CN106789042B - Authentication key agreement method for users in the IBC domain to access resources in the PKI domain - Google Patents

Authentication key agreement method for users in the IBC domain to access resources in the PKI domain Download PDF

Info

Publication number
CN106789042B
CN106789042B CN201710081516.7A CN201710081516A CN106789042B CN 106789042 B CN106789042 B CN 106789042B CN 201710081516 A CN201710081516 A CN 201710081516A CN 106789042 B CN106789042 B CN 106789042B
Authority
CN
China
Prior art keywords
domain
ibc
user
authentication server
pki
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710081516.7A
Other languages
Chinese (zh)
Other versions
CN106789042A (en
Inventor
张文芳
袁超
王小敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongfu Qiyue Beijing Technology Co ltd
Original Assignee
Southwest Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Jiaotong University filed Critical Southwest Jiaotong University
Priority to CN201710081516.7A priority Critical patent/CN106789042B/en
Publication of CN106789042A publication Critical patent/CN106789042A/en
Application granted granted Critical
Publication of CN106789042B publication Critical patent/CN106789042B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

一种IBC域内的用户访问PKI域内的资源的认证密钥协商方法,其主要操作步骤是:A、申请访问:IBC域的用户向本域的认证服务器发出访问PKI域的资源的请求,IBC域认证服务器认证用户身份合法性后转发用户的访问请求给PKI域的认证服务器;B、生成访问授权票据并发送;C、双向身份认证以及协商会话密钥:会话密钥是由会话密钥的认证服务器部分和填充后的用户部分进行异或处理得到的;D、重认证:当会话密钥的用户部分超出其生命周期,但会话密钥的认证服务器部分仍在其生命周期中,若IBC域的用户仍需访问PKI域的资源,则可以进行快速重认证;E、中止会话。该方法能有效实现IBC域内的用户访问PKI域内的资源的认证密钥协商,其消耗资源少,安全性高。A kind of authentication key negotiation method that the user in the IBC domain visits the resource in the PKI domain, its main operation step is: A, application visit: the user of IBC domain sends the request of the resource of accessing PKI domain to the authentication server of this domain, IBC domain The authentication server authenticates the legitimacy of the user's identity and forwards the user's access request to the authentication server in the PKI domain; B. Generates an access authorization ticket and sends it; C. Two-way identity authentication and negotiation of the session key: the session key is authenticated by the session key D. Re-authentication: When the user part of the session key exceeds its life cycle, but the authentication server part of the session key is still in its life cycle, if the IBC domain If the user still needs to access the resources of the PKI domain, fast re-authentication can be performed; E, the session is terminated. The method can effectively realize authentication key negotiation for users in the IBC domain to access resources in the PKI domain, consumes less resources and has high security.

Description

IBC域内的用户访问PKI域内的资源的认证密钥协商方法Authentication key agreement method for users in the IBC domain to access resources in the PKI domain

技术领域technical field

本发明属于信息通信中跨异构域认证与密钥协商技术领域。The invention belongs to the technical field of cross-heterogeneous domain authentication and key agreement in information communication.

背景技术Background technique

分布式的网络环境的各种应用,例如虚拟企业,即时通信系统等等,用户与其想要访问的信息资源往往都处于不同的信任域中。而不同的信任域可能会基于不同的密码体制,例如基于Kerberos的密码体制,基于PKI(公钥基础设施)的密码体制以及基于IBC(基于身份的密码技术)的密码体制等等。同构域之间的认证密钥协商方法已经有较多的研究,并且已形成标准并被广泛应用。用于PKI以及Kerberos两个域之间的认证密钥协商方法也有较多的研究。但IBC域的用户访问PKI域的资源时的认证密钥协商方法,却很少有人研究。而在分布式网络下的诸如虚拟企业,敏捷制造等应用场景下,IBC域的用户访问PKI域的资源的应用需求很多。For various applications in a distributed network environment, such as virtual enterprises, instant messaging systems, etc., users and the information resources they want to access are often in different trust domains. Different trust domains may be based on different cryptosystems, such as Kerberos-based cryptosystems, PKI (Public Key Infrastructure)-based cryptosystems, and IBC (Identity-Based Cryptography)-based cryptosystems. The authentication key agreement method between homogeneous domains has been researched a lot, and has been standardized and widely used. There are also many researches on the authentication key agreement method used between two domains of PKI and Kerberos. However, the authentication key agreement method when users in the IBC domain access resources in the PKI domain is rarely studied. In application scenarios such as virtual enterprises and agile manufacturing under a distributed network, there are many application requirements for users in the IBC domain to access resources in the PKI domain.

