CN104954129A - Entity identification method and device - Google Patents

Entity identification method and device Download PDF

Info

Publication number
CN104954129A
CN104954129A CN201410126144.1A CN201410126144A CN104954129A CN 104954129 A CN104954129 A CN 104954129A CN 201410126144 A CN201410126144 A CN 201410126144A CN 104954129 A CN104954129 A CN 104954129A
Authority
CN
China
Prior art keywords
entity
encdata
mac
mactag
verify
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410126144.1A
Other languages
Chinese (zh)
Other versions
CN104954129B (en
Inventor
杜志强
胡亚楠
李琴
王月辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Iwncomm Co Ltd
Original Assignee
China Iwncomm Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Iwncomm Co Ltd filed Critical China Iwncomm Co Ltd
Priority to CN201410126144.1A priority Critical patent/CN104954129B/en
Publication of CN104954129A publication Critical patent/CN104954129A/en
Application granted granted Critical
Publication of CN104954129B publication Critical patent/CN104954129B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an entity identification method and device. The method comprises the steps that an entity A generates a random number N<A> and transmits the random number N<A> to an entity B; the entity B generates random numbers N<B> and ZSEED<B>, a secret key MKA||KEA||KIA, a cryptograph EncData<B> and a message identification code MAC<B> are calculated, and N<B>||N<A>||EncData<B>||MAC<B> is transmitted to the entity A to be identified; the entity A generates a random number ZSEED<A>, a cryptograph EncData<A>, a message identification code MAC<A>, a shared secret Z, a main secrete key MK and a message identifier MacTag<A> are calculated, and N<A>||N<B>||EncData<A>||MAC<A>||MAC<A>|| MacTag<A> is transmitted to the entity B to be identified; the entity B calculates Z and MK and calculates MacTag<A> and the MacTag<A> is compared with the received MacTag<A>, and the entity A is considered to be legal if the MacTag<A> and the received MacTag<A> are equal; the entity B calculates a message identifier MacTag<B> and transmits the MacTag<B> to the entity A; and the entity A calculates MacTag<B> and the MacTag<B> is compared with the received MacTag<B>, and the entity B is considered to be legal if the MacTag<B> and the received MacTag<B> are equal. Identification between network entities can be realized and the main secret key is established, and identity of the opposite side can be confirmed simultaneously.

Description

Method for authenticating entities and device
Technical field
The invention belongs to technical field of network security, particularly relate to method for authenticating entities and device.
Background technology
For communication network, as local area network (LAN) WLAN, wireless sensor network WSN, near-field communication NFC, radio frequency discrimination RFID, individual territory net WPAN etc., the attacks such as forgery, eavesdropping, playback are subjected to when communicating, therefore the identity verify problem between communicating pair must be solved before a communication, to guarantee the legitimacy of communicating pair identity.At present, based on cryptographic algorithm, especially based in the authentication schemes of symmetric cryptographic algorithm, owing to usually not confirming the identity of discriminating both sides in discrimination process, even and if cause identity verify have passed, also can only determine that the other side has certain shared secret, but in fact still cannot determine that whom the other side is, exists certain potential safety hazard actually.
Summary of the invention
In order to solve the above-mentioned technical problem existed in background technology, be necessary to provide a kind of method for authenticating entities and device.
A kind of method for authenticating entities, carry out identity verify for have shared wildcard PSK and mutually knowing between the entity A of the other side's identify label and entity B, it is characterized in that, described method comprises:
Step 1, entity A produce random number N a, and send to entity B.
Step 2, entity B receive N aafter, generate random number N bwith for the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), entity B sends N b|| N a|| EncData b|| MAC bto entity A, wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID afor the identify label of entity A, ID bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods;
Step 3, entity A receive N b|| N a|| EncData b|| MAC bafter verify, if verify incorrect, then stop differentiate;
Step 4, entity A produce the random number ZSEED be used for as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), send N a|| N b|| EncData a|| MAC a|| MacTag ato entity B, wherein, KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm;
Step 5, entity B receive N a|| N b|| EncData a|| MAC a|| MacTag aafter verify, if verify incorrect, then stop differentiate;
Step 6, entity B calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if equal, then think that entity A identity is legal; If unequal, stop differentiating; Wherein, KDF2 is a kind of Key derivation algorithm;
Step 7, entity B calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), and by MacTag bsend to entity A, wherein, MsgID2 is a message SN;
Step 8, entity A receive MacTag bafter, first calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bwith the MacTag received bcompare, if equal, then think that entity B identity is legal.
A when entity A and entity B carry out identity verify, the method for work of entity A, wherein, entity A has the wildcard PSK between entity B and knows the identify label of entity B, and it is characterized in that, described method comprises:
Produce random number N a, and send to entity B;
Receive the N that entity B is sent b|| N a|| EncData b|| MAC bafter verify, if verify incorrect, then stop differentiate;
Produce the random number ZSEED be used for as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), send N a|| N b|| EncData a|| MAC a|| MacTag ato entity B;
Receive the MacTag that entity B is sent bafter, first calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bwith the MacTag received bcompare, if equal, then think that entity B identity is legal;
Wherein, ID afor the identify label of entity A, ID bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm; Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
A when entity A and entity B carry out identity verify, the method for work of entity B, wherein, entity B has the wildcard PSK between entity A and knows the identify label of entity A, and it is characterized in that, described method comprises:
Receive the N that entity A is sent aafter, generate random number N bwith for the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), send N b|| N a|| EncData b|| MAC bto entity A;
Receive the N that entity A is sent a|| N b|| EncData a|| MAC a|| MacTag aafter verify, if verify incorrect, then stop differentiate;
Calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), by MacTag bsend to entity A.
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID afor the identify label of entity A, ID bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
A kind of device, for carrying out identity verify with another device, described device comprises memory cell, processing unit and Transmit-Receive Unit, it is characterized in that:
Memory cell is for storing the identify label of wildcard PSK between another device described and another device described;
Processing unit is for generation of random number N a;
Transmit-Receive Unit is used for N asend to another device described, and for receiving the N that another device described is sent b|| N a|| EncData b|| MAC b;
The N of processing unit also for sending another device described b|| N a|| EncData b|| MAC bverify, if verify incorrect, then stop differentiating;
Processing unit is also for generation of the random number ZSEED as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), generate N a|| N b|| EncData a|| MAC a|| MacTag a;
Transmit-Receive Unit is also for sending N a|| N b|| EncData a|| MAC a|| MacTag ato another device described, and for receiving the MacTag that another device described is sent b;
Processing unit is also for calculating message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bthe MacTag sent with another device described bcompare, if equal, then think that another device identity described is legal;
Wherein, ID afor the identify label of described device, ID bfor the identify label of another device described, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm; Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
A kind of device, for carrying out identity verify with another device, described device comprises memory cell, processing unit and Transmit-Receive Unit, it is characterized in that:
Memory cell is for storing the identify label of wildcard PSK between another device described and another device described;
The N that Transmit-Receive Unit is sent for receiving another device described a;
Processing unit is for generating random number N bwith the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), and generate N b|| N a|| EncData b|| MAC b;
Transmit-Receive Unit is also for sending N to another device described b|| N a|| EncData b|| MAC b, and for receiving the N that another device described is sent a|| N b|| EncData a|| MAC a|| MacTag a;
The N of processing unit also for sending another device described a|| N b|| EncData a|| MAC a|| MacTag averify, if verify incorrect, then stop differentiating;
Processing unit is also for calculating shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if unequal, stop differentiating; If equal, then think that another device identity described is legal, and calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a);
Transmit-Receive Unit is also for sending MacTag to another device described b;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID afor the identify label of another device described, ID bfor the identify label of described device, ENC is a kind of cryptographic algorithm, MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
The present invention includes following advantage:
1) two-way discriminating between two network entities can be realized and set up the master key for the protection of subsequent communications data;
2) while differentiating, determine the identity of the other side.
Accompanying drawing explanation
Fig. 1 is the structural representation of solid identification system provided by the present invention;
Fig. 2 is the structural representation of the device corresponding to entity A in the present invention;
Fig. 3 is the structural representation of the device corresponding to entity B in the present invention.
Embodiment
Refer to Fig. 1, the invention provides a kind of method for authenticating entities, when the method is implemented, shared wildcard (Pre-Shared key, PSK) between entity A and entity B and mutually known the identify label of the other side, the identify label of entity A is ID a, the identify label of entity B is ID b, the method comprises the following steps:
Step 1, entity A produce random number N a, and send to entity B.
Step 2, entity B receive N aafter, generate random number N bwith for the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), entity B sends N b|| N a|| EncData b|| MAC bto entity A, wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, and ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods.Here " || " represents the cascade between field, the sequencing of its not limited field, lower with.In addition, can be considered to constitute one " field groups " by field after " || " cascade in the present invention, it should be noted that, " field groups " in the present invention is open, that is, except the field that " field groups " comprises, do not get rid of other fields and can be included in " field groups " yet.
Step 3, entity A receive N b|| N a|| EncData b|| MAC bafter verify, if verify incorrect, then stop differentiate.
Step 4, entity A produce the random number ZSEED be used for as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b).Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN (message SN can be that both sides are predetermined, also can be that both sides are obtained by interacting message), " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm.Entity A sends N a|| N b|| EncData a|| MAC a|| MacTag ato entity B.
Step 5, entity B receive N a|| N b|| EncData a|| MAC a|| MacTag aafter verify, if verify incorrect, then stop differentiate.
Step 6, entity B calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and continue step below.Wherein, KDF2 is a kind of Key derivation algorithm.
Step 7, entity B calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), and by MacTag bsend to entity A, MsgID2 is a message SN (message SN can be that both sides are predetermined, also can be that both sides are obtained by interacting message).
Step 8, entity A receive MacTag bafter, first calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bwith the MacTag received bcompare, if equal, then think that entity B identity is legal.
Concrete, in above-mentioned steps 3, entity A receives N b|| N a|| EncData b|| MAC bafter verify, comprising:
3.1, the N received is checked awith the N sending to entity B before awhether equal, unequal, verify incorrect;
3.2, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), and calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), compare the MAC calculated bwith the MAC received bwhether equal, unequal, verify incorrect;
3.3, N is deciphered a|| N b|| ID a|| ID b|| ZSEED b=DEC (KEA, EncData b); Check the ID deciphering and obtain aand ID bbe whether the identify label of entity A and entity B really, if not then verify incorrect; Check the N deciphering and obtain awith the N sending to entity B before awhether equal, unequal, verify incorrect; Check the N deciphering and obtain bwith the N received b|| N a|| EncData b|| MAC bin N bwhether equal, unequal, verify incorrect.Wherein, DEC is decipherment algorithm.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to receive N to entity A b|| N a|| EncData b|| MAC bthe result is incorrect.
Concrete, in above-mentioned steps 5, entity B receives N a|| N b|| EncData a|| MAC a|| MacTag aafter verify, comprising:
5.1, the N received is checked awith the N sending to entity A before awhether equal, unequal, verify incorrect;
5.2, the N received is checked bwith the N sending to entity A before bwhether equal, unequal, verify incorrect;
5.3, Message Authentication Code MAC is calculated a=MAC1 (KIA, N a|| N b|| EncData a), compare the MAC calculated awith the MAC received awhether equal, unequal, verify incorrect;
5.4, N is deciphered a|| N b|| ID a|| ID b|| ZSEED a=DEC (KEA, EncData a); Check the ID deciphering and obtain aand ID bbe whether the identify label of entity A and entity B really, if not then verify incorrect; Check the N deciphering and obtain aand N bwith the N sending to entity A before aand N bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to receive N to entity B a|| N b|| EncData a|| MAC a|| MacTag athe result is incorrect.
Based on above-mentioned method for authenticating entities, present invention also offers a kind of method of work of the entity A for realizing said method, comprising:
Produce random number N a, and send to entity B;
Receive the N that entity B is sent b|| N a|| EncData b|| MAC bafter verify, if verify incorrect, then stop differentiate;
Produce the random number ZSEED be used for as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), send N a|| N b|| EncData a|| MAC a|| MacTag ato entity B;
Receive the MacTag that entity B is sent bafter, first calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bwith the MacTag received bcompare, if equal, then think that entity B identity is legal.
Concrete, the above-mentioned N receiving entity B and send b|| N a|| EncData b|| MAC bafter verify, comprising:
Check the N received awith the N sending to entity B before awhether equal, unequal, verify incorrect;
Computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), and calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), compare the MAC calculated bwith the MAC received bwhether equal, unequal, verify incorrect;
Deciphering N a|| N b|| ID a|| ID b|| ZSEED b=DEC (KEA, EncData b); Check the ID deciphering and obtain aand ID bbe whether the identify label of entity A and entity B, if not then verify incorrect; Check the N deciphering and obtain awith the N sending to entity B before awhether equal, unequal, verify incorrect; Check the N deciphering and obtain bwith the N received b|| N a|| EncData b|| MAC bin N bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to the N received b|| N a|| EncData b|| MAC bthe result be incorrect.
Based on above-mentioned method for authenticating entities, present invention also offers a kind of method of work of the entity B for realizing said method, comprising:
Receive the N that entity A is sent aafter, generate random number N bwith for the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), send N b|| N a|| EncData b|| MAC bto entity A;
Receive the N that entity A is sent a|| N b|| EncData a|| MAC a|| MacTag aafter verify, if verify incorrect, then stop differentiate;
Calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), by MacTag bsend to entity A.
Concrete, the above-mentioned N receiving entity A and send a|| N b|| EncData a|| MAC a|| MacTag aafter verify, comprising:
Check the N received awith the N sending to entity A before awhether equal, unequal, verify incorrect;
Check the N received bwith the N sending to entity A before bwhether equal, unequal, verify incorrect;
Calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), compare the MAC calculated awith the MAC received awhether equal, unequal, verify incorrect;
Deciphering N a|| N b|| ID a|| ID b|| ZSEED a=DEC (KEA, EncData a); Check the ID deciphering and obtain aand ID bbe whether the identify label of entity A and entity B, if not then verify incorrect; Check the N deciphering and obtain aand N bwith the N sending to entity A before aand N bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to receiving N a|| N b|| EncData a|| MAC a|| MacTag athe result be incorrect.
See Fig. 2, based on above-mentioned method for authenticating entities, present invention also offers a kind of device corresponding to entity A for realizing said method, comprising memory cell 11, processing unit 12, Transmit-Receive Unit 13, wherein:
Memory cell 11 is for storing the identify label of wildcard PSK between entity B and entity B;
Processing unit 12 is for generation of random number N a;
Transmit-Receive Unit 13 is for by N asend to entity B, and for N that receiving entity B sends b|| N a|| EncData b|| MAC b;
The N of processing unit 12 also for sending entity B b|| N a|| EncData b|| MAC bverify, if verify incorrect, then stop differentiating;
Processing unit 12 is also for generation of the random number ZSEED as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), generate N a|| N b|| EncData a|| MAC a|| MacTag a;
Transmit-Receive Unit 13 is also for sending N a|| N b|| EncData a|| MAC a|| MacTag ato entity B, and for MacTag that receiving entity B sends b;
Processing unit 12 is also for calculating message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bthe MacTag sent with entity B bcompare, if equal, then think that entity B identity is legal.
Concrete, the above-mentioned N of processing unit 12 also for sending entity B b|| N a|| EncData b|| MAC bverify, comprising:
The N that processing unit 12 inspection receives awith the N sending to entity B before awhether equal, unequal, verify incorrect;
Processing unit 12 computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), and calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), compare the MAC calculated bwith the MAC received bwhether equal, unequal, verify incorrect;
Processing unit 12 deciphers N a|| N b|| ID a|| ID b|| ZSEED b=DEC (KEA, EncData b); Check the ID deciphering and obtain aand ID bbe whether the identify label of entity A and entity B really, if not then verify incorrect; Check the N deciphering and obtain awith the N sending to entity B before awhether equal, unequal, verify incorrect; Check the N deciphering and obtain bwith the N received b|| N a|| EncData b|| MAC bin N bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think the N sent entity B b|| N a|| EncData b|| MAC bthe result be incorrect.
See Fig. 3, based on above-mentioned discrimination method, present invention also offers a kind of device corresponding to entity B for realizing said method, comprising memory cell 21, processing unit 22, Transmit-Receive Unit 23, wherein:
Memory cell 21 is for storing the identify label of wildcard PSK between entity A and entity A;
The N that Transmit-Receive Unit 23 is sent for receiving entity A a;
Processing unit 22 is for generating random number N bwith the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), and generate N b|| N a|| EncData b|| MAC b;
Transmit-Receive Unit 23 is also for sending N to entity A b|| N a|| EncData b|| MAC b, and for N that receiving entity A sends a|| N b|| EncData a|| MAC a|| MacTag a;
The N of processing unit 22 also for sending entity A a|| N b|| EncData a|| MAC a|| MacTag averify, if verify incorrect, then stop differentiating;
Processing unit 22 is also for calculating shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a);
Transmit-Receive Unit 23 is also for sending MacTag to entity A b.
Concrete, the above-mentioned N of processing unit 22 for sending entity A a|| N b|| EncData a|| MAC a|| MacTag averify, comprising:
The N that processing unit 22 inspection receives awith the N sending to entity A before awhether equal, unequal, verify incorrect;
The N that processing unit 22 inspection receives bwith the N sending to entity A before bwhether equal, unequal, verify incorrect;
Processing unit 22 calculates Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), compare the MAC calculated awith the MAC received awhether equal, unequal, verify incorrect;
Processing unit 22 deciphers N a|| N b|| ID a|| ID b|| ZSEED a=DEC (KEA, EncData a); Check the ID deciphering and obtain aand ID bbe whether the identify label of entity A and entity B really, if not then verify incorrect; Check the N deciphering and obtain aand N bwith the N sending to entity A before aand N bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to send N to entity A a|| N b|| EncData a|| MAC a|| MacTag athe result be incorrect.
To sum up, the present invention is based on the identity verify that symmetric cryptographic algorithm achieves the inter-entity of band key agreement function, suitable application area widely.The present invention is applicable to radio frequency discrimination RFID, sensor network WSN, near-field communication NFC, and contactless card, WLAN (wireless local area network) WLAN etc. carry out the field communicated based on air interface.Entity A and entity B can be read write line in RFID field and label, the node in sensor network, the terminal equipment in NFC field, the card reader in contactless card technical field and card, the terminal in WLAN (wireless local area network) and access point etc.
In addition, in better embodiment of the present invention, when technical solution of the present invention is used for NFC field, entity A sends to the N of entity B autilize ACT_REQ protocol Data Unit to carry out encapsulating rear transmission, entity B sends to the N of entity A b|| N a|| EncData b|| MAC butilize ACT_RES protocol Data Unit to carry out encapsulating rear transmission, entity A sends to the N of entity B a|| N b|| EncData a|| MAC a|| MacTag autilize VFY_REQ protocol Data Unit to carry out encapsulating rear transmission, entity B sends to the MacTag of entity A butilize VFY_RES protocol Data Unit to carry out encapsulating rear transmission, wherein, ACT_REQ, ACT_RES, VFY_REQ and VFY_RES are the protocol data unit format meeting standard ISO/IEC13157-1 definition.After encapsulation like this, the compatibility of technical solution of the present invention and existing other security mechanisms of NFC is more excellent.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.

Claims (12)

1. a method for authenticating entities, carry out identity verify for have shared wildcard PSK and mutually knowing between the entity A of the other side's identify label and entity B, it is characterized in that, described method comprises:
Step 1, entity A produce random number N a, and send to entity B;
Step 2, entity B receive N aafter, generate random number N bwith for the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), entity B sends N b|| N a|| EncData b|| MAC bto entity A, wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID afor the identify label of entity A, ID bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods;
Step 3, entity A receive N b|| N a|| EncData b|| MAC bafter verify, if verify incorrect, then stop differentiate;
Step 4, entity A produce the random number ZSEED be used for as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), send N a|| N b|| EncData a|| MAC a|| MacTag ato entity B, wherein, KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm;
Step 5, entity B receive N a|| N b|| EncData a|| MAC a|| MacTag aafter verify, if verify incorrect, then stop differentiate;
Step 6, entity B calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if equal, then think that entity A identity is legal; If unequal, stop differentiating; Wherein, KDF2 is a kind of Key derivation algorithm;
Step 7, entity B calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), and by MacTag bsend to entity A, wherein, MsgID2 is a message SN;
Step 8, entity A receive MacTag bafter, first calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bwith the MacTag received bcompare, if equal, then think that entity B identity is legal.
2. the method for claim 1, is characterized in that, in described step 3, entity A receives N b|| N a|| EncData b|| MAC bafter verify, comprising:
3.1, the N received is checked awith the N sending to entity B before awhether equal, unequal, verify incorrect;
3.2, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), and calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), compare the MAC calculated bwith the MAC received bwhether equal, unequal, verify incorrect;
3.3, N is deciphered a|| N b|| ID a|| ID b|| ZSEED b=DEC (KEA, EncData b); Check the ID deciphering and obtain abe whether the identify label of entity A really, if not then verify incorrect; Check the ID deciphering and obtain bbe whether the identify label of entity B really, if not then verify incorrect; Check the N deciphering and obtain awith the N sending to entity B before awhether equal, unequal, verify incorrect; Check the N deciphering and obtain bwith the N received b|| N a|| EncData b|| MAC bin N bwhether equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to receive N to entity A b|| N a|| EncData b|| MAC bthe result is incorrect.
3. the method for claim 1, is characterized in that, in described step 5, entity B receives N a|| N b|| EncData a|| MAC a|| MacTag aafter verify, comprising:
5.1, the N received is checked awith the N sending to entity A before awhether equal, unequal, verify incorrect;
5.2, the N received is checked bwith the N sending to entity A before bwhether equal, unequal, verify incorrect;
5.3, Message Authentication Code MAC is calculated a=MAC1 (KIA, N a|| N b|| EncData a), compare the MAC calculated awith the MAC received awhether equal, unequal, verify incorrect;
5.4, N is deciphered a|| N b|| ID a|| ID b|| ZSEED a=DEC (KEA, EncData a); Check the ID deciphering and obtain abe whether the identify label of entity A really, if not then verify incorrect; Check the ID deciphering and obtain bbe whether the identify label of entity B really, if not then verify incorrect; Check the N deciphering and obtain aand N bwith the N sending to entity A before aand N bwhether correspondent equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to receive N to entity B a|| N b|| EncData a|| MAC a|| MacTag athe result is incorrect.
4. a when entity A and entity B carry out identity verify, the method for work of entity A, wherein, entity A has the wildcard PSK between entity B and knows the identify label of entity B, and it is characterized in that, described method comprises:
Produce random number N a, and send to entity B;
Receive the N that entity B is sent b|| N a|| EncData b|| MAC bafter verify, if verify incorrect, then stop differentiate;
Produce the random number ZSEED be used for as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), send N a|| N b|| EncData a|| MAC a|| MacTag ato entity B;
Receive the MacTag that entity B is sent bafter, first calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bwith the MacTag received bcompare, if equal, then think that entity B identity is legal;
Wherein, ID afor the identify label of entity A, ID bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm; Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
5. method as claimed in claim 4, is characterized in that, the described N receiving entity B and send b|| N a|| EncData b|| MAC bafter verify, comprising:
Check the N received awith the N sending to entity B before awhether equal, unequal, verify incorrect;
Computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), and calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), compare the MAC calculated bwith the MAC received bwhether equal, unequal, verify incorrect;
Deciphering N a|| N b|| ID a|| ID b|| ZSEED b=DEC (KEA, EncData b); Check the ID deciphering and obtain abe whether the identify label of entity A really, if not then verify incorrect; Check the ID deciphering and obtain bbe whether the identify label of entity B really, if not then verify incorrect; Check the N deciphering and obtain awith the N sending to entity B before awhether equal, unequal, verify incorrect; Check the N deciphering and obtain bwith the N received b|| N a|| EncData b|| MAC bin N bwhether equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to the N received b|| N a|| EncData b|| MAC bthe result be incorrect.
6. a when entity A and entity B carry out identity verify, the method for work of entity B, wherein, entity B has the wildcard PSK between entity A and knows the identify label of entity A, and it is characterized in that, described method comprises:
Receive the N that entity A is sent aafter, generate random number N bwith for the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), send N b|| N a|| EncData b|| MAC bto entity A;
Receive the N that entity A is sent a|| N b|| EncData a|| MAC a|| MacTag aafter verify, if verify incorrect, then stop differentiate;
Calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), by MacTag bsend to entity A;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID afor the identify label of entity A, ID bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
7. method as claimed in claim 6, is characterized in that, the described N receiving entity A and send a|| N b|| EncData a|| MAC a|| MacTag aafter verify, comprising:
Check the N received awith the N sending to entity A before awhether equal, unequal, verify incorrect;
Check the N received bwith the N sending to entity A before bwhether equal, unequal, verify incorrect;
Calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), compare the MAC calculated awith the MAC received awhether equal, unequal, verify incorrect;
Deciphering N a|| N b|| ID a|| ID b|| ZSEED a=DEC (KEA, EncData a); Check the ID deciphering and obtain abe whether the identify label of entity A really, if not then verify incorrect; Check the ID deciphering and obtain bbe whether the identify label of entity B really, if not then verify incorrect; Check the N deciphering and obtain aand N bwith the N sending to entity A before aand N bwhether correspondent equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to receiving N a|| N b|| EncData a|| MAC a|| MacTag athe result be incorrect.
8. a device, for carrying out identity verify with another device, described device comprises memory cell, processing unit and Transmit-Receive Unit, it is characterized in that:
Memory cell is for storing the identify label of wildcard PSK between another device described and another device described;
Processing unit is for generation of random number N a;
Transmit-Receive Unit is used for N asend to another device described, and for receiving the N that another device described is sent b|| N a|| EncData b|| MAC b;
The N of processing unit also for sending another device described b|| N a|| EncData b|| MAC bverify, if verify incorrect, then stop differentiating;
Processing unit is also for generation of the random number ZSEED as key seed a, calculate ciphertext EncData a=ENC (KEA, N a|| N b|| ID a|| ID b|| ZSEED a), calculate Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), calculate shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), generate N a|| N b|| EncData a|| MAC a|| MacTag a;
Transmit-Receive Unit is also for sending N a|| N b|| EncData a|| MAC a|| MacTag ato another device described, and for receiving the MacTag that another device described is sent b;
Processing unit is also for calculating message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a), the MacTag then will calculated bthe MacTag sent with another device described bcompare, if equal, then think that another device identity described is legal;
Wherein, ID afor the identify label of described device, ID bfor the identify label of another device described, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm; Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
9. device as claimed in claim 8, is characterized in that, the N of described processing unit also for sending another device described b|| N a|| EncData b|| MAC bverify, comprising:
The N that processing unit inspection receives awith the N sending to another device described before awhether equal, unequal, verify incorrect;
Processing unit computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), and calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), compare the MAC calculated bwith the MAC received bwhether equal, unequal, verify incorrect;
Processing unit deciphering N a|| N b|| ID a|| ID b|| ZSEED b=DEC (KEA, EncData b), check the ID deciphering and obtain abe whether the identify label of described device really, if not then verify incorrect; Check the ID deciphering and obtain bbe whether the identify label of another device described really, if not then verify incorrect; Check the N deciphering and obtain awith the N sending to another device described before awhether equal, unequal, verify incorrect; Check the N deciphering and obtain bwith the N received b|| N a|| EncData b|| MAC bin N bwhether equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think the N sent another device described b|| N a|| EncData b|| MAC bthe result be incorrect.
10. a device, for carrying out identity verify with another device, described device comprises memory cell, processing unit and Transmit-Receive Unit, it is characterized in that:
Memory cell is for storing the identify label of wildcard PSK between another device described and another device described;
The N that Transmit-Receive Unit is sent for receiving another device described a;
Processing unit is for generating random number N bwith the random number ZSEED as key seed b, computation key MKA||KEA||KIA=KDF1 (N a, N b, PSK, ID a, ID b), calculate ciphertext EncData b=ENC (KEA, N b|| N a|| ID b|| ID a|| ZSEED b), calculate Message Authentication Code MAC b=MAC1 (KIA, N b|| N a|| EncData b), and generate N b|| N a|| EncData b|| MAC b;
Transmit-Receive Unit is also for sending N to another device described b|| N a|| EncData b|| MAC b, and for receiving the N that another device described is sent a|| N b|| EncData a|| MAC a|| MacTag a;
The N of processing unit also for sending another device described a|| N b|| EncData a|| MAC a|| MacTag averify, if verify incorrect, then stop differentiating;
Processing unit is also for calculating shared secret Z=ZSEED a⊕ ZSEED b, calculate master key MK=KDF2 (N a, N b, Z, ID a, ID b), calculate message identification mark MacTag a=MAC2 (MK, MsgID1||ID a|| ID b|| N a|| N b), and with the MacTag received acompare, if unequal, stop differentiating; If equal, then think that another device identity described is legal, and calculate message identification mark MacTag b=MAC2 (MK, MsgID2||ID b|| ID a|| N b|| N a);
Transmit-Receive Unit is also for sending MacTag to another device described b;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID afor the identify label of another device described, ID bfor the identify label of described device, ENC is a kind of cryptographic algorithm, MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
11. devices as claimed in claim 10, is characterized in that, the N of described processing unit also for sending another device described a|| N b|| EncData a|| MAC a|| MacTag averify, comprising:
The N that processing unit inspection receives awith the N sending to another device described before awhether equal, unequal, verify incorrect;
The N that processing unit inspection receives bwith the N sending to another device described before bwhether equal, unequal, verify incorrect;
Processing unit calculates Message Authentication Code MAC a=MAC1 (KIA, N a|| N b|| EncData a), compare the MAC calculated awith the MAC received awhether equal, unequal, verify incorrect;
Processing unit deciphering N a|| N b|| ID a|| ID b|| ZSEED a=DEC (KEA, EncData a); Check the ID deciphering and obtain abe whether the identify label of another device described really, if not then verify incorrect; Check the ID deciphering and obtain bbe whether the identify label of described device really, if not then verify incorrect; Check the N deciphering and obtain aand N bwith the N sending to another device described before aand N bwhether correspondent equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to send N to another device described a|| N b|| EncData a|| MAC a|| MacTag athe result be incorrect.
12., as the method in claim 1-11 as described in any one or device, is characterized in that, N aaCT_REQ data protocol unit is utilized to carry out encapsulating rear transmission, N b|| N a|| EncData b|| MAC baCT_RES data protocol unit is utilized to carry out encapsulating rear transmission, N a|| N b|| EncData a|| MAC a|| MacTag avFY_REQ data protocol unit is utilized to carry out encapsulating rear transmission, MacTag butilize VFY_RES data protocol unit to carry out encapsulating rear transmission, wherein, ACT_REQ, ACT_RES, VFY_REQ and VFY_RES are the protocol data unit format meeting standard ISO/IEC13157-1 definition.
CN201410126144.1A 2014-03-31 2014-03-31 Method for authenticating entities and device Active CN104954129B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410126144.1A CN104954129B (en) 2014-03-31 2014-03-31 Method for authenticating entities and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410126144.1A CN104954129B (en) 2014-03-31 2014-03-31 Method for authenticating entities and device

Publications (2)

Publication Number Publication Date
CN104954129A true CN104954129A (en) 2015-09-30
CN104954129B CN104954129B (en) 2019-09-27

Family

ID=54168508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410126144.1A Active CN104954129B (en) 2014-03-31 2014-03-31 Method for authenticating entities and device

Country Status (1)

Country Link
CN (1) CN104954129B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242323A (en) * 2007-02-06 2008-08-13 华为技术有限公司 Establishment method and home network system for pipes between devices
CN101272251A (en) * 2007-03-22 2008-09-24 华为技术有限公司 Authentication and cryptographic key negotiation method, authentication method, system and equipment
CN101699891A (en) * 2009-10-21 2010-04-28 西安西电捷通无线网络通信有限公司 Method for key management and node authentication of sensor network
CN102036242A (en) * 2009-09-29 2011-04-27 中兴通讯股份有限公司 Access authentication method and system in mobile communication network
US20130195271A1 (en) * 2008-03-03 2013-08-01 Sony Corporation Communication device and communication method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242323A (en) * 2007-02-06 2008-08-13 华为技术有限公司 Establishment method and home network system for pipes between devices
CN101272251A (en) * 2007-03-22 2008-09-24 华为技术有限公司 Authentication and cryptographic key negotiation method, authentication method, system and equipment
US20130195271A1 (en) * 2008-03-03 2013-08-01 Sony Corporation Communication device and communication method
CN102036242A (en) * 2009-09-29 2011-04-27 中兴通讯股份有限公司 Access authentication method and system in mobile communication network
CN101699891A (en) * 2009-10-21 2010-04-28 西安西电捷通无线网络通信有限公司 Method for key management and node authentication of sensor network

Also Published As

Publication number Publication date
CN104954129B (en) 2019-09-27

Similar Documents

Publication Publication Date Title
KR101931894B1 (en) Entity authentication method and device based on pre-shared key
US10567428B2 (en) Secure wireless ranging
CN102142961B (en) Method, device and system for authenticating gateway, node and server
JP7232816B2 (en) Authentication system and authentication method for authenticating assets
CN105069864A (en) Door lock control secure communication scheme based on NFC (near field communication) function of smart phone
CN104704769A (en) A wireless communication system
CN106464498A (en) Method for the authentication of a first electronic entity by a second electronic entity, and electronic entity implementing such a method
EP3128696B1 (en) Entity authentication method and device
CN112753203B (en) Secure communication method and device
CN107483191A (en) A kind of SM2 algorithm secret keys segmentation signature system and method
CN101645899A (en) Bidirectional authentication method and system based on symmetric encipherment algorithm
CN113556230B (en) Data security transmission method, certificate related method, server, system and medium
CN101895882A (en) Data transmission method, system and device in WiMAX system
CN102970676A (en) Method for processing original data, internet of thing system and terminal
CN104333539A (en) RFID security authentication method based on Chebyshev mapping
CN103916840A (en) Method for binding and verification of mobile device and external device
CN103905197A (en) SIM card and external device binding and verifying method
CN109922022A (en) Internet of Things communication means, platform, terminal and system
JP2018082353A (en) Communication system, server, communication device, communication method, and program
CN105516182A (en) Bidirectional authentication method and system used between smart card and reader-writer
CN104954129A (en) Entity identification method and device
KR20150135717A (en) Apparatus and method for sharing initial secret key in mobile multi-hop network
CN103580860B (en) Data transmission method, device, system and communication equipment in short-range communication
CN109688581A (en) A kind of safe transmission method and device of data
Zhu et al. An improved RFID-based authentication protocol for rail transit

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20150930

Assignee: Shenzhen mingwah Aohan Smart Card Co. Ltd.

Assignor: Anxi Dianjietong Wireless Network Communications Co.,Ltd.

Contract record no.: 2018610000009

Denomination of invention: Entity identification method and device

License type: Common License

Record date: 20180320

EE01 Entry into force of recordation of patent licensing contract
GR01 Patent grant
GR01 Patent grant