CN102036235A - Device and method for identity authentication - Google Patents

Device and method for identity authentication Download PDF

Info

Publication number
CN102036235A
CN102036235A CN2009101772501A CN200910177250A CN102036235A CN 102036235 A CN102036235 A CN 102036235A CN 2009101772501 A CN2009101772501 A CN 2009101772501A CN 200910177250 A CN200910177250 A CN 200910177250A CN 102036235 A CN102036235 A CN 102036235A
Authority
CN
China
Prior art keywords
terminal
wireless router
private key
identify label
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2009101772501A
Other languages
Chinese (zh)
Inventor
张胜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens Ltd China
Siemens AG
Original Assignee
Siemens Ltd China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Ltd China filed Critical Siemens Ltd China
Priority to CN2009101772501A priority Critical patent/CN102036235A/en
Publication of CN102036235A publication Critical patent/CN102036235A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention relates to a device and a method for identity authentication. The device comprises a calculation module, an encryption module and a communication module, wherein the calculation module is used for calculating a first numerical value by a public parameter and a random number when identity authentication for a terminal and a second wireless router is performed and calculating a third numerical value according to an appointed equation at least by a private key of the terminal, a second numerical value, the public parameter, the random number and a public key of the second wireless router when the terminal receives the second numerical value transmitted by the second wireless router and the public key of the second wireless router; the encryption module is used for encrypting the third numerical value by an identity identifier of the terminal to obtain a first encryption value; and the communication module is used for sending the first numerical value and the identity identifier of the first terminal and the private key thereof to the second wireless router to generate the identity identifier of the first wireless router of the private key of the terminal and sending the first encryption value to the second wireless router. By using the device and the method, safe identity authentication can be performed between terminals or between the terminal and the wireless router.

