TWI672606B - Authorization authentication method based on authentication and key agreement protocol - Google Patents

Authorization authentication method based on authentication and key agreement protocol Download PDF

Info

Publication number
TWI672606B
TWI672606B TW107130001A TW107130001A TWI672606B TW I672606 B TWI672606 B TW I672606B TW 107130001 A TW107130001 A TW 107130001A TW 107130001 A TW107130001 A TW 107130001A TW I672606 B TWI672606 B TW I672606B
Authority
TW
Taiwan
Prior art keywords
authentication
key
service server
group
server
Prior art date
Application number
TW107130001A
Other languages
Chinese (zh)
Other versions
TW202009759A (en
Inventor
簡宏宇
Original Assignee
國立暨南國際大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國立暨南國際大學 filed Critical 國立暨南國際大學
Priority to TW107130001A priority Critical patent/TWI672606B/en
Application granted granted Critical
Publication of TWI672606B publication Critical patent/TWI672606B/en
Publication of TW202009759A publication Critical patent/TW202009759A/en

Links

Abstract

一種基於認證和密鑰協商協議之授權認證方法,藉由一行動網路註冊伺服器至少根據對應一目標連網裝置的一群組私鑰及對應一接取服務伺服器的服務端身份資料產生一對應於該接取服務伺服器及該目標連網裝置所屬的連網裝置群組的種子鑰匙;藉由一行動網路註冊伺服器分別計算出相關於一雜湊函數的一第一授權令牌及一第二授權令牌;該行動網路註冊伺服器將該種子鑰匙、該第一授權令牌及該第二授權令牌傳送至該接取服務伺服器以供該接取服務伺服器與該目標連網裝置所屬的連網裝置群組中的每一連網裝置進行雙向認證。An authentication and authentication method based on an authentication and key agreement protocol, wherein a mobile network registration server is generated according to at least a group private key corresponding to a target network device and a server identity data corresponding to an access server; a seed key corresponding to the access service server and the networked device group to which the target network device belongs; and a mobile network registration server respectively calculates a first authorization token related to a hash function And a second authorization token; the mobile network registration server transmits the seed key, the first authorization token and the second authorization token to the access service server for the access service server and Each networked device in the networked device group to which the target networked device belongs performs mutual authentication.

Description

基於認證和密鑰協商協議之授權認證方法Authorization authentication method based on authentication and key agreement protocol

本發明是有關於一種授權認證方法,特別是指一種基於認證和密鑰協商協議之授權認證方法。The invention relates to an authorization authentication method, in particular to an authorization authentication method based on an authentication and a key agreement protocol.

在物聯網(Internet of Things, IoT)及社群網路應用的時代,將有數十億台連網裝置加入網路連線。由於現行的行動網路具有高覆蓋範圍,為了充分利用此特性,許多廣泛部署應用在物聯網的連網裝置將以行動網路系統為骨幹進行相互連線;此外,在物聯網及社群網路應用中,有很多情形是大量的連網裝置會頻繁地通訊且需要被認證,因此,在部署應用在基於行動網路系統之物聯網的連網裝置時,將面臨許多挑戰,舉例來說,在授權認證連網裝置時有兩個很重要的問題須被解決:一是大量連網裝置密集認證請求和發送認證需求所產生的龐大的通訊負擔,將導致行動網路系統失效,我們稱這為聚合認證通訊(aggregated authentication bandwidth)成本問題;二是由於各種物聯網連網裝置擁有不同的應用性質,傳統認證金鑰機制將所有連網裝置視為同一性因而無法適當對具有不同應用性質之連網裝置給予不同授權認證差異。In the era of Internet of Things (IoT) and social networking applications, billions of connected devices will be added to the Internet. Due to the high coverage of the current mobile network, in order to make full use of this feature, many widely deployed Internet-connected devices will connect with the mobile network system as the backbone; in addition, in the Internet of Things and the social network In the road application, there are many cases where a large number of networked devices communicate frequently and need to be authenticated. Therefore, when deploying a networked device connected to an Internet of Things based on a mobile network system, there are many challenges, for example, There are two important issues that must be resolved when authorizing a certified networked device: First, the large communication burden caused by a large number of networked devices intensive authentication requests and sending authentication requirements will cause the mobile network system to fail. This is the cost of aggregated authentication bandwidth. Second, because various IoT networking devices have different application properties, the traditional authentication key mechanism treats all connected devices as identical and thus cannot be properly applied to different applications. The networked device gives different authorization authentication differences.

有鑑於此,現有的授權認證方式仍有很大的改良空間。In view of this, there is still much room for improvement in the existing authorization authentication method.

因此,本發明的目的,即在提供一種基於認證和密鑰協商協議之授權認證方法,允許具相同應用性質之眾多物聯網之連網裝置得以共享群組特性特質,降低相同群組內所有個別裝置在認證時所需耗費的計算及通訊成本。Therefore, the object of the present invention is to provide an authentication and key agreement protocol based authentication method, which allows a plurality of Internet of Things connected devices having the same application property to share group characteristics and reduce all individual groups in the same group. The computational and communication costs incurred by the device at the time of certification.

於是,本發明基於認證和密鑰協商協議之授權認證方法,由彼此經由一通訊網路連接的多個連網裝置群組、一接取服務伺服器及一行動網路註冊伺服器實施。每一連網裝置群組包括至少一連網裝置,每一連網裝置對應一個體身份資料,且每一連網裝置所屬的連網裝置群組對應一群組身份資料及一群組金鑰對,該接取服務伺服器對應一服務端身份資料;其中每一連網裝置所屬的連網裝置群組所對應的該群組身份資料及該群組金鑰對可由該行動網路註冊伺服器預先決定,每一連網裝置所屬的連網裝置群組所對應的該群組金鑰對係對應於所屬的連網裝置群組所對應的該群組身份資料,且每一群組金鑰對包括一群組私鑰及一群組密鑰。該公開金鑰憑證方法包含一步驟(a)、一步驟(b)、一步驟(c)、一步驟(d)、一步驟(e)、一步驟(f),及一步驟(g)。Therefore, the authentication authentication method based on the authentication and key agreement protocol of the present invention is implemented by a plurality of networked device groups connected to each other via a communication network, an access service server, and a mobile network registration server. Each networked device group includes at least one network device, each network device corresponding to one body identity data, and each network device device belongs to a group of network devices corresponding to a group identity data and a group of key pairs, the connection The service server corresponds to a server identity data; the group identity data corresponding to the network device group to which each network device belongs and the group key pair may be determined in advance by the mobile network registration server, and each The group key pair corresponding to the group of connected devices to which the network device belongs corresponds to the group identity data corresponding to the group of connected network devices, and each group key pair includes a group. Private key and a group key. The public key voucher method comprises a step (a), a step (b), a step (c), a step (d), a step (e), a step (f), and a step (g).

該步驟(a)是當該等連網裝置群組中之一者的該至少一連網裝置之一目標連網裝置接收來自該接取服務伺服器的一身份請求時,該目標連網裝置至少將所對應的該個體身份資料及該群組身份資料傳送至該接取服務伺服器。The step (a) is when the target networking device of one of the at least one networking device of one of the networked device groups receives an identity request from the access service server, the target networking device is at least Transmitting the corresponding individual identity data and the group identity data to the access service server.

該步驟(b)是該接取服務伺服器將來自該目標連網裝置的該個體身份資料、該群組身份資料及該服務端身份資料傳送至該行動網路註冊伺服器。The step (b) is that the pick-up service server transmits the individual identity data, the group identity data and the server identity data from the target network device to the mobile network registration server.

該步驟(c)是該行動網路註冊伺服器根據該目標連網裝置所屬的連網裝置群組所對應的該群組身份資料來選取對應的群組金鑰對,並根據該群組身份資料決定出該目標連網裝置所屬的連網裝置群組的一指示出一認證啟用時間與一認證截止時間的預定認證期間。The step (c) is that the mobile network registration server selects a corresponding group key pair according to the group identity data corresponding to the group of network devices to which the target network device belongs, and according to the group identity The data determines a predetermined authentication period indicating an authentication activation time and an authentication deadline for the group of network devices to which the target network device belongs.

該步驟(d)是該行動網路註冊伺服器至少根據對應該目標連網裝置的該群組私鑰及該服務端身份資料產生一種子鑰匙,其中,該種子鑰匙對應於該接取服務伺服器及該目標連網裝置所屬的連網裝置群組。The step (d) is that the mobile network registration server generates a sub-key according to at least the group private key corresponding to the target network device and the server identity data, wherein the seed key corresponds to the access service server. And a networked device group to which the target network device belongs.

該步驟(e)是該行動網路註冊伺服器利用一雜湊函數並至少根據對應該目標連網裝置的認證啟用時間、該群組密鑰及該服務端身份資料,產生相關於對應該目標連網裝置的認證啟用時間、該群組密鑰及該服務端身份資料的一第一授權令牌。The step (e) is that the mobile network registration server utilizes a hash function and generates at least the corresponding target connection according to the authentication activation time corresponding to the target network device, the group key and the server identity data. The authentication enable time of the network device, the group key, and a first authorization token of the server identity data.

該步驟(f)是該行動網路註冊伺服器利用該雜湊函數並至少根據對應該目標連網裝置的認證截止時間、該群組密鑰及該服務端身份資料,產生相關於對應該目標連網裝置的認證截止時間、該群組密鑰及該服務端身份資料的一第二授權令牌。The step (f) is that the mobile network registration server uses the hash function and generates at least the corresponding target connection according to the authentication deadline corresponding to the target network device, the group key and the server identity data. The authentication deadline of the network device, the group key, and a second authorization token of the server identity data.

該步驟(g)是該行動網路註冊伺服器將該認證啟用時間、該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌傳送至該接取服務伺服器,以供該接取服務伺服器與該目標連網裝置所屬的連網裝置群組中的每一連網裝置進行雙向認證。The step (g) is that the mobile network registration server transmits the authentication activation time, the authentication deadline, the seed key, the first authorization token, and the second authorization token to the access service server. The two-way authentication is performed by the access service server and each networked device in the group of connected devices to which the target networking device belongs.

