TWI672606B - Authorization authentication method based on authentication and key agreement protocol - Google Patents
Authorization authentication method based on authentication and key agreement protocol Download PDFInfo
- Publication number
- TWI672606B TWI672606B TW107130001A TW107130001A TWI672606B TW I672606 B TWI672606 B TW I672606B TW 107130001 A TW107130001 A TW 107130001A TW 107130001 A TW107130001 A TW 107130001A TW I672606 B TWI672606 B TW I672606B
- Authority
- TW
- Taiwan
- Prior art keywords
- authentication
- key
- service server
- group
- server
- Prior art date
Links
Abstract
一種基於認證和密鑰協商協議之授權認證方法,藉由一行動網路註冊伺服器至少根據對應一目標連網裝置的一群組私鑰及對應一接取服務伺服器的服務端身份資料產生一對應於該接取服務伺服器及該目標連網裝置所屬的連網裝置群組的種子鑰匙;藉由一行動網路註冊伺服器分別計算出相關於一雜湊函數的一第一授權令牌及一第二授權令牌;該行動網路註冊伺服器將該種子鑰匙、該第一授權令牌及該第二授權令牌傳送至該接取服務伺服器以供該接取服務伺服器與該目標連網裝置所屬的連網裝置群組中的每一連網裝置進行雙向認證。An authentication and authentication method based on an authentication and key agreement protocol, wherein a mobile network registration server is generated according to at least a group private key corresponding to a target network device and a server identity data corresponding to an access server; a seed key corresponding to the access service server and the networked device group to which the target network device belongs; and a mobile network registration server respectively calculates a first authorization token related to a hash function And a second authorization token; the mobile network registration server transmits the seed key, the first authorization token and the second authorization token to the access service server for the access service server and Each networked device in the networked device group to which the target networked device belongs performs mutual authentication.
Description
本發明是有關於一種授權認證方法,特別是指一種基於認證和密鑰協商協議之授權認證方法。The invention relates to an authorization authentication method, in particular to an authorization authentication method based on an authentication and a key agreement protocol.
在物聯網(Internet of Things, IoT)及社群網路應用的時代,將有數十億台連網裝置加入網路連線。由於現行的行動網路具有高覆蓋範圍,為了充分利用此特性,許多廣泛部署應用在物聯網的連網裝置將以行動網路系統為骨幹進行相互連線;此外,在物聯網及社群網路應用中,有很多情形是大量的連網裝置會頻繁地通訊且需要被認證,因此,在部署應用在基於行動網路系統之物聯網的連網裝置時,將面臨許多挑戰,舉例來說,在授權認證連網裝置時有兩個很重要的問題須被解決:一是大量連網裝置密集認證請求和發送認證需求所產生的龐大的通訊負擔,將導致行動網路系統失效,我們稱這為聚合認證通訊(aggregated authentication bandwidth)成本問題;二是由於各種物聯網連網裝置擁有不同的應用性質,傳統認證金鑰機制將所有連網裝置視為同一性因而無法適當對具有不同應用性質之連網裝置給予不同授權認證差異。In the era of Internet of Things (IoT) and social networking applications, billions of connected devices will be added to the Internet. Due to the high coverage of the current mobile network, in order to make full use of this feature, many widely deployed Internet-connected devices will connect with the mobile network system as the backbone; in addition, in the Internet of Things and the social network In the road application, there are many cases where a large number of networked devices communicate frequently and need to be authenticated. Therefore, when deploying a networked device connected to an Internet of Things based on a mobile network system, there are many challenges, for example, There are two important issues that must be resolved when authorizing a certified networked device: First, the large communication burden caused by a large number of networked devices intensive authentication requests and sending authentication requirements will cause the mobile network system to fail. This is the cost of aggregated authentication bandwidth. Second, because various IoT networking devices have different application properties, the traditional authentication key mechanism treats all connected devices as identical and thus cannot be properly applied to different applications. The networked device gives different authorization authentication differences.
有鑑於此,現有的授權認證方式仍有很大的改良空間。In view of this, there is still much room for improvement in the existing authorization authentication method.
因此,本發明的目的,即在提供一種基於認證和密鑰協商協議之授權認證方法,允許具相同應用性質之眾多物聯網之連網裝置得以共享群組特性特質,降低相同群組內所有個別裝置在認證時所需耗費的計算及通訊成本。Therefore, the object of the present invention is to provide an authentication and key agreement protocol based authentication method, which allows a plurality of Internet of Things connected devices having the same application property to share group characteristics and reduce all individual groups in the same group. The computational and communication costs incurred by the device at the time of certification.
於是,本發明基於認證和密鑰協商協議之授權認證方法,由彼此經由一通訊網路連接的多個連網裝置群組、一接取服務伺服器及一行動網路註冊伺服器實施。每一連網裝置群組包括至少一連網裝置,每一連網裝置對應一個體身份資料,且每一連網裝置所屬的連網裝置群組對應一群組身份資料及一群組金鑰對,該接取服務伺服器對應一服務端身份資料;其中每一連網裝置所屬的連網裝置群組所對應的該群組身份資料及該群組金鑰對可由該行動網路註冊伺服器預先決定,每一連網裝置所屬的連網裝置群組所對應的該群組金鑰對係對應於所屬的連網裝置群組所對應的該群組身份資料,且每一群組金鑰對包括一群組私鑰及一群組密鑰。該公開金鑰憑證方法包含一步驟(a)、一步驟(b)、一步驟(c)、一步驟(d)、一步驟(e)、一步驟(f),及一步驟(g)。Therefore, the authentication authentication method based on the authentication and key agreement protocol of the present invention is implemented by a plurality of networked device groups connected to each other via a communication network, an access service server, and a mobile network registration server. Each networked device group includes at least one network device, each network device corresponding to one body identity data, and each network device device belongs to a group of network devices corresponding to a group identity data and a group of key pairs, the connection The service server corresponds to a server identity data; the group identity data corresponding to the network device group to which each network device belongs and the group key pair may be determined in advance by the mobile network registration server, and each The group key pair corresponding to the group of connected devices to which the network device belongs corresponds to the group identity data corresponding to the group of connected network devices, and each group key pair includes a group. Private key and a group key. The public key voucher method comprises a step (a), a step (b), a step (c), a step (d), a step (e), a step (f), and a step (g).
該步驟(a)是當該等連網裝置群組中之一者的該至少一連網裝置之一目標連網裝置接收來自該接取服務伺服器的一身份請求時,該目標連網裝置至少將所對應的該個體身份資料及該群組身份資料傳送至該接取服務伺服器。The step (a) is when the target networking device of one of the at least one networking device of one of the networked device groups receives an identity request from the access service server, the target networking device is at least Transmitting the corresponding individual identity data and the group identity data to the access service server.
該步驟(b)是該接取服務伺服器將來自該目標連網裝置的該個體身份資料、該群組身份資料及該服務端身份資料傳送至該行動網路註冊伺服器。The step (b) is that the pick-up service server transmits the individual identity data, the group identity data and the server identity data from the target network device to the mobile network registration server.
該步驟(c)是該行動網路註冊伺服器根據該目標連網裝置所屬的連網裝置群組所對應的該群組身份資料來選取對應的群組金鑰對,並根據該群組身份資料決定出該目標連網裝置所屬的連網裝置群組的一指示出一認證啟用時間與一認證截止時間的預定認證期間。The step (c) is that the mobile network registration server selects a corresponding group key pair according to the group identity data corresponding to the group of network devices to which the target network device belongs, and according to the group identity The data determines a predetermined authentication period indicating an authentication activation time and an authentication deadline for the group of network devices to which the target network device belongs.