Description

A kind of apparatus and method that are used for authentication
Technical field
The present invention relates to a kind of apparatus and method that are used for authentication.
Background technology
Wireless mesh network (Wireless Mesh Network:WMN) is the multihop network of a kind of self-management and self-configuration, and it has many advantages, for example the simplicity of Qian Qi low input, big power system capacity, maintenance and high reliability etc.
802.11 mesh network is a kind of of wireless mesh network, has the feature of 802.11 WLAN (wireless local area network) and grid, uses one group of wireless router to come to provide wireless coverage in certain zone.Fig. 1 shows the structural representation of existing 802.11 mesh networks, as shown in Figure 1, in 802.11 mesh networks, be furnished with one group of wireless router, because these wireless routers can communicate by wireless mode each other, can be connected to the Internet by these wireless routers so be positioned at the terminal of the wireless coverage of each wireless router, each terminal that perhaps is positioned at the wireless coverage of different radio router can communicate by these wireless routers.
As everyone knows, the radio communication of 802.11 WLAN (wireless local area network) is faced with security challenge, for example is subjected to easily such as such passive attack such as eavesdropping with such as such active attack such as information of distorting and dos attacks.Yet, to compare with the radio communication of 802.11 WLAN (wireless local area network), the security challenge that multi-hop communication faced of 802.11 mesh networks is more serious.
Compare with the terminal of 802.11 WLAN (wireless local area network), 802.11 any one terminal in the mesh network can move freely in network and via any wireless router insert the Internet or with network in other terminal communicate, therefore, in 802.11 mesh networks, in order to ensure safety, pay particular attention in authentication between the terminal and the authentication between terminal and wireless router.
Summary of the invention
Consider the problems referred to above of prior art, embodiments of the invention provide a kind of apparatus and method that are used for authentication, utilize this apparatus and method, can carry out authentication between the terminal or between terminal and wireless router safely.
According to a kind of device that is used for authentication of the present invention, comprise: computing module, be used for when first terminal and second terminal are carried out authentication, utilize a common parameter and a random number to calculate first numerical value, and the second value that receives described second terminal transmission when described first terminal, when the identify label of described second terminal and its private key are used for producing the identify label of second wireless router of private key of described second terminal, utilize the private key of described first terminal at least, described second value, described common parameter, the PKI of described random number and described second wireless router is according to specifying equation to calculate third value; Acquisition module is used for obtaining according to the identify label of described second wireless router that is received the PKI of described second wireless router; Encrypting module is used to utilize the identify label of described first terminal to encrypt described third value to obtain first secret value; And, communication module, be used for sending described first numerical value to described second terminal, its private key is used for producing the identify label of first wireless router of private key of described first terminal and the identify label of described first terminal, and send described first secret value to described second terminal, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, and the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of device that is used for authentication of the present invention, comprise: computing module, be used for receiving first numerical value that first terminal sends when second terminal, when its private key is used for producing the identify label of the identify label of first wireless router of private key of described first terminal and described first terminal, utilize a common parameter and a random number to calculate second value, and when described second terminal receives first secret value of described first terminal transmission, digital certificate at described first wireless router is under the effective situation, utilizes the identify label of described first terminal at least, described first numerical value, described common parameter, described random number, the private key of the PKI of described first wireless router and described second terminal is according to specifying equation to calculate the 4th numerical value; Communication module is used for sending the identify label of second wireless router that the identify label of the second value of described calculating, described second terminal and its private key are used for producing the private key of described second terminal to described first terminal; Acquisition module is used for obtaining according to the identify label of described first wireless router that is received the PKI and the digital certificate of described first wireless router; Check module, be used to check whether the digital certificate of described first wireless router that is obtained is effective; Encrypting module is used to utilize the identify label of described first terminal to encrypt the secret value of described the 4th numerical value to obtain calculating; Comparison module, whether the secret value that is used for more described first secret value and described calculating is identical; And, determination module, be used for when comparative result for certainly the time, the identity of determining described first terminal is genuine, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the private key of described second terminal is to be calculated by the identify label of the private key of described second wireless router and described second terminal, and the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of device that is used for authentication of the present invention, comprise: computing module, be used for when terminal and second wireless router carry out authentication, utilize a common parameter and a random number to calculate first numerical value, and when described terminal received the PKI of second value that described second wireless router sends and described second wireless router, the PKI that utilizes the private key of described terminal, described second value, described common parameter, described random number and described second wireless router at least was according to specifying equation to calculate third value; Encrypting module is used to utilize the identify label of described terminal to encrypt described third value to obtain first secret value; And, communication module, be used for sending described first numerical value to described second wireless router, the identify label of described first terminal and its private key are used for producing the identify label of first wireless router of the private key of described terminal, and send described first secret value to described second wireless router, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, and the private key of described second wireless router is the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of device that is used for authentication of the present invention, comprise: computing module, be used for receiving first numerical value that a terminal sends when second wireless router, when the identify label of described terminal and its private key are used for producing the identify label of first wireless router of private key of described terminal, utilize a common parameter and a random number to calculate second value, and when described second wireless router receives first secret value of described terminal transmission, digital certificate at described first wireless router is under the effective situation, utilizes the identify label of described terminal at least, described first numerical value, described common parameter, described random number, the private key of the PKI of described first wireless router and described second wireless router is according to specifying equation to calculate the 4th numerical value; Communication module is used for sending to described terminal the PKI of described second value and described second wireless router; Acquisition module is used for obtaining according to the identify label of described first wireless router that is received the PKI and the digital certificate of described first wireless router; Check module, be used to check whether the digital certificate of described first wireless router that is obtained is effective; Encrypting module is used to utilize the identify label of described terminal to encrypt the secret value of described the 4th numerical value to obtain calculating; Comparison module, whether the secret value that is used for more described first secret value and described calculating is identical; And, determination module, be used for when comparative result for certainly the time, the identity of determining described terminal is genuine, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, and the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of method that is used for authentication of the present invention, comprise step: when first terminal and second terminal are carried out authentication, utilize a common parameter and random number to calculate first numerical value and send the identify label of first wireless router that the identify label of first numerical value of described calculating, described first terminal and its private key are used for producing the private key of described first terminal to described second terminal; When described first terminal receives the identify label of the second value that described second terminal sends, described second terminal and its private key when being used for producing the identify label of second wireless router of private key of described second terminal, obtain the PKI of described second wireless router according to the identify label of described second wireless router that is received; The PKI of described second wireless router that utilizes the private key of described first terminal, described second value, described common parameter, described random number at least and obtained is according to specifying equation to calculate third value; Utilize the identify label of described first terminal to encrypt described third value to obtain first secret value; And, send described first secret value to described second terminal, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, and the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of method that is used for authentication of the present invention, comprise step: when second terminal receives the identify label of first numerical value that first terminal sends, described first terminal and its private key when being used for producing the identify label of first wireless router of private key of described first terminal, utilize a common parameter and random number to calculate second value and send the identify label of second wireless router that the identify label of the second value of described calculating, described second terminal and its private key are used for producing the private key of described second terminal to described first terminal; When described second terminal receives first secret value that described first terminal sends, come the digital certificate of described first wireless router and check whether the digital certificate of described first wireless router that is obtained is effective according to the identify label of described first wireless router that is received; When check result for certainly the time, at least utilize the PKI of the identify label of described first terminal, described first numerical value, described common parameter, described random number, described first wireless router and the private key of described second terminal, according to specifying equation to calculate the 4th numerical value; Utilize the identify label of described first terminal to encrypt the secret value of described the 4th numerical value to obtain calculating; Whether the secret value of more described first secret value and described calculating is identical; And, when comparative result for certainly the time, the identity of determining described first terminal is genuine, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the private key of described second terminal is to be calculated by the identify label of the private key of second wireless router and described second terminal, and the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of method that is used for authentication of the present invention, comprise step: when terminal and second wireless router carry out authentication, utilize a common parameter and random number to calculate first numerical value and send the identify label of first wireless router that the identify label of first numerical value of described calculating, described terminal and its private key are used for producing the private key of described terminal to described second wireless router; When described terminal receives the PKI of second value that described second wireless router sends and described second wireless router, at least utilize the PKI of the private key of described terminal, described second value, described common parameter, described random number and described second wireless router, according to specifying equation to calculate third value; Utilize the identify label of described terminal to encrypt described third value to obtain first secret value; And, described second wireless router sends described first secret value, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, and the private key of described second wireless router is the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of method that is used for authentication of the present invention, comprising step:, utilize a common parameter and one when second wireless router receives the identify label of first numerical value that terminal sends, described terminal and its private key when being used for producing the identify label of first wireless router of private key