本發明的功效在於:允許具相同應用性質之眾多物聯網之連網裝置得以共享群組特性特質,對於相同的連網裝置群組,只需針對不同的連網裝置群組給予不同授權認證差異,且該行動網路註冊伺服器僅需計算一次種子鑰匙及第一、第二授權令牌,降低相同群組內所有連網裝置所需聚合認證通訊頻寬。The utility model has the advantages of allowing a plurality of Internet of Things networking devices having the same application property to share group characteristic characteristics, and for the same networked device group, only different authorization authentication differences are required for different networked device groups. And the mobile network registration server only needs to calculate the seed key and the first and second authorization tokens once, and reduce the aggregate authentication communication bandwidth required by all the connected devices in the same group.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same reference numerals.

請參閱圖1,本發明基於認證和密鑰協商協議(Authentication and Key Agreement, AKA)之授權認證方法的一實施例,由彼此經由一通訊網路1連接的多個連網裝置群組2、2’、多個接取服務伺服器3、3’及一行動網路註冊伺服器4所組成的一系統來實施。該通訊網路1可為5G(第五代行動通訊系統)網路,但不在此限,亦可為其他基於無線通訊技術之網路;每一連網裝置群組2、2’包括至少一連網裝置21、21’,每一連網裝置21、21’對應一個體身份資料且其實施態樣可為一物聯網裝置,但不在此限,其亦可為一個人電腦、一智慧型手機、或其他具有基本運算處理及通訊功能的裝置/元件;該等接取服務伺服器3、3’之每一者對應一服務端身份資料,每一接取服務伺服器3、3’由一所對應的接取提供者(access provider)所提供;該行動網路註冊伺服器4係一第三方公信平台而受該等連網裝置21、21’之擁有者及該等接取服務伺服器3、3’之接取提供者信任。Referring to FIG. 1, an embodiment of an authentication and key agreement (AKA) authorization authentication method according to the present invention is provided by a plurality of networked device groups 2, 2 connected to each other via a communication network 1. ', a plurality of access service servers 3, 3' and a mobile network registration server 4 are implemented by a system. The communication network 1 can be a 5G (fifth generation mobile communication system) network, but not limited thereto, and can also be other wireless communication technology based networks; each networked device group 2, 2' includes at least one networking device 21, 21', each network device 21, 21' corresponds to a body identity data and its implementation can be an Internet of Things device, but not limited thereto, it can also be a personal computer, a smart phone, or other The device/component of the basic operation processing and communication function; each of the access service servers 3, 3' corresponds to a server identity data, and each of the access service servers 3, 3' is connected by a corresponding one. Provided by an access provider; the mobile network registration server 4 is a third-party public trust platform and is owned by the owners of the network devices 21, 21' and the access service servers 3, 3' The access provider trusts.

首先,在該系統設置階段,該行動網路註冊伺服器4根據所有連網裝置21、21’之裝置應用性質、裝置識別資訊及裝置地理位置資訊中的至少一者,將每一連網裝置21、21’歸納/分類至其中一連網裝置群組2/2’,並決定出對應每一連網裝置群組2的一群組身份資料及一具有一群組私鑰及一群組密鑰的群組金鑰對;其中,對於每一連網裝置21、21’,其所屬連網裝置群組2/2’所對應的該群組金鑰對係對應於所屬連網裝置群組2/2’所對應的該群組身份資料,此外,每一連網裝置群組2、2’包含一目標連網裝置21’。First, in the system setting phase, the mobile network registration server 4 connects each of the network devices 21 according to at least one of the device application properties, the device identification information, and the device geographic location information of all the network devices 21, 21'. 21' is summarized/classified to one of the networked device groups 2/2', and determines a group identity data corresponding to each networked device group 2 and a group private key and a group key. a group key pair; wherein, for each network device 21, 21', the group key pair corresponding to the network device group 2/2' belongs to the associated network device group 2/2 The corresponding group identity data, in addition, each networked device group 2, 2' includes a target networking device 21'.

接著,對於每一連網裝置21、21’,當該行動網路註冊伺服器4接收由該連網裝置21/21’所傳送的代表該連網裝置21/21’的該個體身份資料的註冊請求時,該行動網路註冊伺服器4根據對應於該連網裝置21/21’的該個體身份資料及對應於該連網裝置21/21’所屬連網裝置群組2/2’的該群組私鑰產生對應該連網裝置21/21’的一個體密鑰,並將該個體密鑰及對應於該連網裝置21/21’所屬連網裝置群組2/2’的該群組密鑰傳送至該連網裝置21/21’。Next, for each networked device 21, 21', when the mobile network registration server 4 receives the registration of the individual identity data represented by the networked device 21/21' on behalf of the networked device 21/21' When requested, the mobile network registration server 4 is based on the individual identity data corresponding to the network device 21/21' and the network device group 2/2' corresponding to the network device 21/21' The group private key generates a body key corresponding to the network device 21/21', and the individual key and the group corresponding to the networked device group 2/2' to which the network device 21/21' belongs The group key is transmitted to the networking device 21/21'.

此外,該行動網路註冊伺服器4還預先產生並傳送一第一常數 a及一第二常數 b至該等連網裝置群組2、2’中的每一連網裝置21、21’。 In addition, the mobile network registration server 4 also generates and transmits a first constant a and a second constant b to each of the network devices 21, 21' of the networked device groups 2, 2'.

以下,將參閱圖1與圖2並以該系統中的該等連網裝置群組2、2’中之一連網裝置群組2’的該等連網裝置21、21’之目標連網裝置21’為例,來詳細說明以該目標連網裝置21’作為其所屬連網裝置群組2’中第一個欲與該等接取服務伺服器3、3’其中一個接取服務伺服器3/3’(在本實施例中,以該接取服務伺服器3’為例)建立相同的交談金鑰(session key)之情況下,該系統中的目標連網裝置21’、該接取服務伺服器3’及該行動網路註冊伺服器4如何協同執行一授權認證程序。該授權認證程序包含一授權子程序(步驟S501~S508)及一認證子程序(步驟S601~S612)。In the following, reference will be made to Figures 1 and 2 and to the networked devices of the networked devices 21, 21' of the networked device group 2' of one of the networked device groups 2, 2' in the system. 21' is taken as an example to describe in detail that the target networking device 21' is the first one of the networked device groups 2' to which it is to be accessed by one of the access service servers 3, 3'. 3/3' (in the embodiment, taking the access service server 3' as an example) to establish the same session key, the target networking device 21' in the system, the connection The service server 3' and the mobile network registration server 4 cooperate to perform an authorization authentication procedure. The authorization authentication program includes an authorization subroutine (steps S501 to S508) and an authentication subroutine (steps S601 to S612).

在該授權子程序,首先,在步驟S501中,當該目標連網裝置21’接收來自該接取服務伺服器3’的一身份請求時(此時代表該目標連網裝置21’已向該接取服務伺服器3’請求接取服務),該目標連網裝置21’亂數產生一對應該目標連網裝置21’的第一挑戰值(在本實施例以 R i 來表示),並將該第一挑戰值、其所對應的該個體身份資料及該群組身份資料(在本實施例以 ID G 來表示,其中 G代表該目標連網裝置21’所屬連網裝置群組2’)傳送至該接取服務伺服器3’。在本實施例中,該第一挑戰值: R i = ,其中, 代表 mod p為技術上所公知之簡短記法, x i 為由該目標連網裝置21’所產生的一隨機數, p代表一質數,且 g代表一生成數(generator)。 In the authorization subroutine, first, in step S501, when the target network connection device 21' receives an identity request from the access service server 3' (in this case, the target network connection device 21' has been Receiving the service server 3' requesting the access service, the target networking device 21' generates a pair of first challenge values (indicated by R i in the present embodiment) that should be targeted to the target networking device 21', and The first challenge value, the corresponding identity data of the group, and the group identity data (in the embodiment, represented by ID G , where G represents the networked device group 2 of the target networking device 21 ′ Transfer to the pick-up service server 3'. In this embodiment, the first challenge value: R i = ,among them, representative Mod p is a shorthand notation known in the art, x i is a random number generated by the target networking device 21', p represents a prime number, and g represents a generator.

接著,在步驟S502中,該接取服務伺服器3’將來自該目標連網裝置21’的該群組身份資料,及對應於該接取服務伺服器3’的該服務端身份資料(在本實施例以 ID AP 來表示,其中 AP代表該接取服務伺服器3’)傳送至該行動網路註冊伺服器4,且該接取服務伺服器3’儲存對應該目標連網裝置21’的該第一挑戰值及該個體身份資料。 Next, in step S502, the pick-up service server 3' will use the group identity data from the target networking device 21' and the server identity data corresponding to the pick-up service server 3' (in This embodiment is represented by an ID AP , wherein the AP is transmitted to the mobile network registration server 4 on behalf of the access service server 3'), and the access service server 3' stores the corresponding target networking device 21'. The first challenge value and the identity data of the individual.