該步驟(d)是該行動網路註冊伺服器至少根據對應該目標連網裝置的該群組私鑰及該服務端身份資料產生一種子鑰匙,其中,該種子鑰匙對應於該接取服務伺服器及該目標連網裝置所屬的連網裝置群組。The step (d) is that the mobile network registration server generates a sub-key according to at least the group private key corresponding to the target network device and the server identity data, wherein the seed key corresponds to the access service server. And a networked device group to which the target network device belongs.
該步驟(e)是該行動網路註冊伺服器利用一雜湊函數並至少根據對應該目標連網裝置的認證啟用時間、該群組密鑰及該服務端身份資料,產生相關於對應該目標連網裝置的認證啟用時間、該群組密鑰及該服務端身份資料的一第一授權令牌。The step (e) is that the mobile network registration server utilizes a hash function and generates at least the corresponding target connection according to the authentication activation time corresponding to the target network device, the group key and the server identity data. The authentication enable time of the network device, the group key, and a first authorization token of the server identity data.
該步驟(f)是該行動網路註冊伺服器利用該雜湊函數並至少根據對應該目標連網裝置的認證截止時間、該群組密鑰及該服務端身份資料,產生相關於對應該目標連網裝置的認證截止時間、該群組密鑰及該服務端身份資料的一第二授權令牌。The step (f) is that the mobile network registration server uses the hash function and generates at least the corresponding target connection according to the authentication deadline corresponding to the target network device, the group key and the server identity data. The authentication deadline of the network device, the group key, and a second authorization token of the server identity data.
該步驟(g)是該行動網路註冊伺服器將該認證啟用時間、該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌傳送至該接取服務伺服器,以供該接取服務伺服器與該目標連網裝置所屬的連網裝置群組中的每一連網裝置進行雙向認證。The step (g) is that the mobile network registration server transmits the authentication activation time, the authentication deadline, the seed key, the first authorization token, and the second authorization token to the access service server. The two-way authentication is performed by the access service server and each networked device in the group of connected devices to which the target networking device belongs.
本發明的功效在於:允許具相同應用性質之眾多物聯網之連網裝置得以共享群組特性特質,對於相同的連網裝置群組,只需針對不同的連網裝置群組給予不同授權認證差異,且該行動網路註冊伺服器僅需計算一次種子鑰匙及第一、第二授權令牌,降低相同群組內所有連網裝置所需聚合認證通訊頻寬。The utility model has the advantages of allowing a plurality of Internet of Things networking devices having the same application property to share group characteristic characteristics, and for the same networked device group, only different authorization authentication differences are required for different networked device groups. And the mobile network registration server only needs to calculate the seed key and the first and second authorization tokens once, and reduce the aggregate authentication communication bandwidth required by all the connected devices in the same group.
在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are denoted by the same reference numerals.
請參閱圖1,本發明基於認證和密鑰協商協議(Authentication and Key Agreement, AKA)之授權認證方法的一實施例,由彼此經由一通訊網路1連接的多個連網裝置群組2、2’、多個接取服務伺服器3、3’及一行動網路註冊伺服器4所組成的一系統來實施。該通訊網路1可為5G(第五代行動通訊系統)網路,但不在此限,亦可為其他基於無線通訊技術之網路;每一連網裝置群組2、2’包括至少一連網裝置21、21’,每一連網裝置21、21’對應一個體身份資料且其實施態樣可為一物聯網裝置,但不在此限,其亦可為一個人電腦、一智慧型手機、或其他具有基本運算處理及通訊功能的裝置/元件;該等接取服務伺服器3、3’之每一者對應一服務端身份資料,每一接取服務伺服器3、3’由一所對應的接取提供者(access provider)所提供;該行動網路註冊伺服器4係一第三方公信平台而受該等連網裝置21、21’之擁有者及該等接取服務伺服器3、3’之接取提供者信任。Referring to FIG. 1, an embodiment of an authentication and key agreement (AKA) authorization authentication method according to the present invention is provided by a plurality of networked device groups 2, 2 connected to each other via a communication network 1. ', a plurality of access service servers 3, 3' and a mobile network registration server 4 are implemented by a system. The communication network 1 can be a 5G (fifth generation mobile communication system) network, but not limited thereto, and can also be other wireless communication technology based networks; each networked device group 2, 2' includes at least one networking device 21, 21', each network device 21, 21' corresponds to a body identity data and its implementation can be an Internet of Things device, but not limited thereto, it can also be a personal computer, a smart phone, or other The device/component of the basic operation processing and communication function; each of the access service servers 3, 3' corresponds to a server identity data, and each of the access service servers 3, 3' is connected by a corresponding one. Provided by an access provider; the mobile network registration server 4 is a third-party public trust platform and is owned by the owners of the network devices 21, 21' and the access service servers 3, 3' The access provider trusts.
首先,在該系統設置階段,該行動網路註冊伺服器4根據所有連網裝置21、21’之裝置應用性質、裝置識別資訊及裝置地理位置資訊中的至少一者,將每一連網裝置21、21’歸納/分類至其中一連網裝置群組2/2’,並決定出對應每一連網裝置群組2的一群組身份資料及一具有一群組私鑰及一群組密鑰的群組金鑰對;其中,對於每一連網裝置21、21’,其所屬連網裝置群組2/2’所對應的該群組金鑰對係對應於所屬連網裝置群組2/2’所對應的該群組身份資料,此外,每一連網裝置群組2、2’包含一目標連網裝置21’。First, in the system setting phase, the mobile network registration server 4 connects each of the network devices 21 according to at least one of the device application properties, the device identification information, and the device geographic location information of all the network devices 21, 21'. 21' is summarized/classified to one of the networked device groups 2/2', and determines a group identity data corresponding to each networked device group 2 and a group private key and a group key. a group key pair; wherein, for each network device 21, 21', the group key pair corresponding to the network device group 2/2' belongs to the associated network device group 2/2 The corresponding group identity data, in addition, each networked device group 2, 2' includes a target networking device 21'.
接著,對於每一連網裝置21、21’,當該行動網路註冊伺服器4接收由該連網裝置21/21’所傳送的代表該連網裝置21/21’的該個體身份資料的註冊請求時,該行動網路註冊伺服器4根據對應於該連網裝置21/21’的該個體身份資料及對應於該連網裝置21/21’所屬連網裝置群組2/2’的該群組私鑰產生對應該連網裝置21/21’的一個體密鑰,並將該個體密鑰及對應於該連網裝置21/21’所屬連網裝置群組2/2’的該群組密鑰傳送至該連網裝置21/21’。Next, for each networked device 21, 21', when the mobile network registration server 4 receives the registration of the individual identity data represented by the networked device 21/21' on behalf of the networked device 21/21' When requested, the mobile network registration server 4 is based on the individual identity data corresponding to the network device 21/21' and the network device group 2/2' corresponding to the network device 21/21' The group private key generates a body key corresponding to the network device 21/21', and the individual key and the group corresponding to the networked device group 2/2' to which the network device 21/21' belongs The group key is transmitted to the networking device 21/21'.
此外,該行動網路註冊伺服器4還預先產生並傳送一第一常數 a及一第二常數 b至該等連網裝置群組2、2’中的每一連網裝置21、21’。 In addition, the mobile network registration server 4 also generates and transmits a first constant a and a second constant b to each of the network devices 21, 21' of the networked device groups 2, 2'.
以下,將參閱圖1與圖2並以該系統中的該等連網裝置群組2、2’中之一連網裝置群組2’的該等連網裝置21、21’之目標連網裝置21’為例,來詳細說明以該目標連網裝置21’作為其所屬連網裝置群組2’中第一個欲與該等接取服務伺服器3、3’其中一個接取服務伺服器3/3’(在本實施例中,以該接取服務伺服器3’為例)建立相同的交談金鑰(session key)之情況下,該系統中的目標連網裝置21’、該接取服務伺服器3’及該行動網路註冊伺服器4如何協同執行一授權認證程序。該授權認證程序包含一授權子程序(步驟S501~S508)及一認證子程序(步驟S601~S612)。In the following, reference will be made to Figures 1 and 2 and to the networked devices of the networked devices 21, 21' of the networked device group 2' of one of the networked device groups 2, 2' in the system. 21' is taken as an example to describe in detail that the target networking device 21' is the first one of the networked device groups 2' to which it is to be accessed by one of the access service servers 3, 3'. 3/3' (in the embodiment, taking the access service server 3' as an example) to establish the same session key, the target networking device 21' in the system, the connection The service server 3' and the mobile network registration server 4 cooperate to perform an authorization authentication procedure. The authorization authentication program includes an authorization subroutine (steps S501 to S508) and an authentication subroutine (steps S601 to S612).
