A method and apparatus for identity authentication
By introducing an authentication server into the communication network to encrypt the identity information of the requesting device, the problem of malicious interception of identity information is solved, and the confidential transmission of identity information and the authentication of legitimate users are realized, thereby improving network security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA IWNCOMM
- Filing Date
- 2020-12-26
- Publication Date
- 2026-06-05
AI Technical Summary
In communication networks, the identity information of requesting devices can be easily intercepted maliciously during the authentication process, leading to security risks, especially since private and sensitive information contained in digital certificates may be illegally used.
An authentication server is introduced, which uses the public key of the encryption certificate to encrypt the digital certificate of the requesting device and the protection random number to generate ciphertext of identity information. The trusted authentication server is then used to perform one-way identity authentication, ensuring the security of the authentication result information during transmission.
It achieves confidentiality of identity information during transmission, prevents leakage of private information, and ensures that only legitimate users can access the network through authentication server verification, thereby improving network security.
Smart Images

Figure CN114760046B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of network communication security technology, and in particular to an identity authentication method and apparatus. Background Technology
[0002] In communication networks, requesting devices can access the network through an authentication access controller. In situations with high security requirements, the authentication access controller needs to authenticate the identity of the requesting device to ensure that the requesting device is a legitimate user. Furthermore, peer-to-peer transmission in blockchain technology also requires establishing trust relationships between different nodes; therefore, node authentication is also crucial.
[0003] During the authentication process for a requesting device, the requesting device needs to provide its own identity information for verification. However, this identity information typically carries private and sensitive information such as ID card numbers, home addresses, and bank card information. Furthermore, in practice, this identity information is usually contained within the entity's digital certificate, which serves as the entity's identity credential. If the requesting device's identity information is maliciously intercepted and used for illegal purposes during the authentication process, it will pose a significant security risk to the authentication access controller, the requesting device, and the network. Summary of the Invention
[0004] To address the aforementioned technical issues, this application provides an identity authentication method and apparatus. By introducing an authentication server, the confidentiality of entity identity-related information is ensured while enabling one-way identity authentication of the requesting device by the authentication access controller.
[0005] In a first aspect, embodiments of this application provide an identity authentication method, including:
[0006] The authentication access controller obtains the identity encrypted message sent by the requesting device. The identity encrypted message includes the identity information encrypted by the requesting device. The identity information encrypted is generated by encrypting information including the digital certificate of the requesting device and the protection random number using the public key of the encryption certificate.
[0007] The authentication access controller sends a first authentication request message to a first authentication server it trusts, the first authentication request message including encrypted identity information of the requesting device;
[0008] The authentication access controller receives a first authentication response message sent by the first authentication server. The first authentication response message includes ciphertext of authentication result information and the digital signature of the first authentication server. The ciphertext of authentication result information is generated by a second authentication server trusted by the requesting device, which uses the protection random number obtained by decrypting the ciphertext of identity information to encrypt information including the identity authentication result information of the requesting device. The identity authentication result information includes the verification result of the digital certificate of the requesting device obtained by decrypting the ciphertext of identity information.
[0009] The authentication access controller uses a message encryption key to decrypt the ciphertext of the protection random number obtained from the requesting device to obtain the protection random number, and uses the protection random number to decrypt the ciphertext of the authentication result information to obtain the identity authentication result information of the requesting device; the ciphertext of the protection random number is generated by the requesting device using the message encryption key to encrypt information including the protection random number;
[0010] The authentication access controller verifies the digital signature of the first authentication server;
[0011] After the digital signature verification by the first authentication server is successful, the authentication access controller determines the identity authentication result of the requesting device based on the verification result of the digital certificate of the requesting device in the identity authentication result information.
[0012] Secondly, embodiments of this application provide an authentication access controller, including:
[0013] The acquisition unit is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device, which is generated by encrypting information including the digital certificate of the requesting device and a protection random number using the public key of the encryption certificate.
[0014] The first sending unit is configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, wherein the first authentication request message includes encrypted identity information of the requesting device.
[0015] The first receiving unit is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes ciphertext of authentication result information and the digital signature of the first authentication server. The ciphertext of authentication result information is generated by a second authentication server trusted by the requesting device, which uses a protection random number obtained by decrypting the ciphertext of identity information to encrypt information including the identity authentication result information of the requesting device. The identity authentication result information includes the verification result of the digital certificate of the requesting device obtained by decrypting the ciphertext of identity information.
[0016] The first decryption unit is used to decrypt the ciphertext of the protection random number obtained from the requesting device using the message encryption key to obtain the protection random number, and to decrypt the ciphertext of the authentication result information using the protection random number to obtain the identity authentication result information of the requesting device; the ciphertext of the protection random number is generated by the requesting device using the message encryption key to encrypt information including the protection random number.
[0017] The first verification unit is used to verify the digital signature of the first authentication server;
[0018] The determining unit is configured to determine the identity authentication result of the requesting device based on the verification result of the digital certificate of the requesting device in the identity authentication result information after the digital signature verification of the first authentication server is passed.
[0019] Thirdly, embodiments of this application also provide a requesting device, including:
[0020] The first encryption unit is used to encrypt information including the digital certificate of the requesting device and the protection random number using the public key of the encryption certificate to generate ciphertext of identity information;
[0021] The first sending unit is configured to send an identity encrypted message to the authentication access controller, wherein the identity encrypted message includes the identity information encrypted of the requesting device;
[0022] The second encryption unit is used to encrypt information, including the protected random number, using the message encryption key to generate a protected random number ciphertext.
[0023] Fourthly, embodiments of this application also provide a first authentication server, which is an authentication server trusted by the authentication access controller, comprising:
[0024] The first receiving unit is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device. The encrypted identity information is generated by encrypting information including the digital certificate of the requesting device and a protection random number using the public key of the encryption certificate.
[0025] The first sending unit is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes ciphertext of authentication result information and the digital signature of the first authentication server. The ciphertext of authentication result information is generated by the second authentication server trusted by the requesting device using the protection random number obtained by decrypting the ciphertext of identity information to encrypt information including the identity authentication result information of the requesting device. The identity authentication result information includes the verification result of the digital certificate of the requesting device obtained by decrypting the ciphertext of identity information.
[0026] Fifthly, embodiments of this application also provide a second authentication server, which is an authentication server requesting device trust. If the first authentication server trusted by the authentication access controller and the second authentication server requesting device trust are two different authentication servers, then the second authentication server includes:
[0027] The receiving unit is configured to receive a second authentication request message sent by the first authentication server, wherein the second authentication request message includes encrypted identity information of the requesting device; the encrypted identity information is generated by encrypting information including the digital certificate of the requesting device and a protection random number using the public key of the encryption certificate;
[0028] The decryption unit is used to decrypt the encrypted identity information of the requesting device using the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the protection random number.
[0029] The generation unit is configured to perform legality verification on the digital certificate to obtain the verification result of the digital certificate, generate identity authentication result information based on the information including the verification result of the digital certificate, encrypt the information including the identity authentication result information using the protection random number to generate ciphertext of authentication result information, calculate and generate a digital signature of the second authentication server based on the signature data including the ciphertext of authentication result information, and generate a second authentication response message based on the information including the ciphertext of authentication result information and the digital signature of the second authentication server.
[0030] The sending unit is used to send the second authentication response message to the first authentication server.
[0031] As can be seen from the above technical solutions, keeping the identity information of the requesting device confidential during the transmission of identity information can prevent the identity information from being exposed during the process of the requesting device accessing the network, ensuring that attackers cannot obtain private and sensitive information. Furthermore, by introducing an authentication server, while ensuring the confidentiality of entity identity-related information, the authentication access controller can realize real-time authentication of the requesting device's one-way identity, laying the foundation for ensuring that only legitimate users can access the network. Attached Figure Description
[0032] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0033] Figure 1 A schematic diagram illustrating an identity authentication method provided in an embodiment of this application;
[0034] Figure 2 A schematic diagram illustrating a method for requesting a device REQ and negotiating an encryption key for an access controller AAC, provided in an embodiment of this application;
[0035] Figure 3 This is a schematic diagram of an identity authentication method in a non-roaming situation provided in an embodiment of this application, where "*" represents an optional field or optional operation;
[0036] Figure 4 This is a schematic diagram illustrating another identity authentication method in a non-roaming situation provided in the embodiments of this application, wherein "*" represents an optional field or optional operation;
[0037] Figure 5 This is a schematic diagram of an identity authentication method in a roaming situation provided in an embodiment of this application, wherein "*" represents an optional field or optional operation;
[0038] Figure 6 This is a schematic diagram illustrating another identity authentication method in roaming situations provided in the embodiments of this application, where "*" represents an optional field or optional operation;
[0039] Figure 7 A structural block diagram of an authentication access controller (AAC) provided in this application embodiment;
[0040] Figure 8 A structural block diagram of a request device REQ provided in an embodiment of this application;
[0041] Figure 9 A structural block diagram of a first authentication server AS-AAC provided in an embodiment of this application;
[0042] Figure 10 This is a structural block diagram of a second authentication server AS-REQ provided in an embodiment of this application. Detailed Implementation
[0043] In a communication network, a requesting device can access the network through an authentication access controller. To ensure that the requesting device is a legitimate user, the authentication access controller needs to authenticate the identity of the requesting device.
[0044] Taking current wireless and mobile communication scenarios as examples, in scenarios where a requesting device accesses a wireless network through an authentication access controller, the requesting device can be a terminal device such as a mobile phone, a personal digital assistant (PDA), or a tablet computer, while the authentication access controller can be a network-side device such as a wireless access point or a wireless router. In scenarios where a requesting device accesses a wired network through an authentication access controller, the requesting device can be a terminal device such as a desktop computer or a laptop computer, while the authentication access controller can be a network-side device such as a switch or a router. In scenarios where a requesting device accesses a 4G / 5G network through an authentication access controller, the requesting device can be a terminal device such as a mobile phone or a tablet computer, while the authentication access controller can be a network-side device such as a base station. Of course, this application is also applicable to various data communication scenarios, including other wired networks and short-range communication networks.
[0045] However, during the authentication process of the requesting device, the requesting device needs to provide its own identity information for authentication. This identity information is usually contained in the requesting device's digital certificate and carries private and sensitive information. If an attacker intercepts this identity information and uses it for illegal purposes, it will pose a significant security risk to the authentication access controller, the requesting device, and even the network.
[0046] To address the aforementioned technical problems, this application provides an identity authentication method. An authentication access controller acquires an encrypted identity message sent by a requesting device. This encrypted identity message includes encrypted identity information of the requesting device, generated by encrypting information including the requesting device's digital certificate and a protection random number using the public key of an encryption certificate. Then, the authentication access controller sends a first authentication request message including the encrypted identity information to a first authentication server and receives a first authentication response message from the first authentication server. The first authentication response message includes encrypted authentication result information and the digital signature of the first authentication server. The encrypted authentication result information is generated by a second authentication server trusted by the requesting device, which encrypts information including the requesting device's authentication result information using a protection random number obtained by decrypting the encrypted identity information. The authentication result information includes a verification result of the requesting device's digital certificate obtained by decrypting the encrypted identity information. This encrypted authentication result information ensures the security of the requesting device's authentication result information transmitted between the authentication access controller and the first authentication server. Secondly, the authentication access controller uses the message encryption key to decrypt the ciphertext of the protection random number obtained from the requesting device to obtain the protection random number. It then uses the protection random number to decrypt the ciphertext of the authentication result information to obtain the authentication result information of the requesting device. The authentication access controller verifies the digital signature of the first authentication server. After successful verification, the authentication access controller determines the authentication result of the requesting device based on the verification result of the digital certificate of the requesting device included in the authentication result information.
[0047] It is understood that the authentication result information mentioned in the embodiments of this application may be obtained by the authentication server trusted by the requesting device verifying the legitimacy of the requesting device's digital certificate. The above are only some examples of the requesting device, authentication access controller, and authentication server, and should not be construed as limiting the requesting device, authentication access controller, and authentication server. In other possible implementations of the embodiments of this application, the requesting device, authentication access controller, and authentication server may also be other devices.
[0048] The authentication method provided in this application embodiment implements one-way authentication of the requesting device by the authentication access controller (REQ Authentication with an Unauthenticated AAC, abbreviated as RAUA).
[0049] For ease of explanation, in this embodiment of the application, the identity authentication method of the present application will be described using the requesting device (REQuester, abbreviated as REQ), the authentication access controller (AAC, abbreviated as AAC), and the authentication server (AS, abbreviated as AS) as examples.
[0050] In this system, the AS (Authorized Server) is a trusted third-party entity holding a digital certificate and its corresponding private key that conforms to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems. The AS trusted by the AAC (Authorized Server Accreditation Authority) is called the First Authentication Server (AS-AAC). The AS trusted by the REQ (Authorized Server Qualification) is called the Second Authentication Server (AS-REQ), which has the ability to verify the legitimacy of the REQ's digital certificate. When AS-AAC and AS-REQ are different, they trust each other and are aware of each other's digital certificates or the public keys within those certificates. The Certificate Server-Decrypt (CS-DEC) holds an encryption certificate and its corresponding private key that conforms to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems. The CS-DEC can be an independent server or reside within the AS-REQ.
[0051] The REQ can be one endpoint participating in the authentication process, establishing a connection with the AAC, accessing the services provided by the AAC, and accessing the AS through the AAC. The REQ holds a digital certificate conforming to ISO / IEC 9594-8 / ITU X.509, other standards, or other technical systems, and the corresponding private key, and is aware of the CS-DEC's encryption certificate or the public key within the encryption certificate. The AAC can be another endpoint participating in the authentication process, establishing a connection with the REQ, providing services, communicating with the REQ, and directly accessing the AS-AAC. The AAC is aware of the AS-AAC's digital certificate or the public key within the digital certificate.
[0052] The following is combined with Figure 1 This application provides an embodiment of an identity authentication method, which includes:
[0053] S101: AAC retrieves the encrypted identity message REQInit sent by REQ.
[0054] The REQInit contains REQ's identity information encrypted EncPub. AS Among them, EncPub AS For REQ, use the public key of the encryption certificate to pair with the digital certificate Cert containing REQ. REQ The information, including the protected random number, is generated using encryption. This ensures the confidentiality of REQ's identity information during transmission, preventing its exposure.
[0055] S102: AAC sends a first authentication request message AACVeri to the AS-AAC it trusts.
[0056] The AAC Veri includes EncPub AS .
[0057] It should be noted that since the authentication servers trusted by REQ and AAC can be the same or different, when the AS-REQ trusted by REQ and the AS-AAC trusted by AAC are the same authentication server, this is a non-roaming situation. In this case, the authentication server jointly trusted by REQ and AAC can be represented by AS-AAC (or AS-REQ). EncPub is processed in this scenario. AS The methods include: AS-AAC (also represented as AS-REQ) using the private key corresponding to the encryption certificate of the certificate decryption server CS-DEC residing in AS-AAC (also represented as AS-REQ) to access EncPub. AS Decryption yields Cert REQ And protect random numbers, or, by AS-AAC (which can also be represented as AS-REQ), EncPub AS Send it to the CS-DEC with which you have an interactive and trust relationship for decryption, and obtain the decrypted Cert. REQ And protect the random number, then verify the Cert. REQ The legality of Res was verified. REQ According to Res REQ The information included generates identity authentication results in Pub. REQ The protected random number pair includes Pub REQ The information, including the authentication result ciphertext, is encrypted to generate the authentication result ciphertext. A digital signature, Sig, is then calculated from the signature data, including the authentication result ciphertext. AS_AAC (can also be represented as Sig) AS_REQ Then, it generates encrypted information including the authentication result and Sig. AS_AAC (can also be represented as Sig) AS_REQ The first authentication response message ASVeri.
[0058] When the AS-REQ trusted by REQ and the AS-AAC trusted by AAC are two different authentication servers, it is a roaming situation. In this case, the EncPub is processed. AS The method includes: AS-AAC sending the EncPub to AS-REQ. AS The second authentication request message, AS-AACVeri, is sent by AS-REQ using the private key corresponding to the encryption certificate of the certificate decryption server CS-DEC residing within AS-REQ to EncPub. AS Decryption yields Cert REQ And protect random numbers, or, by AS-REQ, EncPubAS Send it to the CS-DEC with which you have an interactive and trust relationship for decryption, and obtain the decrypted Cert. REQ And protect the random number, then verify the Cert. REQ The legality of Res was verified. REQ According to Res REQ The information included generates identity authentication results in Pub. REQ The protected random number pair includes Pub REQ The information, including the authentication result ciphertext, is encrypted to generate the authentication result ciphertext. A digital signature, Sig, is then calculated from the signature data, including the authentication result ciphertext. AS_REQ Generates encrypted information including authentication result and Sig AS_REQ The second authentication response message, AS-REQVeri, is sent to AS-AAC; after receiving AS-REQVeri, AS-AAC verifies Sig using the public key of AS-REQ. AS_REQ After successful verification, AS-AAC calculates and generates a digital signature Sig from the signature data, including the encrypted authentication result information. AS_AAC Based on the encrypted information including the authentication result and Sig AS_AAC The information included generates the first authentication response message ASVeri.
[0059] S103: AAC receives the first authentication response message ASVeri sent by AS-AAC.
[0060] The ASVeri includes encrypted authentication result information and the AS-AAC digital signature Sig. AS_AAC The authentication result information is encrypted using the AS-REQ trusted by REQ and decrypted from EncPub. AS The obtained protected random number pair includes the identity authentication result information of REQ (Pub). REQ The information, including the Pub, is generated using encryption. REQ This includes decryption of EncPub AS The obtained Cert REQ The verification results Res REQ Sig AS_AAC The signature data includes the ciphertext of the authentication result information in ASVeri.
[0061] S104: AAC uses the AS-AAC public key to pair Sig AS_AAC Verification is required.
[0062] S105: AAC uses the message encryption key to decrypt the ciphertext of the protection random number obtained from REQ to obtain the protection random number, and uses the protection random number to decrypt the ciphertext of the authentication result information to obtain the identity authentication result information Pub from REQ. REQ .
[0063] The protected random number ciphertext is generated by REQ encrypting information, including the protected random number, using a message encryption key. The message encryption key can be negotiated between REQ and AAC, or it can be pre-shared between REQ and AAC. It should be noted that AAC can obtain the protected random number ciphertext from REQ in the following ways:
[0064] (1) The REQInit may also include the ciphertext of the protected random number. Then, after S101, the AAC can obtain the ciphertext of the protected random number in REQInit. Correspondingly, in S105, the AAC uses the message encryption key to decrypt the ciphertext of the protected random number obtained from REQ to obtain the protected random number. Specifically, the AAC uses the message encryption key to decrypt the ciphertext of the protected random number in REQInit to obtain the protected random number.
[0065] (2) After REQ sends REQInit, REQ can also send an authentication result recovery message REQAuth to AAC. REQAuth includes the ciphertext of the protected random number. Upon receiving REQAuth, AAC can obtain the ciphertext of the protected random number in REQAuth. Correspondingly, in S105, AAC uses the message encryption key to decrypt the ciphertext of the protected random number obtained from REQ to obtain the protected random number. Specifically, AAC uses the message encryption key to decrypt the ciphertext of the protected random number in REQAuth to obtain the protected random number.
[0066] S106: If Sig AS_AAC After successful verification, AAC will use the identity authentication result information in Pub. REQ Res in REQ Determine the identity verification result of REQ.
[0067] It should be noted that the execution order of S104 and S105 is not limited; of course, S104 can be executed first, and when S104 contains the code for Sig... AS_AAC After successful verification, execute steps S105 and S106, where AAC uses the identity authentication result information to publish the results. REQ Res in REQ Steps to determine the identity verification result of REQ.
[0068] As can be seen from the above technical solutions, when transmitting identity information, the confidentiality of the identity information of the requesting device can prevent the identity information from being exposed during network transmission, ensuring that attackers cannot obtain private and sensitive information. Furthermore, by introducing an authentication server, while ensuring the confidentiality of entity identity-related information, the authentication access controller can realize real-time authentication of the requesting device's one-way identity, laying the foundation for ensuring that only legitimate users can access the network.
[0069] In some embodiments, REQInit in S101 may also include the digital signature Sig of REQ. REQ Sig REQ The signature data includes the Sig in REQInit. REQ For the other fields mentioned earlier, AAC also needs to determine Sig before S106. REQ The verification process must pass before S106 can be executed. It should be noted that if AS-REQ and AS-AAC are the same authentication server, then the Sig... REQ Authentication can be performed by AS-AAC (also represented as AS-REQ) or by AAC; if AS-REQ and AS-AAC are two different authentication servers, then the Sig... REQ Verification can be performed using either AS-REQ or AAC. AAC determines Sig. REQ Whether the verification passes includes the following methods:
[0070] As a method for verifying the Sig by an authentication server REQ In an embodiment where AS-REQ and AS-AAC are the same authentication server (i.e., non-roaming), when AS-AAC (which can also be represented as AS-REQ) verifies the Sig... REQ At that time, Sig REQ It can be carried in S102 in AACPERi and transmitted to AS-AAC (also represented as AS-REQ). AS-AAC (also represented as AS-REQ) uses the decryption of the EncPub. AS The obtained Cert REQ Verify the Sig REQ If the verification passes, then apply Cert. REQ The validity of the result Res is verified. REQ According to Res REQ The information included in the REQ (Real Query) generates the identity authentication result information Pub. REQ And by using the decryption of the EncPub AS The obtained protected random number pairs include Pub REQThe information, including the authentication result ciphertext, is encrypted to obtain the authentication result information. Then, steps such as generating and sending the first authentication response message are performed. If the verification fails, these steps will not be executed. Therefore, AAC can determine Sig based on whether or not the first authentication response message is received. REQ Whether the verification passes or not, if the AAC receives the first authentication response message ASVeri, then the AAC can determine Sig. REQ Verification successful.
[0071] As a method for verifying the Sig by an authentication server REQ In another embodiment, where AS-REQ and AS-AAC are two different authentication servers (i.e., roaming), when AS-REQ verifies the Sig... REQ At that time, Sig REQ It can be carried in S102 in the AACVeri and AS-AAC sent to AS-REQ in the AS-AACVeri, and AS-REQ uses the decryption of the EncPub to transmit it to AS-REQ. AS The obtained Cert REQ Verify the Sig REQ If the verification passes, then AS-REQ will be applied to Cert. REQ The validity of the result Res is verified. REQ According to Res REQ The information included in the REQ (Real Query) generates the identity authentication result information Pub. REQ Using the decryption of the EncPub AS The obtained protected random number pairs include Pub REQ The information, including the authentication result ciphertext, is encrypted to obtain the authentication result information. Then, steps such as generating and sending a second authentication response message and generating a subsequent first authentication response message are performed. If the verification fails, these steps will not be executed. Therefore, AAC can determine Sig based on whether or not the first authentication response message is received. REQ Whether the verification passes or not, if the AAC receives the first authentication response message ASVeri, then the AAC can determine Sig. REQ Verification successful.
[0072] As a result of AAC verification of the Sig REQ In one embodiment, the authentication result information Pub generated by the authentication server for the REQ is identified. REQ This includes not only Cert REQ The verification results Res REQ It also includes Cert REQIn S105, AAC decrypts the ciphertext of the authentication result information to obtain the REQ's identity authentication result information Pub. REQ It also includes Cert REQ Then AAC uses the Cert REQ Verify the Sig REQ Thus determining Sig REQ Has the verification passed?
[0073] In other embodiments, if the protected random number ciphertext obtained by AAC from REQ in S105 is REQInit from S101, then REQInit may include not only the protected random number ciphertext, but also the digital signature Sig of REQ. REQ Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier. In this case, in S105, AAC uses a protected random number to decrypt the ciphertext of the authentication result information to obtain the REQ's identity authentication result information Pub. REQ It also includes Cert REQ Therefore, before S106, AAC also needs to utilize Pub. REQ Cert in REQ Verify the Sig REQ Based on the verification results, determine Sig REQ Check if the verification is successful. Only if the verification is successful can S106 be executed.
[0074] In other embodiments, if the protected random number ciphertext obtained by AAC from REQ in S105 is from the authentication result recovery message REQAuth, then REQAuth may include not only the protected random number ciphertext, but also the digital signature Sig of REQ. REQ Sig REQ The signature data includes the Signature in REQAuth. REQ Other fields mentioned earlier. In this case, in S105, AAC uses a protected random number to decrypt the ciphertext of the authentication result information to obtain the REQ's authentication result information Pub. REQ It also includes Cert REQ Therefore, before S106, AAC also needs to utilize Pub. REQ Cert in REQ Verify the Sig REQ Based on the verification results, determine Sig REQ Check if the verification is successful. Only if the verification is successful can S106 be executed.
[0075] In some other embodiments, the messages transmitted between REQ, AAC, and the authentication server may also include random numbers generated by AAC and / or REQ, their respective identity identifiers, and other parameter information. Normally, during identity authentication, these random numbers and / or identity identifiers should remain unchanged during transmission through various messages. However, in the event of network jitter or attacks, the random numbers and / or identity identifiers in the messages may be lost or tampered with. Therefore, during identity authentication, the consistency of the identity identifiers and / or random numbers in the messages can be verified to ensure the reliability and freshness of the authentication results.
[0076] For example, REQInit in S101 can also include the first random number Nonce generated by AAC. AAC and / or the second random number Nonce generated by REQ REQ Nonce AAC If the AAC sends the message to the REQ, then the AACVeri in S102 may also include the Nonce. AAC and / or AAC's identity ID AAC Accordingly, the ASVeri of S103 may also include Nonce. AAC and / or ID AAC The REQAuth sent by REQ to AAC can also include a Nonce. AAC and / or Nonce REQ .
[0077] Therefore, before determining the identity verification result of REQ, AAC can first verify the Nonce in ASVeri. AAC and / or ID AAC Nonce generated by AAC AAC and / or AAC's own identity ID AAC For consistency, AAC can also include the Nonce in REQAuth. AAC and / or Nonce REQ Nonce generated by AAC AAC and / or the Nonce in REQInit REQ The consistency is verified. After the verification is successful, AAC will then execute the step of determining the identity authentication result of REQ in S106.
[0078] In some embodiments, the REQAuth sent by REQ to AAC may also include a second message integrity check code, MacTag. REQ MacTag REQ REQ uses message integrity verification key pairs, including those in REQAuth excluding MacTag.REQ If the MacTag is generated from other fields besides those in S105, then prior to S105, AAC could also use the message integrity verification key to verify the MacTag. REQ If the verification passes, AAC will then execute S105; if the verification fails, the REQAuth will be discarded. AAC verifies the MacTag. REQ When using the message integrity verification key pair, the key pair should include the REQAuth key except for the MacTag. REQ Other fields are used to calculate and generate MacTag. REQ and calculate MacTag REQ With the MacTag in the received REQAuth REQ The comparison is performed; if they match, the verification passes; otherwise, the verification fails.
[0079] In other embodiments, after receiving the ASVeri from S103, AAC can send an authentication result recovery request message AACAuth to REQ, where AACAuth includes a first message integrity check code MacTag. AAC MacTag AAC AAC uses message integrity verification key pairs, including those in AACAuth excluding MacTag. AAC Other fields besides the one used for calculation are also included. Accordingly, before sending REQAuth, REQ can first verify the MacTag using the message integrity verification key. AAC If the verification passes, REQAuth is sent to AAC; if the verification fails, AACAuth is discarded. REQ verification MacTag AAC When using the message integrity verification key pair, the key should include the key pair in AACAuth excluding the MacTag. AAC Other fields are used to calculate and generate MacTag. AAC The calculated MacTag AAC With the MacTag in the received AACAuth AAC The verification is performed by comparing the results. If they match, the verification passes; otherwise, it fails. The methods for generating message integrity verification keys using REQ and AAC will be described in the next embodiment.
[0080] In the above embodiments, the message encryption key used by REQ and AAC can be obtained through negotiation between the two. Therefore, this embodiment also provides a method for REQ and AAC to negotiate the message encryption key, see [link to documentation]. Figure 2 The method includes:
[0081] S201, AAC sends a key request message AACInit to REQ.
[0082] The AACInit includes the AAC key exchange parameter KeyInfo. AAC KeyInfo AAC This includes the temporary public key of AAC, where key exchange refers to key exchange algorithms such as Diffie-Hellman (DH). The AACInit may also include the first random number (Nonce) generated by AAC. AAC .
[0083] The AACInit may also include security capabilities. AAC Security capabilities AAC This indicates the security capabilities supported by AAC, including the authentication suites (which typically contain one or more authentication methods), symmetric encryption algorithms, integrity verification algorithms, and / or key derivation algorithms supported by AAC. These parameters allow REQ to select specific security policies to use. REQ can then base its decisions on these security capabilities. AAC Select the specific security policy (Security capabilities) used by REQ. REQ Security capabilities REQ The REQ indicates the authentication method, symmetric encryption algorithm, integrity verification algorithm, and / or key derivation algorithm used.
[0084] S202, REQ is based on the key exchange parameter KeyInfo, which includes REQ. REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used to perform key exchange calculation to generate a first key, and the message encryption key is calculated using a key derivation algorithm based on information including the first key.
[0085] If S201's AACInit also includes the Nonce generated by AAC... AAC Then REQ can be based on KeyInfo. REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC The second random number Nonce generated by REQ REQ The information, including the message encryption key, is calculated using a negotiated or pre-defined key derivation algorithm. The negotiated key derivation algorithm can be based on the Security capabilities sent by the AAC according to the REQ. AACThe chosen key derivation algorithm. KeyInfo REQ This refers to the key exchange parameters generated by REQ, including REQ's temporary public key. KeyInfo REQ The corresponding temporary private key is the temporary private key generated by REQ that corresponds to the temporary public key of REQ, that is, the temporary public key and the temporary private key are a pair of temporary public-private keys.
[0086] S203, REQ sends the identity-encrypted message REQInit to AAC.
[0087] The REQInit includes KeyInfo. REQ So that AAC can be based on including KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The message encryption key is calculated from the information including the temporary public key. Among them, KeyInfo... AAC The corresponding temporary private key is the temporary private key generated by AAC that corresponds to the temporary public key of AAC. That is, the temporary public key and the temporary private key are a pair of temporary public-private keys.
[0088] The REQInit may also include security capabilities. REQ The REQInit may also include a Nonce. REQ So that AAC can use the KeyInfo as a basis. AAC The corresponding temporary private key, the KeyInfo REQ Includes the temporary public key, the Nonce AAC and the Nonce REQ The encryption key for the message is calculated from the information included.
[0089] The REQInit may also include a Nonce. AAC Therefore, AAC can check the Nonce in REQInit before calculating the message encryption key. AAC Nonce generated by AAC AAC The consistency is verified to ensure that the REQInit received by AAC is a response message to AACInit.
[0090] S204, AAC based on including KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used to perform key exchange calculations to generate the first key, and the message encryption key is calculated using the key derivation algorithm based on information including the first key.
[0091] If the REQInit also includes the Nonce REQ Then AAC can be based on the KeyInfo. AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC and the Nonce REQ The information, including the message's encryption key, is calculated using a negotiated or pre-defined key derivation algorithm. The negotiated key derivation algorithm can be the Security capabilities sent by AAC based on the REQ. REQ The key export algorithm to be used.
[0092] It should be noted that, in Figure 2 In this embodiment, REQ and AAC can also generate message integrity verification keys. The implementation methods for REQ and AAC to generate message integrity verification keys are the same as... Figure 2 The implementation methods for generating message encryption keys for REQ and AAC in the examples are the same. For example, AAC can be generated through... Figure 2 The embodiment uses a key derivation algorithm to derive a string of key data. This key data can be used as both a message encryption key and a message integrity verification key. Alternatively, a portion of the key data can be used as a message encryption key, and the other portion as a message integrity verification key. AAC can also... Figure 2 The implementation method utilizes a key derivation algorithm to derive two identical or different key data sequences in stages: one sequence serves as the message encryption key, and the other as the message integrity verification key. REQ can be... Figure 2 The embodiment uses a key derivation algorithm to derive a string of key data. This key data can be used as both a message encryption key and a message integrity verification key. Alternatively, a portion of the key data can be used as the message encryption key, and the other portion as the message integrity verification key. REQ can also be achieved through... Figure 2 The implementation method uses a key derivation algorithm to derive two strings of identical or different key data in stages. One string is used as the message encryption key, and the other string is used as the message integrity verification key.
[0093] This application also provides a method for determining the first authentication server and / or the second authentication server used in the current authentication process by utilizing information exchange between AAC and REQ:
[0094] Please refer to Figure 2 In S201's AACInit, AAC adds the identity ID of at least one authentication server trusted by AAC. AS_AACThen REQ is based on the ID. AS_AAC Identify the identity ID of at least one authentication server that you trust. AS_REQ In practice, REQ is derived from ID. AS_AAC Select at least one authentication server that it trusts as its ID. AS_REQ If the selection fails, REQ will use the identity of at least one trusted authentication server as its ID. AS_REQ (Where, successful selection corresponds to a non-roaming situation, and failed selection corresponds to a roaming situation), and the ID... AS_REQ Add it to REQInit in S203 and send it to AAC. Then, AAC can use it based on the ID. AS_AAC and ID AS_REQ The primary authentication server, such as AAC, can be used to determine the ID. AS_REQ and ID AS_AAC If at least one identical authentication server identifier exists, it indicates a non-roaming situation. AAC determines the first authentication server to participate in authentication from among the at least one authentication server identifier trusted by both REQ and AAC. If no such identifier exists, it indicates a roaming situation, and AAC needs to determine the first authentication server based on the ID. AS_AAC Determine the first authentication server AS-AAC involved in identity authentication and set the ID. AS_REQ Send to AS-AAC so that AS-AAC can process the data based on the ID. AS_REQ Determine the second authentication server AS-REQ.
[0095] As another implementation, AAC may not need to send ID to REQ. AS_AAC The REQ adds the identity ID of at least one trusted authentication server to the REQInit in S203. AS_REQ According to ID AS_REQ The identity ID of the authentication server trusted by AAC itself. AS_AAC The specific implementation of the first authentication server and / or the second authentication server participating in the identity authentication process is as described in the previous implementation method.
[0096] Since the authentication servers for REQ and AAC trusts can be the same or different, when the authentication servers for REQ and AAC trusts are the same, it is a non-roaming situation; when the authentication servers for REQ and AAC trusts are different, it is a roaming situation. For the sake of simplicity, the following... Figures 3-6 In the example, Cert is verified REQ The validation result obtained from the legality is represented as Res REQ The identity verification results of REQ can be used in Pub. REQ express.
[0097] See Figure 3 This is an embodiment of an identity authentication method in non-roaming scenarios, where AS-AAC (or AS-REQ) can be used to represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier to implement in engineering. Specifically, the digital signature Sig of REQ is verified by AAC. REQ The method includes:
[0098] S301, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0099] S302, AAC sends a key request message AACInit to REQ.
[0100] The AACInit includes Nonce AAC KeyInfo AAC and security capabilities AAC Among them, security capabilities AAC This is an optional field that represents the security capabilities supported by AAC, including the authentication suites, symmetric encryption algorithms, integrity verification algorithms, and / or key derivation algorithms supported by AAC (the same applies below).
[0101] S303, REQ generates Nonce REQ KeyInfo REQ and Nonce REQPub Generate Security capabilities as needed. REQ According to KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm, and the ciphertext EncPub of the REQ's identity information is calculated using the public key of the encryption certificate. AS ; Calculate Sig REQ .
[0102] Among them, security capabilities REQ This is an optional field, indicating that the REQ is based on Security capabilities. AAC The selection of a specific security strategy, i.e., the REQ determines the authentication method, symmetric encryption algorithm, integrity verification algorithm, and / or key derivation algorithm to be used (hereinafter the same); whether the REQ generates security capabilities. REQ It depends on whether the AACInit sent by AAC to REQ includes security capabilities. AAC .
[0103] S304, REQ sends the identity-encrypted message REQInit to AAC.
[0104] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS and Sig REQ Among them, Nonce AAC and security capabilities REQ It is an optional field, and Nonce AAC It should equal the corresponding field in AACInit; EncPub AS The encrypted data includes Cert REQ and protected random number Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier, such as Nonce, are included in REQInit sequentially. AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS and Sig REQ At that time, Sig REQ The signature data includes the Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ and EncPub AS Furthermore, when Nonce is not included in REQInit.AAC When using fields, Sig REQ The signature data also includes the Nonce from AACInit. AAC Fields. In this application, the object to be encrypted is called encrypted data, and the object to be signed is called signed data.
[0105] S305. After receiving the REQInit, AAC performs the following operations (unless otherwise specified or logically related, the actions numbered (1), (2)... in this document do not necessarily have a sequential order due to their numbering, and the same applies throughout the document), including:
[0106] (1) If a Nonce exists in REQInit AAC Then check the Nonce. AAC Is it related to the Nonce generated by AAC? AAC If they are the same, discard REQInit; if they are different, discard it.
[0107] (2) Based on KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm; of course, this step can also be performed when AAC needs to use the message encryption key and / or message integrity verification key later.
[0108] S306, AAC sends the first authentication request message AACVeri to AS-AAC.
[0109] The AAC Veri includes EncPub AS ID AAC and Nonce AAC Among them, EncPub AS It should be equal to the corresponding field in REQInit.
[0110] S307. After receiving the AACVeri, AS-AAC performs the following operations, including:
[0111] (1) Decrypt EncPub using the private key corresponding to the encryption certificate. AS Obtain Cert REQ and Nonce REQPub ;
[0112] (2) Verify CertREQ The legitimacy of Res REQ According to Cert REQ and Res REQ The information included generates identity authentication results in Pub. REQ ;
[0113] (3) Put Pub REQ and Nonce REQPub Perform an XOR operation to obtain the ciphertext of the authentication result.
[0114] (4) Calculate the digital signature Sig AS_AAC .
[0115] S308, AS-AAC sends the first authentication response message ASVeri to AAC.
[0116] The ASVeri includes ID AAC Nonce AAC , Sig AS_AAC Among them, ID AAC Nonce AAC It should equal the corresponding field in AACVeri. Sig AS_AAC The signature data includes ID AAC Nonce AAC and
[0117] S309. After receiving the ASVeri, AAC performs the following operations, including:
[0118] (1) Check ID AAC Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;
[0119] (2) Verify Sig using AS-AAC public key AS_AAC ;
[0120] (3) If all the above checks and verifications pass, calculate the first message integrity check code MacTag. AAC If any step of the above checks and verifications fails, ASVeri should be discarded immediately.
[0121] S310, AAC sends an authentication result recovery request message AACAuth to REQ.
[0122] The AACAuth includes Nonce.REQ Nonce AAC and MacTag AAC Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC MacTag AAC The calculation process is as follows: using the message integrity verification key, an integrity verification algorithm is applied to all messages in AACAuth except for the MacTag. AAC MacTag is generated by calculating information including other fields. AAC .
[0123] S311. After receiving the AACAuth, REQ performs the following operations, including:
[0124] (1) If a Nonce exists in AACAuth REQ and / or Nonce AAC Then check the Nonce. REQ Nonce generated with REQ REQ Whether they are the same, and / or, check the Nonce. AAC Nonce in the received AACInit AAC Are they the same?
[0125] (2) Verify MacTag AAC ;
[0126] The verification process is as follows: using the message integrity verification key, an integrity verification algorithm is employed to verify the integrity of all data in AACAuth except for the MacTag. AAC Information including other fields is calculated locally to generate the MacTag. AAC (This calculation method is the same as AAC's calculation of MacTag) AAC (In the same way), and calculate the MacTag AAC With the MacTag in the received AACAuth AAC Compare them.
[0127] (3) If all the above checks and verifications pass, then use the message encryption key and a symmetric encryption algorithm to calculate the protected random number ciphertext EncData. REQ If any step of the above checks and verifications fails, AACAuth will be discarded immediately.
[0128] (4) Calculate the second message integrity check code MacTag REQ .
[0129] S312, REQ sends the authentication result recovery message REQAuth to AAC.
[0130] The REQAuth includes a Nonce. REQ Nonce AAC EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub MacTag REQ The calculation process is as follows: using the message integrity verification key, an integrity verification algorithm is applied to all messages in REQAuth except for the MacTag. REQ MacTag is generated by calculating information including other fields. REQ .
[0131] S313. After receiving the REQAuth, AAC performs the following operations:
[0132] (1) If a Nonce exists in REQAuth REQ and / or Nonce AAC Then check the Nonce. REQ With the Nonce in the received REQInit REQ Whether they are the same, and / or, check the Nonce. AAC Nonce generated by AAC AAC Are they the same?
[0133] (2) Verify MacTag REQ ;
[0134] The verification process is as follows: using the message integrity verification key, an integrity verification algorithm is employed to verify the integrity of all data in REQAuth except for the MacTag. REQ Information including other fields is calculated locally to generate the MacTag. REQ (This calculation method is the same as REQ calculation of MacTag) REQ (In the same way), calculate the MacTag REQ and the MacTag in the received REQAuth REQ Compare them.
[0135] (3) Decrypt the EncData using the message encryption key and a symmetric encryption algorithm.REQ Get Nonce REQPub ;
[0136] (4) Nonce REQPub and Perform an XOR operation to restore Pub REQ ;
[0137] (5) Using Pub REQ Cert in REQ Verify Sig in REQInit REQ ;
[0138] (6) After all the above checks and verifications are passed, according to Pub REQ Res in REQ Determine the identity authentication result of REQ. If any step of the above checks and verifications fails, discard REQAuth immediately.
[0139] It should be noted that the S304 REQInit may not include Sig. REQ And add Sig to REQAuth in S312 REQ That is, in S312, REQ first checks the REQAuth file containing the Nonce. REQ Nonce AAC EncData REQ The signature data, including the Sig, is calculated to generate the Sig. REQ In this case, the Sig verified by AAC in S313 REQ For S312's REQAuth, Sig REQ .
[0140] See Figure 4 This is another embodiment of the identity authentication method in non-roaming scenarios, where AS-AAC (or AS-REQ) can be used to represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier to implement in engineering. Specifically, the Sig authentication is verified by AS-AAC (or AS-REQ). REQ The method includes:
[0141] S401, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0142] S402, AAC sends a key request message AACInit to REQ.
[0143] The AACInit includes Nonce AAC KeyInfo AAC and security capabilities AAC Among them, security capabilities AAC This is an optional field.
[0144] S403, REQ generates Nonce REQ KeyInfo REQ and Nonce REQPub Generate Security capabilities as needed. REQ According to KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm, and the ciphertext EncPub of the REQ's identity information is calculated using the public key of the encryption certificate. AS ; Calculate and generate Sig REQ .
[0145] S404, REQ sends the identity-encrypted message REQInit to AAC.
[0146] The REQInit includes Nonce AAC Nonce REQ Security capabilities REQ KeyInfo REQ EncPub AS and Sig REQ Among them, security capabilities REQ Nonce is an optional field. AAC It should equal the corresponding field in AACInit; EncPub AS The encrypted data includes Cert REQ and protected random number Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier.
[0147] S405. After receiving the REQInit, AAC performs the following operations, including:
[0148] (1) Check the Nonce in REQInit AAC Nonce generated by AAC AAC Check if they are the same; if they are different, discard REQInit.
[0149] (2) Based on the KeyInfo AAC The corresponding temporary private key and the KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm.
[0150] S406, AAC sends the first authentication request message AACVeri to AS-AAC.
[0151] The AACVeri includes REQInit and ID. AAC .
[0152] S407, after receiving the AACVeri, AS-AAC performs the following operations, including:
[0153] (1) Decrypt EncPub in REQInit using the private key corresponding to the encryption certificate. AS Obtain Cert REQ and Nonce REQPub ;
[0154] (2) Using Cert REQ Verify Sig REQ If the verification fails, the AACVeri will be discarded.
[0155] (3) Verify Cert REQ The legitimacy of Res REQ According to Res REQ Information generated in Pub REQ Pub REQ and Nonce REQPub Perform an XOR operation to obtain the ciphertext of the authentication result.
[0156] (4) Calculate the digital signature Sig AS_AAC .
[0157] S408, AS-AAC sends the first authentication response message ASVeri to AAC.
[0158] The ASVeri includes ID AAC Nonce AAC , and Sig AS_AAC Among them, ID AAC Nonce AAC These should be equal to the corresponding fields in AACVeri. Sig AS_AAC The signature data includes ID AAC Nonce AAC and
[0159] S409. After receiving the ASVeri, AAC performs the following operations, including:
[0160] (1) Check ID AAC Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;
[0161] (2) Verify Sig using AS-AAC public key AS_AAC ;
[0162] (3) If all the above checks and verifications pass, calculate the first message integrity check code MacTag. AAC If any step of the above checks and verifications fails, ASVeri should be discarded immediately.
[0163] S410, AAC sends an authentication result recovery request message AACAuth to REQ.
[0164] The AACAuth includes Nonce. REQ Nonce AAC and MacTag AAC Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC MacTag AAC The calculation process is as follows Figure 3 As described in the examples.
[0165] S411. After receiving the AACAuth, REQ performs the following operations, including:
[0166] (1) If a Nonce exists in AACAuth REQ and / or Nonce AAC Then check the Nonce. REQ Nonce generated with REQ REQ Whether they are the same, and / or, check the Nonce. AAC Nonce in the received AACInit AAC Are they the same?
[0167] (2) Verify MacTag AAC The verification process is as follows: Figure 3 As described in the embodiments;
[0168] (3) If all the above checks and verifications pass, then use the message encryption key and a symmetric encryption algorithm to calculate the protected random number ciphertext EncData. REQ If any step in the above checks and verifications fails, AACAuth is immediately discarded.
[0169] (4) Calculate the second message integrity check code MacTag REQ .
[0170] S412, REQ sends the authentication result recovery message REQAuth to AAC.
[0171] The REQAuth includes a Nonce. REQ Nonce AAC EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub MacTag REQ The calculation process is as follows Figure 3 As described in the examples.
[0172] S413. After receiving the REQAuth, AAC performs the following operations:
[0173] (1) If a Nonce exists in REQAuth REQ and / or Nonce AAC Then check the Nonce. REQ With the Nonce in the received REQInit REQWhether they are the same, and / or, check the Nonce. AAC Nonce generated by AAC AAC Are they the same?
[0174] (2) Verify MacTag REQ The verification process is as follows: Figure 3 As described in the embodiments;
[0175] (3) After all the above checks and verifications are passed, the EncData is decrypted using a symmetric encryption algorithm with the message encryption key. REQ Get Nonce REQPub If any step in the above checks and verifications fails, the REQAuth will be discarded immediately.
[0176] (4) Nonce REQPub and Perform an XOR operation to restore Pub REQ ;
[0177] (5) According to Pub REQ Res in REQ Determine the identity verification result of REQ.
[0178] See Figure 5 This is an embodiment of an identity authentication method in roaming scenarios. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, making it easier to implement in engineering. Specifically, the AAC verifies the Sig key... REQ The method includes:
[0179] S501, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0180] S502, AAC sends a key request message AACInit to REQ.
[0181] The AACInit includes Nonce AAC KeyInfo AAC ID AS_AAC and security capabilities AAC Among them, ID AS_AAC and security capabilities AAC Optional field; ID AS_AAC The identity identifier of at least one authentication server representing AAC trust is used to enable REQ to be based on the ID. AS_AACDetermine if a mutually trusted authentication server exists (the same applies below).
[0182] S503, REQ generates Nonce REQ KeyInfo REQ and Nonce REQPub Generate ID as needed AS_REQ and Security capabilities REQ According to including KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm. The ciphertext EncPub of the REQ's identity information is then calculated using the public key of the encryption certificate. AS ; Calculate Sig REQ .
[0183] Among them, ID AS_REQ and security capabilities REQ Optional field; ID AS_REQ The identity identifier of at least one authentication server representing REQ trust, when an ID exists in AACInit. AS_AAC At that time, REQ will try to select at least one authentication server from its trusted authentication servers that matches the ID. AS_AAC The same authentication server in the middle as ID AS_REQ If the choice fails, at least one authentication server trusted by the user will be used as the ID. AS_REQ When the ID does not exist in AACInit AS_AAC At that time, REQ uses at least one authentication server it trusts as its ID. AS_REQ (The same applies below.)
[0184] S504, REQ sends the encrypted identity message REQInit to AAC.
[0185] The REQInit includes Nonce AAC Nonce REQ ID AS_REQ KeyInfo REQ Security capabilities REQ EncPub AS and Sig REQ Among them, NonceAAC ID AS_REQ and security capabilities REQ It is an optional field, and Nonce AAC It should equal the corresponding field in AACInit. (EncPub) AS The encrypted data includes Cert REQ and protected random number Nonce REQPub Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier, when Nonce is not included in REQInit. AAC At that time, Sig REQ The signature data also includes the Nonce from AACInit. AAC Field.
[0186] After receiving the REQInit, S505 and AAC perform the following operations, including:
[0187] (1) If a Nonce exists in REQInit AAC Then check the Nonce. AAC Is it related to the Nonce generated by AAC? AAC If they are the same, discard REQInit; if they are different, discard it.
[0188] (2) Based on KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm;
[0189] (3) If REQInit carries ID AS_REQ And AACInit carries an ID AS_AAC Then AAC determines ID AS_REQ and ID AS_AAC If at least one identical authentication server identity exists, it indicates a non-roaming scenario. AAC determines the first authentication server to participate in authentication from among the identity identifiers of at least one authentication server commonly trusted by both REQ and AAC. If no such server exists, it indicates a roaming scenario, and AAC needs to determine the first authentication server based on the ID. AS_AAC Determine the first authentication server AS-AAC involved in identity authentication and set the ID. AS_REQSend to AS-AAC so that AS-AAC can use the ID AS_REQ Determine the second authentication server AS-REQ; or,
[0190] If REQInit carries an ID AS_REQ However, AACInit does not carry an ID. AS_AAC Then AAC determines ID AS_REQ If at least one authentication server with the same identity identifier exists as the authentication server trusted by AAC, then in a non-roaming scenario, AAC determines the first authentication server to participate in identity authentication from among the identity identifiers of at least one authentication server commonly trusted by both REQ and AAC. If none exists, then in a roaming scenario, AAC needs to determine the first authentication server AS-AAC to participate in identity authentication based on its own trusted authentication servers, and then record the ID. AS_REQ Send to AS-AAC so that AS-AAC can use the ID AS_REQ Determine the second authentication server AS-REQ;
[0191] It should be noted that the result determined in this embodiment is the roaming status.
[0192] S506, AAC sends the first authentication request message AACVeri to AS-AAC.
[0193] The AACeri includes ID AS_REQ EncPub AS ID AAC and Nonce AAC Among them, ID AS_REQ This is an optional field, allowing AS-AAC to be based on ID. AS_REQ The second authentication server used in this authentication process was determined, and its ID was... AS_REQ EncPub AS It should equal the corresponding field in REQInit. If an ID exists in AACVeri... AS_REQ Then AS-AAC is based on ID AS_REQ Determine the second authentication server AS-REQ. If it does not exist, it means that AS-AAC has already identified AS-REQ.
[0194] S507. After receiving the AACVeri, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
[0195] The AS-AACVeri includes EncPub AS ID AAC and Nonce AACThe fields in AS-AACVeri are all derived from AACVeri.
[0196] After receiving the AS-AACVeri, S508 and AS-REQ send a decryption request message AS-REQReq to the certificate decryption server CS-DEC.
[0197] The AS-REQReq includes EncPub AS The EncPub AS It should be equal to the corresponding field in AS-AACVeri.
[0198] After receiving the AS-REQReq, S509 and CS-DEC decrypt the EncPub using the private key corresponding to the encryption certificate. AS Get Cert REQ and Nonce REQPub .
[0199] S510 and CS-DEC send a decryption response message CS-DECRep to AS-REQ.
[0200] The CS-DECRep includes the decrypted Cert. REQ and Nonce REQPub The CS-DEC can be a standalone device with an interactive and trust relationship with AS-REQ, or it can be integrated into AS-REQ. When the CS-DEC is integrated into AS-REQ, AS-REQ directly decrypts EncPub. AS Get Cert REQ and Nonce REQPub .
[0201] S511. After receiving the CS-DECRep, AS-REQ performs the following operations, including:
[0202] (1) Verify Cert REQ The legitimacy of Res REQ According to Cert REQ and Res REQ Information generated in Pub REQ ;
[0203] (2) Put Pub REQ and Nonce REQPub Perform an XOR operation to obtain the ciphertext of the authentication result.
[0204] (3) Calculate the digital signature Sig AS_REQ .
[0205] S512, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.
[0206] The AS-REQVeri includes ID AAC Nonce AAC , and Sig AS_REQ Among them, ID AAC Nonce AAC They should be equal to the corresponding fields in AS-AACVeri, Nonce REQPub It should equal the corresponding field in CS-DECRep. Sig AS_REQ The signature data includes ID AAC Nonce AAC and
[0207] S513. After receiving the AS-REQVeri, AS-AAC performs the following operations, including:
[0208] (1) Verify Sig using the public key of AS-REQ AS_REQ If the verification fails, the AS-REQVeri will be discarded.
[0209] (2) Calculate the digital signature Sig AS_AAC .
[0210] S514, AS-AAC sends the first authentication response message ASVeri to AAC.
[0211] The ASVeri includes ID AAC Nonce AAC , Sig AS_AAC Among them, ID AAC Nonce AAC , These should be equal to the corresponding fields in AS-REQVeri. Sig AS_AAC The signature data includes ID AAC Nonce AAC ,
[0212] S515. After receiving the ASVeri, AAC performs the following operations, including:
[0213] (1) Check ID AAC and Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;
[0214] (2) Verify Sig using AS-AAC public key AS_AAC ;
[0215] (3) If all the above checks and verifications pass, calculate the first message integrity check code MacTag. AAC If any step of the above checks and verifications fails, ASVeri should be discarded immediately.
[0216] S516, AAC sends an authentication result recovery request message AACAuth to REQ.
[0217] The AACAuth includes Nonce. REQ Nonce AAC and MacTag AAC Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC MacTag AAC The calculation process is as follows Figure 3 As described in the examples.
[0218] S517. After receiving the AACAuth, REQ performs the following operations, including:
[0219] (1) If a Nonce exists in AACAuth REQ and / or Nonce AAC Then check the Nonce. REQ Nonce generated with REQ REQ Are they the same? And / or, check the Nonce. AAC Nonce in the received AACInit AAC Are they the same?
[0220] (2) Verify MacTag AAC The verification process is as follows: Figure 3 As described in the embodiments;
[0221] (3) If all the above checks and verifications pass, then use the message encryption key and a symmetric encryption algorithm to calculate the protected random number ciphertext EncData. REQ If any step of the above checks and verifications fails, AACAuth will be discarded immediately.
[0222] (4) Calculate the second message integrity check code MacTag REQ .
[0223] S518, REQ sends the authentication result recovery message REQAuth to AAC.
[0224] The REQAuth includes a Nonce. REQ Nonce AAC EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub MacTag REQ The calculation process is as follows Figure 3 As described in the examples.
[0225] S519. After receiving the REQAuth, AAC performs the following operations, including:
[0226] (1) If a Nonce exists in REQAuth REQ and / or Nonce AAC Then check the Nonce. REQ With the Nonce in the received REQInit REQ Whether they are the same, and / or, check the Nonce. AAC Nonce generated by AAC AAC Are they the same?
[0227] (2) Verify MacTag REQ The verification process is as follows: Figure 3 As described in the embodiments;
[0228] (3) Decrypt EncData using the message encryption key and a symmetric encryption algorithm. REQ Obtain Nonce REQPub ;
[0229] (4) Nonce REQPub and Perform an XOR operation to restore Pub REQ ;
[0230] (5) Using Pub REQ Cert in REQ Verify Sig in REQInit REQ ;
[0231] (6) After all the above checks and verifications are passed, according to PubREQ Res in REQ Determine the identity authentication result of REQ. If any step of the above checks and verifications fails, discard REQAuth immediately.
[0232] It should be noted that the S504 REQInit may not include Sig. REQ In S518's REQAuth, add Sig REQ In S518, REQ first checks the REQAuth file containing the Nonce. REQ Nonce AAC EncData REQ The signature data, including the Sig, is calculated to generate the Sig. REQ In this case, the Sig verified by AAC in S519 REQ For S518's REQAuth, Sig REQ .
[0233] See Figure 6 This is another embodiment of the identity authentication method in roaming scenarios. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is easier to implement in engineering. Specifically, the Sig is verified by AS-REQ. REQ The method includes:
[0234] S601, AAC generates Nonce AAC and KeyInfo AAC Generate security capabilities as needed AAC .
[0235] S602, AAC sends a key request message AACInit to REQ.
[0236] The AACInit includes Nonce AAC KeyInfo AAC Security capabilities AAC and ID AS_AAC Among them, ID AS_AAC and security capabilities AAC This is an optional field.
[0237] S603, REQ generates Nonce REQ KeyInfo REQ and Nonce REQPub Generate ID as needed AS_REQ and Security capabilitiesREQ According to KeyInfo REQ The corresponding temporary private key and KeyInfo AAC The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce. AAC Nonce REQ Other information (the other information used by REQ and AAC is the same and optional, such as specific strings) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm, and the ciphertext EncPub of the REQ's identity information is calculated using the public key of the encryption certificate. AS ; Calculate Sig REQ .
[0238] S604, REQ sends the identity-encrypted message REQInit to AAC.
[0239] The REQInit includes Nonce AAC Nonce REQ ID AS_REQ KeyInfo REQ Security capabilities REQ EncPub AS and Sig REQ Among them, ID AS_REQ and security capabilities REQ Nonce is an optional field. AAC It should equal the corresponding field in AACInit; EncPub AS The encrypted data includes Cert REQ and protected random number Nonce REQPub ;Sig REQ The signature data includes the Sig in REQInit. REQ Other fields mentioned earlier.
[0240] S605. After receiving the REQInit, AAC performs the following operations, including:
[0241] (1) Check the Nonce in REQInit AAC Is it related to the Nonce generated by AAC? AAC If they are the same, discard REQInit; if they are different, discard it.
[0242] (2) Based on KeyInfo AAC The corresponding temporary private key and KeyInfo REQ The included temporary public key is used for key exchange calculation to generate the first key K1, and K1 is combined with the Nonce.AAC Nonce REQ Other information (the other information used by AAC and REQ is the same and optional, such as a specific string) is used to calculate the message encryption key and message integrity verification key using a negotiated or pre-defined key derivation algorithm;
[0243] (3) The method for determining AS-AAC by AAC is the same as described in Example 5.
[0244] S606, AAC sends the first authentication request message AACVeri to AS-AAC.
[0245] The AACVeri includes REQInit and ID. AAC .
[0246] S607. After receiving the AACVeri, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.
[0247] The AS-AACVeri includes REQInit and ID. AAC The fields in AS-AACVeri are all derived from AACVeri. The method for AS-AAC to determine the second authentication server AS-REQ is the same as described in Example 5.
[0248] After receiving the AS-AACVeri, S608 and AS-REQ send a decryption request message AS-REQReq to the certificate decryption server CS-DEC.
[0249] The AS-REQReq includes EncPub AS Among them, EncPub AS It should be equal to the corresponding field in AS-AACVeri.
[0250] After receiving the AS-REQReq, S609 and CS-DEC decrypt the EncPub using the private key corresponding to the encryption certificate. AS Get Cert REQ and Nonce REQPub .
[0251] S610 and CS-DEC send a decryption response message CS-DECRep to AS-REQ.
[0252] The CS-DECRep includes the decrypted Cert. REQ and Nonce REQPub .
[0253] S611. After receiving the CS-DECRep, AS-REQ performs the following operations, including:
[0254] (1) Using Cert REQ Verify Sig REQ If the verification fails, CS-DECRep is discarded.
[0255] (2) Verify Cert REQ The legitimacy of Res REQ According to Res REQ Information generated in Pub REQ ;
[0256] (3) Put Pub REQ and Nonce REQPub Perform an XOR operation to obtain the ciphertext of the authentication result.
[0257] (4) Calculate the digital signature Sig AS_REQ .
[0258] S612, AS-REQ sends a second authentication response message AS-REQVeri to AS-AAC.
[0259] The AS-REQVeri includes ID AAC Nonce AAC , and Sig AS_REQ Among them, ID AAC Nonce AAC They should be equal to the corresponding fields in AS-AACVeri; Nonce REQPub It should equal the corresponding field in CS-DECRep. Sig AS_REQ The signature data includes ID AAC Nonce AAC and
[0260] S613. After receiving the AS-REQVeri, AS-AAC performs the following operations, including:
[0261] (1) Verify Sig using the public key of AS-REQ AS_REQ If the verification fails, the AS-REQVeri will be discarded.
[0262] (2) Calculate the digital signature Sig AS_AAC .
[0263] S614, AS-AAC sends the first authentication response message ASVeri to AAC.
[0264] The ASVeri includes ID AACNonce AAC , and Sig AS_AAC Among them, ID AAC Nonce AAC , These should be equal to the corresponding fields in AS-REQVeri. Sig AS_AAC The signature data includes ID AAC Nonce AAC ,
[0265] S615. After receiving the ASVeri, the AAC performs the following operations, including:
[0266] (1) Check ID AAC and Nonce AAC Are they respectively related to AAC's own identity ID? AAC Nonce generated by AAC AAC same;
[0267] (2) Verify Sig using AS-AAC public key AS_AAC ;
[0268] (3) If all the above checks and verifications pass, calculate the first message integrity check code MacTag. AAC If any step in the above checks and verifications fails, ASVeri should be discarded immediately.
[0269] S616, AAC sends an authentication result recovery request message AACAuth to REQ.
[0270] The AACAuth includes Nonce. REQ Nonce AAC and MacTag AAC Among them, Nonce REQ and Nonce AAC This is an optional field and should be equal to the Nonce in REQInit. REQ Nonce generated by AAC AAC MacTag AAC The calculation process is as follows Figure 3 As described in the examples.
[0271] S617. After receiving the AACAuth, REQ performs the following operations, including:
[0272] (1) If a Nonce exists in AACAuth REQ and / or Nonce AAC Then check the Nonce. REQNonce generated with REQ REQ Whether they are the same, and / or, check the Nonce. AAC Nonce in the received AACInit AAC Are they the same?
[0273] (2) Verify MacTag AAC The verification process is as follows: Figure 3 As described in the embodiments;
[0274] (3) After all the above checks and verifications are passed, the ciphertext EncData, a protected random number, is calculated using a symmetric encryption algorithm with the message encryption key. REQ If any step in the above checks and verifications fails, AACAuth will be discarded immediately.
[0275] (4) Calculate the second message integrity check code MacTag REQ .
[0276] S618, REQ sends the authentication result recovery message REQAuth to AAC.
[0277] The REQAuth includes a Nonce. REQ Nonce AAC EncData REQ and MacTag REQ Among them, Nonce REQ and Nonce AAC These are optional fields and should be equal to the Nonce generated by the REQ. REQ Nonce in AACInit AAC EncData REQ The encrypted data includes Nonce REQPub MacTag REQ The calculation process is as follows Figure 3 As described in the examples.
[0278] S619. After receiving the REQAuth, AAC performs the following operations, including:
[0279] (1) If a Nonce exists in REQAuth REQ and / or Nonce AAC Then check the Nonce. REQ With the Nonce in the received REQInit REQ Whether they are the same, and / or, check the Nonce. AAC Nonce generated by AAC AAC Are they the same?
[0280] (2) Verify MacTag REQ The verification process is as follows: Figure 3 As described in the embodiments;
[0281] (3) After all the above checks and verifications are passed, use the message encryption key to decrypt EncData using a symmetric encryption algorithm. REQ Obtain Nonce REQPub If any step in the above checks and verifications fails, the REQAuth will be discarded immediately.
[0282] (4) Nonce REQPub and Perform an XOR operation to restore Pub REQ ;
[0283] (5) According to Pub REQ Res in REQ Determine the identity verification result of REQ.
[0284] In the above embodiments, each message may also carry a hash value. X_Y The hash value X_Y This is calculated by the sending entity X using a hash algorithm on the latest preceding message received from the peer entity Y. It is used by the peer entity Y to verify whether entity X has received the complete latest preceding message. Here, HASH... REQ_AAC This represents the hash value calculated by REQ for the latest preceding message sent by AAC. AAC_REQ HASH represents the hash value calculated by AAC for the latest preceding message sent by the received REQ. AAC_AS-AAC HASH represents the hash value calculated by AAC for the latest preceding message received from AS-AAC. AS-AAC_AAC HASH represents the hash value calculated by AS-AAC for the latest preceding message sent by AAC. AS-AAC_AS-REQ HASH represents the hash value calculated by AS-AAC for the latest preceding message sent by AS-REQ. AS-REQ_AS-AAC This represents the hash value calculated by AS-REQ for the latest preceding message received from AS-AAC. If the message currently sent by sender entity X is the first message exchanged between entity X and entity Y, meaning that entity X has not received any preceding messages from peer entity Y, then the hash value in this message... X_Y It may not exist or be meaningless.
[0285] Correspondingly, after the peer entity Y receives a message sent by entity X, if the message contains a hash... X_Y If entity Y has not sent a preceding message to entity X, then entity Y ignores the hash.X_Y When entity Y has previously sent a preceding message to entity X, entity Y uses a hash algorithm to calculate a hash value locally for the latest preceding message previously sent to entity X, and then hashes it with the hash value carried in the received message. X_Y If they match, proceed with the next steps; otherwise, discard or end the identification process.
[0286] In this invention, for entity X, the preceding message sent by peer entity Y to entity X refers to any message received by entity X from peer entity Y before entity X sends message M to peer entity Y; the latest preceding message sent by peer entity Y to entity X refers to the latest message received by entity X from peer entity Y before entity X sends message M to peer entity Y. If message M sent by entity X to its peer entity Y is the first message exchanged between entity X and entity Y, then there are no preceding messages sent by peer entity Y to entity X before entity X sends message M to its peer entity Y.
[0287] It should be noted that the above Figure 3 , Figure 4 , Figure 5 and Figure 6 The optional fields and operations in the embodiments are shown in the accompanying drawings. Figure 3 , Figure 4 , Figure 5 and Figure 6 The symbols are indicated by "*". The order of the various contents included in the messages in the above embodiments is not limited, and unless otherwise specified, the order in which the message recipient operates on the relevant messages and processes the contents included in the messages is not limited.
[0288] based on Figure 1-6 For the corresponding method implementation examples, please refer to... Figure 7 This application provides an authentication access controller (AAC) including:
[0289] The acquisition unit 701 is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device. The identity information ciphertext is generated by encrypting information including the digital certificate of the requesting device and the protection random number using the public key of the encryption certificate.
[0290] The first sending unit 702 is used to send a first authentication request message to a first authentication server trusted by the authentication access controller, wherein the first authentication request message includes encrypted identity information of the requesting device.
[0291] The first receiving unit 703 is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes ciphertext of authentication result information and the digital signature of the first authentication server. The ciphertext of authentication result information is generated by the second authentication server trusted by the requesting device using the protection random number obtained by decrypting the ciphertext of identity information to encrypt information including the identity authentication result information of the requesting device. The identity authentication result information includes the verification result of the digital certificate of the requesting device obtained by decrypting the ciphertext of identity information.
[0292] The first decryption unit 704 is used to decrypt the ciphertext of the protection random number obtained from the requesting device using the message encryption key to obtain the protection random number, and to decrypt the ciphertext of the authentication result information using the protection random number to obtain the identity authentication result information of the requesting device; the ciphertext of the protection random number is generated by the requesting device using the message encryption key to encrypt information including the protection random number.
[0293] The first verification unit 705 is used to verify the digital signature of the first authentication server;
[0294] The determining unit 706 is used to determine the identity authentication result of the requesting device based on the verification result of the digital certificate of the requesting device in the identity authentication result information after the digital signature verification of the first authentication server is passed.
[0295] Optionally, the authentication access controller further includes:
[0296] The second sending unit is used to send a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; the identity ciphertext message obtained by the acquisition unit 701 also includes the key exchange parameters of the requesting device;
[0297] The first calculation unit is used to generate a first key by performing key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and to calculate a message encryption key using a key derivation algorithm based on information including the first key.
[0298] Optionally, the key request message sent by the second sending unit further includes a first random number generated by the authentication access controller; the identity ciphertext message acquired by the acquisition unit 701 further includes a second random number generated by the requesting device.
[0299] The first calculation unit is also configured to calculate the message encryption key based on information including the first key, the first random number, and the second random number.
[0300] Optionally, the identity encrypted message acquired by the acquisition unit 701 further includes the first random number; the authentication access controller further includes:
[0301] The second verification unit is used to verify the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller.
[0302] Optionally, the key request message sent by the second sending unit may also include security capability parameter information supported by the authentication access controller; then the identity ciphertext message obtained by the acquisition unit 701 may also include a specific security policy, which is determined by the requesting device based on the security capability parameter information.
[0303] Optionally, the identity encrypted message further includes the protection random number encrypted message. Then, the first decryption unit 704 uses the message encryption key to decrypt the protection random number encrypted message obtained from the requesting device to obtain the protection random number, specifically as follows:
[0304] The first decryption unit 704 uses the message encryption key to decrypt the protected random number ciphertext in the identity ciphertext message sent by the requesting device to obtain the protected random number.
[0305] Optionally, the authentication access controller further includes:
[0306] The second receiving unit is configured to receive the authentication result recovery message sent by the requesting device, wherein the authentication result recovery message includes the protected random number ciphertext;
[0307] The first decryption unit 704 then uses the message encryption key to decrypt the ciphertext of the protected random number obtained from the requesting device to obtain the protected random number, specifically as follows:
[0308] The first decryption unit 704 uses the message encryption key to decrypt the ciphertext of the protected random number in the authentication result recovery message to obtain the protected random number.
[0309] Optionally, the authentication result recovery message received by the second receiving unit further includes a second message integrity check code, which is generated by the requesting device using a message integrity check key to calculate and generate the other fields in the authentication result recovery message besides the second message integrity check code; then the authentication access controller further includes:
[0310] The third verification unit is used to verify the second message integrity verification code using the message integrity verification key.
[0311] Optionally, the authentication access controller further includes:
[0312] The third sending unit is used to send an authentication result recovery request message to the requesting device. The authentication result recovery request message includes a first message integrity check code. The first message integrity check code is generated by the second calculation unit of the authentication access controller using a message integrity check key to calculate other fields in the authentication result recovery request message besides the first message integrity check code.
[0313] Optionally, if the identity encrypted message acquired by the acquisition unit 701 also includes the digital signature of the requesting device, then before the determination unit determines the identity authentication result of the requesting device, the determination unit is further used to determine whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, then the identity authentication result of the requesting device is determined.
[0314] Optionally, the determining unit 706 is specifically used for:
[0315] If the identity authentication result information obtained by the first decryption unit 704 after decrypting the ciphertext of the authentication result information also includes the digital certificate of the requesting device, then when the determining unit 706 verifies the digital signature of the requesting device using the digital certificate of the requesting device, it determines whether the digital signature of the requesting device has passed the verification based on the verification result; or...
[0316] The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information to verify the digital signature of the requesting device. If the authentication access controller receives the first authentication response message, the determination unit 706 determines that the digital signature of the requesting device has been verified.
[0317] Optionally, the authentication result recovery message received by the second receiving unit also includes the digital signature of the requesting device, and the identity authentication result information obtained by the first decryption unit 704 after decrypting the ciphertext of the authentication result information also includes the digital certificate of the requesting device; then, before the determining unit 706 determines the identity authentication result of the requesting device, the determining unit 706 is further configured to verify the digital signature of the requesting device using the digital certificate of the requesting device included in the identity authentication result information, and if it is determined that the digital signature of the requesting device passes the verification, then the identity authentication result of the requesting device is determined.
[0318] Optionally, the key request message sent by the second sending unit may also include the identity identifier of at least one authentication server trusted by the authentication access controller; correspondingly, the identity ciphertext message obtained by the obtaining unit 701 may also include the identity identifier of at least one authentication server trusted by the requesting device.
[0319] The determining unit 706 is further configured to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
[0320] Optionally, the identity ciphertext message acquired by the acquisition unit 701 may also include the identity identifier of at least one authentication server trusted by the requesting device;
[0321] The determining unit 706 is further configured to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
[0322] Optionally, the identity encrypted message may further include a second random number generated by the requesting device and a first random number obtained by the requesting device from the authentication access controller;
[0323] The first authentication request message sent by the first sending unit 702 also includes the identity identifier of the authentication access controller and / or the first random number;
[0324] The first authentication response message received by the first receiving unit 703 also includes the identity identifier of the authentication access controller and / or the first random number;
[0325] The authentication result recovery message received by the second receiving unit also includes the first random number and / or the second random number;
[0326] Accordingly, the authentication access controller further includes:
[0327] The fourth verification unit is used to verify the consistency between the identity identifier and / or the first random number of the authentication access controller in the first authentication response message and the identity identifier and / or the first random number generated by the authentication access controller itself before the determining unit 706 determines the identity authentication result of the requesting device.
[0328] The fourth verification unit is further configured to perform consistency verification between the first random number and / or the second random number in the authentication result recovery message and the first random number generated by the authentication access controller and / or the second random number in the identity ciphertext message before the determining unit 706 determines the identity authentication result of the requesting device.
[0329] Optionally, the message sent by the authentication access controller to the requesting device may further include a hash value calculated by the authentication access controller for the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server may further include a hash value calculated by the authentication access controller for the latest preamble message received from the first authentication server.
[0330] See Figure 8 This application embodiment also provides a request device REQ, including:
[0331] The first encryption unit 801 is used to encrypt information including the digital certificate of the requesting device and the protection random number using the public key of the encryption certificate to generate ciphertext of identity information.
[0332] The first sending unit 802 is used to send an identity encrypted message to the authentication access controller, wherein the identity encrypted message includes the identity information encrypted of the requesting device;
[0333] The second encryption unit 803 is used to encrypt information, including the protected random number, using the message encryption key to generate a protected random number ciphertext.
[0334] Optionally, the requesting device further includes:
[0335] The first receiving unit is configured to receive a key request message sent by the authentication access controller, wherein the key request message includes key exchange parameters of the authentication access controller;
[0336] The first calculation unit is used to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and to calculate the message encryption key using a key derivation algorithm based on information including the first key.
[0337] The encrypted identity message sent by the first sending unit 802 also includes the key exchange parameters of the requesting device.
[0338] Optionally, the key request message received by the first receiving unit may also include a first random number generated by the authentication access controller;
[0339] The first calculation unit is further configured to calculate the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device;
[0340] The encrypted identity message sent by the first sending unit 802 also includes the second random number.
[0341] Optionally, the encrypted identity message sent by the first sending unit 802 may also include the first random number.
[0342] Optionally, the key request message received by the first receiving unit may further include security capability parameter information supported by the authentication access controller, and the requesting device may further include:
[0343] The first determining unit is configured to determine the specific security policy used by the requesting device based on the security capability parameter information.
[0344] The encrypted identity message sent by the first sending unit 802 also includes the specific security policy.
[0345] Optionally, the identity ciphertext message sent by the first sending unit 802 may also include the protection random number ciphertext.
[0346] Optionally, the requesting device further includes:
[0347] The second sending unit is used to send an authentication result recovery message to the authentication access controller, the authentication result recovery message including the protection random number ciphertext.
[0348] Optionally, if the authentication result recovery message sent by the second sending unit further includes a second message integrity check code, then the requesting device further includes:
[0349] The second calculation unit calculates the second message integrity check code using the message integrity check key on all fields in the recovery message, excluding the second message integrity check code, including the authentication result.
[0350] Optionally, the requesting device further includes:
[0351] The second receiving unit is configured to receive an authentication result recovery request message, including a first message integrity check code, sent by the authentication access controller; the first message integrity check code is generated by the authentication access controller using a message integrity check key to calculate other fields in the authentication result recovery request message besides the first message integrity check code.
[0352] The verification unit is used to verify the first message integrity verification code using the message integrity verification key.
[0353] Optionally, the key request message received by the first receiving unit further includes the identity identifier of at least one authentication server trusted by the authentication access controller; the requesting device further includes:
[0354] The second determining unit is configured to determine the identity identifier of at least one authentication server trusted by the requesting device based on the identity identifier of at least one authentication server trusted by the authentication access controller.
[0355] The encrypted identity message sent by the first sending unit 802 also includes the identity identifier of at least one authentication server trusted by the requesting device.
[0356] Optionally, the encrypted identity message sent by the first sending unit 802 may also include the identity identifier of at least one authentication server trusted by the requesting device.
[0357] Optionally, the message sent by the requesting device to the authentication access controller may also include a hash value calculated by the requesting device for the latest preceding message sent by the authentication access controller.
[0358] See Figure 9 This application embodiment also provides a first authentication server AS-AAC, which is an authentication server trusted by the authentication access controller, including:
[0359] The first receiving unit 901 is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes the encrypted identity information of the requesting device. The encrypted identity information is generated by encrypting information including the digital certificate of the requesting device and a protection random number using the public key of the encryption certificate.
[0360] The first sending unit 902 is used to send a first authentication response message to the authentication access controller. The first authentication response message includes ciphertext of authentication result information and the digital signature of the first authentication server. The ciphertext of authentication result information is generated by the second authentication server trusted by the requesting device using the protection random number obtained by decrypting the ciphertext of identity information to encrypt information including the identity authentication result information of the requesting device. The identity authentication result information includes the verification result of the digital certificate of the requesting device obtained by decrypting the ciphertext of identity information.
[0361] Optionally, when the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, the first authentication server further includes:
[0362] The decryption unit is used to decrypt the ciphertext of the identity information using the private key corresponding to the encryption certificate to obtain the digital certificate and protection random number of the requesting device.
[0363] The first verification unit is used to verify the legitimacy of the digital certificate of the requesting device and obtain the verification result of the digital certificate.
[0364] The first generation unit is configured to generate identity authentication result information based on information including the verification result of the digital certificate, encrypt the information including the identity authentication result information using the protection random number to generate ciphertext of authentication result information, calculate and generate a digital signature of the first authentication server based on the signature data including the ciphertext of authentication result information, and generate a first authentication response message based on information including the ciphertext of authentication result information and the digital signature of the first authentication server.
[0365] Optionally, when the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, the first authentication server further includes:
[0366] The second sending unit is used to send a second authentication request message to the second authentication server, wherein the second authentication request message includes encrypted identity information of the requesting device.
[0367] The second receiving unit is configured to receive a second authentication response message sent by the second authentication server, wherein the second authentication response message includes encrypted authentication result information and the digital signature of the second authentication server.
[0368] The second verification unit is used to verify the digital signature of the second authentication server using the public key of the second authentication server;
[0369] The second generation unit is configured to, when the digital signature verification of the second authentication server is successful, calculate and generate the digital signature of the first authentication server from the signature data including the ciphertext of the authentication result information, and generate the first authentication response message based on the information including the ciphertext of the authentication result information and the digital signature of the first authentication server.
[0370] Optionally, the message sent by the first authentication server to the authentication access controller may also include a hash value calculated by the first authentication server for the latest preceding message received from the authentication access controller; the message sent by the first authentication server to the second authentication server may also include a hash value calculated by the first authentication server for the latest preceding message received from the second authentication server.
[0371] See Figure 10 This application embodiment also provides a second authentication server AS-REQ, which is an authentication server requesting device trust. If the first authentication server trusted by the authentication access controller and the second authentication server requesting device trust are two different authentication servers, then the second authentication server includes:
[0372] The receiving unit 1001 is configured to receive a second authentication request message sent by the first authentication server, wherein the second authentication request message includes ciphertext of the identity information of the requesting device; the ciphertext of the identity information is generated by encrypting information including the digital certificate of the requesting device and a protection random number using the public key of the encryption certificate;
[0373] Decryption unit 1002 is used to decrypt the encrypted identity information of the requesting device using the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the protection random number;
[0374] The generation unit 1003 is used to perform legality verification on the digital certificate to obtain the verification result of the digital certificate, generate identity authentication result information based on the information including the verification result of the digital certificate, encrypt the information including the identity authentication result information using the protection random number to generate ciphertext of authentication result information, calculate and generate the digital signature of the second authentication server based on the signature data including the ciphertext of authentication result information, and generate a second authentication response message based on the information including the ciphertext of authentication result information and the digital signature of the second authentication server.
[0375] The sending unit 1004 is used to send the second authentication response message to the first authentication server.
[0376] Optionally, the message sent by the second authentication server to the first authentication server may also include a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server.
[0377] Those skilled in the art will understand that all or part of the steps of the above method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it performs the steps of the above method embodiments. The aforementioned storage medium can be at least one of the following media: read-only memory (ROM), RAM, magnetic disk or optical disk, and other media capable of storing program code.
[0378] It should be noted that the various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to mutually. Each embodiment focuses on describing the differences from other embodiments. In particular, for the device and system embodiments, since they are consistent with and correspond to the method embodiments, the description is relatively simple, and relevant parts can be referred to the description of the method embodiments. The device and system embodiments described above are merely illustrative, and the units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units, that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment solution according to actual needs. Those skilled in the art can understand and implement this without creative effort.
[0379] The above description is merely one specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. A method for identity verification, characterized in that, The method includes: The authentication access controller obtains the identity encrypted message sent by the requesting device. The identity encrypted message includes the identity information encrypted by the requesting device. The identity information encrypted is generated by encrypting information including the digital certificate of the requesting device and the protection random number using the public key of the encryption certificate. The authentication access controller sends a first authentication request message to a first authentication server it trusts, the first authentication request message including encrypted identity information of the requesting device; The authentication access controller receives a first authentication response message sent by the first authentication server. The first authentication response message includes ciphertext of authentication result information and the digital signature of the first authentication server. The ciphertext of authentication result information is generated by a second authentication server trusted by the requesting device, which uses the protection random number obtained by decrypting the ciphertext of identity information to encrypt information including the identity authentication result information of the requesting device. The identity authentication result information includes the verification result of the digital certificate of the requesting device obtained by decrypting the ciphertext of identity information. The authentication access controller uses a message encryption key to decrypt the ciphertext of the protection random number obtained from the requesting device to obtain the protection random number, and uses the protection random number to decrypt the ciphertext of the authentication result information to obtain the identity authentication result information of the requesting device; the ciphertext of the protection random number is generated by the requesting device using the message encryption key to encrypt information including the protection random number; The authentication access controller verifies the digital signature of the first authentication server; After the digital signature verification by the first authentication server is successful, the authentication access controller determines the identity authentication result of the requesting device based on the verification result of the digital certificate of the requesting device in the identity authentication result information.
2. The method according to claim 1, characterized in that, Before the authentication access controller obtains the encrypted identity message sent by the requesting device, the method further includes: The authentication access controller sends a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; The requesting device generates a first key by performing a key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and calculates the message encryption key using a key derivation algorithm based on information including the first key. Correspondingly, the identity encrypted message also includes the key exchange parameters of the requesting device; The authentication access controller generates the first key by performing key exchange calculation based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and calculates the message encryption key using the key derivation algorithm based on information including the first key.
3. The method according to claim 2, characterized in that, The key request message also includes a first random number generated by the authentication access controller; The requesting device further includes calculating the message encryption key as follows: The requesting device calculates the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device. Correspondingly, the encrypted identity message also includes the second random number; The authentication access controller further includes the following steps in calculating the message encryption key: The authentication access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.
4. The method according to claim 3, characterized in that, The encrypted identity message also includes the first random number; Before the authentication access controller calculates the message encryption key, the method further includes: The authentication access controller verifies the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller. If the verification passes, the authentication access controller then calculates the message encryption key.
5. The method according to claim 2, characterized in that, The key request message also includes security capability parameter information supported by the authentication access controller, and the method further includes: The requesting device determines the specific security policy to be used by the requesting device based on the security capability parameter information; The encrypted identity message also includes the specific security policy.
6. The method according to claim 1, characterized in that, The identity encrypted message also includes the protection random number encrypted message. The authentication access controller then uses the message encryption key to decrypt the protection random number encrypted message to obtain the protection random number, specifically: The authentication access controller uses the message encryption key to decrypt the protected random number ciphertext in the identity ciphertext message sent by the requesting device to obtain the protected random number.
7. The method according to claim 1, characterized in that, After the requesting device sends the encrypted identity message, the method further includes: The requesting device sends an authentication result recovery message to the authentication access controller, the authentication result recovery message including the protected random number ciphertext; The authentication access controller then uses the message encryption key to decrypt the ciphertext of the protected random number to obtain the protected random number, specifically as follows: The authentication access controller uses the message encryption key to decrypt the ciphertext of the protection random number in the authentication result recovery message sent by the requesting device to obtain the protection random number.
8. The method according to claim 7, characterized in that, The authentication result recovery message also includes a second message integrity check code, which is generated by the requesting device using a message integrity check key to calculate other fields in the authentication result recovery message besides the second message integrity check code; the method of generating the message integrity check key used by the requesting device is the same as the method of generating the message encryption key by the requesting device. Accordingly, before the authentication access controller decrypts the protected random number ciphertext, the method further includes: The authentication access controller uses the message integrity verification key to verify the second message integrity verification code; if the verification is successful, the authentication access controller then performs the relevant steps; the method of generating the message integrity verification key used by the authentication access controller is the same as the method of generating the message encryption key.
9. The method according to claim 7, characterized in that, Before the requesting device sends the authentication result recovery message, the method further includes: The authentication access controller sends an authentication result recovery request message to the requesting device. The authentication result recovery request message includes a first message integrity check code. The first message integrity check code is generated by the authentication access controller using a message integrity check key to calculate other fields in the authentication result recovery request message, excluding the first message integrity check code. The method of generating the message integrity check key used by the authentication access controller is the same as the method of generating the message encryption key. Accordingly, the requesting device uses the message integrity verification key to verify the first message integrity verification code; if the verification is successful, the requesting device then performs the relevant steps; the method of generating the message integrity verification key used by the requesting device is the same as the method of generating the message encryption key by the requesting device.
10. The method according to claim 1, characterized in that, If the encrypted identity message also includes the digital signature of the requesting device, then before the authentication access controller determines the identity authentication result of the requesting device, the method further includes: The authentication access controller determines whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, the authentication result of the requesting device is determined based on the verification result of the digital certificate of the requesting device.
11. The method according to claim 10, characterized in that, The authentication access controller determines whether the digital signature of the requesting device has been verified, specifically including: If the authentication result information obtained by the authentication access controller after decrypting the ciphertext of the authentication result information also includes the digital certificate of the requesting device, then the authentication access controller uses the digital certificate of the requesting device to verify the digital signature of the requesting device, and determines whether the digital signature of the requesting device has passed verification based on the verification result; or... The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information to verify the digital signature of the requesting device. If the authentication access controller receives the first authentication response message, it determines that the digital signature of the requesting device has been verified.
12. The method according to claim 7, characterized in that, The authentication result recovery message also includes the digital signature of the requesting device, and the identity authentication result information obtained by the authentication access controller by decrypting the ciphertext of the authentication result information also includes the digital certificate of the requesting device; Before the authentication access controller determines the authentication result of the requesting device, the method further includes: The authentication access controller uses the digital certificate of the requesting device in the decrypted identity authentication result information to verify the digital signature of the requesting device. If the digital signature of the requesting device is verified, the identity authentication result of the requesting device is determined based on the verification result of the digital certificate of the requesting device.
13. The method according to claim 2, characterized in that, The key request message also includes the identity identifier of at least one authentication server trusted by the authentication access controller; the method further includes: The requesting device determines the identity identifier of at least one authentication server trusted by the authentication access controller. The encrypted identity message further includes the identity identifier of at least one authentication server that the requesting device trusts; the method further includes: The authentication access controller determines the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
14. The method according to claim 1, characterized in that, The encrypted identity message also includes the identity identifier of at least one authentication server that the requesting device trusts; the method further includes: The authentication access controller determines the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
15. The method according to claim 7, characterized in that, The encrypted identity message also includes a second random number generated by the requesting device and a first random number obtained by the requesting device from the authentication access controller; The first authentication request message further includes the identity identifier of the authentication access controller and / or the first random number; The first authentication response message also includes the identity identifier of the authentication access controller and / or the first random number; The authentication result recovery message also includes the first random number and / or the second random number; Accordingly, before the authentication access controller determines the authentication result of the requesting device, the method further includes: The authentication access controller performs a consistency verification between the authentication access controller's identity identifier and / or the first random number in the first authentication response message and the authentication access controller's own identity identifier and / or the first random number generated by the authentication access controller. The authentication access controller performs consistency verification between the first random number and / or the second random number in the authentication result recovery message and the first random number generated by the authentication access controller and / or the second random number in the identity ciphertext message.
16. The method according to any one of claims 1 to 15, characterized in that, When the first authentication server and the second authentication server are the same, before the first authentication server sends the first authentication response message, the method further includes: The first authentication server obtains the digital certificate of the requesting device and the protection random number obtained by decrypting the ciphertext of the identity information using the private key corresponding to the encryption certificate. It then verifies the validity of the digital certificate of the requesting device to obtain the verification result of the digital certificate. Based on the information including the verification result of the digital certificate, it generates the identity authentication result information. It then encrypts the information including the identity authentication result information using the protection random number to generate the ciphertext of the authentication result information. Finally, it calculates and generates the digital signature of the first authentication server based on the signature data including the ciphertext of the authentication result information and the digital signature of the first authentication server. Based on the information including the ciphertext of the authentication result information and the digital signature of the first authentication server, it generates the first authentication response message.
17. The method according to any one of claims 1 to 15, characterized in that, When the first authentication server and the second authentication server are different, before the first authentication server sends the first authentication response message, the method further includes: The first authentication server sends a second authentication request message to the second authentication server, the second authentication request message including the encrypted identity information of the requesting device; the second authentication server obtains the digital certificate of the requesting device obtained by decrypting the encrypted identity information of the requesting device using the private key corresponding to the encryption certificate and the protection random number, verifies the legality of the digital certificate to obtain the verification result of the digital certificate, generates the identity authentication result information based on the information including the verification result of the digital certificate, encrypts the information including the identity authentication result information using the protection random number to generate the encrypted authentication result information, calculates the signature data including the encrypted authentication result information to generate the digital signature of the second authentication server, and generates a second authentication response message based on the information including the encrypted authentication result information and the digital signature of the second authentication server; The first authentication server receives the second authentication response message sent by the second authentication server. The second authentication response message includes ciphertext of authentication result information and the digital signature of the second authentication server. The first authentication server uses the public key of the second authentication server to verify the digital signature of the second authentication server; If the verification is successful, the first authentication server calculates and generates a digital signature for the signature data, including the ciphertext of the authentication result information, and generates the first authentication response message based on the information including the ciphertext of the authentication result information and the digital signature of the first authentication server.
18. The method according to any one of claims 1 to 15, characterized in that, The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device for the latest preceding message received from the authentication access controller; When the authentication access controller receives a message from the requesting device, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the authentication access controller to the requesting device also includes a hash value calculated by the authentication access controller for the latest preceding message sent by the requesting device. When the requesting device receives a message from the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the authentication access controller to the first authentication server also includes a hash value calculated by the authentication access controller for the latest preceding message received from the first authentication server; When the first authentication server receives a message from the authentication access controller, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the first authentication server to the authentication access controller also includes a hash value calculated by the first authentication server for the latest preceding message sent by the authentication access controller. When the authentication access controller receives a message from the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the first authentication server to the second authentication server also includes a hash value calculated by the first authentication server for the latest preceding message received from the second authentication server; When the second authentication server receives a message from the first authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful. The message sent by the second authentication server to the first authentication server also includes a hash value calculated by the second authentication server for the latest preceding message sent by the first authentication server. When the first authentication server receives a message from the second authentication server, it first verifies the hash value in the received message, and then performs subsequent operations after the verification is successful.
19. An authentication access controller, characterized in that, The authentication access controller includes: The acquisition unit is used to acquire the identity ciphertext message sent by the requesting device. The identity ciphertext message includes the identity information ciphertext of the requesting device, which is generated by encrypting information including the digital certificate of the requesting device and a protection random number using the public key of the encryption certificate. The first sending unit is configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, wherein the first authentication request message includes encrypted identity information of the requesting device. The first receiving unit is configured to receive a first authentication response message sent by the first authentication server. The first authentication response message includes ciphertext of authentication result information and the digital signature of the first authentication server. The ciphertext of authentication result information is generated by a second authentication server trusted by the requesting device, which uses a protection random number obtained by decrypting the ciphertext of identity information to encrypt information including the identity authentication result information of the requesting device. The identity authentication result information includes the verification result of the digital certificate of the requesting device obtained by decrypting the ciphertext of identity information. The first decryption unit is used to decrypt the ciphertext of the protection random number obtained from the requesting device using the message encryption key to obtain the protection random number, and to decrypt the ciphertext of the authentication result information using the protection random number to obtain the identity authentication result information of the requesting device; the ciphertext of the protection random number is generated by the requesting device using the message encryption key to encrypt information including the protection random number. The first verification unit is used to verify the digital signature of the first authentication server; The determining unit is configured to determine the identity authentication result of the requesting device based on the verification result of the digital certificate of the requesting device in the identity authentication result information after the digital signature verification of the first authentication server is passed.
20. The authentication access controller according to claim 19, characterized in that, The authentication access controller further includes: The second sending unit is configured to send a key request message to the requesting device, the key request message including the key exchange parameters of the authentication access controller; the identity ciphertext message obtained by the acquisition unit also includes the key exchange parameters of the requesting device. The first calculation unit is used to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the authentication access controller and the temporary public key included in the key exchange parameters of the requesting device, and to calculate a message encryption key using a key derivation algorithm based on information including the first key.
21. The authentication access controller according to claim 20, characterized in that, The key request message sent by the second sending unit also includes a first random number generated by the authentication access controller; the identity ciphertext message acquired by the acquisition unit also includes a second random number generated by the requesting device. The first calculation unit is also configured to calculate the message encryption key based on information including the first key, the first random number, and the second random number.
22. The authentication access controller according to claim 21, characterized in that, The encrypted identity message acquired by the acquisition unit also includes the first random number; The authentication access controller further includes: The second verification unit is used to verify the consistency between the first random number in the identity encrypted message and the first random number generated by the authentication access controller.
23. The authentication access controller according to claim 20, characterized in that, The key request message sent by the second sending unit also includes security capability parameter information supported by the authentication access controller; then the identity ciphertext message obtained by the obtaining unit also includes a specific security policy, which is determined by the requesting device based on the security capability parameter information.
24. The authentication access controller according to claim 19, characterized in that, The identity ciphertext message also includes the protection random number ciphertext. The first decryption unit then uses the message encryption key to decrypt the protection random number ciphertext obtained from the requesting device to obtain the protection random number, specifically: The first decryption unit uses the message encryption key to decrypt the protected random number ciphertext in the identity ciphertext message sent by the requesting device to obtain the protected random number.
25. The authentication access controller according to claim 19, characterized in that, The authentication access controller further includes: The second receiving unit is configured to receive the authentication result recovery message sent by the requesting device, wherein the authentication result recovery message includes the protected random number ciphertext; The first decryption unit then uses the message encryption key to decrypt the protected random number ciphertext to obtain the protected random number, specifically as follows: The first decryption unit uses the message encryption key to decrypt the ciphertext of the protected random number in the authentication result recovery message to obtain the protected random number.
26. The authentication access controller according to claim 25, characterized in that, The authentication result recovery message also includes a second message integrity check code, which is generated by the requesting device using a message integrity check key to calculate and apply all fields in the authentication result recovery message except for the second message integrity check code; therefore, the authentication access controller also includes: The third verification unit is used to verify the second message integrity verification code using the message integrity verification key.
27. The authentication access controller according to claim 25, characterized in that, The authentication access controller further includes: The third sending unit is used to send an authentication result recovery request message to the requesting device. The authentication result recovery request message includes a first message integrity check code. The first message integrity check code is generated by the second calculation unit of the authentication access controller using a message integrity check key to calculate other fields in the authentication result recovery request message besides the first message integrity check code.
28. The authentication access controller according to claim 19, characterized in that, The identity encrypted message acquired by the acquisition unit also includes the digital signature of the requesting device. Before the determination unit determines the identity authentication result of the requesting device, the determination unit is also used to determine whether the digital signature of the requesting device has been verified. If the digital signature of the requesting device has been verified, then the identity authentication result of the requesting device is determined.
29. The authentication access controller according to claim 28, characterized in that, The determining unit is specifically used for: If the identity authentication result information obtained by the first decryption unit after decrypting the ciphertext of the authentication result information also includes the digital certificate of the requesting device, then when the determining unit verifies the digital signature of the requesting device using the digital certificate of the requesting device, it determines whether the digital signature of the requesting device has passed verification based on the verification result; or... The second authentication server uses the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information to verify the digital signature of the requesting device. If the authentication access controller receives the first authentication response message, the determining unit determines that the digital signature of the requesting device has been verified.
30. The authentication access controller according to claim 25, characterized in that, The authentication result recovery message received by the second receiving unit also includes the digital signature of the requesting device, and the identity authentication result information obtained by the first decryption unit after decrypting the ciphertext of the authentication result information also includes the digital certificate of the requesting device; therefore, before the determining unit determines the identity authentication result of the requesting device, the determining unit is further used to verify the digital signature of the requesting device using the digital certificate of the requesting device in the decrypted identity authentication result information. If it is determined that the digital signature of the requesting device passes the verification, then the identity authentication result of the requesting device is determined.
31. The authentication access controller according to claim 20, characterized in that, The key request message sent by the second sending unit also includes the identity identifier of at least one authentication server trusted by the authentication access controller; correspondingly, the identity ciphertext message obtained by the obtaining unit also includes the identity identifier of at least one authentication server trusted by the requesting device. The determining unit is further configured to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of at least one authentication server trusted by the authentication access controller in the key request message.
32. The authentication access controller according to claim 19, characterized in that, The encrypted identity message acquired by the acquisition unit also includes the identity identifier of at least one authentication server trusted by the requesting device; The determining unit is further configured to determine the first authentication server based on the identity identifier of at least one authentication server trusted by the requesting device and the identity identifier of the authentication server trusted by the authentication access controller.
33. The authentication access controller according to claim 25, characterized in that, The encrypted identity message also includes a second random number generated by the requesting device and a first random number obtained by the requesting device from the authentication access controller; The first authentication request message sent by the first sending unit also includes the identity identifier of the authentication access controller and / or the first random number; The first authentication response message received by the first receiving unit also includes the identity identifier of the authentication access controller and / or the first random number; The authentication result recovery message received by the second receiving unit also includes the first random number and / or the second random number; Accordingly, the authentication access controller further includes: The fourth verification unit is used to verify the consistency between the identity identifier and / or the first random number of the authentication access controller in the first authentication response message and the identity identifier and / or the first random number generated by the authentication access controller itself before the determining unit determines the identity authentication result of the requesting device. The fourth verification unit is further configured to perform consistency verification between the first random number and / or the second random number in the authentication result recovery message and the first random number generated by the authentication access controller and / or the second random number in the identity ciphertext message before the determining unit determines the identity authentication result of the requesting device.
34. The authentication access controller according to any one of claims 19 to 33, characterized in that, The message sent by the authentication access controller to the requesting device also includes a hash value calculated by the authentication access controller for the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server also includes a hash value calculated by the authentication access controller for the latest preamble message received from the first authentication server.
35. A requesting device, characterized in that, The requesting device includes: The first encryption unit is used to encrypt information including the digital certificate of the requesting device and the protection random number using the public key of the encryption certificate to generate ciphertext of identity information; The first sending unit is configured to send an identity encrypted message to the authentication access controller, wherein the identity encrypted message includes the identity information encrypted of the requesting device; The second encryption unit is used to encrypt information, including the protected random number, using the message encryption key to generate a protected random number ciphertext.
36. The requesting device according to claim 35, characterized in that, The requesting device also includes: The first receiving unit is configured to receive a key request message sent by the authentication access controller, wherein the key request message includes key exchange parameters of the authentication access controller; The first calculation unit is used to perform key exchange calculation to generate a first key based on the temporary private key corresponding to the key exchange parameters of the requesting device and the temporary public key included in the key exchange parameters of the authentication access controller, and to calculate the message encryption key using a key derivation algorithm based on information including the first key. The encrypted identity message sent by the first sending unit also includes the key exchange parameters of the requesting device.
37. The requesting device according to claim 36, characterized in that, The key request message received by the first receiving unit also includes a first random number generated by the authentication access controller; The first calculation unit is further configured to calculate the message encryption key based on information including the first key, the first random number, and the second random number generated by the requesting device; The encrypted identity message sent by the first sending unit also includes the second random number.
38. The requesting device according to claim 37, characterized in that, The encrypted identity message sent by the first sending unit also includes the first random number.
39. The requesting device according to claim 36, characterized in that, The key request message received by the first receiving unit also includes security capability parameter information supported by the authentication access controller, and the requesting device further includes: The first determining unit is configured to determine the specific security policy used by the requesting device based on the security capability parameter information. The encrypted identity message sent by the first sending unit also includes the specific security policy.
40. The requesting device according to claim 35, characterized in that, The identity ciphertext message sent by the first sending unit also includes the protection random number ciphertext.
41. The requesting device according to claim 35, characterized in that, The requesting device also includes: The second sending unit is used to send an authentication result recovery message to the authentication access controller, the authentication result recovery message including the protection random number ciphertext.
42. The requesting device according to claim 41, characterized in that, If the authentication result recovery message sent by the second sending unit also includes a second message integrity check code, then the requesting device further includes: The second calculation unit calculates the second message integrity check code using the message integrity check key on all fields in the recovery message, excluding the second message integrity check code, including the authentication result.
43. The requesting device according to claim 41, characterized in that, The requesting device also includes: The second receiving unit is configured to receive an authentication result recovery request message, including a first message integrity check code, sent by the authentication access controller; the first message integrity check code is generated by the authentication access controller using a message integrity check key to calculate other fields in the authentication result recovery request message besides the first message integrity check code. The verification unit is used to verify the first message integrity verification code using the message integrity verification key.
44. The requesting device according to claim 36, characterized in that, The key request message received by the first receiving unit also includes the identity identifier of at least one authentication server trusted by the authentication access controller; The requesting device also includes: The second determining unit is configured to determine the identity identifier of at least one authentication server trusted by the requesting device based on the identity identifier of at least one authentication server trusted by the authentication access controller. The encrypted identity message sent by the first sending unit also includes the identity identifier of at least one authentication server trusted by the requesting device.
45. The requesting device according to claim 36, characterized in that, The encrypted identity message sent by the first sending unit also includes the identity identifier of at least one authentication server trusted by the requesting device.
46. The requesting device according to any one of claims 35 to 45, characterized in that, The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device for the latest preceding message received from the authentication access controller.
47. A first authentication server, characterized in that, The first authentication server is an authentication server trusted by the authentication access controller, including: The first receiving unit is configured to receive a first authentication request message sent by the authentication access controller. The first authentication request message includes encrypted identity information of the requesting device. The encrypted identity information is generated by encrypting information including the digital certificate of the requesting device and a protection random number using the public key of the encryption certificate. The first sending unit is configured to send a first authentication response message to the authentication access controller. The first authentication response message includes ciphertext of authentication result information and the digital signature of the first authentication server. The ciphertext of authentication result information is generated by the second authentication server trusted by the requesting device using the protection random number obtained by decrypting the ciphertext of identity information to encrypt information including the identity authentication result information of the requesting device. The identity authentication result information includes the verification result of the digital certificate of the requesting device obtained by decrypting the ciphertext of identity information.
48. The first authentication server according to claim 47, characterized in that, When the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, the first authentication server further includes: The decryption unit is used to decrypt the ciphertext of the identity information using the private key corresponding to the encryption certificate to obtain the digital certificate and protection random number of the requesting device. The first verification unit is used to verify the legitimacy of the digital certificate of the requesting device and obtain the verification result of the digital certificate. The first generation unit is configured to generate identity authentication result information based on information including the verification result of the digital certificate, encrypt the information including the identity authentication result information using the protection random number to generate ciphertext of authentication result information, calculate and generate a digital signature of the first authentication server based on the signature data including the ciphertext of authentication result information, and generate a first authentication response message based on information including the ciphertext of authentication result information and the digital signature of the first authentication server.
49. The first authentication server according to claim 47, characterized in that, When the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers, the first authentication server further includes: The second sending unit is used to send a second authentication request message to the second authentication server, wherein the second authentication request message includes encrypted identity information of the requesting device. The second receiving unit is configured to receive a second authentication response message sent by the second authentication server, wherein the second authentication response message includes encrypted authentication result information and the digital signature of the second authentication server. The second verification unit is used to verify the digital signature of the second authentication server using the public key of the second authentication server; The second generation unit is configured to, when the digital signature verification of the second authentication server is successful, calculate and generate the digital signature of the first authentication server from the signature data including the ciphertext of the authentication result information, and generate the first authentication response message based on the information including the ciphertext of the authentication result information and the digital signature of the first authentication server.
50. The first authentication server according to any one of claims 47 to 49, characterized in that, The message sent by the first authentication server to the authentication access controller also includes a hash value calculated by the first authentication server for the latest preamble message received from the authentication access controller; the message sent by the first authentication server to the second authentication server also includes a hash value calculated by the first authentication server for the latest preamble message received from the second authentication server.
51. A second authentication server, characterized in that, The second authentication server is the authentication server requesting device trust. If the first authentication server trusted by the access controller and the second authentication server requesting device trust are two different authentication servers, then the second authentication server includes: The receiving unit is configured to receive a second authentication request message sent by the first authentication server, wherein the second authentication request message includes encrypted identity information of the requesting device; the encrypted identity information is generated by encrypting information including the digital certificate of the requesting device and a protection random number using the public key of the encryption certificate; The decryption unit is used to decrypt the encrypted identity information of the requesting device using the private key corresponding to the encryption certificate to obtain the digital certificate of the requesting device and the protection random number. The generation unit is configured to perform legality verification on the digital certificate to obtain the verification result of the digital certificate, generate identity authentication result information based on the information including the verification result of the digital certificate, encrypt the information including the identity authentication result information using the protection random number to generate ciphertext of authentication result information, calculate and generate a digital signature of the second authentication server based on the signature data including the ciphertext of authentication result information, and generate a second authentication response message based on the information including the ciphertext of authentication result information and the digital signature of the second authentication server. The sending unit is used to send the second authentication response message to the first authentication server.
52. The second authentication server according to claim 51, characterized in that, The message sent by the second authentication server to the first authentication server also includes a hash value calculated by the second authentication server for the latest preceding message received from the first authentication server.