接著,在步驟S503中,該行動網路註冊伺服器4以當前日期及時間確認授權該接取服務伺服器3’往後對該目標連網裝置21’所屬連網裝置群組2’之每一連網裝置21、21’進行雙向認證的一當前授權日期(在本實施例以 date來表示)和一當前授權時間,且該行動網路註冊伺服器4根據該目標連網裝置21’所屬的連網裝置群組2’所對應的該群組身份資料來選取對應的群組金鑰對,並利用一預先建立的查找表且根據該群組身份資料決定出該目標連網裝置21’所屬的連網裝置群組2的一預定認證期間,但不在此限,該行動網路註冊伺服器4亦可依每一連網裝置21、21’(在此例為目標連網裝置21’)過去使用記錄動態調整該預定認證期間,其中,該預定認證期間係用以指示出一認證啟用時間與一認證截止時間,且該查找表係記錄於對應每一連網裝置群組2的該群組身份資料及該認證啟用與截止時間之對應關係。在本實施例中,該認證啟用時間可用以指示一第一時槽(time slot)值,在本實施例以 sl 1 來表示,且該認證截止時間可用以指示一第二時槽值(在本實施以 sl 2 來表示),且該當前授權時間可用以指示一第三時槽值(在本實施以 t來表示);每一連網裝置群組2的預定認證期間係根據其裝置應用性質之不同而有所差異。此外,當該預定認證期間為本年中的某月至某月時,則該當前授權日期: date=" year"(其中, year為當前授權年份),且 sl 1 sl 2 t之數值範圍為:1≦ sl 1 tsl 2 ≦12,此時,對應該當前授權時間之最小時槽值(在本實施例以 min_ sl來表示)之數值為1,且對應該當前授權時間之最大時槽值(在本實施例以 max_ sl來表示)之數值為12;或者,當該預定認證期間為本月中的某日至某日時,則該當前授權日期: date=" moth/year"(其中, moth為當前授權月份),且 sl 1 sl 2 t之數值範圍為:1≦ sl 1 tsl 2 ≦31,此時,最小時槽值之數值為1,且最大時槽值之數值為31;再甚者,當該預定認證期間為本日中的某時至某時的時候,則該當前授權日期: date=" moth/day/year"(其中, day為當前授權日),且 sl 1 sl 2 t之數值範圍為:1≦ sl 1 tsl 2 ≦24,此時,最小時槽值之數值為1,且最大時槽值之數值為24,以此類推,不以上述示例為限,每一時槽值亦可對應於多個小時、多個日數、或多個月份等等。 Next, in step S503, the mobile network registration server 4 confirms, at the current date and time, that the access service server 3' is authorized to belong to the networked device group 2' to which the target networking device 21' belongs. a current authorization date (indicated by date in this embodiment) and a current authorization time for the network device 21, 21' to perform mutual authentication, and the mobile network registration server 4 according to the target network connection device 21' The group identity data corresponding to the network device group 2' is selected to select a corresponding group key pair, and a pre-established lookup table is used and the target network device 21' is determined according to the group identity data. During a predetermined authentication period of the networked device group 2, but not limited thereto, the mobile network registration server 4 may also pass each of the networking devices 21, 21' (in this case, the target networking device 21') The predetermined authentication period is dynamically adjusted by using a record, wherein the predetermined authentication period is used to indicate an authentication activation time and an authentication deadline, and the lookup table is recorded in the group identity corresponding to each networked device group 2. Information and the certification is enabled and Corresponding to the stop time of the relationship. In this embodiment, the authentication enable time can be used to indicate a first time slot value, which is represented by sl 1 in this embodiment, and the authentication cutoff time can be used to indicate a second time slot value (in The present implementation is represented by sl 2 ), and the current authorization time can be used to indicate a third time slot value (indicated by t in the present embodiment); the predetermined authentication period of each networked device group 2 is based on the device application properties. It varies from one to the other. In addition, when the predetermined certification period is from the month to the month of the current year , the current authorization date: date= " year " (where year is the current authorization year), and the values of sl 1 , sl 2 and t The range is: 1≦ sl 1 tsl 2 ≦12, at this time, the value of the minimum time slot value corresponding to the current authorization time (indicated by min _ sl in this embodiment) is 1, and corresponds to the current authorization. The maximum time slot value (in the present embodiment, represented by max _ sl ) has a value of 12; or, when the predetermined authentication period is from a certain day to a certain day of the month, the current authorization date: date= " Moth/year " (where moth is the current authorization month), and the range of values for sl 1 , sl 2 and t is: 1 ≦ sl 1 tsl 2 ≦ 31, at which point the value of the minimum time slot value is 1 And the value of the maximum time slot value is 31; otherwise, when the predetermined authentication period is some time in the current day to a certain time, the current authorization date: date= " moth/day/year " (where authorization for the current day day), and the sl 1, sl 2, and t is a numerical range is: 1 ≦ sl 1 ≦ t ≦ sl 2 ≦ 24, at this time, the minimum groove The value of 1, and the maximum value of the time slot value is 24, and so on, is not limited to the above example, each time slot corresponding to a plurality of values can hours, several days more, month or more and the like.

接著,在步驟S504中,該行動網路註冊伺服器4根據對應該目標連網裝置21’的該群組私鑰(在本實施例以 s G 來表示)、該服務端身份資料,及當前授權日期,以產生一種子鑰匙;其中,該種子鑰匙對應於該接取服務伺服器3’、該當前授權日期,及該目標連網裝置21’所屬連網裝置群組2’。在本實施例中,該種子鑰匙: Auth AP,G,date =s GH ( ID AP||date ),其中,“ ||”為聯結運算子。 Next, in step S504, the mobile network registration server 4 is based on the group private key corresponding to the target networking device 21' (in the embodiment, denoted by s G ), the server identity data, and the current Authorization date to generate a sub-key; wherein the seed key corresponds to the access service server 3', the current authorization date, and the networked device group 2' to which the target network device 21' belongs. In this embodiment, the seed key: Auth AP, G, date = s G H ( ID AP ||date ), where " || " is a join operator.

接著,在步驟S505中,該行動網路註冊伺服器4利用一雜湊函數: h()(在本實施例該雜湊函數 h()為一密碼式雜湊函數(cryptographic hash function),並根據對應該接取服務伺服器3’的該服務端身份資料、該當前授權日期、該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值、對應該目標連網裝置21’的該群組密鑰(在本實施例以 GK來表示),及該第一常數,產生一第一授權令牌(Authentication Token, AT)。在本實施例中,該第一授權令牌: AT a = ( GK||ID AP||date||sl 1||sl 2||a );值得一提的是,當該目標連網裝置21’為其所屬連網裝置群組2’之唯一連網裝置時,該第一授權令牌可藉由下列公式算出: AT a = ( GK||ID AP||date||a )。 Next, in step S505, the mobile network registration server 4 utilizes a hash function: h () (in the present embodiment, the hash function h () is a cryptographic hash function, and according to the corresponding Receiving the server identity data of the service server 3', the current authorization date, the first time slot value indicated by the authentication enablement and the deadline, and the second time slot value, corresponding to the target networking device 21 The group key (indicated by GK in this embodiment), and the first constant, generates a first authorization token (AT). In this embodiment, the first authorization token : AT a = ( GK||ID AP ||date||sl 1 ||sl 2 ||a ); It is worth mentioning that when the target networking device 21' is the only network of its associated networked device group 2' At the time of the device, the first authorization token can be calculated by the following formula: AT a = ( GK||ID AP ||date||a ).

接著,在步驟S506中,該行動網路註冊伺服器4利用該雜湊函數: h(),並根據該第二常數、對應該接取服務伺服的該服務端身份資料、該當前授權日期、對應該目標連網裝置21’的該群組密鑰、及該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值,產生一第二授權令牌。在本實施例中,該第二授權令牌: AT b = ( b||GK||ID AP||date||sl 1||sl 2 );值得一提的是,當該目標連網裝置21’為其所屬連網裝置群組2’之唯一連網裝置時,該第二授權令牌可藉由下列公式算出: AT b = ( b||GK||ID AP||date )。 Next, in step S506, the mobile network registration server 4 uses the hash function: h (), and according to the second constant, the server identity data corresponding to the service server, the current authorization date, and the pair The second authorization token is generated by the group key of the target networking device 21' and the first time slot value and the second time slot value respectively indicated by the authentication activation and the deadline. In this embodiment, the second authorization token: AT b = ( b||GK||ID AP ||date||sl 1 ||sl 2 ); It is worth mentioning that when the target networking device 21' is the only network of its associated networked device group 2' When the device is used, the second authorization token can be calculated by the following formula: AT b = ( b||GK||ID AP ||date ).

接著,在步驟S507中,該行動網路註冊伺服器4傳送該當前授權日期和時間、該預定認證期間所指示的該認證啟用時間與該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌至該接取服務伺服器3’,此時代表該行動網路註冊伺服器4將該種子鑰匙、該第一授權令牌及該第二授權令牌授權給該接取服務伺服器3’。Next, in step S507, the mobile network registration server 4 transmits the current authorization date and time, the authentication activation time indicated by the predetermined authentication period, the authentication deadline, the seed key, and the first authorization token. And the second authorization token to the access service server 3', at which time the mobile network registration server 4 authorizes the seed key, the first authorization token and the second authorization token to the connection Take the service server 3'.

接著,在步驟S508中,該接取服務伺服器3’在接收該當前授權日期和時間、該預定認證期間所指示的該認證啟用時間與該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌後,儲存該當前授權日期和時間、該預定認證期間所指示的該認證啟用時間與該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌而可進一步與該目標連網裝置21’所屬連網裝置群組2’中的每一連網裝置21、21’進行雙向認證。Next, in step S508, the receiving service server 3' receives the current authorization date and time, the authentication activation time indicated by the predetermined authentication period, the authentication deadline, the seed key, and the first authorization order. After the card and the second authorization token, storing the current authorization date and time, the authentication activation time indicated by the predetermined authentication period, the authentication deadline, the seed key, the first authorization token, and the second authorization The token can be further authenticated indirectly with each of the networked devices 21, 21' in the networked device group 2' to which the target networking device 21' belongs.

以下為詳細描述在該接取服務伺服器3’在取得該種子鑰匙、該第一授權令牌及該第二授權令牌情況下,其與該目標連網裝置21’不須透過該行動網路註冊伺服器4即能彼此進行雙向認證之細節程序。The following is a detailed description in the case that the access service server 3' obtains the seed key, the first authorization token and the second authorization token, and the target networking device 21' does not need to pass through the mobile network. The road registration server 4 is a detailed program that can perform mutual authentication with each other.

請參閱圖1與圖3,在該認證子程序,首先,在步驟S601中,該接取服務伺服器3’利用一雙線性配對函數並至少根據對應該目標連網裝置21’的該個體身份資料,及該種子鑰匙,產生一第一秘密值。在本實施例中,該第一秘密值: S 1 = e( H( ID i ), Auth AP,G,date )= ,其中, 為一雙線性配對函數, G 2 為質數序 q的循環乘法群,值得一提的是,經由數學推導,即, S 1 = H( ID i )代表 xpH( ID AP||date )代表 yp,且 xy代表未知數,可知該第一秘密值是植基於BDHP(Bilinear Diffie-Hellman Problem)難題,因此在安全性及私密性上具有一定程度的保障。 Referring to FIG. 1 and FIG. 3, in the authentication subroutine, first, in step S601, the access service server 3' utilizes a bilinear pairing function and at least according to the individual corresponding to the target networking device 21' The identity data, and the seed key, generate a first secret value. In this embodiment, the first secret value: S 1 = e ( H ( ID i ), Auth AP, G, date ) = ,among them, For a bilinear pairing function, G 2 is a cyclic multiplicative group of prime numbers q . It is worth mentioning that, through mathematical derivation, ie, S 1 = H ( ID i ) represents xp , H ( ID AP ||date ) represents yp , and x and y represent unknown numbers. It can be known that the first secret value is based on the BDHP (Bilinear Diffie-Hellman Problem) problem, so the security is And privacy has a certain degree of protection.