现有的IBC域的用户访问PKI域的资源时的认证密钥协商文献只有:The existing documents for authentication key agreement when users in the IBC domain access resources in the PKI domain are only:

文献1“异构域的跨域授权”(孟欣,胡亮,初剑峰,等.异构信任域的跨域授权[J].吉林大学学报理学版,2010,48(1):89-93.)依托于PKI同构域之间的互信互联体系,采用身份映射,跨域授权两部分内容实现跨IBC与PKI域之间的可信互联。但是该文献中大量多次使用到证书,证书在传递,存储过程中都会消耗大量的资源,与人们当初设计IBC密码体制的初衷不符;采用身份映射的方式很不直接,在现实的应用中可行性不高。并且该文献只是用身份映射,信任传递的方式来实现认证的思想,没有具体的方案流程,只能算作是一种新的跨域授权的思想而不是一个可以直接实现的方案。Document 1 "Cross-Domain Authorization of Heterogeneous Domains" (Meng Xin, Hu Liang, Chu Jianfeng, et al. Cross-domain Authorization of Heterogeneous Trust Domains[J]. Journal of Jilin University Science Edition, 2010,48(1):89 -93.) Relying on the mutual trust and interconnection system between PKI homogeneous domains, identity mapping and cross-domain authorization are used to realize trusted interconnection between IBC and PKI domains. However, a large number of certificates are used many times in this document. The certificates will consume a lot of resources in the process of transmission and storage, which is inconsistent with the original intention of people to design the IBC cryptographic system; the way of identity mapping is not direct, and it is feasible in real applications. Sex is not high. And this document only uses identity mapping and trust transfer to realize the idea of authentication. There is no specific solution process, and it can only be regarded as a new idea of cross-domain authorization rather than a solution that can be directly realized.

发明内容Contents of the invention

本发明的目的是提供一种IBC域内的用户访问PKI域内的资源的认证密钥协商方法,该方法能有效实现IBC域内的用户访问PKI域内的资源的认证密钥协商,其消耗资源少,安全性高。The purpose of the present invention is to provide an authentication key negotiation method for users in the IBC domain to access resources in the PKI domain. The method can effectively realize the authentication key negotiation for users in the IBC domain to access resources in the PKI domain. It consumes less resources and is safe. high sex.

本发明实现其发明目的所采用的技术方案是,一种IBC域内的用户访问PKI域内的资源的认证密钥协商方法,其操作步骤是:The technical scheme that the present invention realizes its object of the invention adopted is, a kind of user in the IBC domain visits the authentication key negotiation method of the resource in the PKI domain, and its operation steps are:

A、申请访问A. Apply for access

IBC域的用户U向IBC域的认证服务器TA发出访问PKI域的资源S的请求,IBC域认证服务器TA对IBC域的用户U的身份合法性进行认证;若认证未通过,则跳转至步骤E;否则,向PKI域认证服务器CA转发IBC域的用户U的访问请求,并且向该用户U发送PKI域认证服务器CA的公钥PKCAThe user U in the IBC domain sends a request to the authentication server TA in the IBC domain to access the resource S in the PKI domain, and the authentication server TA in the IBC domain authenticates the legality of the identity of the user U in the IBC domain; if the authentication fails, go to the step E; Otherwise, forward the access request of the user U of the IBC domain to the PKI domain authentication server CA, and send the public key PK CA of the PKI domain authentication server CA to the user U;

B、生成访问授权票据并发送B. Generate an access authorization ticket and send it

PKI域认证服务器CA对IBC域认证服务器TA进行身份认证,若认证未通过,则跳转至步骤E;否则,PKI域认证服务器CA生成IBC域的用户U访问PKI域内资源S的会话密钥K的认证服务器部分K1,并且加密、生成对应的访问授权票据Ticket1;同时,PKI域认证服务器CA通过IBC域认证服务器TA发送来的访问请求中的IBC域的用户U的身份标识IDU,计算出IBC域的用户U的公钥QUThe PKI domain authentication server CA performs identity authentication on the IBC domain authentication server TA, and if the authentication fails, skip to step E; otherwise, the PKI domain authentication server CA generates a session key K for user U in the IBC domain to access resource S in the PKI domain The authentication server part K 1 of the IBC domain authentication server part K 1 , and encrypts and generates the corresponding access authorization ticket Ticket 1 ; at the same time, the identity ID U of the user U of the IBC domain in the access request sent by the PKI domain authentication server CA through the IBC domain authentication server TA, Calculate the public key Q U of user U in the IBC domain;

PKI域认证服务器CA利用自身私钥SKCA对PKI域内资源S的公钥PKS、会话密钥K的认证服务器部分K1和访问授权票据Ticket1,进行签名处理得到已签名消息Msign,再利用IBC域的用户U的公钥QU对已签名消息Msign进行加密,得到加密消息MA2CA->U,并将其发送给IBC域的用户U;The PKI domain authentication server CA uses its own private key SK CA to sign the public key PK S of the resource S in the PKI domain, the authentication server part K 1 of the session key K, and the access authorization ticket Ticket 1 to obtain the signed message M sign , and then Use the public key Q U of the user U in the IBC domain to encrypt the signed message M sign , obtain the encrypted message M A2CA->U , and send it to the user U in the IBC domain;

C、双向身份认证以及协商会话密钥C. Two-way authentication and negotiation of session keys

C1、IBC域的用户U利用自身私钥SU,对PKI域认证服务器CA发来的加密消息MA2CA->U解密,得到PKI域内资源S的公钥PKS、会话密钥K的认证服务器部分K1和访问授权票据Ticket1,再用PKI域认证服务器CA的公钥PKCA验证签名的有效性,若验证未通过,则跳转至步骤E;否则,IBC域的用户U生成会话密钥K的用户部分K2,并将会话密钥K的用户部分K2首位处进行填充,使其与会话密钥K的认证服务器部分K1的位数相同,然后对会话密钥K的认证服务器部分K1和填充后的用户部分K2进行异或处理得到完整的会话密钥K;C1. The user U in the IBC domain uses its own private key S U to decrypt the encrypted message M A2CA->U sent by the PKI domain authentication server CA, and obtains the public key PK S and session key K of the resource S in the PKI domain. Part K 1 and access authorization ticket Ticket 1 , and then use the public key PK CA of the PKI domain authentication server CA to verify the validity of the signature, if the verification fails, then jump to step E; otherwise, user U in the IBC domain generates a session key The user part K 2 of the key K, and fill the first bit of the user part K 2 of the session key K so that it has the same number of digits as the authentication server part K 1 of the session key K, and then authenticate the session key K The server part K1 and the filled user part K2 perform XOR processing to obtain a complete session key K;

C2、IBC域的用户U再利用PKI域内资源S的公钥PKS,对会话密钥K的用户部分K2进行加密,得到用户密文S-k2;同时,利用会话密钥K对PKI域内的资源S的身份标识IDS进行加密,得到身份标识密文S-ID;再将用户密文S-k2和身份标识密文S-ID连同B步中的访问授权票据Ticket1,一起发送给PKI域内的资源S;C2. The user U in the IBC domain uses the public key PK S of the resource S in the PKI domain to encrypt the user part K 2 of the session key K to obtain the user ciphertext Sk 2 ; Encrypt the identity ID S of the resource S to obtain the identity ciphertext S-ID; then send the user ciphertext Sk 2 and the identity ciphertext S-ID together with the access authorization ticket Ticket 1 in step B to the PKI domain the resource S;

C3、PKI域内的资源S用自身私钥SKS对收到的用户密文S-k2解密,得到资源端会话密钥K’的用户部分K2';对访问授权票据Ticket1解密、提取,得到资源端会话密钥K’的认证服务器部分K1';再将资源端会话密钥K’的用户部分K2'首位处进行填充,使其与资源端会话密钥K’的认证服务器部分K1'的位数相同,然后对资源端会话密钥K’的认证服务器部分K1'和填充后的用户部分K2'进行异或处理得到完整的资源端会话密钥K’;再用资源端会话密钥K’解密收到的身份标识密文S-ID,从而得到PKI域内资源S的提取身份标识IDS’,将提取身份标识IDS’和PKI域的资源S的身份标识IDS进行验证,若二者不一致,则跳转至步骤E;否则,PKI域内的资源S用资源端会话密钥K’对其身份标识IDS进行加密,得到PKI域内的资源S的资源端身份标识密文MA3S->U,并将其发送给IBC域的用户U;C3. The resource S in the PKI domain decrypts the received user ciphertext Sk 2 with its own private key SK S , and obtains the user part K 2 ' of the session key K' at the resource end; decrypts and extracts the access authorization ticket Ticket 1 , and obtains The authentication server part K 1 ' of the resource-side session key K'; then fill the first place of the user part K 2 ' of the resource-side session key K', so that it is identical to the authentication server part K of the resource-side session key K' 1 ' have the same number of digits, and then perform XOR processing on the authentication server part K 1 ' of the resource - side session key K' and the filled user part K2' to obtain the complete resource-side session key K'; The terminal session key K' decrypts the received identity ciphertext S-ID, thereby obtaining the extracted identity IDS' of the resource S in the PKI domain, and verifies the extracted identity IDS' and the identity ID S of the resource S in the PKI domain , if the two are inconsistent, then jump to step E; otherwise, the resource S in the PKI domain uses the resource-side session key K' to encrypt its identity ID S , and obtain the resource-side identity ciphertext of the resource S in the PKI domain M A3S->U , and send it to user U in the IBC domain;