在該授權子程序,首先,在步驟S501中,當該目標連網裝置21’接收來自該接取服務伺服器3’的一身份請求時(此時代表該目標連網裝置21’已向該接取服務伺服器3’請求接取服務),該目標連網裝置21’亂數產生一對應該目標連網裝置21’的第一挑戰值(在本實施例以 R i 來表示),並將該第一挑戰值、其所對應的該個體身份資料及該群組身份資料(在本實施例以 ID G 來表示,其中 G代表該目標連網裝置21’所屬連網裝置群組2’)傳送至該接取服務伺服器3’。在本實施例中,該第一挑戰值: R i = ,其中, 代表 mod p為技術上所公知之簡短記法, x i 為由該目標連網裝置21’所產生的一隨機數, p代表一質數,且 g代表一生成數(generator)。 In the authorization subroutine, first, in step S501, when the target network connection device 21' receives an identity request from the access service server 3' (in this case, the target network connection device 21' has been Receiving the service server 3' requesting the access service, the target networking device 21' generates a pair of first challenge values (indicated by R i in the present embodiment) that should be targeted to the target networking device 21', and The first challenge value, the corresponding identity data of the group, and the group identity data (in the embodiment, represented by ID G , where G represents the networked device group 2 of the target networking device 21 ′ Transfer to the pick-up service server 3'. In this embodiment, the first challenge value: R i = ,among them, representative Mod p is a shorthand notation known in the art, x i is a random number generated by the target networking device 21', p represents a prime number, and g represents a generator.
接著,在步驟S502中,該接取服務伺服器3’將來自該目標連網裝置21’的該群組身份資料,及對應於該接取服務伺服器3’的該服務端身份資料(在本實施例以 ID AP 來表示,其中 AP代表該接取服務伺服器3’)傳送至該行動網路註冊伺服器4,且該接取服務伺服器3’儲存對應該目標連網裝置21’的該第一挑戰值及該個體身份資料。 Next, in step S502, the pick-up service server 3' will use the group identity data from the target networking device 21' and the server identity data corresponding to the pick-up service server 3' (in This embodiment is represented by an ID AP , wherein the AP is transmitted to the mobile network registration server 4 on behalf of the access service server 3'), and the access service server 3' stores the corresponding target networking device 21'. The first challenge value and the identity data of the individual.
接著,在步驟S503中,該行動網路註冊伺服器4以當前日期及時間確認授權該接取服務伺服器3’往後對該目標連網裝置21’所屬連網裝置群組2’之每一連網裝置21、21’進行雙向認證的一當前授權日期(在本實施例以 date來表示)和一當前授權時間,且該行動網路註冊伺服器4根據該目標連網裝置21’所屬的連網裝置群組2’所對應的該群組身份資料來選取對應的群組金鑰對,並利用一預先建立的查找表且根據該群組身份資料決定出該目標連網裝置21’所屬的連網裝置群組2的一預定認證期間,但不在此限,該行動網路註冊伺服器4亦可依每一連網裝置21、21’(在此例為目標連網裝置21’)過去使用記錄動態調整該預定認證期間,其中,該預定認證期間係用以指示出一認證啟用時間與一認證截止時間,且該查找表係記錄於對應每一連網裝置群組2的該群組身份資料及該認證啟用與截止時間之對應關係。在本實施例中,該認證啟用時間可用以指示一第一時槽(time slot)值,在本實施例以 sl 1 來表示,且該認證截止時間可用以指示一第二時槽值(在本實施以 sl 2 來表示),且該當前授權時間可用以指示一第三時槽值(在本實施以 t來表示);每一連網裝置群組2的預定認證期間係根據其裝置應用性質之不同而有所差異。此外,當該預定認證期間為本年中的某月至某月時,則該當前授權日期: date=" year"(其中, year為當前授權年份),且 sl 1 、 sl 2 及 t之數值範圍為:1≦ sl 1 ≦ t≦ sl 2 ≦12,此時,對應該當前授權時間之最小時槽值(在本實施例以 min_ sl來表示)之數值為1,且對應該當前授權時間之最大時槽值(在本實施例以 max_ sl來表示)之數值為12;或者,當該預定認證期間為本月中的某日至某日時,則該當前授權日期: date=" moth/year"(其中, moth為當前授權月份),且 sl 1 、 sl 2 及 t之數值範圍為:1≦ sl 1 ≦ t≦ sl 2 ≦31,此時,最小時槽值之數值為1,且最大時槽值之數值為31;再甚者,當該預定認證期間為本日中的某時至某時的時候,則該當前授權日期: date=" moth/day/year"(其中, day為當前授權日),且 sl 1 、 sl 2 及 t之數值範圍為:1≦ sl 1 ≦ t≦ sl 2 ≦24,此時,最小時槽值之數值為1,且最大時槽值之數值為24,以此類推,不以上述示例為限,每一時槽值亦可對應於多個小時、多個日數、或多個月份等等。 Next, in step S503, the mobile network registration server 4 confirms, at the current date and time, that the access service server 3' is authorized to belong to the networked device group 2' to which the target networking device 21' belongs. a current authorization date (indicated by date in this embodiment) and a current authorization time for the network device 21, 21' to perform mutual authentication, and the mobile network registration server 4 according to the target network connection device 21' The group identity data corresponding to the network device group 2' is selected to select a corresponding group key pair, and a pre-established lookup table is used and the target network device 21' is determined according to the group identity data. During a predetermined authentication period of the networked device group 2, but not limited thereto, the mobile network registration server 4 may also pass each of the networking devices 21, 21' (in this case, the target networking device 21') The predetermined authentication period is dynamically adjusted by using a record, wherein the predetermined authentication period is used to indicate an authentication activation time and an authentication deadline, and the lookup table is recorded in the group identity corresponding to each networked device group 2. Information and the certification is enabled and Corresponding to the stop time of the relationship. In this embodiment, the authentication enable time can be used to indicate a first time slot value, which is represented by sl 1 in this embodiment, and the authentication cutoff time can be used to indicate a second time slot value (in The present implementation is represented by sl 2 ), and the current authorization time can be used to indicate a third time slot value (indicated by t in the present embodiment); the predetermined authentication period of each networked device group 2 is based on the device application properties. It varies from one to the other. In addition, when the predetermined certification period is from the month to the month of the current year , the current authorization date: date= " year " (where year is the current authorization year), and the values of sl 1 , sl 2 and t The range is: 1≦ sl 1 ≦ t ≦ sl 2 ≦12, at this time, the value of the minimum time slot value corresponding to the current authorization time (indicated by min _ sl in this embodiment) is 1, and corresponds to the current authorization. The maximum time slot value (in the present embodiment, represented by max _ sl ) has a value of 12; or, when the predetermined authentication period is from a certain day to a certain day of the month, the current authorization date: date= " Moth/year " (where moth is the current authorization month), and the range of values for sl 1 , sl 2 and t is: 1 ≦ sl 1 ≦ t ≦ sl 2 ≦ 31, at which point the value of the minimum time slot value is 1 And the value of the maximum time slot value is 31; otherwise, when the predetermined authentication period is some time in the current day to a certain time, the current authorization date: date= " moth/day/year " (where authorization for the current day day), and the sl 1, sl 2, and t is a numerical range is: 1 ≦ sl 1 ≦ t ≦ sl 2 ≦ 24, at this time, the minimum groove The value of 1, and the maximum value of the time slot value is 24, and so on, is not limited to the above example, each time slot corresponding to a plurality of values can hours, several days more, month or more and the like.