接著,在步驟S602中,該接取服務伺服器3’利用該雜湊函數: h()並至少根據該第一秘密值、該第一授權令牌、該第二授權令牌、該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值,及該當前授權時間所指示的該第三時槽值,產生一第一認證密鑰(authentication key)。在本實施例中,該第一認證密鑰: AK 1=h ( S 1|| ( AT a ) || ( AT b ))。 Next, in step S602, the pick-up service server 3' utilizes the hash function: h () and at least according to the first secret value, the first authorization token, the second authorization token, the authentication enablement and The first time slot value and the second time slot value respectively indicated by the deadline, and the third time slot value indicated by the current authorization time, generate a first authentication key. In this embodiment, the first authentication key: AK 1 =h ( S 1 || ( AT a ) || ( AT b )).

接著,在步驟S603中,該接取服務伺服器3’亂數產生一第二挑戰值(在本實施例以 R AP 來表示),並利用該雜湊函數: h(),並根據該第一認證密鑰、該第一挑戰值及該第二挑戰值,產生一第一驗證值;該接取服務伺服器3’並將該當前授權日期和時間、該認證啟用與截止時間、該第一驗證值、該服務端身份資料及該第二挑戰值傳送至該目標連網裝置21’。在本實施例中,該第一驗證值 Auth AP=h ( AK 1||R i||R AP ),其中, R AP = x AP 為由該接取服務伺服器3’所產生的一隨機數。 Next, in step S603, the pick-up service server 3' generates a second challenge value (indicated by R AP in this embodiment), and uses the hash function: h (), and according to the first Generating a first verification value by the authentication key, the first challenge value, and the second challenge value; the receiving service server 3' and the current authorization date and time, the authentication activation and deadline, the first The verification value, the server identity data, and the second challenge value are transmitted to the target networking device 21'. In this embodiment, the first verification value Auth AP =h ( AK 1 ||R i ||R AP ), where R AP = , x AP is a random number generated by the pick-up service server 3'.

接著,在步驟S604中,該目標連網裝置21’利用該雜湊函數: h(),並根據對應該接取服務伺服器3’的該服務端身份資料、該當前授權日期、對應該目標連網裝置21’的該群組密鑰、該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值,及該第一常數,產生一第一雜湊種子值。在本實施例中,該第一雜湊種子值: Seed a=h ( GK||ID AP||date||sl 1||sl 2||a );值得一提的是,當該目標連網裝置21’為其所屬連網裝置群組2’之唯一連網裝置時,該第一雜湊種子值可藉由下列公式算出: Seed a=h ( GK||ID AP||date||a )。 Next, in step S604, the target networking device 21' utilizes the hash function: h (), and according to the identity information of the server corresponding to the service server 3', the current authorization date, and the corresponding target connection The group key of the network device 21', the first time slot value and the second time slot value respectively indicated by the authentication enable and the cutoff time, and the first constant generate a first hash seed value. In this embodiment, the first hash seed value: Seed a = h ( GK||ID AP ||date||sl 1 ||sl 2 ||a ); it is worth mentioning that when the target is connected to the network When the device 21' is the only network device to which the networked device group 2' belongs, the first hash seed value can be calculated by the following formula: Seed a = h ( GK||ID AP ||date||a ) .

接著,在步驟S605中,該目標連網裝置21’利用該雜湊函數: h(),並根據該第二常數、對應該接取服務伺服的該服務端身份資料、該當前授權日期、對應該目標連網裝置21’的該群組密鑰、及該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值,產生一第二雜湊種子值。在本實施例中,該第二雜湊種子值: Seed b=h ( b||GK||ID AP||date||sl 1||sl 2 );值得一提的是,當該目標連網裝置21’為其所屬連網裝置群組2’之唯一連網裝置時,該第二雜湊種子值可藉由下列公式算出: Seed b=h ( b||GK||ID AP||date )。 Next, in step S605, the target networking device 21' utilizes the hash function: h (), and according to the second constant, the server identity data corresponding to the service server, the current authorization date, and the corresponding The group key of the target networking device 21', and the first time slot value and the second time slot value indicated by the authentication enable and the cutoff time respectively generate a second hash seed value. In this embodiment, the second hash seed value: Seed b =h ( b||GK||ID AP ||date||sl 1 ||sl 2 ); it is worth mentioning that when the target is connected to the network When the device 21' is the only network device of the networked device group 2' to which it belongs, the second hash seed value can be calculated by the following formula: Seed b =h ( b||GK||ID AP ||date ) .

接著,在步驟S606中,該目標連網裝置21’利用該雙線性配對函數並至少根據對應該目標連網裝置21’的該個體密鑰、該服務端身份資料及該當前授權日期,產生一第二秘密值。在本實施例中,對應該目標連網裝置21’的該個體密鑰以 SID i 來表示,其中, S ID i =s GH ( ID i ),其中 係屬於一種可容許編碼函數(admissible encoding function),其為單向雜湊函數(one-way hash function), G 1 為質數序(prime order) q的循環加法群,其屬於GDH代數群(gap-Diffie-Hellman group),由此可知該個體密鑰是植基於CDHP難題,難以被破解,且該第二秘密值: S 2 = e(S ID i , H( ID AP||date )) = ,值得一提的是,該第二秘密值之安全性及私密性滿足BDHP難題,同樣具備一定程度的保障而難以被破解。 Next, in step S606, the target networking device 21' generates the bilinear pairing function and generates at least according to the individual key corresponding to the target networking device 21', the server identity data, and the current authorization date. A second secret value. In the present embodiment, the individual key corresponding to the target networking device 21' is represented by SID i , where S ID i = s G H ( ID i ), wherein It belongs to an admissible encoding function, which is a one-way hash function, and G 1 is a cyclic addition group of prime order q , which belongs to the GDH algebra group (gap- Diffie-Hellman group), it can be seen that the individual key is based on the CDHP problem and is difficult to be cracked, and the second secret value: S 2 = e (S ID i , H ( ID AP ||date )) = It is worth mentioning that the security and privacy of the second secret value meets the BDHP problem, and it also has a certain degree of security and is difficult to be cracked.

接著,在步驟S607中,該目標連網裝置21’利用該雜湊函數: h()並根據該第二秘密值、該當前授權時間所指示的該第三時槽值、該第一雜湊種子值及該第二雜湊種子值,產生一第二認證密鑰。在本實施例中,該第二認證密鑰: AK 2=h ( S 2|| ( Seed a ) || ( Seed b ))。 Next, in step S607, the target networking device 21' utilizes the hash function: h () and according to the second secret value, the third time slot value indicated by the current authorization time, and the first hash seed value. And the second hash seed value, generating a second authentication key. In this embodiment, the second authentication key: AK 2 =h ( S 2 || ( Seed a ) || ( Seed b )).

接著,在步驟S608中,該目標連網裝置21’根據該第二認證密鑰、該第一挑戰值、及從該接取端伺服器所接收的該第二挑戰值,以驗證該第一驗證值是否滿足 h( ||R i||R AP )(其中, 為對應該接取端伺服器3’與該目標連網裝置21’之認證金鑰)來確認該接取服務伺服器3’是否通過認證。在本實施例中,對於該當前授權日期: date,該目標連網裝置21’所屬連網裝置群組2’中每一連網裝置21、21’與該接取服務伺服器3’所對應產生的秘密值在BDHP難題未被破解情況下彼此皆相同,亦即,對於該目標連網裝置21’與該接取服務伺服器3’,該第二秘密值相等於該第一秘密值,此時,令對應該接取端伺服器與該目標連網裝置21’之秘密值: = S 2 = S 1 ;因此,在該第二秘密值與該第一秘密值相等的條件下,藉由簡單的數學推導可以證明該第二認證密鑰相等於第一認證密鑰,其推導過程不在此贅述,且由於 AK 2=AK 1 ,故令 =AK 2=AK 1 Next, in step S608, the target networking device 21' verifies the first according to the second authentication key, the first challenge value, and the second challenge value received from the access server. Verify that the value satisfies h ( ||R i ||R AP )(where It is determined whether the access service server 3' has passed the authentication in response to the authentication key of the destination server 3' and the target networking device 21'. In this embodiment, for the current authorization date: date , each networked device 21, 21' of the networked device group 2' to which the target networked device 21' belongs is corresponding to the access service server 3'. The secret value is the same as each other when the BDHP puzzle is not cracked, that is, for the target networking device 21' and the access service server 3', the second secret value is equal to the first secret value. At the same time, the secret value of the corresponding server and the target networking device 21' is determined: = S 2 = S 1 ; therefore, under the condition that the second secret value is equal to the first secret value, it can be proved by a simple mathematical derivation that the second authentication key is equal to the first authentication key, and its derivation The process is not described here, and since AK 2 = AK 1 , =AK 2 =AK 1 .

接著,在步驟S609中,當該目標連網裝置21’確認該接取服務伺服器3’已通過認證時,表示 Auth AP = h( ||R i||R AP ),接著該目標連網裝置21’利用該雜湊函數: h()並根據該第二認證密鑰及該第二挑戰值,產生一第二驗證值。在本實施例中,該第二驗證值: =h( AK 2||R AP )。 Next, in step S609, when the target networking device 21' confirms that the access service server 3' has passed the authentication, it indicates that Auth AP = h ( ||R i ||R AP ), then the target networking device 21 ′ uses the hash function: h () and generates a second verification value according to the second authentication key and the second challenge value. In this embodiment, the second verification value is: =h ( AK 2 ||R AP ).

接著,在步驟S610中,該目標連網裝置21’利用該雜湊函數: h()並根據該第二認證密鑰、該第一挑戰值 中的隨機數 x i 、及從該接取端伺服器所接收的該第二挑戰值,產生對應該目標連網裝置21’及該接取服務伺服器3’的一交談金鑰並傳送該第二驗證值至該接取服務伺服器3’。在本實施例中,該交談金鑰: h( AK 2|| ) =h( || )= ,其中, AK 2= ,且 Next, in step S610, the target networking device 21' utilizes the hash function: h () and according to the second authentication key, the first challenge value a random number x i , and the second challenge value received from the access server, generating a conversation key corresponding to the target networking device 21 ′ and the access service server 3 ′ and transmitting the The second verification value is to the access service server 3'. In this embodiment, the conversation key: h ( AK 2 || ) =h ( || )= , where AK 2 = And .

接著,在步驟S611中,該接取服務伺服器3’根據該第二挑戰值及該第一認證密鑰,以驗證該第二驗證值是否滿足 h( ||R AP ),來確認該目標連網裝置21’是否通過認證。在本實施例中,若BDHP難題未被破解,該第一秘密值相等於該第二秘密值,即, S 1 = S 2 = ;因此,藉由簡單的數學推導可以證明在該第一秘密值與該第二秘密值相等的條件下,該第一認證密鑰相等於第二認證密鑰,此時, AK 1=AK 2 ,故 =AK 1=AK 2 Next, in step S611, the pick-up service server 3' verifies whether the second verification value satisfies h according to the second challenge value and the first authentication key. ||R AP ), to confirm whether the target networking device 21' is authenticated. In this embodiment, if the BDHP puzzle is not cracked, the first secret value is equal to the second secret value, ie, S 1 = S 2 = Therefore, it can be proved by simple mathematical derivation that the first authentication key is equal to the second authentication key under the condition that the first secret value is equal to the second secret value, and at this time, AK 1 =AK 2 Therefore =AK 1 =AK 2 .

繼而,在步驟S612中,當該接取服務伺服器3’已確認該目標連網裝置21’通過認證時,表示 = h( ||R AP )且該第一認證密鑰等同於該第二認證密鑰並皆可作為對應該接取端伺服器與該目標連網裝置21’之認證金鑰,接著該接取服務伺服器3’利用該雜湊函數: h()並根據該第一認證密鑰(亦即,該認證金鑰)、該第一挑戰值及該第二挑戰值中的隨機數 x AP ,產生對應該目標連網裝置21’及該接取服務伺服器3’的該交談金鑰。在本實施例中,該交談金鑰: h( AK 1|| ) =h( || )= ,其中, AK 1= 。因此,該接取服務伺服器3’與該目標連網裝置21’之兩者透過金鑰交換機制建立一把共享秘密的交談金鑰,使爾後通訊雙方便可利用此把交談金鑰進行安全且秘密的資料傳遞。 Then, in step S612, when the pick-up service server 3' has confirmed that the target networking device 21' has passed the authentication, = h ( ||R AP ) and the first authentication key is equivalent to the second authentication key and can be used as an authentication key corresponding to the access server and the target networking device 21 ′, and then the access service servo The device 3' utilizes the hash function: h () and generates a corresponding one according to the first authentication key (that is, the authentication key), the first challenge value, and the random number x AP in the second challenge value. The target networking device 21' and the chat key of the pick-up service server 3'. In this embodiment, the conversation key: h ( AK 1 || ) =h ( || )= , where AK 1 = , . Therefore, the access service server 3' and the target networking device 21' establish a shared secret conversation key through the key exchange mechanism, so that the communication parties can use the chat key to secure the communication key. And secret data transmission.

此外,在該目標連網裝置21’與該接取服務伺服器3’及該行動網路註冊伺服器4已協同執行完該授權子程序之情況下,對於該目標連網裝置21’所屬連網裝置群組2’中該目標連網裝置21’以外的其他連網裝置21之每一者,當該其他連網裝置21欲與該接取服務伺服器3’進行雙向認證以建立一把共享交談金鑰時,該其他連網裝置21不需與該接取服務伺服器3’及該行動網路註冊伺服器4完整地執行該授權子程序,僅需在一開始對該接取服務伺服器3’請求該接取服務,即可執行類似於該授權子程序中的步驟S502(參閱圖2步驟S502),以使得該其他連網裝置21亂數產生一對應該其他連網裝置21的第一挑戰值(在本實施例以 R j 來表示),並將 R j 及該其他連網裝置21所對應的該個體身份資料(在本實施例以 ID j 來表示)傳送至該接取服務伺服器3’儲存。 In addition, in the case that the target networking device 21' and the access service server 3' and the mobile network registration server 4 have cooperated to execute the authorization subroutine, the connection to the target networking device 21' Each of the network devices 21 other than the target network device 21' in the network device group 2', when the other network device 21 wants to perform mutual authentication with the access service server 3' to establish a When the chat key is shared, the other network connection device 21 does not need to completely execute the authorization subroutine with the access service server 3' and the mobile network registration server 4, and only needs to access the service at the beginning. The server 3' requests the access service, and can perform step S502 similar to the authorization subroutine (refer to step S502 of FIG. 2), so that the other networking devices 21 generate a pair of other networked devices 21 in random. a first challenge value (indicated by R j in this embodiment), and transmitting R j and the individual identity data corresponding to the other networking device 21 (indicated by ID j in the embodiment) to the interface Take the service server 3' to store.

接著,請參閱圖1與圖3,以下為該其他連網裝置21將 R j ID j 傳送至該接取服務伺服器3’儲存後,該其他連網裝置21與該接取服務伺服器3’共同執行該裝置認證子程序(步驟S601~S612),其中重複的部分不再贅述。 Next, referring to FIG. 1 and FIG. 3, after the other network connection device 21 transmits R j and ID j to the access service server 3 ′, the other network connection device 21 and the access service server are connected. 3' jointly executes the device authentication subroutine (steps S601 to S612), and the repeated portions are not described again.

首先,在步驟S601中,該接取服務伺服器3’利用e()函數並根據 ID j Auth AP,G,date ,產生一第一秘密值: S 1= e( H( ID j ), Auth AP,G,date ),其中, Auth AP,G,date=s GH ( ID AP||date )。 First, in step S601, the pick-up service server 3' generates a first secret value according to ID j and Auth AP, G, date using the e() function: S 1 ' = e ( H ( ID j ) , Auth AP, G, date ), where Auth AP, G, date = s G H ( ID AP ||date ).

接著,在步驟S602中,該接取服務伺服器3’利用 h()函數並根據 S 1AT a AT b sl 1 sl 2 t,產生一第一認證密鑰: AK 1’=h ( S 1 || ( AT a ) || ( AT b ))。 Next, in step S602, the pick-up service server 3' generates a first authentication key using the h () function and according to S 1 ' , AT a , AT b , sl 1 , sl 2 and t : AK 1 '=h ( S 1 ' || ( AT a ) || ( AT b )).

接著,在步驟S603中,該接取服務伺服器3’亂數產生一第二挑戰值(在本實施例以 R AP來表示,其中 R AP= x AP為由該接取服務伺服器3’所產生的一隨機數),並利用 h()函數且根據 AK 1R j R AP,產生一第一驗證值: Auth AP’=h ( AK 1’||R j||R AP),並將該當前授權日期和時間、該認證啟用與截止時間、 Auth APID AP R AP傳送至該其他連網裝置21。 Next, in step S603, the access service server 3' random number generates a second challenge value (in the present embodiment, represented by R AP ' , where R AP ' = , x AP ' is a random number generated by the pick-up service server 3', and uses the h () function and generates a first verification value according to AK 1 ' , R j and R AP ' : Auth AP '=h ( AK 1 '||R j ||R AP ' ), and transfer the current authorization date and time, the authentication enable and expiration time, Auth AP ' , ID AP and R AP ' to the other network Device 21.

接著,在步驟S604中,該其他連網裝置21利用 h()函數並計算相關於 GKID AP datesl 1 sl 2 a的該第一雜湊種子值: Seed a=h ( GK||ID AP||date||sl 1||sl 2||a )。 Next, in step S604, the other networking device 21 uses the h () function and calculates the first hash seed value associated with GK , ID AP , date , sl 1 , sl 2, and a : Seed a = h ( GK ||ID AP ||date||sl 1 ||sl 2 ||a ).

接著,在步驟S605中,該其他連網裝置21利用 h()函數並計算相關於 bGKID AP datesl 1 sl 2 的該第二雜湊種子值: Seed b=h ( b||GK||ID AP||date||sl 1||sl 2 )。 Next, in step S605, the other networking device 21 uses the h () function and calculates the second hash seed value associated with b , GK , ID AP , date , sl 1, and sl 2 : Seed b = h ( b ||GK||ID AP ||date||sl 1 ||sl 2 ).

接著,在步驟S606中,該其他連網裝置21利用 e()函數並至少根據對應該其他連網裝置21的該個體密鑰(在本實施例以S ID j 來表示)、 ID AP date,產生一第二秘密值: S 2= e(S ID j , H( ID AP||date )),其中, S ID j=s GH ( ID j )。 Next, in step S606, the other networking device 21 utilizes the e () function and at least according to the individual key corresponding to the other networking device 21 (indicated by S ID j in this embodiment), ID AP and date. , generating a second secret value: S 2 ' = e (S ID j , H ( ID AP ||date )), where S ID j = s G H ( ID j ).

接著,在步驟S607中,該其他連網裝置21利用 h()函數並根據 S 2tSeed a Seed b ,產生一第二認證密鑰: AK 2’=h ( S 2’|| ( Seed a ) || ( Seed b ))。 Next, in step S607, the other networking device 21 generates a second authentication key by using the h () function and according to S 2 ' , t , Seed a, and Seed b : AK 2 '=h ( S 2 '| | ( Seed a ) || ( Seed b )).

接著,在步驟S608中,該其他連網裝置21根據 AK 2 R j R AP驗證 Auth AP是否滿足 h( ||R j||R AP)以確認該接取服務伺服器3’是否通過認證。其中, 為對應該接取端伺服器3’與該其他連網裝置21之認證金鑰。 Next, in step S608, the other networking device 21 verifies whether the Auth AP ' satisfies h according to AK 2 ' , R j and R AP ' ||R j ||R AP ' ) to confirm whether the access service server 3' is authenticated. among them, In order to correspond to the authentication key of the server 3' and the other networked device 21.