C4、IBC域的用户U用会话密钥K对收到的资源端身份标识密文MA3S->U进行解密,得到PKI域内的资源S的用户端身份标识IDS”,并验证PKI域内的资源S的用户端身份标识IDS”的有效性,若验证未通过,则跳转至步骤E;否则IBC域的用户U与PKI域的资源S的认证密钥协商完成,IBC域的用户U利用会话密钥K对PKI域的资源S进行安全访问;C4. The user U in the IBC domain uses the session key K to decrypt the received resource identity ciphertext M A3S->U , obtains the user identity IDS" of the resource S in the PKI domain, and verifies the resources in the PKI domain If the verification of the validity of S’s client identity IDS” fails, skip to step E; otherwise, the authentication key negotiation between the user U in the IBC domain and the resource S in the PKI domain is completed, and the user U in the IBC domain utilizes the session The key K securely accesses the resource S of the PKI domain;

D、重认证D. Re-authentication

当会话密钥K的认证服务器部分K1超出其生命周期时,若IBC域的用户U不再访问PKI域的资源S,则跳转至步骤E;若IBC域的用户U仍需访问PKI域的资源S,则跳转至步骤A;When the authentication server part K 1 of the session key K exceeds its life cycle, if the user U of the IBC domain no longer accesses the resource S of the PKI domain, then jump to step E; if the user U of the IBC domain still needs to access the PKI domain resource S, jump to step A;

当会话密钥K的用户部分K2超出其生命周期,但会话密钥K的认证服务器部分K1仍在其生命周期中时,若IBC域的用户U不再访问PKI域的资源S,则跳转至步骤E;若IBC域的用户U仍需访问PKI域的资源S,则跳转至步骤A或者进行快速重认证;When the user part K2 of the session key K exceeds its life cycle, but the authentication server part K1 of the session key K is still in its life cycle, if the user U of the IBC domain no longer accesses the resource S of the PKI domain, then Skip to step E; if the user U in the IBC domain still needs to access the resource S in the PKI domain, then jump to step A or perform fast re-authentication;

E、中止会话。E. Terminate the session.

与现有技术相比,本发明的有益效果是:Compared with prior art, the beneficial effect of the present invention is:

一、本发明给出了IBC域内的用户访问PKI域内的资源时的跨异构域认证密钥协商方法,使得IBC域内的用户能够安全的访问PKI域内的资源。1. The present invention provides a cross-heterogeneous domain authentication key agreement method when users in the IBC domain access resources in the PKI domain, so that users in the IBC domain can safely access resources in the PKI domain.

二、IBC域认证服务器向域内的用户发送PKI域认证服务器的公钥,可以保证能够顺利验证后续PKI域认证服务器发送来的消息的有效性,同时用户无需存储PKI域认证服务器的证书,减少了系统资源的消耗。2. The IBC domain authentication server sends the public key of the PKI domain authentication server to the users in the domain, which can ensure that the validity of the message sent by the subsequent PKI domain authentication server can be successfully verified. At the same time, the user does not need to store the certificate of the PKI domain authentication server, which reduces the Consumption of system resources.

三、会话密钥是由会话密钥的认证服务器部分和用户部分进行异或处理得到,较之单纯由认证服务器生成的会话密钥而言,其安全性得到大幅提高,并且增加的资源消耗少。3. The session key is obtained by exclusive OR processing of the authentication server part and the user part of the session key. Compared with the session key generated by the authentication server alone, its security is greatly improved, and the increased resource consumption is less .

