CN104954129B - Method for authenticating entities and device - Google Patents

Method for authenticating entities and device Download PDF

Info

Publication number
CN104954129B
CN104954129B CN201410126144.1A CN201410126144A CN104954129B CN 104954129 B CN104954129 B CN 104954129B CN 201410126144 A CN201410126144 A CN 201410126144A CN 104954129 B CN104954129 B CN 104954129B
Authority
CN
China
Prior art keywords
entity
encdata
mac
mactag
incorrect
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410126144.1A
Other languages
Chinese (zh)
Other versions
CN104954129A (en
Inventor
杜志强
胡亚楠
李琴
王月辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN201410126144.1A priority Critical patent/CN104954129B/en
Publication of CN104954129A publication Critical patent/CN104954129A/en
Application granted granted Critical
Publication of CN104954129B publication Critical patent/CN104954129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to method for authenticating entities and device, method includes: that entity A generates random number NAAnd issue entity B;Entity B generates random number NBAnd ZSEEDB, computation key MKA | | KEA | | KIA, ciphertext EncDataB, Message Authentication Code MACB, send NB||NA||EncDataB||MACBIt is verified to entity A;Entity A generates random number ZSEEDA, calculate ciphertext EncDataA, Message Authentication Code MACA, shared secret Z, master key MK, message identification mark MacTagA, send NA||NB||EncDataA||MACA||MacTagAIt is verified to entity B;Entity B calculates Z, MK, calculates MacTagAAnd with the MacTag that receivesACompare, if equal, then it is assumed that entity A is legal;Entity B calculates message identification mark MacTagBAnd issue entity A;Entity A calculates MacTagBAnd with the MacTag that receivesBCompare, if equal, then it is assumed that entity B is legal.The present invention identifies and establishes master key between realizing network entity, while determining the identity of other side.

Description

Method for authenticating entities and device
Technical field
The invention belongs to technical field of network security more particularly to method for authenticating entities and device.
Background technique
For communication network, such as local area network WLAN, wireless sensor network WSN, near-field communication NFC, radio frequency identification RFID, personal area network WPAN etc. are subject to the attack such as forge, eavesdrop, reset in communication, therefore must solve to lead to before a communication Believe that bipartite identity identifies problem, to ensure the legitimacy of communicating pair identity.Currently, based on cryptographic algorithm, especially It is not confirmed to the identity for identifying both sides in the authentication schemes based on symmetric cryptographic algorithm due to usual in discrimination process, And cause to identify even if identity and pass through, it can only also determine that other side possesses some shared secret, but actually cannot still determine Whom other side is actually, and there are some potential safety problemss.
Summary of the invention
In order to solve the above technical problems in background technology, it is necessary to which a kind of method for authenticating entities and dress are provided It sets.
A kind of method for authenticating entities, for having shared wildcard PSK and mutually knowing the entity A of other side's identity Identity identification is carried out between entity B, which is characterized in that the described method includes:
Step 1, entity A generate random number NA, and it is sent to entity B.
Step 2, entity B receive NAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, calculate Key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB|| IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), entity B sends NB||NA|| EncDataB||MACBTo entity A, wherein MKA is authentication key, and KEA is Message Encryption key, and KIA is that message integrity is close Key, KDF1 are a kind of Key derivation algorithm, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is one kind Encryption Algorithm, MAC1 are a kind of Message Authentication Code calculation method;
Step 3, entity A receive NB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate mirror Not;
Step 4, entity A are generated for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA,NA||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), meter Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagAIt gives Entity B, wherein KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " is indicated by bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm;
Step 5, entity B receive NA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect, Then terminate identification;
Step 6, entity B calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA, IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with receive MacTagAIt is compared, if equal, then it is assumed that entity A identity is legal;If unequal, terminate and identify;Wherein, KDF2 is A kind of Key derivation algorithm;
Step 7, entity B calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||NA), and By MacTagBIt is sent to entity A, wherein MsgID2 is a message SN;
Step 8, entity A receive MacTagBAfterwards, message identification mark MacTag is calculated firstB=MAC2(MK,MsgID2|| IDB||IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, recognizes It is legal for entity B identity.
When a kind of entity A and entity B carry out identity identification, the working method of entity A, wherein entity A has and entity B Between wildcard PSK and know the identity of entity B, which is characterized in that the described method includes:
Generate random number NA, and it is sent to entity B;
Receive the N that entity B is sentB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate mirror Not;
It generates for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC(KEA,NA||NB||IDA ||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), calculating shared secret Z= ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=MAC2 (MK,MsgID1||IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagATo entity B;
Receive the MacTag that entity B is sentBAfterwards, message identification mark MacTag is calculated firstB=MAC2(MK,MsgID2|| IDB||IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, recognizes It is legal for entity B identity;
Wherein, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is a kind of Encryption Algorithm, MAC1 For a kind of Message Authentication Code calculation method, KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " is indicated By bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm;Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is One message SN.
When a kind of entity A and entity B carry out identity identification, the working method of entity B, wherein entity B has and entity A Between wildcard PSK and know the identity of entity A, which is characterized in that the described method includes:
Receive the N that entity A is sentAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, calculate Key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB|| IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), send NB||NA||EncDataB| |MACBTo entity A;
Receive the N that entity A is sentA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect, Then terminate identification;
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculating disappears Cease identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with the MacTag that receivesAIt is compared, If unequal, terminate and identify;If equal, then it is assumed that entity A identity is legal, and calculates message identification mark MacTagB= MAC2(MK,MsgID2||IDB||IDA||NB||NA), by MacTagBIt is sent to entity A.
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of close Key derives algorithm, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is a kind of Encryption Algorithm, and MAC1 is A kind of Message Authentication Code calculation method, KDF2 be a kind of Key derivation algorithm, MsgID1 be a message SN, " ⊕ " indicate by Bit exclusive or, MAC2 are a kind of Message Authentication Code generating algorithm, and KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message sequence Row number.
A kind of device, for carrying out identity identification with another device, described device includes storage unit, processing unit and receipts Bill member, it is characterised in that:
Storage unit is used to store the identity of wildcard PSK and another device between another device Mark;
Processing unit is for generating random number NA
Transmit-Receive Unit is used for NAIt is sent to another device, and for receiving the N that another device is sentB||NA| |EncDataB||MACB
Processing unit is also used to the N sent to another deviceB||NA||EncDataB||MACBIt is verified, if testing It demonstrate,proves incorrect, then terminates identification;
Processing unit is also used to generate the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC(KEA, NA||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), it calculates shared Secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA =MAC2(MK,MsgID1||IDA||IDB||NA||NB), generate NA||NB||EncDataA||MACA||MacTagA
Transmit-Receive Unit is also used to send NA||NB||EncDataA||MACA||MacTagATo another device, and it is used for Receive the MacTag that another device is sentB
Processing unit is also used to calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB|| NA), the MacTag that then will be calculatedBThe MacTag sent with another deviceBIt is compared, if equal, then it is assumed that Another device identity is legal;
Wherein, IDAFor the identity of described device, IDBFor the identity of another device, ENC is a kind of encryption Algorithm, MAC1 are a kind of Message Authentication Code calculation method, and KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message sequence Number, " ⊕ " indicates that, by bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm;Wherein, KDF2 is a kind of calculation of key derivation Method, MsgID2 are a message SN.
A kind of device, for carrying out identity identification with another device, described device includes storage unit, processing unit and receipts Bill member, it is characterised in that:
Storage unit is used to store the identity of wildcard PSK and another device between another device Mark;
Transmit-Receive Unit is for receiving the N that another device is sentA
Processing unit is for generating random number NBWith the random number ZSEED as key seedB, computation key MKA | | KEA | |KIA=KDF1(NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB||IDA||ZSEEDB), Calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), and generate NB||NA||EncDataB||MACB
Transmit-Receive Unit is also used to send N to another deviceB||NA||EncDataB||MACB, and it is described for receiving The N that another device is sentA||NB||EncDataA||MACA||MacTagA
Processing unit is also used to the N sent to another deviceA||NB||EncDataA||MACA||MacTagAIt is tested Card, if verifying is incorrect, terminates identification;
Processing unit is also used to calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z, IDA,IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with receive MacTagAIt is compared, if unequal, terminate and identify;If equal, then it is assumed that another device identity is legal, and counts Calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||NA);
Transmit-Receive Unit is also used to send MacTag to another deviceB
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of close Key derives algorithm, IDAFor the identity of another device, IDBFor the identity of described device, ENC is a kind of encryption calculation Method, MAC1 are a kind of Message Authentication Code calculation method, and KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, " ⊕ " is indicated by bit exclusive or, and MAC2 is a kind of Message Authentication Code generating algorithm, and KDF2 is a kind of Key derivation algorithm, MsgID2 For a message SN.
The present invention includes following advantage:
1) two-way identification between two network entities can be achieved and establish master key for protecting subsequent communications data;
2) identity of other side is determined while identifying.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of solid identification system provided by the present invention;
Fig. 2 is the structural schematic diagram for corresponding to the device of entity A in the present invention;
Fig. 3 is the structural schematic diagram for corresponding to the device of entity B in the present invention.
Specific embodiment
Referring to Figure 1, the present invention provides a kind of method for authenticating entities, when this method is implemented, between entity A and entity B It has shared wildcard (Pre-Shared key, PSK) and has mutually known the identity of other side, the identity of entity A For IDA, the identity of entity B is IDB, method includes the following steps:
Step 1, entity A generate random number NA, and it is sent to entity B.
Step 2, entity B receive NAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, calculate Key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB|| IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), entity B sends NB||NA|| EncDataB||MACBTo entity A, wherein MKA is authentication key, and KEA is Message Encryption key, and KIA is that message integrity is close Key, KDF1 are a kind of Key derivation algorithm, and ENC is a kind of Encryption Algorithm, and MAC1 is a kind of Message Authentication Code calculation method.Here " | | " indicate the cascade between field, the sequencing of its not limited field, similarly hereinafter.In addition, by " | | " cascade in the present invention Field can be considered constituting one " field groups " afterwards, it should be noted that, " field groups " in the present invention are open, that is, remove " word Outside the field that section group " is included, however not excluded that other fields can also be included in " field groups ".
Step 3, entity A receive NB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate mirror Not.
Step 4, entity A are generated for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA,NA||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), meter Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB).Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID1 is (it is predetermined that message SN can be both sides to one message SN, is also possible to both sides by interacting message to obtain ), " ⊕ " indicates that, by bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm.Entity A sends NA||NB||EncDataA| |MACA||MacTagATo entity B.
Step 5, entity B receive NA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect, Then terminate identification.
Step 6, entity B calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA, IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with receive MacTagAIt is compared, if unequal, terminate and identify;If equal, then it is assumed that entity A identity is legal, and continues following Step.Wherein, KDF2 is a kind of Key derivation algorithm.
Step 7, entity B calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||NA), and By MacTagBIt is sent to entity A, MsgID2 is that (it is predetermined that message SN can be both sides to a message SN, can also To be that both sides are obtained by interacting message).
Step 8, entity A receive MacTagBAfterwards, message identification mark MacTag is calculated firstB=MAC2(MK,MsgID2|| IDB||IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, recognizes It is legal for entity B identity.
Specifically, entity A receives N in above-mentioned steps 3B||NA||EncDataB||MACBAfter verified, comprising:
3.1, the N received is checkedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;
3.2, computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB= MAC1(KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it verifies It is incorrect;
3.3, N is decryptedA||NB||IDA||IDB||ZSEEDB=DEC(KEA,EncDataB);Check the ID that decryption obtainsAWith IDBIt whether is really the identity of entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAWith before It is sent to the N of entity BAIt is whether equal, it is unequal, it verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA|| EncDataB||MACBIn NBIt is whether equal, it is unequal, it verifies incorrect.Wherein, DEC is decipherment algorithm.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that N is received to entity AB||NA||EncDataB||MACBVerification result is incorrect.
Specifically, entity B receives N in above-mentioned steps 5A||NB||EncDataA||MACA||MacTagAAfter verified, Include:
5.1, the N received is checkedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies incorrect;
5.2, the N received is checkedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies incorrect;
5.3, Message Authentication Code MAC is calculatedA=MAC1(KIA,NA||NB||EncDataA), compare the MAC being calculatedAWith The MAC receivedAIt is whether equal, it is unequal, it verifies incorrect;
5.4, N is decryptedA||NB||IDA||IDB||ZSEEDA=DEC(KEA,EncDataA);Check the ID that decryption obtainsAWith IDBIt whether is really the identity of entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBWith It is sent to the N of entity A beforeAAnd NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that N is received to entity BA||NB||EncDataA||MACA||MacTagAVerification result is incorrect.
Based on above-mentioned method for authenticating entities, the present invention also provides a kind of work of entity A for realizing the above method Method, comprising:
Generate random number NA, and it is sent to entity B;
Receive the N that entity B is sentB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate mirror Not;
It generates for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC(KEA,NA||NB||IDA ||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), calculating shared secret Z= ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=MAC2 (MK,MsgID1||IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagATo entity B;
Receive the MacTag that entity B is sentBAfterwards, message identification mark MacTag is calculated firstB=MAC2(MK,MsgID2|| IDB||IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, recognizes It is legal for entity B identity.
Specifically, the above-mentioned N for receiving entity B and sendingB||NA||EncDataB||MACBAfter verified, comprising:
Check the N receivedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;
Computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB=MAC1 (KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it verifies not just Really;
Decrypt NA||NB||IDA||IDB||ZSEEDB=DEC(KEA,EncDataB);Check the ID that decryption obtainsAAnd IDBIt is The no identity for entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsABe sent to reality before The N of body BAIt is whether equal, it is unequal, it verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||EncDataB|| MACBIn NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that To the N receivedB||NA||EncDataB||MACBVerification result be it is incorrect.
Based on above-mentioned method for authenticating entities, the present invention also provides a kind of work of entity B for realizing the above method Method, comprising:
Receive the N that entity A is sentAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, calculate Key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB|| IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), send NB||NA||EncDataB| |MACBTo entity A;
Receive the N that entity A is sentA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect, Then terminate identification;
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculating disappears Cease identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with the MacTag that receivesAIt is compared, If unequal, terminate and identify;If equal, then it is assumed that entity A identity is legal, and calculates message identification mark MacTagB= MAC2(MK,MsgID2||IDB||IDA||NB||NA), by MacTagBIt is sent to entity A.
Specifically, the above-mentioned N for receiving entity A and sendingA||NB||EncDataA||MACA||MacTagAAfter verified, wrap It includes:
Check the N receivedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies incorrect;
Check the N receivedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies incorrect;
Calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), compare the MAC being calculatedAWith receive MACAIt is whether equal, it is unequal, it verifies incorrect;
Decrypt NA||NB||IDA||IDB||ZSEEDA=DEC(KEA,EncDataA);Check the ID that decryption obtainsAAnd IDBIt is The no identity for entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBBe sent to before The N of entity AAAnd NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that To receiving NA||NB||EncDataA||MACA||MacTagAVerification result be it is incorrect.
Referring to fig. 2, it is based on above-mentioned method for authenticating entities, the present invention also provides a kind of correspondences for realizing the above method In the device of entity A, including storage unit 11, processing unit 12, Transmit-Receive Unit 13, in which:
Storage unit 11 is used to store the identity of the wildcard PSK between entity B and entity B;
Processing unit 12 is for generating random number NA
Transmit-Receive Unit 13 is used for NAIt is sent to entity B, and the N sent for receiving entity BB||NA||EncDataB|| MACB
Processing unit 12 is also used to the N sent to entity BB||NA||EncDataB||MACBIt is verified, if verifying not just Really, then identification is terminated;
Processing unit 12 is also used to generate the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA,NA||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), meter Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), generate NA||NB||EncDataA||MACA||MacTagA
Transmit-Receive Unit 13 is also used to send NA||NB||EncDataA||MACA||MacTagATo entity B, and for receiving reality The MacTag that body B is sentB
Processing unit 12 is also used to calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB|| NA), the MacTag that then will be calculatedBThe MacTag sent with entity BBIt is compared, if equal, then it is assumed that entity B body Part is legal.
Specifically, the N that above-mentioned processing unit 12 is also used to send entity BB||NA||EncDataB||MACBIt is tested Card, comprising:
Processing unit 12 checks the N receivedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies not just Really;
12 computation key MKA of processing unit | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate message identification Code MACB=MAC1(KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal It then verifies incorrect;
Processing unit 12 decrypts NA||NB||IDA||IDB||ZSEEDB=DEC(KEA,EncDataB);Check what decryption obtained IDAAnd IDBIt whether is really the identity of entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAWith It is sent to the N of entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA| |EncDataB||MACBIn NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that The N that entity B is sentB||NA||EncDataB||MACBVerification result be it is incorrect.
Referring to Fig. 3, it is based on above-mentioned discrimination method, the present invention also provides a kind of corresponding in fact for realizing the above method The device of body B, including storage unit 21, processing unit 22, Transmit-Receive Unit 23, in which:
Storage unit 21 is used to store the identity of the wildcard PSK between entity A and entity A;
Transmit-Receive Unit 23 is used for the N that receiving entity A is sentA
Processing unit 22 is for generating random number NBWith the random number ZSEED as key seedB, computation key MKA | | KEA||KIA=KDF1(NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB||IDA|| ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), and generate NB||NA||EncDataB|| MACB
Transmit-Receive Unit 23 is also used to send N to entity AB||NA||EncDataB||MACB, and sent for receiving entity A NA||NB||EncDataA||MACA||MacTagA
Processing unit 22 is also used to the N sent to entity AA||NB||EncDataA||MACA||MacTagAIt is verified, if It verifies incorrect, then terminates identification;
Processing unit 22 is also used to calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB, Z,IDA,IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with receive MacTagAIt is compared, if unequal, terminate and identify;If equal, then it is assumed that entity A identity is legal, and calculates message mirror It Biao Shi not MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||NA);
Transmit-Receive Unit 23 is also used to send MacTag to entity AB
Specifically, above-mentioned processing unit 22 is used for the N sent to entity AA||NB||EncDataA||MACA||MacTagA It is verified, comprising:
Processing unit 22 checks the N receivedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies not just Really;
Processing unit 22 checks the N receivedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies not just Really;
Processing unit 22 calculates Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), compare and is calculated MACAWith the MAC receivedAIt is whether equal, it is unequal, it verifies incorrect;
Processing unit 22 decrypts NA||NB||IDA||IDB||ZSEEDA=DEC(KEA,EncDataA);Check what decryption obtained IDAAnd IDBIt whether is really the identity of entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAWith NBWith the N for being sent to entity A beforeAAnd NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that N is sent to entity AA||NB||EncDataA||MACA||MacTagAVerification result be it is incorrect.
To sum up, the identity realized the present invention is based on symmetric cryptographic algorithm between the entity with key agreement function identifies, and fits It is very extensive with field.It present invention can be suitably applied to radio frequency discrimination RFID, sensor network WSN, near-field communication NFC are contactless The field that card, WLAN WLAN etc. are communicated based on air interface.Entity A and entity B can be in the field RFID Reader and label, the node in sensor network, the terminal device in the field NFC, the reading in contactless card technical field Card device and card, terminal and access point in WLAN etc..
In addition, when technical solution of the present invention is used for the field NFC, entity A is sent in better embodiment of the invention To the N of entity BAIt is to be transmitted after being packaged using ACT_REQ protocol Data Unit, entity B is sent to the N of entity AB||NA| |EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES protocol Data Unit, entity A is sent to the N of entity BA| |NB||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ protocol Data Unit, entity B hair Give the MacTag of entity ABIt is to be transmitted after being packaged using VFY_RES protocol Data Unit, wherein ACT_REQ, ACT_ RES, VFY_REQ and VFY_RES are the protocol data unit formats for complying with standard ISO/IEC13157-1 and defining.So encapsulation Afterwards, the compatibility of technical solution of the present invention and existing other security mechanisms of NFC is more excellent.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies Within, then the present invention is also intended to include these modifications and variations.

Claims (16)

1. a kind of method for authenticating entities, for have shared wildcard PSK and mutually know other side's identity entity A and Identity identification is carried out between entity B, which is characterized in that the described method includes:
Step 1, entity A generate random number NA, and it is sent to entity B;
Step 2, entity B receive NAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC (KEA, NB||NA||IDB|| IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1 (KIA, NB||NA||EncDataB), entity B sends NB||NA|| EncDataB||MACBTo entity A, wherein MKA is authentication key, and KEA is Message Encryption key, and KIA is that message integrity is close Key, KDF1 are a kind of Key derivation algorithm, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is one kind Encryption Algorithm, MAC1 are a kind of Message Authentication Code calculation method, and " | | " indicates the cascade between field;
Step 3, entity A receive NB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate identification;
Step 4, entity A are generated for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA, NA ||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), it calculates shared Secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagAIt gives Entity B, wherein KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " is indicated by bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm;
Step 5, entity B receive NA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect, eventually Only identify;
Step 6, entity B calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA, IDB), calculate message identification mark MacTagA=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), and with receive MacTagAIt is compared, if equal, then it is assumed that entity A identity is legal;If unequal, terminate and identify;Wherein, KDF2 is A kind of Key derivation algorithm;
Step 7, entity B calculate message identification mark MacTagB=MAC2 (MK, MsgID2 | | IDB||IDA||NB||NA), and will MacTagBIt is sent to entity A, wherein MsgID2 is a message SN;
Step 8, entity A receive MacTagBAfterwards, message identification mark MacTag is calculated firstB=MAC2 (MK, MsgID2 | | IDB| |IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, then it is assumed that real Body B identity is legal.
2. the method as described in claim 1, which is characterized in that in the step 3, entity A receives NB||NA||EncDataB|| MACBAfter verified, comprising:
3.1, the N received is checkedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;
3.2, computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB= MAC1(KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it verifies It is incorrect;
3.3, N is decryptedA||NB||IDA||IDB||ZSEEDB=DEC (KEA, EncDataB);Check the ID that decryption obtainsAWhether really The actually identity of entity A, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really the identity of entity B Mark, if not then verifying incorrect;Check the N that decryption obtainsAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal then It verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||EncDataB||MACBIn NBIt is whether equal, it is unequal It then verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that receives N to entity AB||NA||EncDataB||MACBVerification result is not Correctly.
3. the method as described in claim 1, which is characterized in that in the step 5, entity B receives NA||NB||EncDataA|| MACA||MacTagAAfter verified, comprising:
5.1, the N received is checkedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies incorrect;
5.2, the N received is checkedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies incorrect;
5.3, Message Authentication Code MAC is calculatedA=MAC1 (KIA, NA||NB||EncDataA), compare the MAC being calculatedAWith receive MACAIt is whether equal, it is unequal, it verifies incorrect;
5.4, N is decryptedA||NB||IDA||IDB||ZSEEDA=DEC (KEA, EncDataA);Check the ID that decryption obtainsAWhether really The actually identity of entity A, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really the identity of entity B Mark, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBWith the N for being sent to entity A beforeAAnd NBWhether correspond to It is equal, it is unequal, it verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that receives N to entity BA||NB||EncDataA||MACA||MacTagAIt tests It is incorrect for demonstrate,proving result.
4. the method as described in any one of claim 1-3, which is characterized in that NAIt is to utilize ACT_REQ data protocol unit It is transmitted after being packaged, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit , NA||NB||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is to be transmitted after being packaged using VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ And VFY_RES is the protocol data unit format for complying with standard ISO/IEC 13157-1 and defining.
5. a kind of entity A and entity B carry out identity identification, the working method of entity A, wherein entity A have and entity B it Between wildcard PSK and know the identity of entity B, which is characterized in that the described method includes:
Generate random number NA, and it is sent to entity B;
Receive the N that entity B is sentB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate identification;
It generates for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA, NA||NB||IDA|| IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), calculate shared secret Z= ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA= MAC2(MK,MsgID1||IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagATo entity B;
Receive the MacTag that entity B is sentBAfterwards, message identification mark MacTag is calculated firstB=MAC2 (MK, MsgID2 | | IDB| |IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, then it is assumed that real Body B identity is legal;
Wherein, IDAFor the identity of entity A, IDBFor the identity of entity B, NBFor entity B generate random number, EncDataBFor the ciphertext that entity B calculates, EncDataB=ENC (KEA, NB||NA||IDB||IDA||ZSEEDB), ZSEEDBFor reality Body B is generated as the random number of key seed, MACB=MAC1 (KIA, NB||NA||EncDataB), ENC is a kind of encryption calculation Method, KEA are Message Encryption key, and KIA is message integrity key, and MAC1 is a kind of Message Authentication Code calculation method, and KDF2 is A kind of Key derivation algorithm, MsgID1 are a message SN, and " ⊕ " indicates that, by bit exclusive or, MAC2 is a kind of Message Authentication Code Generating algorithm;Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN, and " | | " indicates between field Cascade.