接著,在步驟S609中,當該其他連網裝置21已確認該接取服務伺服器3’通過認證時,表示 Auth AP’=h ( ||R j||R AP),接著該其他連網裝置21利用 h()函數並根據對應該其他連網裝置21的 AK 2R AP,產生一第二驗證值: =h( AK 2’||R AP)。 Next, in step S609, when the other networking device 21 has confirmed that the access service server 3' has passed the authentication, it indicates that Auth AP '=h ( ||R j ||R AP ' ), then the other networking device 21 generates a second verification value by using the h () function and according to AK 2 ' and R AP ' corresponding to other networking devices 21: =h ( AK 2 '||R AP ' ).

接著,在步驟S610中,該其他連網裝置21利用 h()函數並根據 AK 2R j 中的 x j 、及 R AP,產生對應該其他連網裝置21及該接取服務伺服器3’的一交談金鑰: h( AK 2’|| ) =h( || ) = ,其中, AK 2’= ,且 ,接著該其他連網裝置21並將 傳送至該接取服務伺服器3’。 Next, in step S610, the other networking device 21 uses the h () function and generates corresponding network devices 21 and the access service servo according to xxx 2 ' , x j , and R AP ' in R j . a conversation key for 3': h ( AK 2 '|| ) =h ( || ) = , where AK 2 '= And Next to the other networking device 21 and Transfer to the pick-up service server 3'.

接著,在步驟S611中,該接取服務伺服器3’根據 AK 1R AP驗證 是否滿足 h( ||R AP)以確認該其他連網裝置21是否通過認證。 Next, in step S611, the access service server 3 ' verifies according to AK 1 ' and R AP ' Whether it meets h ( ||R AP ' ) to confirm whether the other networking device 21 has passed the authentication.

繼而,在步驟S612中,當該接取服務伺服器3’已確認該其他連網裝置21通過認證時,表示 = h( ||R AP)且 AK 1= AK 2’= ,接著該接取服務伺服器3’利用 h()函數並根據該認證金鑰、及 R j R AP中的 ,產生對應該其他連網裝置21及該接取服務伺服器3’的該交談金鑰: =h( || ),其中, 。因此,該接取服務伺服器3’與該其他連網裝置21之兩者透過金鑰交換機制建立一把共享秘密的交談金鑰,使爾後通訊雙方便可利用此把交談金鑰進行安全且秘密的資料傳遞。 Then, in step S612, when the pick-up service server 3' has confirmed that the other networked device 21 has passed the authentication, = h ( ||R AP ' ) and AK 1 ' = AK 2 '= And then the access service server 3' utilizes the h () function and according to the authentication key, and R j and R AP ' , generating the conversation key corresponding to the other network device 21 and the access service server 3': =h ( || ),among them, . Therefore, the pick-up service server 3' and the other networked devices 21 establish a shared secret chat key through the key exchange mechanism, so that the communication partners can use the chat key to securely. Secret data transmission.

綜上所述,本發明授權認證方法具有以下優點:(1)允許具相同應用性質之眾多物聯網之連網裝置21、21’得以共享群組特性特質以降低群組內所有個別裝置連線認證之計算及通訊成本;(2)對於相同的連網裝置群組2,該行動網路註冊伺服器4僅需計算一次種子鑰匙、及第一、第二授權令牌,而能為相同的連網裝置群組2中所有連網裝置21、21’在多次連線所共享因而攤平計算成本;(3)利用雜湊函數設計讓該連網裝置21/21’與該接取服務伺服器3/3’之通訊多方可以用低成本計算產生認證金鑰而不需現有技術的高連線數量及高通訊頻寬;(4)因每一秘密值、每一認證密鑰及每一交談金鑰係由其對應的個別連網裝置21/21’與其對應通訊的接取服務伺服器3/3’所產生,故當該連網裝置群組2/2’內任一連網裝置21/21’被破解時,其不影響群組中其他裝置之安全性;(5)本系統所產生的交談金鑰具有前向/後向保密性,故確實能達成本發明的目的。In summary, the authentication method of the present invention has the following advantages: (1) allowing a plurality of Internet of Things networking devices 21, 21' having the same application property to share group characteristic characteristics to reduce connection of all individual devices in the group. Authentication calculation and communication cost; (2) For the same networked device group 2, the mobile network registration server 4 only needs to calculate the seed key and the first and second authorization tokens once, but can be the same All the networked devices 21, 21' in the networked device group 2 are shared by multiple connections and thus the calculation cost is flattened; (3) the networked device 21/21' and the access service servo are designed by using the hash function The 3/3' communication multi-party can generate the authentication key with low-cost calculation without the high-wire number and high communication bandwidth of the prior art; (4) for each secret value, each authentication key and each The chat key is generated by its corresponding individual network device 21/21' and its corresponding communication service server 3/3', so when any network device 21 in the network device group 2/2' When /21' is cracked, it does not affect the security of other devices in the group; (5) this Conversation key system produced has a forward / backward secrecy, it can really achieve the object of the present invention.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above is only the embodiment of the present invention, and the scope of the invention is not limited thereto, and all the simple equivalent changes and modifications according to the scope of the patent application and the patent specification of the present invention are still Within the scope of the invention patent.

1‧‧‧通訊網路1‧‧‧Communication network

2、2’‧‧‧連網裝置群組 2, 2'‧‧‧ Networking device group

21‧‧‧連網裝置 21‧‧‧ Networking device

21’‧‧‧目標連網裝置 21’‧‧‧Target networked device

3、3’‧‧‧接取服務伺服器 3, 3'‧‧‧ Receiving service server

4‧‧‧行動網路註冊伺服器 4‧‧‧Mobile Network Registration Server

S501~S508‧‧‧步驟 S501~S508‧‧‧Steps

S601~S612‧‧‧步驟 S601~S612‧‧‧Steps

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,說明實施本發明的授權認證方法的多個連網裝置群組、多個接取服務伺服器及一行動網路註冊伺服器; 圖2是一流程圖,說明本發明授權認證方法的一授權子程序;及 圖3是一流程圖,說明本發明授權認證方法的一認證子程序。Other features and advantages of the present invention will be apparent from the embodiments of the present invention, wherein: Figure 1 is a block diagram illustrating a plurality of networked device groups, multiple implementing the authorization authentication method of the present invention. Receiving a service server and a mobile network registration server; FIG. 2 is a flowchart illustrating an authorization subroutine of the authorization authentication method of the present invention; and FIG. 3 is a flowchart illustrating an authentication of the authorization authentication method of the present invention Subroutine.

Claims (12)