进一步,本发明的A步骤中所述的IBC域的用户U向IBC域的认证服务器TA发出访问PKI域的资源S的请求的具体做法是:Further, the user U of the IBC domain described in the A step of the present invention sends a request to the authentication server TA of the IBC domain to access the resource S of the PKI domain. The specific method is:

IBC域的用户U选取随机整数r1,r1∈Zq;式中,Zq表示小于q的所有整数组成的集合,q为超过32位二进制位的素数;然后将随机整数r1与系统的公钥Ppub进行基于椭圆曲线的点乘运算得到公钥点参数R3,再将公钥点参数R3与IBC域的认证服务器TA的公钥QTA作双线性对映射得到映射点参数R1,R1=e(R3,QTA),其中e()表示双线性对映射;同时,随机整数r1再与椭圆曲线的生成元P,进行基于椭圆曲线的点乘运算得到生成元点参数R2;对映射点参数R1做哈希运算得到映射点参数的哈希值H(R1),对得到的哈希值求逆运算得到映射点参数的哈希值逆元H(R1)-1,再将映射点参数的哈希值逆元H(R1)-1与IBC域的用户U的私钥SU做点乘运算得到用户的临时身份TidU;将IBC域的用户U的身份标识IDU,PKI域的资源S的身份标识IDS和消息发出时的时间戳T1组成身份信息明文段m1,m1={IDU,IDS,T1},再利用IBC域的认证服务器TA的公钥QTA对身份信息明文段m1进行基于身份算法的加密操作,得到的身份信息密文段c1,c1=IBE{IDU,IDS,T1}QTA,其中IBE{…}QTA表示利用IBC域的认证服务器TA的公钥QTA进行基于身份算法的加密操作;The user U in the IBC domain selects a random integer r 1 , r 1 ∈ Z q ; where Z q represents the set of all integers smaller than q, and q is a prime number exceeding 32 bits; then the random integer r 1 is combined with the system The public key P pub of the public key P pub performs the point multiplication operation based on the elliptic curve to obtain the public key point parameter R 3 , and then performs bilinear pairing mapping between the public key point parameter R 3 and the public key Q TA of the authentication server TA in the IBC domain to obtain the mapping point Parameters R 1 , R 1 = e(R 3 , Q TA ), where e() represents bilinear pairing mapping; at the same time, the random integer r 1 and the generator P of the elliptic curve perform point multiplication operations based on the elliptic curve Obtain the generating element point parameter R 2 ; do a hash operation on the mapping point parameter R 1 to obtain the hash value H(R 1 ) of the mapping point parameter, and obtain the hash value inverse of the mapping point parameter by inverting the obtained hash value element H(R 1 ) -1 , and then do dot multiplication between the hash value inverse element H(R 1 ) -1 of the mapping point parameter and the private key S U of user U in the IBC domain to obtain the temporary identity Tid U of the user; The identity information plaintext segment m 1 , m 1 = { ID U , ID S , T 1 }, then use the public key Q TA of the authentication server TA in the IBC domain to perform an encryption operation based on the identity algorithm on the identity information plaintext segment m 1 , and obtain the identity information ciphertext segment c 1 , c 1 = IBE{ID U , ID S ,T 1 }Q TA , where IBE{…}Q TA means to use the public key Q TA of the authentication server TA in the IBC domain to perform encryption operations based on identity algorithms;

随后,IBC域的用户U将用户的临时身份TidU、生成元点参数R2和身份信息密文段c1组成请求消息MA1,MA1=TidU,R2,c1;并将其发送给IBC域的认证服务器TA。Subsequently, the user U in the IBC domain composes the user's temporary identity Tid U , the generated element point parameter R 2 and the identity information ciphertext segment c 1 to form a request message M A1 , M A1 =Tid U , R 2 , c 1 ; Sent to the authentication server TA of the IBC domain.

这样,利用随机数与IBC域的系统公钥、椭圆曲线的生成元,通过点乘,双线性对映射和哈希构建出用户的临时身份,难以破解和伪造,可以采用明文的形式传输,既减少了通信量与计算量,也保证了信息传输的安全性;并且临时身份实现了用户身份的匿名性,防止了恶意实体对用户进行追踪。In this way, using the random number and the system public key of the IBC domain, and the generator of the elliptic curve, the temporary identity of the user is constructed through dot multiplication, bilinear pairing mapping and hashing, which is difficult to crack and forge, and can be transmitted in plain text. It not only reduces the amount of communication and calculation, but also ensures the security of information transmission; and the temporary identity realizes the anonymity of user identity and prevents malicious entities from tracking users.

进一步,本发明的A步骤中所述的IBC域认证服务器TA对IBC域的用户U的身份合法性进行认证的具体做法是:Further, the specific way that the IBC domain authentication server TA described in the A step of the present invention authenticates the identity legality of the user U of the IBC domain is:

IBC域认证服务器TA将收到的请求消息MA1中的生成元点参数R2和IBC域的认证服务器TA的私钥STA做双线性对映射重新算出映射点参数R1,R1=e(R2,STA);再对重新算出的映射点参数R1做哈希运算得到映射点参数的哈希值H(R1),再与椭圆曲线的生成元P做基于椭圆曲线的点乘运算,得到哈希值生成元点参数R4,再将其与收到的IBC域的用户U的临时身份TidU做双线性对映射,得出IBC域的用户U在IBC域的认证服务器TA的检索号IndU,IndU=e(TidU,R4);通过所述的检索号IndU得到IBC域的用户U存储在IBC域的认证服务器TA端的身份IDU';再利用IBC域的认证服务器TA的私钥STA对请求消息MA1中的身份信息密文段c1进行解密操作,得到身份信息明文段m1中的IBC域用户的身份IDU;若时间戳T1新鲜,并且IBC域的用户U存储在IBC域的认证服务器TA的身份IDU'和身份信息明文段m1中的IBC域的用户U的身份IDU一致,则身份合法性认证通过;否则,认证不通过;The authentication server TA in the IBC domain performs bilinear pairwise mapping on the generated element point parameter R 2 in the request message MA1 received and the private key S TA of the authentication server TA in the IBC domain to recalculate the mapping point parameter R 1 , R 1 = e(R 2 , S TA ); and then perform hash operation on the recalculated mapping point parameter R 1 to obtain the hash value H(R 1 ) of the mapping point parameter, and then perform elliptic curve-based Dot multiplication operation to get the hash value generation element point parameter R 4 , and then do bilinear mapping between it and the received temporary identity Tid U of the user U in the IBC domain, and obtain the user U in the IBC domain The retrieval number Ind U of the authentication server TA, Ind U =e(Tid U , R 4 ); obtain the user U of the IBC domain by the retrieval number Ind U and store the identity ID U ' of the authentication server TA end in the IBC domain; Utilize the private key S TA of the authentication server TA of the IBC domain to decrypt the identity information ciphertext segment c1 in the request message MA1 , and obtain the identity ID U of the IBC domain user in the identity information plaintext segment m1 ; T 1 is fresh, and the identity ID U ' of the user U of the IBC domain stored in the authentication server TA of the IBC domain is consistent with the identity ID U of the user U of the IBC domain in the identity information plain text segment m1, then the identity legality authentication is passed; Otherwise, the authentication fails;

这样,IBC域认证服务器验证用户身份时,通过对临时身份、生成元点参数、IBC域认证服务器私钥和椭圆曲线的生成元,做点乘,双线性对映射和哈希运算,得到用户在IBC域认证服务器的索引值,与传统的利用基于身份的签名算法对用户的身份合法性进行验证,大大减少了计算量,并且不会影响安全性。In this way, when the IBC domain authentication server verifies the user's identity, it obtains the user by doing dot multiplication, bilinear pairwise mapping and hash operation on the temporary identity, generating element point parameters, private key of the IBC domain authentication server and the generating element of the elliptic curve. The index value of the IBC domain authentication server is compared with the traditional identity-based signature algorithm to verify the legality of the user's identity, which greatly reduces the amount of calculation and does not affect security.

进一步,本发明的A步骤中IBC域的认证服务器TA向IBC域的用户U发送PKI域认证服务器CA的公钥PKCA作法是:Further, in the A step of the present invention, the authentication server TA of the IBC domain sends the public key PK CA practice of the PKI domain authentication server CA to the user U of the IBC domain:

将PKI域认证服务器CA的公钥PKCA、身份标识IDCA和发送消息时的时间戳T3一起进行签名、加密操作后组成公钥密文c2,再将公钥密文c2发送给PKI域认证服务器CA。The public key PK CA of the PKI domain authentication server CA, the identity ID CA and the time stamp T 3 when sending the message are signed and encrypted to form a public key ciphertext c 2 , and then the public key ciphertext c 2 is sent to PKI domain authentication server CA.