6. method as claimed in claim 5, which is characterized in that the N for receiving entity B and sendingB||NA||EncDataB|| MACBAfter verified, comprising:
Check the N receivedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;
Computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB=MAC1 (KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it verifies not just Really;
Decrypt NA||NB||IDA||IDB||ZSEEDB=DEC (KEA, EncDataB);Check the ID that decryption obtainsAWhether be really The identity of entity A, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really the identity mark of entity B Know, if not then verifying incorrect;Check the N that decryption obtainsAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it tests It demonstrate,proves incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||EncDataB||MACBIn NBIt is whether equal, it is unequal then It verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that the N receivedB||NA||EncDataB||MACBVerification result be not Correctly.
7. such as method described in claim 5 or 6, which is characterized in that NAIt is to be packaged using ACT_REQ data protocol unit It transmits afterwards, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit, NA||NB ||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is benefit It is transmitted after being packaged with VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ and VFY_RES are Comply with standard the protocol data unit format that ISO/IEC13157-1 is defined.
8. a kind of entity A and entity B carry out identity identification, the working method of entity B, wherein entity B have and entity A it Between wildcard PSK and know the identity of entity A, which is characterized in that the described method includes:
Receive the N that entity A is sentAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC (KEA, NB||NA||IDB|| IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1 (KIA, NB||NA||EncDataB), send NB||NA||EncDataB ||MACBTo entity A;
Receive the N that entity A is sentA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect, eventually Only identify;
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message Identification mark MacTagA=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), and with the MacTag that receivesAIt is compared, such as Fruit is unequal, terminates and identifies;If equal, then it is assumed that entity A identity is legal, and calculates message identification mark MacTagB= MAC2(MK,MsgID2||IDB||IDA||NB||NA), by MacTagBIt is sent to entity A;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is that a kind of key pushes away Lead algorithm, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is a kind of Encryption Algorithm, and MAC1 is one kind Message Authentication Code calculation method, KDF2 are a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " is indicated by bit Exclusive or, MAC2 are a kind of Message Authentication Code generating algorithm, and KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message sequence Number, " | | " indicates the cascade between field;
Wherein, NAFor the random number that entity A generates, EncDataAFor the ciphertext that entity A calculates, EncDataA=ENC (KEA, NA|| NB||IDA||IDB||ZSEEDA), ZSEEDAThe random number of key seed, MAC are generated as entity AA=MAC1 (KIA, NA ||NB||EncDataA)。
9. method according to claim 8, which is characterized in that the N for receiving entity A and sendingA||NB||EncDataA|| MACA||MacTagAAfter verified, comprising:
Check the N receivedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies incorrect;
Check the N receivedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies incorrect;
Calculate Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), compare the MAC being calculatedAWith receive MACAIt is whether equal, it is unequal, it verifies incorrect;
Decrypt NA||NB||IDA||IDB||ZSEEDA=DEC (KEA, EncDataA);Check the ID that decryption obtainsAWhether be really The identity of entity A, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really the identity mark of entity B Know, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBWith the N for being sent to entity A beforeAAnd NBWhether phase is corresponded to Deng, it is unequal, it verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that receiving NA||NB||EncDataA||MACA||MacTagAVerifying knot Fruit is incorrect.
10. method as claimed in claim 8 or 9, which is characterized in that NAIt is to be packaged using ACT_REQ data protocol unit It transmits afterwards, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit, NA||NB ||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is benefit It is transmitted after being packaged with VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ and VFY_RES are Comply with standard the protocol data unit format that ISO/IEC13157-1 is defined.
11. a kind of solid identification device, for carrying out identity identification with another device, described device includes storage unit, processing Unit and Transmit-Receive Unit, it is characterised in that:
Storage unit is used to store the identity mark of wildcard PSK and another device between another device Know;
Processing unit is for generating random number NA
Transmit-Receive Unit is used for NAIt is sent to another device, and for receiving the N that another device is sentB||NA|| EncDataB||MACB
Processing unit is also used to the N sent to another deviceB||NA||EncDataB||MACBIt is verified, if verifying not just Really, then identification is terminated;
Processing unit is also used to generate the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA, NA| |NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), calculating is shared secret Close Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA =MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), generate NA||NB||EncDataA||MACA||MacTagA
Transmit-Receive Unit is also used to send NA||NB||EncDataA||MACA||MacTagATo another device, and for receiving The MacTag that another device is sentB
Processing unit is also used to calculate message identification mark MacTagB=MAC2 (MK, MsgID2 | | IDB||IDA||NB||NA), so The MacTag that will be calculated afterwardsBThe MacTag sent with another deviceBIt is compared, if equal, then it is assumed that described another One device identity is legal;
Wherein, IDAFor the identity of described device, IDBFor the identity of another device, ENC is a kind of encryption calculation Method, KEA are Message Encryption key, and KIA is message integrity key, and MAC1 is a kind of Message Authentication Code calculation method, and KDF2 is A kind of Key derivation algorithm, MsgID1 are a message SN, and " ⊕ " indicates that, by bit exclusive or, MAC2 is a kind of Message Authentication Code Generating algorithm;Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN, and " | | " indicates between field Cascade;
Wherein, NBFor the random number that another device generates, EncDataBFor the ciphertext that another device calculates, EncDataB=ENC (KEA, NB||NA||IDB||IDA||ZSEEDB), ZSEEDBKey is generated as another device The random number of seed, MACB=MAC1 (KIA, NB||NA||EncDataB)。
12. device as claimed in claim 11, which is characterized in that the processing unit is also used to send out another device The N comeB||NA||EncDataB||MACBIt is verified, comprising:
The N that processing unit inspection receivesAWith the N for being sent to another device beforeAIt is whether equal, it is unequal, it verifies not just Really;
Processing unit computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB =MAC1 (KIA, NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it tests It demonstrate,proves incorrect;
Processing unit decrypts NA||NB||IDA||IDB||ZSEEDB=DEC (KEA, EncDataB), check the ID that decryption obtainsAIt is No be the identity of described device really, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really described The identity of another device, if not then verifying incorrect;Check the N that decryption obtainsABe sent to another dress before The N setAIt is whether equal, it is unequal, it verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||EncDataB|| MACBIn NBIt is whether equal, it is unequal, it verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that the N sent to another deviceB||NA||EncDataB||MACB's Verification result is incorrect.
13. the device as described in claim 11 or 12, which is characterized in that NAIt is to be sealed using ACT_REQ data protocol unit It is transmitted after dress, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit, NA|| NB||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is It is transmitted after being packaged using VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ and VFY_RES It is the protocol data unit format for complying with standard ISO/IEC 13157-1 and defining.
14. a kind of solid identification device, for carrying out identity identification with another device, described device includes storage unit, processing Unit and Transmit-Receive Unit, it is characterised in that:
Storage unit is used to store the identity mark of wildcard PSK and another device between another device Know;
Transmit-Receive Unit is for receiving the N that another device is sentA
Processing unit is for generating random number NBWith the random number ZSEED as key seedB, computation key MKA | | KEA | | KIA =KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC (KEA, NB||NA||IDB||IDA||ZSEEDB), meter Calculate Message Authentication Code MACB=MAC1 (KIA, NB||NA||EncDataB), and generate NB||NA||EncDataB||MACB
Transmit-Receive Unit is also used to send N to another deviceB||NA||EncDataB||MACB, and for receiving another dress Set the N sentA||NB||EncDataA||MACA||MacTagA
Processing unit is also used to the N sent to another deviceA||NB||EncDataA||MACA||MacTagAIt is verified, If verifying is incorrect, identification is terminated;
Processing unit is also used to calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA, IDB), calculate message identification mark MacTagA=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), and with receive MacTagAIt is compared, if unequal, terminate and identify;If equal, then it is assumed that another device identity is legal, and counts Calculate message identification mark MacTagB=MAC2 (MK, MsgID2 | | IDB||IDA||NB||NA);
Transmit-Receive Unit is also used to send MacTag to another deviceB
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is that a kind of key pushes away Lead algorithm, IDAFor the identity of another device, IDBFor the identity of described device, ENC is a kind of Encryption Algorithm, MAC1 is a kind of Message Authentication Code calculation method, and KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, " ⊕ " It indicates by bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm, and KDF2 is a kind of Key derivation algorithm, MsgID2 mono- Message SN, " | | " indicate the cascade between field;
Wherein, NAFor the random number that another device generates, EncDataAFor the ciphertext that another device calculates, EncDataA=ENC (KEA, NA||NB||IDA||IDB||ZSEEDA), ZSEEDAKey is generated as another device The random number of seed, MACA=MAC1 (KIA, NA||NB||EncDataA)。
15. device as claimed in claim 14, which is characterized in that the processing unit is also used to send out another device The N comeA||NB||EncDataA||MACA||MacTagAIt is verified, comprising:
The N that processing unit inspection receivesAWith the N for being sent to another device beforeAIt is whether equal, it is unequal, it verifies not just Really;
The N that processing unit inspection receivesBWith the N for being sent to another device beforeBIt is whether equal, it is unequal, it verifies not just Really;
Processing unit calculates Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), compare the MAC being calculatedAWith The MAC receivedAIt is whether equal, it is unequal, it verifies incorrect;
Processing unit decrypts NA||NB||IDA||IDB||ZSEEDA=DEC (KEA, EncDataA);Check the ID that decryption obtainsAIt is No be the identity of another device really, if not then verifying incorrect;Check the ID that decryption obtainsBWhether be really The identity of described device, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBIt is described another with being sent to before The N of deviceAAnd NBWhether it is equal to each other, it is unequal, it verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that sends N to another deviceA||NB||EncDataA||MACA|| MacTagAVerification result be it is incorrect.
16. the device as described in claims 14 or 15, which is characterized in that NAIt is to be sealed using ACT_REQ data protocol unit It is transmitted after dress, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit, NA|| NB||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is It is transmitted after being packaged using VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ and VFY_RES It is the protocol data unit format for complying with standard ISO/IEC 13157-1 and defining.
CN201410126144.1A 2014-03-31 2014-03-31 Method for authenticating entities and device Active CN104954129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410126144.1A CN104954129B (en) 2014-03-31 2014-03-31 Method for authenticating entities and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410126144.1A CN104954129B (en) 2014-03-31 2014-03-31 Method for authenticating entities and device

Publications (2)

Publication Number Publication Date
CN104954129A CN104954129A (en) 2015-09-30
CN104954129B true CN104954129B (en) 2019-09-27

Family

ID=54168508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410126144.1A Active CN104954129B (en) 2014-03-31 2014-03-31 Method for authenticating entities and device

Country Status (1)

Country Link
CN (1) CN104954129B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242323A (en) * 2007-02-06 2008-08-13 华为技术有限公司 Establishment method and home network system for pipes between devices
CN101272251A (en) * 2007-03-22 2008-09-24 华为技术有限公司 Authentication and cryptographic key negotiation method, authentication method, system and equipment
CN101699891A (en) * 2009-10-21 2010-04-28 西安西电捷通无线网络通信有限公司 Method for key management and node authentication of sensor network
CN102036242A (en) * 2009-09-29 2011-04-27 中兴通讯股份有限公司 Access authentication method and system in mobile communication network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4613969B2 (en) * 2008-03-03 2011-01-19 ソニー株式会社 Communication apparatus and communication method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242323A (en) * 2007-02-06 2008-08-13 华为技术有限公司 Establishment method and home network system for pipes between devices
CN101272251A (en) * 2007-03-22 2008-09-24 华为技术有限公司 Authentication and cryptographic key negotiation method, authentication method, system and equipment
CN102036242A (en) * 2009-09-29 2011-04-27 中兴通讯股份有限公司 Access authentication method and system in mobile communication network
CN101699891A (en) * 2009-10-21 2010-04-28 西安西电捷通无线网络通信有限公司 Method for key management and node authentication of sensor network

Also Published As

Publication number Publication date
CN104954129A (en) 2015-09-30

Similar Documents

Publication Publication Date Title
CN105577625B (en) Method for authenticating entities and device based on wildcard
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
CN105991285B (en) Identity identifying method, apparatus and system for quantum key distribution process
EP3338399B1 (en) Method, apparatus, terminal device and system for generating shared key
EP3082356A1 (en) Method to check and prove the authenticity of an ephemeral public key
JP2016533048A5 (en)
CN103914913B (en) A kind of application of IC cards scene recognition method and system
US20160352605A1 (en) Systems and methods for distance bounding to an authenticated device
CN104954130B (en) A kind of method for authenticating entities and device
CN109635610A (en) The read-write system and method for RFID tag data
US9553729B2 (en) Authentication method between a reader and a radio tag
CN105281910A (en) Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method
CN111130775A (en) Key negotiation method, device and equipment
CN109922022A (en) Internet of Things communication means, platform, terminal and system
US20220329415A1 (en) Techniques For Secure Data Exchanges
CN104954129B (en) Method for authenticating entities and device
Kun et al. Anonymous authentication with unlinkability for wireless environments
TW201446067A (en) Systems, methods and apparatuses for ensuring proximity of communication device
CN103580860B (en) Data transmission method, device, system and communication equipment in short-range communication
KR20180089951A (en) Method and system for processing transaction of electronic cash
KR101914304B1 (en) Method for protecting information on near field communication and apparatus using the method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20150930

Assignee: Shenzhen mingwah Aohan Smart Card Co. Ltd.

Assignor: Anxi Dianjietong Wireless Network Communications Co.,Ltd.

Contract record no.: 2018610000009

Denomination of invention: Entity identification method and device

License type: Common License

Record date: 20180320

GR01 Patent grant
GR01 Patent grant