一種基於認證和密鑰協商協議之授權認證方法,由彼此經由一通訊網路連接的多個連網裝置群組、一接取服務伺服器及一行動網路註冊伺服器實施,每一連網裝置群組包括至少一連網裝置,每一連網裝置對應一個體身份資料,且每一連網裝置所屬的連網裝置群組對應一群組身份資料及一群組金鑰對,該接取服務伺服器對應一服務端身份資料,每一連網裝置所屬的連網裝置群組所對應的該群組身份資料及該群組金鑰對可由該行動網路註冊伺服器預先決定,每一連網裝置所屬的連網裝置群組所對應的該群組金鑰對係對應於所屬的連網裝置群組所對應的該群組身份資料,且每一群組金鑰對包括一群組私鑰及一群組密鑰,該授權認證方法包含以下步驟: (a)當該等連網裝置群組中之一者的該至少一連網裝置之一目標連網裝置接收來自該接取服務伺服器的一身份請求時,該目標連網裝置至少將所對應的該個體身份資料及該群組身份資料傳送至該接取服務伺服器; (b)該接取服務伺服器將來自該目標連網裝置的該群組身份資料及該服務端身份資料傳送至該行動網路註冊伺服器; (c)該行動網路註冊伺服器根據該目標連網裝置所屬的連網裝置群組所對應的該群組身份資料來選取對應的群組金鑰對,並根據該群組身份資料決定出該目標連網裝置所屬的連網裝置群組的一指示出一認證啟用時間與一認證截止時間的預定認證期間; (d)該行動網路註冊伺服器至少根據對應該目標連網裝置的該群組私鑰及該服務端身份資料產生一種子鑰匙,其中,該種子鑰匙對應於該接取服務伺服器及該目標連網裝置所屬的連網裝置群組; (e)該行動網路註冊伺服器利用一雜湊函數並至少根據對應該目標連網裝置的認證啟用時間、該群組密鑰及該服務端身份資料,產生相關於對應該目標連網裝置的認證啟用時間、該群組密鑰及該服務端身份資料的一第一授權令牌; (f)該行動網路註冊伺服器利用該雜湊函數並至少根據對應該目標連網裝置的認證截止時間、該群組密鑰及該服務端身份資料,產生相關於對應該目標連網裝置的認證截止時間、該群組密鑰及該服務端身份資料的一第二授權令牌;及 (g)該行動網路註冊伺服器將該認證啟用時間、該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌傳送至該接取服務伺服器,以供該接取服務伺服器與該目標連網裝置所屬的連網裝置群組中的每一連網裝置進行雙向認證。An authentication and authentication method based on an authentication and key agreement protocol, implemented by a plurality of networked device groups connected to each other via a communication network, an access service server, and a mobile network registration server, each networked device group The group includes at least one network device, each network device corresponds to one body identity data, and the network device group to which each network device belongs corresponds to a group identity data and a group key pair, and the access service server corresponds to a server identity data, the group identity data corresponding to the group of network devices to which each network device belongs and the group key pair may be determined in advance by the mobile network registration server, and the connection of each network device The group key pair corresponding to the network device group corresponds to the group identity data corresponding to the group of connected network devices, and each group key pair includes a group private key and a group Key, the authorization authentication method comprises the following steps: (a) receiving, by the one of the networked device groups, one of the at least one networked device, the networked device from the receiving service server At the request, the target network device transmits at least the corresponding individual identity data and the group identity data to the access service server; (b) the access service server will be from the target network device The group identity data and the server identity data are transmitted to the mobile network registration server; (c) the mobile network registration server is corresponding to the group corresponding to the network device group to which the target network device belongs The identity data is used to select a corresponding group key pair, and according to the group identity data, a predetermined authentication period indicating an authentication activation time and an authentication deadline is determined by the group of network devices to which the target network device belongs. (d) the mobile network registration server generates a sub-key according to at least the group private key corresponding to the target network device and the server identity data, wherein the seed key corresponds to the access service server and a group of network devices to which the target network device belongs; (e) the mobile network registration server utilizes a hash function and at least according to the authentication enable time corresponding to the target network device, the group The key and the server identity data generate a first authorization token related to the authentication activation time corresponding to the target network device, the group key, and the server identity data; (f) the mobile network registration The server uses the hash function and generates an authentication deadline corresponding to the target network connected device according to at least the authentication deadline corresponding to the target network device, the group key, and the server identity data. And a second authorization token of the server identity data; and (g) the mobile network registration server, the authentication activation time, the authentication deadline, the seed key, the first authorization token, and the first The second authorization token is transmitted to the access service server for mutual authentication by the access service server and each networked device in the group of connected devices to which the target network device belongs. 如請求項1所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(a)之前,還包含一步驟(h),對於該目標連網裝置所屬的連網裝置群組中的每一連網裝置,當該行動網路註冊伺服器接收由該連網裝置所傳送的代表該連網裝置的該個體身份資料的註冊請求時,該行動網路註冊伺服器根據該個體身份資料及該群組私鑰產生對應該連網裝置的一個體密鑰,並將該個體密鑰及該群組密鑰傳送至該連網裝置。The authentication and key agreement protocol-based authorization authentication method according to claim 1, further comprising a step (h) before the step (a), in the network device group to which the target network device belongs Each networked device, when the mobile network registration server receives a registration request transmitted by the network device for the individual identity data of the network device, the mobile network registration server is based on the individual identity data and The group private key generates a body key corresponding to the networked device, and transmits the individual key and the group key to the networked device. 如請求項2所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(h)之前,還包含一步驟(i),該行動網路註冊伺服器產生並傳送一第一常數及一第二常數至該等連網裝置群組中的每一連網裝置,其中,在該步驟(e)中,該行動網路註冊伺服器還根據該第一常數產生該第一授權令牌,且該第一授權令牌還相關於該第一常數,在該步驟(f)中,該行動網路註冊伺服器還根據該第二常數產生該第二授權令牌,且該第二授權令牌還相關於該第二常數。The authentication and key agreement protocol based authentication method according to claim 2, before the step (h), further comprising a step (i), the mobile network registration server generates and transmits a first constant and a second constant to each of the networked devices, wherein in the step (e), the mobile network registration server further generates the first authorization token according to the first constant, And the first authorization token is further related to the first constant, in the step (f), the mobile network registration server further generates the second authorization token according to the second constant, and the second authorization order The card is also related to the second constant. 如請求項3所述的基於認證和密鑰協商協議之授權認證方法,其中,在該步驟(a)中,該目標連網裝置接收來自該接取服務伺服器的該身份請求後,該目標連網裝置亂數產生一對應該目標連網裝置的第一挑戰值,且該目標連網裝置不僅將其所對應的該個體身份資料及該群組身份資料,還將其所對應的該第一挑戰值傳送至該接取服務伺服器,且在該步驟(b)中,該接取服務伺服器儲存對應該目標連網裝置的該第一挑戰值及該個體身份資料。The authentication and key agreement protocol-based authorization authentication method according to claim 3, wherein, in the step (a), the target network device receives the identity request from the access service server, the target The network device generates a pair of first challenge values corresponding to the target network device, and the target network device not only corresponds to the individual identity data and the group identity data, but also corresponds to the corresponding A challenge value is transmitted to the pick-up service server, and in the step (b), the pick-up service server stores the first challenge value corresponding to the target network device and the individual identity data. 如請求項4所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(g)之後,還包含由該接取服務伺服器所執行的一步驟(j),該步驟(j)包括以下子步驟: (j-1)該接取服務伺服器儲存該認證啟用時間、該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌; (j-2)該接取服務伺服器利用一雙線性配對函數並至少根據對應該目標連網裝置的該個體身份資料,及該種子鑰匙,產生一第一秘密值; (j-3)該接取服務伺服器利用該雜湊函數並至少根據該第一秘密值、該第一授權令牌及該第二授權令牌、該認證啟用時間及該認證截止時間,產生一第一認證密鑰; (j-4)該接取服務伺服器亂數產生一第二挑戰值,利用該雜湊函數並根據該第一認證密鑰、該第一挑戰值及該第二挑戰值,產生一第一驗證值;及 (j-5)該接取服務伺服器至少將該第一驗證值、該服務端身份資料及該第二挑戰值傳送至該目標連網裝置。The authentication and key agreement protocol-based authorization authentication method according to claim 4, after the step (g), further includes a step (j) performed by the access service server, the step (j) The following sub-steps are included: (j-1) the pick-up service server stores the authentication enable time, the authentication deadline, the seed key, the first authorization token, and the second authorization token; (j-2) The pick-up service server generates a first secret value by using a bilinear pairing function and at least according to the individual identity data corresponding to the target network device, and the seed key; (j-3) the pick-up service servo Using the hash function and generating a first authentication key based on at least the first secret value, the first authorization token and the second authorization token, the authentication activation time, and the authentication expiration time; (j-4 The picking service server generates a second challenge value by using the hash function, and generates a first verification value according to the first authentication key, the first challenge value, and the second challenge value; and J-5) the pick-up service server at least the first verification value, the service The end identity data and the second challenge value are transmitted to the target networking device. 如請求項5所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(j)之後,還包含由該目標連網裝置所執行的一步驟(k),該步驟(k)包括以下子步驟: (k-1)該目標連網裝置利用該雜湊函數並至少根據該群組密鑰、該服務端身份資料及該第一常數,產生一第一雜湊種子值; (k-2)該目標連網裝置利用該雜湊函數並至少根據該第二常數、該群組密鑰及該服務端身份資料,產生一第二雜湊種子值; (k-3)該目標連網裝置利用該雙線性配對函數並至少根據對應該目標連網裝置的該個體密鑰及該服務端身份資料,產生一第二秘密值; (k-4)該目標連網裝置利用該雜湊函數並至少根據該第二秘密值、該第一雜湊種子值及該第二雜湊種子值,產生一第二認證密鑰; (k-5)該目標連網裝置至少根據該第二認證密鑰驗證該第一驗證值以確認該接取服務伺服器是否通過認證; (k-6)當該目標連網裝置已確認該接取服務伺服器通過認證時,該目標連網裝置利用該雜湊函數並根據該第二認證密鑰及該第二挑戰值,產生一第二驗證值並傳送至該接取服務伺服器;及 (k-7)該目標連網裝置利用該雜湊函數並根據該第二認證密鑰、該第一挑戰值及該第二挑戰值,產生對應該目標連網裝置及該接取服務伺服器的一交談金鑰。The authentication and key agreement protocol based authentication method according to claim 5, after the step (j), further comprising a step (k) performed by the target networking device, the step (k) comprising The following sub-steps: (k-1) the target networking device uses the hash function and generates a first hash seed value based on at least the group key, the server identity data, and the first constant; The target networking device utilizes the hash function and generates a second hash seed value based on at least the second constant, the group key, and the server identity data; (k-3) the target networking device utilizes the The bilinear pairing function generates a second secret value according to at least the individual key corresponding to the target network device and the server identity data; (k-4) the target networking device utilizes the hash function and at least according to The second secret value, the first hash seed value, and the second hash seed value generate a second authentication key; (k-5) the target networking device verifies the first according to the second authentication key Verify the value to confirm whether the access service server is authenticated; (k -6) when the target networking device has confirmed that the access service server passes the authentication, the target networking device uses the hash function and generates a second verification according to the second authentication key and the second challenge value. The value is transmitted to the access service server; and (k-7) the target networking device utilizes the hash function and generates a corresponding response according to the second authentication key, the first challenge value, and the second challenge value. The target networking device and a conversation key of the receiving service server. 如請求項6所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(k)之後,還包含由該接取服務伺服器所執行的一步驟(l),該步驟(l)包括以下子步驟: (l-1)該接取服務伺服器至少根據該第一認證密鑰驗證該第二驗證值以確認該目標連網裝置是否通過認證;及 (l-2)當該接取服務伺服器已確認該目標連網裝置通過認證時,該第一認證密鑰等同於該第二認證密鑰,且該接取服務伺服器利用該雜湊函數並根據該第一認證密鑰、該第一挑戰值及該第二挑戰值,產生對應該目標連網裝置及該接取服務伺服器的該交談金鑰。The authentication and key agreement protocol-based authorization authentication method according to claim 6, after the step (k), further comprising a step (1) performed by the access service server, the step (1) The following sub-steps are included: (1-1) the access service server verifies the second verification value according to the first authentication key to confirm whether the target networking device passes the authentication; and (l-2) when the connection When the service server has confirmed that the target network device passes the authentication, the first authentication key is equivalent to the second authentication key, and the access service server utilizes the hash function and according to the first authentication key, The first challenge value and the second challenge value generate the conversation key corresponding to the target networking device and the access service server. 如請求項7所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(l)之後,還包含一步驟(m),對於該目標連網裝置所屬的連網裝置群組中該目標連網裝置以外的其他連網裝置之每一者,當該其他連網裝置接收來自該接取服務伺服器的該身份請求時,該其他連網裝置亂數產生一對應該其他連網裝置的第一挑戰值並將所對應的該個體身份資料及該第一挑戰值傳送至該接取服務伺服器,以使該接取服務伺服器儲存對應該其他連網裝置的該第一挑戰值及該個體身份資料。The authentication and key agreement protocol-based authorization authentication method according to claim 7 further includes a step (m) after the step (1), in the network device group to which the target network device belongs Each of the other networked devices other than the target networked device, when the other networked device receives the identity request from the access service server, the other networked device generates a pair of other networked devices in random numbers The first challenge value and the corresponding identity data and the first challenge value are transmitted to the access service server, so that the access service server stores the first challenge value corresponding to the other networked device And the individual identity data. 如請求項8所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(m)之後,還包含由該接取服務伺服器所執行的一步驟(n),該步驟(n)包括以下子步驟: (n-1)該接取服務伺服器利用一雙線性配對函數並至少根據對應該其他連網裝置的該個體身份資料,及該種子鑰匙,產生一第一秘密值; (n-2)該接取服務伺服器利用該雜湊函數並至少根據該第一秘密值、該第一授權令牌及該第二授權令牌、該認證啟用時間及該認證截止時間,產生一第一認證密鑰; (n-3)該接取服務伺服器亂數產生一第二挑戰值,利用該雜湊函數並根據該第一認證密鑰、該第一挑戰值及該第二挑戰值,產生一第一驗證值;及 (n-4)該接取服務伺服器至少將該第一驗證值、該服務端身份資料及該第二挑戰值傳送至該其他連網裝置。The authentication and key agreement protocol-based authorization authentication method according to claim 8 further includes, after the step (m), a step (n) performed by the access service server, the step (n) The following sub-steps are included: (n-1) the pick-up service server generates a first secret value by using a bilinear pairing function and based on at least the individual identity data corresponding to the other networked device and the seed key; (n-2) the pick-up service server uses the hash function and generates at least one of the first secret value, the first authorization token and the second authorization token, the authentication activation time, and the authentication deadline. a first authentication key; (n-3) the pick-up service server random number generates a second challenge value, using the hash function and according to the first authentication key, the first challenge value, and the second challenge value Generating a first verification value; and (n-4) the pick-up service server transmits at least the first verification value, the server identity data, and the second challenge value to the other networked device. 如請求項9所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(n)之後,還包含由該其他連網裝置所執行的一步驟(o),該步驟(o)包括以下子步驟: (o-1)該其他連網裝置利用該雜湊函數並至少根據該群組密鑰、該服務端身份資料及該第一常數,產生一第一雜湊種子值; (o-2)該其他連網裝置利用該雜湊函數並至少根據該第二常數、該群組密鑰及該服務端身份資料,產生一第二雜湊種子值; (o-3)該其他連網裝置利用該雙線性配對函數並至少根據對應該其他連網裝置的該個體密鑰及該服務端身份資料,產生一第二秘密值; (o-4)該其他連網裝置利用該雜湊函數並至少根據該第二秘密值、該第一雜湊種子值及該第二雜湊種子值,產生一第二認證密鑰; (o-5)該其他連網裝置至少根據該第二認證密鑰驗證該第一驗證值以確認該接取服務伺服器是否通過認證; (o-6)當該其他連網裝置已確認該接取服務伺服器通過認證時,該其他連網裝置利用該雜湊函數並根據該第二認證密鑰及該第二挑戰值,產生一第二驗證值並傳送至該接取服務伺服器;及 (o-7)該其他連網裝置利用該雜湊函數並根據該第二認證密鑰、該第一挑戰值及該第二挑戰值,產生對應該其他連網裝置及該接取服務伺服器的一交談金鑰。The authentication and key agreement protocol based authentication method according to claim 9 further includes, after the step (n), a step (o) performed by the other network device, the step (o) including The following sub-steps: (o-1) the other networking device uses the hash function and generates a first hash seed value based on at least the group key, the server identity data, and the first constant; The other networking device utilizes the hash function and generates a second hash seed value based on at least the second constant, the group key, and the server identity data; (o-3) the other networking device utilizes the Bilinear pairing function and generating a second secret value according to at least the individual key corresponding to the other networked device and the server identity data; (o-4) the other networking device utilizes the hash function and at least according to The second secret value, the first hash seed value, and the second hash seed value generate a second authentication key; (o-5) the other networking device verifies the first according to the second authentication key Verify the value to confirm whether the access service server is authenticated; (o -6) when the other networked device has confirmed that the access service server passes the authentication, the other networking device utilizes the hash function and generates a second verification according to the second authentication key and the second challenge value. And transmitting to the access service server; and (o-7) the other networking device utilizes the hash function and generates a corresponding response according to the second authentication key, the first challenge value, and the second challenge value Other networked devices and a conversation key for the service server. 如請求項10所述的基於認證和密鑰協商協議之授權認證方法,在該步驟(o)之後,還包含由該接取服務伺服器所執行的一步驟(p),該步驟(p)包括以下子步驟: (p-1)該接取服務伺服器至少根據該第一認證密鑰驗證該第二驗證值以確認該其他連網裝置是否通過認證;及 (p-2)當該接取服務伺服器已確認該其他連網裝置通過認證時,該第一認證密鑰等同於該第二認證密鑰,且該接取服務伺服器利用該雜湊函數並根據該第一認證密鑰、該第一挑戰值及該第二挑戰值,產生對應該其他連網裝置及該接取服務伺服器的該交談金鑰。The authentication and key agreement protocol-based authorization authentication method according to claim 10, after the step (o), further includes a step (p) performed by the access service server, the step (p) The following sub-steps are included: (p-1) the pick-up service server verifies the second verification value according to the first authentication key to confirm whether the other networked device passes the authentication; and (p-2) when the connection When the service server has confirmed that the other networked device passes the authentication, the first authentication key is equivalent to the second authentication key, and the access service server utilizes the hash function and according to the first authentication key, The first challenge value and the second challenge value generate the conversation key corresponding to the other networked device and the access service server. 如請求項6所述的基於認證和密鑰協商協議之授權認證方法,其中,在該步驟(e)中,該行動網路註冊還根據該認證截止時間產生該第一授權令牌,在該步驟(f)中,該行動網路註冊還根據該認證啟用時間產生該第二授權令牌,且在該步驟(k-1)中,該目標連網裝置還根據該認證啟用時間及該認證截止時間產生該第一雜湊種子值,在該步驟(k-2)中,該目標連網裝置還根據該認證啟用時間及該認證截止時間產生該第二雜湊種子值。The authentication and key agreement protocol-based authorization authentication method according to claim 6, wherein in the step (e), the mobile network registration further generates the first authorization token according to the authentication deadline, In step (f), the mobile network registration further generates the second authorization token according to the authentication activation time, and in the step (k-1), the target networking device further activates the time according to the authentication and the authentication. The first hash seed value is generated by the deadline, and in the step (k-2), the target networking device further generates the second hash seed value according to the authentication activation time and the authentication deadline.
TW107130001A 2018-08-28 2018-08-28 Authorization authentication method based on authentication and key agreement protocol TWI672606B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107130001A TWI672606B (en) 2018-08-28 2018-08-28 Authorization authentication method based on authentication and key agreement protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107130001A TWI672606B (en) 2018-08-28 2018-08-28 Authorization authentication method based on authentication and key agreement protocol