接著,在步驟S504中,該行動網路註冊伺服器4根據對應該目標連網裝置21’的該群組私鑰(在本實施例以 s G 來表示)、該服務端身份資料,及當前授權日期,以產生一種子鑰匙;其中,該種子鑰匙對應於該接取服務伺服器3’、該當前授權日期,及該目標連網裝置21’所屬連網裝置群組2’。在本實施例中,該種子鑰匙: Auth AP,G,date =s GH ( ID AP||date ),其中,“ ||”為聯結運算子。 Next, in step S504, the mobile network registration server 4 is based on the group private key corresponding to the target networking device 21' (in the embodiment, denoted by s G ), the server identity data, and the current Authorization date to generate a sub-key; wherein the seed key corresponds to the access service server 3', the current authorization date, and the networked device group 2' to which the target network device 21' belongs. In this embodiment, the seed key: Auth AP, G, date = s G H ( ID AP ||date ), where " || " is a join operator.
接著,在步驟S505中,該行動網路註冊伺服器4利用一雜湊函數: h()(在本實施例該雜湊函數 h()為一密碼式雜湊函數(cryptographic hash function),並根據對應該接取服務伺服器3’的該服務端身份資料、該當前授權日期、該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值、對應該目標連網裝置21’的該群組密鑰(在本實施例以 GK來表示),及該第一常數,產生一第一授權令牌(Authentication Token, AT)。在本實施例中,該第一授權令牌: AT a = ( GK||ID AP||date||sl 1||sl 2||a );值得一提的是,當該目標連網裝置21’為其所屬連網裝置群組2’之唯一連網裝置時,該第一授權令牌可藉由下列公式算出: AT a = ( GK||ID AP||date||a )。 Next, in step S505, the mobile network registration server 4 utilizes a hash function: h () (in the present embodiment, the hash function h () is a cryptographic hash function, and according to the corresponding Receiving the server identity data of the service server 3', the current authorization date, the first time slot value indicated by the authentication enablement and the deadline, and the second time slot value, corresponding to the target networking device 21 The group key (indicated by GK in this embodiment), and the first constant, generates a first authorization token (AT). In this embodiment, the first authorization token : AT a = ( GK||ID AP ||date||sl 1 ||sl 2 ||a ); It is worth mentioning that when the target networking device 21' is the only network of its associated networked device group 2' At the time of the device, the first authorization token can be calculated by the following formula: AT a = ( GK||ID AP ||date||a ).
接著,在步驟S506中,該行動網路註冊伺服器4利用該雜湊函數: h(),並根據該第二常數、對應該接取服務伺服的該服務端身份資料、該當前授權日期、對應該目標連網裝置21’的該群組密鑰、及該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值,產生一第二授權令牌。在本實施例中,該第二授權令牌: AT b = ( b||GK||ID AP||date||sl 1||sl 2 );值得一提的是,當該目標連網裝置21’為其所屬連網裝置群組2’之唯一連網裝置時,該第二授權令牌可藉由下列公式算出: AT b = ( b||GK||ID AP||date )。 Next, in step S506, the mobile network registration server 4 uses the hash function: h (), and according to the second constant, the server identity data corresponding to the service server, the current authorization date, and the pair The second authorization token is generated by the group key of the target networking device 21' and the first time slot value and the second time slot value respectively indicated by the authentication activation and the deadline. In this embodiment, the second authorization token: AT b = ( b||GK||ID AP ||date||sl 1 ||sl 2 ); It is worth mentioning that when the target networking device 21' is the only network of its associated networked device group 2' When the device is used, the second authorization token can be calculated by the following formula: AT b = ( b||GK||ID AP ||date ).
接著,在步驟S507中,該行動網路註冊伺服器4傳送該當前授權日期和時間、該預定認證期間所指示的該認證啟用時間與該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌至該接取服務伺服器3’,此時代表該行動網路註冊伺服器4將該種子鑰匙、該第一授權令牌及該第二授權令牌授權給該接取服務伺服器3’。Next, in step S507, the mobile network registration server 4 transmits the current authorization date and time, the authentication activation time indicated by the predetermined authentication period, the authentication deadline, the seed key, and the first authorization token. And the second authorization token to the access service server 3', at which time the mobile network registration server 4 authorizes the seed key, the first authorization token and the second authorization token to the connection Take the service server 3'.
接著,在步驟S508中,該接取服務伺服器3’在接收該當前授權日期和時間、該預定認證期間所指示的該認證啟用時間與該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌後,儲存該當前授權日期和時間、該預定認證期間所指示的該認證啟用時間與該認證截止時間、該種子鑰匙、該第一授權令牌及該第二授權令牌而可進一步與該目標連網裝置21’所屬連網裝置群組2’中的每一連網裝置21、21’進行雙向認證。Next, in step S508, the receiving service server 3' receives the current authorization date and time, the authentication activation time indicated by the predetermined authentication period, the authentication deadline, the seed key, and the first authorization order. After the card and the second authorization token, storing the current authorization date and time, the authentication activation time indicated by the predetermined authentication period, the authentication deadline, the seed key, the first authorization token, and the second authorization The token can be further authenticated indirectly with each of the networked devices 21, 21' in the networked device group 2' to which the target networking device 21' belongs.
以下為詳細描述在該接取服務伺服器3’在取得該種子鑰匙、該第一授權令牌及該第二授權令牌情況下,其與該目標連網裝置21’不須透過該行動網路註冊伺服器4即能彼此進行雙向認證之細節程序。The following is a detailed description in the case that the access service server 3' obtains the seed key, the first authorization token and the second authorization token, and the target networking device 21' does not need to pass through the mobile network. The road registration server 4 is a detailed program that can perform mutual authentication with each other.
請參閱圖1與圖3,在該認證子程序,首先,在步驟S601中,該接取服務伺服器3’利用一雙線性配對函數並至少根據對應該目標連網裝置21’的該個體身份資料,及該種子鑰匙,產生一第一秘密值。在本實施例中,該第一秘密值: S 1 = e( H( ID i ), Auth AP,G,date )= ,其中, 為一雙線性配對函數, G 2 為質數序 q的循環乘法群,值得一提的是,經由數學推導,即, S 1 = , H( ID i )代表 xp, H( ID AP||date )代表 yp,且 x、 y代表未知數,可知該第一秘密值是植基於BDHP(Bilinear Diffie-Hellman Problem)難題,因此在安全性及私密性上具有一定程度的保障。 Referring to FIG. 1 and FIG. 3, in the authentication subroutine, first, in step S601, the access service server 3' utilizes a bilinear pairing function and at least according to the individual corresponding to the target networking device 21' The identity data, and the seed key, generate a first secret value. In this embodiment, the first secret value: S 1 = e ( H ( ID i ), Auth AP, G, date ) = ,among them, For a bilinear pairing function, G 2 is a cyclic multiplicative group of prime numbers q . It is worth mentioning that, through mathematical derivation, ie, S 1 = H ( ID i ) represents xp , H ( ID AP ||date ) represents yp , and x and y represent unknown numbers. It can be known that the first secret value is based on the BDHP (Bilinear Diffie-Hellman Problem) problem, so the security is And privacy has a certain degree of protection.
接著,在步驟S602中,該接取服務伺服器3’利用該雜湊函數: h()並至少根據該第一秘密值、該第一授權令牌、該第二授權令牌、該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值,及該當前授權時間所指示的該第三時槽值,產生一第一認證密鑰(authentication key)。在本實施例中,該第一認證密鑰: AK 1=h ( S 1|| ( AT a ) || ( AT b ))。 Next, in step S602, the pick-up service server 3' utilizes the hash function: h () and at least according to the first secret value, the first authorization token, the second authorization token, the authentication enablement and The first time slot value and the second time slot value respectively indicated by the deadline, and the third time slot value indicated by the current authorization time, generate a first authentication key. In this embodiment, the first authentication key: AK 1 =h ( S 1 || ( AT a ) || ( AT b )).
接著,在步驟S603中,該接取服務伺服器3’亂數產生一第二挑戰值(在本實施例以 R AP 來表示),並利用該雜湊函數: h(),並根據該第一認證密鑰、該第一挑戰值及該第二挑戰值,產生一第一驗證值;該接取服務伺服器3’並將該當前授權日期和時間、該認證啟用與截止時間、該第一驗證值、該服務端身份資料及該第二挑戰值傳送至該目標連網裝置21’。在本實施例中,該第一驗證值 Auth AP=h ( AK 1||R i||R AP ),其中, R AP = , x AP 為由該接取服務伺服器3’所產生的一隨機數。 Next, in step S603, the pick-up service server 3' generates a second challenge value (indicated by R AP in this embodiment), and uses the hash function: h (), and according to the first Generating a first verification value by the authentication key, the first challenge value, and the second challenge value; the receiving service server 3' and the current authorization date and time, the authentication activation and deadline, the first The verification value, the server identity data, and the second challenge value are transmitted to the target networking device 21'. In this embodiment, the first verification value Auth AP =h ( AK 1 ||R i ||R AP ), where R AP = , x AP is a random number generated by the pick-up service server 3'.
接著,在步驟S604中,該目標連網裝置21’利用該雜湊函數: h(),並根據對應該接取服務伺服器3’的該服務端身份資料、該當前授權日期、對應該目標連網裝置21’的該群組密鑰、該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值,及該第一常數,產生一第一雜湊種子值。在本實施例中,該第一雜湊種子值: Seed a=h ( GK||ID AP||date||sl 1||sl 2||a );值得一提的是,當該目標連網裝置21’為其所屬連網裝置群組2’之唯一連網裝置時,該第一雜湊種子值可藉由下列公式算出: Seed a=h ( GK||ID AP||date||a )。 Next, in step S604, the target networking device 21' utilizes the hash function: h (), and according to the identity information of the server corresponding to the service server 3', the current authorization date, and the corresponding target connection The group key of the network device 21', the first time slot value and the second time slot value respectively indicated by the authentication enable and the cutoff time, and the first constant generate a first hash seed value. In this embodiment, the first hash seed value: Seed a = h ( GK||ID AP ||date||sl 1 ||sl 2 ||a ); it is worth mentioning that when the target is connected to the network When the device 21' is the only network device to which the networked device group 2' belongs, the first hash seed value can be calculated by the following formula: Seed a = h ( GK||ID AP ||date||a ) .
接著,在步驟S605中,該目標連網裝置21’利用該雜湊函數: h(),並根據該第二常數、對應該接取服務伺服的該服務端身份資料、該當前授權日期、對應該目標連網裝置21’的該群組密鑰、及該認證啟用與截止時間所分別指示的該第一時槽值與該第二時槽值,產生一第二雜湊種子值。在本實施例中,該第二雜湊種子值: Seed b=h ( b||GK||ID AP||date||sl 1||sl 2 );值得一提的是,當該目標連網裝置21’為其所屬連網裝置群組2’之唯一連網裝置時,該第二雜湊種子值可藉由下列公式算出: Seed b=h ( b||GK||ID AP||date )。 Next, in step S605, the target networking device 21' utilizes the hash function: h (), and according to the second constant, the server identity data corresponding to the service server, the current authorization date, and the corresponding The group key of the target networking device 21', and the first time slot value and the second time slot value indicated by the authentication enable and the cutoff time respectively generate a second hash seed value. In this embodiment, the second hash seed value: Seed b =h ( b||GK||ID AP ||date||sl 1 ||sl 2 ); it is worth mentioning that when the target is connected to the network When the device 21' is the only network device of the networked device group 2' to which it belongs, the second hash seed value can be calculated by the following formula: Seed b =h ( b||GK||ID AP ||date ) .
接著,在步驟S606中,該目標連網裝置21’利用該雙線性配對函數並至少根據對應該目標連網裝置21’的該個體密鑰、該服務端身份資料及該當前授權日期,產生一第二秘密值。在本實施例中,對應該目標連網裝置21’的該個體密鑰以 SID i 來表示,其中, S ID i =s GH ( ID i ),其中 係屬於一種可容許編碼函數(admissible encoding function),其為單向雜湊函數(one-way hash function), G 1 為質數序(prime order) q的循環加法群,其屬於GDH代數群(gap-Diffie-Hellman group),由此可知該個體密鑰是植基於CDHP難題,難以被破解,且該第二秘密值: S 2 = e(S ID i , H( ID AP||date )) = ,值得一提的是,該第二秘密值之安全性及私密性滿足BDHP難題,同樣具備一定程度的保障而難以被破解。 Next, in step S606, the target networking device 21' generates the bilinear pairing function and generates at least according to the individual key corresponding to the target networking device 21', the server identity data, and the current authorization date. A second secret value. In the present embodiment, the individual key corresponding to the target networking device 21' is represented by SID i , where S ID i = s G H ( ID i ), wherein It belongs to an admissible encoding function, which is a one-way hash function, and G 1 is a cyclic addition group of prime order q , which belongs to the GDH algebra group (gap- Diffie-Hellman group), it can be seen that the individual key is based on the CDHP problem and is difficult to be cracked, and the second secret value: S 2 = e (S ID i , H ( ID AP ||date )) = It is worth mentioning that the security and privacy of the second secret value meets the BDHP problem, and it also has a certain degree of security and is difficult to be cracked.
接著,在步驟S607中,該目標連網裝置21’利用該雜湊函數: h()並根據該第二秘密值、該當前授權時間所指示的該第三時槽值、該第一雜湊種子值及該第二雜湊種子值,產生一第二認證密鑰。在本實施例中,該第二認證密鑰: AK 2=h ( S 2|| ( Seed a ) || ( Seed b ))。 Next, in step S607, the target networking device 21' utilizes the hash function: h () and according to the second secret value, the third time slot value indicated by the current authorization time, and the first hash seed value. And the second hash seed value, generating a second authentication key. In this embodiment, the second authentication key: AK 2 =h ( S 2 || ( Seed a ) || ( Seed b )).
接著,在步驟S608中,該目標連網裝置21’根據該第二認證密鑰、該第一挑戰值、及從該接取端伺服器所接收的該第二挑戰值,以驗證該第一驗證值是否滿足 h( ||R i||R AP )(其中, 為對應該接取端伺服器3’與該目標連網裝置21’之認證金鑰)來確認該接取服務伺服器3’是否通過認證。在本實施例中,對於該當前授權日期: date,該目標連網裝置21’所屬連網裝置群組2’中每一連網裝置21、21’與該接取服務伺服器3’所對應產生的秘密值在BDHP難題未被破解情況下彼此皆相同,亦即,對於該目標連網裝置21’與該接取服務伺服器3’,該第二秘密值相等於該第一秘密值,此時,令對應該接取端伺服器與該目標連網裝置21’之秘密值: = S 2 = S 1 ;因此,在該第二秘密值與該第一秘密值相等的條件下,藉由簡單的數學推導可以證明該第二認證密鑰相等於第一認證密鑰,其推導過程不在此贅述,且由於 AK 2=AK 1 ,故令 =AK 2=AK 1 。 Next, in step S608, the target networking device 21' verifies the first according to the second authentication key, the first challenge value, and the second challenge value received from the access server. Verify that the value satisfies h ( ||R i ||R AP )(where It is determined whether the access service server 3' has passed the authentication in response to the authentication key of the destination server 3' and the target networking device 21'. In this embodiment, for the current authorization date: date , each networked device 21, 21' of the networked device group 2' to which the target networked device 21' belongs is corresponding to the access service server 3'. The secret value is the same as each other when the BDHP puzzle is not cracked, that is, for the target networking device 21' and the access service server 3', the second secret value is equal to the first secret value. At the same time, the secret value of the corresponding server and the target networking device 21' is determined: = S 2 = S 1 ; therefore, under the condition that the second secret value is equal to the first secret value, it can be proved by a simple mathematical derivation that the second authentication key is equal to the first authentication key, and its derivation The process is not described here, and since AK 2 = AK 1 , =AK 2 =AK 1 .
接著,在步驟S609中,當該目標連網裝置21’確認該接取服務伺服器3’已通過認證時,表示 Auth AP = h( ||R i||R AP ),接著該目標連網裝置21’利用該雜湊函數: h()並根據該第二認證密鑰及該第二挑戰值,產生一第二驗證值。在本實施例中,該第二驗證值: =h( AK 2||R AP )。 Next, in step S609, when the target networking device 21' confirms that the access service server 3' has passed the authentication, it indicates that Auth AP = h ( ||R i ||R AP ), then the target networking device 21 ′ uses the hash function: h () and generates a second verification value according to the second authentication key and the second challenge value. In this embodiment, the second verification value is: =h ( AK 2 ||R AP ).
接著,在步驟S610中,該目標連網裝置21’利用該雜湊函數: h()並根據該第二認證密鑰、該第一挑戰值 中的隨機數 x i 、及從該接取端伺服器所接收的該第二挑戰值,產生對應該目標連網裝置21’及該接取服務伺服器3’的一交談金鑰並傳送該第二驗證值至該接取服務伺服器3’。在本實施例中,該交談金鑰: h( AK 2|| ) =h( || )= ,其中, AK 2= ,且 。 Next, in step S610, the target networking device 21' utilizes the hash function: h () and according to the second authentication key, the first challenge value a random number x i , and the second challenge value received from the access server, generating a conversation key corresponding to the target networking device 21 ′ and the access service server 3 ′ and transmitting the The second verification value is to the access service server 3'. In this embodiment, the conversation key: h ( AK 2 || ) =h ( || )= , where AK 2 = And .
接著,在步驟S611中,該接取服務伺服器3’根據該第二挑戰值及該第一認證密鑰,以驗證該第二驗證值是否滿足 h( ||R AP ),來確認該目標連網裝置21’是否通過認證。在本實施例中,若BDHP難題未被破解,該第一秘密值相等於該第二秘密值,即, S 1 = S 2 = ;因此,藉由簡單的數學推導可以證明在該第一秘密值與該第二秘密值相等的條件下,該第一認證密鑰相等於第二認證密鑰,此時, AK 1=AK 2 ,故 =AK 1=AK 2 。 Next, in step S611, the pick-up service server 3' verifies whether the second verification value satisfies h according to the second challenge value and the first authentication key. ||R AP ), to confirm whether the target networking device 21' is authenticated. In this embodiment, if the BDHP puzzle is not cracked, the first secret value is equal to the second secret value, ie, S 1 = S 2 = Therefore, it can be proved by simple mathematical derivation that the first authentication key is equal to the second authentication key under the condition that the first secret value is equal to the second secret value, and at this time, AK 1 =AK 2 Therefore =AK 1 =AK 2 .
繼而,在步驟S612中,當該接取服務伺服器3’已確認該目標連網裝置21’通過認證時,表示 = h( ||R AP )且該第一認證密鑰等同於該第二認證密鑰並皆可作為對應該接取端伺服器與該目標連網裝置21’之認證金鑰,接著該接取服務伺服器3’利用該雜湊函數: h()並根據該第一認證密鑰(亦即,該認證金鑰)、該第一挑戰值及該第二挑戰值中的隨機數 x AP ,產生對應該目標連網裝置21’及該接取服務伺服器3’的該交談金鑰。在本實施例中,該交談金鑰: h( AK 1|| ) =h( || )= ,其中, AK 1= , 。因此,該接取服務伺服器3’與該目標連網裝置21’之兩者透過金鑰交換機制建立一把共享秘密的交談金鑰,使爾後通訊雙方便可利用此把交談金鑰進行安全且秘密的資料傳遞。 Then, in step S612, when the pick-up service server 3' has confirmed that the target networking device 21' has passed the authentication, = h ( ||R AP ) and the first authentication key is equivalent to the second authentication key and can be used as an authentication key corresponding to the access server and the target networking device 21 ′, and then the access service servo The device 3' utilizes the hash function: h () and generates a corresponding one according to the first authentication key (that is, the authentication key), the first challenge value, and the random number x AP in the second challenge value. The target networking device 21' and the chat key of the pick-up service server 3'. In this embodiment, the conversation key: h ( AK 1 || ) =h ( || )= , where AK 1 = , . Therefore, the access service server 3' and the target networking device 21' establish a shared secret conversation key through the key exchange mechanism, so that the communication parties can use the chat key to secure the communication key. And secret data transmission.
此外,在該目標連網裝置21’與該接取服務伺服器3’及該行動網路註冊伺服器4已協同執行完該授權子程序之情況下,對於該目標連網裝置21’所屬連網裝置群組2’中該目標連網裝置21’以外的其他連網裝置21之每一者,當該其他連網裝置21欲與該接取服務伺服器3’進行雙向認證以建立一把共享交談金鑰時,該其他連網裝置21不需與該接取服務伺服器3’及該行動網路註冊伺服器4完整地執行該授權子程序,僅需在一開始對該接取服務伺服器3’請求該接取服務,即可執行類似於該授權子程序中的步驟S502(參閱圖2步驟S502),以使得該其他連網裝置21亂數產生一對應該其他連網裝置21的第一挑戰值(在本實施例以 R j 來表示),並將 R j 及該其他連網裝置21所對應的該個體身份資料(在本實施例以 ID j 來表示)傳送至該接取服務伺服器3’儲存。 In addition, in the case that the target networking device 21' and the access service server 3' and the mobile network registration server 4 have cooperated to execute the authorization subroutine, the connection to the target networking device 21' Each of the network devices 21 other than the target network device 21' in the network device group 2', when the other network device 21 wants to perform mutual authentication with the access service server 3' to establish a When the chat key is shared, the other network connection device 21 does not need to completely execute the authorization subroutine with the access service server 3' and the mobile network registration server 4, and only needs to access the service at the beginning. The server 3' requests the access service, and can perform step S502 similar to the authorization subroutine (refer to step S502 of FIG. 2), so that the other networking devices 21 generate a pair of other networked devices 21 in random. a first challenge value (indicated by R j in this embodiment), and transmitting R j and the individual identity data corresponding to the other networking device 21 (indicated by ID j in the embodiment) to the interface Take the service server 3' to store.
接著,請參閱圖1與圖3,以下為該其他連網裝置21將 R j 及 ID j 傳送至該接取服務伺服器3’儲存後,該其他連網裝置21與該接取服務伺服器3’共同執行該裝置認證子程序(步驟S601~S612),其中重複的部分不再贅述。 Next, referring to FIG. 1 and FIG. 3, after the other network connection device 21 transmits R j and ID j to the access service server 3 ′, the other network connection device 21 and the access service server are connected. 3' jointly executes the device authentication subroutine (steps S601 to S612), and the repeated portions are not described again.
首先,在步驟S601中,該接取服務伺服器3’利用e()函數並根據 ID j 及 Auth AP,G,date ,產生一第一秘密值: S 1’ = e( H( ID j ), Auth AP,G,date ),其中, Auth AP,G,date=s GH ( ID AP||date )。 First, in step S601, the pick-up service server 3' generates a first secret value according to ID j and Auth AP, G, date using the e() function: S 1 ' = e ( H ( ID j ) , Auth AP, G, date ), where Auth AP, G, date = s G H ( ID AP ||date ).
接著,在步驟S602中,該接取服務伺服器3’利用 h()函數並根據 S 1’ 、 AT a 、 AT b 、 sl 1 、 sl 2 及 t,產生一第一認證密鑰: AK 1’=h ( S 1’ || ( AT a ) || ( AT b ))。 Next, in step S602, the pick-up service server 3' generates a first authentication key using the h () function and according to S 1 ' , AT a , AT b , sl 1 , sl 2 and t : AK 1 '=h ( S 1 ' || ( AT a ) || ( AT b )).
接著,在步驟S603中,該接取服務伺服器3’亂數產生一第二挑戰值(在本實施例以 R AP’ 來表示,其中 R AP’ = , x AP’ 為由該接取服務伺服器3’所產生的一隨機數),並利用 h()函數且根據 AK 1’ 、 R j 及 R AP’ ,產生一第一驗證值: Auth AP’=h ( AK 1’||R j||R AP’ ),並將該當前授權日期和時間、該認證啟用與截止時間、 Auth AP’ 、 ID AP 及 R AP’ 傳送至該其他連網裝置21。 Next, in step S603, the access service server 3' random number generates a second challenge value (in the present embodiment, represented by R AP ' , where R AP ' = , x AP ' is a random number generated by the pick-up service server 3', and uses the h () function and generates a first verification value according to AK 1 ' , R j and R AP ' : Auth AP '=h ( AK 1 '||R j ||R AP ' ), and transfer the current authorization date and time, the authentication enable and expiration time, Auth AP ' , ID AP and R AP ' to the other network Device 21.
接著,在步驟S604中,該其他連網裝置21利用 h()函數並計算相關於 GK、 ID AP 、 date、 sl 1 、 sl 2 及 a的該第一雜湊種子值: Seed a=h ( GK||ID AP||date||sl 1||sl 2||a )。 Next, in step S604, the other networking device 21 uses the h () function and calculates the first hash seed value associated with GK , ID AP , date , sl 1 , sl 2, and a : Seed a = h ( GK ||ID AP ||date||sl 1 ||sl 2 ||a ).
接著,在步驟S605中,該其他連網裝置21利用 h()函數並計算相關於 b、 GK、 ID AP 、 date、 sl 1 及 sl 2 的該第二雜湊種子值: Seed b=h ( b||GK||ID AP||date||sl 1||sl 2 )。 Next, in step S605, the other networking device 21 uses the h () function and calculates the second hash seed value associated with b , GK , ID AP , date , sl 1, and sl 2 : Seed b = h ( b ||GK||ID AP ||date||sl 1 ||sl 2 ).
接著,在步驟S606中,該其他連網裝置21利用 e()函數並至少根據對應該其他連網裝置21的該個體密鑰(在本實施例以S ID j 來表示)、 ID AP 及 date,產生一第二秘密值: S 2’ = e(S ID j , H( ID AP||date )),其中, S ID j=s GH ( ID j )。 Next, in step S606, the other networking device 21 utilizes the e () function and at least according to the individual key corresponding to the other networking device 21 (indicated by S ID j in this embodiment), ID AP and date. , generating a second secret value: S 2 ' = e (S ID j , H ( ID AP ||date )), where S ID j = s G H ( ID j ).
接著,在步驟S607中,該其他連網裝置21利用 h()函數並根據 S 2’ 、 t、 Seed a 及 Seed b ,產生一第二認證密鑰: AK 2’=h ( S 2’|| ( Seed a ) || ( Seed b ))。 Next, in step S607, the other networking device 21 generates a second authentication key by using the h () function and according to S 2 ' , t , Seed a, and Seed b : AK 2 '=h ( S 2 '| | ( Seed a ) || ( Seed b )).
接著,在步驟S608中,該其他連網裝置21根據 AK 2’ 、 R j 及 R AP’ 驗證 Auth AP’ 是否滿足 h( ||R j||R AP’ )以確認該接取服務伺服器3’是否通過認證。其中, 為對應該接取端伺服器3’與該其他連網裝置21之認證金鑰。 Next, in step S608, the other networking device 21 verifies whether the Auth AP ' satisfies h according to AK 2 ' , R j and R AP ' ||R j ||R AP ' ) to confirm whether the access service server 3' is authenticated. among them, In order to correspond to the authentication key of the server 3' and the other networked device 21.
接著,在步驟S609中,當該其他連網裝置21已確認該接取服務伺服器3’通過認證時,表示 Auth AP’=h ( ||R j||R AP’ ),接著該其他連網裝置21利用 h()函數並根據對應該其他連網裝置21的 AK 2’ 及 R AP’ ,產生一第二驗證值: =h( AK 2’||R AP’ )。 Next, in step S609, when the other networking device 21 has confirmed that the access service server 3' has passed the authentication, it indicates that Auth AP '=h ( ||R j ||R AP ' ), then the other networking device 21 generates a second verification value by using the h () function and according to AK 2 ' and R AP ' corresponding to other networking devices 21: =h ( AK 2 '||R AP ' ).
接著,在步驟S610中,該其他連網裝置21利用 h()函數並根據 AK 2’ 、 R j 中的 x j 、及 R AP’ ,產生對應該其他連網裝置21及該接取服務伺服器3’的一交談金鑰: h( AK 2’|| ) =h( || ) = ,其中, AK 2’= ,且 ,接著該其他連網裝置21並將 傳送至該接取服務伺服器3’。 Next, in step S610, the other networking device 21 uses the h () function and generates corresponding network devices 21 and the access service servo according to xxx 2 ' , x j , and R AP ' in R j . a conversation key for 3': h ( AK 2 '|| ) =h ( || ) = , where AK 2 '= And Next to the other networking device 21 and Transfer to the pick-up service server 3'.
接著,在步驟S611中,該接取服務伺服器3’根據 AK 1’ 及 R AP’ 驗證 是否滿足 h( ||R AP’ )以確認該其他連網裝置21是否通過認證。 Next, in step S611, the access service server 3 ' verifies according to AK 1 ' and R AP ' Whether it meets h ( ||R AP ' ) to confirm whether the other networking device 21 has passed the authentication.
繼而,在步驟S612中,當該接取服務伺服器3’已確認該其他連網裝置21通過認證時,表示 = h( ||R AP’ )且 AK 1’ = AK 2’= ,接著該接取服務伺服器3’利用 h()函數並根據該認證金鑰、及 R j 與 R AP’ 中的 ,產生對應該其他連網裝置21及該接取服務伺服器3’的該交談金鑰: =h( || ),其中, 。因此,該接取服務伺服器3’與該其他連網裝置21之兩者透過金鑰交換機制建立一把共享秘密的交談金鑰,使爾後通訊雙方便可利用此把交談金鑰進行安全且秘密的資料傳遞。 Then, in step S612, when the pick-up service server 3' has confirmed that the other networked device 21 has passed the authentication, = h ( ||R AP ' ) and AK 1 ' = AK 2 '= And then the access service server 3' utilizes the h () function and according to the authentication key, and R j and R AP ' , generating the conversation key corresponding to the other network device 21 and the access service server 3': =h ( || ),among them, . Therefore, the pick-up service server 3' and the other networked devices 21 establish a shared secret chat key through the key exchange mechanism, so that the communication partners can use the chat key to securely. Secret data transmission.
綜上所述,本發明授權認證方法具有以下優點:(1)允許具相同應用性質之眾多物聯網之連網裝置21、21’得以共享群組特性特質以降低群組內所有個別裝置連線認證之計算及通訊成本;(2)對於相同的連網裝置群組2,該行動網路註冊伺服器4僅需計算一次種子鑰匙、及第一、第二授權令牌,而能為相同的連網裝置群組2中所有連網裝置21、21’在多次連線所共享因而攤平計算成本;(3)利用雜湊函數設計讓該連網裝置21/21’與該接取服務伺服器3/3’之通訊多方可以用低成本計算產生認證金鑰而不需現有技術的高連線數量及高通訊頻寬;(4)因每一秘密值、每一認證密鑰及每一交談金鑰係由其對應的個別連網裝置21/21’與其對應通訊的接取服務伺服器3/3’所產生,故當該連網裝置群組2/2’內任一連網裝置21/21’被破解時,其不影響群組中其他裝置之安全性;(5)本系統所產生的交談金鑰具有前向/後向保密性,故確實能達成本發明的目的。In summary, the authentication method of the present invention has the following advantages: (1) allowing a plurality of Internet of Things networking devices 21, 21' having the same application property to share group characteristic characteristics to reduce connection of all individual devices in the group. Authentication calculation and communication cost; (2) For the same networked device group 2, the mobile network registration server 4 only needs to calculate the seed key and the first and second authorization tokens once, but can be the same All the networked devices 21, 21' in the networked device group 2 are shared by multiple connections and thus the calculation cost is flattened; (3) the networked device 21/21' and the access service servo are designed by using the hash function The 3/3' communication multi-party can generate the authentication key with low-cost calculation without the high-wire number and high communication bandwidth of the prior art; (4) for each secret value, each authentication key and each The chat key is generated by its corresponding individual network device 21/21' and its corresponding communication service server 3/3', so when any network device 21 in the network device group 2/2' When /21' is cracked, it does not affect the security of other devices in the group; (5) this Conversation key system produced has a forward / backward secrecy, it can really achieve the object of the present invention.
惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above is only the embodiment of the present invention, and the scope of the invention is not limited thereto, and all the simple equivalent changes and modifications according to the scope of the patent application and the patent specification of the present invention are still Within the scope of the invention patent.
1‧‧‧通訊網路1‧‧‧Communication network
2、2’‧‧‧連網裝置群組 2, 2'‧‧‧ Networking device group
21‧‧‧連網裝置 21‧‧‧ Networking device
21’‧‧‧目標連網裝置 21’‧‧‧Target networked device
3、3’‧‧‧接取服務伺服器 3, 3'‧‧‧ Receiving service server
4‧‧‧行動網路註冊伺服器 4‧‧‧Mobile Network Registration Server
S501~S508‧‧‧步驟 S501~S508‧‧‧Steps
S601~S612‧‧‧步驟 S601~S612‧‧‧Steps
本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,說明實施本發明的授權認證方法的多個連網裝置群組、多個接取服務伺服器及一行動網路註冊伺服器; 圖2是一流程圖,說明本發明授權認證方法的一授權子程序;及 圖3是一流程圖,說明本發明授權認證方法的一認證子程序。Other features and advantages of the present invention will be apparent from the embodiments of the present invention, wherein: Figure 1 is a block diagram illustrating a plurality of networked device groups, multiple implementing the authorization authentication method of the present invention. Receiving a service server and a mobile network registration server; FIG. 2 is a flowchart illustrating an authorization subroutine of the authorization authentication method of the present invention; and FIG. 3 is a flowchart illustrating an authentication of the authorization authentication method of the present invention Subroutine.
Claims (12)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW107130001A TWI672606B (en) | 2018-08-28 | 2018-08-28 | Authorization authentication method based on authentication and key agreement protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW107130001A TWI672606B (en) | 2018-08-28 | 2018-08-28 | Authorization authentication method based on authentication and key agreement protocol |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI672606B true TWI672606B (en) | 2019-09-21 |
TW202009759A TW202009759A (en) | 2020-03-01 |
Family
ID=68619129
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW107130001A TWI672606B (en) | 2018-08-28 | 2018-08-28 | Authorization authentication method based on authentication and key agreement protocol |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI672606B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI776404B (en) * | 2020-03-23 | 2022-09-01 | 大陸商騰訊科技(深圳)有限公司 | Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103596123A (en) * | 2008-01-18 | 2014-02-19 | 交互数字专利控股公司 | Method executed by M2ME |
US20150350906A1 (en) * | 2014-05-30 | 2015-12-03 | Qualcomm Incorporated | Systems and methods for selective association |
TWI520557B (en) * | 2013-12-10 | 2016-02-01 | ||
CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
TWI600308B (en) * | 2015-04-30 | 2017-09-21 | 臺灣網路認證股份有限公司 | System for using valid certificate to apply mobile certificate online and method thereof |
WO2018125989A2 (en) * | 2016-12-30 | 2018-07-05 | Intel Corporation | The internet of things |
-
2018
- 2018-08-28 TW TW107130001A patent/TWI672606B/en not_active IP Right Cessation
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103596123A (en) * | 2008-01-18 | 2014-02-19 | 交互数字专利控股公司 | Method executed by M2ME |
TWI520557B (en) * | 2013-12-10 | 2016-02-01 | ||
US20150350906A1 (en) * | 2014-05-30 | 2015-12-03 | Qualcomm Incorporated | Systems and methods for selective association |
TWI600308B (en) * | 2015-04-30 | 2017-09-21 | 臺灣網路認證股份有限公司 | System for using valid certificate to apply mobile certificate online and method thereof |
CN105376216A (en) * | 2015-10-12 | 2016-03-02 | 华为技术有限公司 | Remote access method, agent server and client end |
WO2018125989A2 (en) * | 2016-12-30 | 2018-07-05 | Intel Corporation | The internet of things |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI776404B (en) * | 2020-03-23 | 2022-09-01 | 大陸商騰訊科技(深圳)有限公司 | Method of authenticating biological payment device, apparatus, electronic device, and computer-readable medium |
Also Published As
Publication number | Publication date |
---|---|
TW202009759A (en) | 2020-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11546309B2 (en) | Secure session capability using public-key cryptography without access to the private key | |
KR102503515B1 (en) | Method and apparatus for controlling data access authority | |
Aggarwal et al. | Energychain: Enabling energy trading for smart homes using blockchains in smart grid ecosystem | |
US10853772B2 (en) | Method and system for exchange of value or tokens between blockchain networks | |
KR101657705B1 (en) | A method for operating a network, a system management device, a network and a computer program therefor | |
TWI744532B (en) | Methods and systems to establish trusted peer-to-peer communications between nodes in a blockchain network | |
US10327136B2 (en) | Method for distributed identification, a station in a network | |
Ateniese et al. | Secret handshakes with dynamic and fuzzy matching. | |
CN108599925B (en) | Improved AKA identity authentication system and method based on quantum communication network | |
KR100860404B1 (en) | Device authenticaton method and apparatus in multi-domain home networks | |
US7334255B2 (en) | System and method for controlling access to multiple public networks and for controlling access to multiple private networks | |
KR101730757B1 (en) | Method and system for accessing device by a user | |
US9021552B2 (en) | User authentication for intermediate representational state transfer (REST) client via certificate authority | |
US20060206616A1 (en) | Decentralized secure network login | |
Rezaeibagha et al. | Practical and secure telemedicine systems for user mobility | |
US20170201382A1 (en) | Secure Endpoint Devices | |
CN111404950B (en) | Information sharing method and device based on block chain network and related equipment | |
CN109981292B (en) | SM9 algorithm-based authentication method, device and system | |
Claeys et al. | Securing complex IoT platforms with token based access control and authenticated key establishment | |
CN113411187B (en) | Identity authentication method and system, storage medium and processor | |
WO2008002081A1 (en) | Method and apparatus for authenticating device in multi domain home network environment | |
KR20190084171A (en) | Dtls based end-to-end security method for internet of things device | |
TWI672606B (en) | Authorization authentication method based on authentication and key agreement protocol | |
CN109995723B (en) | Method, device and system for DNS information interaction of domain name resolution system | |
CN113596004B (en) | Identity authentication method and device in multiparty security calculation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |