CN104954129B - Method for authenticating entities and device - Google Patents
Method for authenticating entities and device Download PDFInfo
- Publication number
- CN104954129B CN104954129B CN201410126144.1A CN201410126144A CN104954129B CN 104954129 B CN104954129 B CN 104954129B CN 201410126144 A CN201410126144 A CN 201410126144A CN 104954129 B CN104954129 B CN 104954129B
- Authority
- CN
- China
- Prior art keywords
- entity
- encdata
- mac
- mactag
- incorrect
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to method for authenticating entities and device, method includes: that entity A generates random number NAAnd issue entity B;Entity B generates random number NBAnd ZSEEDB, computation key MKA | | KEA | | KIA, ciphertext EncDataB, Message Authentication Code MACB, send NB||NA||EncDataB||MACBIt is verified to entity A;Entity A generates random number ZSEEDA, calculate ciphertext EncDataA, Message Authentication Code MACA, shared secret Z, master key MK, message identification mark MacTagA, send NA||NB||EncDataA||MACA||MacTagAIt is verified to entity B;Entity B calculates Z, MK, calculates MacTagAAnd with the MacTag that receivesACompare, if equal, then it is assumed that entity A is legal;Entity B calculates message identification mark MacTagBAnd issue entity A;Entity A calculates MacTagBAnd with the MacTag that receivesBCompare, if equal, then it is assumed that entity B is legal.The present invention identifies and establishes master key between realizing network entity, while determining the identity of other side.
Description
Technical field
The invention belongs to technical field of network security more particularly to method for authenticating entities and device.
Background technique
For communication network, such as local area network WLAN, wireless sensor network WSN, near-field communication NFC, radio frequency identification
RFID, personal area network WPAN etc. are subject to the attack such as forge, eavesdrop, reset in communication, therefore must solve to lead to before a communication
Believe that bipartite identity identifies problem, to ensure the legitimacy of communicating pair identity.Currently, based on cryptographic algorithm, especially
It is not confirmed to the identity for identifying both sides in the authentication schemes based on symmetric cryptographic algorithm due to usual in discrimination process,
And cause to identify even if identity and pass through, it can only also determine that other side possesses some shared secret, but actually cannot still determine
Whom other side is actually, and there are some potential safety problemss.
Summary of the invention
In order to solve the above technical problems in background technology, it is necessary to which a kind of method for authenticating entities and dress are provided
It sets.
A kind of method for authenticating entities, for having shared wildcard PSK and mutually knowing the entity A of other side's identity
Identity identification is carried out between entity B, which is characterized in that the described method includes:
Step 1, entity A generate random number NA, and it is sent to entity B.
Step 2, entity B receive NAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, calculate
Key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB||
IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), entity B sends NB||NA||
EncDataB||MACBTo entity A, wherein MKA is authentication key, and KEA is Message Encryption key, and KIA is that message integrity is close
Key, KDF1 are a kind of Key derivation algorithm, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is one kind
Encryption Algorithm, MAC1 are a kind of Message Authentication Code calculation method;
Step 3, entity A receive NB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate mirror
Not;
Step 4, entity A are generated for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC
(KEA,NA||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), meter
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark
MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagAIt gives
Entity B, wherein KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " is indicated by bit exclusive or,
MAC2 is a kind of Message Authentication Code generating algorithm;
Step 5, entity B receive NA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect,
Then terminate identification;
Step 6, entity B calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,
IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with receive
MacTagAIt is compared, if equal, then it is assumed that entity A identity is legal;If unequal, terminate and identify;Wherein, KDF2 is
A kind of Key derivation algorithm;
Step 7, entity B calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||NA), and
By MacTagBIt is sent to entity A, wherein MsgID2 is a message SN;
Step 8, entity A receive MacTagBAfterwards, message identification mark MacTag is calculated firstB=MAC2(MK,MsgID2||
IDB||IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, recognizes
It is legal for entity B identity.
When a kind of entity A and entity B carry out identity identification, the working method of entity A, wherein entity A has and entity B
Between wildcard PSK and know the identity of entity B, which is characterized in that the described method includes:
Generate random number NA, and it is sent to entity B;
Receive the N that entity B is sentB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate mirror
Not;
It generates for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC(KEA,NA||NB||IDA
||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), calculating shared secret Z=
ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=MAC2
(MK,MsgID1||IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagATo entity B;
Receive the MacTag that entity B is sentBAfterwards, message identification mark MacTag is calculated firstB=MAC2(MK,MsgID2||
IDB||IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, recognizes
It is legal for entity B identity;
Wherein, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is a kind of Encryption Algorithm, MAC1
For a kind of Message Authentication Code calculation method, KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " is indicated
By bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm;Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is
One message SN.
When a kind of entity A and entity B carry out identity identification, the working method of entity B, wherein entity B has and entity A
Between wildcard PSK and know the identity of entity A, which is characterized in that the described method includes:
Receive the N that entity A is sentAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, calculate
Key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB||
IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), send NB||NA||EncDataB|
|MACBTo entity A;
Receive the N that entity A is sentA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect,
Then terminate identification;
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculating disappears
Cease identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with the MacTag that receivesAIt is compared,
If unequal, terminate and identify;If equal, then it is assumed that entity A identity is legal, and calculates message identification mark MacTagB=
MAC2(MK,MsgID2||IDB||IDA||NB||NA), by MacTagBIt is sent to entity A.
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of close
Key derives algorithm, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is a kind of Encryption Algorithm, and MAC1 is
A kind of Message Authentication Code calculation method, KDF2 be a kind of Key derivation algorithm, MsgID1 be a message SN, " ⊕ " indicate by
Bit exclusive or, MAC2 are a kind of Message Authentication Code generating algorithm, and KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message sequence
Row number.
A kind of device, for carrying out identity identification with another device, described device includes storage unit, processing unit and receipts
Bill member, it is characterised in that:
Storage unit is used to store the identity of wildcard PSK and another device between another device
Mark;
Processing unit is for generating random number NA;
Transmit-Receive Unit is used for NAIt is sent to another device, and for receiving the N that another device is sentB||NA|
|EncDataB||MACB;
Processing unit is also used to the N sent to another deviceB||NA||EncDataB||MACBIt is verified, if testing
It demonstrate,proves incorrect, then terminates identification;
Processing unit is also used to generate the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC(KEA,
NA||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), it calculates shared
Secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA
=MAC2(MK,MsgID1||IDA||IDB||NA||NB), generate NA||NB||EncDataA||MACA||MacTagA;
Transmit-Receive Unit is also used to send NA||NB||EncDataA||MACA||MacTagATo another device, and it is used for
Receive the MacTag that another device is sentB;
Processing unit is also used to calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||
NA), the MacTag that then will be calculatedBThe MacTag sent with another deviceBIt is compared, if equal, then it is assumed that
Another device identity is legal;
Wherein, IDAFor the identity of described device, IDBFor the identity of another device, ENC is a kind of encryption
Algorithm, MAC1 are a kind of Message Authentication Code calculation method, and KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message sequence
Number, " ⊕ " indicates that, by bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm;Wherein, KDF2 is a kind of calculation of key derivation
Method, MsgID2 are a message SN.
A kind of device, for carrying out identity identification with another device, described device includes storage unit, processing unit and receipts
Bill member, it is characterised in that:
Storage unit is used to store the identity of wildcard PSK and another device between another device
Mark;
Transmit-Receive Unit is for receiving the N that another device is sentA;
Processing unit is for generating random number NBWith the random number ZSEED as key seedB, computation key MKA | | KEA |
|KIA=KDF1(NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB||IDA||ZSEEDB),
Calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), and generate NB||NA||EncDataB||MACB;
Transmit-Receive Unit is also used to send N to another deviceB||NA||EncDataB||MACB, and it is described for receiving
The N that another device is sentA||NB||EncDataA||MACA||MacTagA;
Processing unit is also used to the N sent to another deviceA||NB||EncDataA||MACA||MacTagAIt is tested
Card, if verifying is incorrect, terminates identification;
Processing unit is also used to calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,
IDA,IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with receive
MacTagAIt is compared, if unequal, terminate and identify;If equal, then it is assumed that another device identity is legal, and counts
Calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||NA);
Transmit-Receive Unit is also used to send MacTag to another deviceB;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of close
Key derives algorithm, IDAFor the identity of another device, IDBFor the identity of described device, ENC is a kind of encryption calculation
Method, MAC1 are a kind of Message Authentication Code calculation method, and KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN,
" ⊕ " is indicated by bit exclusive or, and MAC2 is a kind of Message Authentication Code generating algorithm, and KDF2 is a kind of Key derivation algorithm, MsgID2
For a message SN.
The present invention includes following advantage:
1) two-way identification between two network entities can be achieved and establish master key for protecting subsequent communications data;
2) identity of other side is determined while identifying.
Detailed description of the invention
Fig. 1 is the structural schematic diagram of solid identification system provided by the present invention;
Fig. 2 is the structural schematic diagram for corresponding to the device of entity A in the present invention;
Fig. 3 is the structural schematic diagram for corresponding to the device of entity B in the present invention.
Specific embodiment
Referring to Figure 1, the present invention provides a kind of method for authenticating entities, when this method is implemented, between entity A and entity B
It has shared wildcard (Pre-Shared key, PSK) and has mutually known the identity of other side, the identity of entity A
For IDA, the identity of entity B is IDB, method includes the following steps:
Step 1, entity A generate random number NA, and it is sent to entity B.
Step 2, entity B receive NAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, calculate
Key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB||
IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), entity B sends NB||NA||
EncDataB||MACBTo entity A, wherein MKA is authentication key, and KEA is Message Encryption key, and KIA is that message integrity is close
Key, KDF1 are a kind of Key derivation algorithm, and ENC is a kind of Encryption Algorithm, and MAC1 is a kind of Message Authentication Code calculation method.Here
" | | " indicate the cascade between field, the sequencing of its not limited field, similarly hereinafter.In addition, by " | | " cascade in the present invention
Field can be considered constituting one " field groups " afterwards, it should be noted that, " field groups " in the present invention are open, that is, remove " word
Outside the field that section group " is included, however not excluded that other fields can also be included in " field groups ".
Step 3, entity A receive NB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate mirror
Not.
Step 4, entity A are generated for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC
(KEA,NA||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), meter
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark
MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB).Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID1 is
(it is predetermined that message SN can be both sides to one message SN, is also possible to both sides by interacting message to obtain
), " ⊕ " indicates that, by bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm.Entity A sends NA||NB||EncDataA|
|MACA||MacTagATo entity B.
Step 5, entity B receive NA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect,
Then terminate identification.
Step 6, entity B calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,
IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with receive
MacTagAIt is compared, if unequal, terminate and identify;If equal, then it is assumed that entity A identity is legal, and continues following
Step.Wherein, KDF2 is a kind of Key derivation algorithm.
Step 7, entity B calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||NA), and
By MacTagBIt is sent to entity A, MsgID2 is that (it is predetermined that message SN can be both sides to a message SN, can also
To be that both sides are obtained by interacting message).
Step 8, entity A receive MacTagBAfterwards, message identification mark MacTag is calculated firstB=MAC2(MK,MsgID2||
IDB||IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, recognizes
It is legal for entity B identity.
Specifically, entity A receives N in above-mentioned steps 3B||NA||EncDataB||MACBAfter verified, comprising:
3.1, the N received is checkedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;
3.2, computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB=
MAC1(KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it verifies
It is incorrect;
3.3, N is decryptedA||NB||IDA||IDB||ZSEEDB=DEC(KEA,EncDataB);Check the ID that decryption obtainsAWith
IDBIt whether is really the identity of entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAWith before
It is sent to the N of entity BAIt is whether equal, it is unequal, it verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||
EncDataB||MACBIn NBIt is whether equal, it is unequal, it verifies incorrect.Wherein, DEC is decipherment algorithm.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that
N is received to entity AB||NA||EncDataB||MACBVerification result is incorrect.
Specifically, entity B receives N in above-mentioned steps 5A||NB||EncDataA||MACA||MacTagAAfter verified,
Include:
5.1, the N received is checkedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies incorrect;
5.2, the N received is checkedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies incorrect;
5.3, Message Authentication Code MAC is calculatedA=MAC1(KIA,NA||NB||EncDataA), compare the MAC being calculatedAWith
The MAC receivedAIt is whether equal, it is unequal, it verifies incorrect;
5.4, N is decryptedA||NB||IDA||IDB||ZSEEDA=DEC(KEA,EncDataA);Check the ID that decryption obtainsAWith
IDBIt whether is really the identity of entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBWith
It is sent to the N of entity A beforeAAnd NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that
N is received to entity BA||NB||EncDataA||MACA||MacTagAVerification result is incorrect.
Based on above-mentioned method for authenticating entities, the present invention also provides a kind of work of entity A for realizing the above method
Method, comprising:
Generate random number NA, and it is sent to entity B;
Receive the N that entity B is sentB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate mirror
Not;
It generates for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC(KEA,NA||NB||IDA
||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), calculating shared secret Z=
ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=MAC2
(MK,MsgID1||IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagATo entity B;
Receive the MacTag that entity B is sentBAfterwards, message identification mark MacTag is calculated firstB=MAC2(MK,MsgID2||
IDB||IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, recognizes
It is legal for entity B identity.
Specifically, the above-mentioned N for receiving entity B and sendingB||NA||EncDataB||MACBAfter verified, comprising:
Check the N receivedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;
Computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB=MAC1
(KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it verifies not just
Really;
Decrypt NA||NB||IDA||IDB||ZSEEDB=DEC(KEA,EncDataB);Check the ID that decryption obtainsAAnd IDBIt is
The no identity for entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsABe sent to reality before
The N of body BAIt is whether equal, it is unequal, it verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||EncDataB||
MACBIn NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that
To the N receivedB||NA||EncDataB||MACBVerification result be it is incorrect.
Based on above-mentioned method for authenticating entities, the present invention also provides a kind of work of entity B for realizing the above method
Method, comprising:
Receive the N that entity A is sentAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, calculate
Key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB||
IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), send NB||NA||EncDataB|
|MACBTo entity A;
Receive the N that entity A is sentA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect,
Then terminate identification;
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculating disappears
Cease identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with the MacTag that receivesAIt is compared,
If unequal, terminate and identify;If equal, then it is assumed that entity A identity is legal, and calculates message identification mark MacTagB=
MAC2(MK,MsgID2||IDB||IDA||NB||NA), by MacTagBIt is sent to entity A.
Specifically, the above-mentioned N for receiving entity A and sendingA||NB||EncDataA||MACA||MacTagAAfter verified, wrap
It includes:
Check the N receivedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies incorrect;
Check the N receivedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies incorrect;
Calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), compare the MAC being calculatedAWith receive
MACAIt is whether equal, it is unequal, it verifies incorrect;
Decrypt NA||NB||IDA||IDB||ZSEEDA=DEC(KEA,EncDataA);Check the ID that decryption obtainsAAnd IDBIt is
The no identity for entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBBe sent to before
The N of entity AAAnd NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that
To receiving NA||NB||EncDataA||MACA||MacTagAVerification result be it is incorrect.
Referring to fig. 2, it is based on above-mentioned method for authenticating entities, the present invention also provides a kind of correspondences for realizing the above method
In the device of entity A, including storage unit 11, processing unit 12, Transmit-Receive Unit 13, in which:
Storage unit 11 is used to store the identity of the wildcard PSK between entity B and entity B;
Processing unit 12 is for generating random number NA;
Transmit-Receive Unit 13 is used for NAIt is sent to entity B, and the N sent for receiving entity BB||NA||EncDataB||
MACB;
Processing unit 12 is also used to the N sent to entity BB||NA||EncDataB||MACBIt is verified, if verifying not just
Really, then identification is terminated;
Processing unit 12 is also used to generate the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC
(KEA,NA||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), meter
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark
MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), generate NA||NB||EncDataA||MACA||MacTagA;
Transmit-Receive Unit 13 is also used to send NA||NB||EncDataA||MACA||MacTagATo entity B, and for receiving reality
The MacTag that body B is sentB;
Processing unit 12 is also used to calculate message identification mark MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||
NA), the MacTag that then will be calculatedBThe MacTag sent with entity BBIt is compared, if equal, then it is assumed that entity B body
Part is legal.
Specifically, the N that above-mentioned processing unit 12 is also used to send entity BB||NA||EncDataB||MACBIt is tested
Card, comprising:
Processing unit 12 checks the N receivedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies not just
Really;
12 computation key MKA of processing unit | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate message identification
Code MACB=MAC1(KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal
It then verifies incorrect;
Processing unit 12 decrypts NA||NB||IDA||IDB||ZSEEDB=DEC(KEA,EncDataB);Check what decryption obtained
IDAAnd IDBIt whether is really the identity of entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAWith
It is sent to the N of entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA|
|EncDataB||MACBIn NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that
The N that entity B is sentB||NA||EncDataB||MACBVerification result be it is incorrect.
Referring to Fig. 3, it is based on above-mentioned discrimination method, the present invention also provides a kind of corresponding in fact for realizing the above method
The device of body B, including storage unit 21, processing unit 22, Transmit-Receive Unit 23, in which:
Storage unit 21 is used to store the identity of the wildcard PSK between entity A and entity A;
Transmit-Receive Unit 23 is used for the N that receiving entity A is sentA;
Processing unit 22 is for generating random number NBWith the random number ZSEED as key seedB, computation key MKA | |
KEA||KIA=KDF1(NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC(KEA,NB||NA||IDB||IDA||
ZSEEDB), calculate Message Authentication Code MACB=MAC1(KIA,NB||NA||EncDataB), and generate NB||NA||EncDataB||
MACB;
Transmit-Receive Unit 23 is also used to send N to entity AB||NA||EncDataB||MACB, and sent for receiving entity A
NA||NB||EncDataA||MACA||MacTagA;
Processing unit 22 is also used to the N sent to entity AA||NB||EncDataA||MACA||MacTagAIt is verified, if
It verifies incorrect, then terminates identification;
Processing unit 22 is also used to calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,
Z,IDA,IDB), calculate message identification mark MacTagA=MAC2(MK,MsgID1||IDA||IDB||NA||NB), and with receive
MacTagAIt is compared, if unequal, terminate and identify;If equal, then it is assumed that entity A identity is legal, and calculates message mirror
It Biao Shi not MacTagB=MAC2(MK,MsgID2||IDB||IDA||NB||NA);
Transmit-Receive Unit 23 is also used to send MacTag to entity AB。
Specifically, above-mentioned processing unit 22 is used for the N sent to entity AA||NB||EncDataA||MACA||MacTagA
It is verified, comprising:
Processing unit 22 checks the N receivedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies not just
Really;
Processing unit 22 checks the N receivedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies not just
Really;
Processing unit 22 calculates Message Authentication Code MACA=MAC1(KIA,NA||NB||EncDataA), compare and is calculated
MACAWith the MAC receivedAIt is whether equal, it is unequal, it verifies incorrect;
Processing unit 22 decrypts NA||NB||IDA||IDB||ZSEEDA=DEC(KEA,EncDataA);Check what decryption obtained
IDAAnd IDBIt whether is really the identity of entity A and entity B, if not then verifying incorrect;Check the N that decryption obtainsAWith
NBWith the N for being sent to entity A beforeAAnd NBIt is whether equal, it is unequal, it verifies incorrect.
It should be noted that the above verification process has no stringent sequence requirement, and any one verifying is incorrect, then it is assumed that
N is sent to entity AA||NB||EncDataA||MACA||MacTagAVerification result be it is incorrect.
To sum up, the identity realized the present invention is based on symmetric cryptographic algorithm between the entity with key agreement function identifies, and fits
It is very extensive with field.It present invention can be suitably applied to radio frequency discrimination RFID, sensor network WSN, near-field communication NFC are contactless
The field that card, WLAN WLAN etc. are communicated based on air interface.Entity A and entity B can be in the field RFID
Reader and label, the node in sensor network, the terminal device in the field NFC, the reading in contactless card technical field
Card device and card, terminal and access point in WLAN etc..
In addition, when technical solution of the present invention is used for the field NFC, entity A is sent in better embodiment of the invention
To the N of entity BAIt is to be transmitted after being packaged using ACT_REQ protocol Data Unit, entity B is sent to the N of entity AB||NA|
|EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES protocol Data Unit, entity A is sent to the N of entity BA|
|NB||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ protocol Data Unit, entity B hair
Give the MacTag of entity ABIt is to be transmitted after being packaged using VFY_RES protocol Data Unit, wherein ACT_REQ, ACT_
RES, VFY_REQ and VFY_RES are the protocol data unit formats for complying with standard ISO/IEC13157-1 and defining.So encapsulation
Afterwards, the compatibility of technical solution of the present invention and existing other security mechanisms of NFC is more excellent.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (16)
1. a kind of method for authenticating entities, for have shared wildcard PSK and mutually know other side's identity entity A and
Identity identification is carried out between entity B, which is characterized in that the described method includes:
Step 1, entity A generate random number NA, and it is sent to entity B;
Step 2, entity B receive NAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, computation key
MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC (KEA, NB||NA||IDB||
IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1 (KIA, NB||NA||EncDataB), entity B sends NB||NA||
EncDataB||MACBTo entity A, wherein MKA is authentication key, and KEA is Message Encryption key, and KIA is that message integrity is close
Key, KDF1 are a kind of Key derivation algorithm, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is one kind
Encryption Algorithm, MAC1 are a kind of Message Authentication Code calculation method, and " | | " indicates the cascade between field;
Step 3, entity A receive NB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate identification;
Step 4, entity A are generated for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA, NA
||NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), it calculates shared
Secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark
MacTagA=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagAIt gives
Entity B, wherein KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " is indicated by bit exclusive or,
MAC2 is a kind of Message Authentication Code generating algorithm;
Step 5, entity B receive NA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect, eventually
Only identify;
Step 6, entity B calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,
IDB), calculate message identification mark MacTagA=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), and with receive
MacTagAIt is compared, if equal, then it is assumed that entity A identity is legal;If unequal, terminate and identify;Wherein, KDF2 is
A kind of Key derivation algorithm;
Step 7, entity B calculate message identification mark MacTagB=MAC2 (MK, MsgID2 | | IDB||IDA||NB||NA), and will
MacTagBIt is sent to entity A, wherein MsgID2 is a message SN;
Step 8, entity A receive MacTagBAfterwards, message identification mark MacTag is calculated firstB=MAC2 (MK, MsgID2 | | IDB|
|IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, then it is assumed that real
Body B identity is legal.
2. the method as described in claim 1, which is characterized in that in the step 3, entity A receives NB||NA||EncDataB||
MACBAfter verified, comprising:
3.1, the N received is checkedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;
3.2, computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB=
MAC1(KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it verifies
It is incorrect;
3.3, N is decryptedA||NB||IDA||IDB||ZSEEDB=DEC (KEA, EncDataB);Check the ID that decryption obtainsAWhether really
The actually identity of entity A, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really the identity of entity B
Mark, if not then verifying incorrect;Check the N that decryption obtainsAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal then
It verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||EncDataB||MACBIn NBIt is whether equal, it is unequal
It then verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that receives N to entity AB||NA||EncDataB||MACBVerification result is not
Correctly.
3. the method as described in claim 1, which is characterized in that in the step 5, entity B receives NA||NB||EncDataA||
MACA||MacTagAAfter verified, comprising:
5.1, the N received is checkedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies incorrect;
5.2, the N received is checkedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies incorrect;
5.3, Message Authentication Code MAC is calculatedA=MAC1 (KIA, NA||NB||EncDataA), compare the MAC being calculatedAWith receive
MACAIt is whether equal, it is unequal, it verifies incorrect;
5.4, N is decryptedA||NB||IDA||IDB||ZSEEDA=DEC (KEA, EncDataA);Check the ID that decryption obtainsAWhether really
The actually identity of entity A, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really the identity of entity B
Mark, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBWith the N for being sent to entity A beforeAAnd NBWhether correspond to
It is equal, it is unequal, it verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that receives N to entity BA||NB||EncDataA||MACA||MacTagAIt tests
It is incorrect for demonstrate,proving result.
4. the method as described in any one of claim 1-3, which is characterized in that NAIt is to utilize ACT_REQ data protocol unit
It is transmitted after being packaged, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit
, NA||NB||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit,
MacTagBIt is to be transmitted after being packaged using VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ
And VFY_RES is the protocol data unit format for complying with standard ISO/IEC 13157-1 and defining.
5. a kind of entity A and entity B carry out identity identification, the working method of entity A, wherein entity A have and entity B it
Between wildcard PSK and know the identity of entity B, which is characterized in that the described method includes:
Generate random number NA, and it is sent to entity B;
Receive the N that entity B is sentB||NA||EncDataB||MACBAfter verified, if verifying is incorrect, terminate identification;
It generates for the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA, NA||NB||IDA||
IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), calculate shared secret Z=
ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA=
MAC2(MK,MsgID1||IDA||IDB||NA||NB), send NA||NB||EncDataA||MACA||MacTagATo entity B;
Receive the MacTag that entity B is sentBAfterwards, message identification mark MacTag is calculated firstB=MAC2 (MK, MsgID2 | | IDB|
|IDA||NB||NA), the MacTag that then will be calculatedBWith the MacTag receivedBIt is compared, if equal, then it is assumed that real
Body B identity is legal;
Wherein, IDAFor the identity of entity A, IDBFor the identity of entity B, NBFor entity B generate random number,
EncDataBFor the ciphertext that entity B calculates, EncDataB=ENC (KEA, NB||NA||IDB||IDA||ZSEEDB), ZSEEDBFor reality
Body B is generated as the random number of key seed, MACB=MAC1 (KIA, NB||NA||EncDataB), ENC is a kind of encryption calculation
Method, KEA are Message Encryption key, and KIA is message integrity key, and MAC1 is a kind of Message Authentication Code calculation method, and KDF2 is
A kind of Key derivation algorithm, MsgID1 are a message SN, and " ⊕ " indicates that, by bit exclusive or, MAC2 is a kind of Message Authentication Code
Generating algorithm;Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN, and " | | " indicates between field
Cascade.
6. method as claimed in claim 5, which is characterized in that the N for receiving entity B and sendingB||NA||EncDataB||
MACBAfter verified, comprising:
Check the N receivedAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it verifies incorrect;
Computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB=MAC1
(KIA,NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it verifies not just
Really;
Decrypt NA||NB||IDA||IDB||ZSEEDB=DEC (KEA, EncDataB);Check the ID that decryption obtainsAWhether be really
The identity of entity A, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really the identity mark of entity B
Know, if not then verifying incorrect;Check the N that decryption obtainsAWith the N for being sent to entity B beforeAIt is whether equal, it is unequal, it tests
It demonstrate,proves incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||EncDataB||MACBIn NBIt is whether equal, it is unequal then
It verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that the N receivedB||NA||EncDataB||MACBVerification result be not
Correctly.
7. such as method described in claim 5 or 6, which is characterized in that NAIt is to be packaged using ACT_REQ data protocol unit
It transmits afterwards, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit, NA||NB
||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is benefit
It is transmitted after being packaged with VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ and VFY_RES are
Comply with standard the protocol data unit format that ISO/IEC13157-1 is defined.
8. a kind of entity A and entity B carry out identity identification, the working method of entity B, wherein entity B have and entity A it
Between wildcard PSK and know the identity of entity A, which is characterized in that the described method includes:
Receive the N that entity A is sentAAfterwards, random number N is generatedBWith for the random number ZSEED as key seedB, computation key
MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC (KEA, NB||NA||IDB||
IDA||ZSEEDB), calculate Message Authentication Code MACB=MAC1 (KIA, NB||NA||EncDataB), send NB||NA||EncDataB
||MACBTo entity A;
Receive the N that entity A is sentA||NB||EncDataA||MACA||MacTagAAfter verified, if verifying is incorrect, eventually
Only identify;
Calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message
Identification mark MacTagA=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), and with the MacTag that receivesAIt is compared, such as
Fruit is unequal, terminates and identifies;If equal, then it is assumed that entity A identity is legal, and calculates message identification mark MacTagB=
MAC2(MK,MsgID2||IDB||IDA||NB||NA), by MacTagBIt is sent to entity A;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is that a kind of key pushes away
Lead algorithm, IDAFor the identity of entity A, IDBFor the identity of entity B, ENC is a kind of Encryption Algorithm, and MAC1 is one kind
Message Authentication Code calculation method, KDF2 are a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " is indicated by bit
Exclusive or, MAC2 are a kind of Message Authentication Code generating algorithm, and KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message sequence
Number, " | | " indicates the cascade between field;
Wherein, NAFor the random number that entity A generates, EncDataAFor the ciphertext that entity A calculates, EncDataA=ENC (KEA, NA||
NB||IDA||IDB||ZSEEDA), ZSEEDAThe random number of key seed, MAC are generated as entity AA=MAC1 (KIA, NA
||NB||EncDataA)。
9. method according to claim 8, which is characterized in that the N for receiving entity A and sendingA||NB||EncDataA||
MACA||MacTagAAfter verified, comprising:
Check the N receivedAWith the N for being sent to entity A beforeAIt is whether equal, it is unequal, it verifies incorrect;
Check the N receivedBWith the N for being sent to entity A beforeBIt is whether equal, it is unequal, it verifies incorrect;
Calculate Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), compare the MAC being calculatedAWith receive
MACAIt is whether equal, it is unequal, it verifies incorrect;
Decrypt NA||NB||IDA||IDB||ZSEEDA=DEC (KEA, EncDataA);Check the ID that decryption obtainsAWhether be really
The identity of entity A, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really the identity mark of entity B
Know, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBWith the N for being sent to entity A beforeAAnd NBWhether phase is corresponded to
Deng, it is unequal, it verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that receiving NA||NB||EncDataA||MACA||MacTagAVerifying knot
Fruit is incorrect.
10. method as claimed in claim 8 or 9, which is characterized in that NAIt is to be packaged using ACT_REQ data protocol unit
It transmits afterwards, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit, NA||NB
||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is benefit
It is transmitted after being packaged with VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ and VFY_RES are
Comply with standard the protocol data unit format that ISO/IEC13157-1 is defined.
11. a kind of solid identification device, for carrying out identity identification with another device, described device includes storage unit, processing
Unit and Transmit-Receive Unit, it is characterised in that:
Storage unit is used to store the identity mark of wildcard PSK and another device between another device
Know;
Processing unit is for generating random number NA;
Transmit-Receive Unit is used for NAIt is sent to another device, and for receiving the N that another device is sentB||NA||
EncDataB||MACB;
Processing unit is also used to the N sent to another deviceB||NA||EncDataB||MACBIt is verified, if verifying not just
Really, then identification is terminated;
Processing unit is also used to generate the random number ZSEED as key seedA, calculate ciphertext EncDataA=ENC (KEA, NA|
|NB||IDA||IDB||ZSEEDA), calculate Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), calculating is shared secret
Close Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,IDB), calculate message identification mark MacTagA
=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), generate NA||NB||EncDataA||MACA||MacTagA;
Transmit-Receive Unit is also used to send NA||NB||EncDataA||MACA||MacTagATo another device, and for receiving
The MacTag that another device is sentB;
Processing unit is also used to calculate message identification mark MacTagB=MAC2 (MK, MsgID2 | | IDB||IDA||NB||NA), so
The MacTag that will be calculated afterwardsBThe MacTag sent with another deviceBIt is compared, if equal, then it is assumed that described another
One device identity is legal;
Wherein, IDAFor the identity of described device, IDBFor the identity of another device, ENC is a kind of encryption calculation
Method, KEA are Message Encryption key, and KIA is message integrity key, and MAC1 is a kind of Message Authentication Code calculation method, and KDF2 is
A kind of Key derivation algorithm, MsgID1 are a message SN, and " ⊕ " indicates that, by bit exclusive or, MAC2 is a kind of Message Authentication Code
Generating algorithm;Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN, and " | | " indicates between field
Cascade;
Wherein, NBFor the random number that another device generates, EncDataBFor the ciphertext that another device calculates,
EncDataB=ENC (KEA, NB||NA||IDB||IDA||ZSEEDB), ZSEEDBKey is generated as another device
The random number of seed, MACB=MAC1 (KIA, NB||NA||EncDataB)。
12. device as claimed in claim 11, which is characterized in that the processing unit is also used to send out another device
The N comeB||NA||EncDataB||MACBIt is verified, comprising:
The N that processing unit inspection receivesAWith the N for being sent to another device beforeAIt is whether equal, it is unequal, it verifies not just
Really;
Processing unit computation key MKA | | KEA | | KIA=KDF1 (NA,NB,PSK,IDA,IDB), and calculate Message Authentication Code MACB
=MAC1 (KIA, NB||NA||EncDataB), compare the MAC being calculatedBWith the MAC receivedBIt is whether equal, it is unequal, it tests
It demonstrate,proves incorrect;
Processing unit decrypts NA||NB||IDA||IDB||ZSEEDB=DEC (KEA, EncDataB), check the ID that decryption obtainsAIt is
No be the identity of described device really, if not then verifying incorrect;Check the ID that decryption obtainsBIt whether is really described
The identity of another device, if not then verifying incorrect;Check the N that decryption obtainsABe sent to another dress before
The N setAIt is whether equal, it is unequal, it verifies incorrect;Check the N that decryption obtainsBWith the N receivedB||NA||EncDataB||
MACBIn NBIt is whether equal, it is unequal, it verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that the N sent to another deviceB||NA||EncDataB||MACB's
Verification result is incorrect.
13. the device as described in claim 11 or 12, which is characterized in that NAIt is to be sealed using ACT_REQ data protocol unit
It is transmitted after dress, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit, NA||
NB||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is
It is transmitted after being packaged using VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ and VFY_RES
It is the protocol data unit format for complying with standard ISO/IEC 13157-1 and defining.
14. a kind of solid identification device, for carrying out identity identification with another device, described device includes storage unit, processing
Unit and Transmit-Receive Unit, it is characterised in that:
Storage unit is used to store the identity mark of wildcard PSK and another device between another device
Know;
Transmit-Receive Unit is for receiving the N that another device is sentA;
Processing unit is for generating random number NBWith the random number ZSEED as key seedB, computation key MKA | | KEA | | KIA
=KDF1 (NA,NB,PSK,IDA,IDB), calculate ciphertext EncDataB=ENC (KEA, NB||NA||IDB||IDA||ZSEEDB), meter
Calculate Message Authentication Code MACB=MAC1 (KIA, NB||NA||EncDataB), and generate NB||NA||EncDataB||MACB;
Transmit-Receive Unit is also used to send N to another deviceB||NA||EncDataB||MACB, and for receiving another dress
Set the N sentA||NB||EncDataA||MACA||MacTagA;
Processing unit is also used to the N sent to another deviceA||NB||EncDataA||MACA||MacTagAIt is verified,
If verifying is incorrect, identification is terminated;
Processing unit is also used to calculate shared secret Z=ZSEEDA⊕ZSEEDB, calculate master key MK=KDF2 (NA,NB,Z,IDA,
IDB), calculate message identification mark MacTagA=MAC2 (MK, MsgID1 | | IDA||IDB||NA||NB), and with receive
MacTagAIt is compared, if unequal, terminate and identify;If equal, then it is assumed that another device identity is legal, and counts
Calculate message identification mark MacTagB=MAC2 (MK, MsgID2 | | IDB||IDA||NB||NA);
Transmit-Receive Unit is also used to send MacTag to another deviceB;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is that a kind of key pushes away
Lead algorithm, IDAFor the identity of another device, IDBFor the identity of described device, ENC is a kind of Encryption Algorithm,
MAC1 is a kind of Message Authentication Code calculation method, and KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, " ⊕ "
It indicates by bit exclusive or, MAC2 is a kind of Message Authentication Code generating algorithm, and KDF2 is a kind of Key derivation algorithm, MsgID2 mono-
Message SN, " | | " indicate the cascade between field;
Wherein, NAFor the random number that another device generates, EncDataAFor the ciphertext that another device calculates,
EncDataA=ENC (KEA, NA||NB||IDA||IDB||ZSEEDA), ZSEEDAKey is generated as another device
The random number of seed, MACA=MAC1 (KIA, NA||NB||EncDataA)。
15. device as claimed in claim 14, which is characterized in that the processing unit is also used to send out another device
The N comeA||NB||EncDataA||MACA||MacTagAIt is verified, comprising:
The N that processing unit inspection receivesAWith the N for being sent to another device beforeAIt is whether equal, it is unequal, it verifies not just
Really;
The N that processing unit inspection receivesBWith the N for being sent to another device beforeBIt is whether equal, it is unequal, it verifies not just
Really;
Processing unit calculates Message Authentication Code MACA=MAC1 (KIA, NA||NB||EncDataA), compare the MAC being calculatedAWith
The MAC receivedAIt is whether equal, it is unequal, it verifies incorrect;
Processing unit decrypts NA||NB||IDA||IDB||ZSEEDA=DEC (KEA, EncDataA);Check the ID that decryption obtainsAIt is
No be the identity of another device really, if not then verifying incorrect;Check the ID that decryption obtainsBWhether be really
The identity of described device, if not then verifying incorrect;Check the N that decryption obtainsAAnd NBIt is described another with being sent to before
The N of deviceAAnd NBWhether it is equal to each other, it is unequal, it verifies incorrect;Wherein, DEC is decipherment algorithm;
Wherein, any one verifying is incorrect, then it is assumed that sends N to another deviceA||NB||EncDataA||MACA||
MacTagAVerification result be it is incorrect.
16. the device as described in claims 14 or 15, which is characterized in that NAIt is to be sealed using ACT_REQ data protocol unit
It is transmitted after dress, NB||NA||EncDataB||MACBIt is to be transmitted after being packaged using ACT_RES data protocol unit, NA||
NB||EncDataA||MACA||MacTagAIt is to be transmitted after being packaged using VFY_REQ data protocol unit, MacTagBIt is
It is transmitted after being packaged using VFY_RES data protocol unit, wherein ACT_REQ, ACT_RES, VFY_REQ and VFY_RES
It is the protocol data unit format for complying with standard ISO/IEC 13157-1 and defining.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410126144.1A CN104954129B (en) | 2014-03-31 | 2014-03-31 | Method for authenticating entities and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410126144.1A CN104954129B (en) | 2014-03-31 | 2014-03-31 | Method for authenticating entities and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104954129A CN104954129A (en) | 2015-09-30 |
CN104954129B true CN104954129B (en) | 2019-09-27 |
Family
ID=54168508
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410126144.1A Active CN104954129B (en) | 2014-03-31 | 2014-03-31 | Method for authenticating entities and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104954129B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242323A (en) * | 2007-02-06 | 2008-08-13 | 华为技术有限公司 | Establishment method and home network system for pipes between devices |
CN101272251A (en) * | 2007-03-22 | 2008-09-24 | 华为技术有限公司 | Authentication and cryptographic key negotiation method, authentication method, system and equipment |
CN101699891A (en) * | 2009-10-21 | 2010-04-28 | 西安西电捷通无线网络通信有限公司 | Method for key management and node authentication of sensor network |
CN102036242A (en) * | 2009-09-29 | 2011-04-27 | 中兴通讯股份有限公司 | Access authentication method and system in mobile communication network |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4613969B2 (en) * | 2008-03-03 | 2011-01-19 | ソニー株式会社 | Communication apparatus and communication method |
-
2014
- 2014-03-31 CN CN201410126144.1A patent/CN104954129B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242323A (en) * | 2007-02-06 | 2008-08-13 | 华为技术有限公司 | Establishment method and home network system for pipes between devices |
CN101272251A (en) * | 2007-03-22 | 2008-09-24 | 华为技术有限公司 | Authentication and cryptographic key negotiation method, authentication method, system and equipment |
CN102036242A (en) * | 2009-09-29 | 2011-04-27 | 中兴通讯股份有限公司 | Access authentication method and system in mobile communication network |
CN101699891A (en) * | 2009-10-21 | 2010-04-28 | 西安西电捷通无线网络通信有限公司 | Method for key management and node authentication of sensor network |
Also Published As
Publication number | Publication date |
---|---|
CN104954129A (en) | 2015-09-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105577625B (en) | Method for authenticating entities and device based on wildcard | |
US10015159B2 (en) | Terminal authentication system, server device, and terminal authentication method | |
CN105991285B (en) | Identity identifying method, apparatus and system for quantum key distribution process | |
EP3338399B1 (en) | Method, apparatus, terminal device and system for generating shared key | |
EP3082356A1 (en) | Method to check and prove the authenticity of an ephemeral public key | |
JP2016533048A5 (en) | ||
CN103914913B (en) | A kind of application of IC cards scene recognition method and system | |
US20160352605A1 (en) | Systems and methods for distance bounding to an authenticated device | |
CN104954130B (en) | A kind of method for authenticating entities and device | |
CN109635610A (en) | The read-write system and method for RFID tag data | |
US9553729B2 (en) | Authentication method between a reader and a radio tag | |
CN105281910A (en) | Internet of things lock with CA digital certificate serving as network access identity identifier and network access identity identification method | |
CN111130775A (en) | Key negotiation method, device and equipment | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
US20220329415A1 (en) | Techniques For Secure Data Exchanges | |
CN104954129B (en) | Method for authenticating entities and device | |
Kun et al. | Anonymous authentication with unlinkability for wireless environments | |
TW201446067A (en) | Systems, methods and apparatuses for ensuring proximity of communication device | |
CN103580860B (en) | Data transmission method, device, system and communication equipment in short-range communication | |
KR20180089951A (en) | Method and system for processing transaction of electronic cash | |
KR101914304B1 (en) | Method for protecting information on near field communication and apparatus using the method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20150930 Assignee: Shenzhen mingwah Aohan Smart Card Co. Ltd. Assignor: Anxi Dianjietong Wireless Network Communications Co.,Ltd. Contract record no.: 2018610000009 Denomination of invention: Entity identification method and device License type: Common License Record date: 20180320 |
|
GR01 | Patent grant | ||
GR01 | Patent grant |