CN104954129A - Entity identification method and device - Google Patents
Entity identification method and device Download PDFInfo
- Publication number
- CN104954129A CN104954129A CN201410126144.1A CN201410126144A CN104954129A CN 104954129 A CN104954129 A CN 104954129A CN 201410126144 A CN201410126144 A CN 201410126144A CN 104954129 A CN104954129 A CN 104954129A
- Authority
- CN
- China
- Prior art keywords
- entity
- encdata
- mac
- mactag
- verify
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to an entity identification method and device. The method comprises the steps that an entity A generates a random number N<A> and transmits the random number N<A> to an entity B; the entity B generates random numbers N<B> and ZSEED<B>, a secret key MKA||KEA||KIA, a cryptograph EncData<B> and a message identification code MAC<B> are calculated, and N<B>||N<A>||EncData<B>||MAC<B> is transmitted to the entity A to be identified; the entity A generates a random number ZSEED<A>, a cryptograph EncData<A>, a message identification code MAC<A>, a shared secret Z, a main secrete key MK and a message identifier MacTag<A> are calculated, and N<A>||N<B>||EncData<A>||MAC<A>||MAC<A>|| MacTag<A> is transmitted to the entity B to be identified; the entity B calculates Z and MK and calculates MacTag<A> and the MacTag<A> is compared with the received MacTag<A>, and the entity A is considered to be legal if the MacTag<A> and the received MacTag<A> are equal; the entity B calculates a message identifier MacTag<B> and transmits the MacTag<B> to the entity A; and the entity A calculates MacTag<B> and the MacTag<B> is compared with the received MacTag<B>, and the entity B is considered to be legal if the MacTag<B> and the received MacTag<B> are equal. Identification between network entities can be realized and the main secret key is established, and identity of the opposite side can be confirmed simultaneously.
Description
Technical field
The invention belongs to technical field of network security, particularly relate to method for authenticating entities and device.
Background technology
For communication network, as local area network (LAN) WLAN, wireless sensor network WSN, near-field communication NFC, radio frequency discrimination RFID, individual territory net WPAN etc., the attacks such as forgery, eavesdropping, playback are subjected to when communicating, therefore the identity verify problem between communicating pair must be solved before a communication, to guarantee the legitimacy of communicating pair identity.At present, based on cryptographic algorithm, especially based in the authentication schemes of symmetric cryptographic algorithm, owing to usually not confirming the identity of discriminating both sides in discrimination process, even and if cause identity verify have passed, also can only determine that the other side has certain shared secret, but in fact still cannot determine that whom the other side is, exists certain potential safety hazard actually.
Summary of the invention
In order to solve the above-mentioned technical problem existed in background technology, be necessary to provide a kind of method for authenticating entities and device.
A kind of method for authenticating entities, carry out identity verify for have shared wildcard PSK and mutually knowing between the entity A of the other side's identify label and entity B, it is characterized in that, described method comprises:
Step 1, entity A produce random number N
a, and send to entity B.
Step 2, entity B receive N
aafter, generate random number N
bwith for the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), entity B sends N
b|| N
a|| EncData
b|| MAC
bto entity A, wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID
afor the identify label of entity A, ID
bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods;
Step 3, entity A receive N
b|| N
a|| EncData
b|| MAC
bafter verify, if verify incorrect, then stop differentiate;
Step 4, entity A produce the random number ZSEED be used for as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), send N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato entity B, wherein, KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm;
Step 5, entity B receive N
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, if verify incorrect, then stop differentiate;
Step 6, entity B calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if equal, then think that entity A identity is legal; If unequal, stop differentiating; Wherein, KDF2 is a kind of Key derivation algorithm;
Step 7, entity B calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), and by MacTag
bsend to entity A, wherein, MsgID2 is a message SN;
Step 8, entity A receive MacTag
bafter, first calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bwith the MacTag received
bcompare, if equal, then think that entity B identity is legal.
A when entity A and entity B carry out identity verify, the method for work of entity A, wherein, entity A has the wildcard PSK between entity B and knows the identify label of entity B, and it is characterized in that, described method comprises:
Produce random number N
a, and send to entity B;
Receive the N that entity B is sent
b|| N
a|| EncData
b|| MAC
bafter verify, if verify incorrect, then stop differentiate;
Produce the random number ZSEED be used for as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), send N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato entity B;
Receive the MacTag that entity B is sent
bafter, first calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bwith the MacTag received
bcompare, if equal, then think that entity B identity is legal;
Wherein, ID
afor the identify label of entity A, ID
bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm; Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
A when entity A and entity B carry out identity verify, the method for work of entity B, wherein, entity B has the wildcard PSK between entity A and knows the identify label of entity A, and it is characterized in that, described method comprises:
Receive the N that entity A is sent
aafter, generate random number N
bwith for the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), send N
b|| N
a|| EncData
b|| MAC
bto entity A;
Receive the N that entity A is sent
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, if verify incorrect, then stop differentiate;
Calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), by MacTag
bsend to entity A.