of described terminal. individual random number is calculated second value and is sent the second value of described calculating and the PKI of described second wireless router to described terminal; When described second wireless router receives first secret value of described terminal transmission, obtain the PKI and the digital certificate of described first wireless router according to the identify label of described first wireless router that is received; Whether the digital certificate of checking described first wireless router that is obtained is effective; When check result for certainly the time, the private key that utilizes the PKI of the identify label of described terminal, described first numerical value, described common parameter, described random number, described first wireless router and described second wireless router at least is according to specifying equation to calculate the 4th numerical value; Utilize the identify label of described terminal to encrypt the secret value of described the 4th numerical value to obtain calculating; Whether the secret value of more described first secret value and described calculating is identical; And, when comparative result for certainly the time, the identity of determining described terminal is genuine, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, and the private key of the private key of described first wireless router and described the 3rd wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of first terminal of the present invention, comprising: memory, be used to store the identify label of common parameter, described first terminal and private key, with and private key be used for producing the identify label of first wireless router of the private key of described first terminal; Computing module, be used for when described first terminal and second terminal are carried out authentication, utilize the common parameter and a random number of being stored to calculate first numerical value, and the second value that receives described second terminal transmission when described first terminal, when the identify label of described second terminal and its private key are used for producing the identify label of second wireless router of private key of described second terminal, utilize the private key and the described common parameter of described first terminal of being stored at least, described second value, the PKI of described random number and described second wireless router is according to specifying equation to calculate third value; Acquisition module is used for obtaining according to the identify label of described second wireless router that is received the PKI of described second wireless router; Encrypting module is used to utilize the identify label of described first terminal to encrypt described third value to obtain first secret value; And, communication module, be used for sending described first numerical value to described second terminal, the identify label of described first wireless router of being stored and the identify label of described first terminal, and send described first secret value to described second terminal, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, and the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of second terminal of the present invention, comprising: memory, be used to store the private key of common parameter, described second terminal and sign, with and private key be used for producing the identify label of second wireless router of the private key of described second terminal; Computing module, be used for receiving first numerical value that first terminal sends when described second terminal, when its private key is used for producing the identify label of the identify label of first wireless router of private key of described first terminal and described first terminal, utilize common parameter and a random number of described storage to calculate second value, and when described second terminal receives first secret value of described first terminal transmission, digital certificate at described first wireless router is under the effective situation, utilizes the identify label of described first terminal at least, described first numerical value, described common parameter, described random number, the private key of the PKI of described first wireless router and described second terminal is according to specifying equation to calculate the 4th numerical value; Communication module is used for sending the identify label of the second value of described calculating, described second terminal of being stored and the identify label of described second wireless router to described first terminal; Acquisition module is used for obtaining according to the identify label of described first wireless router that is received the PKI and the digital certificate of described first wireless router; Check module, be used to check whether the digital certificate of described first wireless router that is obtained is effective; Encrypting module is used to utilize the identify label of described first terminal to encrypt the secret value of described the 4th numerical value to obtain calculating; Comparison module, whether the secret value that is used for more described first secret value and described calculating is identical; And, determination module, be used for when comparative result for certainly the time, the identity of determining described first terminal is genuine, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the private key of described second terminal is to be calculated by the identify label of the private key of described second wireless router and described second terminal, and the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of terminal of the present invention, comprising: memory, be used to store the identify label of common parameter, described terminal and private key, with and private key be used for producing the identify label of first wireless router of the private key of described terminal; Computing module, be used for when described terminal and second wireless router carry out authentication, utilize common parameter and a random number of described storage to calculate first numerical value, and when described terminal received the PKI of second value that described second wireless router sends and described second wireless router, the PKI that utilizes the private key of described terminal, described second value, described common parameter, described random number and described second wireless router at least was according to specifying equation to calculate third value; Encrypting module is used to utilize the identify label of described terminal to encrypt described third value to obtain first secret value; And, communication module, be used for sending described first numerical value to described second wireless router, the identify label of described first terminal of being stored and the identify label of described first wireless router, and send described first secret value to described second wireless router, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, and the private key of described second wireless router is the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
According to a kind of second wireless router of the present invention, comprising: memory is used to store the private key and the PKI of common parameter and described second wireless router; Computing module, be used for receiving first numerical value that a terminal sends when described second wireless router, when the identify label of described terminal and its private key are used for producing the identify label of first wireless router of private key of described terminal, utilize common parameter and a random number of described storage to calculate second value, and when described second wireless router receives first secret value of described terminal transmission, digital certificate at described first wireless router is under the effective situation, utilizes the identify label of described terminal at least, described first numerical value, described common parameter, described random number, the private key of the PKI of described first wireless router and described second wireless router is according to specifying equation to calculate the 4th numerical value; Communication module is used for sending to described terminal the PKI of described second value and described second wireless router; Acquisition module is used for obtaining according to the identify label of described first wireless router that is received the PKI and the digital certificate of described first wireless router; Check module, be used to check whether the digital certificate of described first wireless router that is obtained is effective; Encrypting module is used to utilize the identify label of described terminal to encrypt the secret value of described the 4th numerical value to obtain calculating; Comparison module, whether the secret value that is used for more described first secret value and described calculating is identical; And, determination module, be used for when comparative result for certainly the time, the identity of determining described terminal is genuine, wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, and the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
Description of drawings
Above-mentioned purpose of the present invention and other purpose, feature and advantage will will become more apparent by the detailed description below in conjunction with accompanying drawing.Wherein:
Fig. 1 shows the structural representation of existing 802.11 mesh networks;
Fig. 2 is the structural representation that illustrates according to the terminal of one embodiment of the invention;
Fig. 3 is the structural representation that illustrates according to the wireless router of one embodiment of the invention;
Fig. 4 shows according to the flow chart that carries out the method for authentication between terminal of this one embodiment of the invention and the wireless router; And
Fig. 5 shows the flow chart that carries out the method for authentication between two terminals according to one embodiment of the invention.
Embodiment
Below, will describe each embodiment of the present invention in detail.
According to one embodiment of the present of invention, being used with the terminal in 802.11 mesh networks based on the public-key cryptography of identify label and conventional certificate management method provides authentication and safeguard protection.At first, each wireless router in 802.11 mesh networks is awarded digital certificate.Then, each wireless router uses the digital certificate that is awarded, for each terminal that belongs to its administration produces PKI and private key based on identify label.Like this; when terminal and wireless router carry out authenticating mutually between access authentication or the terminal; terminal just can use their PKI and private key based on identify label to carry out authentication and session key agreement, thereby terminal just can utilize the session key of being consulted to protect the communication information.
Suppose that Fq is a finite field (q is a prime number), and E (F q) be based on this finite field F qThe elliptic curve that is generated, this elliptic curve E (F so q) the discrete logarithm problem of multiplicative group be difficult to resolve.Select this elliptic curve E (F q) on a basic point that its rank are prime number N, as common parameter P, wherein, the rank of common parameter P are N, here, preferentially selecting rank N is that the basic point of big prime number is as common parameter P.
After obtaining common parameter P and rank N thereof, the public and private key that just can generate each wireless router AP is right, wherein, the private key s of wireless router AP is set [1, N-1] in any one element, be that private key s is the positive integer less than N, and the PKI of wireless router AP is sP, the digital certificate of wireless router AP is Cert AP
The public and private key that is provided with wireless router AP to digital certificate after, just can produce the PKI and the private key based on identify label of each terminal that belongs to wireless router AP administration, wherein, the PKI of terminal is the identify label Q of this terminal, and the private key of terminal is sQ, and the private key that is to say terminal is to utilize the private key as its governor's wireless router to calculate.
At this, the bilinearity mapping function that will use below introducing
Figure B2009101772501D0000101
The bilinearity mapping function Be G 1* G 1To G 2The mapping of bilinearity, G 1And G 2Be respectively module and the multiplicative group with phase same order q, discrete logarithm problem all is difficult to resolve on these two groups.Usually, G 1Be the subclass of the rational point group of the elliptic curve on the finite field, G 2Be the multiplication subclass of finite field, and the bilinearity mapping function
Figure B2009101772501D0000103
By the Weir on the elliptic curve (Weil Pairing) derivation is obtained.
Fig. 2 is the structural representation that illustrates according to the terminal of one embodiment of the invention.As shown in Figure 2, terminal can comprise memory 110 and identification authentication system 120.
Wherein, memory 110 be used to store the private key of common parameter P, this terminal and identify label (PKI) with and private key be used for generating the identify label of wireless router (i.e. the administration wireless router of this terminal) of the private key of this terminal.
Identification authentication system 120 is used for when this terminal moves to the wireless coverage of a wireless router and inserts this wireless router, carry out authentication with this wireless router, and when this terminal is want to communicate with another terminal, carry out authentication with this another terminal.
Fig. 3 is the structural representation that illustrates according to the wireless router of one embodiment of the invention.As shown in Figure 3, wireless router can comprise memory 210 and identification authentication system 220.
Wherein, memory 210 is used to store private key, PKI and the digital certificate of common parameter P and this wireless router.
Identification authentication system 220 is used for carrying out authentication with this terminal when a terminal moves to the wireless coverage of this wireless router and inserts this wireless router.
Below, with terminal A and wireless router AP 2Be example, describe the method for when terminal is wanted to insert wireless router, carrying out authentication in detail according to one embodiment of the invention.Fig. 4 shows according to the flow chart that carries out the method for authentication between the terminal of present embodiment and the wireless router.
Here, the administration wireless router of supposing terminal A is AP 1, wireless router AP 1Private key, PKI and digital certificate be respectively s 1, s 1P and
Figure B2009101772501D0000111
The private key of terminal A and identify label are respectively s 1Q AAnd Q A, and wireless router AP 2Private key, PKI and digital certificate be respectively s 2, s 2P and
As shown in Figure 4, think and wireless router AP as terminal A 2When carrying out authentication, the identification authentication system 120 of terminal A uses a random number r AThe common parameter P that is stored with memory 110 calculates the first numerical value r AP (step S400).Wherein, random number r ABe finite field F qIn an element.
The identification authentication system 120 of terminal A is the first numerical value r that is calculated AThe identify label Q of the terminal A that the memory 110 of P, terminal A is stored AWith the identify label of the administration wireless router of terminal A (be wireless router AP 1Identify label) send to wireless router AP 2(step S405).
At wireless router AP 2Receive the first numerical value r of self terminal A AThe identify label Q of P, terminal A AAfter the identify label of the administration wireless router of terminal A, wireless router AP 2Identification authentication system 220 use a random number r 2The common parameter P that is stored with memory 210 calculates second value r 2P (step S410).Wherein, random number r 2Be finite field F qIn an element.
Wireless router AP 2Identification authentication system 220 the second value r that is calculated 2P, wireless router AP 2The wireless router AP that stored of memory 210 2PKI s 2P and digital certificate
Figure B2009101772501D0000113
Send to terminal A (step S415).
Receive from wireless router AP at terminal A 2Second value r 2P and wireless router AP 2PKI s 2P and digital certificate After, the identification authentication system 120 of terminal A utilizes second value r 2P, wireless router AP 2PKI s 2P, random number r AAnd the private key s of the terminal A that stored of memory 110 1Q AWith common parameter P, according to first equation
Figure B2009101772501D0000122
Calculate third value K 1(step S420).In the present embodiment, at terminal A and wireless router AP 2After successfully carrying out authentication, third value K 1Be used as terminal A and wireless router AP 2The session key that communicates.Because this first equation is by the bilinearity mapping function
Figure B2009101772501D0000123
Construct and get, and the bilinearity mapping function
Figure B2009101772501D0000124
Discrete logarithm problem be difficult to resolve, so the discrete logarithm problem of this first equation also be difficult to resolve, in other words, even the third party has known second value r 2P, wireless router AP 2PKI s 2P, third value K 1With the concrete form of this first equation, can not be according to second value r 2P, wireless router AP 2PKI s 2P and third value K 1Utilize this first equation to derive random number r A, terminal A private key s 1Q AWith common parameter P, thereby guarantee random number r APrivate key s with terminal A 1Q ACan not reveal and know to the third party.And this first equation is constructed to make wireless router AP 2Can utilize wireless router AP 2Private key s 2, common parameter P, the first numerical value r AP, be used to generate second value r 2The random number r of P 2, as the wireless router AP of the administration wireless router of terminal A 1PKI and the identify label Q of terminal A ACalculate and third value K 1The numerical value that equates.
The identification authentication system 120 of terminal A utilizes identify label (PKI) Q of the terminal A that memory 110 stored AEncrypt third value K 1, promptly to third value K 1Carry out hash and calculate, obtain the first secret value h (K 1, Q A) (step S425).Here, h () expression is encrypted employed hash function to third value K.
The identification authentication system 120 of terminal A is the first secret value h (K 1, Q A) send to wireless router AP 2(step S430).
At wireless router AP 2Receive the first secret value h (K of self terminal A 1, Q A) after, wireless router AP 2Identification authentication system 220 from the represented wireless router of identify label of the administration wireless router of the terminal A that received before, i.e. wireless router AP 1, obtain the PKI and the digital certificate of the administration wireless router of terminal A, i.e. wireless router AP 1PKI s 1P and digital certificate
Figure B2009101772501D0000125
(step S435).
Wireless router AP 2The digital certificate of administration wireless router of the terminal A that obtained of identification authentication system 220 inspection, i.e. wireless router AP 1Digital certificate Whether be effective (step S440).
If the check result of step S440 is not, i.e. wireless router AP 1Digital certificate
Figure B2009101772501D0000131
Not effectively, then authentication failure, flow process finishes.
If the check result of step S440 is for being, i.e. wireless router AP 1Digital certificate
Figure B2009101772501D0000132
Be effectively, wireless router AP then 2The identify label Q of the terminal A that received of identification authentication system 220 utilization AWith the first numerical value r AP, the wireless router AP that is obtained as the administration wireless router of terminal A 1PKI s 1P, random number r 2The common parameter P and the wireless router AP that are stored with memory 210 2Private key s 2, according to second equation
Figure B2009101772501D0000133
Calculate the 4th numerical value K 2(step S445).In the present embodiment, at terminal A and wireless router AP 2After successfully carrying out authentication, the 4th numerical value K 2Be used as wireless router AP 2The session key that communicates with terminal A.Because this second equation is by the bilinearity mapping function Construct and get, and the bilinearity mapping function
Figure B2009101772501D0000135
Discrete logarithm problem be difficult to resolve, so the discrete logarithm problem of this second equation also be difficult to resolve, in other words, even the third party has known the identify label Q of terminal A A, the first numerical value r AP, wireless router AP 1PKI s 1The concrete form of P and this second equation can not be according to the identify label Q of terminal A A, the first numerical value r AP and wireless router AP 1PKI s 1P utilizes this second equation to derive random number r 2, common parameter P and wireless router AP 2Private key s 2Thereby, guarantee covert random number r 2With wireless router AP 2Private key s 2Can not reveal and know to the third party.And this second equation is constructed to make that terminal A can utilize the private key s of terminal A 1Q A, common parameter P, be used to generate the first numerical value r AThe random number r of P A, second value r 2P and wireless router AP 2PKI calculate and the 4th numerical value K 2The numerical value that equates (is third value K 1).
Wireless router AP 2The identify label Q of the terminal A that received of identification authentication system 220 utilization AEncrypt the 4th numerical value K 2, promptly to the 4th numerical value K 2Carry out hash and calculate the secret value h (K that obtains calculating 2, Q A) (step S450).
Wireless router AP 2The identification authentication system 220 secret value h (K that relatively should calculate 2, Q A) and the first secret value h (K that received 1, Q A) whether identical (step S455).
In fact, because
Figure B2009101772501D0000136
Figure B2009101772501D0000137
Figure B2009101772501D0000138
So, under normal circumstances, the secret value h (K of this calculating 2, Q A) and the first secret value h (K that received 1, Q A) be identical.
When the comparative result of step S455 for not, i.e. secret value h (K that should calculate 2, Q A) and the first secret value h (K that received 1, Q A) inequality, then authentication failure, flow process finishes.
When the comparative result of step S455 for being, i.e. secret value h (K that should calculate 2, Q A) and the first secret value h (K that received 1, Q A) identical, wireless router AP then 2Identification authentication system 220 determine that the identity of terminal A is genuine, and know that terminal A has generated session key (step S460).
After the identity of determining terminal A is genuine, wireless router AP 2The identification authentication system 220 wireless router AP that uses memories 210 to be stored 2PKI s 2P encrypts the 4th numerical value K 2, promptly to the 4th numerical value K 2Carry out hash and calculate, obtain the second secret value h (K 2, s 2P) (step S465).
Wireless router AP 2Identification authentication system 220 send the second secret value h (K calculated to terminal A 2, s 2P) (step S470).
Receive from wireless router AP at terminal A 2The second secret value h (K 2, s 2P) after, the wireless router AP that the identification authentication system 120 of terminal A is obtained before checking 2Digital certificate Whether be effective (step S475).
If the check result of step S475 is not, i.e. wireless router AP 2Digital certificate
Figure B2009101772501D0000142
Not effectively, then authentication failure, flow process finishes.
If the check result of step S475 is for being, i.e. wireless router AP 2Digital certificate
Figure B2009101772501D0000143
Be effectively, then the identification authentication system 120 of terminal A uses the wireless router AP that is received before 2PKI s 2The third value K that is calculated before P encrypts 1, promptly to third value K 1Carry out hash and calculate the secret value h (K that obtains calculating 1, s 2P) (step S480).
The identification authentication system 120 of terminal A relatively should calculate secret value h (K 1, s 2P) and the second secret value h (K that is received 2, s 2P) whether identical (step S485).
If the check result of step S485 for not, promptly should calculate secret value h (K 1, s 2P) and the second secret value h (K that is received 2, s 2P) inequality, then authentication failure, flow process finishes.
If the check result of step S485 is for being, promptly should calculate secret value h (K 1, s 2P) and the second secret value h (K that is received 2, s 2P) identical, then the identification authentication system 120 of terminal A is determined wireless router AP 2Identity be genuine, and know wireless router AP 2Generated session key (step S490).
Like this, at terminal A and wireless router AP 2After successfully carrying out authentication, terminal A just can insert wireless router AP 2, and at terminal A and wireless router AP 2In the process that communicates, terminal A and wireless router AP 2Information and the data that can utilize the session key that is generated to come encryption and decryption to transmit mutually.
Below, be example with terminal A and terminal B, describe the method for carrying out authentication between two terminals according to one embodiment of the invention in detail.Fig. 5 shows the flow chart that carries out the method for authentication between two terminals according to present embodiment.
Here, the administration wireless router of supposing terminal A is AP 1With the administration wireless router of terminal B be AP 2, wireless router AP 1Private key, PKI and digital certificate be respectively s 1, s 1P and
Figure B2009101772501D0000151
The private key of terminal A and identify label are respectively s 1Q AAnd Q A, wireless router AP 2Private key, PKI and digital certificate be respectively s 2, s 2P and
Figure B2009101772501D0000152
And the private key of terminal B and identify label are respectively s 2Q BAnd Q B
As shown in Figure 5, when terminal A want to carry out authentication with terminal B, the identification authentication system 120 of terminal A used a random number r AWith terminal A the common parameter P that stored of memory 110 calculate the first numerical value r AP (step S500).Wherein, random number r ABe finite field F qIn an element.
The identification authentication system 120 of terminal A is the first numerical value r that is calculated AThe identify label Q of the terminal A that the memory 110 of P, terminal A is stored AWith the identify label of the administration wireless router of terminal A (be wireless router AP 1Identify label) send to terminal B (step S505).
Receive the first numerical value r of self terminal A at terminal B AThe identify label Q of P, terminal A AWith the identify label of the administration wireless router of terminal A (be wireless router AP 1Identify label) after, the identification authentication system of terminal B 120 uses a random number r BThe common parameter P that is stored with the memory 110 of terminal B calculates second value r BP (step S510).Wherein, random number r BBe finite field F qIn an element.
The identification authentication system 120 of terminal B is the second value r that is calculated BThe identify label Q of the terminal B that the memory 110 of P, terminal B is stored BWith the identify label of the administration wireless router of terminal B (be wireless router AP 2Identify label) send to terminal A (step S515).
Receive the second value r of self terminal B at terminal A BThe identify label Q of P, terminal B BWith the identify label of the administration wireless router of terminal B (be wireless router AP 2Identify label) after, the identification authentication system 120 of terminal A is from the represented wireless router of identify label of the administration wireless router of the terminal B that received, i.e. wireless router AP 2, obtain the PKI and the digital certificate of the administration wireless router of terminal B, i.e. wireless router AP 2PKI s 2P and digital certificate
Figure B2009101772501D0000161
(step S520).
Then, the identification authentication system 120 of terminal A utilizes random number r A, the second value r that received BP, the wireless router AP that is obtained as the administration wireless router of terminal B 2PKI s 2The private key s of the terminal A that the memory 110 of P and terminal A is stored 1Q AWith common parameter P, according to the C grade formula
Figure B2009101772501D0000162
Calculate third value K 1 /(step S525).In the present embodiment, after terminal A and terminal B successfully carry out authentication, third value K 1 /Be used as the session key that terminal A and terminal B communicate.Because this C grade formula is by the bilinearity mapping function
Figure B2009101772501D0000163
Construct and get, and the bilinearity mapping function
Figure B2009101772501D0000164
Discrete logarithm problem be difficult to resolve, so the discrete logarithm problem of this C grade formula also be difficult to resolve, in other words, even the third party has known second value r BP, as the wireless router AP of the administration wireless router of terminal B 2PKI s 2The identify label Q of P, terminal B B, third value K 1 /With the concrete form of this C grade formula, can not be according to second value r BP, wireless router AP 2PKI s 2The identify label Q of P, terminal B BWith third value K 1 /Utilize this C grade formula to derive random number r A, terminal A private key s 1Q AWith common parameter P, thereby guarantee random number r APrivate key s with terminal A 1Q ACan not reveal and know to the third party.And this C grade formula is constructed to make that terminal B can utilize the private key s of terminal B 2Q B, common parameter P, the first numerical value r AP, be used to generate second value r BThe random number r of P B, as the wireless router AP of the administration wireless router of terminal A 1PKI s 1The identify label Q of P and terminal A ACalculate and third value K 1 /The numerical value that equates.
The identification authentication system 120 of terminal A utilizes the identify label Q of the terminal A that the memory 110 of terminal A stored AEncrypt third value K 1 /, promptly to third value K 1 /Carry out hash and calculate, obtain the first secret value h (K 1 /, Q A) (step S530).Here, h () expression is to third value K 1 /Encrypt employed hash function.
The identification authentication system 120 of terminal A is the first secret value h (K 1 /, Q A) send to terminal B (step S535).
Receive the first secret value h (K of self terminal A at terminal B 1 /, Q A) after, the identification authentication system 120 of terminal B is from the represented wireless router of identify label of the administration wireless router of the terminal A that received before, i.e. wireless router AP 1, obtain the PKI and the digital certificate of the administration wireless router of terminal A, i.e. wireless router AP 1PKI s 1P and digital certificate
Figure B2009101772501D0000165
(step S540).
The wireless router AP that the inspection of the identification authentication system 120 of terminal B is obtained as the administration wireless router of terminal A 1Digital certificate
Figure B2009101772501D0000171
Whether be effective (step S545).
If the check result of step S545 is not, i.e. wireless router AP 1Digital certificate Not effectively, then authentication failure, flow process finishes.
If the check result of step S545 is for being, i.e. wireless router AP 1Digital certificate Be effectively, then the identification authentication system 120 of terminal B utilizes the identify label Q of the terminal A that is received AWith the first numerical value r AP, the wireless router AP that is obtained as the administration wireless router of terminal A 1PKI s 1P, random number r 2Common parameter P that is stored with the memory 110 of terminal B and the private key s of terminal B 2Q B, according to fourth class formula
Figure B2009101772501D0000174
Calculate the 4th numerical value K 2 /(step S550).In the present embodiment, after terminal A and terminal B successfully carry out authentication, the 4th numerical value K 2 /Be used as the session key that terminal B and terminal A communicate.Because this fourth class formula is by the bilinearity mapping function
Figure B2009101772501D0000175
Construct and get, and the bilinearity mapping function
Figure B2009101772501D0000176
Discrete logarithm problem be difficult to resolve, so the discrete logarithm problem of this fourth class formula also be difficult to resolve, in other words, even the third party has known the first numerical value r AP, as the wireless router AP of the administration wireless router of terminal A 1PKI s 1The identify label Q of P, terminal A A, the 4th numerical value K 2 /With the concrete form of this fourth class formula, can not be according to the first numerical value r AP, wireless router AP 1PKI s 1The identify label Q of P, terminal A AWith the 4th numerical value K 2 /Utilize this fourth class formula to derive random number r B, terminal B private key s 2Q BWith common parameter P, thereby guarantee random number r BPrivate key s with terminal B 2Q BCan not reveal and know to the third party.And this fourth class formula is constructed to make that terminal A can utilize the private key s of terminal A 1Q A, common parameter P, second value r BP, be used to generate the first numerical value r AThe random number r of P A, as the wireless router AP of the administration wireless router of terminal B 2PKI s 2The identify label Q of P and terminal B BCalculate and the 4th numerical value K 2 /The numerical value that equates (is third value K 1 /).
The identification authentication system 120 of terminal B utilizes the identify label Q of the terminal A that is received AEncrypt the 4th numerical value K 2 /, promptly to the 4th numerical value K 2 /Carry out hash and calculate the secret value h (K that obtains calculating 2 /, Q A) (step S555).
Secret value h (the K that the identification authentication system 120 of terminal B relatively should calculate 2 /, Q A) and the first secret value h (K that received 1 /, Q A) whether identical (step S560).
In fact,
Figure B2009101772501D0000179
So, under normal circumstances, the secret value h (K of this calculating 2 /, Q A) and the first secret value h (K that received 1 /, Q A) be identical.
If the comparative result of step S560 promptly is somebody's turn to do the secret value h (K that calculates for not 2 /, Q A) and the first secret value h (K that received 1 /, Q A) inequality, then authentication failure, flow process finishes.
If the comparative result of step S560 is for being, i.e. secret value h (K that should calculate 2 /, Q A) and the first secret value h (K that received 1 /, Q A) inequality, then the identification authentication system 120 of terminal B determines that the identity of terminal A is genuine, and knows that terminal A has generated session key (step S565).
After the identity of determining terminal A is genuine, the identify label Q of the terminal B that the identification authentication system 120 of terminal B is stored from the memory 110 of terminal B BEncrypt the 4th numerical value K 2 /, promptly to the 4th numerical value K 2 /Carry out hash and calculate, obtain the second secret value h (K 2 /, Q B) (step S570).
The identification authentication system 120 of terminal B sends the second secret value h (K that is calculated to terminal A 2 /, Q B) (step S575).
Receive the second secret value h (K of self terminal B at terminal A 2 /, Q B) after, the wireless router AP that the identification authentication system of terminal A 120 is obtained before checking as the administration wireless router of terminal B 2Digital certificate
Figure B2009101772501D0000181
Whether be effective (step S580).
If the check result of step S580 is not, i.e. wireless router AP 2Digital certificate
Figure B2009101772501D0000182
Not effectively, then authentication failure, flow process finishes.
If the check result of step S580 is for being, i.e. wireless router AP 2Digital certificate
Figure B2009101772501D0000183
Be effectively, then the identification authentication system 120 of terminal A uses the identify label Q of the terminal B that is received before BThe third value K that is calculated before encrypting 1 /, promptly to third value K 1 /Carry out hash and calculate the secret value h (K that obtains calculating 1 /, Q B) (step S585).
The identification authentication system 120 of terminal A relatively should calculate secret value h (K 1 /, Q B) and the second secret value h (K that received 2 /, Q B) whether identical (step S590).
If the check result of step S590 for not, promptly should calculate secret value h (K 1 /, Q B) and the second secret value h (K that received 2 /, Q B) inequality, then authentication failure, flow process finishes.
If the check result of step S590 is for being, promptly should calculate secret value h (K 1 /, Q B) and the second secret value h (K that received 2 /, Q B) identical, then the identification authentication system 120 of terminal A determines that the identity of terminal B is genuine, and knows that terminal B has generated session key (step S595).
Like this, after terminal A and terminal B successfully carry out authentication, between terminal A and terminal B, just can communicate by letter, and in the process that terminal A and terminal B communicate, information and data that terminal A and terminal B can utilize the session key that is generated to come encryption and decryption to transmit mutually.Other modification
Those skilled in the art are to be understood that, though in the above embodiments, the PKI of the administration wireless router of terminal and digital certificate are to obtain from the represented wireless router of the identify label of the administration wireless router of terminal, yet the present invention is not limited thereto.In some other embodiment of the present invention, also can be kept at the identify label of the PKI of wireless router and digital certificate and wireless router in the certificate management authority accordingly, then, when a terminal or wireless router need obtain the PKI of administration wireless router of another terminal and digital certificate, this terminal or wireless router obtained the PKI and the digital certificate of the administration wireless router of this another terminal from certificate management authority by the identify label of the administration wireless router of this another terminal.
Though it will be appreciated by those skilled in the art that in the above embodiments, authentication is that both sides authenticate mutually, that is: wireless router AP not only 2The identity of authentication terminal A, and also authenticate wireless router-A P of terminal A 2Identity, and the identity of terminal B authentication terminal A not only, and terminal A also authenticates the identity of terminal B, however the present invention is not limited thereto.In some other embodiment of the present invention, authentication also can be the folk prescription authentication, that is: be wireless router AP 2The identity of authentication terminal A, terminal A is authenticate wireless router-A P not 2Identity, and the identity of terminal B authentication terminal A only, terminal A does not authenticate the identity of terminal B.
In authentication is that embodiment shown in Figure 4 can omit step S465-S490, and wireless router AP under the situation of folk prescription authentication 2Do not need its digital certificate
Figure B2009101772501D0000191
Send to terminal A, embodiment shown in Figure 5 can omit step S570-S595, and terminal A need not obtain the digital certificate of the administration wireless router of terminal B.
Those skilled in the art are to be understood that, the employed hash function h of the step S450 of the employed hash function h of the step S425 of Fig. 4 () and Fig. 4 () is identical, the employed hash function h of the step S480 of the employed hash function h of the step S465 of Fig. 4 () and Fig. 4 () is identical, the step S465 of the step S425 of Fig. 4 and the employed hash function h of S450 () and Fig. 4 and the employed hash function h of S480 () can be identical also can be inequality.In like manner, the employed hash function h of the step S555 of the employed hash function h of the step S530 of Fig. 5 () and Fig. 5 () is identical, the employed hash function h of the step S585 of the employed hash function h of the step S570 of Fig. 5 () and Fig. 5 () is identical, the step S570 of the step S530 of Fig. 5 and the employed hash function h of S555 () and Fig. 5 and the employed hash function h of S585 () can be identical also can be inequality.
It will be appreciated by those skilled in the art that the equation that equation that the present invention is used to calculate third value is not limited to top embodiment disclosed first and C grade formula and is used to calculate the 4th numerical value is not limited to top embodiment disclosed second and fourth class formula.For example, first equation can also be
Figure B2009101772501D0000201
Second equation can also be
Figure B2009101772501D0000202
The C grade formula can also be
Figure B2009101772501D0000203
And fourth class formula can also be
Figure B2009101772501D0000204
Though it will be appreciated by those skilled in the art that in the above embodiments, at terminal A and wireless router AP 2And the process that terminal A and terminal B carry out authentication is with regard to consulting session key, i.e. employed third value employed session key when communicating by letter after the 4th numerical value is exactly the authentication success in the authentication process, however the present invention is not limited thereto.In some other embodiment of the present invention, also can be at terminal A and wireless router AP 2And terminal A and terminal B successfully carry out after the authentication just consulting session key, that is to say, employed session key when employed third value and the 4th numerical value communicate by letters as authentication success back in the authentication process, employed session key is at terminal A and wireless router AP when communicating by letter after the authentication success 2And terminal A and terminal B are after successfully carrying out authentication, by terminal A and wireless router AP 2And terminal A and terminal B hold consultation and get.
It will be appreciated by those skilled in the art that the identification authentication system 120 and 220 that each top embodiment is disclosed can utilize software, hardware or way of hardware and software combination to realize.
Those skilled in the art are to be understood that; each embodiment of the present invention can make various modification and change under the situation that does not depart from invention essence; and these modification and change all should belong to protection scope of the present invention; therefore, protection scope of the present invention is defined by appending claims.

Claims (20)

1. device that is used for authentication comprises:
Computing module, be used for when first terminal and second terminal are carried out authentication, utilize a common parameter and a random number to calculate first numerical value, and the second value that receives described second terminal transmission when described first terminal, when the identify label of described second terminal and its private key are used for producing the identify label of second wireless router of private key of described second terminal, utilize the private key of described first terminal at least, described second value, described common parameter, the PKI of described random number and described second wireless router is according to specifying equation to calculate third value;
Acquisition module is used for obtaining according to the identify label of described second wireless router that is received the PKI of described second wireless router;
Encrypting module is used to utilize the identify label of described first terminal to encrypt described third value to obtain first secret value; And
Communication module, be used for sending described first numerical value, its private key and be used for producing the identify label of first wireless router of private key of described first terminal and the identify label of described first terminal to described second terminal, and send described first secret value to described second terminal
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
2. device as claimed in claim 1, wherein, described device also comprises comparison module, checks module and determination module, wherein
Described communication module also is used to receive second secret value that described second terminal sends,
Described acquisition module also is used for obtaining according to the identify label of described second wireless router that is received the digital certificate of described second wireless router,
Described inspection module is used to check whether the digital certificate of described second wireless router that is obtained is effectively,
Described encrypting module also is used for when check result shows that the digital certificate of described second wireless router is effective, utilizes the identify label of described second terminal to encrypt the secret value of described third value to obtain calculating,
Whether the secret value that described comparison module is used for more described calculating is identical with described second secret value, and
Described determination module be used for when comparative result for certainly the time, the identity of determining described second terminal is genuine.
3. device as claimed in claim 1, wherein
Described appointment equation is
Figure F2009101772501C0000021
Wherein,
Figure F2009101772501C0000022
Be the bilinearity mapping function, s 1Q ABe the private key of described first terminal, s 1Be the private key of described first wireless router, Q ABe the identify label of described first terminal, r BP is described second value, Q BThe identify label of described second terminal, s 2P is the PKI of described second wireless router, s 2Be the private key of described second wireless router, r ABe described random number, and P is described common parameter.
4. device that is used for authentication comprises:
Computing module, be used for receiving first numerical value that first terminal sends when second terminal, when its private key is used for producing the identify label of the identify label of first wireless router of private key of described first terminal and described first terminal, utilize a common parameter and a random number to calculate second value, and when described second terminal receives first secret value of described first terminal transmission, digital certificate at described first wireless router is under the effective situation, utilizes the identify label of described first terminal at least, described first numerical value, described common parameter, described random number, the private key of the PKI of described first wireless router and described second terminal is according to specifying equation to calculate the 4th numerical value;
Communication module is used for sending the identify label of second wireless router that the identify label of the second value of described calculating, described second terminal and its private key are used for producing the private key of described second terminal to described first terminal;
Acquisition module is used for obtaining according to the identify label of described first wireless router that is received the PKI and the digital certificate of described first wireless router;
Check module, be used to check whether the digital certificate of described first wireless router that is obtained is effective;
Encrypting module is used to utilize the identify label of described first terminal to encrypt the secret value of described the 4th numerical value to obtain calculating;
Comparison module, whether the secret value that is used for more described first secret value and described calculating is identical; And
Determination module, be used for when comparative result for certainly the time, the identity of determining described first terminal is genuine,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the private key of described second terminal is to be calculated by the identify label of the private key of described second wireless router and described second terminal, the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
5. device as claimed in claim 4, wherein,
The identity that described encrypting module also is used for when described first terminal is determined when being genuine, utilizes the identify label of described second terminal to encrypt described the 4th numerical value obtaining second secret value, and
Described communication module also is used for sending described second secret value to described first terminal.
6. device as claimed in claim 4, wherein
Described appointment equation is
Figure F2009101772501C0000031
Wherein,
Figure F2009101772501C0000032
Be the bilinearity mapping function, s 2Q BBe the private key of described second terminal, s 2Be the private key of described second wireless router, Q BBe the identify label of described second terminal, r AP is described first numerical value, Q AThe identify label of described first terminal, s 1P is the PKI of described first wireless router, s 1Be the private key of described first wireless router, r BBe described random number, and P is described common parameter.
7. device that is used for authentication comprises:
Computing module, be used for when terminal and second wireless router carry out authentication, utilize a common parameter and a random number to calculate first numerical value, and when described terminal received the PKI of second value that described second wireless router sends and described second wireless router, the PKI that utilizes the private key of described terminal, described second value, described common parameter, described random number and described second wireless router at least was according to specifying equation to calculate third value;
Encrypting module is used to utilize the identify label of described terminal to encrypt described third value to obtain first secret value; And
Communication module, be used for sending the identify label of first wireless router that the identify label of described first numerical value, described first terminal and its private key are used for producing the private key of described terminal to described second wireless router, and send described first secret value to described second wireless router
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, the private key of described second wireless router is the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
8. device as claimed in claim 7, wherein, described device also comprises comparison module, checks module and determination module, wherein
Described communication module also is used to receive second secret value of described second wireless router transmission and the digital certificate of described second wireless router,
Described inspection module is used to check whether the digital certificate of described second wireless router that is received is effectively,
Described encrypting module also is used for when check result shows that the digital certificate of described second wireless router is effective, utilizes the PKI of described second wireless router to encrypt the secret value of described third value to obtain calculating,
Whether the secret value that described comparison module is used for more described calculating is identical with described second secret value, and
Described determination module is used for when comparative result shows that the secret value of described calculating is identical with described second secret value, and the identity of determining described second wireless router is genuine.
9. device as claimed in claim 7, wherein
Described appointment equation is
Figure F2009101772501C0000041
Wherein,
Figure F2009101772501C0000042
Be the bilinearity mapping function, s 1Q ABe the private key of described terminal, s 1Be the private key of described first wireless router, Q ABe the identify label of described terminal, r 2P is described second value, s 2P is the PKI of described second wireless router, s 2The private key of described second wireless router, r ABe described random number, and P is described common parameter.
10. device that is used for authentication comprises:
Computing module, be used for receiving first numerical value that a terminal sends when second wireless router, when the identify label of described terminal and its private key are used for producing the identify label of first wireless router of private key of described terminal, utilize a common parameter and a random number to calculate second value, and when described second wireless router receives first secret value of described terminal transmission, digital certificate at described first wireless router is under the effective situation, utilizes the identify label of described terminal at least, described first numerical value, described common parameter, described random number, the private key of the PKI of described first wireless router and described second wireless router is according to specifying equation to calculate the 4th numerical value;
Communication module is used for sending to described terminal the PKI of described second value and described second wireless router;
Acquisition module is used for obtaining according to the identify label of described first wireless router that is received the PKI and the digital certificate of described first wireless router;
Check module, be used to check whether the digital certificate of described first wireless router that is obtained is effective;
Encrypting module is used to utilize the identify label of described terminal to encrypt the secret value of described the 4th numerical value to obtain calculating;
Comparison module, whether the secret value that is used for more described first secret value and described calculating is identical; And
Determination module, be used for when comparative result for certainly the time, the identity of determining described terminal is genuine,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
11. device as claimed in claim 10, wherein,
The identity that described encrypting module also is used for when described terminal is determined when being genuine, utilizes the PKI of described the 3rd wireless router to encrypt described the 4th numerical value obtaining second secret value, and
Described communication module also is used for sending to described terminal the digital certificate and described second secret value of described second wireless router.
12. device as claimed in claim 10, wherein
Described appointment equation is
Wherein,
Figure F2009101772501C0000062
Be the bilinearity mapping function, Q ABe the identify label of described terminal, s 1P is the PKI of described first wireless router, s 1Be the private key of described first wireless router, r AP is described first numerical value, s 2The private key of described second wireless router, r 2Be described random number, and P is described common parameter.
13. a method that is used for authentication comprises step:
When first terminal and second terminal are carried out authentication, utilize a common parameter and random number to calculate first numerical value and send the identify label of first wireless router that the identify label of first numerical value of described calculating, described first terminal and its private key are used for producing the private key of described first terminal to described second terminal;
When described first terminal receives the identify label of the second value that described second terminal sends, described second terminal and its private key when being used for producing the identify label of second wireless router of private key of described second terminal, obtain the PKI of described second wireless router according to the identify label of described second wireless router that is received;
The PKI of described second wireless router that utilizes the private key of described first terminal, described second value, described common parameter, described random number at least and obtained is according to specifying equation to calculate third value;
Utilize the identify label of described first terminal to encrypt described third value to obtain first secret value; And
Send described first secret value to described second terminal,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
14. a method that is used for authentication comprises step:
When second terminal receives the identify label of first numerical value that first terminal sends, described first terminal and its private key when being used for producing the identify label of first wireless router of private key of described first terminal, utilize a common parameter and random number to calculate second value and send the identify label of second wireless router that the identify label of the second value of described calculating, described second terminal and its private key are used for producing the private key of described second terminal to described first terminal;
When described second terminal receives first secret value that described first terminal sends, come the digital certificate of described first wireless router and check whether the digital certificate of described first wireless router that is obtained is effective according to the identify label of described first wireless router that is received;
When check result for certainly the time, at least utilize the PKI of the identify label of described first terminal, described first numerical value, described common parameter, described random number, described first wireless router and the private key of described second terminal, according to specifying equation to calculate the 4th numerical value;
Utilize the identify label of described first terminal to encrypt the secret value of described the 4th numerical value to obtain calculating;
Whether the secret value of more described first secret value and described calculating is identical; And
When comparative result for certainly the time, the identity of determining described first terminal is genuine,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the private key of described second terminal is to be calculated by the identify label of the private key of second wireless router and described second terminal, the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
15. a method that is used for authentication comprises step:
When terminal and second wireless router carry out authentication, utilize a common parameter and random number to calculate first numerical value and send the identify label of first wireless router that the identify label of first numerical value of described calculating, described terminal and its private key are used for producing the private key of described terminal to described second wireless router;
When described terminal receives the PKI of second value that described second wireless router sends and described second wireless router, at least utilize the PKI of the private key of described terminal, described second value, described common parameter, described random number and described second wireless router, according to specifying equation to calculate third value;
Utilize the identify label of described terminal to encrypt described third value to obtain first secret value; And
Described second wireless router sends described first secret value,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, the private key of described second wireless router is the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
16. a method that is used for authentication comprises step:
When second wireless router receives the identify label of first numerical value that terminal sends, described terminal and its private key when being used for producing the identify label of first wireless router of private key of described terminal, utilize a common parameter and a random number to calculate second value and send the second value of described calculating and the PKI of described second wireless router to described terminal;
When described second wireless router receives first secret value of described terminal transmission, obtain the PKI and the digital certificate of described first wireless router according to the identify label of described first wireless router that is received;
Whether the digital certificate of checking described first wireless router that is obtained is effective;
When check result for certainly the time, the private key that utilizes the PKI of the identify label of described terminal, described first numerical value, described common parameter, described random number, described first wireless router and described second wireless router at least is according to specifying equation to calculate the 4th numerical value;
Utilize the identify label of described terminal to encrypt the secret value of described the 4th numerical value to obtain calculating;
Whether the secret value of more described first secret value and described calculating is identical; And
When comparative result for certainly the time, the identity of determining described terminal is genuine,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the private key of the private key of described first wireless router and described the 3rd wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
17. a terminal comprises:
Memory, be used to store the identify label of common parameter, described first terminal and private key, with and private key be used for producing the identify label of first wireless router of the private key of described first terminal;
Computing module, be used for when described first terminal and second terminal are carried out authentication, utilize the common parameter and a random number of being stored to calculate first numerical value, and the second value that receives described second terminal transmission when described first terminal, when the identify label of described second terminal and its private key are used for producing the identify label of second wireless router of private key of described second terminal, utilize the private key and the described common parameter of described first terminal of being stored at least, described second value, the PKI of described random number and described second wireless router is according to specifying equation to calculate third value;
Acquisition module is used for obtaining according to the identify label of described second wireless router that is received the PKI of described second wireless router;
Encrypting module is used to utilize the identify label of described first terminal to encrypt described third value to obtain first secret value; And
Communication module, be used for to described second terminal send described first numerical value, the identify label of described first wireless router stored and the identify label of described first terminal, and send described first secret value to described second terminal,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
18. a terminal comprises:
Memory, be used to store the private key of common parameter, described second terminal and sign, with and private key be used for producing the identify label of second wireless router of the private key of described second terminal;
Computing module, be used for receiving first numerical value that first terminal sends when described second terminal, when its private key is used for producing the identify label of the identify label of first wireless router of private key of described first terminal and described first terminal, utilize common parameter and a random number of described storage to calculate second value, and when described second terminal receives first secret value of described first terminal transmission, digital certificate at described first wireless router is under the effective situation, utilizes the identify label of described first terminal at least, described first numerical value, described common parameter, described random number, the private key of the PKI of described first wireless router and described second terminal is according to specifying equation to calculate the 4th numerical value;
Communication module is used for sending the identify label of the second value of described calculating, described second terminal of being stored and the identify label of described second wireless router to described first terminal;
Acquisition module is used for obtaining according to the identify label of described first wireless router that is received the PKI and the digital certificate of described first wireless router;
Check module, be used to check whether the digital certificate of described first wireless router that is obtained is effective;
Encrypting module is used to utilize the identify label of described first terminal to encrypt the secret value of described the 4th numerical value to obtain calculating;
Comparison module, whether the secret value that is used for more described first secret value and described calculating is identical; And
Determination module, be used for when comparative result for certainly the time, the identity of determining described first terminal is genuine,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described first terminal is to utilize the private key of described first wireless router and the identify label of described first terminal to calculate, the private key of described second terminal is to be calculated by the identify label of the private key of described second wireless router and described second terminal, the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
19. a terminal comprises:
Memory, be used to store the identify label of common parameter, described terminal and private key, with and private key be used for producing the identify label of first wireless router of the private key of described terminal;
Computing module, be used for when described terminal and second wireless router carry out authentication, utilize common parameter and a random number of described storage to calculate first numerical value, and when described terminal received the PKI of second value that described second wireless router sends and described second wireless router, the PKI that utilizes the private key of described terminal, described second value, described common parameter, described random number and described second wireless router at least was according to specifying equation to calculate third value;
Encrypting module is used to utilize the identify label of described terminal to encrypt described third value to obtain first secret value; And
Communication module, be used for to described second wireless router send described first numerical value, the identify label of described first terminal of being stored and the identify label of described first wireless router, and send described first secret value to described second wireless router,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the PKI of described second wireless router is to utilize the private key of described second wireless router and described common parameter to calculate, the private key of described second wireless router is the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
20. a wireless router comprises:
Memory is used to store the private key and the PKI of common parameter and described second wireless router;
Computing module, be used for receiving first numerical value that a terminal sends when described second wireless router, when the identify label of described terminal and its private key are used for producing the identify label of first wireless router of private key of described terminal, utilize common parameter and a random number of described storage to calculate second value, and when described second wireless router receives first secret value of described terminal transmission, digital certificate at described first wireless router is under the effective situation, utilizes the identify label of described terminal at least, described first numerical value, described common parameter, described random number, the private key of the PKI of described first wireless router and described second wireless router is according to specifying equation to calculate the 4th numerical value;
Communication module is used for sending to described terminal the PKI of described second value and described second wireless router;
Acquisition module is used for obtaining according to the identify label of described first wireless router that is received the PKI and the digital certificate of described first wireless router;
Check module, be used to check whether the digital certificate of described first wireless router that is obtained is effective;
Encrypting module is used to utilize the identify label of described terminal to encrypt the secret value of described the 4th numerical value to obtain calculating;
Comparison module, whether the secret value that is used for more described first secret value and described calculating is identical; And
Determination module, be used for when comparative result for certainly the time, the identity of determining described terminal is genuine,
Wherein, described common parameter is a point on the elliptic curve and has the rank that belong to prime number, described random number is an element that forms in the finite field of described elliptic curve, the private key of described terminal is to utilize the private key of described first wireless router and the identify label of described terminal to calculate, the private key of the private key of described first wireless router and described second wireless router is respectively the integer less than described rank, and the discrete logarithm problem of described appointment equation is difficult to resolve.
CN2009101772501A 2009-09-28 2009-09-28 Device and method for identity authentication Pending CN102036235A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009101772501A CN102036235A (en) 2009-09-28 2009-09-28 Device and method for identity authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009101772501A CN102036235A (en) 2009-09-28 2009-09-28 Device and method for identity authentication

Publications (1)

Publication Number Publication Date
CN102036235A true CN102036235A (en) 2011-04-27

Family

ID=43888402

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009101772501A Pending CN102036235A (en) 2009-09-28 2009-09-28 Device and method for identity authentication

Country Status (1)

Country Link
CN (1) CN102036235A (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223637A (en) * 2011-07-20 2011-10-19 北京邮电大学 Identity authentication method and system based on wireless channel characteristic
CN103079200A (en) * 2011-10-26 2013-05-01 国民技术股份有限公司 Wireless access authentication method, system and wireless router
CN105578457A (en) * 2015-05-06 2016-05-11 宇龙计算机通信科技(深圳)有限公司 Terminal authentication method, management terminal and application terminal
CN105763517A (en) * 2014-12-17 2016-07-13 联芯科技有限公司 Router security access and control method and system
CN106572066A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Entity identity validity verifying method and apparatus thereof
CN106572065A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Multi-trusted third party (TTP) participated entity identity validity verification method and device
CN106714158A (en) * 2015-08-18 2017-05-24 中国移动通信集团公司 WiFi access method and device
CN107819576A (en) * 2017-11-28 2018-03-20 苏州朗捷通智能科技有限公司 Communication authentication method and system
CN108156126A (en) * 2016-12-02 2018-06-12 阿里巴巴集团控股有限公司 The burning method of calibration and device of internet of things equipment, identity identifying method and device
CN108989044A (en) * 2018-06-01 2018-12-11 四川斐讯信息技术有限公司 The safe verification method and security authentication systems of wireless router
CN109327310A (en) * 2018-11-30 2019-02-12 江苏恒宝智能系统技术有限公司 A kind of link protection method based on no certificate
CN109361669A (en) * 2018-10-19 2019-02-19 铂有限公司 Identity identifying method, device and the equipment of communication equipment
CN109845188A (en) * 2016-08-24 2019-06-04 西门子股份公司 Processing to the safety of authorisation verification request
CN109951417A (en) * 2017-12-20 2019-06-28 深圳中电长城信息安全系统有限公司 A kind of identity authentication method, system and terminal device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020122555A1 (en) * 1991-09-17 2002-09-05 Next Computer, Inc. Method and apparatus for digital signature authentication
CN101296075A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Identity authentication system based on elliptic curve

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020122555A1 (en) * 1991-09-17 2002-09-05 Next Computer, Inc. Method and apparatus for digital signature authentication
CN101296075A (en) * 2007-04-29 2008-10-29 四川虹微技术有限公司 Identity authentication system based on elliptic curve

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
FABIO DELLUTRI: "《Local Authentication with Bluetooth enabled Mobile Devices》", 28 October 2005 *
张胜等: "一种基于身份一次性公钥的构造", 《电子与信息学报》 *

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223637B (en) * 2011-07-20 2013-06-19 北京邮电大学 Identity authentication method and system based on wireless channel characteristic
CN102223637A (en) * 2011-07-20 2011-10-19 北京邮电大学 Identity authentication method and system based on wireless channel characteristic
CN103079200A (en) * 2011-10-26 2013-05-01 国民技术股份有限公司 Wireless access authentication method, system and wireless router
CN103079200B (en) * 2011-10-26 2016-08-03 国民技术股份有限公司 The authentication method of a kind of wireless access, system and wireless router
CN105763517A (en) * 2014-12-17 2016-07-13 联芯科技有限公司 Router security access and control method and system
CN105578457B (en) * 2015-05-06 2019-04-12 宇龙计算机通信科技(深圳)有限公司 A kind of terminal authentication method, management terminal and application terminal
CN105578457A (en) * 2015-05-06 2016-05-11 宇龙计算机通信科技(深圳)有限公司 Terminal authentication method, management terminal and application terminal
CN106714158A (en) * 2015-08-18 2017-05-24 中国移动通信集团公司 WiFi access method and device
CN106714158B (en) * 2015-08-18 2020-02-18 中国移动通信集团公司 WiFi access method and device
CN106572066A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Entity identity validity verifying method and apparatus thereof
CN106572065A (en) * 2015-10-10 2017-04-19 西安西电捷通无线网络通信股份有限公司 Multi-trusted third party (TTP) participated entity identity validity verification method and device
CN109845188A (en) * 2016-08-24 2019-06-04 西门子股份公司 Processing to the safety of authorisation verification request
CN109845188B (en) * 2016-08-24 2022-05-27 西门子股份公司 Secure handling of an attestation request
US11456879B2 (en) 2016-08-24 2022-09-27 Siemens Aktiengesellschaft Secure processing of an authorization verification request
CN108156126A (en) * 2016-12-02 2018-06-12 阿里巴巴集团控股有限公司 The burning method of calibration and device of internet of things equipment, identity identifying method and device
CN107819576A (en) * 2017-11-28 2018-03-20 苏州朗捷通智能科技有限公司 Communication authentication method and system
CN109951417A (en) * 2017-12-20 2019-06-28 深圳中电长城信息安全系统有限公司 A kind of identity authentication method, system and terminal device
CN109951417B (en) * 2017-12-20 2021-06-04 深圳中电长城信息安全系统有限公司 Identity authentication method, system and terminal equipment
CN108989044A (en) * 2018-06-01 2018-12-11 四川斐讯信息技术有限公司 The safe verification method and security authentication systems of wireless router
CN109361669A (en) * 2018-10-19 2019-02-19 铂有限公司 Identity identifying method, device and the equipment of communication equipment
CN109361669B (en) * 2018-10-19 2022-03-18 深圳数粉科技有限公司 Identity authentication method, device and equipment of communication equipment
CN109327310A (en) * 2018-11-30 2019-02-12 江苏恒宝智能系统技术有限公司 A kind of link protection method based on no certificate

Similar Documents

Publication Publication Date Title
CN102036235A (en) Device and method for identity authentication
Choudhury et al. A strong user authentication framework for cloud computing
EP2634956B1 (en) Communicating an identity to a server
EP2634954B1 (en) Identity of a group shared secret
CN101814991B (en) Mutual authentication method and system based on identity
CN109359464B (en) Wireless security authentication method based on block chain technology
WO2009108523A2 (en) Method and system for mutual authentication of nodes in a wireless communication network
CN113746632B (en) Multi-level identity authentication method for Internet of things system
CN103532713A (en) Sensor authentication and sharing key generating method, sensor authentication and sharing key generating system and sensor
CN108882238B (en) Lightweight round robin CA authentication method based on consensus algorithm for mobile ad hoc network
CN102111411A (en) Method for switching encryption safety data among peer-to-peer user nodes in P2P network
CN102624528A (en) IBAKA (Identity Based Authentication and Key Agreement) method
Wang et al. Comments on an advanced dynamic ID-based authentication scheme for cloud computing
Kumar et al. Biometric‐based robust access control model for industrial internet of things applications
CN103825742A (en) Authentication key agreement method applicable to large-scale sensor network
Sarvabhatla et al. A secure biometric-based user authentication scheme for heterogeneous WSN
Bayat et al. A novel secure bilinear pairing based remote user authentication scheme with smart card
Butun et al. Advanced two tier user authentication scheme for heterogeneous wireless sensor networks
CN107276755B (en) Security association method, device and system
CN105357182A (en) Encryption authentication method based on multi-service carrying EOPN registration process
CN101938491B (en) Password-based three-party key exchange method
Jiang et al. An Efficient Lightweight Anonymous Authentication Scheme for V2G Using Physical Unclonable Function
Cheng et al. The authentication of the grid monitoring system for wireless sensor networks
CN103813317A (en) Wireless sensor network group key agreement method
Lee et al. An extended certificate-based authentication and security protocol for mobile networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110427