这样,IBC域认证服务器向域内的用户发送包含PKI域认证服务器公钥的公钥密文,可以保证能够顺利验证后续PKI域认证服务器发送来的消息的有效性,同时用户无需存储PKI域认证服务器的证书,减少了系统资源的消耗。In this way, the IBC domain authentication server sends the public key ciphertext containing the public key of the PKI domain authentication server to the users in the domain, which can ensure the validity of the message sent by the subsequent PKI domain authentication server. At the same time, the user does not need to store the PKI domain authentication server certificates, reducing the consumption of system resources.

进一步,本发明的B步骤中的会话密钥K的认证服务器部分K1的位数为128位;所述的C1步骤中,IBC域的用户U生成会话密钥K的用户部分K2的长度为80位。Further, the number of digits of the authentication server part K1 of the session key K in the B step of the present invention is 128 bits; in the described C1 step, the user U of the IBC domain generates the length of the user part K2 of the session key K for 80 bits.

这样,采用80位的用户部分进行填充与128位的认证服务器部分进行异或得到会话密钥,较之仅由128位的认证服务器部分得到的会话密钥,密钥的生命周期较短,会话密钥的安全得到保证,同时,增加的通信量很少。In this way, the 80-bit user part is used for padding and the 128-bit authentication server part is XORed to obtain the session key. Compared with the session key obtained only by the 128-bit authentication server part, the life cycle of the key is shorter, and the session The security of the key is guaranteed, and at the same time, the increased communication traffic is minimal.

进一步,本发明的D步骤中的快速重认证的具体做法是:Further, the specific practice of fast re-authentication in the D step of the present invention is:

IBC域内的用户U生成重认证会话密钥K″的用户部分K2″,并将重认证会话密钥K″的用户部分K2″首位处进行填充,使其与重认证会话密钥K″的认证服务器部分K1的位数相同,然后对重认证会话密钥K″的认证服务器部分K1和填充后的用户部分K2″进行异或处理得到完整的重认证会话密钥K″;然后,跳转至C2步骤。The user U in the IBC domain generates the user part K 2 ″ of the re-authentication session key K ″, and fills the first bit of the user part K 2 ″ of the re-authentication session key K ″ so that it is identical to the re-authentication session key K ″ The number of digits of the authentication server part K 1 is the same, and then the authentication server part K 1 of the re-authentication session key K ″ and the filled user part K 2 ″ are XOR-processed to obtain the complete re-authentication session key K ″; Then, jump to step C2.

这样,当会话密钥的用户部分超出其生命周期,但会话密钥的认证服务器部分仍在其生命周期中时;若IBC域的用户仍需访问PKI域的资源,可进行快速重认证,而无需重新进行申请访问和访问授权票据生成和分发的操作,在保证访问安全的前提下,大大减少了方法的交互次数,通信量和计算量。In this way, when the user part of the session key exceeds its life cycle, but the authentication server part of the session key is still in its life cycle; if the user in the IBC domain still needs to access the resources of the PKI domain, fast re-authentication can be performed, and There is no need to re-do the operations of applying for access and generating and distributing access authorization tickets, and on the premise of ensuring access security, the number of method interactions, communication volume, and calculation volume are greatly reduced.

下面结合具体实施方式对本发明作进一步的详细说明。The present invention will be further described in detail below in combination with specific embodiments.

具体实施方式Detailed ways

实施例Example

一种IBC域内的用户访问PKI域内的资源的认证密钥协商方法,其操作步骤是:An authentication key agreement method for a user in an IBC domain to access resources in a PKI domain, the operation steps of which are:

A、申请访问A. Apply for access

IBC域的用户U向IBC域的认证服务器TA发出访问PKI域的资源S的请求,IBC域认证服务器TA对IBC域的用户U的身份合法性进行认证;若认证未通过,则跳转至步骤E;否则,向PKI域认证服务器CA转发IBC域的用户U的访问请求,并且向该用户U发送PKI域认证服务器CA的公钥PKCAThe user U in the IBC domain sends a request to the authentication server TA in the IBC domain to access the resource S in the PKI domain, and the authentication server TA in the IBC domain authenticates the legality of the identity of the user U in the IBC domain; if the authentication fails, go to the step E; Otherwise, forward the access request of the user U of the IBC domain to the PKI domain authentication server CA, and send the public key PK CA of the PKI domain authentication server CA to the user U;

