CN106789042B - Authentication key negotiation method for user in IBC domain to access resources in PKI domain - Google Patents

Authentication key negotiation method for user in IBC domain to access resources in PKI domain Download PDF

Info

Publication number
CN106789042B
CN106789042B CN201710081516.7A CN201710081516A CN106789042B CN 106789042 B CN106789042 B CN 106789042B CN 201710081516 A CN201710081516 A CN 201710081516A CN 106789042 B CN106789042 B CN 106789042B
Authority
CN
China
Prior art keywords
domain
user
ibc
authentication server
pki
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710081516.7A
Other languages
Chinese (zh)
Other versions
CN106789042A (en
Inventor
张文芳
袁超
王小敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongfu Qiyue Beijing Technology Co ltd
Original Assignee
Southwest Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Jiaotong University filed Critical Southwest Jiaotong University
Priority to CN201710081516.7A priority Critical patent/CN106789042B/en
Publication of CN106789042A publication Critical patent/CN106789042A/en
Application granted granted Critical
Publication of CN106789042B publication Critical patent/CN106789042B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An authentication key negotiation method for a user in an IBC domain to access resources in a PKI domain mainly comprises the following operation steps: A. application access: the IBC domain user sends a request for accessing the resources of the PKI domain to an authentication server of the IBC domain, and the IBC domain authentication server forwards the user access request to the authentication server of the PKI domain after authenticating the identity validity of the user; B. generating and sending an access authorization ticket; C. bidirectional identity authentication and negotiation session key: the session key is obtained by carrying out XOR processing on the authentication server part of the session key and the filled user part; D. re-authentication: when the user part of the session key exceeds the life cycle of the user, but the authentication server part of the session key is still in the life cycle of the user, if the user of the IBC domain still needs to access the resources of the PKI domain, the quick re-authentication can be carried out; E. the session is aborted. The method can effectively realize the authentication key agreement of the user in the IBC domain for accessing the resources in the PKI domain, and has the advantages of less resource consumption and high safety.

Description

Authentication key negotiation method for user in IBC domain to access resources in PKI domain
Technical Field
The invention belongs to the technical field of cross-heterogeneous domain authentication and key agreement in information communication.
Background
In various applications of distributed network environments, such as virtual enterprises, instant messaging systems, and the like, users often have different trust domains with respect to information resources they wish to access. Different trust domains may be based on different cryptosystems, such as a Kerberos-based cryptosystem, a PKI (public key infrastructure) -based cryptosystem, and an IBC (identity-based cryptography) based cryptosystem, among others. The method of authenticated key agreement between homogeneous domains has been studied more and has formed a standard and been widely used. There has also been much research on an authenticated key agreement method between two domains, PKI and Kerberos. However, few studies have been made on an authenticated key agreement method when a user in an IBC domain accesses resources in a PKI domain. In application scenarios such as virtual enterprise, agile manufacturing, etc. in a distributed network, the application requirements of users of the IBC domain to access resources of the PKI domain are many.
The existing documents for authentication key agreement when the user of the IBC domain accesses the resources of the PKI domain are only:
document 1, "cross-domain authorization of heterogeneous domains" (mengxin, hulian, jungle, etc.. cross-domain authorization of heterogeneous trust domains [ J ]. journal of university of jilin, 2010,48(1):89-93.) relies on a mutual trust interconnection system between PKI homogeneous domains, and trusted interconnection between the cross-IBC and PKI domains is realized by adopting identity mapping and cross-domain authorization. However, in the document, a large number of certificates are used for many times, and a large number of resources are consumed in the processes of transferring and storing the certificates, so that the certificate is not in accordance with the original intention of people for designing an IBC cryptosystem; the identity mapping mode is not direct, and the feasibility is not high in the practical application. The document only uses the idea of authentication in the ways of identity mapping and trust transfer, has no specific scheme flow, and can only count as a new idea of cross-domain authorization rather than a scheme that can be directly implemented.
Disclosure of Invention
The invention aims to provide an authentication key agreement method for a user in an IBC domain to access resources in a PKI domain, which can effectively realize the authentication key agreement for the user in the IBC domain to access the resources in the PKI domain, and has the advantages of less resource consumption and high safety.
The technical scheme adopted by the invention for realizing the aim is that the authentication key negotiation method for the user in the IBC domain to access the resources in the PKI domain comprises the following operation steps:
A. application access
A user U of the IBC domain sends a request for accessing a resource S of the PKI domain to an authentication server TA of the IBC domain, and the identity legitimacy of the user U of the IBC domain is authenticated by the IBC domain authentication server TA; if the authentication is not passed, jumping to the step E; otherwise, forwarding the access request of the user U of the IBC domain to a PKI domain authentication server CA, and sending the public key PK of the PKI domain authentication server CA to the user UCA
B. Generating and sending access authorization ticket
The PKI domain authentication server CA performs identity authentication on the IBC domain authentication server TA, and if the authentication fails, the step E is skipped; otherwise, the PKI domain authentication server CA generates an authentication server part K of a session key K for accessing the resources S in the PKI domain by the user U of the IBC domain1And encrypts and generates a corresponding access authorization Ticket1(ii) a Meanwhile, the PKI domain authentication server CA sends the identity ID of the user U of the IBC domain in the access request through the IBC domain authentication server TAUCalculating user U of IBC domainPublic key Q ofU
PKI domain authentication server CA utilizes its own private key SKCAPublic key PK for resources S in PKI domainSAuthentication server part K of a session key K1And access authorization Ticket1Performing signature processing to obtain a signed message MsignAnd then the public key Q of the user U of the IBC domain is utilizedUFor signed message MsignEncrypting to obtain an encrypted message MA2CA->UAnd sending the user U to the IBC domain;
C. bidirectional identity authentication and negotiation session key
C1, user U of IBC domain utilizes self private key SUFor the encrypted message M sent by the PKI domain authentication server CAA2CA->UDecrypting to obtain the public key PK of the resource S in the PKI domainSAuthentication server part K of a session key K1And access authorization Ticket1Reuse the public key PK of the PKI domain authentication server CACAVerifying the validity of the signature, and if the verification fails, jumping to the step E; otherwise, the user U of the IBC domain generates the user part K of the session key K2And a user part K of the session key K2Padding the first place to make it and the authentication server part K of the session key K1Is the same, and then the authentication server part K for the session key K1And a filled user part K2Carrying out XOR processing to obtain a complete session key K;
c2, user U of IBC domain reusing public key PK of resource S in PKI domainSFor the user part K of the session key K2Encrypting to obtain user ciphertext S-k2(ii) a At the same time, the ID of the resource S in the PKI domain is identified by the session key KSEncrypting to obtain an identity identification ciphertext S-ID; then the user cipher text S-k is processed2And identity identification ciphertext S-ID together with access authorization Ticket Ticket in step B1Together sent to the resource S in the PKI domain;
c3, resource S in PKI domain uses its own private key SKSFor received user cipher text S-k2Decrypting to obtain the user part K of the resource end session key K2' of a compound of formula I; ticket for authorizing access1Decrypting and extracting to obtain the authentication server part K of the resource terminal session key K1' of a compound of formula I; then the user part K of the resource end session key K' is divided into two parts2The first place is filled with the authentication server part K of the resource side session key K1'the number of bits is the same, and then the authentication server part K of the resource side session key K' is applied1' and the populated user part K2Performing XOR processing to obtain a complete resource end session key K'; then the resource-end session key K ' is used for decrypting the received ID ciphertext S-ID so as to obtain the extracted ID IDS ' of the resource S in the PKI domain, and the extracted ID IDS ' and the ID of the resource S in the PKI domain are obtainedSB, verifying, and if the two are not consistent, skipping to the step E; otherwise, the resource S in the PKI domain uses the resource end session key K' to identify the IDSEncrypting to obtain a resource end identity identification ciphertext M of the resource S in the PKI domainA3S->UAnd sending the user U to the IBC domain;
c4, IBC domain user U uses session key K to identify cipher text M for received resource end identityA3S->UDecrypting to obtain a user side identity IDS 'of the resource S in the PKI domain, verifying the validity of the user side identity IDS' of the resource S in the PKI domain, and jumping to the step E if the verification fails; otherwise, the user U of the IBC domain completes the authentication key negotiation with the resource S of the PKI domain, and the user U of the IBC domain utilizes the session key K to safely access the resource S of the PKI domain;
D. re-authentication
Authentication server part K when session key K1When the life cycle of the user U exceeds the life cycle of the user U, if the user U of the IBC domain does not access the resource S of the PKI domain any more, jumping to the step E; if the user U of the IBC domain still needs to access the resource S of the PKI domain, jumping to the step A;
when the user part K of the session key K2Authentication server part K beyond its life cycle, but for the session key K1If the user U of the IBC domain does not access the resource S of the PKI domain any more while still in the life cycle, jumping to the step E; if the user U of the IBC domain still needs to access the resources of the PKI domainThe source S jumps to the step A or carries out quick re-authentication;
E. the session is aborted.
Compared with the prior art, the invention has the beneficial effects that:
the invention provides a cross-heterogeneous domain authentication key negotiation method when a user in an IBC domain accesses resources in a PKI domain, so that the user in the IBC domain can safely access the resources in the PKI domain.
And secondly, the IBC domain authentication server sends the public key of the PKI domain authentication server to the user in the domain, so that the validity of the message sent by the subsequent PKI domain authentication server can be ensured to be successfully verified, and meanwhile, the user does not need to store the certificate of the PKI domain authentication server, so that the consumption of system resources is reduced.
And thirdly, the session key is obtained by performing exclusive-or processing on the authentication server part and the user part of the session key, so that the security is greatly improved and the increased resource consumption is less compared with the session key generated by the authentication server.
Further, the specific way in which the user U of the IBC domain in step a of the present invention sends a request for accessing the resource S of the PKI domain to the authentication server TA of the IBC domain is:
user U of IBC domain selects random integer r1,r1∈Zq(ii) a In the formula, ZqRepresents a set of all integers smaller than q, q being a prime number exceeding 32 bits of binary bits; then random integer r1With the public key P of the systempubCarrying out point multiplication operation based on elliptic curve to obtain public key point parameter R3Then the public key point parameter R is used3Public key Q of authentication server TA with IBC domainTAMapping bilinear pairings to obtain mapping point parameters R1,R1=e(R3,QTA) Where e () represents a bilinear pairwise map; at the same time, a random integer r1Then, the elliptic curve generating element P is subjected to point multiplication operation based on the elliptic curve to obtain a generating element point parameter R2(ii) a Mapping point parameter R1Performing hash operation to obtain hash value H (R) of mapping point parameter1) And obtaining mapping by inverting the obtained hash valueHash value inverse H (R) of point parameter1)-1Then, the hash value of the mapping point parameter is inverted to H (R)1)-1Private key S of user U with IBC domainUObtaining the temporary identity Tid of the user by performing dot product operationU(ii) a Identify ID of user U of IBC domainUIdentity ID of a resource S of a PKI domainSAnd timestamp T at the time of message issuance1Form identity information plaintext segment m1,m1={IDU,IDS,T1And then, a public key Q of an authentication server TA of the IBC domain is utilizedTAFor identity information plaintext segment m1Carrying out encryption operation based on identity algorithm to obtain identity information ciphertext segment c1,c1=IBE{IDU,IDS,T1}QTAWherein IBE { … } QTAPublic key Q representing an authentication server TA utilizing IBC domainsTACarrying out encryption operation based on an identity algorithm;
subsequently, the user U of the IBC domain assigns the temporary identity Tid of the userUGenerating a meta-point parameter R2And identity information ciphertext section c1Composing request messages MA1,MA1=TidU,R2,c1(ii) a And sends it to the authentication server TA of the IBC domain.
Therefore, the temporary identity of the user is constructed by using the random number, the system public key of the IBC domain and the generating element of the elliptic curve through point multiplication, bilinear pairwise mapping and Hash, so that the temporary identity is difficult to crack and forge, the temporary identity can be transmitted in a plaintext form, the communication traffic and the calculated amount are reduced, and the safety of information transmission is ensured; and the temporary identity realizes the anonymity of the user identity, and prevents a malicious entity from tracking the user.
Further, the specific way in which the IBC domain authentication server TA in step a of the present invention authenticates the identity validity of the user U in the IBC domain is:
IBC domain authentication server TA will receive the request message MA1Generating meta-point parameter R in (1)2And private key S of authentication server TA of IBC domainTADoing bilinear mapping to recalculate mapping point parameter R1,R1=e(R2,STA) (ii) a Then the recalculated mapping point parameter R is repeated1Performing hash operation to obtain hash value H (R) of mapping point parameter1) Then, the point multiplication operation based on the elliptic curve is carried out with the generating element P of the elliptic curve to obtain a hash value generating element point parameter R4Then, the user U temporary identity Tid of the IBC domain is receivedUCarrying out bilinear pairwise mapping to obtain a retrieval number Ind of a user U of the IBC domain in an authentication server TA of the IBC domainU,IndU=e(TidU,R4) (ii) a By said search number IndUObtaining the identity ID of the user U of the IBC domain stored in the TA end of the authentication server of the IBC domainU'; private key S of authentication server TA of IBC domain is reusedTAFor request message MA1Identity information encrypted segment c in1Carrying out decryption operation to obtain the identity information plaintext segment m1Identity ID of IBC domain user in (1)U(ii) a If the time stamp T1Fresh and user U of IBC Domain stores identity ID of authentication Server TA of IBC DomainU' and identity information plaintext segment m1Identity ID of user U of IBC domain in (1)UIf the identity is consistent with the identity, the identity validity authentication is passed; otherwise, the authentication is not passed;
therefore, when the IBC domain authentication server verifies the identity of the user, the index value of the user in the IBC domain authentication server is obtained by performing point multiplication, bilinear pairwise mapping and Hash operation on the temporary identity, the generated element point parameter, the private key of the IBC domain authentication server and the generated element of the elliptic curve, and the identity validity of the user is verified by using a traditional identity-based signature algorithm, so that the calculated amount is greatly reduced, and the safety is not influenced.
Further, in step A of the present invention, the authentication server TA of the IBC domain sends the public key PK of the PKI domain authentication server CA to the user U of the IBC domainCAThe method comprises the following steps:
public key PK of PKI domain authentication server CACAID, IDCAAnd a time stamp T at the time of sending the message3Signing and encrypting together to form a public key ciphertext c2Then, the public key cryptograph c is used2Sent to the PKI domain authentication server CA.
Therefore, the IBC domain authentication server sends the public key ciphertext containing the public key of the PKI domain authentication server to the user in the domain, so that the validity of the message sent by the subsequent PKI domain authentication server can be ensured to be successfully verified, meanwhile, the user does not need to store the certificate of the PKI domain authentication server, and the consumption of system resources is reduced.
Further, the authentication server part K of the session key K in step B of the invention1The number of bits of (2) is 128 bits; in the step C1, the user U in the IBC domain generates the user part K of the session key K2Is 80 bits in length.
Thus, the session key is obtained by exclusive-or of the 80-bit user part padding and the 128-bit authentication server part, and compared with the session key obtained by only the 128-bit authentication server part, the life cycle of the key is shorter, the security of the session key is ensured, and the increased traffic is small.
Further, the specific method of the fast re-authentication in step D of the present invention is:
user U in IBC domain generates user part K of re-authentication session key K ″2And will re-authenticate the user part K of the session key K ″2"fill-in first place with authentication server part K re-authenticating session key K1Is the same, and then re-authenticates the authentication server portion K of the session key K ″1And a filled user part K2Performing XOR processing to obtain a complete re-authentication session key K'; then, go to step C2.
Thus, when the user portion of the session key exceeds its lifecycle, but the authentication server portion of the session key is still in its lifecycle; if the user of the IBC domain still needs to access the resources of the PKI domain, the method can carry out quick re-authentication without carrying out operations of applying for access and accessing the generation and distribution of the authorization bill again, and greatly reduces the interaction times, communication traffic and calculation amount of the method on the premise of ensuring the access safety.
The present invention will be described in further detail with reference to specific embodiments.
Detailed Description
Examples
An authentication key negotiation method for a user in an IBC domain to access resources in a PKI domain comprises the following operation steps:
A. application access
A user U of the IBC domain sends a request for accessing a resource S of the PKI domain to an authentication server TA of the IBC domain, and the identity legitimacy of the user U of the IBC domain is authenticated by the IBC domain authentication server TA; if the authentication is not passed, jumping to the step E; otherwise, forwarding the access request of the user U of the IBC domain to a PKI domain authentication server CA, and sending the public key PK of the PKI domain authentication server CA to the user UCA
B. Generating and sending access authorization ticket
The PKI domain authentication server CA performs identity authentication on the IBC domain authentication server TA, and if the authentication fails, the step E is skipped; otherwise, the PKI domain authentication server CA generates an authentication server part K of a session key K for accessing the resources S in the PKI domain by the user U of the IBC domain1And encrypts and generates a corresponding access authorization Ticket1(ii) a Meanwhile, the PKI domain authentication server CA sends the identity ID of the user U of the IBC domain in the access request through the IBC domain authentication server TAUCalculating the public key Q of the user U in the IBC domainU
PKI domain authentication server CA utilizes its own private key SKCAPublic key PK for resources S in PKI domainSAuthentication server part K of a session key K1And access authorization Ticket1Performing signature processing to obtain a signed message MsignAnd then the public key Q of the user U of the IBC domain is utilizedUFor signed message MsignEncrypting to obtain an encrypted message MA2CA->UAnd sending the user U to the IBC domain;
C. bidirectional identity authentication and negotiation session key
C1, user U of IBC domain utilizes self private key SUFor the encrypted message M sent by the PKI domain authentication server CAA2CA->UDecrypting to obtain the public key PK of the resource S in the PKI domainSAuthentication server part K of a session key K1And access authorization Ticket1Reuse the public key PK of the PKI domain authentication server CACAVerifying the validity of the signature, and if the verification fails, jumping to the step E; otherwise, the user U of the IBC domain generates the user part K of the session key K2And a user part K of the session key K2Padding the first place to make it and the authentication server part K of the session key K1Is the same, and then the authentication server part K for the session key K1And a filled user part K2Carrying out XOR processing to obtain a complete session key K;
c2, user U of IBC domain reusing public key PK of resource S in PKI domainSFor the user part K of the session key K2Encrypting to obtain user ciphertext S-k2(ii) a At the same time, the ID of the resource S in the PKI domain is identified by the session key KSEncrypting to obtain an identity identification ciphertext S-ID; then the user cipher text S-k is processed2And identity identification ciphertext S-ID together with access authorization Ticket Ticket in step B1Together sent to the resource S in the PKI domain;
c3, resource S in PKI domain uses its own private key SKSFor received user cipher text S-k2Decrypting to obtain the user part K of the resource end session key K2' of a compound of formula I; ticket for authorizing access1Decrypting and extracting to obtain the authentication server part K of the resource terminal session key K1' of a compound of formula I; then the user part K of the resource end session key K' is divided into two parts2The first place is filled with the authentication server part K of the resource side session key K1'the number of bits is the same, and then the authentication server part K of the resource side session key K' is applied1' and the populated user part K2Performing XOR processing to obtain a complete resource end session key K'; then the resource-end session key K ' is used for decrypting the received ID ciphertext S-ID so as to obtain the extracted ID IDS ' of the resource S in the PKI domain, and the extracted ID IDS ' and the ID of the resource S in the PKI domain are obtainedSB, verifying, and if the two are not consistent, skipping to the step E; otherwise, the resource S in the PKI domain uses the resource end session key K' to identify the IDSEncrypting to obtain a resource end identity identification ciphertext M of the resource S in the PKI domainA3S->UAnd sending the user U to the IBC domain;
c4, IBC domain user U uses session key K to identify cipher text M for received resource end identityA3S->UDecrypting to obtain a user side identity IDS 'of the resource S in the PKI domain, verifying the validity of the user side identity IDS' of the resource S in the PKI domain, and jumping to the step E if the verification fails; otherwise, the user U of the IBC domain completes the authentication key negotiation with the resource S of the PKI domain, and the user U of the IBC domain utilizes the session key K to safely access the resource S of the PKI domain;
D. re-authentication
Authentication server part K when session key K1When the life cycle of the user U exceeds the life cycle of the user U, if the user U of the IBC domain does not access the resource S of the PKI domain any more, jumping to the step E; if the user U of the IBC domain still needs to access the resource S of the PKI domain, jumping to the step A;
when the user part K of the session key K2Authentication server part K beyond its life cycle, but for the session key K1While still in its lifecycle; if the user U of the IBC domain does not access the resource S of the PKI domain any more, jumping to the step E; if the user U of the IBC domain still needs to access the resource S of the PKI domain, skipping to the step A or carrying out quick re-authentication;
E. the session is aborted.
The specific way in which the user U of the IBC domain sends the request for accessing the resource S of the PKI domain to the authentication server TA of the IBC domain described in step a of this example is:
user U of IBC domain selects random integer r1,r1∈Zq(ii) a In the formula, ZqRepresents a set of all integers smaller than q, q being a prime number exceeding 32 bits of binary bits; then random integer r1With the public key P of the systempubCarrying out point multiplication operation based on elliptic curve to obtain public key point parameter R3Then the public key point parameter R is used3Public key Q of authentication server TA with IBC domainTAMapping bilinear pairings to obtain mapping point parameters R1,R1=e(R3,QTA) Where e () represents a bilinear pairwise map; at the same time, a random integer r1Then, the elliptic curve generating element P is subjected to point multiplication operation based on the elliptic curve to obtain a generating element point parameter R2(ii) a Mapping point parameter R1Performing hash operation to obtain hash value H (R) of mapping point parameter1) And obtaining the hash value inverse element H (R) of the mapping point parameter by performing inverse operation on the obtained hash value1)-1Then, the hash value of the mapping point parameter is inverted to H (R)1)-1Private key S of user U with IBC domainUObtaining the temporary identity Tid of the user by performing dot product operationU(ii) a Identify ID of user U of IBC domainUIdentity ID of a resource S of a PKI domainSAnd timestamp T at the time of message issuance1Form identity information plaintext segment m1,m1={IDU,IDS,T1And then, a public key Q of an authentication server TA of the IBC domain is utilizedTAFor identity information plaintext segment m1Carrying out encryption operation based on identity algorithm to obtain identity information ciphertext segment c1,c1=IBE{IDU,IDS,T1}QTAWherein IBE { … } QTAPublic key Q representing an authentication server TA utilizing IBC domainsTACarrying out encryption operation based on an identity algorithm;
subsequently, the user U of the IBC domain assigns the temporary identity Tid of the userUGenerating a meta-point parameter R2And identity information ciphertext section c1Composing request messages MA1,MA1=TidU,R2,c1(ii) a And sends it to the authentication server TA of IBC domain;
the specific way for the IBC domain authentication server TA to authenticate the identity validity of the user U of the requesting IBC domain in step a of this example is:
IBC domain authentication server TA will receive the request message MA1Generating meta-point parameter R in (1)2And private key S of authentication server TA of IBC domainTADoing bilinear mapping to recalculate mapping point parameter R1,R1=e(R2,STA) (ii) a Then the recalculated mapping point parameter R is repeated1Cooking wineThe hash value H (R) of the mapping point parameter is obtained by the High operation1) Then, the point multiplication operation based on the elliptic curve is carried out with the generating element P of the elliptic curve to obtain a hash value generating element point parameter R4Then, the user U temporary identity Tid of the IBC domain is receivedUCarrying out bilinear pairwise mapping to obtain a retrieval number Ind of a user U of the IBC domain in an authentication server TA of the IBC domainU,IndU=e(TidU,R4) (ii) a By said search number IndUObtaining the identity ID of the user U of the IBC domain stored in the TA end of the authentication server of the IBC domainUB, carrying out the following steps of; private key S of authentication server TA of IBC domain is reusedTAFor request message MA1Identity information encrypted segment c in1Carrying out decryption operation to obtain the identity information plaintext segment m1Identity ID of IBC domain user in (1)U(ii) a If the time stamp T1Fresh, and user U of IBC domain stores identity ID 'of authentication server TA of IBC domain'UAnd identity information plaintext segment m1Identity ID of user U of IBC domain in (1)UIf the identity is consistent with the identity, the identity validity authentication is passed; otherwise, the authentication is not passed;
in step A, the authentication server TA of the IBC domain sends the public key PK of the PKI domain authentication server CA to the user U of the IBC domainCAThe method comprises the following steps:
public key PK of PKI domain authentication server CACAID, IDCAAnd a time stamp T at the time of sending the message3Signing and encrypting together to form a public key ciphertext c2Then, the public key cryptograph c is used2Sent to the PKI domain authentication server CA.
Authentication server part K of session key K in step B of the present example1The number of bits of (2) is 128 bits; in step C1 of this example, user U of the IBC domain generates user part K of session key K2Is 80 bits in length.
The specific way of the fast re-authentication in step D of this example is:
user U in IBC domain generates user part K of re-authentication session key K ″2And will re-authenticate the user part K of the session key K ″2Padding to "head" to have it in re-authentication sessionAuthentication server part K of a secret key K ″1Is the same, and then re-authenticates the authentication server portion K of the session key K ″1And a filled user part K2Performing XOR processing to obtain a complete re-authentication session key K'; then, go to step C2.

Claims (5)

1. An authentication key negotiation method for a user in an IBC domain to access resources in a PKI domain comprises the following operation steps:
A. application access
A user U of the IBC domain sends a request for accessing a resource S of the PKI domain to an authentication server TA of the IBC domain, and the identity legitimacy of the user U of the IBC domain is authenticated by the IBC domain authentication server TA; if the authentication is not passed, jumping to the step E; otherwise, forwarding the access request of the user U of the IBC domain to a PKI domain authentication server CA, and sending the public key PK of the PKI domain authentication server CA to the user UCA
B. Generating and sending access authorization ticket
The PKI domain authentication server CA performs identity authentication on the IBC domain authentication server TA, and if the authentication fails, the step E is skipped; otherwise, the PKI domain authentication server CA generates an authentication server part K of a session key K for accessing the resources S in the PKI domain by the user U of the IBC domain1And encrypts and generates a corresponding access authorization Ticket1(ii) a Meanwhile, the PKI domain authentication server CA sends the identity ID of the user U of the IBC domain in the access request through the IBC domain authentication server TAUCalculating the public key Q of the user U in the IBC domainU
PKI domain authentication server CA utilizes its own private key SKCAPublic key PK for resources S in PKI domainSAuthentication server part K of a session key K1And access authorization Ticket1Performing signature processing to obtain a signed message MsignAnd then the public key Q of the user U of the IBC domain is utilizedUFor signed message MsignEncrypting to obtain an encrypted message MA2CA->UAnd sending the user U to the IBC domain;
C. bidirectional identity authentication and negotiation session key
C1, user U of IBC domain utilizes self private key SUFor the encrypted message M sent by the PKI domain authentication server CAA2CA->UDecrypting to obtain the public key PK of the resource S in the PKI domainSAuthentication server part K of a session key K1And access authorization Ticket1Reuse the public key PK of the PKI domain authentication server CACAVerifying the validity of the signature, and if the verification fails, jumping to the step E; otherwise, the user U of the IBC domain generates the user part K of the session key K2And a user part K of the session key K2Padding the first place to make it and the authentication server part K of the session key K1Is the same, and then the authentication server part K for the session key K1And a filled user part K2Carrying out XOR processing to obtain a complete session key K;
c2, user U of IBC domain reusing public key PK of resource S in PKI domainSFor the user part K of the session key K2Encrypting to obtain user ciphertext S-k2(ii) a At the same time, the ID of the resource S in the PKI domain is identified by the session key KSEncrypting to obtain an identity identification ciphertext S-ID; then the user cipher text S-k is processed2And identity identification ciphertext S-ID together with access authorization Ticket Ticket in step B1Together sent to the resource S in the PKI domain;
c3, resource S in PKI domain uses its own private key SKSFor received user cipher text S-k2Decrypting to obtain the user part K of the resource end session key K2' of a compound of formula I; ticket for authorizing access1Decrypting and extracting to obtain the authentication server part K of the resource terminal session key K1' of a compound of formula I; then the user part K of the resource end session key K' is divided into two parts2The first place is filled with the authentication server part K of the resource side session key K1'the number of bits is the same, and then the authentication server part K of the resource side session key K' is applied1' and the populated user part K2Performing XOR processing to obtain a complete resource end session key K'; then, the received identity identification ciphertext S-ID is decrypted by using the resource-side session key K', so that the PKI is obtainedThe ID of the resource S in the domain is extracted, and the ID of the resource S in the PKI domain and the ID of the resource S in the domain are extractedSB, verifying, and if the two are not consistent, skipping to the step E; otherwise, the resource S in the PKI domain uses the resource end session key K' to identify the IDSEncrypting to obtain a resource end identity identification ciphertext M of the resource S in the PKI domainA3S->UAnd sending the user U to the IBC domain;
c4, IBC domain user U uses session key K to identify cipher text M for received resource end identityA3S->UDecrypting to obtain a user side identity IDS 'of the resource S in the PKI domain, verifying the validity of the user side identity IDS' of the resource S in the PKI domain, and jumping to the step E if the verification fails; otherwise, the user U of the IBC domain completes the authentication key negotiation with the resource S of the PKI domain, and the user U of the IBC domain utilizes the session key K to safely access the resource S of the PKI domain;
D. re-authentication
Authentication server part K when session key K1When the life cycle of the user U exceeds the life cycle of the user U, if the user U of the IBC domain does not access the resource S of the PKI domain any more, jumping to the step E; if the user U of the IBC domain still needs to access the resource S of the PKI domain, jumping to the step A;
when the user part K of the session key K2Authentication server part K beyond its life cycle, but for the session key K1Still in the life cycle, if the user U of the IBC domain does not access the resource S of the PKI domain any more, jumping to the step E; if the user U of the IBC domain still needs to access the resource S of the PKI domain, skipping to the step A or carrying out quick re-authentication;
the specific method of the quick re-authentication is as follows: user U in IBC domain generates user part K of re-authentication session key K ″2And will re-authenticate the user part K of the session key K ″2"fill-in first place with authentication server part K re-authenticating session key K1Is the same, and then re-authenticates the authentication server portion K of the session key K ″1And a filled user part K2Performing XOR processing to obtain a complete re-authentication session key K'; then jump toC2;
E. the session is aborted.
2. The method as claimed in claim 1, wherein in step a, the user U in the IBC domain sends a request to the authentication server TA in the IBC domain to access the resource S in the PKI domain, specifically:
user U of IBC domain selects random integer r1,r1∈Zq(ii) a In the formula, ZqRepresents a set of all integers smaller than q, q being a prime number exceeding 32 bits of binary bits; then random integer r1With the public key P of the systempubCarrying out point multiplication operation based on elliptic curve to obtain public key point parameter R3Then the public key point parameter R is used3Public key Q of authentication server TA with IBC domainTAMapping bilinear pairings to obtain mapping point parameters R1,R1=e(R3,QTA) Where e () represents a bilinear pairwise map; at the same time, a random integer r1Then, the elliptic curve generating element P is subjected to point multiplication operation based on the elliptic curve to obtain a generating element point parameter R2(ii) a Mapping point parameter R1Performing hash operation to obtain hash value of mapping point parameter, and performing hash operation on the obtained hash value H (R) of mapping point parameter1) Obtaining the hash value inverse H (R) of the mapping point parameter by the inversion operation1)-1Then, the hash value of the mapping point parameter is inverted to H (R)1)-1Private key S of user U with IBC domainUObtaining the temporary identity Tid of the user by performing dot product operationU(ii) a Identify ID of user U of IBC domainUIdentity ID of a resource S of a PKI domainSAnd timestamp T at the time of message issuance1Form identity information plaintext segment m1,m1={IDU,IDS,T1And then, a public key Q of an authentication server TA of the IBC domain is utilizedTAFor identity information plaintext segment m1Carrying out encryption operation based on identity algorithm to obtain identity information encrypted segment c1,c1=IBE{IDU,IDS,T1}QTAWherein IBE { … } QTAPublic key Q representing an authentication server TA utilizing IBC domainsTACarrying out encryption operation based on an identity algorithm;
subsequently, the user U of the IBC domain assigns the temporary identity Tid of the userUGenerating a meta-point parameter R2And identity information ciphertext section c1Composing request messages MA1,MA1=TidU,R2,c1(ii) a And sends it to the authentication server TA of the IBC domain.
3. The method as claimed in claim 1, wherein in step a, the specific way for the IBC domain authentication server TA to authenticate the validity of the identity of the user U of the requesting IBC domain is:
IBC domain authentication server TA will receive the request message MA1Generating meta-point parameter R in (1)2And private key S of authentication server TA of IBC domainTADoing bilinear mapping to recalculate mapping point parameter R1,R1=e(R2,STA) (ii) a Then the recalculated mapping point parameter R is repeated1Performing hash operation to obtain hash value H (R) of mapping point parameter1) Then, the point multiplication operation based on the elliptic curve is carried out with the generating element P of the elliptic curve to obtain a hash value generating element point parameter R4Then, the user U temporary identity Tid of the IBC domain is receivedUCarrying out bilinear pairwise mapping to obtain a retrieval number Ind of a user U of the IBC domain in an authentication server TA of the IBC domainU,IndU=e(TidU,R4) (ii) a By said search number IndUObtaining the identity of the user U of the IBC domain stored in the TA end of the authentication server of the IBC domain
IDU'; private key S of authentication server TA of IBC domain is reusedTAFor request message MA1Identity information encrypted segment c in1Carrying out decryption operation to obtain the identity information plaintext segment m1Identity ID of IBC domain user in (1)U(ii) a If the time stamp T1Fresh and user U of IBC Domain stores identity ID of authentication Server TA of IBC DomainU' and identity information declarationSegment m1Identity ID of user U of IBC domain in (1)UIf the identity is consistent with the identity, the identity validity authentication is passed; otherwise, the authentication is not passed.
4. The method as claimed in claim 1, wherein the authentication server TA of the IBC domain in step a sends the public key PK of the PKI domain authentication server CA to the user U of the IBC domainCAThe specific method comprises the following steps:
public key PK of PKI domain authentication server CACAID, IDCAAnd a time stamp T at the time of sending the message3Signing and encrypting together to form a public key ciphertext c2Then, the public key cryptograph c is used2Sent to the PKI domain authentication server CA.
5. The authenticated key agreement method for users in IBC domain to access resources in PKI domain as claimed in claim 1, wherein: the authentication server part K of the session key K in the step B1The number of bits of (2) is 128 bits; in the step C1, the user U in the IBC domain generates the user part K of the session key K2Is 80 bits in length.
CN201710081516.7A 2017-02-15 2017-02-15 Authentication key negotiation method for user in IBC domain to access resources in PKI domain Active CN106789042B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710081516.7A CN106789042B (en) 2017-02-15 2017-02-15 Authentication key negotiation method for user in IBC domain to access resources in PKI domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710081516.7A CN106789042B (en) 2017-02-15 2017-02-15 Authentication key negotiation method for user in IBC domain to access resources in PKI domain

Publications (2)

Publication Number Publication Date
CN106789042A CN106789042A (en) 2017-05-31
CN106789042B true CN106789042B (en) 2019-12-31

Family

ID=58957291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710081516.7A Active CN106789042B (en) 2017-02-15 2017-02-15 Authentication key negotiation method for user in IBC domain to access resources in PKI domain

Country Status (1)

Country Link
CN (1) CN106789042B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109873699B (en) * 2017-12-05 2021-09-28 南京师范大学 Revocable identity public key encryption method
CN108737436B (en) * 2018-05-31 2020-02-21 西安电子科技大学 Cross-domain server identity authentication method based on trust alliance block chain
CN111106931B (en) * 2018-10-26 2022-08-02 中国电信股份有限公司 Authentication method, authentication device, terminal and computer-readable storage medium
CN109327309A (en) * 2018-11-08 2019-02-12 北京中电华大电子设计有限责任公司 A kind of domain traversal key management method based on IBC Yu PKI mixed system
CN109714167B (en) * 2019-03-15 2020-08-25 北京邮电大学 Identity authentication and key agreement method and equipment suitable for mobile application signature
CN109981289B (en) * 2019-03-26 2020-03-31 电子科技大学 Batch authentication method of elliptic curve digital signature algorithm under implicit certificate
CN111654366B (en) * 2020-05-09 2023-04-07 中南民族大学 Secure bidirectional heterogeneous strong-designated verifier signature method between PKI and IBC
CN114024749B (en) * 2021-11-05 2022-11-29 西北工业大学 Industrial equipment logic cross-domain access authentication method based on inter-domain cooperation of central nodes
CN114024757B (en) * 2021-11-09 2024-02-02 国网山东省电力公司电力科学研究院 Electric power internet of things edge terminal access method and system based on identification password algorithm
CN114221796A (en) * 2021-12-02 2022-03-22 北京八分量信息科技有限公司 Anonymous identity authentication method and device in heterogeneous network and related products
CN114500040B (en) * 2022-01-24 2023-09-19 北京金数信安科技有限公司 Safe and efficient communication method based on cryptographic algorithm and implementation thereof
CN116321159B (en) * 2023-01-14 2024-01-02 国网湖北省电力有限公司荆门供电公司 Distributed station data transmission method based on Beidou communication service

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431415A (en) * 2008-12-12 2009-05-13 天柏宽带网络科技(北京)有限公司 Bidirectional authentication method
CN101610153A (en) * 2008-06-20 2009-12-23 航天信息股份有限公司 Electronic signature authentication method based on ellipse curve signature algorithm
CN102624528A (en) * 2012-03-02 2012-08-01 中国人民解放军总参谋部第六十一研究所 IBAKA (Identity Based Authentication and Key Agreement) method
CN102970144A (en) * 2012-12-20 2013-03-13 四川长虹电器股份有限公司 Identity-based authentication method
CN103780618A (en) * 2014-01-22 2014-05-07 西南交通大学 Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
CN105187205A (en) * 2015-08-05 2015-12-23 北京航空航天大学 Certificateless authentication key negotiation method and system based on hierarchical identities

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10205598B2 (en) * 2015-05-03 2019-02-12 Ronald Francis Sulpizio, JR. Temporal key generation and PKI gateway

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610153A (en) * 2008-06-20 2009-12-23 航天信息股份有限公司 Electronic signature authentication method based on ellipse curve signature algorithm
CN101431415A (en) * 2008-12-12 2009-05-13 天柏宽带网络科技(北京)有限公司 Bidirectional authentication method
CN102624528A (en) * 2012-03-02 2012-08-01 中国人民解放军总参谋部第六十一研究所 IBAKA (Identity Based Authentication and Key Agreement) method
CN102970144A (en) * 2012-12-20 2013-03-13 四川长虹电器股份有限公司 Identity-based authentication method
CN103780618A (en) * 2014-01-22 2014-05-07 西南交通大学 Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
CN105187205A (en) * 2015-08-05 2015-12-23 北京航空航天大学 Certificateless authentication key negotiation method and system based on hierarchical identities

Also Published As

Publication number Publication date
CN106789042A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
CN106789042B (en) Authentication key negotiation method for user in IBC domain to access resources in PKI domain
Wang et al. HDMA: Hybrid D2D message authentication scheme for 5G-enabled VANETs
US10313133B2 (en) Secure communications providing forward secrecy
CN107810617B (en) Secret authentication and provisioning
KR20190073472A (en) Method, apparatus and system for transmitting data
CN110932870B (en) Quantum communication service station key negotiation system and method
CN107947913B (en) Anonymous authentication method and system based on identity
CN103780618B (en) A kind of based on across the isomery territory authentication accessing mandate bill and session cipher negotiating method
EP3469763B1 (en) A method for unified network and service authentication based on id-based cryptography
EP2984782A1 (en) Method and system for accessing device by a user
CN103414559B (en) A kind of identity identifying method of based on class IBE system under cloud computing environment
CN110087240B (en) Wireless network security data transmission method and system based on WPA2-PSK mode
CN112087428B (en) Anti-quantum computing identity authentication system and method based on digital certificate
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN116388995A (en) Lightweight smart grid authentication method based on PUF
GB2543359A (en) Methods and apparatus for secure communication
KR100456624B1 (en) Authentication and key agreement scheme for mobile network
CN101547091A (en) Method and device for transmitting information
CN114189338B (en) SM9 key secure distribution and management system and method based on homomorphic encryption technology
CN110572257A (en) Anti-quantum computing data source identification method and system based on identity
CN114070550B (en) Information processing method, device, equipment and storage medium
CN112533213B (en) Key negotiation method, device, terminal and storage medium
CN114070570A (en) Safe communication method of power Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20230322

Address after: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Patentee after: Yami Technology (Guangzhou) Co.,Ltd.

Address before: 610031 No. two, section 111, ring road, Chengdu, Sichuan, China

Patentee before: SOUTHWEST JIAOTONG University

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240622

Address after: 3501-2, 35th Floor, Life Insurance Building, No. 1001 Fuzhong 1st Road, Fuzhong Community, Lianhua Street, Futian District, Shenzhen City, Guangdong Province, 518000

Patentee after: Yinshang Quanwang (Shenzhen) Technology Co.,Ltd.

Country or region after: China

Patentee after: Dongfang Huaxia Technology (Shenzhen) Group Co.,Ltd.

Address before: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: Yami Technology (Guangzhou) Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240716

Address after: Room 708, 6th Floor, Building 1, No. 4 Guanghua Road, Chaoyang District, Beijing, 100020

Patentee after: Zhongfu Qiyue (Beijing) Technology Co.,Ltd.

Country or region after: China

Address before: 3501-2, 35th Floor, Life Insurance Building, No. 1001 Fuzhong 1st Road, Fuzhong Community, Lianhua Street, Futian District, Shenzhen City, Guangdong Province, 518000

Patentee before: Yinshang Quanwang (Shenzhen) Technology Co.,Ltd.

Country or region before: China

Patentee before: Dongfang Huaxia Technology (Shenzhen) Group Co.,Ltd.

TR01 Transfer of patent right