a second key ciphertext, which is obtained by encrypting information including the second key using the message encryption key;

[0024] The decryption unit is configured to decrypt the second key ciphertext using the message encryption key to obtain the second key, and to decrypt the second authentication result information ciphertext using the second key to obtain the second authentication result information;

[0025] The first determining unit is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.

[0026] Thirdly, embodiments of this application provide a requesting device, including:

[0027] The first sending unit is used to send an identity ciphertext message to the authentication access controller. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext is generated by encrypting encrypted data, including the digital certificate and second key of the requesting device, using the public key of the encryption certificate.

[0028] The first receiving unit is configured to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first authentication result information and the first digital signature using a message encryption key.

[0029] The first decryption unit is used to decrypt the ciphertext of the authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;

[0030] A first verification unit is used to verify the first digital signature using the public key of the second authentication server. If the verification passes, a first determining unit determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the first determining unit determines that the authentication result of the authentication access controller is valid, a second sending unit sends a fourth authentication response message to the authentication access controller; or...

[0031] The first verification unit is used to verify the first digital signature using the public key of the second authentication server. If the verification passes, the second sending unit sends a fourth authentication response message to the authentication access controller, and the first determining unit determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or,

[0032] The first verification unit is used to verify the first digital signature using the public key of the second authentication server; if the first digital signature is verified, the first determining unit determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the second sending unit sends a fourth authentication response message to the authentication access controller.

[0033] The fourth authentication response message includes a second key ciphertext, which is obtained by encrypting information including the second key using the message encryption key.

[0034] Fourthly, embodiments of this application provide a first authentication server, which is an authentication server trusted by the authentication access controller, comprising:

[0035] The first receiving unit is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device and the digital certificate of the authentication access controller. The encrypted identity information is generated by encrypting encrypted data, including the digital certificate and the second key of the requesting device, using the public key of the encryption certificate.

[0036] A first sending unit is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by a second authentication server trusted by the requesting device on signature data including the first authentication result information. The second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using a second key. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.

[0037] Fifthly, embodiments of this application provide a second authentication server, which is an authentication server requesting device trust. If the first authentication server trusted by the authentication access controller and the second authentication server requesting device trust are two different authentication servers, then the second authentication server includes:

[0038] The receiving unit is configured to receive a second authentication request message sent by the first authentication server. The second authentication request message includes first authentication result information, encrypted identity information of the requesting device, and a third digital signature. The third digital signature is a digital signature calculated and generated by the first authentication server on signature data including the first authentication result information and the encrypted identity information of the requesting device. The encrypted identity information is generated by encrypting encrypted data including the digital certificate and second key of the requesting device using the public key of the encryption certificate.

[0039] The verification unit is used to verify the third digital signature using the public key of the first authentication server;

[0040] The decryption unit is used to decrypt the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate when the third digital signature verification is successful, so as to obtain the digital certificate of the requesting device and the second key.

[0041] The verification unit is also used to verify the legality of the digital certificate of the requesting device to obtain a second verification result;

[0042] The generation unit is configured to generate the second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate the second authentication result information ciphertext, calculate and generate a first digital signature on the signature data including the first authentication result information, and calculate and generate a fourth digital signature on the signature data including the second authentication result information ciphertext.

[0043] The sending unit is configured to send a second authentication response message to the first authentication server, wherein the second authentication response message includes the first authentication result information, the first digital signature, the encrypted second authentication result information, and the fourth digital signature.

[0044] As can be seen from the above technical solutions, the identity information of the requesting device is kept confidential during the identity authentication process, and the identity information of the authentication access controller is also kept confidential during the transmission of identity information between the requesting device and the authentication access controller. This prevents the identity information of the requesting device and the authentication access controller from being exposed during transmission, ensuring that attackers cannot obtain private and sensitive information. Furthermore, by introducing an authentication server, while ensuring the confidentiality of entity identity-related information, real-time two-way identity authentication between the requesting device and the authentication access controller is achieved, laying the foundation for ensuring that only legitimate users can access the legitimate network. Attached Figure Description

[0045] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0046] Figure 1 A schematic diagram illustrating an identity authentication method provided in an embodiment of this application;

[0047] Figure 2 A schematic diagram illustrating a method for requesting a device REQ and negotiating an encryption key for an access controller AAC, provided in an embodiment of this application;

[0048] Figure 3 A schematic diagram illustrating an identity authentication method in a non-roaming situation provided in an embodiment of this application;

[0049] Figure 4 A schematic diagram illustrating another identity authentication method in a non-roaming situation provided in an embodiment of this application;

[0050] Figure 5A schematic diagram illustrating an identity authentication method in a roaming situation provided in an embodiment of this application;

[0051] Figure 6 A schematic diagram illustrating another identity authentication method in roaming situations provided in an embodiment of this application;

[0052] Figure 7 This is a schematic diagram illustrating another identity authentication method in a non-roaming situation provided in the embodiments of this application, wherein "*" represents an optional field or optional operation;

[0053] Figure 8 This is a schematic diagram illustrating another identity authentication method in a non-roaming situation provided in the embodiments of this application, wherein "*" represents an optional field or optional operation;

[0054] Figure 9 This is a schematic diagram illustrating another identity authentication method in roaming situations provided in the embodiments of this application, where "*" represents an optional field or optional operation;

[0055] Figure 10 This is a schematic diagram illustrating another identity authentication method in roaming situations provided in the embodiments of this application, where "*" represents an optional field or optional operation;

[0056] Figure 11 A structural block diagram of an authentication access controller (AAC) provided in this application embodiment;

[0057] Figure 12 A structural block diagram of a request device REQ provided in an embodiment of this application;

[0058] Figure 13 A structural block diagram of a first authentication server AS-AAC provided in an embodiment of this application;

[0059] Figure 14 This is a structural block diagram of a second authentication server AS-REQ provided in an embodiment of this application. Detailed Implementation

[0060] In a communication network, a requesting device can access the network through an authentication access controller. To ensure that the requesting device is a legitimate user, the authentication access controller needs to authenticate the requesting device's identity. Similarly, to ensure that the network the requesting device is accessing is a legitimate network, the requesting device also needs to authenticate the authentication access controller's identity.

[0061] Taking current wireless and mobile communication scenarios as examples, in scenarios where a requesting device accesses a wireless network through an authentication access controller, the requesting device can be a terminal device such as a mobile phone, a personal digital assistant (PDA), or a tablet computer, while the authentication access controller can be a network-side device such as a wireless access point or a wireless router. In scenarios where a requesting device accesses a wired network through an authentication access controller, the requesting device can be a terminal device such as a desktop computer or a laptop computer, while the authentication access controller can be a network-side device such as a switch or a router. In scenarios where a requesting device accesses a 4G / 5G network through an authentication access controller, the requesting device can be a terminal device such as a mobile phone or a tablet computer, while the authentication access controller can be a network-side device such as a base station. Of course, this application is also applicable to various data communication scenarios, including other wired networks and short-range communication networks.

[0062] However, during the two-way authentication process between the requesting device and the authentication access controller, both devices need to provide their own identity information for authentication. This identity information is typically contained in the entity's digital certificate and usually carries private and sensitive information. If this identity information is intercepted by an attacker during the authentication process and used for illegal purposes, it will pose a significant security risk to the authentication access controller, the requesting device, and even the network.

[0063] To address the aforementioned technical problems, this application provides an identity authentication method, comprising: an authentication access controller acquiring an identity ciphertext message sent by a requesting device, the identity ciphertext message including ciphertext identity information of the requesting device, the identity information ciphertext being generated by encrypting encrypted data including the requesting device's digital certificate and a second key using the public key of an encryption certificate; the authentication access controller sending a first authentication request message to a trusted first authentication server, the first authentication request message including the ciphertext identity information of the requesting device and the authentication access controller's digital certificate; the authentication access controller receiving a first authentication response message sent by the first authentication server, the first authentication response message including first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature; wherein, the first authentication result information includes a first verification result of the authentication access controller's digital certificate, the first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first authentication result information, the second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using a second key, and the second digital signature is a signature calculated by the first authentication server on the signature data including the second authentication result information ciphertext. The authentication access controller calculates a digital signature from the first authentication server's public key to verify the second digital signature. If the verification is successful, it sends a third authentication response message to the requesting device. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data, including the first authentication result information and the first digital signature, using a message encryption key. The requesting device decrypts the ciphertext of authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature. It then verifies the first digital signature using the second authentication server's public key. If the verification is successful, it determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the requesting device determines that the authentication access controller is legitimate, it sends a fourth authentication response message to the authentication access controller. The fourth authentication response message includes ciphertext of the second key, which is obtained by encrypting information, including the second key, using the message encryption key. The authentication access controller decrypts the ciphertext of the second key using the message encryption key to obtain the second key. It then decrypts the ciphertext of the second authentication result information using the second key to obtain the second authentication result information. Finally, it determines the authentication result of the requesting device based on the second verification result in the second authentication result information.

[0064] It is understood that the first authentication result information in this application embodiment is obtained by the authentication access controller's trusted first authentication server verifying the legality of the authentication access controller's digital certificate, and the second authentication result information is obtained by the requesting device's trusted second authentication server verifying the legality of the requesting device's digital certificate. The aforementioned first authentication server and second authentication server can be two independent servers used for identity authentication, or the same server used for identity authentication. The above are only some examples of the requesting device, authentication access controller, and authentication server, and should not be construed as limiting the requesting device, authentication access controller, and authentication server. In other possible implementations of this application embodiment, the requesting device, authentication access controller, and authentication server can also be other devices.

[0065] The identity authentication method provided in this application embodiment realizes two-way identity authentication (MIA) between the requesting device and the authentication access controller.

[0066] For ease of explanation, in this embodiment of the application, the identity authentication method of the present application will be described using the requesting device (REQuester, abbreviated as REQ), the authentication access controller (AAC, abbreviated as AAC), and the authentication server (AS, abbreviated as AS) as examples.

[0067] In this system, the AS trusted by AAC is called the First Authentication Server (AS-AAC), and the AS trusted by REQ is called the Second Authentication Server (AS-REQ). AS-AAC has the ability to verify the legitimacy of AAC digital certificates and holds digital certificates conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, along with the corresponding private keys. AS-REQ has the ability to verify the legitimacy of REQ digital certificates and holds digital certificates conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, along with the corresponding private keys. The Certificate Server-Decrypt (CS-DEC) holds encryption certificates conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, along with the corresponding private keys. AS-AAC and AS-REQ have the ability to transmit digital certificates to other ASs for verification and to transmit the verification results of digital certificates to other ASs. When AS-AAC and AS-REQ are different, AS-AAC and AS-REQ trust each other and know each other's digital certificates or the public keys in the digital certificates.

[0068] REQ can be one endpoint participating in the authentication process, establishing a connection with AAC, accessing the services provided by AAC, and accessing AS through AAC. REQ holds a digital certificate conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, and the corresponding private key. REQ is aware of AS-REQ's digital certificate or the public key within the digital certificate, and is also aware of CS-DEC's encryption certificate or the public key within the encryption certificate. CS-DEC can be a standalone server or reside within AS-REQ. AAC can be another endpoint participating in the authentication process, establishing a connection with REQ, providing services, communicating with REQ, and directly accessing AS-AAC. AAC holds a digital certificate conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, and the corresponding private key within the digital certificate, and is aware of AS-AAC's digital certificate or the public key within the digital certificate.

[0069] The following is combined Figure 1 This application provides an embodiment of an identity authentication method, which includes:

[0070] S101, AAC obtains the encrypted identity message REQInit sent by REQ.

[0071] The REQInit contains REQ's identity information encrypted EncPub. ASAmong them, EncPub AS REQ uses the public key of CS-DEC's encryption certificate to pair with REQ's digital certificate Cert. REQ The encrypted data, including the second key, is generated through encryption. Therefore, during the identity authentication process, the REQ's identity information is kept confidential, preventing its exposure during transmission. In this application, the object to be encrypted is referred to as encrypted data.

[0072] S102, AAC sends a first authentication request message AACVeri to the AS-AAC it trusts.

[0073] The AAC Cert digital certificate is included in the AACVeri. AAC and EncPub AS .

[0074] S103, AAC receives the first authentication response message ASVeri sent by AS-AAC.

[0075] The ASVeri includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a ciphertext of Cert. AAC The first verification result Res AAC The first digital signature is a digital signature generated by AS-REQ, trusted by REQ, on signature data including the first authentication result information; the second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using the second key, and the second authentication result information includes the cert... REQ The second verification result Res REQ The second digital signature is a digital signature calculated by AS-AAC on signature data including the ciphertext of the second authentication result information. In this application, the object to be signed is referred to as signature data.

[0076] It should be noted that if the AS-REQ trusted by REQ and the AS-AAC trusted by AAC are the same authentication server, that is, REQ and AAC jointly trust the same authentication server, then the authentication server jointly trusted by REQ and AAC can be represented by AS-AAC (or AS-REQ). In this case, AS-AAC (which can also be represented as AS-REQ) can be used to authenticate Cert. AAC Perform a validity verification to obtain Res AAC And the decryption of the EncPub AS The obtained Cert REQ Perform a validity verification to obtain Res REQEncPub can be decrypted by AS-AAC (also represented as AS-REQ) using the private key corresponding to the encryption certificate of the CS-DEC residing in AS-AAC (also represented as AS-REQ). AS EncPub can also be converted using AS-AAC (or AS-REQ). AS Send it to the CS-DEC with which it has an interactive trust relationship for decryption, and obtain the decrypted Cert. REQ Then, AS-AAC (which can also be represented as AS-REQ) is based on the Res... AAC The first identification result information is generated based on the information including Res. REQ The information included generates a second authentication result, which is then used to decrypt the EncPub. AS The obtained second key is used to encrypt the information, including the second authentication result information, to generate the second authentication result information ciphertext, and the first digital signature Sig is calculated from the signature data, including the first authentication result information. AS_AAC1 (can also be represented as Sig) AS_REQ1 The second digital signature Sig is generated by calculating the signature data, including the encrypted information of the second authentication result. AS_AAC2 (can also be represented as Sig) AS_REQ2 According to information including the first authentication result and the first digital signature Sig AS_AAC1 (can also be represented as Sig) AS_REQ1 The second authentication result information ciphertext and the second digital signature Sig AS_AAC2 (can also be represented as Sig) AS_REQ2 The information, including the first authentication response message ASVeri, is generated.

[0077] If the AS-REQ trusted by REQ and the AS-AAC trusted by AAC are two different authentication servers, then AS-AAC will be responsible for the authentication of Cert. AAC Perform a validity verification to obtain Res AAC The AS-REQ is used to decrypt the EncPub. AS The obtained Cert REQ Perform a validity verification to obtain Res REQ Therefore, after generating the first authentication result information, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ. The AS-AACVeri includes the first authentication result information and the EncPub. AS and third digital signature Sig AS_AAC3 Among them, Sig AS_AAC3 AS-AAC is used to analyze the information including the first identification result and the EncPub.AS The signature data, including the one included, is used for calculation. AS-REQ uses the AS-AAC public key to verify the Sig. AS_AAC3 If the verification passes, AS-REQ will decrypt the EncPub. AS The obtained Cert REQ Perform a validity verification to obtain Res REQ According to the Res REQ The information included generates a second authentication result, in which EncPub can be decrypted by AS-REQ using the private key corresponding to the encryption certificate of the CS-DEC residing within AS-REQ. AS EncPub can also be accessed via AS-REQ. AS Send it to the CS-DEC with which it has an interactive trust relationship for decryption, and obtain the decrypted Cert. REQ AS-REQ utilizes decryption of the EncPub AS The obtained second key is used to encrypt the information, including the second authentication result information, to generate a second authentication result information ciphertext. Then, a second authentication response message, AS-REQVeri, is sent to AS-AAC. The AS-REQVeri message includes the first authentication result information and the first digital signature Sig. AS_REQ1 The second authentication result information ciphertext and the fourth digital signature Sig AS_REQ4 Among them, Sig AS_REQ1 It is generated by AS-REQ from the signature data, including the first authentication result information, Sig AS_REQ4 It is generated by AS-REQ from the ciphertext of the second authentication result information. After receiving the AS-REQVeri, AS-AAC verifies Sig using the public key of AS-REQ. AS_REQ4 If the verification passes, AS-AAC calculates and generates a second digital signature Sig from the signature data, including the ciphertext of the second authentication result information. AS_AAC2 According to the first authentication result information and the first digital signature Sig AS_REQ1 The second authentication result information ciphertext and the second digital signature Sig AS_AAC2 The information included generates the first authentication response message ASVeri.

[0078] S104. AAC uses the AS-AAC public key to verify the second digital signature.

[0079] If the verification passes, AAC will proceed with the subsequent operations.

[0080] S105, AAC sends a third authentication response message AACAuth to REQ.

[0081] The AACAuth includes the encrypted authentication result information EncData. AAC Among them, EncData AAC It is generated by AAC using a message encryption key to encrypt encrypted data including the first authentication result information and the first digital signature.

[0082] S106, REQ uses the message encryption key to pair EncData AAC Decryption yields the first authentication result information and the first digital signature.

[0083] The message encryption key can be negotiated between REQ and AAC, or it can be pre-shared between REQ and AAC. AAC uses the message encryption key and a symmetric encryption algorithm to encrypt the encrypted data, including the first authentication result information and the first digital signature, to obtain EncData. AAC Therefore, after receiving AACAuth, REQ can use the message encryption key to pair EncData. AAC Decryption yields the first authentication result information and the first digital signature.

[0084] S107, REQ uses AS-REQ's public key to verify the first digital signature.

[0085] S108, REQ based on Res in the first identification result information AAC Determine the identity verification result of AAC.

[0086] S109, REQ sends the fourth authentication response message REQAuth to AAC.

[0087] The REQAuth includes a second key ciphertext, which is obtained by REQ encrypting information including the second key using a message encryption key.

[0088] It should be noted that the execution order of S107 to S109 does not affect the specific implementation of this application. In practical applications, the execution order of S107 to S109 can be set according to requirements. A preferred approach is to execute S107 first. If the REQ fails to verify the first digital signature, AACAuth is discarded. If the REQ verifies the first digital signature successfully, S108 is executed. If the REQ determines that AAC is valid, S109 is executed. If the REQ determines that AAC is invalid, the REQ chooses whether to execute S109 based on its local policy. Considering efficiency, the preferred solution is not to execute S109 and end the current authentication process.

[0089] S110, AAC uses the message encryption key to decrypt the second key ciphertext to obtain the second key, and uses the second key to decrypt the second authentication result information ciphertext to obtain the second authentication result information.

[0090] S111, AAC, based on Res in the second identification result information REQ Determine the identity verification result of REQ.

[0091] As can be seen from the above technical solution, the identity information of the requesting device is kept confidential during the authentication process, and the identity information of the authentication access controller is also kept confidential when transmitting identity information between the requesting device and the authentication access controller. This prevents the identity information of the requesting device and the authentication access controller from being exposed during transmission, ensuring that attackers cannot obtain private and sensitive information. Furthermore, by introducing an authentication server, while ensuring the confidentiality of entity identity-related information, two-way identity authentication between the requesting device and the authentication access controller is achieved, laying the foundation for ensuring that only legitimate users can communicate with legitimate networks.

[0092] In some embodiments, REQInit in S101 may also include the digital signature Sig of REQ. REQ Sig REQ The signature data includes the Sig in REQInit. REQ For the other fields mentioned earlier, AAC also needs to determine Sig before S111. REQ The verification process must pass before S111 can be executed. It should be noted that if AS-REQ and AS-AAC are the same authentication server, then the Sig... REQ Authentication can be performed by AS-AAC (also represented as AS-REQ) or by AAC; if AS-REQ and AS-AAC are two different authentication servers, then the Sig... REQ Verification can be performed using either AS-REQ or AAC. AAC determines Sig. REQ Whether the verification passes includes the following methods:

[0093] As a method for verifying the Sig by an authentication server REQ In an embodiment where AS-REQ and AS-AAC are the same authentication server (i.e., non-roaming), when AS-AAC (which can also be represented as AS-REQ) verifies the Sig... REQ At that time, Sig REQ It can be carried in the AACVeri of S102 and transmitted to AS-AAC (also represented as AS-REQ). AS-AAC (also represented as AS-REQ) uses the decryption of EncPub in AACVeri. ASThe obtained Cert REQ Verify the Sig REQ If the verification passes, the process continues with steps such as generating and sending the first authentication response message ASVeri. If the verification fails, these steps are not executed. Therefore, AAC can determine Sig based on whether or not the first authentication response message ASVeri is received. REQ Whether the verification passes or not, if the AAC can receive the ASVeri from S103, then the AAC can determine Sig. REQ Verification successful.

[0094] As a method for verifying the Sig by an authentication server REQ In another embodiment, where AS-REQ and AS-AAC are two different authentication servers (i.e., roaming), when AS-REQ verifies the Sig... REQ At that time, Sig REQ It can be carried in the second authentication request message AS-AACVeri sent by AS-AAC to AS-REQ in S102 and then transmitted to AS-REQ. AS-REQ uses the decrypted EncPub in AS-AACVeri. AS The obtained Cert REQ Verify the Sig REQ If the verification passes, the process continues with generating and sending the second authentication response message AS-REQVeri, and generating and sending the subsequent first authentication response message ASVeri. If the verification fails, the processes of generating and sending the second authentication response message AS-REQVeri and the subsequent first authentication response message ASVeri will not be executed. Therefore, AAC can determine Sig based on whether or not the first authentication response message ASVeri can be received. REQ Whether the verification passes or not, if the AAC can receive the ASVeri from S103, then the AAC can determine Sig. REQ Verification successful.

[0095] As a result of AAC verification of the Sig REQ In one embodiment, the second authentication result information generated by the authentication server includes not only Res REQ It also includes Cert REQ After AAC receives REQAuth from S109, it uses the second key to decrypt the ciphertext of the second authentication result information. The resulting second authentication result information also includes Cert. REQ And using the Cert information in the second identification result REQ Verify the Sig REQ Thus determining Sig REQHas the verification passed?

[0096] In other embodiments, REQAuth in S109 may also include the digital signature Sig of REQ. REQ Sig REQ The signature data includes the Signature in REQAuth. REQ In this case, the second authentication result information obtained by the authentication access controller in S110 using the second key to decrypt the ciphertext of the second authentication result information also includes Cert. REQ Therefore, before S111, AAC also needs to utilize the Cert information in the second identification result. REQ Sig REQ Perform verification, and determine Sig based on the verification results. REQ Check if the verification is successful. Only if the verification is successful can S111 be executed.

[0097] In some embodiments, the AAC digital signature Sig in S102 may also include the AAC digital signature. AAC Sig AAC The signature data includes Sig in AACeri. AAC For the other fields mentioned earlier, before S108, REQ also needs to determine Sig. AAC The verification process must pass before S108 can be executed. REQ determines Sig. AAC Whether the verification passes includes the following methods: AS-AAC trusted by AAC utilizes Cert in AACVeri. AAC Sig AAC Verification is performed, and only after successful verification will the subsequent process continue. Therefore, if REQ can receive the AACAuth from S105, REQ determines Sig. AAC Verified.

[0098] In other embodiments, the AACAuth of S105 may also include the digital signature Sig of the AAC. AAC Sig AAC The signature data includes the Sig in AACAuth. AAC The other fields mentioned earlier, correspondingly in AACAuth, are EncData. AAC The first authentication result information in the encrypted data also includes Cert AAC Therefore, before S108, REQ also needs to determine Sig. AAC The verification process must pass before S108 can be executed. REQ determines Sig. AAC Whether the verification passes includes the following methods: REQ utilizes decrypted EncData AACCert in the first identification result information obtained AAC Sig AAC Perform verification, and determine Sig based on the verification results. AAC Has the verification passed?

[0099] Please refer to Figure 1 The messages transmitted between REQ, AAC, and the authentication server may also include parameters such as random numbers generated by AAC and / or REQ, and identity identifiers. Normally, these random numbers and / or identity identifiers should remain unchanged during transmission through various messages in the authentication process. However, network jitter or attacks may cause the loss or alteration of these parameters. Therefore, during authentication, the consistency of the identity identifiers and / or random numbers in the messages can be verified to ensure the reliability of the authentication results. Specifically:

[0100] For example, in REQInit of S101, REQ generates the ciphertext EncPub of identity information. AS The encrypted data at that time may also include the REQ's identity ID. REQ and the third key Nonce REQID Nonce REQID Used for ID REQ Encryption; the AAC identity ID can also be included in the S102's AAC Veri. AAC Correspondingly, S103's ASVeri also includes the REQ's ciphertext and ID. AAC EncData in S105's AACAuth AAC The encrypted data also includes REQ's ciphertext identity, which is encrypted using a Nonce identifier. REQID For ID REQ Obtained through encryption, for example, a nonce REQID With ID REQ Perform an XOR operation, i.e., ID REQ ⊕Nonce REQID This serves as the encrypted identity of the REQ. Therefore, prior to S108, the REQ utilizes the message encryption key pair EncData. AAC Decryption also yields the REQ's ciphertext identity, which the REQ then needs to verify using their own identity ID. REQ and the Nonce REQID Decrypting EncData AAC The obtained REQ identity ciphertext is verified, specifically including: REQ using the Nonce REQID For the identity ID of REQ itself REQThe information, including the REQ identifier, is encrypted to generate a ciphertext REQ identity, and the generated ciphertext REQ identity is then compared with the decrypted EncData. AAC The obtained REQ identity ciphertext is used for consistency verification; or, the REQ uses the Nonce. REQID Decrypting the encrypted identity token of REQ yields the ID. REQ The ID obtained from decryption REQ With REQ's own identity ID REQ A consistency verification is performed. After successful verification, REQ proceeds to step S108. Before step S111, AAC can verify the IDs in ASVeri. AAC and AAC's own identity ID AAC (That is, the ID sent by AAC through AACVeri) AAC The consistency of the ) is verified. After the verification is successful, AAC will execute S111.

[0101] Similar to the identity identifier, the REQInit of S101 can also include a second random number (Nonce) generated by REQ. REQ The AACeri of S102 can also include Nonce REQ The first random number (Nonce) generated by AAC AAC Therefore, ASVeri in S103 can also include Nonce. REQ and Nonce AAC EncData in S105's AACAuth AAC The encrypted data may also include a nonce. REQ Therefore, before S108, REQ checks EncData. AAC Decryption also yields the Nonce REQ and the decrypted Nonce REQ Nonce generated with REQ REQ The consistency is verified, and after successful verification, S108 is executed. Before S111, AAC can verify the Nonce in ASVeri. AAC Nonce generated by AAC AAC The consistency is verified, and S111 is executed only after the verification is successful.

[0102] In other embodiments, to ensure the reliability of the authentication result, AAC can generate a message integrity check code. The AACAuth in S105 may also include a first message integrity check code, MacTag. AAC MacTag AAC AAC uses message integrity verification key pairs, including those in AACAuth excluding MacTag. AACOther fields besides the one used are calculated and generated. Accordingly, prior to S108, REQ also needs to verify the MacTag. AAC After successful verification, proceed to S108. REQ verifies the MacTag. AAC When using the message integrity verification key pair, the key should include the key pair in AACAuth excluding the MacTag. AAC Other fields are used to calculate and generate MacTag. AAC and calculate MacTag AAC With the MacTag in the received AACAuth AAC The comparison is performed; if they match, the verification passes; otherwise, the verification fails.

[0103] Similarly, REQ can also generate a message integrity check code. The REQAuth in S109 can also include a second message integrity check code, MacTag. REQ MacTag REQ REQ uses message integrity verification key pairs, including those in REQAuth excluding MacTag. REQ Other fields besides the one used for calculation are also included. Accordingly, before S111, AAC also needs to verify the MacTag. REQ After successful verification, execute S111. AAC verifies MacTag. REQ When using the message integrity verification key pair, the key pair should include the REQAuth key except for the MacTag. REQ Other fields are used to calculate and generate MacTag. REQ and calculate MacTag REQ With the MacTag in the received REQAuth REQ The verification is performed by comparing the results. If they match, the verification passes; otherwise, it fails. The method for generating the message integrity verification key used by REQ and AAC will be described in the next embodiment.

[0104] In the above embodiments, the message encryption key used by REQ and AAC can be obtained through negotiation between the two. Therefore, this embodiment also provides a method for REQ and AAC to negotiate the message encryption key, see [link to documentation]. Figure 2 The method includes:

[0105] S201, AAC sends a key request message AACInit to REQ.

[0106] The AACInit includes the AAC key exchange parameter KeyInfo. AAC KeyInfo AACThis includes the temporary public key of AAC, where key exchange refers to key exchange algorithms such as Diffie-Hellman (DH). The AACInit may also include the first random number (Nonce) generated by AAC. AAC .

[0107] The AACInit may also include security capabilities. AAC Security capabilities AAC This indicates the security capabilities supported by AAC, including the authentication suites (which contain one or more authentication methods), symmetric encryption algorithms, integrity verification algorithms, and / or key derivation algorithms supported by AAC. These parameters allow REQ to select specific security policies to use. REQ can then base its decisions on these security capabilities. AAC Select the specific security policy (Security capabilities) used by REQ. REQ Security capabilities REQ The REQ indicates the authentication method, symmetric encryption algorithm, integrity verification algorithm, and / or key derivation algorithm used.

[0108] S202, REQ is based on the key exchange parameter KeyInfo, which includes REQ. REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used to perform key exchange calculation to generate a first key, and the message encryption key is calculated using a key derivation algorithm based on information including the first key.

[0109] If the AACinit in S201 also includes the Nonce generated by AAC. AAC Then REQ can be based on KeyInfo. REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC The second random number Nonce generated by REQ REQ The information, including the message encryption key, is calculated using a negotiated or pre-defined key derivation algorithm. The negotiated key derivation algorithm can be based on the Security capabilities sent by the AAC according to the REQ. AAC The chosen key derivation algorithm. KeyInfo REQ This refers to the key exchange parameters generated by REQ, including REQ's temporary public key. KeyInfo REQThe corresponding temporary private key is the temporary private key generated by REQ that corresponds to the temporary public key of REQ, that is, the temporary public key and the temporary private key are a pair of temporary public-private keys.

[0110] S203, REQ sends the identity-encrypted message REQInit to AAC.

[0111] The REQInit includes KeyInfo. REQ So that AAC can be based on including KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The message encryption key is calculated from the information including the temporary public key. Among them, KeyInfo... AAC The corresponding temporary private key is the temporary private key generated by AAC that corresponds to the temporary public key of AAC. That is, the temporary public key and the temporary private key are a pair of temporary public-private keys.

[0112] The REQInit may also include security capabilities. REQ The REQInit may also include a Nonce. REQ So that AAC can use the KeyInfo as a basis. AAC The corresponding temporary private key, the KeyInfo REQ The included temporary public key, the Nonce AAC and the Nonce REQ The encryption key for the message is calculated from the information included.

[0113] The REQInit may also include the Nonce. AAC Therefore, AAC can check the Nonce in REQInit before calculating the message encryption key. AAC Nonce generated by AAC AAC The consistency is verified to ensure that the REQInit received by AAC is a response message to AACInit.

[0114] S204, AAC based on including KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used to perform key exchange calculations to generate the first key, and the message encryption key is calculated using the key derivation algorithm based on information including the first key.

[0115] If the REQInit also includes the Nonce REQ Then AAC can be based on the KeyInfo. AAC The corresponding temporary private key and the KeyInfo REQThe included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC and the Nonce REQ The information, including the message's encryption key, is calculated using a negotiated or pre-defined key derivation algorithm. The negotiated key derivation algorithm can be the Security capabilities sent by AAC based on the REQ. REQ The key export algorithm to be used.

[0116] It should be noted that, in Figure 2 In this embodiment, REQ and AAC can also generate message integrity verification keys. The implementation methods for REQ and AAC to generate message integrity verification keys are the same as... Figure 2 The implementation methods for generating message encryption keys for REQ and AAC in the examples are the same. For example, AAC can be generated through... Figure 2 The embodiment uses a key derivation algorithm to derive a string of key data. This key data can be used as both a message encryption key and a message integrity verification key. Alternatively, a portion of the key data can be used as a message encryption key, and the other portion as a message integrity verification key. AAC can also... Figure 2 The implementation method utilizes a key derivation algorithm to derive two identical or different key data sequences in stages: one sequence serves as the message encryption key, and the other as the message integrity verification key. REQ can be... Figure 2 The embodiment uses a key derivation algorithm to derive a string of key data. This key data can be used as both a message encryption key and a message integrity verification key. Alternatively, a portion of the key data can be used as the message encryption key, and the other portion as the message integrity verification key. REQ can also be achieved through... Figure 2 The implementation method uses a key derivation algorithm to derive two strings of identical or different key data in stages. One string is used as the message encryption key, and the other string is used as the message integrity verification key.

[0117] This application also provides a method for determining the first authentication server and / or the second authentication server used in the current authentication process by utilizing information exchange between AAC and REQ:

[0118] Please refer to Figure 2 In S201's AACInit, AAC adds the identity ID of at least one authentication server trusted by AAC. AS_AAC Then REQ is based on the ID. AS_AAC Identify the identity ID of at least one authentication server that you trust. AS_REQ In practice, REQ is derived from ID. AS_AACSelect at least one authentication server that it trusts as the ID. AS_REQ If the selection fails, REQ will use at least one authentication server it trusts as its ID. AS_REQ (Where, successful selection corresponds to a non-roaming situation, and failed selection corresponds to a roaming situation), and the ID... AS_REQ Add it to REQInit in S203 and send it to AAC. Then, AAC can use it based on the ID. AS_AAC and ID AS_REQ The primary authentication server, such as AAC, can be used to determine the ID. AS_REQ and ID AS_AAC If at least one identical authentication server identifier exists, it indicates a non-roaming situation. AAC determines the first authentication server to participate in authentication from among the at least one authentication server identifier trusted by both REQ and AAC. If no such identifier exists, it indicates a roaming situation, and AAC needs to determine the first authentication server based on the ID. AS_AAC Determine the first authentication server AS-AAC involved in identity authentication and set the ID. AS_REQ Send to AS-AAC so that AS-AAC can use the ID AS_REQ Determine the second authentication server AS-REQ.