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID
afor the identify label of entity A, ID
bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
A kind of device, for carrying out identity verify with another device, described device comprises memory cell, processing unit and Transmit-Receive Unit, it is characterized in that:
Memory cell is for storing the identify label of wildcard PSK between another device described and another device described;
Processing unit is for generation of random number N
a;
Transmit-Receive Unit is used for N
asend to another device described, and for receiving the N that another device described is sent
b|| N
a|| EncData
b|| MAC
b;
The N of processing unit also for sending another device described
b|| N
a|| EncData
b|| MAC
bverify, if verify incorrect, then stop differentiating;
Processing unit is also for generation of the random number ZSEED as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), generate N
a|| N
b|| EncData
a|| MAC
a|| MacTag
a;
Transmit-Receive Unit is also for sending N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato another device described, and for receiving the MacTag that another device described is sent
b;
Processing unit is also for calculating message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bthe MacTag sent with another device described
bcompare, if equal, then think that another device identity described is legal;
Wherein, ID
afor the identify label of described device, ID
bfor the identify label of another device described, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm; Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
A kind of device, for carrying out identity verify with another device, described device comprises memory cell, processing unit and Transmit-Receive Unit, it is characterized in that:
Memory cell is for storing the identify label of wildcard PSK between another device described and another device described;
The N that Transmit-Receive Unit is sent for receiving another device described
a;
Processing unit is for generating random number N
bwith the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), and generate N
b|| N
a|| EncData
b|| MAC
b;
Transmit-Receive Unit is also for sending N to another device described
b|| N
a|| EncData
b|| MAC
b, and for receiving the N that another device described is sent
a|| N
b|| EncData
a|| MAC
a|| MacTag
a;
The N of processing unit also for sending another device described
a|| N
b|| EncData
a|| MAC
a|| MacTag
averify, if verify incorrect, then stop differentiating;
Processing unit is also for calculating shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if unequal, stop differentiating; If equal, then think that another device identity described is legal, and calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a);
Transmit-Receive Unit is also for sending MacTag to another device described
b;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID
afor the identify label of another device described, ID
bfor the identify label of described device, ENC is a kind of cryptographic algorithm, MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
The present invention includes following advantage:
1) two-way discriminating between two network entities can be realized and set up the master key for the protection of subsequent communications data;
2) while differentiating, determine the identity of the other side.
Accompanying drawing explanation
Fig. 1 is the structural representation of solid identification system provided by the present invention;
Fig. 2 is the structural representation of the device corresponding to entity A in the present invention;
Fig. 3 is the structural representation of the device corresponding to entity B in the present invention.
Embodiment
Refer to Fig. 1, the invention provides a kind of method for authenticating entities, when the method is implemented, shared wildcard (Pre-Shared key, PSK) between entity A and entity B and mutually known the identify label of the other side, the identify label of entity A is ID
a, the identify label of entity B is ID
b, the method comprises the following steps:
Step 1, entity A produce random number N
a, and send to entity B.
Step 2, entity B receive N
aafter, generate random number N
bwith for the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), entity B sends N
b|| N
a|| EncData
b|| MAC
bto entity A, wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, and ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods.Here " || " represents the cascade between field, the sequencing of its not limited field, lower with.In addition, can be considered to constitute one " field groups " by field after " || " cascade in the present invention, it should be noted that, " field groups " in the present invention is open, that is, except the field that " field groups " comprises, do not get rid of other fields and can be included in " field groups " yet.
Step 3, entity A receive N
b|| N
a|| EncData
b|| MAC
bafter verify, if verify incorrect, then stop differentiate.
Step 4, entity A produce the random number ZSEED be used for as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b).Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN (message SN can be that both sides are predetermined, also can be that both sides are obtained by interacting message), " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm.Entity A sends N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato entity B.
Step 5, entity B receive N
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, if verify incorrect, then stop differentiate.
Step 6, entity B calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and continue step below.Wherein, KDF2 is a kind of Key derivation algorithm.
Step 7, entity B calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), and by MacTag
bsend to entity A, MsgID2 is a message SN (message SN can be that both sides are predetermined, also can be that both sides are obtained by interacting message).
Step 8, entity A receive MacTag
bafter, first calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bwith the MacTag received
bcompare, if equal, then think that entity B identity is legal.
Concrete, in above-mentioned steps 3, entity A receives N
b|| N
a|| EncData
b|| MAC
bafter verify, comprising:
3.1, the N received is checked
awith the N sending to entity B before
awhether equal, unequal, verify incorrect;
3.2, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), and calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), compare the MAC calculated
bwith the MAC received
bwhether equal, unequal, verify incorrect;
3.3, N is deciphered
a|| N
b|| ID
a|| ID
b|| ZSEED
b=DEC (KEA, EncData
b); Check the ID deciphering and obtain
aand ID
bbe whether the identify label of entity A and entity B really, if not then verify incorrect; Check the N deciphering and obtain
awith the N sending to entity B before
awhether equal, unequal, verify incorrect; Check the N deciphering and obtain
bwith the N received
b|| N
a|| EncData
b|| MAC
bin N
bwhether equal, unequal, verify incorrect.Wherein, DEC is decipherment algorithm.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to receive N to entity A
b|| N
a|| EncData
b|| MAC
bthe result is incorrect.
Concrete, in above-mentioned steps 5, entity B receives N
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, comprising:
5.1, the N received is checked
awith the N sending to entity A before
awhether equal, unequal, verify incorrect;
5.2, the N received is checked
bwith the N sending to entity A before
bwhether equal, unequal, verify incorrect;
5.3, Message Authentication Code MAC is calculated
a=MAC1 (KIA, N
a|| N
b|| EncData
a), compare the MAC calculated
awith the MAC received
awhether equal, unequal, verify incorrect;
5.4, N is deciphered
a|| N
b|| ID
a|| ID
b|| ZSEED
a=DEC (KEA, EncData
a); Check the ID deciphering and obtain
aand ID
bbe whether the identify label of entity A and entity B really, if not then verify incorrect; Check the N deciphering and obtain
aand N
bwith the N sending to entity A before
aand N
bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to receive N to entity B
a|| N
b|| EncData
a|| MAC
a|| MacTag
athe result is incorrect.
Based on above-mentioned method for authenticating entities, present invention also offers a kind of method of work of the entity A for realizing said method, comprising:
Produce random number N
a, and send to entity B;
Receive the N that entity B is sent
b|| N
a|| EncData
b|| MAC
bafter verify, if verify incorrect, then stop differentiate;
Produce the random number ZSEED be used for as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), send N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato entity B;
Receive the MacTag that entity B is sent
bafter, first calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bwith the MacTag received
bcompare, if equal, then think that entity B identity is legal.
Concrete, the above-mentioned N receiving entity B and send
b|| N
a|| EncData
b|| MAC
bafter verify, comprising:
Check the N received
awith the N sending to entity B before
awhether equal, unequal, verify incorrect;
Computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), and calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), compare the MAC calculated
bwith the MAC received
bwhether equal, unequal, verify incorrect;
Deciphering N
a|| N
b|| ID
a|| ID
b|| ZSEED
b=DEC (KEA, EncData
b); Check the ID deciphering and obtain
aand ID
bbe whether the identify label of entity A and entity B, if not then verify incorrect; Check the N deciphering and obtain
awith the N sending to entity B before
awhether equal, unequal, verify incorrect; Check the N deciphering and obtain
bwith the N received
b|| N
a|| EncData
b|| MAC
bin N
bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to the N received
b|| N
a|| EncData
b|| MAC
bthe result be incorrect.
Based on above-mentioned method for authenticating entities, present invention also offers a kind of method of work of the entity B for realizing said method, comprising:
Receive the N that entity A is sent
aafter, generate random number N
bwith for the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), send N
b|| N
a|| EncData
b|| MAC
bto entity A;
Receive the N that entity A is sent
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, if verify incorrect, then stop differentiate;
Calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), by MacTag
bsend to entity A.
Concrete, the above-mentioned N receiving entity A and send
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, comprising:
Check the N received
awith the N sending to entity A before
awhether equal, unequal, verify incorrect;
Check the N received
bwith the N sending to entity A before
bwhether equal, unequal, verify incorrect;
Calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), compare the MAC calculated
awith the MAC received
awhether equal, unequal, verify incorrect;
Deciphering N
a|| N
b|| ID
a|| ID
b|| ZSEED
a=DEC (KEA, EncData
a); Check the ID deciphering and obtain
aand ID
bbe whether the identify label of entity A and entity B, if not then verify incorrect; Check the N deciphering and obtain
aand N
bwith the N sending to entity A before
aand N
bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to receiving N
a|| N
b|| EncData
a|| MAC
a|| MacTag
athe result be incorrect.
See Fig. 2, based on above-mentioned method for authenticating entities, present invention also offers a kind of device corresponding to entity A for realizing said method, comprising memory cell 11, processing unit 12, Transmit-Receive Unit 13, wherein:
Memory cell 11 is for storing the identify label of wildcard PSK between entity B and entity B;
Processing unit 12 is for generation of random number N
a;
Transmit-Receive Unit 13 is for by N
asend to entity B, and for N that receiving entity B sends
b|| N
a|| EncData
b|| MAC
b;
The N of processing unit 12 also for sending entity B
b|| N
a|| EncData
b|| MAC
bverify, if verify incorrect, then stop differentiating;
Processing unit 12 is also for generation of the random number ZSEED as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), generate N
a|| N
b|| EncData
a|| MAC
a|| MacTag
a;
Transmit-Receive Unit 13 is also for sending N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato entity B, and for MacTag that receiving entity B sends
b;
Processing unit 12 is also for calculating message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bthe MacTag sent with entity B
bcompare, if equal, then think that entity B identity is legal.
Concrete, the above-mentioned N of processing unit 12 also for sending entity B
b|| N
a|| EncData
b|| MAC
bverify, comprising:
The N that processing unit 12 inspection receives
awith the N sending to entity B before
awhether equal, unequal, verify incorrect;
Processing unit 12 computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), and calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), compare the MAC calculated
bwith the MAC received
bwhether equal, unequal, verify incorrect;
Processing unit 12 deciphers N
a|| N
b|| ID
a|| ID
b|| ZSEED
b=DEC (KEA, EncData
b); Check the ID deciphering and obtain
aand ID
bbe whether the identify label of entity A and entity B really, if not then verify incorrect; Check the N deciphering and obtain
awith the N sending to entity B before
awhether equal, unequal, verify incorrect; Check the N deciphering and obtain
bwith the N received
b|| N
a|| EncData
b|| MAC
bin N
bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think the N sent entity B
b|| N
a|| EncData
b|| MAC
bthe result be incorrect.
See Fig. 3, based on above-mentioned discrimination method, present invention also offers a kind of device corresponding to entity B for realizing said method, comprising memory cell 21, processing unit 22, Transmit-Receive Unit 23, wherein:
Memory cell 21 is for storing the identify label of wildcard PSK between entity A and entity A;
The N that Transmit-Receive Unit 23 is sent for receiving entity A
a;
Processing unit 22 is for generating random number N
bwith the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), and generate N
b|| N
a|| EncData
b|| MAC
b;
Transmit-Receive Unit 23 is also for sending N to entity A
b|| N
a|| EncData
b|| MAC
b, and for N that receiving entity A sends
a|| N
b|| EncData
a|| MAC
a|| MacTag
a;
The N of processing unit 22 also for sending entity A
a|| N
b|| EncData
a|| MAC
a|| MacTag
averify, if verify incorrect, then stop differentiating;
Processing unit 22 is also for calculating shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a);
Transmit-Receive Unit 23 is also for sending MacTag to entity A
b.
Concrete, the above-mentioned N of processing unit 22 for sending entity A
a|| N
b|| EncData
a|| MAC
a|| MacTag
averify, comprising:
The N that processing unit 22 inspection receives
awith the N sending to entity A before
awhether equal, unequal, verify incorrect;
The N that processing unit 22 inspection receives
bwith the N sending to entity A before
bwhether equal, unequal, verify incorrect;
Processing unit 22 calculates Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), compare the MAC calculated
awith the MAC received
awhether equal, unequal, verify incorrect;
Processing unit 22 deciphers N
a|| N
b|| ID
a|| ID
b|| ZSEED
a=DEC (KEA, EncData
a); Check the ID deciphering and obtain
aand ID
bbe whether the identify label of entity A and entity B really, if not then verify incorrect; Check the N deciphering and obtain
aand N
bwith the N sending to entity A before
aand N
bwhether equal, unequal, verify incorrect.
It should be noted that, above proof procedure there is no strict sequence requirement, and any one checking is incorrect, then think to send N to entity A
a|| N
b|| EncData
a|| MAC
a|| MacTag
athe result be incorrect.
To sum up, the present invention is based on the identity verify that symmetric cryptographic algorithm achieves the inter-entity of band key agreement function, suitable application area widely.The present invention is applicable to radio frequency discrimination RFID, sensor network WSN, near-field communication NFC, and contactless card, WLAN (wireless local area network) WLAN etc. carry out the field communicated based on air interface.Entity A and entity B can be read write line in RFID field and label, the node in sensor network, the terminal equipment in NFC field, the card reader in contactless card technical field and card, the terminal in WLAN (wireless local area network) and access point etc.
In addition, in better embodiment of the present invention, when technical solution of the present invention is used for NFC field, entity A sends to the N of entity B
autilize ACT_REQ protocol Data Unit to carry out encapsulating rear transmission, entity B sends to the N of entity A
b|| N
a|| EncData
b|| MAC
butilize ACT_RES protocol Data Unit to carry out encapsulating rear transmission, entity A sends to the N of entity B
a|| N
b|| EncData
a|| MAC
a|| MacTag
autilize VFY_REQ protocol Data Unit to carry out encapsulating rear transmission, entity B sends to the MacTag of entity A
butilize VFY_RES protocol Data Unit to carry out encapsulating rear transmission, wherein, ACT_REQ, ACT_RES, VFY_REQ and VFY_RES are the protocol data unit format meeting standard ISO/IEC13157-1 definition.After encapsulation like this, the compatibility of technical solution of the present invention and existing other security mechanisms of NFC is more excellent.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the present invention can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
The present invention describes with reference to according to the flow chart of the method for the embodiment of the present invention, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Although describe the preferred embodiments of the present invention, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (12)
1. a method for authenticating entities, carry out identity verify for have shared wildcard PSK and mutually knowing between the entity A of the other side's identify label and entity B, it is characterized in that, described method comprises:
Step 1, entity A produce random number N
a, and send to entity B;
Step 2, entity B receive N
aafter, generate random number N
bwith for the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), entity B sends N
b|| N
a|| EncData
b|| MAC
bto entity A, wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID
afor the identify label of entity A, ID
bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods;
Step 3, entity A receive N
b|| N
a|| EncData
b|| MAC
bafter verify, if verify incorrect, then stop differentiate;
Step 4, entity A produce the random number ZSEED be used for as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), send N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato entity B, wherein, KDF2 is a kind of Key derivation algorithm, and MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm;
Step 5, entity B receive N
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, if verify incorrect, then stop differentiate;
Step 6, entity B calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if equal, then think that entity A identity is legal; If unequal, stop differentiating; Wherein, KDF2 is a kind of Key derivation algorithm;
Step 7, entity B calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), and by MacTag
bsend to entity A, wherein, MsgID2 is a message SN;
Step 8, entity A receive MacTag
bafter, first calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bwith the MacTag received
bcompare, if equal, then think that entity B identity is legal.
2. the method for claim 1, is characterized in that, in described step 3, entity A receives N
b|| N
a|| EncData
b|| MAC
bafter verify, comprising:
3.1, the N received is checked
awith the N sending to entity B before
awhether equal, unequal, verify incorrect;
3.2, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), and calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), compare the MAC calculated
bwith the MAC received
bwhether equal, unequal, verify incorrect;
3.3, N is deciphered
a|| N
b|| ID
a|| ID
b|| ZSEED
b=DEC (KEA, EncData
b); Check the ID deciphering and obtain
abe whether the identify label of entity A really, if not then verify incorrect; Check the ID deciphering and obtain
bbe whether the identify label of entity B really, if not then verify incorrect; Check the N deciphering and obtain
awith the N sending to entity B before
awhether equal, unequal, verify incorrect; Check the N deciphering and obtain
bwith the N received
b|| N
a|| EncData
b|| MAC
bin N
bwhether equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to receive N to entity A
b|| N
a|| EncData
b|| MAC
bthe result is incorrect.
3. the method for claim 1, is characterized in that, in described step 5, entity B receives N
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, comprising:
5.1, the N received is checked
awith the N sending to entity A before
awhether equal, unequal, verify incorrect;
5.2, the N received is checked
bwith the N sending to entity A before
bwhether equal, unequal, verify incorrect;
5.3, Message Authentication Code MAC is calculated
a=MAC1 (KIA, N
a|| N
b|| EncData
a), compare the MAC calculated
awith the MAC received
awhether equal, unequal, verify incorrect;
5.4, N is deciphered
a|| N
b|| ID
a|| ID
b|| ZSEED
a=DEC (KEA, EncData
a); Check the ID deciphering and obtain
abe whether the identify label of entity A really, if not then verify incorrect; Check the ID deciphering and obtain
bbe whether the identify label of entity B really, if not then verify incorrect; Check the N deciphering and obtain
aand N
bwith the N sending to entity A before
aand N
bwhether correspondent equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to receive N to entity B
a|| N
b|| EncData
a|| MAC
a|| MacTag
athe result is incorrect.
4. a when entity A and entity B carry out identity verify, the method for work of entity A, wherein, entity A has the wildcard PSK between entity B and knows the identify label of entity B, and it is characterized in that, described method comprises:
Produce random number N
a, and send to entity B;
Receive the N that entity B is sent
b|| N
a|| EncData
b|| MAC
bafter verify, if verify incorrect, then stop differentiate;
Produce the random number ZSEED be used for as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), send N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato entity B;
Receive the MacTag that entity B is sent
bafter, first calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bwith the MacTag received
bcompare, if equal, then think that entity B identity is legal;
Wherein, ID
afor the identify label of entity A, ID
bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm; Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
5. method as claimed in claim 4, is characterized in that, the described N receiving entity B and send
b|| N
a|| EncData
b|| MAC
bafter verify, comprising:
Check the N received
awith the N sending to entity B before
awhether equal, unequal, verify incorrect;
Computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), and calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), compare the MAC calculated
bwith the MAC received
bwhether equal, unequal, verify incorrect;
Deciphering N
a|| N
b|| ID
a|| ID
b|| ZSEED
b=DEC (KEA, EncData
b); Check the ID deciphering and obtain
abe whether the identify label of entity A really, if not then verify incorrect; Check the ID deciphering and obtain
bbe whether the identify label of entity B really, if not then verify incorrect; Check the N deciphering and obtain
awith the N sending to entity B before
awhether equal, unequal, verify incorrect; Check the N deciphering and obtain
bwith the N received
b|| N
a|| EncData
b|| MAC
bin N
bwhether equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to the N received
b|| N
a|| EncData
b|| MAC
bthe result be incorrect.
6. a when entity A and entity B carry out identity verify, the method for work of entity B, wherein, entity B has the wildcard PSK between entity A and knows the identify label of entity A, and it is characterized in that, described method comprises:
Receive the N that entity A is sent
aafter, generate random number N
bwith for the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), send N
b|| N
a|| EncData
b|| MAC
bto entity A;
Receive the N that entity A is sent
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, if verify incorrect, then stop differentiate;
Calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if unequal, stop differentiating; If equal, then think that entity A identity is legal, and calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), by MacTag
bsend to entity A;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID
afor the identify label of entity A, ID
bfor the identify label of entity B, ENC is a kind of cryptographic algorithm, MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
7. method as claimed in claim 6, is characterized in that, the described N receiving entity A and send
a|| N
b|| EncData
a|| MAC
a|| MacTag
aafter verify, comprising:
Check the N received
awith the N sending to entity A before
awhether equal, unequal, verify incorrect;
Check the N received
bwith the N sending to entity A before
bwhether equal, unequal, verify incorrect;
Calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), compare the MAC calculated
awith the MAC received
awhether equal, unequal, verify incorrect;
Deciphering N
a|| N
b|| ID
a|| ID
b|| ZSEED
a=DEC (KEA, EncData
a); Check the ID deciphering and obtain
abe whether the identify label of entity A really, if not then verify incorrect; Check the ID deciphering and obtain
bbe whether the identify label of entity B really, if not then verify incorrect; Check the N deciphering and obtain
aand N
bwith the N sending to entity A before
aand N
bwhether correspondent equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to receiving N
a|| N
b|| EncData
a|| MAC
a|| MacTag
athe result be incorrect.
8. a device, for carrying out identity verify with another device, described device comprises memory cell, processing unit and Transmit-Receive Unit, it is characterized in that:
Memory cell is for storing the identify label of wildcard PSK between another device described and another device described;
Processing unit is for generation of random number N
a;
Transmit-Receive Unit is used for N
asend to another device described, and for receiving the N that another device described is sent
b|| N
a|| EncData
b|| MAC
b;
The N of processing unit also for sending another device described
b|| N
a|| EncData
b|| MAC
bverify, if verify incorrect, then stop differentiating;
Processing unit is also for generation of the random number ZSEED as key seed
a, calculate ciphertext EncData
a=ENC (KEA, N
a|| N
b|| ID
a|| ID
b|| ZSEED
a), calculate Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), calculate shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), generate N
a|| N
b|| EncData
a|| MAC
a|| MacTag
a;
Transmit-Receive Unit is also for sending N
a|| N
b|| EncData
a|| MAC
a|| MacTag
ato another device described, and for receiving the MacTag that another device described is sent
b;
Processing unit is also for calculating message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a), the MacTag then will calculated
bthe MacTag sent with another device described
bcompare, if equal, then think that another device identity described is legal;
Wherein, ID
afor the identify label of described device, ID
bfor the identify label of another device described, ENC is a kind of cryptographic algorithm, and MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm; Wherein, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
9. device as claimed in claim 8, is characterized in that, the N of described processing unit also for sending another device described
b|| N
a|| EncData
b|| MAC
bverify, comprising:
The N that processing unit inspection receives
awith the N sending to another device described before
awhether equal, unequal, verify incorrect;
Processing unit computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), and calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), compare the MAC calculated
bwith the MAC received
bwhether equal, unequal, verify incorrect;
Processing unit deciphering N
a|| N
b|| ID
a|| ID
b|| ZSEED
b=DEC (KEA, EncData
b), check the ID deciphering and obtain
abe whether the identify label of described device really, if not then verify incorrect; Check the ID deciphering and obtain
bbe whether the identify label of another device described really, if not then verify incorrect; Check the N deciphering and obtain
awith the N sending to another device described before
awhether equal, unequal, verify incorrect; Check the N deciphering and obtain
bwith the N received
b|| N
a|| EncData
b|| MAC
bin N
bwhether equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think the N sent another device described
b|| N
a|| EncData
b|| MAC
bthe result be incorrect.
10. a device, for carrying out identity verify with another device, described device comprises memory cell, processing unit and Transmit-Receive Unit, it is characterized in that:
Memory cell is for storing the identify label of wildcard PSK between another device described and another device described;
The N that Transmit-Receive Unit is sent for receiving another device described
a;
Processing unit is for generating random number N
bwith the random number ZSEED as key seed
b, computation key MKA||KEA||KIA=KDF1 (N
a, N
b, PSK, ID
a, ID
b), calculate ciphertext EncData
b=ENC (KEA, N
b|| N
a|| ID
b|| ID
a|| ZSEED
b), calculate Message Authentication Code MAC
b=MAC1 (KIA, N
b|| N
a|| EncData
b), and generate N
b|| N
a|| EncData
b|| MAC
b;
Transmit-Receive Unit is also for sending N to another device described
b|| N
a|| EncData
b|| MAC
b, and for receiving the N that another device described is sent
a|| N
b|| EncData
a|| MAC
a|| MacTag
a;
The N of processing unit also for sending another device described
a|| N
b|| EncData
a|| MAC
a|| MacTag
averify, if verify incorrect, then stop differentiating;
Processing unit is also for calculating shared secret Z=ZSEED
a⊕ ZSEED
b, calculate master key MK=KDF2 (N
a, N
b, Z, ID
a, ID
b), calculate message identification mark MacTag
a=MAC2 (MK, MsgID1||ID
a|| ID
b|| N
a|| N
b), and with the MacTag received
acompare, if unequal, stop differentiating; If equal, then think that another device identity described is legal, and calculate message identification mark MacTag
b=MAC2 (MK, MsgID2||ID
b|| ID
a|| N
b|| N
a);
Transmit-Receive Unit is also for sending MacTag to another device described
b;
Wherein, MKA is authentication key, and KEA is Message Encryption key, and KIA is message integrity key, and KDF1 is a kind of Key derivation algorithm, ID
afor the identify label of another device described, ID
bfor the identify label of described device, ENC is a kind of cryptographic algorithm, MAC1 is a kind of Message Authentication Code computational methods, KDF2 is a kind of Key derivation algorithm, MsgID1 is a message SN, and " ⊕ " represents by bit XOR, and MAC2 is a kind of Message Authentication Code generating algorithm, KDF2 is a kind of Key derivation algorithm, and MsgID2 is a message SN.
11. devices as claimed in claim 10, is characterized in that, the N of described processing unit also for sending another device described
a|| N
b|| EncData
a|| MAC
a|| MacTag
averify, comprising:
The N that processing unit inspection receives
awith the N sending to another device described before
awhether equal, unequal, verify incorrect;
The N that processing unit inspection receives
bwith the N sending to another device described before
bwhether equal, unequal, verify incorrect;
Processing unit calculates Message Authentication Code MAC
a=MAC1 (KIA, N
a|| N
b|| EncData
a), compare the MAC calculated
awith the MAC received
awhether equal, unequal, verify incorrect;
Processing unit deciphering N
a|| N
b|| ID
a|| ID
b|| ZSEED
a=DEC (KEA, EncData
a); Check the ID deciphering and obtain
abe whether the identify label of another device described really, if not then verify incorrect; Check the ID deciphering and obtain
bbe whether the identify label of described device really, if not then verify incorrect; Check the N deciphering and obtain
aand N
bwith the N sending to another device described before
aand N
bwhether correspondent equal, unequal, verify incorrect; Wherein, DEC is decipherment algorithm;
Wherein, any one checking is incorrect, then think to send N to another device described
a|| N
b|| EncData
a|| MAC
a|| MacTag
athe result be incorrect.
12., as the method in claim 1-11 as described in any one or device, is characterized in that, N
aaCT_REQ data protocol unit is utilized to carry out encapsulating rear transmission, N
b|| N
a|| EncData
b|| MAC
baCT_RES data protocol unit is utilized to carry out encapsulating rear transmission, N
a|| N
b|| EncData
a|| MAC
a|| MacTag
avFY_REQ data protocol unit is utilized to carry out encapsulating rear transmission, MacTag
butilize VFY_RES data protocol unit to carry out encapsulating rear transmission, wherein, ACT_REQ, ACT_RES, VFY_REQ and VFY_RES are the protocol data unit format meeting standard ISO/IEC13157-1 definition.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410126144.1A CN104954129B (en) | 2014-03-31 | 2014-03-31 | Method for authenticating entities and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410126144.1A CN104954129B (en) | 2014-03-31 | 2014-03-31 | Method for authenticating entities and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104954129A true CN104954129A (en) | 2015-09-30 |
CN104954129B CN104954129B (en) | 2019-09-27 |
Family
ID=54168508
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410126144.1A Active CN104954129B (en) | 2014-03-31 | 2014-03-31 | Method for authenticating entities and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104954129B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242323A (en) * | 2007-02-06 | 2008-08-13 | 华为技术有限公司 | Establishment method and home network system for pipes between devices |
CN101272251A (en) * | 2007-03-22 | 2008-09-24 | 华为技术有限公司 | Authentication and cryptographic key negotiation method, authentication method, system and equipment |
CN101699891A (en) * | 2009-10-21 | 2010-04-28 | 西安西电捷通无线网络通信有限公司 | Method for key management and node authentication of sensor network |
CN102036242A (en) * | 2009-09-29 | 2011-04-27 | 中兴通讯股份有限公司 | Access authentication method and system in mobile communication network |
US20130195271A1 (en) * | 2008-03-03 | 2013-08-01 | Sony Corporation | Communication device and communication method |
-
2014
- 2014-03-31 CN CN201410126144.1A patent/CN104954129B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242323A (en) * | 2007-02-06 | 2008-08-13 | 华为技术有限公司 | Establishment method and home network system for pipes between devices |
CN101272251A (en) * | 2007-03-22 | 2008-09-24 | 华为技术有限公司 | Authentication and cryptographic key negotiation method, authentication method, system and equipment |
US20130195271A1 (en) * | 2008-03-03 | 2013-08-01 | Sony Corporation | Communication device and communication method |
CN102036242A (en) * | 2009-09-29 | 2011-04-27 | 中兴通讯股份有限公司 | Access authentication method and system in mobile communication network |
CN101699891A (en) * | 2009-10-21 | 2010-04-28 | 西安西电捷通无线网络通信有限公司 | Method for key management and node authentication of sensor network |
Also Published As
Publication number | Publication date |
---|---|
CN104954129B (en) | 2019-09-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101931894B1 (en) | Entity authentication method and device based on pre-shared key | |
US10567428B2 (en) | Secure wireless ranging | |
CN102142961B (en) | Method, device and system for authenticating gateway, node and server | |
JP7232816B2 (en) | Authentication system and authentication method for authenticating assets | |
CN105069864A (en) | Door lock control secure communication scheme based on NFC (near field communication) function of smart phone | |
CN104704769A (en) | A wireless communication system | |
CN106464498A (en) | Method for the authentication of a first electronic entity by a second electronic entity, and electronic entity implementing such a method | |
EP3128696B1 (en) | Entity authentication method and device | |
CN112753203B (en) | Secure communication method and device | |
CN107483191A (en) | A kind of SM2 algorithm secret keys segmentation signature system and method | |
CN101645899A (en) | Bidirectional authentication method and system based on symmetric encipherment algorithm | |
CN113556230B (en) | Data security transmission method, certificate related method, server, system and medium | |
CN101895882A (en) | Data transmission method, system and device in WiMAX system | |
CN102970676A (en) | Method for processing original data, internet of thing system and terminal | |
CN104333539A (en) | RFID security authentication method based on Chebyshev mapping | |
CN103916840A (en) | Method for binding and verification of mobile device and external device | |
CN103905197A (en) | SIM card and external device binding and verifying method | |
CN109922022A (en) | Internet of Things communication means, platform, terminal and system | |
JP2018082353A (en) | Communication system, server, communication device, communication method, and program | |
CN105516182A (en) | Bidirectional authentication method and system used between smart card and reader-writer | |
CN104954129A (en) | Entity identification method and device | |
KR20150135717A (en) | Apparatus and method for sharing initial secret key in mobile multi-hop network | |
CN103580860B (en) | Data transmission method, device, system and communication equipment in short-range communication | |
CN109688581A (en) | A kind of safe transmission method and device of data | |
Zhu et al. | An improved RFID-based authentication protocol for rail transit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20150930 Assignee: Shenzhen mingwah Aohan Smart Card Co. Ltd. Assignor: Anxi Dianjietong Wireless Network Communications Co.,Ltd. Contract record no.: 2018610000009 Denomination of invention: Entity identification method and device License type: Common License Record date: 20180320 |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
GR01 | Patent grant | ||
GR01 | Patent grant |