CN102164151B - Bilinear-group-based cross-domain union authentication method - Google Patents

Abstract

The invention relates to a bilinear-group-based cross-domain union authentication method, which comprises the following steps of: 1, the initialization of a system, namely, randomly selecting different mutually isomorphic subgroups Gk as key generating parameters of corresponding domains by using each domain, wherein k is more than or equal to 1 and less than or equal to R; 2, the generation of keys of each domain, constructing an authentication center private key/public key pair by mapping the generating parameters and a Hash function; 3, the key distribution of a domain authentication center (DAC) to members in the domains; and 4, cross-domain key verification, namely, the member UD1 in the union domain D1 is supposed to be required to access the member UD2 in the union domain D2, performing the cross-domain key verification between UD1 and UD2, and if the UD1 and UD2 pass the cross-domain key verification, determining that UD1 is an internal member with the union domain public key of PD1 so as to achieve the authentication effect of crossing a plurality of domains. By the method, multi-domain resource sharing is realized, simultaneously, the security and entity anonymous properties of resources of each domain can be ensured, the bidirectional entity anonymous authentication of resource access among the plurality of domains is supported, and the privacy of each entity is relatively better protected; and the method is relatively more flexible, secure and practicable.

Description

A kind of cross-domain alliance authentication method based on Bilinear Groups

Technical field

The present invention relates to a kind of network security certification method, particularly a kind of cross-domain alliance authentication method based on Bilinear Groups belongs to network communication security fields.

Background technology

Multiple domain alliance (MDU) occurs in catenet, and service and access point all are distributed in a plurality of territories.In distributed network environment, there are the shared resource of oneself in company, mechanism, access these shared resources for preventing unwarranted user, and each mechanism all arranges the local authentication service equipment authentication service is provided.Therefore, each mechanism has formed relatively independent trust domain, and the internal user in each territory is believed local authentication center, and the authentication center in each territory is the authentication service that the local user access shared resource facilitates.But in a large amount of demand for services situations, as realize the demand as required of cloud computing, access resources etc. whenever and wherever possible, individual domain can't satisfy, and need to realize by the resource request of multiple domain.Therefore, the request of shared resource not only comes from the inside member in this territory, also comes from the request of overseas section.When accessing the resource of this trust domain, the user subject of nonlocal trust domain just has cross-domain Verify Your Identity questions.

Cross-domain authentication has the application of a lot of reality, as the entity authentication between the territory of the inner a plurality of isomeries of Virtual Organization in grid environment, the roaming access authentication in wireless network environment etc.Mainly contain two across the trust domain authentication framework under existing specific environment: one is based on the authentication framework (as Kerberos) of symmetric-key systems, this scheme relates to the complexity of symmetric key management and key agreement, can not effectively process anonymous problem.Two are based on traditional PKI authentication framework, the too heavy especially certificate status inquiry of the certificate work for the treatment of of public-key cryptosystem and certification path structure, and the transmission of certificate all brings expense, easily causes authentication center's network bottleneck problem when cross-domain access resources is too frequent.In addition, a kind of new ID-based multiple trusting domains authentication model has been proposed in one piece of authentication protocol document, this model be the authoritative institution that trusts the other side be prerequisite, and the key agreement parameter in each territory will keep identical, certain limitation is arranged, can not defend authentication center to pretend to be the behavior of member in the territory.The internal resource access registrar problem in same territory can be signed close scheme realization by adopting based on the identity signature, because it is limited in the scope in a territory, in the related documents of ID-based multiple trusting domains grid authentication model, it is expanded, make it to realize authentication between the territory, the prerequisite of this scheme is to suppose that the PKG of each side is honest, because PKG has the inner member's private key in this territory, if PKG is malice, the confidentiality of the authenticity of user identity and private key all can not be guaranteed.

Along with the development of the net source service technology such as grid computing, cloud computing, this have an infinite space, and the Intelligent Service of unlimited speed needs that a plurality of fields are collaborative completes.For guaranteeing the fail safe of each Domain resources access, guarantee the convenience of fail safe and the use of cross-domain authentication in the urgent need to new cross-domain alliance certificate scheme.

Summary of the invention

The objective of the invention is the shortcoming for prior art, a kind of cross-domain alliance authentication method is provided, guarantee the fail safe of network resource accession and the convenience of use.

The present invention proposes a kind of new cross-domain alliance authentication method, the method designs as the basis so that label between the territory are close, the parameter that authentication center between each territory uses needn't be identical, the inner member's in each territory private key is issued this domain authentication center with the form of blind key and is come enrollment status, therefore authentication center does not have member's private key, needn't worry pretending to be and cheating of authentication center.The method has anonymity preferably simultaneously, can follow the trail of entity when resource access runs into dispute, can defend preferably the attack of variety of protocol.

Method of the present invention is based on the automorphism group of finite group and Bilinear Groups is theoretical proposes, and theoretical foundation of the present invention is summarized as follows:

One, the automorphism group of finite group

If G is the group, AutG represents the automorphism group of G, and the center of G is C (G), and generator is that the cyclic group of g is designated as＜g 〉.If G is finite group, the rank of G are designated as | G|.If G is finite group, if having | G|=p ⁿ(n＞0), title G is p-group's (p is prime number).

If H is the p-subgroup of finite group, if the prime factor that H is the rank of G decompose in about the high order power of p, claim that H is the sylow p-subgroup of G.

Lemma 1: establishing G is Finite Abel Group, p ₁, p ₂..., p _nBe | whole prime factors of G|,

The sylow p of G _iThere is the direct product decomposition-subgroup

Lemma 2: establish G=G ₁* G ₂* ... * G _nIf, K _iG _iThe subgroup, and K ₁, K ₂..., K _nMutual isomorphism, G has n the subgroup of isomorphism mutually.

Lemma 3: establish G ₁=＜g ₁, G ₂=＜g ₂That rank are respectively m, the cyclic group of n is (if m, n)=1, G ₁* G ₂That rank are the mn cyclic group.

Two, Bilinear Groups

Suppose G ₁, G ₂And G _TThe multiplicative group with identical Prime Orders p, p 〉=2 wherein ^k+ 1, k is security parameter, g ₁And g ₂Respectively G ₁And G ₂Generator; If G ₁=＜g ₁, G ₂=＜g ₂, G ₂→ G ₁That a computable isomorphism mapping is

And G ₁, G ₂And G _TOn discrete logarithm be difficult.Bilinear map e is the mapping e:G that satisfies following condition ₁* G ₂→ G _T

Character 1: bilinearity,

And a, b ∈ Z has e (u ^a, v ^b)=e (u, v) ^ab

Character 2: non-degeneracy, i.e. e (g ₁, g ₂) ≠ 1

Character 3: computability, there is Effective arithmetic, for

Can calculate e (u, v).

Inference 1:

Have

e(u ₁?u ₂，v)＝e(u ₁，v)e(u ₂，v)。

Inference 2:

Have

We define following double linear problems of difficulty for solving by top definition and character:

Discrete logarithm problem.If g ₁, g ₁' ∈ G ₁, seek an integer a and make g ₁'=g ₁ ^a

Can calculate Diffe-Hellman (CDH) problem.Suppose a tlv triple (g ₁, g ₁ ^a, g ₁ ^b) ∈ G ₁, for any a, b ∈ Z _p, seek element g ₁ ^ab

Can judge Diffe-Hellman (DDH) problem.Suppose a four-tuple (g ₁, g ₁ ^a, g ₁ ^b, g ₁ ^c) ∈ G ₁, for any a, b, c ∈ Z _p, judged whether c=ab mod p.

GapDiffe-Hellman (GDH) problem.The CDH problem is difficult to resolve and DDH problem legibility, and weighing-appliance has the group of this feature to be GDH group.

Based on above theoretical foundation, the present invention proposes a kind of cross-domain alliance authentication method based on Bilinear Groups.

In the multiple trusting domains Verification System, the auth type in each territory of internal system can be according to inner need to the selection by each territory separately voluntarily, unnecessary authentication mode of seeking unification, and the authentication between the territory should be taked a kind of general mode as far as possible, to reach the convenience of cross-domain interoperability.

In the present invention program's model, system is comprised of a plurality of territories, and each territory is independent, autonomous.Each territory is by the inner member composition of an authentication center and a plurality of this territory, and authentication center is as traditional CA or PKG, and inside member separately is that the owner of resource is also the visitor, and the inner member in each territory needs cross-domain access resources when collaborative calculating.Each authentication center chooses a group in a plurality of isomery cyclic groups, and designs separately key parameter with this cyclic group, distributes and manage the key in this territory, discloses simultaneously the PKI at this domain authentication center, so that mutual access and authentication.The member needs the registration of true identity when adding this territory, follow the trail of in order to carry out entity.

The present invention proposes a kind of cross-domain alliance authentication method based on Bilinear Groups, comprise the following steps:

One, carry out the initialization of system:

Suppose that cross-domain alliance comprises R territory, choose R in twos coprime large prime number consist of a set R _S={ r _i| (i=1,2 ..., R) }; Select a large prime P, find any one to satisfy the super unusual elliptic curve E/GF (P) that WDH supposes safely, establishing G is the subgroup, q rank of E/GF (P), namely | and G|=q; If r ₁, r ₂..., r _nBeing | whole prime factors of G| namely have q=r ₁* r ₂* ... * r _n,

The sylow r of G _jThere is the direct product decomposition-subgroup as can be known by lemma 1 Can be constructed the individual isomorphism subgroup mutually of R of G by lemma 2, establish this isomorphism subcluster and be combined into GK={G _k| (k=1,2 ..., R) }; In multi-field alliance system, any one different subgroup G is chosen in each territory from set GK _k(1≤k≤R) is as the cipher generating parameter in this territory;

Two, generate the key in each territory: establish two territory D in union domain ₁And D ₂Choose respectively cyclic group G ₁=＜g ₁, G ₂=＜g ₂As the cipher generating parameter in this territory, G ₁, G ₂Respectively that two Prime Orders gathering in GK are p isomorphic group, g ₁And g ₂The G that is respectively ₁And G ₂Generator, e:G ₁* G ₂→ G _pBe computable two mappings, h:{0,1} ^*→ Z _pHash function, wherein a Z _pIt is the integer finite aggregate; Territory D ₁And D ₂Choose at random respectively random number ξ ₁And ξ ₂, ξ wherein ₁, ξ ₂, ∈ Z _p, then calculate respectively

With

Authentication center's private/public key in two territories is to being respectively

With

If

It is the mapping value of two PKIs;

Three, member's key distribution in the territory: suppose D ₁N member arranged in the territory, and the private key of domain authentication center DAC is ξ ₁, corresponding PKI is

DAC calculates

And y is distributed to D ₁Each member in the territory, member arbitrarily

Choose x _i∈ Z _pAs the private key of oneself, corresponding PKI

Calculate

And with reg _iSubmit to DAC as login key and register, DAC is with reg _iSet up corresponding relation with these personnel's identity in order to follow the tracks of authentication;

Four, cross-domain key authentication: suppose union domain D ₁In the member

Need access union domain D ₂In the member

With

Between carry out following process:

1)

Private/public key to being

Login key is

Private/public key to being

Login key is

Union domain D ₁And D ₂PKI be respectively With

2)

Select μ ∈ Z _p, calculate; T ₁=g ₁ ^μ

Wherein → symbolic representation member U _D1With parameter T ₁Pass to the member

3) D ₂In DAC checking

Whether set up, and select message m ∈ { 0,1} to be signed ^*, calculate the interrogation value: c ← h (T ₁, m), then calculated value c is returned

4) Calculate s ₁← μ+cx ₁

$U_{D_1}\stackrel{s_1}{\→}{U}_{D_2};$

5)

Certifying signature

Whether set up;

And if only if 3), 5) when equation was set up, expression was verified;

If be verified,

Can proof

That the union domain PKI is

The inside member, and PKI corresponding to its member is

Namely reach the authentication effect of crossing over a plurality of territories.

Five, on the basis of cross-domain authentication, can also pass through the session key agreement step, realize carrying out two communications between cross-domain member with the form of ciphertext:

Select arbitrarily an integer k ₂∈ Z _p, calculate

$U_{D_2}\→U_{D_1}:(P_{u_2},f_1),$

With the private key x of oneself ₁F casts off illiteracy ₁After obtain Then select arbitrarily an integer k ₁∈ Z _p, calculate

$U_{D_1}\→U_{D_2}:(P_{u_1},f_2),$

With the private key x of oneself ₂F casts off illiteracy ₂After obtain

With

Calculate the interim conversation key

Carry out confidential corespondence between cross-domain by this interim conversation key.

Beneficial effect

Cross-domain alliance of the present invention certificate scheme; in the multiple domain resource-sharing; can guarantee fail safe and the anonymous character of entity of each Domain resources; support multi-field between the two-way entity anonymous authentication of resource access, can better protect the privacy concern of each entity, each entity can direct cross-domain access resources; needn't authentication center intervene; better flexibility is arranged, avoid the bottleneck problem of conventional P KI pattern and the loaded down with trivial details property of transmission bill, and have fail safe preferably and practicality.

As follows to correctness of the present invention, fail safe, Analysis of The Practicability:

(1) correctness:

So-called correctness refers to, the legal person of alliance, and through after the signature of self, can both be smoothly by signature verification, thus reach the effect of authentication.The authentication protocol scheme is to sign as the basis, and authenticate certain authorized person is certain member in certain field really, at first will guarantee the correctness of signing.

$e(P_{D_1},{\mathrm{reg}}_{u_1})=e({g_1}^{{\mathrm{\ξ}}_1},{g_1}^{\frac{x_1}{{\mathrm{\ξ}}_1}})$

$=e{(g_1,g_1)}^{x_1}=e({g_1}^{x_1},g_1)$

$=e(P_{u_1},g_1)$

${g_1}^{s_1}={g_1}^{(\mathrm{\μ}+{\mathrm{cx}}_1)}={g_1}^{\mathrm{\μ}}{g_1}^{{\mathrm{cx}}_1}=T_1{P}_{u_1}^c$

(2) unforgeable:

The identity that in the territory, other members can not forge in any member and authentication center is carried out cross-domain access resources, territory D ₁Inner certain member

Access another territory D ₂Interior member resource The time,

Private key x ₁Not external public information, even the DAC of authentication center in this territory can forge the member

Identity

Give

Send

Also can only prove Territory D ₁The inside member,

Do not know

Private key x ₁, therefore can't be by signature verification

(3) anonymity:

Can only determine between foreign lands that the user is the inside special member in a certain field, and not know the other side's true identity.Only have the authentication center in this territory to determine the member in this territory by enrollment status.The cross-domain authentication federation protocol that structure satisfies anonymity is divided into the authentication of two steps.The user

Give access resources

Send PKI between the territory

Determine

From certain concrete field D ₁

Give

Send oneself signature, Determine through checking

That a certain special member but not other people pretend to be, so as when conflict to occur as the evidence of following the trail of, but do not know the other side's true identity.

(4) trackability:

It not is a desirable scheme that the inter-domain authentication agreement relies on degree of belief to design, and the authentication center that make member between foreign lands trust the other side is insecure, must have reliable evidence to confirm the illegal activities of a certain entity when conflict occurring.This agreement is traceable, by checking

Guarantee also Relation between the three is further followed the tracks of entity identities according to login key.

(5) fail safe: the fail safe of this authentication protocol is based on 2 points: the one, sign close solution security, the 2nd, the fail safe of authentication protocol between the territory of using. and the fail safe of the close scheme of label of using in the present invention depends on finds the solution CDH discrete logarithm difficult problem.The negotiation of the close scheme of the label between the territory and session key guarantees fail safe to find the solution CDH discrete logarithm difficult problem.The fail safe of authentication protocol of the present invention:

1. prevent man-in-the-middle attack: suppose the go-between

This agreement is attacked, can not reach an agreement in the last key agreement stage, because PKI is through signature verification, when

The time

No

Private key x ₁Cast off illiteracy

Can't obtain

Certainly also can not calculate

At last

With

Or

With

Can not calculate consistent interim conversation key

2. anti-spoofing attack: suppose the user Pretend to be

Illegally obtain

Resource.

According to Checking

Perhaps can pass through, but signature

Invalid.

3. anti-replay-attack: what the member between two territories used when communicating by letter is interim disposable session key, can defend Replay Attack.

(6) calculating is few with communication overhead: calculate and communication overhead: the calculating of inter-domain protocol and communication overhead are comprised of Authentication and Key Agreement two parts, the expense of calculating is mainly reflected in bilinearity to computing, exponent arithmetic and Hash operation, number multiplication and add operation.

Its computing expense is as shown in table 1:

The computing of table 1. agreement

The communication process expense is mainly the amount of information of agreement both sides exchange, communication also is divided into two processes of Authentication and Key Agreement, verification process is mainly the information that transmission is mutually signed and verified, needs 3 transmission information, and cipher key agreement process needs 2 transmission both sides' information.

Through above analysis, this agreement is correct, and fail safe is preferably arranged.Need not to know the other side's identity when the inside member between two territories communicates by letter simultaneously, can reach the effect of two-way entity anonymous authentication, anonymity is preferably arranged.Can track entity itself when running into dispute, operand is less and communication overhead is also lower, can better be suitable for large-scale cross-domain alliance and consult the authentication environment.

Description of drawings

The cross-domain authentication federation protocol of Fig. 1 system framework;

Fig. 2 is system hierarchy figure of the present invention;

Fig. 3 is the schematic diagram of the cross-domain verification process of system in embodiment.

Embodiment

Below in conjunction with accompanying drawing, illustrate the preferred embodiment of the present invention.

In present embodiment, system is comprised of a plurality of territories, and each territory is independent, autonomous, as shown in Figure 1.Each territory is by the inner member composition of an authentication center and a plurality of this territory, and authentication center is as traditional CA or PKG, and inside member separately is that the owner of resource is also the visitor, and the inner member in each territory needs cross-domain access resources when collaborative calculating.Each authentication center chooses a group in a plurality of isomery cyclic groups, and designs separately key parameter with this cyclic group, distributes and manage the key in this territory, discloses simultaneously the PKI at this domain authentication center, so that mutual access and authentication.The member needs the registration of true identity when adding this territory, follow the trail of in order to carry out entity.

In the multiple trusting domains Verification System, the auth type in each territory of internal system can be according to inner need to the selection by each territory separately voluntarily, unnecessary authentication mode of seeking unification, and the authentication between the territory should be taked a kind of general mode as far as possible, to reach the convenience of cross-domain interoperability.

As shown in Figure 2, present embodiment realizes cross-domain authentication according to following steps,

1, carry out the initialization of system

Cross-domain alliance comprises 2 territories, choose 2 in twos coprime large prime number consist of a set R _S={ l _i| (i=1,2) }, select a large prime P, find any one to satisfy the super unusual elliptic curve E/GF (P) that WDH supposes safely, G is the subgroup, q rank of E/GF (P), namely | G|=q, l ₁, l ₂Be | the G| prime factor;

The sylow l of G _j-subgroup, the direct product decomposition of G is: Can be constructed 2 mutual isomorphism subgroups of G by lemma 2, establish this subcluster and be combined into GK={G _k| (k=1,2) }; In multi-field alliance system, any one different subgroup G is chosen in each territory from set GK _k(1≤k≤2) are as the cipher generating parameter in this territory.

2, generate the key in each territory: establish two territory D in union domain ₁And D ₂Choose respectively cyclic group G ₁=＜g ₁, G ₂=＜g ₂As the cipher generating parameter in this territory, G ₁, G ₂Respectively that two Prime Orders gathering in GK are p isomorphic group, g ₁And g ₂The G that is respectively ₁And G ₂Generator, e:G ₁* G ₂→ G _pBe computable two mappings, h:{0,1} ^*→ Z _pHash function, wherein a Z _pIt is the integer finite aggregate; Territory D ₁And D ₂Choose at random respectively random number ξ ₁And ξ ₂, ξ wherein ₁, ξ ₂, ∈ Z _p, then calculate respectively

With

Authentication center's private/public key in two territories is to being respectively

With If

It is the mapping value of two PKIs.

3, member's key distribution in the territory: suppose D ₁N member arranged in the territory, and the private key at domain authentication center (DAC) is ξ ₁, corresponding PKI is

DAC calculates

And y is distributed to D ₁Each member in the territory, member arbitrarily

Choose x _i∈ Z _pAs own private key, corresponding PKI

Calculate

And with reg _iSubmit to DAC as login key and register, DAC is with reg _iSet up corresponding relation with these personnel's identity in order to follow the tracks of authentication.

4, cross-domain key authentication, as shown in Figure 3:

1) suppose union domain D ₁In the member

Access union domain D ₂In the member Public/private key be

Login key is

Public/privately be

Login key is

Union domain D ₁And D ₂PKI be respectively

With

2)

Select μ ∈ Z _p, calculate; T ₁=g ₁ ^μ

3) D ₂In DCA checking

Whether equate, if equate select message m ∈ { 0,1} to be signed ^*, calculate the interrogation value: c ← h (T ₁, m)

$U_{D_1}\stackrel{c}{\←}{U}_{D_2}.$

4)

Calculate s ₁← μ+cx ₁

$U_{D_1}\stackrel{s_1}{\→}{U}_{D_2}.$

5)

Certifying signature

${g_1}^{s_1}=T_1{P_{u_1}}^c$

And if only if 3), 5) when equation is set up,

Can proof

That the union domain PKI is

The inside member, and PKI corresponding to its member is

Namely reach the authentication effect of crossing over a plurality of territories.

By above step, can realize crossing over the authentication effect in a plurality of territories.Present embodiment also comprises the step of session key agreement, can realize carrying out two communications between cross-domain member with the form of ciphertext by this step:

Select arbitrarily an integer k ₂∈ Z _p, calculate

$U_{D_2}\→U_{D_1}:(P_{u_2},f_1),$

With the private key x of oneself ₁F casts off illiteracy ₁After obtain Then select arbitrarily an integer k ₁∈ Z _p, calculate

$U_{D_1}\→U_{D_2}:(P_{u_1},f_2).$

With the private key x of oneself ₂F casts off illiteracy ₂After obtain

With

Calculate the interim conversation key

Carry out confidential corespondence between cross-domain by this interim conversation key.

For content of the present invention and implementation method are described, provided a specific embodiment.The purpose of introducing in an embodiment details is not the scope of restriction claims, but helps to understand the method for the invention.One skilled in the art should appreciate that: in the spirit and scope that do not break away from the present invention and claims thereof, to the various modifications of most preferred embodiment step, variation or to replace be all possible.Therefore, the present invention should not be limited to most preferred embodiment and the disclosed content of accompanying drawing.

Claims (2)

1. cross-domain alliance authentication method based on Bilinear Groups comprises the following steps:

One, carry out the initialization of system:

Suppose that cross-domain alliance comprises R territory, choose R in twos coprime large prime number consist of a set R _S={ r _i(i=1,2 ..., R) }; Select a large prime P, find any one to satisfy the super unusual elliptic curve E/GF (P) that WDH supposes safely, establishing G is the subgroup, q rank of E/GF (P), namely | and G|=q; If r ₁, r ₂..., r _nBeing | whole prime factors of G| namely have q=r ₁* r ₂* ... * r _n,

The sylowr of G _jThere is the direct product decomposition-subgroup as can be known by lemma 1 Can be constructed the individual isomorphism subgroup mutually of R of G by lemma 2, establish this isomorphism subcluster and be combined into GK={G _k| (k=1,2 ..., R) }; In multi-field alliance system, any one different subgroup G is chosen in each territory from set GK _k(1≤k≤R) is as the cipher generating parameter in this territory;

Wherein, sylowr _jThe implication of-subgroup is: if G is finite group, if having | G|=p ⁿ(n〉0), title G is p-group, p is prime number; If H is the p-subgroup of finite group, if the prime factor that H is the rank of G decompose in about the high order power of p, claim that H is the sylowp-subgroup of G;

Lemma 1: establishing G is Finite Abel Group, p ₁, p ₂..., p _nBe | whole prime factors of G|, The sylowp of G _iThere is the direct product decomposition-subgroup

Lemma 2: establish G=G ₁* G ₂* ... * G _nIf, K _iG _iThe subgroup, and K ₁, K ₂..., K _nMutual isomorphism, G has n the subgroup of isomorphism mutually; Two, generate the key in each territory: establish two territory D in union domain ₁And D ₂Choose respectively cyclic group G ₁=＜g ₁, G ₂=＜g ₂As the cipher generating parameter in this territory, G ₁, G ₂Respectively that two Prime Orders gathering in GK are p isomorphic group, g ₁And g ₂Be respectively G ₁And G ₂Generator, e:G ₁* G ₂→ G _pBe computable two mappings, h:{0,1}* → Z _pHash function, wherein a Z _pIt is the integer finite aggregate; Territory D ₁And D ₂Choose at random respectively random number ξ ₁And ξ ₂, ξ wherein ₁, ξ ₂, ∈ Z _p, then calculate respectively

With

Authentication center's private/public key in two territories is to being respectively

With

If

It is the mapping value of two PKIs;

Three, member's key distribution in the territory: suppose D ₁N member arranged in the territory, and the private key of domain authentication center DAC is ξ ₁, corresponding PKI is

DAC calculates

And y is distributed to D ₁Each member in the territory, member arbitrarily

Choose x _i∈ Z _pAs the private key of oneself, corresponding PKI

Calculate

And with reg _iSubmit to DAC as login key and register, DAC is with reg _iSet up corresponding relation with this member's identity in order to follow the tracks of authentication;

Four, cross-domain key authentication: suppose union domain D ₁In the member

Need access union domain D ₂In the member

With

Between carry out following process:

1) Private/public key to being Login key is

Private/public key to being

Login key is

Union domain D ₁And D ₂PKI be respectively With

2)

Select μ ∈ Z _p, calculate; T ₁=g ₁ ^μ

Wherein → symbolic representation member

With parameter

T ₁Pass to the member

3) D ₂In DAC checking Whether set up, and { 0,1}* calculates the interrogation value: c ← h (T to select message m ∈ to be signed ₁, m), then calculated value c is returned

4) Calculate s ₁← μ+cx ₁

5)

Certifying signature

Whether set up;

And if only if 3), 5) when equation was set up, expression was verified;

If be verified,

Can proof

That the union domain PKI is

The inside member, and PKI corresponding to its member is

Namely reach the authentication effect of crossing over a plurality of territories.

2. a kind of cross-domain alliance authentication method based on Bilinear Groups according to claim 1, it is characterized in that, on the basis of cross-domain authentication, also comprise step 5, by the session key agreement step, realize carrying out two communications between cross-domain member with the form of ciphertext:

Select arbitrarily an integer k ₂∈ Z _p, calculate

$U_{D_2}\→U_{D_1}:(P_{u_2},f_1),$

With the private key x of oneself ₁F casts off illiteracy ₁After obtain

Then select arbitrarily an integer k ₁∈ Z _p, calculate $f_2={P_{u_2}}^{k_1},$

$U_{D_1}\→U_{D_2}:(P_{u_1},f_2),$

With the private key x of oneself ₂F casts off illiteracy ₂After obtain

With

Calculate the interim conversation key $P_{D_1{D}_2}=e({P_{u_1}}^{\′},{P_{u_2}}^{\′})=e{(g_1,g_2)}^{k_1{k}_2},$

Carry out confidential corespondence between cross-domain by this interim conversation key.

Images