[0119] As another implementation, AAC may not need to send ID to REQ. AS_AAC The REQ adds the identity ID of at least one trusted authentication server to the REQInit of S203. AS_REQ According to ID AS_REQ The identity ID of the authentication server trusted by AAC itself. AS_AAC The specific implementation of the first authentication server and / or the second authentication server participating in the identity authentication process is as described in the previous implementation method.

[0120] Since the authentication servers for REQ and AAC trusts can be the same or different, when the authentication servers for REQ and AAC trusts are the same, it is a non-roaming situation; when the authentication servers for REQ and AAC trusts are different, it is a roaming situation.

[0121] See Figure 3 This is an embodiment of an identity authentication method in non-roaming scenarios, where AS-AAC (or AS-REQ) can represent an authentication server jointly trusted by REQ and AAC. Furthermore, during the identity authentication process, the digital signature Sig of REQ can also be verified. REQ Verification is then performed. Before this embodiment is executed, both REQ and AAC already possess the message encryption key. The message encryption key can be shared between the two parties beforehand, or it can be obtained through [other means]. Figure 2The method shown is used for negotiation, and Sig is verified by AAC. REQ Identity verification methods include:

[0122] S301, AAC obtains the encrypted identity message REQInit sent by REQ.

[0123] The REQInit contains REQ's identity information encrypted EncPub. AS and REQ's digital signature Sig REQ .

[0124] S302, AAC sends the first authentication request message AACVeri to AS-AAC.

[0125] The AAC Veri includes EncPub AS and AAC digital certificate Cert AAC .

[0126] S303 and AS-AAC decrypt EncPub using the private key corresponding to the encryption certificate. AS Obtain the REQ digital certificate Cert REQ Second key Nonce REQPub For Cert respectively AAC and Cert REQ Perform a validity verification to obtain a Cert. AAC The first verification result Res AAC and Cert REQ The second verification result Res REQ According to Cert AAC and Res AAC The first identification result information is generated based on information including Cert. REQ and Res REQ The information, including the first authentication result information, is used to generate a second authentication result information. The first digital signature, Sig, is then calculated from the signature data, including the first authentication result information. AS_AAC1 Using Nonce REQPub The information, including the second authentication result information, is encrypted to generate ciphertext of the second authentication result information. The signature data, including the ciphertext of the second authentication result information, is then used to calculate and generate the second digital signature Sig. AS_AAC2 .

[0127] S304, AAC receives the first authentication response message ASVeri sent by AS-AAC.

[0128] The ASVeri includes first authentication result information and first digital signature Sig. AS_AAC1 Second authentication result encrypted information, second digital signature Sig AS_AAC2 .

[0129] S305, AAC uses the AS-AAC public key to Sig AS_AAC2 If verification is successful, the message encryption key pair, including the first authentication result information and the Sig, will be used. AS_AAC1 EncData is used to encrypt the data and generate the authentication result information in ciphertext. AAC For EncData AAC The digital signature Sig of AAC is generated from the signature data, including the signature data. AAC .

[0130] S306, AAC sends a third authentication response message AACAuth to REQ.

[0131] The AACAuth includes the EncData. AAC and the Sig AAC .

[0132] S307, REQ uses the message encryption key to pair EncData AAC Decryption yields the first authentication result information and Sig AS_AAC1 .

[0133] S308 and REQ use AS-AAC public key verification Sig AS_AAC1 And, using the Cert information in the first identification result AAC Verify Sig AAC .

[0134] If all verifications pass, proceed with step S309.

[0135] S309, REQ based on Res in the first identification result information AAC Determine the identity verification result of AAC.

[0136] If REQ determines that AAC is valid, execute S310; if REQ determines that AAC is invalid, end the current authentication process.

[0137] S310 and REQ utilize message encryption key pairs including the second key Nonce. REQPub The information inside is encrypted to obtain the second key ciphertext EncData. REQ .

[0138] S311, REQ sends the fourth authentication response message REQAuth to AAC.

[0139] The REQAuth includes the EncData. REQ .

[0140] S312, AAC uses the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPub The second authentication result information is obtained by decrypting the ciphertext.

[0141] S313, AAC uses the Cert information in the second authentication result obtained through decryption in the decryption process. REQ Verify REQ's digital signature Sig REQ .

[0142] If the verification passes, then execute S314.

[0143] S314, AAC uses the Res information in the second authentication result obtained through decryption. REQ Determine the identity verification result of REQ.

[0144] It should be noted that (1) the REQInit of S301 may not include Sig. REQ In S311's REQAuth, add Sig REQ That is, in S311, REQ first processes EncData, which includes REQAuth. REQ The signature data, including the Sig, is calculated to generate the Sig. REQ In this case, the Sig verified by AAC in S313 REQ For the Sig in REQAuth REQ (2) Calculate Sig in S305 AAC The operation can also be changed to be executed first in S302, that is, in S302, AAC first processes EncPub, which includes the AACVeri. AS and Cert AAC The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, S302's AACeri also includes Sig. AAC In S303, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations are performed; in this case, AAC in S305 does not need to calculate Sig. AAC Accordingly, S306's AACAuth does not include Sig. AAC In S308, REQ no longer verifies Sig. AAC In this case, the first identification result information may not include Cert. AAC .

[0145] See Figure 4This is another embodiment of the identity authentication method in non-roaming scenarios, where AS-AAC (or AS-REQ) can be used to represent the authentication server jointly trusted by REQ and AAC, and during the identity authentication process, the digital signature Sig of REQ can also be verified. REQ Verification is then performed. Before this embodiment is executed, both REQ and AAC already possess the message encryption key. The message encryption key can be shared between the two parties beforehand, or it can be obtained through [other means]. Figure 2 The method shown is used to negotiate the Sig, which is verified by AS-AAC. REQ Identity verification methods include:

[0146] S401, AAC retrieves the encrypted identity message REQInit sent by REQ.

[0147] The REQInit contains REQ's identity information encrypted EncPub. AS and REQ's digital signature Sig REQ .

[0148] S402, AAC sends the first authentication request message AACVeri to AS-AAC.

[0149] The AACVeri includes REQInit and AAC digital certificates Cert. AAC .

[0150] S403 and AS-AAC use the private key corresponding to the encryption certificate to access the EncPub in REQInit. AS Decryption yields REQ's digital certificate Cert REQ Second key Nonce REQPub Using Cert REQ Sig REQ Verification is required.

[0151] If the verification passes, execute S404.

[0152] S404, AS-AAC for Cert AAC and Cert REQ Perform a validity verification and obtain a Cert. AAC The first verification result Res AAC and Cert REQ The second verification result Res REQ According to Cert AAC and Res AAC The first identification result information is generated based on information including Res. REQ The information, including the first authentication result information, is used to generate a second authentication result information. The first digital signature, Sig, is then calculated from the signature data, including the first authentication result information.AS_AAC1 Using Nonce REQPub The information, including the second authentication result information, is encrypted to generate ciphertext of the second authentication result information. The signature data, including the ciphertext of the second authentication result information, is then used to calculate and generate the second digital signature Sig. AS_AAC2 .

[0153] S405, AAC receives the first authentication response message ASVeri sent by AS-AAC.

[0154] The ASVeri includes first authentication result information and first digital signature Sig. AS_AAC1 Second authentication result encrypted information, second digital signature Sig AS_AAC2 .

[0155] S406, AAC uses AS-AAC's public key to verify Sig. AS_AAC2 After successful verification, the message encryption key pair, including the first authentication result information and the Sig, is used. AS_AAC1 EncData is used to encrypt the data and generate the authentication result information in ciphertext. AAC For EncData AAC The digital signature Sig of AAC is generated from the signature data, including the signature data. AAC .

[0156] S407, AAC sends a third authentication response message AACAuth to REQ.

[0157] The AACAuth includes the EncData. AAC and the Sig AAC .

[0158] S408 and REQ use the message encryption key to decrypt EncData AAC Obtain the first identification result information and Sig AS_AAC1 .

[0159] S409 and REQ use AS-AAC public key verification Sig AS_AAC1 And, using the Cert information in the first identification result AAC Verify Sig AAC .

[0160] If all verifications pass, proceed to step S410.

[0161] S410, REQ based on Res in the first identification result information AAC Determine the identity verification result of AAC.

[0162] If REQ determines that AAC is valid, execute S411. If REQ determines that AAC is invalid, end the current authentication process.

[0163] S411, REQ utilizes a message encryption key pair including a second key, Nonce. REQPub The information inside is encrypted to obtain the second key ciphertext EncData. REQ .

[0164] S412, REQ sends the fourth authentication response message REQAuth to AAC.

[0165] The REQAuth includes the EncData. REQ .

[0166] S413, AAC uses the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPub The second authentication result information is obtained by decrypting the ciphertext.

[0167] S414, AAC uses the Res information in the second authentication result obtained through decryption. REQ Determine the identity verification result of REQ.

[0168] It should be noted that Sig is calculated in S406. AAC The operation can also be changed to be executed first in S402, that is, in S402, AAC first processes REQInit and Cert in the AACVeri. AAC The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, S402's AACeri also includes Sig. AAC In S403, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations are performed; in this case, AAC in S406 does not need to calculate Sig. AAC Accordingly, S407's AACAuth does not include Sig. AAC In S409, REQ no longer verifies Sig. AAC In this case, the first identification result information may not include Cert. AAC .

[0169] See Figure 5 This is an example of an identity authentication method in roaming scenarios. In this case, AS-AAC and AS-REQ trust each other and know each other's digital certificates or the public keys within digital certificates. Furthermore, during the identity authentication process, the digital signature Sig of the REQ can also be verified. REQVerification is then performed. Before this embodiment is executed, both REQ and AAC already possess the message encryption key. The message encryption key can be shared between the two parties beforehand, or it can be obtained through [other means]. Figure 2 The method shown is used for negotiation, and Sig is verified by AAC. REQ Identity verification methods include:

[0170] S501, AAC obtains the encrypted identity message REQInit sent by REQ.

[0171] The REQInit contains REQ's identity information encrypted EncPub. AS REQ trusts at least one authentication server's identity ID. AS_REQ and REQ's digital signature Sig REQ .

[0172] S502, AAC sends the first authentication request message AACVeri to AS-AAC.

[0173] The AAC Veri includes EncPub AS AAC digital certificate Cert AAC and ID AS_REQ So that AS-AAC can be used for Cert AAC Perform a validity verification to obtain Res AAC According to Cert AAC and Res AAC The information included generates the first identification result information, and then based on the ID. AS_REQ The AS-REQ used in this identification process was determined.

[0174] S503, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.

[0175] The AS-AACVeri includes first identification result information and EncPub. AS and third digital signature Sig AS_AAC3 Among them, Sig AS_AAC3 AS-AAC is used to analyze the information including the first identification result and the EncPub. AS The signature data, including the signature data, is calculated and generated.

[0176] S504 and AS-REQ use AS-AAC public keys to verify Sig. AS_AAC3 .

[0177] If the verification passes, then execute S505.

[0178] S505 and AS-REQ decrypt EncPub using the private key corresponding to the encryption certificate.AS Get Cert REQ Second key Nonce REQPub .

[0179] S506, AS-REQ for Cert REQ Perform a validity verification to obtain Res REQ According to Cert REQ and Res REQ The information included generates the second identification result information, using Nonce. REQPub The information, including the second authentication result information, is encrypted to generate ciphertext of the second authentication result information. The signature data, including the first authentication result information, is calculated to generate the first digital signature Sig. AS_REQ1 A fourth digital signature, Sig, is generated from the signature data, including the ciphertext of the second authentication result information. AS_REQ4 .

[0180] S507, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.

[0181] The AS-REQVeri includes first authentication result information and first digital signature Sig. AS_REQ1 The second authentication result information ciphertext and the fourth digital signature Sig AS_REQ4 .

[0182] S508 and AS-AAC use the public key of AS-REQ to verify Sig. AS_REQ4 .

[0183] If the verification passes, proceed with S509.

[0184] S509 and AS-AAC calculate and generate a second digital signature Sig from the signature data, including the ciphertext of the second authentication result information. AS_AAC2 According to the first authentication result information and the first digital signature Sig AS_REQ1 The second authentication result information ciphertext and the second digital signature Sig AS_AAC2 The information included generates the first authentication response message ASVeri.

[0185] S510 and AS-AAC send the first authentication response message ASVeri to AAC.

[0186] S511 and AAC use AS-AAC's public key to verify Sig. AS_AAC2 After successful verification, the message encryption key pair, including the first authentication result information and the Sig, is used. AS_REQ1 EncData is used to encrypt the data and generate the authentication result information in ciphertext.AAC For EncData AAC The digital signature Sig of AAC is generated from the signature data, including the signature data. AAC .

[0187] S512, AAC sends a third authentication response message AACAuth to REQ.

[0188] The AACAuth includes the EncData. AAC and the Sig AAC .

[0189] S513 and REQ use the message encryption key to decrypt EncData AAC Obtain the first identification result information and the Sig AS_REQ1 .

[0190] S514 and REQ use the AS-REQ public key to verify Sig. AS_REQ1 And, using the Cert information in the first identification result AAC Verify Sig AAC .

[0191] If all verifications pass, then execute S515.

[0192] S515, REQ based on Res in the first identification result information AAC Determine the identity verification result of AAC.

[0193] If REQ determines that AAC is valid, execute S516; if REQ determines that AAC is invalid, end the current authentication process.

[0194] S516 and REQ utilize message encryption key pairs including a second key, Nonce. REQPub The information inside is encrypted to obtain the second key ciphertext EncData. REQ .

[0195] S517, REQ sends the fourth authentication response message REQAuth to AAC.

[0196] The REQAuth includes the EncData. REQ .

[0197] S518 and AAC use the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPub The second authentication result information is obtained by decrypting the ciphertext of the second authentication result information.

[0198] S519, AAC utilizes the Cert information in the second authentication result obtained through decryption in the decryption process. REQ Verify REQ's digital signature Sig REQ .

[0199] If the verification passes, proceed with S520.

[0200] S520 and AAC use the Res information in the second authentication result obtained through decryption to... REQ Determine the identity verification result of REQ.

[0201] It should be noted that (1) the REQInit of S501 may not include Sig. REQ In S517's REQAuth, add Sig REQ That is, in S517, REQ first processes EncData, which includes the REQAuth. REQ The signature data, including the Sig, is calculated to generate the Sig. REQ In this case, the Sig verified by AAC in S519 REQ For the Sig in REQAuth REQ (2) Calculate Sig in S511 AAC The operation can also be changed to be executed first in S502, that is, in S502, AAC first processes EncPub, which includes the AACVeri. AS Cert AAC and ID AS_REQ The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, S502's AACeri also includes Sig. AAC In S503, AS-AAC also needs to verify Sig first. AAC After successful verification, subsequent operations are performed; in this case, AAC in S511 does not need to calculate Sig. AAC Correspondingly, S512's AACAuth does not include Sig. AAC In S514, REQ no longer verifies Sig. AAC In this case, the first identification result information may not include Cert. AAC .

[0202] See Figure 6 This is another embodiment of the identity authentication method in roaming situations. In this case, AS-AAC and AS-REQ trust each other and know each other's digital certificates or the public keys in the digital certificates. Furthermore, during the identity authentication process, the digital signature Sig of the REQ can also be verified. REQ Verification is then performed. Before this embodiment is executed, both REQ and AAC already possess the message encryption key. The message encryption key can be pre-shared by both parties or obtained through [other means].Figure 2 The method shown is used to negotiate the Sig, which is verified by AS-REQ. REQ Identity verification methods include:

[0203] S601, AAC obtains the encrypted identity message REQInit sent by REQ.

[0204] The REQInit contains REQ's identity information encrypted EncPub. AS REQ trusts at least one authentication server's identity ID. AS_REQ and REQ's digital signature Sig REQ .

[0205] S602, AAC sends the first authentication request message AACVeri to AS-AAC.

[0206] The AACeri includes REQInit and Cert. AAC So that AS-AAC can be used for Cert AAC Perform a validity verification to obtain Res AAC According to Cert AAC and Res AAC The information included in the first identification result is generated.

[0207] S603, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.

[0208] AS-AAC is based on the ID in REQInit. AS_REQ The AS-REQ used in this authentication process is identified, and an AS-AACVeri is sent to the AS-REQ. The AS-AACVeri includes REQInit, first authentication result information, and a third digital signature Sig. AS_AAC3 Among them, Sig AS_AAC3 It is generated by AS-AAC from signature data including REQInit and first authentication result information.

[0209] S604 and AS-REQ use the public key of AS-AAC to verify Sig. AS_AAC3 .

[0210] If the verification passes, then execute S605.

[0211] S605 and AS-REQ use the private key corresponding to the encryption certificate to decrypt EncPub in REQInit. AS Get Cert REQ Second key Nonce REQPub .

[0212] S606, AS-REQ uses Cert REQ Verify REQ's digital signature Sig REQ .

[0213] If the verification passes, proceed with S607.

[0214] S607, AS-REQ for Cert REQ The legality of Res is verified to obtain Res REQ According to Res REQ The information included generates the second identification result information, using Nonce. REQPub The information, including the second authentication result information, is encrypted to generate ciphertext of the second authentication result information. The signature data, including the first authentication result information, is calculated to generate the first digital signature Sig. AS_REQ1 A fourth digital signature, Sig, is generated from the signature data, including the ciphertext of the second authentication result information. AS_REQ4 .

[0215] S608, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.

[0216] The AS-REQVeri includes first authentication result information and first digital signature Sig. AS_REQ1 The second authentication result information ciphertext and the fourth digital signature Sig AS_REQ4 .

[0217] S609 and AS-AAC use the public key of AS-REQ to verify Sig. AS_REQ4 .

[0218] If the verification passes, proceed with step 610.

[0219] S610 and AS-AAC calculate and generate a second digital signature Sig from the signature data, including the ciphertext of the second authentication result information. AS_AAC2 According to the first authentication result information and the first digital signature Sig AS_REQ1 The second authentication result information ciphertext and the second digital signature Sig AS_AAC2 The information included generates the first authentication response message ASVeri.

[0220] S611, AS-AAC sends the first authentication response message ASVeri to AAC.

[0221] S612, AAC uses AS-AAC's public key to verify Sig. AS_AAC2 After successful verification, the message encryption key pair, including the first authentication result information and the Sig, is used. AS_REQ1EncData is used to encrypt the data and generate the authentication result information in ciphertext. AAC For EncData AAC The digital signature Sig of AAC is generated from the signature data, including the signature data. AAC .

[0222] S613, AAC sends a third authentication response message AACAuth to REQ.

[0223] The AACAuth includes the EncData. AAC and the Sig AAC .

[0224] S614, REQ uses the message encryption key to decrypt EncData AAC Obtain the first identification result information and the Sig AS_REQ1 .

[0225] S615 and REQ use the AS-REQ public key to verify Sig. AS_REQ1 And, using the Cert information in the first identification result AAC Verify Sig AAC .

[0226] If all verifications pass, proceed to step S616.

[0227] S616, REQ, based on Res in the first identification result information AAC Determine the identity verification result of AAC.

[0228] If REQ determines that AAC is valid, execute S617; if REQ determines that AAC is invalid, end the current authentication process.

[0229] S617 and REQ utilize message encryption key pairs including a second key, Nonce. REQPub The information inside is encrypted to obtain the second key ciphertext EncData. REQ .

[0230] S618, REQ sends the fourth authentication response message REQAuth to AAC.

[0231] The REQAuth includes the EncData. REQ .

[0232] S619 and AAC use the message encryption key to decrypt EncData REQ Get Nonce REQPub Using Nonce REQPub The second authentication result information is obtained by decrypting the ciphertext of the second authentication result information.

[0233] S620 and AAC use the Res information in the second authentication result obtained through decryption to... REQ Determine the identity verification result of REQ.

[0234] It should be noted that S612 calculates Sig. AAC The operation can also be changed to be executed first in S602, that is, in S602, AAC first processes REQInit and Cert in the AACVeri. AAC The signature data, including the Sig, is calculated to generate the Sig. AAC Therefore, S602's AACeri also includes Sig. AAC In S603, AS-AAC also needs to verify Sig first. AAC After successful verification, subsequent operations are performed; in this case, AAC in S612 does not need to calculate Sig. AAC Accordingly, S613's AACAuth does not include Sig. AAC In S615, REQ no longer verifies Sig. AAC In this case, the first identification result information may not include Cert. AAC .

[0235] For the sake of simplicity, Figures 7 to 10 In this embodiment, the first authentication result information can be represented by the Pub field. AAC This indicates that the second identification result information can be represented by the Pub field. REQ express.

[0236] See Figure 7 This is an embodiment of an identity authentication method in non-roaming scenarios, where AS-AAC (or AS-REQ) can represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier to implement in engineering. Specifically, the digital signature Sig of REQ... REQ Verified by AAC, the method includes:

[0237] S701, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .

[0238] S702, AAC sends a key request message AACInit to REQ.

[0239] The AACInit includes Nonce AAC KeyInfo AACand security capabilities AAC Among them, security capabilities AAC This is an optional field that represents the security capabilities supported by AAC, including the authentication suites, symmetric encryption algorithms, integrity verification algorithms, and / or key derivation algorithms supported by AAC (the same applies throughout the text).

[0240] S703, REQ generates Nonce REQ KeyInfo REQ Nonce REQID and Nonce REQPub Generate security capabilities as needed REQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm (this step can also be performed later when the message encryption key and / or message integrity verification key are needed); the ciphertext EncPub of the REQ's identity information is calculated using the public key of the encryption certificate. AS ; Calculate Sig REQ .

[0241] Among them, security capabilities REQ This is an optional field, indicating that the REQ is based on Security capabilities. AAC The choice of a specific security strategy, i.e., the REQ determines the authentication method, symmetric encryption algorithm, integrity verification algorithm, and / or key derivation algorithm to be used (the same applies throughout the text); whether the REQ generates security capabilities. REQ It depends on whether the AACInit sent by AAC to REQ includes security capabilities. AAC .

[0242] S704, REQ sends the identity-encrypted message REQInit to AAC.

[0243] The REQInit includes Nonce AAC Nonce REQSecurity capabilities REQ KeyInfo REQ EncPub AS and Sig REQ Among them, Nonce AAC and security capabilities REQ Nonce is an optional field. AAC It should be equal to the Nonce in AACInit. AAC EncPub AS The encrypted data includes ID REQ Cert REQ Nonce REQID and Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier. For example, when REQInit includes Nonce in sequence. AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS and Sig REQ At that time, Sig REQ The signature data includes the Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ and EncPub AS Additionally, when Nonce is not included in REQInit. AAC At that time, Sig REQ The signature data also includes the Nonce from AACInit. AAC .

[0244] S705. After receiving the REQInit, AAC performs the following operations (unless otherwise specified or logically related, the actions numbered (1), (2)... in this document do not necessarily have a sequential order due to their numbering. The same applies throughout the document), including:

[0245] (1) If a Nonce exists in REQInit AAC Then check the Nonce. AAC Nonce generated by AAC AAC Check if they are the same; if they are different, discard REQInit.

[0246] (2) Based on the KeyInfo AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; of course, this calculation can also be performed only when AAC needs to use the message encryption key and / or message integrity verification key.

[0247] S706, AAC sends the first authentication request message AACVeri to AS-AAC.

[0248] The AAC Veri includes EncPub AS Nonce REQ ID AAC Cert AAC and Nonce AAC Among them, EncPub AS Nonce REQ They should be equal to the corresponding fields in REQInit; Nonce AAC It should be equal to the Nonce generated by AAC. AAC .

[0249] After receiving the AACVeri, S707 and AS-AAC perform the following operations, including:

[0250] (1) Decrypt EncPub using the private key corresponding to the encryption certificate. AS Get Cert REQ ID REQ Nonce REQPub Nonce REQID ;

[0251] (2) Verify Cert respectively AAC and Cert REQ The legitimacy of Res AAC and Res REQ According to Cert AAC and Res AAC Information generated in Pub AAC According to Cert REQ and Res REQ Information generated in Pub REQ , for ID REQ and Nonce REQIDGenerate ID by performing an XOR operation REQ ⊕Nonce REQID For Pub REQ and Nonce REQPub Generate Pub by performing XOR operation REQ ⊕Nonce REQPub ;

[0252] (3) For ID REQ ⊕Nonce REQID Nonce REQ Pub AAC The information, including the first digital signature Sig, is used to generate the first digital signature. AS_AAC1 For including ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub The information included is used to perform signature calculations to generate a second digital signature, Sig. AS_AAC2 .

[0253] S708, AS-AAC sends the first authentication response message ASVeri to AAC.

[0254] The ASVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_AAC1 ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_AAC2 Among them, ID REQ Nonce REQID Nonce REQ ID AAC Nonce AAC Nonce REQPub They should be equal to the corresponding fields in AACVeri.

[0255] S709. After receiving the ASVeri, AAC performs the following operations, including:

[0256] (1) Check ID AAC and Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;

[0257] (2) Verify Sig using AS-AAC public keyAS_AAC2 ;

[0258] (3) If the above checks and verifications pass, then use the message encryption key to calculate EncData. AAC If any step of the above checks and verifications fails, ASVeri should be discarded immediately.

[0259] (4) Calculate Sig AAC ;

[0260] (5) Calculate MacTag as needed AAC .

[0261] S710 and AAC send a third authentication response message AACAuth to REQ.

[0262] The AACAuth includes Nonce. REQ Nonce AAC EncData AAC Sig AAC and MacTag AAC Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC EncData AAC The encrypted data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_AAC1 , where ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_AAC1 These should be equal to the corresponding fields in ASVeri. Sig AAC The signature data includes the Sig in AACAuth. AAC Other fields mentioned earlier; MacTag AAC MacTag is an optional field. AAC The calculation process is as follows: using the message integrity verification key, an integrity verification algorithm is applied to all messages in AACAuth except for the MacTag. AAC Other fields are used to calculate and generate MacTag. AAC .

[0263] S711. After receiving the AACAuth, REQ performs the following operations, including:

[0264] (1) If a Nonce exists in AACAuth REQ Then check the Nonce. REQ Nonce generated with REQ REQ Are they the same? If a Nonce exists in AACAuth... AAC Then check the Nonce. AAC Nonce in AACInit AAC Are they the same?

[0265] (2) If MacTag exists in AACAuth AAC Then verify MacTag AAC ;

[0266] The verification process is as follows: REQ uses the message integrity verification key and an integrity verification algorithm to verify the integrity of data, excluding the MacTag, in AACAuth. AAC Other fields are calculated locally to generate MacTag. AAC (This calculation method is the same as AAC's calculation of MacTag) AAC (In the same way), calculate the MacTag AAC With the MacTag in the received AACAuth AAC Compare them.

[0267] (3) Decrypt EncData using the message encryption key and a symmetric encryption algorithm. AAC Get ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_AAC1 ;

[0268] (4) ID REQ ⊕Nonce REQID With Nonce REQID Perform an XOR operation to recover the ID REQ Check the recovered ID REQ With REQ's own identity ID REQ Are they the same?; check the nonce. REQ Nonce generated with REQ REQ Are they the same?

[0269] (5) Verify Sig using AS-AAC public key AS_AAC1 And, using the decrypted Pub AAC Cert in AAC Verify Sig AAC ;

[0270] (6) If any of the above checks and verifications fail, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the verification process.

[0271] (7) Calculate EncData using the message encryption key REQ ;

[0272] (8) Calculate MacTag REQ .

[0273] S712, REQ sends the fourth authentication response message REQAuth to AAC.

[0274] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub And Nonce REQPub It should be equal to the Nonce generated by REQ. REQPub MacTag REQ The calculation process is as follows: using the message integrity verification key, an integrity verification algorithm is applied to all messages in REQAuth except for the MacTag. REQ Other fields are used to calculate and generate MacTag. REQ .

[0275] S713. After receiving the REQAuth, AAC performs the following operations:

[0276] (1) If a Nonce exists in REQAuth REQ Then check the Nonce. REQ With the Nonce in the received REQInit REQ Are they the same? If a Nonce exists in REQAuth. AAC Then check the Nonce. AAC Nonce generated by AAC AAC Are they the same?

[0277] (2) Verify MacTag REQ ;

[0278] The verification process is as follows: AAC uses the message integrity verification key and an integrity verification algorithm to verify the integrity of all data except the MacTag in REQAuth. REQ Other fields are calculated locally to generate MacTag. REQ (This calculation method is the same as REQ calculation of MacTag) REQ (In the same way), calculate the MacTag REQ With the MacTag in the received REQAuth REQ Compare them.

[0279] (3) Decrypt EncData using the message encryption key and a symmetric encryption algorithm. REQ Get Nonce REQPub ;

[0280] (4) Nonce REQPub With Pub REQ ⊕Nonce REQPub Perform an XOR operation to restore Pub REQ ;

[0281] (5) Using Pub REQ Cert in REQ Verify Sig REQ ;

[0282] (6) After all the above checks and verifications are passed, according to Pub REQ Res in REQ Determine the REQ's identity authentication result; if any step of the above checks and verifications fails, discard the REQAuth immediately.

[0283] It should be noted that (1) the REQInit of S704 may not include Sig. REQ In S712's REQAuth, add Sig REQ That is, in S712, REQ first checks the Nonce in REQAuth. AAC Nonce REQ EncData REQ The information, including the signature calculation, generates the Sig. REQ In this case, the Sig verified in S713 REQ For the Sig in REQAuth REQ (2) Calculate Sig in S709 AAC The operation can also be changed to be executed first in S706, that is, in S706, AAC first processes EncPub, including AACVeri.AS Nonce REQ ID AAC Cert AAC and Nonce AAC The information, including the signature calculation, generates the Sig. AAC Therefore, the S706 AACVeri also includes Sig AAC In S707, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations are performed; in this case, AAC in S709 does not need to calculate Sig. AAC Accordingly, S710's AACAuth does not include Sig. AAC In S711, REQ no longer verifies Sig. AAC At this time, Pub AAC Cert may not be included. AAC .

[0284] See Figure 8 This is another embodiment of the identity authentication method in non-roaming scenarios, where AS-AAC (or AS-REQ) can represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier to implement in engineering. Wherein Sig... REQ Verified by AS-AAC, the method includes:

[0285] S801, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .

[0286] S802, AAC sends a key request message AACInit to REQ.

[0287] The AACInit includes Nonce AAC KeyInfo AAC and security capabilities AAC Among them, security capabilities AAC This is an optional field.

[0288] S803, REQ generates Nonce REQ KeyInfo REQ Nonce REQID and Nonce REQPub Generate security capabilities as neededREQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; the ciphertext EncPub of the REQ's identity information is calculated using the public key of the encryption certificate. AS ; Calculate Sig REQ .

[0289] S804, REQ sends the identity-encrypted message REQInit to AAC.

[0290] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS and Sig REQ Among them, security capabilities REQ Optional field; EncPub AS The encrypted data includes ID REQ Cert REQ Nonce REQID and Nonce REQPub ;Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier.

[0291] After receiving the REQInit, S805 and AAC perform the following operations, including:

[0292] (1) Check the Nonce in REQInit AAC Nonce generated by AAC AAC Check if they are the same; if they are different, discard REQInit.

[0293] (2) Based on the KeyInfo AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQOther information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm.

[0294] S806, AAC sends the first authentication request message AACVeri to AS-AAC.

[0295] The AACVeri includes REQInit and ID. AAC and Cert AAC .

[0296] After receiving the AACVeri, S807 and AS-AAC perform the following operations, including:

[0297] (1) Decrypt EncPub in REQInit using the private key corresponding to the encryption certificate. AS Get Cert REQ ID REQ Nonce REQID Nonce REQPub ;

[0298] (2) Using the decrypted Cert REQ Verify Sig in REQInit REQ ;

[0299] (3) Verify Cert respectively AAC and Cert REQ The legitimacy of Res AAC and Res REQ Then, according to Cert AAC and Res AAC Information generated in Pub AAC According to Res REQ Information generated in Pub REQ , for ID REQ and Nonce REQID Generate ID by performing an XOR operation REQ ⊕Nonce REQID For Pub REQ and Nonce REQPub Generate Pub by performing XOR operation REQ ⊕Nonce REQPub ;

[0300] (4) For ID REQ ⊕Nonce REQID Nonce REQ Pub AAC The information, including the first digital signature Sig, is used to generate the first digital signature.AS_AAC1 ; including ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub The information included is used to perform signature calculations to generate a second digital signature, Sig. AS_AAC2 .

[0301] S808 and AS-AAC send the first authentication response message ASVeri to AAC.

[0302] The ASVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_AAC1 ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_AAC2 Among them, ID REQ Nonce REQID Nonce REQ ID AAC Nonce AAC Nonce REQPub They should be equal to the corresponding fields in AACVeri.

[0303] S809. After receiving the ASVeri, AAC performs the following operations, including:

[0304] (1) Check ID AAC and Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;

[0305] (2) Verify Sig using AS-AAC public key AS_AAC2 ;

[0306] (3) If the above checks and verifications pass, then use the message encryption key to calculate EncData. AAC If any step of the above checks and verifications fails, the ASVeri should be discarded immediately.

[0307] (4) Calculate Sig AAC .

[0308] (5) Calculate MacTag as needed AAC .

[0309] S810 and AAC send a third authentication response message AACAuth to REQ.

[0310] The AACAuth includes Nonce. REQ Nonce AAC EncData AAC Sig AAC and MacTag AAC Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC EncData AAC The encrypted data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_AAC1 And ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_AAC1 These should be equal to the corresponding fields in ASVeri. Sig AAC The signature data includes the Sig in AACAuth. AAC Other fields mentioned earlier; MacTag AAC This is an optional field, and its calculation is as described above.

[0311] S811, after receiving the AACAuth, REQ performs the following operations, including:

[0312] (1) If a Nonce exists in AACAuth REQ Then check the Nonce. REQ Nonce generated with REQ REQ Are they the same? If a Nonce exists in AACAuth... AAC Then check the Nonce. AAC Nonce in AACInit AAC Are they the same?

[0313] (2) If MacTag exists in AACAuth AAC Then verify MacTag AAC The verification process is the same as... Figure 7 Description in the embodiments;

[0314] (3) Decrypt EncData using the message encryption key and a symmetric encryption algorithm.AAC Get ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_AAC1 ;

[0315] (4) ID REQ ⊕Nonce REQID With Nonce REQID Perform an XOR operation to recover the ID REQ Check the recovered ID REQ With REQ's own identity ID REQ Check if they are the same, then check the Nonce. REQ Nonce generated with REQ REQ Are they the same?

[0316] (5) Verify Sig using AS-AAC public key AS_AAC1 And, using the decrypted Pub AAC Cert in AAC Verify Sig AAC ;

[0317] (6) If any of the above checks and verifications fail, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the verification process.

[0318] (7) Calculate EncData using the message encryption key REQ ;

[0319] (8) Calculate MacTag REQ Its calculation process is the same as... Figure 7 Description in the embodiments.

[0320] S812, REQ sends the fourth authentication response message REQAuth to AAC.

[0321] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncDataREQ The encrypted data includes Nonce REQPub And Nonce REQPub It should be equal to the Nonce generated by REQ. REQPub .

[0322] S813. After receiving the REQAuth, AAC performs the following operations:

[0323] (1) If a Nonce exists in REQAuth REQ Then check the Nonce. REQ With the Nonce in the received REQInit REQ Are they the same? If a Nonce exists in REQAuth. AAC Then check the Nonce. AAC Nonce generated by AAC AAC Are they the same?

[0324] (2) Verify MacTag REQ The verification process is the same as... Figure 7 Description in the embodiments;

[0325] (3) Decrypt EncData using the message encryption key and a symmetric encryption algorithm. REQ Get Nonce REQPub ;

[0326] (4) Nonce REQPub With Pub REQ ⊕Nonce REQPub Perform an XOR operation to restore Pub REQ ;

[0327] (5) After all the above checks and verifications are passed, according to Pub REQ Res in REQ Determine the REQ's identity authentication result; if any step of the above checks and verifications fails, discard the REQAuth immediately.

[0328] It should be noted that Sig is calculated in S809. AAC The operation can also be changed to be executed first in S806, that is, in S806, AAC first processes REQInit and ID in AACVeri. AAC and Cert AAC Perform signature calculation to generate Sig AAC Therefore, the S806 AACVeri also includes Sig AAC In S807, AS-AAC also needs to verify Sig. AACAfter successful verification, subsequent operations are performed; in this case, AAC in S809 does not need to calculate Sig. AAC Accordingly, S810's AACAuth does not include Sig. AAC In S811, REQ no longer verifies Sig. AAC At this time, Pub AAC Cert may not be included. AAC .

[0329] See Figure 9 This is an embodiment of an identity authentication method in roaming scenarios. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier to implement in engineering. Specifically, the digital signature Sig of REQ... REQ Verified by AAC, the method includes:

[0330] S901, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .

[0331] S902, AAC sends a key request message AACInit to REQ.

[0332] The AACInit includes Nonce AAC KeyInfo AAC Security capabilities AAC and ID AS_AAC Among them, security capabilities AAC Optional field; ID AS_AAC This is an optional field, representing the identity of at least one authentication server trusted by AAC, used to enable REQ to determine the identity of the authentication server based on the ID. AS_AAC Determine if a mutually trusted authentication server exists (the same applies below).

[0333] S903, REQ generates Nonce REQ KeyInfo REQ Nonce REQID and Nonce REQPub Generate security capabilities as needed REQ and ID AS_REQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce.AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; the ciphertext EncPub of the REQ's identity information is calculated using the public key of the encryption certificate. AS ; Calculate Sig REQ .

[0334] S904, REQ sends the encrypted identity message REQInit to AAC.

[0335] The REQInit includes Nonce AAC Nonce REQ ID AS_REQ KeyInfo REQ EncPub AS Security capabilities REQ and Sig REQ Among them, Nonce AAC ID AS_REQ and security capabilities REQ It is an optional field, and Nonce AAC It should equal the corresponding field in AACInit. (EncPub) AS The encrypted data includes ID REQ Cert REQ Nonce REQID and Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier, when Nonce is not included in REQInit. AAC At that time, Sig REQ The signature data also includes the Nonce from AACInit. AAC Field. ID AS_REQ The identity identifier of at least one authentication server representing REQ trust, when an ID exists in AACInit. AS_AAC At that time, REQ will try to select at least one authentication server from its trusted authentication servers that matches the ID. AS_AAC The same authentication server in the middle as ID AS_REQ If the choice fails, at least one authentication server trusted by the user will be used as the ID. AS_REQ When the ID does not exist in AACInit AS_AAC At that time, REQ uses at least one authentication server it trusts as its ID. AS_REQ (The same applies below.)

[0336] S905. After receiving the REQInit, AAC performs the following operations, including:

[0337] (1) If a Nonce exists in REQInit AAC Then check the Nonce. AAC Nonce generated by AAC AAC Check if they are the same; if they are different, discard REQInit.

[0338] (2) Based on the KeyInfo AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; this calculation can also be performed only when AAC requires the use of the message encryption key and / or message integrity verification key.

[0339] (3) If REQInit carries ID AS_REQ And AACInit carries an ID AS_AAC Then AAC determines ID AS_REQ and ID AS_AAC If at least one identical authentication server identity exists, it indicates a non-roaming scenario. AAC determines the first authentication server to participate in authentication from among the identity identifiers of at least one authentication server commonly trusted by both REQ and AAC. If no such server exists, it indicates a roaming scenario, and AAC needs to determine the first authentication server based on the ID. AS_AAC Determine the first authentication server AS-AAC involved in identity authentication and set the ID. AS_REQ Send to AS-AAC so that AS-AAC can use the ID AS_REQ Determine the second authentication server AS-REQ; or,

[0340] If REQInit carries an ID AS_REQ However, AACInit does not carry an ID. AS_AAC Then AAC determines ID AS_REQIf at least one authentication server with the same identity identifier exists as the authentication server trusted by AAC, then in a non-roaming scenario, AAC determines the first authentication server to participate in identity authentication from among the identity identifiers of at least one authentication server commonly trusted by both REQ and AAC. If not, then in a roaming scenario, AAC needs to determine the first authentication server AS-AAC to participate in identity authentication based on its own trusted authentication servers, and then record the ID. AS_REQ Send to AS-AAC so that AS-AAC can use the ID AS_REQ Determine the second authentication server AS-REQ;

[0341] It should be noted that the result determined in this embodiment should be the roaming status.

[0342] S906, AAC sends the first authentication request message AACVeri to AS-AAC.

[0343] The AAC Veri includes EncPub AS Nonce REQ ID AS_REQ ID AAC Cert AAC and Nonce AAC Among them, ID AS_REQ It is an optional field, and Nonce REQ ID AS_REQ They should be equal to the corresponding fields in REQInit; Nonce AAC It should be equal to the Nonce generated by AAC. AAC .

[0344] After receiving the AACVeri, S907 and AS-AAC perform the following operations, including:

[0345] (1) Verify Cert AAC The legitimacy of Res AAC According to Cert AAC and Res AAC Information generated in Pub AAC ;

[0346] (2) If ID exists in AACVeri AS_REQ Then AS-AAC is based on ID AS_REQ Determine the second authentication server AS-REQ; if it does not exist, it means that AS-AAC has already confirmed AS-REQ.

[0347] (3) Calculate the third digital signature Sig AS_AAC3 .

[0348] S908, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.

[0349] The AS-AACVeri includes EncPub AS Nonce REQ ID AAC Nonce AAC Pub AAC and Sig AS_AAC3 Among them, EncPub AS Nonce REQ ID AAC Nonce AAC They should be equal to the corresponding fields in AACVeri; Sig AS_AAC3 The signature data includes Sig in AS-AACVeri. AS_AAC3 Other fields mentioned earlier.

[0350] After receiving the AS-AACVeri, S909 and AS-REQ use the AS-AAC public key to verify Sig. AS_AAC3 .

[0351] If the verification passes, execute S910.

[0352] S910 and AS-REQ send a decryption request message AS-REQReq to CS-DEC.

[0353] The AS-REQReq includes EncPub AS Among them, EncPub AS It should be equal to the corresponding field in AS-AACVeri.

[0354] S911, CS-DEC decryption of EncPub AS Get Cert REQ ID REQ Nonce REQID Nonce REQPub .

[0355] S912 and CS-DEC send a decryption response message CS-DECRep to AS-REQ.

[0356] The CS-DECRep includes the decrypted Cert. REQ ID REQ Nonce REQID and Nonce REQPub Among them, Cert REQ ID REQ Nonce REQID NonceREQPub It should be equal to the corresponding field in AS-AACVeri.

[0357] S913, after receiving the CS-DECRep, AS-REQ performs the following operations, including:

[0358] (1) Verify Cert REQ The legitimacy of Res REQ According to Cert REQ and Res REQ Information generated in Pub REQ ; For ID REQ and Nonce REQID Generate ID by performing an XOR operation REQ ⊕Nonce REQID For Pub REQ and Nonce REQPub Generate Pub by performing XOR operation REQ ⊕Nonce REQPub ;

[0359] (2) For including ID REQ ⊕Nonce REQID Nonce REQ Pub AAC The information, including the first digital signature Sig, is used to generate the first digital signature. AS_REQ1 For including ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub The information, including the signature calculation, generates the fourth digital signature Sig. AS_REQ4 .

[0360] S914, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.

[0361] The AS-REQVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_REQ1 ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_REQ4 Among them, ID REQ Nonce REQID Nonce REQPub They should be equal to the corresponding fields in CS-DECRep; NonceREQ ID AAC Nonce AAC Pub AAC They should be equal to the corresponding fields in AS-AACVeri respectively.

[0362] S915 and AS-AAC use the public key of AS-REQ to verify the Sig. AS_REQ4 If the verification passes, then for the ID... AAC Nonce AAC Pub REQ ⊕Nonce REQPub The information included is used to perform signature calculations to generate a second digital signature, Sig. AS_AAC2 .

[0363] S916, AS-AAC sends the first authentication response message ASVeri to AAC.

[0364] The ASVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_REQ1 ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_AAC2 Among them, ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_REQ1 ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub All are from AS-REQVeri.

[0365] S917. After receiving the ASVeri, the AAC performs the following operations, including:

[0366] (1) Check ID AAC and Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;

[0367] (2) Verify Sig using AS-AAC public key AS_AAC2 ;

[0368] (3) If the above checks and verifications pass, then use the message encryption key to calculate EncData. AAC If any step of the above checks and verifications fails, ASVeri should be discarded immediately.

[0369] (4) Calculate Sig AAC ;

[0370] (5) Calculate MacTag as needed AAC .

[0371] S918, AAC sends a third authentication response message AACAuth to REQ.

[0372] The AACAuth includes Nonce. REQ Nonce AAC EncData AAC Sig AAC and MacTag AAC Among them, Sig AAC The signature data includes the Sig in AACAuth. AAC Other fields previously; Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC EncData AAC The encrypted data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_REQ1 , where ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_REQ1 They should be equal to the corresponding fields in ASVeri. MacTag AAC This is an optional field, and its calculation is as follows: Figure 7 As described in the embodiments.

[0373] After receiving the AACAuth, S919 and REQ perform the following operations, including:

[0374] (1) If a Nonce exists in AACAuth REQ Then check the Nonce. REQ Nonce generated with REQ REQ Are they the same? If a Nonce exists in AACAuth... AACThen check the Nonce. AAC Nonce in AACInit AAC Are they the same?

[0375] (2) If MacTag exists in AACAuth AAC Then verify MacTag AAC The verification process is as follows: Figure 7 As described in the embodiments;

[0376] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm. AAC Get ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_REQ1 ;

[0377] (4) ID REQ ⊕Nonce REQID With Nonce REQID Perform an XOR operation to recover the ID REQ Check the recovered ID REQ Is it related to REQ's own identity ID? REQ Same; check Nonce REQ Is it related to the Nonce generated by REQ? REQ same;

[0378] (5) Verify Sig using the public key of AS-REQ AS_REQ1 And, using the decrypted Pub AAC Cert in AAC Verify Sig AAC ;

[0379] (6) If any of the above checks and verifications fail, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the current verification process.

[0380] (7) Calculate EncData using the message encryption key REQ ;

[0381] (8) Calculate MacTag REQ The calculation process is as follows: Figure 7 As described in the embodiments.

[0382] S920 and REQ send the fourth authentication response message REQAuth to AAC.

[0383] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC ;EncData REQ The encrypted data includes Nonce REQPub And Nonce REQPub It should be equal to the Nonce generated by REQ. REQPub .

[0384] S921. After receiving the REQAuth, AAC performs the following operations, including:

[0385] (1) If a Nonce exists in REQAuth REQ Then check the Nonce. REQ With the Nonce in the received REQInit REQ Are they the same? If a Nonce exists in REQAuth. AAC Then check the Nonce. AAC Nonce generated by AAC AAC Are they the same?

[0386] (2) Verify MacTag REQ The verification process is as follows: Figure 7 As described in the embodiments;

[0387] (3) Decrypt EncData using the message encryption key and a symmetric encryption algorithm. REQ Get Nonce REQPub ;

[0388] (4) Nonce REQPub With Pub REQ ⊕Nonce REQPub Perform an XOR operation to restore Pub REQ ;

[0389] (5) Using Pub REQ Cert in REQ Verify Sig REQ ;

[0390] (6) After all the above checks and verifications are passed, according to Pub REQ Res inREQ Determine the REQ's identity authentication result; if any step of the above checks and verifications fails, discard the REQAuth immediately.

[0391] It should be noted that (1) the REQInit of S904 may not include Sig. REQ In S920's REQAuth, add Sig REQ In S920, REQ first checks the Nonce in REQAuth. AAC Nonce REQ EncData REQ The information, including the signature calculation, generates the Sig. REQ In this case, the Sig verified in S921 REQ For the Sig in REQAuth REQ (2) Calculate Sig in S917 AAC The operation can also be changed to be executed first in S906, that is, in S906, AAC first processes EncPub. AS Nonce REQ ID AS_REQ ID AAC Cert AAC and Nonce AAC The information, including the signature calculation, generates the Sig. AAC Therefore, the S906 AACVeri also includes Sig AAC In S907, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations are performed; in this case, AAC in S917 does not need to calculate Sig. AAC Accordingly, S918's AACAuth does not include Sig. AAC In S919, REQ no longer verifies Sig. AAC At this time, Pub AAC Cert may not be included. AAC .

[0392] See Figure 10 This is another embodiment of the identity authentication method in roaming scenarios. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is easier to implement in engineering. Sig... REQ Verified by AS-REQ, the method includes:

[0393] S1001, AAC generates Nonce AAC and KeyInfo AACGenerate security capabilities as needed AAC .

[0394] S1002, AAC sends a key request message AACInit to REQ.

[0395] The AACInit includes Nonce AAC KeyInfo AAC Security capabilities AAC and ID AS_AAC Among them, security capabilities AAC With ID AS_AAC This is an optional field.

[0396] S1003, REQ generates Nonce REQ KeyInfo REQ Nonce REQID and Nonce REQPub Generate security capabilities as needed REQ and ID AS_REQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm. The ciphertext EncPub of the REQ's identity information is then calculated using the public key of the encryption certificate. AS ; Calculate Sig REQ .

[0397] S1004, REQ sends the encrypted identity message REQInit to AAC.

[0398] The REQInit includes EncPub AS Nonce AAC Nonce REQ ID AS_REQ KeyInfo REQ Security capabilities REQ and Sig REQ Among them, Nonce AACIt should equal the corresponding field in AACInit; Securitycapabilities REQ and ID AS_REQ This is an optional field. (EncPub) AS The encrypted data includes ID REQ Cert REQ Nonce REQID Nonce REQPub ;Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier.

[0399] S1005. After receiving the REQInit, AAC performs the following operations, including:

[0400] (1) Check the Nonce in REQInit AAC Nonce generated by AAC AAC Check if they are the same; if they are different, discard REQInit.

[0401] (2) Based on the KeyInfo AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; the calculation of the message encryption key and / or message integrity verification key can also be performed when needed later.

[0402] (3) Determine the first authentication server AS-AAC, such as Figure 9 Relevant descriptions in the embodiments;

[0403] It should be noted that the result determined in this embodiment should be the roaming status.

[0404] S1006, AAC sends the first authentication request message AACVeri to AS-AAC.

[0405] The AACVeri includes REQInit and ID. AAC Cert AAC .

[0406] S1007. After receiving the AACVeri, AS-AAC performs the following operations, including:

[0407] (1) Verify Cert AAC The legitimacy of Res AAC According to Cert AAC and Res AAC Information generated in Pub AAC ;

[0408] (2) Determine the second authentication server AS-REQ as follows Figure 9 Relevant descriptions in the embodiments;

[0409] (3) Calculate the third digital signature Sig AS_AAC3 .

[0410] S1008, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.

[0411] The AS-AACVeri includes REQInit and ID. AAC Pub AAC and Sig AS_AAC3 Among them, REQInit and ID AAC They should be equal to REQInit and ID in AACVeri, respectively. AAC Sig AS_AAC3 The signature data includes Sig in AS-AACVeri. AS_AAC3 Other fields mentioned earlier.

[0412] S1009 and AS-REQ, after receiving the AS-AACVeri, verify Sig using the AS-AAC public key. AS_AAC3 .

[0413] If the verification passes, proceed to step S1010.

[0414] S1010 and AS-REQ send a decryption request message AS-REQReq to CS-DEC.

[0415] The AS-REQReq includes EncPub AS Among them, EncPub AS It should be equal to the corresponding field in AS-AACVeri.

[0416] S1011, CS-DEC decryption of EncPub AS Get Cert REQ ID REQ Nonce REQID Nonce REQPub .

[0417] S1012, CS-DEC sends a decryption response message CS-DECRep to AS-REQ.

[0418] The CS-DECRep includes the decrypted Cert. REQ ID REQ Nonce REQID Nonce REQPub Among them, Cert REQ ID REQ Nonce REQID Nonce REQPub It should be equal to the corresponding field in AS-AACVeri.

[0419] S1013. After receiving the CS-DECRep, AS-REQ performs the following operations, including:

[0420] (1) Using Cert REQ Verify the Sig REQ If the verification fails, discard CS-DECRep.

[0421] (2) Verify Cert REQ The legitimacy of Res REQ According to Res REQ Information generated in Pub REQ ; For ID REQ and Nonce REQID Generate ID by performing an XOR operation REQ ⊕Nonce REQID For Pub REQ and Nonce REQPub Generate Pub by performing XOR operation REQ ⊕Nonce REQPub ;

[0422] (3) For ID REQ ⊕Nonce REQID Nonce REQ Pub AAC The information, including the first digital signature Sig, is used to generate the first digital signature. AS_REQ1 For including ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub The information, including the signature calculation, generates the fourth digital signature Sig. AS_REQ4 .

[0423] S1014, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.

[0424] The AS-REQVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_REQ1 ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_REQ4 Among them, ID REQ Nonce REQID Nonce REQPub They should be equal to the corresponding fields in CS-DECRep; Nonce REQ ID AAC Nonce AAC Pub AAC They should be equal to the corresponding fields in AS-AACVeri, respectively.

[0425] S1015, AS-AAC uses the public key of AS-REQ to verify the Sig. AS_REQ4 If the verification passes, then for the ID... AAC Nonce AAC Pub REQ ⊕Nonce REQPub The information, including the signature calculation, generates a second digital signature Sig. AS_AAC2 .

[0426] S1016, AS-AAC sends the first authentication response message ASVeri to AAC.

[0427] The ASVeri includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_REQ1 ID AAC Nonce AAC Pub REQ ⊕Nonce REQPub and Sig AS_AAC2 Among them, ID REQ ⊕Nonce REQID Nonce REQ Pub AAC Sig AS_REQ1 ID AAC Nonce AAC Pub REQ ⊕Nonce REQPubAll are from AS-REQVeri.

[0428] S1017. After receiving the ASVeri, the AAC performs the following operations, including:

[0429] (1) Check ID AAC and Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;

[0430] (2) Verify Sig using AS-AAC public key AS_AAC2 ;

[0431] (3) If the above checks and verifications pass, then use the message encryption key to calculate EncData. AAC If any step of the above checks and verifications fails, the ASVeri should be discarded immediately.

[0432] (4) Calculate Sig AAC ;

[0433] (5) Calculate MacTag as needed AAC .

[0434] S1018, AAC sends a third authentication response message AACAuth to REQ.

[0435] The AACAuth includes Nonce. REQ Nonce AAC EncData AAC Sig AAC and MacTag AAC Among them, Sig AAC The signature data includes the Sig in AACAuth. AAC Other fields previously; Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC EncData AAC The encrypted data includes ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_REQ1 , where ID REQ ⊕Nonce REQID Nonce REQ Pub AACand Sig AS_REQ1 They should be equal to the corresponding fields in ASVeri. MacTag AAC This is an optional field, and its calculation is as follows: Figure 7 As described in the embodiments.

[0436] S1019. After receiving the AACAuth, REQ performs the following operations, including:

[0437] (1) If a Nonce exists in AACAuth REQ Then check the Nonce. REQ Nonce generated with REQ REQ Are they the same? If a Nonce exists in AACAuth... AAC Then check the Nonce. AAC Nonce in AACInit AAC Are they the same?

[0438] (2) If MacTag exists in AACAuth AAC Then verify MacTag AAC The verification process is as follows: Figure 7 As described in the embodiments;

[0439] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm. AAC Get ID REQ ⊕Nonce REQID Nonce REQ Pub AAC and Sig AS_REQ1 ;

[0440] (4) ID REQ ⊕Nonce REQID With Nonce REQID Perform an XOR operation to recover the ID REQ Check the recovered ID REQ Is it consistent with REQ's own identity ID? REQ Same; check Nonce REQ Is it related to the Nonce generated by REQ? REQ same;

[0441] (5) Verify Sig using the public key of AS-REQ AS_REQ1 And, using the decrypted Pub AAC Cert in AAC Verify Sig AAC ;

[0442] (6) If any of the above checks and verifications fail, AACAuth is immediately discarded; if all the above checks and verifications pass, AACAuth is discarded according to Pub. AAC Res in AAC Determine the identity verification result of AAC; if AAC is determined to be illegitimate, end the current verification process.

[0443] (7) Calculate EncData using the message encryption key REQ ;

[0444] (8) Calculate MacTag REQ The calculation process is as follows: Figure 7 As described in the embodiments.

[0445] S1020, REQ sends the fourth authentication response message REQAuth to AAC.

[0446] The REQAuth includes a Nonce. AAC Nonce REQ EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub And Nonce REQPub It should be equal to the Nonce generated by REQ. REQPub .

[0447] S1021. After receiving the REQAuth, AAC performs the following operations, including:

[0448] (1) If a Nonce exists in REQAuth REQ Then check the Nonce. REQ With the Nonce in the received REQInit REQ Are they the same? If a Nonce exists in REQAuth. AAC Check the Nonce AAC Nonce generated by AAC AAC Are they the same?

[0449] (2) Verify MacTag REQ The verification process is as follows: Figure 7 As described in the embodiments;

[0450] (3) Decrypt EncData using the message encryption key and a symmetric encryption algorithm. REQ Get Nonce REQPub ;

[0451] (4) Nonce REQPub With Pub REQ ⊕Nonce REQPub Perform an XOR operation to restore Pub REQ ;

[0452] (5) After all the above checks and verifications are passed, according to Pub REQ Res in REQ Determine the REQ's identity authentication result; if any step of the above checks and verifications fails, discard the REQAuth immediately.

[0453] It should be noted that Sig is calculated in S1017. AAC The operation can also be changed to be executed first in S1006, that is, in S1006, AAC first processes REQInit and ID in AACVeri. AAC Cert AAC Perform signature calculation to generate Sig AAC Therefore, S1006's AACeri also includes Sig. AAC In S1007, AS-AAC also needs to verify Sig. AAC After successful verification, subsequent operations will be performed; in this case, AAC in S1017 does not need to calculate Sig. AAC Accordingly, S1018's AACAuth does not include Sig. AAC In S1019, REQ no longer verifies Sig. AAC At this time, Pub AAC Cert may not be included. AAC .

[0454] In the above embodiments, each message may also carry a hash value. X_Y The hash value X_Y This is calculated by the sending entity X using a hash algorithm on the latest preceding message received from the peer entity Y. It is used by the peer entity Y to verify whether entity X has received the complete latest preceding message. Here, HASH... REQ_AAC The hash value calculated by REQ for the latest preceding message sent by AAC is HASH. AAC_REQ HASH represents the hash value calculated by AAC for the latest preceding message sent by the received REQ. AAC_AS-AAC HASH represents the hash value calculated by AAC for the latest preceding message received from AS-AAC.AS-AAC_AAC HASH represents the hash value calculated by AS-AAC for the latest preceding message sent by AAC. AS-AAC_AS-REQ HASH represents the hash value calculated by AS-AAC for the latest preceding message sent by AS-REQ. AS-REQ_AS-AAC This represents the hash value calculated by AS-REQ for the latest preceding message received from AS-AAC. If the message currently sent by sender entity X is the first message exchanged between entity X and entity Y, meaning that entity X has not received any preceding messages from peer entity Y, then the hash value in this message... X_Y It may not exist or be meaningless.

[0455] Correspondingly, after the peer entity Y receives a message sent by entity X, if the message contains a hash... X_Y If entity Y has not sent a preceding message to entity X, then entity Y ignores the hash. X_Y When entity Y has previously sent a preceding message to entity X, entity Y uses a hash algorithm to calculate a hash value locally for the latest preceding message previously sent to entity X, and then hashes it with the hash value carried in the received message. X_Y If they match, proceed with the next steps; otherwise, discard or end the identification process.

[0456] In this invention, for entity X, the preceding message sent by peer entity Y to entity X refers to any message received by entity X from peer entity Y before entity X sends message M to peer entity Y; the latest preceding message sent by peer entity Y to entity X refers to the latest message received by entity X from peer entity Y before entity X sends message M to peer entity Y. If message M sent by entity X to its peer entity Y is the first message exchanged between entity X and entity Y, then there are no preceding messages sent by peer entity Y to entity X before entity X sends message M to its peer entity Y.

[0457] The above Figure 7 , Figure 8 , Figure 9 and Figure 10 The optional fields and optional operations in the corresponding embodiments are shown in the accompanying drawings. Figure 7 , Figure 8 , Figure 9 and Figure 10 The asterisk (*) indicates the content. In all the above embodiments, the order of the various contents included in the messages is not limited, and unless otherwise specified, the order in which the message receiver operates on the relevant messages and processes the contents included in the messages is not limited.

[0458] based on Figures 1 to 10 For a corresponding embodiment, seeFigure 11 This application provides an authentication access controller AAC1100, comprising:

[0459] The acquisition unit 1101 is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext is generated by encrypting encrypted data, including the digital certificate and the second key of the requesting device, using the public key of the encryption certificate.

[0460] The first sending unit 1102 is used to send a first authentication request message to a first authentication server trusted by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device and the digital certificate of the authentication access controller.

[0461] The first receiving unit 1103 is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first authentication result information. The second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using the second key. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.

[0462] The first verification unit 1104 is used to verify the second digital signature using the public key of the first authentication server;

[0463] The second sending unit 1105 is used to send a third authentication response message to the requesting device when the second digital signature is verified. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first authentication result information and the first digital signature using a message encryption key.

[0464] The second receiving unit 1106 is used to receive the fourth authentication response message sent by the requesting device. The fourth authentication response message includes a second key ciphertext, which is obtained by encrypting information including the second key using the message encryption key.

[0465] The decryption unit 1107 is used to decrypt the second key ciphertext using the message encryption key to obtain the second key, and to decrypt the second authentication result information ciphertext using the second key to obtain the second authentication result information;

[0466] The first determining unit 1108 is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.

[0467] Optionally, the authentication access controller may also include:

[0468] The third sending unit is used to send a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; the identity ciphertext message obtained by the acquisition unit 1101 also includes the key exchange parameters of the requesting device.

[0469] The calculation unit is configured to perform key exchange calculations to generate a first key based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.

[0470] Optionally, the key request message sent by the third sending unit also includes a first random number generated by the authentication access controller, and the identity ciphertext message obtained by the acquisition unit 1101 also includes a second random number generated by the requesting device;

[0471] The calculation unit is specifically used to calculate the message encryption key based on information including the first key, the first random number, and the second random number.

[0472] Optionally, the identity encrypted message acquired by the acquisition unit 1101 further includes the first random number; then the authentication access controller further includes:

[0473] The second verification unit is used to verify the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller.

[0474] If the verification passes, the computing unit then calculates the message encryption key.

[0475] Optionally, if the key request message sent by the third sending unit also includes security capability parameter information supported by the authentication access controller, then the identity ciphertext message obtained by the obtaining unit 1101 also includes a specific security policy, which is determined by the requesting device based on the security capability parameter information supported by the authentication access controller.

[0476] Optionally, the key request message sent by the third sending unit further includes the identity identifier of at least one authentication server trusted by the authentication access controller; the identity ciphertext message acquired by the acquisition unit 1101 further includes the identity identifier of at least one authentication server trusted by the requesting device; then the authentication access controller further includes:

[0477] The second determining unit is configured to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity encrypted message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.

[0478] Optionally, the identity encrypted message acquired by the acquisition unit 1101 may further include the identity identifier of at least one authentication server trusted by the requesting device; then the authentication access controller may further include:

[0479] The third determining unit is used to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.

[0480] Optionally, the first authentication request message sent by the first sending unit 1102 may further include the identity identifier of the authentication access controller and / or the first random number generated by the authentication access controller; correspondingly, the first authentication response message received by the first receiving unit 1103 may further include the identity identifier of the authentication access controller and / or the first random number.

[0481] The authentication access controller further includes:

[0482] The third verification unit is used to verify the consistency between the identity identifier of the authentication access controller in the first authentication response message and the identity identifier of the authentication access controller itself, and / or to verify the consistency between the first random number in the first authentication response message and the first random number generated by the authentication access controller. After the verification is passed, the first determination unit 1108 then determines the identity authentication result of the requesting device.

[0483] Optionally, if the identity encrypted message acquired by the acquisition unit 1101 also includes the digital signature of the requesting device, then the first determining unit 1108 is further used to determine whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, then the identity authentication result of the requesting device is determined according to the second verification result.

[0484] Optionally, the first determining unit 1108 is specifically used for:

[0485] When the second authentication result information obtained by decrypting the second authentication result information ciphertext obtained by the decryption unit 1107 also includes the digital certificate of the requesting device, when verifying the digital signature of the requesting device using the digital certificate of the requesting device, it is determined whether the digital signature of the requesting device has passed the verification based on the verification result; and / or,

[0486] The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information of the requesting device to verify the digital signature of the requesting device. If the first receiving unit 1103 receives the first authentication response message, it determines that the digital signature of the requesting device has been verified.

[0487] Optionally, the fourth authentication response message received by the second receiving unit 1106 further includes the digital signature of the requesting device, and the second authentication result information obtained by the decryption unit 1107 using the second key further includes the digital certificate of the requesting device; then, before the first determining unit 1108 determines the identity authentication result of the requesting device, the first determining unit 1108 is further used to verify the digital signature of the requesting device using the digital certificate of the requesting device in the second authentication result information. If the verification is successful, the identity authentication result of the requesting device is then determined according to the second verification result.

[0488] Optionally, the third authentication response message sent by the second sending unit 1105 further includes a first message integrity check code, which is generated by the authentication access controller using a message integrity check key to calculate and pair all fields in the third authentication response message except for the first message integrity check code; and / or,

[0489] The fourth authentication response message received by the second receiving unit 1106 also includes a second message integrity check code. This second message integrity check code is generated by the requesting device using a message integrity check key to calculate and pair all fields in the fourth authentication response message except for the second message integrity check code. Therefore, the authentication access controller further includes:

[0490] The fourth verification unit is used to verify the second message integrity verification code using the message integrity verification key. After the verification is successful, the first determination unit 1108 determines the identity authentication result of the requesting device based on the second verification result.

[0491] Optionally, the message sent by the authentication access controller to the requesting device may further include a hash value calculated by the authentication access controller for the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server may further include a hash value calculated by the authentication access controller for the latest preamble message received from the first authentication server.

[0492] See Figure 12 This application provides a request device REQ1200, including:

[0493] The first sending unit 1201 is used to send an identity ciphertext message to the authentication access controller. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext is generated by encrypting encrypted data, including the digital certificate and the second key of the requesting device, using the public key of the encryption certificate.

[0494] The first receiving unit 1202 is used to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first authentication result information and the first digital signature using a message encryption key.

[0495] The first decryption unit 1203 is used to decrypt the ciphertext of the authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature;

[0496] The first verification unit 1204 is used to verify the first digital signature using the public key of the second authentication server. If the verification passes, the first determining unit 1205 determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the first determining unit 1205 determines that the authentication result of the authentication access controller is valid, the second sending unit 1206 sends a fourth authentication response message to the authentication access controller; or...

[0497] The first verification unit 1204 is used to verify the first digital signature using the public key of the second authentication server. If the verification is successful, the second sending unit 1206 sends a fourth authentication response message to the authentication access controller, and the first determining unit 1205 determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or...

[0498] The first verification unit 1204 is used to verify the first digital signature using the public key of the second authentication server; if the first digital signature is verified, the first determination unit 1205 determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the second sending unit 1206 sends a fourth authentication response message to the authentication access controller.

[0499] The fourth authentication response message includes a second key ciphertext, which is obtained by encrypting information including the second key using the message encryption key.

[0500] Optionally, the requesting device further includes:

[0501] The second receiving unit is configured to receive a key request message sent by the authentication access controller, wherein the key request message includes key exchange parameters of the authentication access controller;

[0502] The first calculation unit is used to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.

[0503] The encrypted identity message sent by the first sending unit 1201 also includes the key exchange parameters of the requesting device.

[0504] Optionally, the key request message received by the second receiving unit may also include a first random number generated by the authentication access controller;

[0505] The first calculation unit is specifically used to calculate the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device;

[0506] The encrypted identity message sent by the first sending unit 1201 also includes the second random number.

[0507] Optionally, the key request message received by the second receiving unit further includes security capability parameter information supported by the authentication access controller; the requesting device further includes:

[0508] The second determining unit is used to determine the specific security policy used by the requesting device based on the security capability parameter information.

[0509] The encrypted identity message sent by the first sending unit 1201 also includes the specific security policy.

[0510] Optionally, the key request message received by the second receiving unit further includes the identity identifier of at least one authentication server trusted by the authentication access controller; the requesting device further includes:

[0511] The third determining unit is used to determine the identity identifier of at least one authentication server trusted by the requesting device based on the identity identifier of at least one authentication server trusted by the authentication access controller.

[0512] The encrypted identity message sent by the first sending unit 1201 also includes the identity identifier of at least one authentication server trusted by the requesting device.

[0513] Optionally, the identity ciphertext message sent by the first sending unit 1201 may also include a second random number generated by the requesting device, and / or the encrypted data of the identity information ciphertext in the identity ciphertext message may also include the identity identifier and third key of the requesting device;

[0514] The encrypted data of the authentication result information ciphertext in the third authentication response message received by the first receiving unit 1202 also includes the second random number and / or the identity identifier ciphertext of the requesting device;

[0515] The first decryption unit 1203 uses the message encryption key to decrypt the ciphertext of the authentication result information and obtains the second random number and / or the ciphertext of the identity of the requesting device.

[0516] The requesting device further includes:

[0517] The second verification unit is used to verify the consistency between the decrypted second random number and the second random number generated by the requesting device, and / or to verify the ciphertext of the requesting device's identity based on the requesting device's own identity identifier and the third key. If the verification is successful, the first determining unit 1205 then determines the identity authentication result of the authentication access controller.

[0518] Optionally, before determining the identity authentication result of the authentication access controller, the first determining unit 1205 is further configured to determine whether the digital signature of the authentication access controller has been verified. If the digital signature of the authentication access controller has been verified, the identity authentication result of the authentication access controller is then determined based on the first verification result.

[0519] Optionally, the first determining unit 1205 is specifically used for:

[0520] When the authentication access controller sends a first authentication request message to its trusted first authentication server, which also includes the digital signature of the authentication access controller, the first authentication server uses the digital certificate of the authentication access controller in the first authentication request message to verify the digital signature of the authentication access controller. If the first receiving unit 1202 receives the third authentication response message, it determines that the digital signature of the authentication access controller has been verified; and / or,

[0521] When the third authentication response message also includes the digital signature of the authentication access controller, the first authentication result information also includes the digital certificate of the authentication access controller; then the first determining unit 1205 uses the digital certificate of the authentication access controller in the first authentication result information to verify the digital signature of the authentication access controller, and determines whether the digital signature of the authentication access controller has been verified based on the verification result.

[0522] Optionally, the third authentication response message received by the first receiving unit 1202 further includes a first message integrity check code, which is generated by the authentication access controller using a message integrity check key to calculate and generate the third authentication response message, including fields other than the first message integrity check code. Then the requesting device further includes:

[0523] The third verification unit is used to verify the first message integrity verification code using the message integrity verification key. After successful verification, the first determining unit 1205 then determines the identity authentication result of the authentication access controller based on the first verification result; and / or,

[0524] The fourth authentication response message sent by the second sending unit 1206 also includes a second message integrity check code. The second message integrity check code is generated by the requesting device using a message integrity check key to calculate other fields in the fourth authentication response message besides the second message integrity check code.

[0525] Optionally, the message sent by the requesting device to the authentication access controller may also include a hash value calculated by the requesting device for the latest preceding message sent by the authentication access controller.

[0526] See Figure 13 This application provides a first authentication server AS-AAC1300, which is an authentication server trusted by the authentication access controller, and includes:

[0527] The first receiving unit 1301 is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device and the digital certificate of the authentication access controller. The encrypted identity information is generated by encrypting encrypted data, including the digital certificate of the requesting device and a second key, using the public key of the encryption certificate.

[0528] The first sending unit 1302 is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by a second authentication server trusted by the requesting device on signature data including the first authentication result information. The second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using a second key. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.

[0529] Optionally, if the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, then the first authentication server further includes:

[0530] The first decryption unit is used to decrypt the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate, so as to obtain the digital certificate of the requesting device and the second key;

[0531] The first verification unit is used to verify the legality of the digital certificate of the authentication access controller to obtain a first verification result, and to verify the legality of the digital certificate of the requesting device to obtain a second verification result.

[0532] The first generation unit is configured to generate the first authentication result information based on information including the first verification result, generate the second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate ciphertext of the second authentication result information, calculate and generate a first digital signature on signature data including the first authentication result information, calculate and generate a second digital signature on signature data including the ciphertext of the second authentication result information, and generate the first authentication response message based on information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.

[0533] Optionally, if the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, then the first authentication server further includes:

[0534] The second verification unit is used to verify the legitimacy of the digital certificate of the authentication access controller to obtain a first verification result;

[0535] The second generation unit is used to generate the first authentication result information based on information including the first verification result, and to calculate and generate a third digital signature based on the signature data including the first authentication result information and the encrypted identity information of the requesting device.

[0536] The second sending unit is used to send a second authentication request message to the second authentication server. The second authentication request message includes the first authentication result information, the encrypted identity information of the requesting device, and the third digital signature.

[0537] The second receiving unit is configured to receive a second authentication response message sent by the second authentication server. The second authentication response message includes the first authentication result information, the first digital signature, the encrypted text of the second authentication result information, and a fourth digital signature. The fourth digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the encrypted text of the second authentication result information.

[0538] The third verification unit is used to verify the fourth digital signature using the public key of the second authentication server;

[0539] The third generation unit is used to calculate and generate a second digital signature from the signature data, including the ciphertext of the second authentication result information, when the fourth digital signature verification is successful, and to generate the first authentication response message based on the information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.

[0540] Optionally, the message sent by the first authentication server to the authentication access controller may also include a hash value calculated by the first authentication server for the latest preceding message received from the authentication access controller; the message sent by the first authentication server to the second authentication server may also include a hash value calculated by the first authentication server for the latest preceding message received from the second authentication server.

[0541] See Figure 14This application provides a second authentication server AS-REQ1400, which is an authentication server requested by the device. If the first authentication server trusted by the access controller and the second authentication server requested by the device are two different authentication servers, then the second authentication server AS-REQ1400 includes:

[0542] The receiving unit 1401 is configured to receive a second authentication request message sent by the first authentication server. The second authentication request message includes first authentication result information, encrypted identity information of the requesting device, and a third digital signature. The third digital signature is a digital signature calculated by the first authentication server on signature data including the first authentication result information and the encrypted identity information of the requesting device. The encrypted identity information is generated by encrypting encrypted data including the digital certificate and second key of the requesting device using the public key of the encryption certificate.

[0543] Verification unit 1402 is used to verify the third digital signature using the public key of the first authentication server;

[0544] The decryption unit 1403 is used to decrypt the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate when the third digital signature verification is successful, so as to obtain the digital certificate of the requesting device and the second key.

[0545] The verification unit 1402 is also used to verify the legitimacy of the digital certificate of the requesting device to obtain a second verification result;

[0546] The generation unit 1404 is used to generate the second authentication result information based on the information including the second verification result, encrypt the information including the second authentication result information using the second key to generate the second authentication result information ciphertext, calculate and generate the first digital signature on the signature data including the first authentication result information, and calculate and generate the fourth digital signature on the signature data including the second authentication result information ciphertext.

[0547] The sending unit 1405 is used to send a second authentication response message to the first authentication server. The second authentication response message includes the first authentication result information, the first digital signature, the encrypted second authentication result information, and the fourth digital signature.

[0548] Optionally, the message sent by the second authentication server to the first authentication server may also include a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server.

[0549] Those skilled in the art will understand that all or part of the steps of the above method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it performs the steps of the above method embodiments. The aforementioned storage medium can be at least one of the following media: read-only memory (ROM), RAM, magnetic disk, or optical disk, etc., and other media capable of storing program code.

[0550] It should be noted that the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, for the device and system embodiments, since they are consistent with and correspond to the method embodiments, the description is relatively simple, and relevant parts can be referred to the description of the method embodiments. The device and system embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment solution according to actual needs. Those skilled in the art can understand and implement this without creative effort.

[0551] The above description is merely one specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A method for identity verification, characterized in that, The method includes: The authentication access controller obtains the identity encrypted message sent by the requesting device. The identity encrypted message includes the identity information encrypted by the requesting device. The identity information encrypted is generated by encrypting encrypted data, including the digital certificate and second key of the requesting device, using the public key of the encryption certificate. The authentication access controller sends a first authentication request message to a first authentication server it trusts. The first authentication request message includes encrypted identity information of the requesting device and the digital certificate of the authentication access controller. The authentication access controller receives a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first authentication result information. The second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using the second key. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext. The authentication access controller uses the public key of the first authentication server to verify the second digital signature. When the second digital signature is verified, it sends a third authentication response message to the requesting device. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first authentication result information and the first digital signature using a message encryption key. The requesting device uses the message encryption key to decrypt the ciphertext of the authentication result information to obtain the first authentication result information and the first digital signature; The requesting device verifies the first digital signature using the public key of the second authentication server. If the verification passes, it determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the requesting device determines that the authentication result of the authentication access controller is valid, it sends a fourth authentication response message to the authentication access controller; or... The requesting device verifies the first digital signature using the public key of the second authentication server. If the verification passes, the requesting device sends a fourth authentication response message to the authentication access controller and determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or... The requesting device uses the public key of the second authentication server to verify the first digital signature; if the first digital signature is verified, the requesting device determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the requesting device sends a fourth authentication response message to the authentication access controller. The fourth authentication response message includes a second key ciphertext, which is obtained by encrypting information including the second key using the message encryption key. After receiving the fourth authentication response message, the authentication access controller uses the message encryption key to decrypt the second key ciphertext to obtain the second key, uses the second key to decrypt the second authentication result information ciphertext to obtain the second authentication result information, and determines the identity authentication result of the requesting device based on the second verification result in the second authentication result information.

2. The method according to claim 1, characterized in that, Before the authentication access controller obtains the encrypted identity message sent by the requesting device, the method further includes: The authentication access controller sends a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; The requesting device generates a first key by performing a key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and calculates the message encryption key using a key derivation algorithm based on information including the first key. Correspondingly, the identity encrypted message also includes the key exchange parameters of the requesting device; The authentication access controller generates the first key by performing key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and calculates the message encryption key using the key derivation algorithm based on information including the first key.

3. The method according to claim 2, characterized in that, The key request message also includes a first random number generated by the authentication access controller; The specific steps involved in calculating the message encryption key by the requesting device are as follows: The requesting device calculates the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device. Correspondingly, the encrypted identity message also includes the second random number; The specific steps involved in calculating the message encryption key by the authentication access controller are as follows: The authentication access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.

4. The method according to claim 3, characterized in that, The identity-encrypted message further includes the first random number; therefore, before the authentication access controller calculates the message encryption key, the method further includes: The authentication access controller verifies the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller. If the verification passes, the authentication access controller then calculates the message encryption key.

5. The method according to claim 2, characterized in that, The key request message also includes security capability parameter information supported by the authentication access controller, and the method further includes: The requesting device determines the specific security policy to be used by the requesting device based on the security capability parameter information; The encrypted identity message also includes the specific security policy.

6. The method according to claim 2, characterized in that, The key request message further includes the identity identifier of at least one authentication server trusted by the authentication access controller; then the method further includes: The requesting device determines the identity of at least one authentication server trusted by the authentication access controller based on the identity of at least one authentication server trusted by the requesting device. The encrypted identity message further includes the identity identifier of at least one authentication server that the requesting device trusts; the method further includes: The authentication access controller determines the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity ciphertext message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.

7. The method according to claim 1, characterized in that, The encrypted identity message also includes the identity identifier of at least one authentication server that the requesting device trusts; then the method further includes: The authentication access controller determines the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.

8. The method according to claim 1, characterized in that, The encrypted data of the identity information ciphertext in the first authentication request message also includes the identity identifier of the requesting device and the third key, and the first authentication request message also includes the identity identifier of the authentication access controller; And / or, the first authentication request message further includes a second random number generated by the requesting device and a first random number generated by the authentication access controller; Correspondingly, the first authentication response message also includes the encrypted identity of the requesting device and the identity of the authentication access controller, wherein the encrypted identity of the requesting device is generated by encrypting information including the identity of the requesting device using the third key; and / or, the first authentication response message also includes the second random number and the first random number; Correspondingly, the encrypted data of the authentication result information ciphertext in the third authentication response message also includes the identity identifier ciphertext of the requesting device and / or the second random number; The method further includes: The requesting device uses the message encryption key to decrypt the ciphertext of the authentication result information to obtain the ciphertext of the requesting device's identity and / or the second random number. The requesting device verifies the ciphertext of the requesting device's identity based on its own identity and the third key, and / or verifies the consistency between the decrypted second random number and the second random number generated by the requesting device. After the verification is successful, the identity authentication result of the authentication access controller is determined. The authentication access controller performs consistency verification on the identity identifier of the authentication access controller in the first authentication response message and the identity identifier of the authentication access controller itself, and / or performs consistency verification on the first random number in the first authentication response message and the first random number generated by the authentication access controller. After the verification is successful, the authentication result of the requesting device is determined.

9. The method according to claim 1, characterized in that, If the encrypted identity message also includes the digital signature of the requesting device, then before the authentication access controller determines the identity authentication result of the requesting device, the method further includes: The authentication access controller determines whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, the authentication access controller then determines the identity authentication result of the requesting device based on the second verification result.

10. The method according to claim 9, characterized in that, The authentication access controller determines whether the digital signature of the requesting device has been verified, specifically including: If the second authentication result information also includes the digital certificate of the requesting device, then the authentication access controller uses the digital certificate of the requesting device in the second authentication result information to verify the digital signature of the requesting device, and determines whether the digital signature of the requesting device has passed verification based on the verification result; or... The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information of the requesting device to verify the digital signature of the requesting device. If the authentication access controller receives the first authentication response message, it determines that the digital signature of the requesting device has been verified.

11. The method according to claim 1, characterized in that, The fourth authentication response message also includes the digital signature of the requesting device, and the second authentication result information obtained by the authentication access controller using the second key also includes the digital certificate of the requesting device. Before the authentication access controller determines the authentication result of the requesting device, the method further includes: The authentication access controller uses the digital certificate of the requesting device in the second authentication result information to verify the digital signature of the requesting device. If the verification is successful, the authentication result of the requesting device is determined based on the second verification result.

12. The method according to claim 1, characterized in that, Before the requesting device determines the authentication result of the authentication access controller, the method further includes: The requesting device determines whether the digital signature of the authentication access controller has been verified. If the digital signature of the authentication access controller has been verified, the requesting device then determines the identity authentication result of the authentication access controller based on the first verification result.

13. The method according to claim 12, characterized in that, The requesting device determines whether the digital signature of the authentication access controller has been verified, specifically including: When the first authentication request message also includes the digital signature of the authentication access controller, the first authentication server uses the digital certificate of the authentication access controller in the first authentication request message to verify the digital signature of the authentication access controller. If the requesting device receives the third authentication response message, the requesting device determines that the digital signature of the authentication access controller has been verified successfully; or... When the third authentication response message also includes the digital signature of the authentication access controller, the first authentication result information also includes the digital certificate of the authentication access controller; then the requesting device uses the digital certificate of the authentication access controller in the first authentication result information to verify the digital signature of the authentication access controller, and determines whether the digital signature of the authentication access controller has been verified based on the verification result.

14. The method according to claim 2, characterized in that, The third authentication response message also includes a first message integrity check code, which is generated by the authentication access controller using a message integrity check key to calculate and pair all fields in the third authentication response message except for the first message integrity check code; therefore, the method further includes: The requesting device verifies the first message integrity check code using the message integrity check key. Upon successful verification, it determines the authentication result of the authentication access controller based on the first verification result; and / or, The fourth authentication response message also includes a second message integrity check code, which is generated by the requesting device using a message integrity check key to calculate and pair all fields in the fourth authentication response message except for the second message integrity check code; then the method further includes: The authentication access controller uses the message integrity verification key to verify the second message integrity verification code. After successful verification, it determines the identity authentication result of the requesting device based on the second verification result. The message integrity verification key of the authentication access controller is generated in the same way as the message encryption key of the authentication access controller; the message integrity verification key of the requesting device is generated in the same way as the message encryption key of the requesting device.

15. The method according to any one of claims 1 to 14, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, then the method further includes: The first authentication server verifies the legitimacy of the digital certificate of the authentication access controller to obtain a first verification result. It then decrypts the ciphertext of the requesting device's identity information using the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the second key. Next, it verifies the legitimacy of the digital certificate of the requesting device to obtain a second verification result. Based on information including the first verification result, it generates the first authentication result information. Based on information including the second verification result, it generates the second authentication result information. Using the second key, it encrypts the information including the second authentication result information to generate ciphertext of the second authentication result information. It calculates and generates a first digital signature on the signature data including the first authentication result information. It calculates and generates a second digital signature on the signature data including the ciphertext of the second authentication result information. Finally, it generates the first authentication response message based on information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.

16. The method according to any one of claims 1 to 14, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, then the method further includes: The first authentication server verifies the legality of the digital certificate of the authentication access controller to obtain a first verification result, generates the first authentication result information based on the information including the first verification result, and calculates and generates a third digital signature on the signature data including the first authentication result information and the encrypted identity information of the requesting device. The first authentication server sends a second authentication request message to the second authentication server. The second authentication request message includes the first authentication result information, the encrypted identity information of the requesting device, and the third digital signature. The second authentication server uses the public key of the first authentication server to verify the third digital signature. After successful verification, it uses the private key corresponding to the encryption certificate to decrypt the encrypted identity information of the requesting device to obtain the digital certificate of the requesting device and the second key. It then verifies the legality of the digital certificate of the requesting device to obtain a second verification result. Based on the information including the second verification result, it generates the second authentication result information. It uses the second key to encrypt the information including the second authentication result information to generate the encrypted second authentication result information. It calculates and generates a first digital signature on the signature data including the first authentication result information and a fourth digital signature on the signature data including the encrypted second authentication result information. The first authentication server receives a second authentication response message sent by the second authentication server. The second authentication response message includes the first authentication result information, the first digital signature, the encrypted second authentication result information, and the fourth digital signature. The first authentication server uses the public key of the second authentication server to verify the fourth digital signature. If the verification is successful, the first authentication server calculates and generates a second digital signature from the signature data, including the ciphertext of the second authentication result information, and generates the first authentication response message based on the information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.

17. The method according to any one of claims 1 to 14, characterized in that, The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device for the latest preceding message received from the authentication access controller; When the authentication access controller receives a message from the requesting device, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the authentication access controller to the requesting device also includes a hash value calculated by the authentication access controller for the latest preceding message sent by the requesting device. When the requesting device receives a message from the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the authentication access controller to the first authentication server also includes a hash value calculated by the authentication access controller for the latest preceding message received from the first authentication server; When the first authentication server receives a message from the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the first authentication server to the authentication access controller also includes a hash value of the latest preceding message received by the first authentication server from the authentication access controller; When the authentication access controller receives a message from the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the first authentication server to the second authentication server also includes a hash value calculated by the first authentication server for the latest preceding message sent by the second authentication server. When the second authentication server receives a message from the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the second authentication server to the first authentication server also includes a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server; When the first authentication server receives a message from the second authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful.

18. An authentication access controller, characterized in that, The authentication access controller includes: The acquisition unit is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device, which is generated by encrypting encrypted data including the digital certificate and second key of the requesting device using the public key of the encryption certificate. The first sending unit is configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, wherein the first authentication request message includes encrypted identity information of the requesting device and the digital certificate of the authentication access controller. The first receiving unit is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by the second authentication server trusted by the requesting device on signature data including the first authentication result information. The second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using the second key. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext. The first verification unit is used to verify the second digital signature using the public key of the first authentication server; The second sending unit is configured to send a third authentication response message to the requesting device when the second digital signature is verified. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first authentication result information and the first digital signature using a message encryption key. The second receiving unit is configured to receive a fourth authentication response message sent by the requesting device, wherein the fourth authentication response message includes a second key ciphertext, which is obtained by encrypting information including the second key using the message encryption key; The decryption unit is configured to decrypt the second key ciphertext using the message encryption key to obtain the second key, and to decrypt the second authentication result information ciphertext using the second key to obtain the second authentication result information; The first determining unit is used to determine the identity authentication result of the requesting device based on the second verification result in the second authentication result information.

19. The authentication access controller according to claim 18, characterized in that, The authentication access controller further includes: The third sending unit is used to send a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; the identity ciphertext message obtained by the acquisition unit also includes the key exchange parameters of the requesting device. The calculation unit is configured to generate a first key by performing key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.

20. The authentication access controller according to claim 19, characterized in that, The key request message sent by the third sending unit also includes a first random number generated by the authentication access controller, and the identity ciphertext message obtained by the obtaining unit also includes a second random number generated by the requesting device. The calculation unit is specifically used to calculate the message encryption key based on information including the first key, the first random number, and the second random number.

21. The authentication access controller according to claim 20, characterized in that, The identity encrypted message acquired by the acquisition unit also includes the first random number; therefore, the authentication access controller further includes: The second verification unit is used to verify the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller. If the verification passes, the computing unit then calculates the message encryption key.

22. The authentication access controller according to claim 19, characterized in that, The key request message sent by the third sending unit also includes security capability parameter information supported by the authentication access controller. Therefore, the identity ciphertext message obtained by the obtaining unit also includes a specific security policy, which is determined by the requesting device based on the security capability parameter information supported by the authentication access controller.

23. The authentication access controller according to claim 19, characterized in that, The key request message sent by the third sending unit also includes the identity identifier of at least one authentication server trusted by the authentication access controller; the identity ciphertext message obtained by the obtaining unit also includes the identity identifier of at least one authentication server trusted by the requesting device. The authentication access controller further includes: The second determining unit is configured to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device in the identity encrypted message and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.

24. The authentication access controller according to claim 18, characterized in that, The encrypted identity message acquired by the acquisition unit also includes the identity identifier of at least one authentication server that the requesting device trusts; therefore, the authentication access controller further includes: The third determining unit is used to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.

25. The authentication access controller according to claim 18, characterized in that, The first authentication request message sent by the first sending unit also includes the identity identifier of the authentication access controller and / or the first random number generated by the authentication access controller; correspondingly, the first authentication response message received by the first receiving unit also includes the identity identifier of the authentication access controller and / or the first random number; The authentication access controller further includes: The third verification unit is used to verify the consistency between the identity identifier of the authentication access controller in the first authentication response message and the identity identifier of the authentication access controller itself, and / or to verify the consistency between the first random number in the first authentication response message and the first random number generated by the authentication access controller. After the verification is passed, the first determining unit determines the identity authentication result of the requesting device.

26. The authentication access controller according to claim 18, characterized in that, The identity encrypted message acquired by the acquisition unit also includes the digital signature of the requesting device. The first determining unit is further used to determine whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, the identity authentication result of the requesting device is determined according to the second verification result.

27. The authentication access controller according to claim 26, characterized in that, The first determining unit is specifically used for: When the second authentication result information obtained by the decryption unit decrypting the second authentication result information ciphertext also includes the digital certificate of the requesting device, when the digital certificate of the requesting device is used to verify the digital signature of the requesting device, it is determined whether the digital signature of the requesting device has been verified based on the verification result; And / or, The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information of the requesting device to verify the digital signature of the requesting device. If the first receiving unit receives the first authentication response message, it determines that the digital signature of the requesting device has been verified.

28. The authentication access controller according to claim 18, characterized in that, The fourth authentication response message received by the second receiving unit also includes the digital signature of the requesting device, and the second authentication result information obtained by the decryption unit using the second key also includes the digital certificate of the requesting device; then before the first determining unit determines the identity authentication result of the requesting device, the first determining unit is also used to verify the digital signature of the requesting device using the digital certificate of the requesting device in the second authentication result information. If the verification is successful, the identity authentication result of the requesting device is then determined according to the second verification result.

29. The authentication access controller according to claim 19, characterized in that, The third authentication response message sent by the second sending unit also includes a first message integrity check code, which is generated by the authentication access controller using a message integrity check key to calculate and pair all fields in the third authentication response message except for the first message integrity check code; and / or, The fourth authentication response message received by the second receiving unit also includes a second message integrity check code, which is generated by the requesting device using a message integrity check key to calculate and pair all fields in the fourth authentication response message except for the second message integrity check code; therefore, the authentication access controller further includes: The fourth verification unit is used to verify the second message integrity verification code using the message integrity verification key. After the verification is successful, the first determining unit determines the identity authentication result of the requesting device based on the second verification result.

30. The authentication access controller according to any one of claims 18 to 29, characterized in that, The message sent by the authentication access controller to the requesting device also includes a hash value calculated by the authentication access controller for the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server also includes a hash value calculated by the authentication access controller for the latest preamble message received from the first authentication server.

31. A requesting device, characterized in that, The requesting device includes: The first sending unit is configured to send an identity ciphertext message to the authentication access controller. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext is generated by encrypting encrypted data, including the digital certificate and second key of the requesting device, using the public key of the encryption certificate. The first receiving unit is configured to receive a third authentication response message sent by the authentication access controller. The third authentication response message includes ciphertext of authentication result information, which is generated by encrypting encrypted data including the first authentication result information and the first digital signature using a message encryption key. The first decryption unit is used to decrypt the ciphertext of the authentication result information using the message encryption key to obtain the first authentication result information and the first digital signature; A first verification unit is used to verify the first digital signature using the public key of a second authentication server. If the verification passes, a first determining unit determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information. When the first determining unit determines that the authentication result of the authentication access controller is valid, a second sending unit sends a fourth authentication response message to the authentication access controller; or... The second sending unit is used to verify the first digital signature using the public key of the second authentication server. If the verification is successful, the second sending unit sends a fourth authentication response message to the authentication access controller, and the first determining unit determines the authentication result of the authentication access controller based on the first verification result in the first authentication result information; or, The first unit is used to verify the first digital signature using the public key of the second authentication server; if the first digital signature is verified, the first determining unit determines the identity authentication result of the authentication access controller based on the first verification result in the first authentication result information; the second sending unit sends a fourth authentication response message to the authentication access controller. The fourth authentication response message includes a second key ciphertext, which is obtained by encrypting information including the second key using the message encryption key.

32. The requesting device according to claim 31, characterized in that, The requesting device also includes: The second receiving unit is configured to receive a key request message sent by the authentication access controller, wherein the key request message includes key exchange parameters of the authentication access controller; The first calculation unit is used to generate a first key by performing key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and to calculate the message encryption key using a key derivation algorithm based on information including the first key. The encrypted identity message sent by the first sending unit also includes the key exchange parameters of the requesting device.

33. The requesting device according to claim 32, characterized in that, The key request message received by the second receiving unit also includes a first random number generated by the authentication access controller; The first calculation unit is specifically used to calculate the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device; The encrypted identity message sent by the first sending unit also includes the second random number.

34. The requesting device according to claim 32, characterized in that, The key request message received by the second receiving unit also includes security capability parameter information supported by the authentication access controller; The requesting device also includes: The second determining unit is used to determine the specific security policy used by the requesting device based on the security capability parameter information. The encrypted identity message sent by the first sending unit also includes the specific security policy.

35. The requesting device according to claim 32, characterized in that, The key request message received by the second receiving unit also includes the identity identifier of at least one authentication server trusted by the authentication access controller; The requesting device also includes: The third determining unit is used to determine the identity identifier of at least one authentication server trusted by the requesting device based on the identity identifier of at least one authentication server trusted by the authentication access controller. The encrypted identity message sent by the first sending unit also includes the identity identifier of at least one authentication server trusted by the requesting device.

36. The requesting device according to claim 31, characterized in that, The identity ciphertext message sent by the first sending unit also includes a second random number generated by the requesting device, and / or the encrypted data of the identity information ciphertext in the identity ciphertext message also includes the identity identifier and third key of the requesting device; The encrypted data of the authentication result information ciphertext in the third authentication response message received by the first receiving unit also includes the second random number and / or the identity identifier ciphertext of the requesting device; The first decryption unit uses the message encryption key to decrypt the ciphertext of the authentication result information and obtains the second random number and / or the ciphertext of the identity of the requesting device; The requesting device further includes: The second verification unit is used to verify the consistency between the decrypted second random number and the second random number generated by the requesting device, and / or to verify the ciphertext of the requesting device's identity based on the requesting device's own identity identifier and the third key. If the verification is successful, the first determining unit then determines the identity authentication result of the authentication access controller.

37. The requesting device according to claim 32, characterized in that, Before determining the identity authentication result of the authentication access controller, the first determining unit is also used to determine whether the digital signature of the authentication access controller has been verified. If the digital signature of the authentication access controller has been verified, the first determining unit then determines the identity authentication result of the authentication access controller based on the first verification result.

38. The requesting device according to claim 37, characterized in that, The first determining unit is specifically used for: When the authentication access controller sends a first authentication request message to its trusted first authentication server, and the message includes the digital signature of the authentication access controller, the first authentication server uses the digital certificate of the authentication access controller in the first authentication request message to verify the digital signature of the authentication access controller. If the first receiving unit receives the third authentication response message, it determines that the digital signature of the authentication access controller has been verified; and / or, When the third authentication response message also includes the digital signature of the authentication access controller, the first authentication result information also includes the digital certificate of the authentication access controller; then the first determining unit uses the digital certificate of the authentication access controller in the first authentication result information to verify the digital signature of the authentication access controller, and determines whether the digital signature of the authentication access controller has been verified based on the verification result.

39. The requesting device according to claim 32, characterized in that, The third authentication response message received by the first receiving unit also includes a first message integrity check code, which is generated by the authentication access controller using a message integrity check key to calculate and pair all fields in the third authentication response message except for the first message integrity check code; then the requesting device further includes: The third verification unit is used to verify the first message integrity verification code using the message integrity verification key. After successful verification, the first determining unit then determines the identity authentication result of the authentication access controller based on the first verification result; and / or, The fourth authentication response message sent by the second sending unit also includes a second message integrity check code. The second message integrity check code is generated by the requesting device using a message integrity check key to calculate other fields in the fourth authentication response message besides the second message integrity check code.

40. The requesting device according to any one of claims 31 to 39, characterized in that, The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device for the latest preceding message received from the authentication access controller.

41. A first authentication server, characterized in that, The first authentication server is an authentication server trusted by the authentication access controller, including: The first receiving unit is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device and the digital certificate of the authentication access controller. The encrypted identity information is generated by encrypting encrypted data, including the digital certificate of the requesting device and a second key, using the public key of the encryption certificate. A first sending unit is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes first authentication result information, a first digital signature, second authentication result information ciphertext, and a second digital signature. The first authentication result information includes a first verification result of the digital certificate of the authentication access controller. The first digital signature is a digital signature calculated by a second authentication server trusted by the requesting device on signature data including the first authentication result information. The second authentication result information ciphertext is obtained by encrypting information including the second authentication result information using a second key. The second authentication result information includes a second verification result of the digital certificate of the requesting device. The second digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information ciphertext.

42. The first authentication server according to claim 41, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, then the first authentication server further includes: The first decryption unit is used to decrypt the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate, so as to obtain the digital certificate of the requesting device and the second key; The first verification unit is used to verify the legality of the digital certificate of the authentication access controller to obtain a first verification result, and to verify the legality of the digital certificate of the requesting device to obtain a second verification result. The first generation unit is configured to generate the first authentication result information based on information including the first verification result, generate the second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate ciphertext of the second authentication result information, calculate and generate a first digital signature on signature data including the first authentication result information, calculate and generate a second digital signature on signature data including the ciphertext of the second authentication result information, and generate the first authentication response message based on information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.

43. The first authentication server according to claim 41, characterized in that, If the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, then the first authentication server further includes: The second verification unit is used to verify the legitimacy of the digital certificate of the authentication access controller to obtain a first verification result; The second generation unit is used to generate the first authentication result information based on information including the first verification result, and to calculate and generate a third digital signature based on the signature data including the first authentication result information and the encrypted identity information of the requesting device. The second sending unit is used to send a second authentication request message to the second authentication server. The second authentication request message includes the first authentication result information, the encrypted identity information of the requesting device, and the third digital signature. The second receiving unit is configured to receive a second authentication response message sent by the second authentication server. The second authentication response message includes the first authentication result information, the first digital signature, the encrypted text of the second authentication result information, and a fourth digital signature. The fourth digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the encrypted text of the second authentication result information. The third verification unit is used to verify the fourth digital signature using the public key of the second authentication server; The third generation unit is used to calculate and generate a second digital signature from the signature data, including the ciphertext of the second authentication result information, when the fourth digital signature verification is successful, and to generate the first authentication response message based on the information including the first authentication result information, the first digital signature, the ciphertext of the second authentication result information, and the second digital signature.

44. The first authentication server according to any one of claims 41 to 43, characterized in that, The message sent by the first authentication server to the authentication access controller also includes a hash value calculated by the first authentication server for the latest preamble message received from the authentication access controller; the message sent by the first authentication server to the second authentication server also includes a hash value calculated by the first authentication server for the latest preamble message received from the second authentication server.

45. A second authentication server, characterized in that, The second authentication server is the authentication server requesting device trust. If the first authentication server trusted by the access controller and the second authentication server requesting device trust are two different authentication servers, then the second authentication server includes: The receiving unit is configured to receive a second authentication request message sent by the first authentication server. The second authentication request message includes first authentication result information, encrypted identity information of the requesting device, and a third digital signature. The third digital signature is a digital signature calculated and generated by the first authentication server on signature data including the first authentication result information and the encrypted identity information of the requesting device. The encrypted identity information is generated by encrypting encrypted data including the digital certificate and second key of the requesting device using the public key of the encryption certificate. The verification unit is used to verify the third digital signature using the public key of the first authentication server; The decryption unit is used to decrypt the ciphertext of the identity information of the requesting device using the private key corresponding to the encryption certificate when the third digital signature verification is successful, so as to obtain the digital certificate of the requesting device and the second key. The verification unit is also used to verify the legality of the digital certificate of the requesting device to obtain a second verification result; The generation unit is configured to generate second authentication result information based on information including the second verification result, encrypt the information including the second authentication result information using the second key to generate second authentication result information ciphertext, calculate and generate a first digital signature on the signature data including the first authentication result information, and calculate and generate a fourth digital signature on the signature data including the second authentication result information ciphertext. The sending unit is configured to send a second authentication response message to the first authentication server, wherein the second authentication response message includes the first authentication result information, the first digital signature, the encrypted second authentication result information, and the fourth digital signature.

46. ​​The second authentication server according to claim 45, characterized in that, The message sent by the second authentication server to the first authentication server also includes a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server.