Publications (2)

Publication Number Publication Date
TWI672606B true TWI672606B (en) 2019-09-21
TW202009759A TW202009759A (en) 2020-03-01

Family

ID=68619129

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107130001A TWI672606B (en) 2018-08-28 2018-08-28 Authorization authentication method based on authentication and key agreement protocol

Country Status (1)

Country Link
TW (1) TWI672606B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI776404B (en) * 2020-03-23 2022-09-01 大陸商騰訊科技(深圳)有限公司 Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103596123A (en) * 2008-01-18 2014-02-19 交互数字专利控股公司 Method executed by M2ME
US20150350906A1 (en) * 2014-05-30 2015-12-03 Qualcomm Incorporated Systems and methods for selective association
TWI520557B (en) * 2013-12-10 2016-02-01
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end
TWI600308B (en) * 2015-04-30 2017-09-21 臺灣網路認證股份有限公司 System for using valid certificate to apply mobile certificate online and method thereof
WO2018125989A2 (en) * 2016-12-30 2018-07-05 Intel Corporation The internet of things

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103596123A (en) * 2008-01-18 2014-02-19 交互数字专利控股公司 Method executed by M2ME
TWI520557B (en) * 2013-12-10 2016-02-01
US20150350906A1 (en) * 2014-05-30 2015-12-03 Qualcomm Incorporated Systems and methods for selective association
TWI600308B (en) * 2015-04-30 2017-09-21 臺灣網路認證股份有限公司 System for using valid certificate to apply mobile certificate online and method thereof
CN105376216A (en) * 2015-10-12 2016-03-02 华为技术有限公司 Remote access method, agent server and client end
WO2018125989A2 (en) * 2016-12-30 2018-07-05 Intel Corporation The internet of things

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI776404B (en) * 2020-03-23 2022-09-01 大陸商騰訊科技(深圳)有限公司 Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium

Also Published As

Publication number Publication date
TW202009759A (en) 2020-03-01

Similar Documents

Publication Publication Date Title
US11546309B2 (en) Secure session capability using public-key cryptography without access to the private key
KR102503515B1 (en) Method and apparatus for controlling data access authority
Aggarwal et al. Energychain: Enabling energy trading for smart homes using blockchains in smart grid ecosystem
US10853772B2 (en) Method and system for exchange of value or tokens between blockchain networks
KR101657705B1 (en) A method for operating a network, a system management device, a network and a computer program therefor
TWI744532B (en) Methods and systems to establish trusted peer-to-peer communications between nodes in a blockchain network
US10327136B2 (en) Method for distributed identification, a station in a network
Ateniese et al. Secret handshakes with dynamic and fuzzy matching.
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
KR100860404B1 (en) Device authenticaton method and apparatus in multi-domain home networks
US7334255B2 (en) System and method for controlling access to multiple public networks and for controlling access to multiple private networks
KR101730757B1 (en) Method and system for accessing device by a user
US9021552B2 (en) User authentication for intermediate representational state transfer (REST) client via certificate authority
US20060206616A1 (en) Decentralized secure network login
Rezaeibagha et al. Practical and secure telemedicine systems for user mobility
US20170201382A1 (en) Secure Endpoint Devices
CN111404950B (en) Information sharing method and device based on block chain network and related equipment
CN109981292B (en) SM9 algorithm-based authentication method, device and system
Claeys et al. Securing complex IoT platforms with token based access control and authenticated key establishment
CN113411187B (en) Identity authentication method and system, storage medium and processor
WO2008002081A1 (en) Method and apparatus for authenticating device in multi domain home network environment
KR20190084171A (en) Dtls based end-to-end security method for internet of things device
TWI672606B (en) Authorization authentication method based on authentication and key agreement protocol
CN109995723B (en) Method, device and system for DNS information interaction of domain name resolution system
CN113596004B (en) Identity authentication method and device in multiparty security calculation

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees