CN101635624A - Method for authenticating entities by introducing online trusted third party - Google Patents

Method for authenticating entities by introducing online trusted third party Download PDF

Info

Publication number
CN101635624A
CN101635624A CN200910023774.5A CN200910023774A CN101635624A CN 101635624 A CN101635624 A CN 101635624A CN 200910023774 A CN200910023774 A CN 200910023774A CN 101635624 A CN101635624 A CN 101635624A
Authority
CN
China
Prior art keywords
entity
message
party
trusted
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910023774.5A
Other languages
Chinese (zh)
Other versions
CN101635624B (en
Inventor
赖晓龙
曹军
铁满霞
肖跃雷
黄振海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN200910023774.5A priority Critical patent/CN101635624B/en
Priority to PCT/CN2009/076180 priority patent/WO2011026296A1/en
Publication of CN101635624A publication Critical patent/CN101635624A/en
Application granted granted Critical
Publication of CN101635624B publication Critical patent/CN101635624B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a method for authenticating entities by introducing an online trusted third party. The method comprises the following steps: 1) an entity A sends a message 1 to an entity B; 2) the entity B returns a message 2 to the entity A after receiving the message 1; 3) the entity A sends a message 3 to the trusted third party TP after receiving the message 2; 4) the trusted third party TP checks the validity of the entity A and the entity B after receiving the message 3; 5) the trusted third party TP returns a message 4 to the entity A after checking the validity of the entity A and the entity B; 6) the entity A carries out message authentication to finish authenticating the entity B after receiving the message 4; 7) the entity A sends a message 5 to the entity B; and 8) the entity B carries out the message authentication to finish authenticating the entity A after receiving the message 5. By defining the mechanism for online retrieval and authentication of public keys and simplifying the operation conditions of protocols, the method of the invention can achieve the validity authentication between users and networks in practical application.

Description

Introduce the method for authenticating entities of online trusted third party
Technical field
The present invention relates to a kind of method for authenticating entities, especially a kind of method for authenticating entities of introducing online trusted third party.
Background technology
Adopt the method for authenticating entities of asymmetric cryptographic technique can be divided into two types, promptly unidirectional discriminating and two-way discriminating.The uniqueness of differentiating or ageingly identified by time-varying parameter is often used as free mark, serial number and the random number etc. of time-varying parameter.If adopt time mark or serial number as time-varying parameter, then unidirectional discriminating only need be adopted a message transmission, and two-way discriminating need be adopted twice message transmission; If adopt random number as time-varying parameter, then unidirectional discriminating need be adopted twice message transmission, and two-way discriminating need be adopted three-message transmission or four message transmission (i.e. the parallel discriminating of twice message transmission).
No matter above-mentioned which kind of authentication scheme, before the operation or in the middle of the operation, the verifier must have effective public-key cryptography of the person of claiming, otherwise discrimination process can suffer damage and maybe can not complete successfully.At this, be that example describes with three transmission methods of two-way discriminating:
Referring to Fig. 1, token TokenAB=R A|| R B|| B||Text3||sS A(R A|| R B|| B||Text2), TokenBA=R B|| R A|| A||Text5||sS B(R B|| R A|| A||Text4).Wherein, X is the entity specificator, and this identification system has A and two of B to differentiate entity; Cert XThe certificate of presentation-entity X; SS XThe signature of presentation-entity X; R XThe random number that presentation-entity X produces; Text is the optional text field.
Details are as follows to transmit the authentication scheme running for three times:
1) entity B sends random number R B, option text Text1 gives entity A;
2) entity A sends token TokenAB, option certificate Cert AGive entity B;
3) after entity B is received the message of entity A transmission, carry out following steps:
3.1) by the certificate of checking entity A or effective public-key cryptography of guaranteeing to have entity A by other mode.
3.2) obtain the PKI of entity A after, verification step 2) in the signature of TokenAB, the correctness of verification specificator B, and check the random number R that sends in the step 1) BWith the random number R among the TokenAB BWhether conform to, entity B is finished the checking to entity A;
4) entity B sends token TokenBA, option certificate Cert BGive entity A;
5) after entity A is received the message that comprises TokenBA of entity B transmission, carry out following steps:
5.1) by the certificate of checking entity B or effective public-key cryptography of guaranteeing to have entity B by other mode;
5.2) obtain the PKI of entity B after, checking 4) in the signature of TokenBA, the correctness of verification specificator A, and check step 2) in the random number R that sends AWith the random number R among the TokenBA AWhether conform to and 1) in the random number R received BWith the random number R among the TokenBA BWhether conform to; Entity A is finished the checking to entity B.
As seen, three times transmission authentication scheme desire is moved and must be guaranteed that successfully entity A and B have effective public-key cryptography of the other side respectively, and how to obtain the other side's public-key cryptography and validity thereof, and itself does not relate to agreement.This requirements of support condition all can not satisfy under at present a lot of applied environments, usually adopt the entity authentication scheme to realize the user access control function such as communication network, before authentication scheme completes successfully, forbid customer access network, thereby the user can't or be difficult to access certificate mechanism acquisition opposite end entity---the validity of Network Access Point public-key cryptography before differentiating.
Communication network need be finished two-way discriminating usually between user and Network Access Point at present, to guarantee that validated user inserts legitimate network, therefore for network entity, before differentiating if need not know effective public-key cryptography of Correspondent Node entity, but in discrimination process, finish the checking of opposite end entity public-key cryptography, then not only perfect traditional entity authentication scheme, and make it have good feasibility and ease for use in actual applications.
Summary of the invention
The above-mentioned technical problem of the present invention for existing in the solution background technology, and a kind of method for authenticating entities of introducing online trusted third party is proposed.
Technical solution of the present invention is: the present invention is a kind of method for authenticating entities of introducing online trusted third party, and its special character is: this method may further comprise the steps:
1) entity A sends message 1 to entity B, and message 1 comprises random number R A, identify label I AAnd optional text Text1;
2) after entity B was received message 1, to entity A return messages 2, message 2 comprised random number R B, identify label I BAnd token TokenBA;
3) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises random number R ' AAnd R B, identify label I AAnd I BAnd optional text Text4;
4) after trusted third party TP is received message 3, according to identify label I AAnd I BCheck the legitimacy of entity A and entity B;
5) after trusted third party TP checked out the legitimacy of entity A and entity B, to entity A return messages 4, message 4 comprised object authentication Res as a result AAnd Res B, token TokenTA and optional text Text7 or comprise object authentication Res as a result AAnd Res B, token TokenTA1 and TokenTA2 and optional text Text7;
6) after entity A is received message 4, verify:
6.1) signature of trusted third party TP among TokenTA or the TokenTA1 in the checking message 4, and check the random number R that entity A produces in the message 3 ' AWith the random number R in the signed data that is included in trusted third party TP among TokenTA or the TokenTA1 ' AWhether conform to, if then execution in step 6.2 is passed through in checking);
6.2) checking that obtains entity B Res as a result B, if entity B is legal effectively, then execution in step 6.3), otherwise entity A is finished the discriminating to entity B, execution in step 7);
6.3) obtain the PKI of entity B, the signature of entity B among the token TokenBA in the checking message 2, and the specificator of checking entity A be included in TokenBA in entity specificator (A) in the signed data of entity B whether consistent, the random number R of entity A generation in the verification message 1 AWith the random number R in the signed data that is included in entity B among the TokenBA AWhether consistent, if checking is passed through, then entity A is finished the discriminating to entity B, execution in step 7);
7) entity A sends message 5 to entity B, and message 4 comprises token TokenAB;
8) after entity B is received message 5, verify:
8.1) verify the signature of trusted third party TP among TokenTA or the TokenTA2, and check the random number R that entity B produces in the message 2 BWith the random number R in the signed data that is included in trusted third party TP among TokenTA or the TokenTA2 BWhether conform to, if then execution in step 8.2 is passed through in checking);
8.2) checking that obtains entity A Res as a result A, if entity A is legal effectively, then execution in step 8.3), otherwise entity B is finished the discriminating to entity A;
8.3) obtain the PKI of entity A, the signature of entity A among the checking TokenAB, and the specificator of checking entity B be included in TokenAB in entity specificator (B) in the signed data of entity A whether consistent, the random number R of entity B generation in the verification message 2 BWith the random number R in the signed data that is included in entity A among the TokenAB BWhether consistent, if checking is passed through, then entity B is finished the discriminating to entity A.
Above-mentioned steps 4) in according to identify label I AAnd I BThe process of checking the legitimacy of entity A and entity B is: in message 3, if the identify label I of entity A ABe the specificator A of entity A, then effective PKI PublicKey of trusted third party TP searching entities A AIf the identify label I of entity A ACertificate Cert for entity A A, then trusted third party TP is checked certificate Cert AValidity Valid AIf the identify label I of entity B BBe the specificator B of entity B, then effective PKI PublicKey of trusted third party TP searching entities B BIf the identify label I of entity B BCertificate Cert for entity B B, then trusted third party TP is checked certificate Cert BValidity Valid B
Above-mentioned random number R A, R ' AAnd R BBe time mark or serial number.
Above-mentioned token Field Definition is:
TokenBA=Text3||sS B(B||R B||A||R A||Tex2)
TokenTA1=sS T(R’ A||Res B||Text6)
TokenTA2=sS T(R B||Res A||Text5)
TokenAB=Res A||Text9||TokenTA2||sS A(A||R A||B||R B||TokenTA2||Tex8)
Above-mentioned token Field Definition is:
TokenBA=Text3||sS B(B||R B||A||R A||Tex2)
TokenTA=sS T(R’ A||R B||Res B||Res A||Text5)
TokenAB=
R’ A||Text9||Res B||Res A||TokenTA||sS A(A||R A||B||R B||TokenTA||Text8)
The present invention also provides the another kind of method for authenticating entities of introducing online trusted third party, and its special character is: this method may further comprise the steps:
1) entity A sends message 1 to entity B, and message 1 comprises random number R AWith optional text Text1;
2) after entity B was received message 1, to entity A return messages 2, message 2 comprised identify label I BWith token TokenBA, wherein TokenBA=Text3||sS B(B||R A|| Text2);
3) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises random number R ' A, identify label I BAnd optional text Text4;
4) after trusted third party TP is received message 3, according to identify label I BCheck the legitimacy of entity B;
5) after trusted third party TP checked out the legitimacy of entity B, to entity A return messages 4, message 4 comprised object authentication Res as a result B, token TokenTA and optional text Text6, wherein TokenTA=sS T(R ' A|| Res B|| Text5);
6) after entity A is received message 4, verify:
6.1) signature of trusted third party TP among the TokenTA in the checking message 4, and check the random number R that entity A produces in the message 3 ' AWith the random number R in the signed data that is included in trusted third party TP among the TokenTA ' AWhether conform to, if then execution in step 6.2 is passed through in checking);
6.2) checking that obtains entity B Res as a result B, if entity B is legal effectively, then execution in step 6.3), otherwise entity A is finished the discriminating to entity B;
6.3) obtain the PKI of entity B, the signature of entity B among the token TokenBA in the checking message 2, and the random number R that entity A produces in the verification message 1 AWith the random number R in the signed data that is included in entity B among the TokenBA AWhether consistent, if checking is passed through, then entity A is finished the discriminating to entity B.
Above-mentioned steps 4) in according to identify label I BThe process of checking the legitimacy of entity B is: in message 3, if the identify label I of entity B BBe the specificator B of entity B, then effective PKI PublicKey of trusted third party TP searching entities B BIf the identify label I of entity B BCertificate Cert for entity B B, then trusted third party TP is checked certificate Cert BValidity Valid B
Above-mentioned random number R AAnd R ' ABe time mark or serial number.
The present invention adopts three entity frameworks, differentiate entity before differentiating, need to obtain trusted third party PKI or certificate, and obtain trusted third party and be presented to own user certificate or give trusted third party certainly with oneself PKI, and need not to know in advance effective public-key cryptography of opposite end discriminating entity.In service in agreement, the public-key cryptography of discriminating entity and validity thereof pass to required opposite end automatically by the search and the checking of trusted third party.The present invention compares traditional authentication scheme, has defined the online retrieving and the authentication scheme of public-key cryptography, has realized the centralized management to it, has simplified the service conditions of agreement, is convenient to its application implementation.
Description of drawings
Fig. 1 is the discriminating schematic diagram of three transmission authentication schemes in the prior art;
Fig. 2 is a method schematic diagram of the present invention;
Fig. 3 is the method schematic diagram of another embodiment of the present invention.
Embodiment
Method of the present invention relates to three entities, differentiate entity A and B for two, a trusted third party TP (Trusted third Party), trusted third party TP is for differentiating the trusted third party of entity A and B, for entity A and entity B provide the service of discriminating, realize the system that equity is differentiated between two entity A, the B with this by trusted third party TP, be referred to as the ternary equity and differentiate TePA (Tri-element Peer Authentication) system.
For simplicity, be defined as follows symbol:
Valid XExpression certificate Cert XValidity; PublicKey XPKI for entity X (X represents A or B); I XBe the identify label of entity X, by certificate Cert XPerhaps the specificator X of entity represents; Res XThe checking result of presentation-entity X is by certificate Cert XAnd validity Valid XForm or by entity X and PKI PublicKey thereof XForm; Token is the token field.
Referring to Fig. 2, each token field of the present invention has following two kinds of definition forms:
1) definition one
TokenBA=Text3||sS B(B||R B||A||R A||Text2)
TokenTA1=sS T(R’ A||Res B||Tex6)
TokenTA2=sS T(R B||Res A||Text5)
TokenAB=Res A||Text9||TokenTA2||sS A(A||R A||B||R B||TokenTA2||Tex8)
2) definition two
TokenBA=Text3||sS B(B||R B||A||R A||Text2)
TokenTA=sS T(R’ A||R B||Res B||Res A||Text5)
TokenAB=R’ A||Text9||Res B||Res A||TokenTA||sS A(A||R A||B||R B||TokenTA||Text8)
The idiographic flow of two-way discriminating is as follows between entity A and the entity B:
1) entity A sends message 1 to entity B, and message 1 comprises random number R A, identify label I AAnd optional text Text1;
2) after entity B was received message 1, to entity A return messages 2, message 2 comprised random number R B, identify label I BWith token TokenBA;
3) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises random number R ' AAnd R B, identify label I AAnd I BAnd optional text Text4;
4) after trusted third party TP is received message 3, according to identify label I AAnd I BCheck the legitimacy of entity A and entity B;
The T of trusted third party checks that the mode of entity A and entity B legitimacy has following several:
In message 3, if the identify label I of entity A ABe the specificator A of entity A, then effective PKI PublicKey of trusted third party TP searching entities A AIf the identify label I of entity A ACertificate Cert for entity A A, then trusted third party TP is checked certificate Cert AValidity Valid AIf the identify label I of entity B BBe the specificator B of entity B, then effective PKI PublicKey of trusted third party TP searching entities B BIf the identify label I of entity B BCertificate Cert for entity B B, then trusted third party TP is checked certificate Cert BValidity Valid B
5) after trusted third party TP checked out the legitimacy of entity A and entity B, to entity A return messages 4, message 4 comprised object authentication Res as a result AAnd Res B, token TokenTA and optional text Text7 or comprise object authentication Res as a result AAnd Res B, token TokenTA1 and TokenTA2 and optional text Text7;
6) after entity A is received message 4, verify:
6.1) signature of trusted third party TP among TokenTA or the TokenTA1 in the checking message 4, and check the random number R that entity A produces in the message 3 ' AWith the random number R in the signed data that is included in trusted third party TP among TokenTA or the TokenTA1 ' AWhether conform to, if then execution in step 6.2 is passed through in checking);
6.2) checking that obtains entity B Res as a result B, if entity B is legal effectively, then execution in step 6.3), otherwise entity A is finished the discriminating to entity B, execution in step 7);
6.3) obtain the PKI of entity B, the signature of entity B among the token TokenBA in the checking message 2, and the specificator of checking entity A be included in TokenBA in entity specificator (A) in the signed data of entity B whether consistent, the random number R of entity A generation in the verification message 1 AWith the random number R in the signed data that is included in entity B among the TokenBA AWhether consistent, if checking is passed through, then entity A is finished the discriminating to entity B, execution in step 7).
7) entity A sends message 5 to entity B, and message 4 comprises token TokenAB;
8) after entity B is received message 5, verify:
8.1) verify the signature of trusted third party TP among TokenTA or the TokenTA2, and check the random number R that entity B produces in the message 2 BWith the random number R in the signed data that is included in trusted third party TP among TokenTA or the TokenTA2 BWhether conform to, if then execution in step 8.2 is passed through in checking);
8.2) checking that obtains entity A Res as a result A, if entity A is legal effectively, then execution in step 8.3), otherwise entity B is finished the discriminating to entity A;
8.3) obtain the PKI of entity A, the signature of entity A among the checking TokenAB, and the specificator of checking entity B be included in TokenAB in entity specificator (B) in the signed data of entity A whether consistent, the random number R of entity B generation in the verification message 2 BWith the random number R in the signed data that is included in entity A among the TokenAB BWhether consistent, if checking is passed through, then entity B is finished the discriminating to entity A.
Wherein, random number R A, R ' AAnd R BUp time mark or serial number replace.
In actual applications, use this identification system, usually entity B resides on the communications user terminal, entity A resides on the Network Access Point, by entity A of the foregoing description and the bidirectional authentication method between the entity B, can realize the two-way legitimacy authentication between user and the Network Access Point, guarantee that validated user inserts legitimate network.
In actual applications, sometimes only need to realize the unidirectional discriminating of network to the user, can make amendment this moment to the described method of the foregoing description, omit above-mentioned steps 7) and 8), simplified message 1 is to the content of message 4, realize the unidirectional discriminating of entity A to entity B, amended identification flow is described below as shown in Figure 3:
1) entity A sends message 1 to entity B, and message 1 comprises random number R AWith optional text Text1;
2) after entity B was received message 1, to entity A return messages 2, message 2 comprised identify label I BWith token TokenBA, wherein TokenBA=Text3||sS B(B||R A|| Text2);
3) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises random number R ' A, identify label I BAnd optional text Text4;
4) after trusted third party TP is received message 3, according to identify label I BCheck the legitimacy of entity B;
The T of trusted third party checks that the mode of entity B legitimacy has following several:
In message 3, if the identify label I of entity B BBe the specificator B of entity B, then effective PKI PublicKey of trusted third party TP searching entities B BIf the identify label I of entity B BCertificate Cert for entity B B, then trusted third party TP is checked certificate Cert BValidity Valid B
5) after trusted third party TP checked out the legitimacy of entity B, to entity A return messages 4, message 4 comprised object authentication Res as a result B, token TokenTA and optional text Text6, wherein TokenTA=sS T(R ' A|| Res B|| Text5);
6) after entity A is received message 4, verify:
6.1) signature of trusted third party TP among the TokenTA in the checking message 4, and check the random number R that entity A produces in the message 3 ' AWith the random number R in the signed data that is included in trusted third party TP among the TokenTA ' AWhether conform to, if then execution in step 6.2 is passed through in checking);
6.2) checking that obtains entity B Res as a result B, if entity B is legal effectively, then execution in step 6.3), otherwise entity A is finished the discriminating to entity B, does not allow customer access network;
6.3) obtain the PKI of entity B, the signature of entity B among the token TokenBA in the checking message 2, and the random number R that entity A produces in the verification message 1 AWith the random number R in the signed data that is included in entity B among the TokenBA AWhether consistent, if checking is passed through, then entity A is finished the discriminating to entity B, allows customer access network.

Claims (7)

1, a kind of method for authenticating entities of introducing online trusted third party, it is characterized in that: this method may further comprise the steps:
1) entity A sends message 1 to entity B, and message 1 comprises random number R A, identify label I AAnd optional text Text1;
2) after entity B was received message 1, to entity A return messages 2, message 2 comprised random number R B, identify label I BAnd token TokenBA;
3) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises random number R ' AAnd R B, identify label I AAnd I BAnd optional text Text4;
4) after trusted third party TP is received message 3, according to identify label I AAnd I BCheck the legitimacy of entity A and entity B;
5) after trusted third party TP checked out the legitimacy of entity A and entity B, to entity A return messages 4, message 4 comprised object authentication Res as a result AAnd Res B, token TokenTA and optional text Text7 or comprise object authentication Res as a result AAnd Res B, token TokenTA1 and TokenTA2 and optional text Text7;
6) after entity A is received message 4, verify:
6.1) signature of trusted third party TP among TokenTA or the TokenTA1 in the checking message 4, and check the random number R that entity A produces in the message 3 ' AWith the random number R in the signed data that is included in trusted third party TP among TokenTA or the TokenTA1 ' AWhether conform to, if then execution in step 6.2 is passed through in checking);
6.2) checking that obtains entity B Res as a result B, if entity B is legal effectively, then execution in step 6.3), otherwise entity A is finished the discriminating to entity B, execution in step 7);
6.3) obtain the PKI of entity B, the signature of entity B among the token TokenBA in the checking message 2, and the specificator of checking entity A be included in TokenBA in entity specificator (A) in the signed data of entity B whether consistent, the random number R of entity A generation in the verification message 1 AWith the random number R in the signed data that is included in entity B among the TokenBA AWhether consistent, if checking is passed through, then entity A is finished the discriminating to entity B, execution in step 7);
7) entity A sends message 5 to entity B, and message 4 comprises token TokenAB;
8) after entity B is received message 5, verify:
8.1) verify the signature of trusted third party TP among TokenTA or the TokenTA2, and check the random number R that entity B produces in the message 2 BWith the random number R in the signed data that is included in trusted third party TP among TokenTA or the TokenTA2 BWhether conform to, if then execution in step 8.2 is passed through in checking);
8.2) checking that obtains entity A Res as a result A, if entity A is legal effectively, then execution in step 8.3), otherwise entity B is finished the discriminating to entity A;
8.3) obtain the PKI of entity A, the signature of entity A among the checking TokenAB, and the specificator of checking entity B be included in TokenAB in entity specificator (B) in the signed data of entity A whether consistent, the random number R of entity B generation in the verification message 2 BWith the random number R in the signed data that is included in entity A among the TokenAB BWhether consistent, if checking is passed through, then entity B is finished the discriminating to entity A.
2, the method for authenticating entities of the online trusted third party of introducing according to claim 1 is characterized in that: in the described step 4) according to identify label I AAnd I BThe process of checking the legitimacy of entity A and entity B is: in message 3, if the identify label I of entity A ABe the specificator A of entity A, then effective PKI PublicKey of trusted third party TP searching entities A AIf the identify label I of entity A ACertificate Cert for entity A A, then trusted third party TP is checked certificate Cert AValidity Valid AIf the identify label I of entity B BBe the specificator B of entity B, then effective PKI PublicKey of trusted third party TP searching entities B BIf the identify label I of entity B BCertificate Cert for entity B B, then trusted third party TP is checked certificate Cert BValidity Valid B
3, the method for authenticating entities of the online trusted third party of introducing according to claim 2 is characterized in that: described random number R A, R ' AAnd R BBe time mark or serial number.
4, according to the method for authenticating entities of claim 1 or the online trusted third party of 2 or 3 described introducings, it is characterized in that: described token Field Definition is:
TokenBA=Text3‖sS B(B‖R B‖A‖R A‖Tex2)
TokenTA1=sS T(R’ A‖Res B‖Text6)
TokenTA2=sS T(R B‖Res A‖Text5)
TokenAB=Res A‖Text9‖TokenTA2‖sS A(A‖R A‖B‖R B‖TokenTA2‖Text8)
5, according to the method for authenticating entities of claim 1 or the online trusted third party of 2 or 3 described introducings, it is characterized in that: described token Field Definition is:
TokenBA=Text3‖sS B(B‖R B‖A‖R A‖Text2)
TokenTA=sS T(R’ A‖R B‖Res B‖Res A‖Text5)
TokenAB=R’ A‖Text9‖Res B‖Res A‖TokenTA‖sS A(A‖R A‖B‖R B‖TokenTA‖Text8)
6, a kind of method for authenticating entities of introducing online trusted third party, it is characterized in that: this method may further comprise the steps:
1) entity A sends message 1 to entity B, and message 1 comprises random number R AWith optional text Text1;
2) after entity B was received message 1, to entity A return messages 2, message 2 comprised identify label I BWith token TokenBA, TokenBA=Text3 ‖ sS wherein B(B ‖ R A‖ Text2);
3) after entity A is received message 2, send message 3 to trusted third party TP, message 3 comprises random number R ' A, identify label I BAnd optional text Text4;
4) after trusted third party TP is received message 3, according to identify label I BCheck the legitimacy of entity B;
5) after trusted third party TP checked out the legitimacy of entity B, to entity A return messages 4, message 4 comprised object authentication Res as a result B, token TokenTA and optional text Text6, wherein TokenTA=sS T(R ' A‖ Res B‖ Text5);
6) after entity A is received message 4, verify:
6.1) signature of trusted third party TP among the TokenTA in the checking message 4, and check the random number R that entity A produces in the message 3 ' AWith the random number R in the signed data that is included in trusted third party TP among the TokenTA ' AWhether conform to, if then execution in step 6.2 is passed through in checking);
6.2) checking that obtains entity B Res as a result B, if entity B is legal effectively, then execution in step 6.3), otherwise entity A is finished the discriminating to entity B;
6.3) obtain the PKI of entity B, the signature of entity B among the token TokenBA in the checking message 2, and the random number R that entity A produces in the verification message 1 AWith the random number R in the signed data that is included in entity B among the TokenBA AWhether consistent, if checking is passed through, then entity A is finished the discriminating to entity B.
7, the method for authenticating entities of the online trusted third party of introducing according to claim 6 is characterized in that: in the described step 4) according to identify label I BThe process of checking the legitimacy of entity B is: in message 3, if the identify label I of entity B BBe the specificator B of entity B, then effective PKI PublicKey of trusted third party TP searching entities B BIf the identify label I of entity B BCertificate Cert for entity B B, then trusted third party TP is checked certificate Cert BValidity Valid B
8, according to the method for authenticating entities of claim 6 or the online trusted third party of 7 described introducings, it is characterized in that: described random number R AAnd R ' ABe time mark or serial number.
CN200910023774.5A 2009-09-02 2009-09-02 Method for authenticating entities by introducing online trusted third party Active CN101635624B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN200910023774.5A CN101635624B (en) 2009-09-02 2009-09-02 Method for authenticating entities by introducing online trusted third party
PCT/CN2009/076180 WO2011026296A1 (en) 2009-09-02 2009-12-29 Method for authenticating entities by introducing an on-line trusted third party

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200910023774.5A CN101635624B (en) 2009-09-02 2009-09-02 Method for authenticating entities by introducing online trusted third party

Publications (2)

Publication Number Publication Date
CN101635624A true CN101635624A (en) 2010-01-27
CN101635624B CN101635624B (en) 2011-06-01

Family

ID=41594694

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910023774.5A Active CN101635624B (en) 2009-09-02 2009-09-02 Method for authenticating entities by introducing online trusted third party

Country Status (2)

Country Link
CN (1) CN101635624B (en)
WO (1) WO2011026296A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202065A (en) * 2010-10-13 2011-09-28 天维讯达无线电设备检测(北京)有限责任公司 Access control method and system
CN102231736A (en) * 2010-10-13 2011-11-02 天维讯达无线电设备检测(北京)有限责任公司 Network access control method and system
WO2012062127A1 (en) * 2010-11-12 2012-05-18 西安西电捷通无线网络通信股份有限公司 Method and system for identifying anonymous entity
WO2012062120A1 (en) * 2010-11-12 2012-05-18 西安西电捷通无线网络通信股份有限公司 Method and device for anonymous entity identification
WO2017059755A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Method and device for verifying validity of identity of entity
CN106572063A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Multi-TTP participation entity identity legitimacy verification method and device
CN106572064A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Method and apparatus for verifying entity identity validity with multiple TTPs
US9716707B2 (en) 2012-03-12 2017-07-25 China Iwncomm Co., Ltd. Mutual authentication with anonymity
US10291614B2 (en) 2012-03-12 2019-05-14 China Iwncomm Co., Ltd. Method, device, and system for identity authentication
CN110636504A (en) * 2019-10-24 2019-12-31 飞天诚信科技股份有限公司 Lightweight identification method and system
CN111034148A (en) * 2017-08-23 2020-04-17 高通股份有限公司 System and method for use of UE delay requirements for synchronization signal block selection
CN111786797A (en) * 2020-07-03 2020-10-16 四川阵风科技有限公司 Time effectiveness verification method for three-party communication

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007030517A2 (en) * 2005-09-06 2007-03-15 Ironkey, Inc. Systems and methods for third-party authentication
CN100553193C (en) * 2007-10-23 2009-10-21 西安西电捷通无线网络通信有限公司 A kind of entity bidirectional authentication method and system thereof based on trusted third party
CN101222328B (en) * 2007-12-14 2010-11-03 西安西电捷通无线网络通信股份有限公司 Entity bidirectional identification method
CN101247223B (en) * 2008-03-06 2010-06-09 西安西电捷通无线网络通信有限公司 Practical entity bidirectional identification method based on reliable third-party
CN101364876B (en) * 2008-09-12 2011-07-06 西安西电捷通无线网络通信股份有限公司 Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN101364875B (en) * 2008-09-12 2010-08-11 西安西电捷通无线网络通信有限公司 Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN101378318B (en) * 2008-10-08 2010-09-15 南京邮电大学 Identification authentication method of open network based on dynamic credible third-party

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102231736B (en) * 2010-10-13 2014-07-23 天维讯达无线电设备检测(北京)有限责任公司 Network access control method and system
CN102231736A (en) * 2010-10-13 2011-11-02 天维讯达无线电设备检测(北京)有限责任公司 Network access control method and system
WO2012048554A1 (en) * 2010-10-13 2012-04-19 天维讯达无线电设备检测(北京)有限责任公司 Method and system for access control
CN102202065A (en) * 2010-10-13 2011-09-28 天维讯达无线电设备检测(北京)有限责任公司 Access control method and system
JP2013544052A (en) * 2010-11-12 2013-12-09 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司 Anonymous entity authentication method and apparatus This application was filed with the Chinese Patent Office on November 12, 2010. The application number is 201010546339.3, and the invention name is “Anonymous entity authentication method and system”. Claims the underlying priority and incorporates all of its disclosure here.
JP2013544053A (en) * 2010-11-12 2013-12-09 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司 Anonymous entity authentication method and system This application was filed with the Chinese Patent Office on November 12, 2010, the application number was 201010546320.9, and the title of the invention was “Anonymous entity authentication method and system”. Claims the underlying priority and incorporates all of its disclosure here.
WO2012062120A1 (en) * 2010-11-12 2012-05-18 西安西电捷通无线网络通信股份有限公司 Method and device for anonymous entity identification
US9225728B2 (en) 2010-11-12 2015-12-29 China Iwncomm Co., Ltd. Method and device for anonymous entity identification
US9325694B2 (en) 2010-11-12 2016-04-26 China Iwncomm Co., Ltd. Anonymous entity authentication method and system
EP2639998A4 (en) * 2010-11-12 2017-10-04 China Iwncomm Co., Ltd Method and device for anonymous entity identification
WO2012062127A1 (en) * 2010-11-12 2012-05-18 西安西电捷通无线网络通信股份有限公司 Method and system for identifying anonymous entity
US9716707B2 (en) 2012-03-12 2017-07-25 China Iwncomm Co., Ltd. Mutual authentication with anonymity
US10291614B2 (en) 2012-03-12 2019-05-14 China Iwncomm Co., Ltd. Method, device, and system for identity authentication
CN106572064A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Method and apparatus for verifying entity identity validity with multiple TTPs
CN106572063A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Multi-TTP participation entity identity legitimacy verification method and device
WO2017059755A1 (en) * 2015-10-10 2017-04-13 西安西电捷通无线网络通信股份有限公司 Method and device for verifying validity of identity of entity
CN106572064B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device that more TTP are participated in
CN106572063B (en) * 2015-10-10 2019-10-29 西安西电捷通无线网络通信股份有限公司 A kind of entity identities validation verification method and device that more TTP are participated in
CN111034148A (en) * 2017-08-23 2020-04-17 高通股份有限公司 System and method for use of UE delay requirements for synchronization signal block selection
US11277869B2 (en) 2017-08-23 2022-03-15 Qualcomm Incorporated Systems and methods for use of UE latency requirement for synchronization signal block selection
CN111034148B (en) * 2017-08-23 2022-08-23 高通股份有限公司 System and method for use of UE delay requirements for synchronization signal block selection
CN110636504A (en) * 2019-10-24 2019-12-31 飞天诚信科技股份有限公司 Lightweight identification method and system
CN110636504B (en) * 2019-10-24 2022-09-06 飞天诚信科技股份有限公司 Lightweight identification method and system
CN111786797A (en) * 2020-07-03 2020-10-16 四川阵风科技有限公司 Time effectiveness verification method for three-party communication
CN111786797B (en) * 2020-07-03 2022-10-18 四川阵风科技有限公司 Time effectiveness verification method for three-party communication

Also Published As

Publication number Publication date
WO2011026296A1 (en) 2011-03-10
CN101635624B (en) 2011-06-01

Similar Documents

Publication Publication Date Title
CN101635624B (en) Method for authenticating entities by introducing online trusted third party
CN101640593B (en) Entity two-way identification method of introducing the online third party
CN101222328B (en) Entity bidirectional identification method
CN100553193C (en) A kind of entity bidirectional authentication method and system thereof based on trusted third party
CN101247223B (en) Practical entity bidirectional identification method based on reliable third-party
CN101645776B (en) Method for distinguishing entities introducing on-line third party
CN101674182B (en) Entity public key acquisition and certificate verification and authentication method and system of introducing online trusted third party
CN101364876B (en) Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN101364875B (en) Method realizing public key acquiring, certificater verification and bidirectional identification of entity
CN101286844B (en) Entity bidirectional identification method supporting fast switching
CN109327475B (en) Multi-layer identity authentication method, device, equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: BEIJING ZHIXIANG TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2016610000049

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20161117

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: BEIJING FENGHUO LIANTUO TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000001

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20170106

LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: SHANGHAI YU FLY MILKY WAY SCIENCE AND TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000005

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20170317

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: Beijing next Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000014

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20170601

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: HYTERA COMMUNICATIONS Corp.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000015

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20170602

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: Beijing Hua Xinaotian network technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017610000028

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20171122

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: ALPINE ELECTRONICS, Inc.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2017990000497

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20171222

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: SHENZHEN RAKWIRELESS TECHNOLOGY CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000006

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20180226

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000008

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20180319

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000009

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20180320

Application publication date: 20100127

Assignee: SHENZHEN M&W SMART CARD CO.,LTD.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000010

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20180322

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: BLACKSHARK TECHNOLOGIES (NANCHANG) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018610000012

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20180404

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: Sony Mobile Communications AB

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: 2018990000306

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20181123

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: SHENZHEN UCLOUDLINK NEW TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2019610000002

Denomination of invention: Method for authenticating entities by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20191010

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: HANGZHOU STRONG EDUCATION TECHNOLOGY Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000001

Denomination of invention: Entity identification method with online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20210125

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: EKC communication technology (Shenzhen) Co.,Ltd.

Assignor: China IWNCOMM Co.,Ltd.

Contract record no.: X2021610000008

Denomination of invention: Entity identification method with online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20210705

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: Guangzhou nengchuang Information Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000011

Denomination of invention: Entity authentication method by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20211104

Application publication date: 20100127

Assignee: Xinruiya Technology (Beijing) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2021610000012

Denomination of invention: Entity authentication method by introducing online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20211104

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: SHENZHEN ZHIKAI TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2022610000005

Denomination of invention: An entity authentication method with online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20220531

EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: HISCENE INFORMATION TECHNOLOGY Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000003

Denomination of invention: Entity authentication method with online trusted third party

Granted publication date: 20110601

License type: Common License

Record date: 20230207

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: Beijing baicaibang Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000005

Denomination of invention: Introducing an online trusted third-party entity authentication method

Granted publication date: 20110601

License type: Common License

Record date: 20230329

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: Shenzhen wisky Technology Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000008

Denomination of invention: Introducing an online trusted third-party entity authentication method

Granted publication date: 20110601

License type: Common License

Record date: 20230522

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20100127

Assignee: Beijing Digital Technology (Shanghai) Co.,Ltd.

Assignor: CHINA IWNCOMM Co.,Ltd.

Contract record no.: X2023610000012

Denomination of invention: Introducing an online trusted third-party entity authentication method

Granted publication date: 20110601

License type: Common License

Record date: 20231114