B、生成访问授权票据并发送B. Generate an access authorization ticket and send it

PKI域认证服务器CA对IBC域认证服务器TA进行身份认证,若认证未通过,则跳转至步骤E;否则,PKI域认证服务器CA生成IBC域的用户U访问PKI域内资源S的会话密钥K的认证服务器部分K1,并且加密、生成对应的访问授权票据Ticket1;同时,PKI域认证服务器CA通过IBC域认证服务器TA发送来的访问请求中的IBC域的用户U的身份标识IDU,计算出IBC域的用户U的公钥QUThe PKI domain authentication server CA performs identity authentication on the IBC domain authentication server TA, and if the authentication fails, skip to step E; otherwise, the PKI domain authentication server CA generates a session key K for user U in the IBC domain to access resource S in the PKI domain The authentication server part K 1 of the IBC domain authentication server part K 1 , and encrypts and generates the corresponding access authorization ticket Ticket 1 ; at the same time, the identity ID U of the user U of the IBC domain in the access request sent by the PKI domain authentication server CA through the IBC domain authentication server TA, Calculate the public key Q U of user U in the IBC domain;

PKI域认证服务器CA利用自身私钥SKCA对PKI域内资源S的公钥PKS、会话密钥K的认证服务器部分K1和访问授权票据Ticket1,进行签名处理得到已签名消息Msign,再利用IBC域的用户U的公钥QU对已签名消息Msign进行加密,得到加密消息MA2CA->U,并将其发送给IBC域的用户U;The PKI domain authentication server CA uses its own private key SK CA to sign the public key PK S of the resource S in the PKI domain, the authentication server part K 1 of the session key K, and the access authorization ticket Ticket 1 to obtain the signed message M sign , and then Use the public key Q U of the user U in the IBC domain to encrypt the signed message M sign , obtain the encrypted message M A2CA->U , and send it to the user U in the IBC domain;

C、双向身份认证以及协商会话密钥C. Two-way authentication and negotiation of session keys

C1、IBC域的用户U利用自身私钥SU,对PKI域认证服务器CA发来的加密消息MA2CA->U解密,得到PKI域内资源S的公钥PKS、会话密钥K的认证服务器部分K1和访问授权票据Ticket1,再用PKI域认证服务器CA的公钥PKCA验证签名的有效性,若验证未通过,则跳转至步骤E;否则,IBC域的用户U生成会话密钥K的用户部分K2,并将会话密钥K的用户部分K2首位处进行填充,使其与会话密钥K的认证服务器部分K1的位数相同,然后对会话密钥K的认证服务器部分K1和填充后的用户部分K2进行异或处理得到完整的会话密钥K;C1. The user U in the IBC domain uses its own private key S U to decrypt the encrypted message M A2CA->U sent by the PKI domain authentication server CA, and obtains the public key PK S and session key K of the resource S in the PKI domain. Part K 1 and access authorization ticket Ticket 1 , and then use the public key PK CA of the PKI domain authentication server CA to verify the validity of the signature, if the verification fails, then jump to step E; otherwise, user U in the IBC domain generates a session key The user part K 2 of the key K, and fill the first bit of the user part K 2 of the session key K so that it has the same number of digits as the authentication server part K 1 of the session key K, and then authenticate the session key K The server part K1 and the filled user part K2 perform XOR processing to obtain a complete session key K;

C2、IBC域的用户U再利用PKI域内资源S的公钥PKS,对会话密钥K的用户部分K2进行加密,得到用户密文S-k2;同时,利用会话密钥K对PKI域内的资源S的身份标识IDS进行加密,得到身份标识密文S-ID;再将用户密文S-k2和身份标识密文S-ID连同B步中的访问授权票据Ticket1,一起发送给PKI域内的资源S;C2. The user U in the IBC domain uses the public key PK S of the resource S in the PKI domain to encrypt the user part K 2 of the session key K to obtain the user ciphertext Sk 2 ; Encrypt the identity ID S of the resource S to obtain the identity ciphertext S-ID; then send the user ciphertext Sk 2 and the identity ciphertext S-ID together with the access authorization ticket Ticket 1 in step B to the PKI domain the resource S;

C3、PKI域内的资源S用自身私钥SKS对收到的用户密文S-k2解密,得到资源端会话密钥K’的用户部分K2';对访问授权票据Ticket1解密、提取,得到资源端会话密钥K’的认证服务器部分K1';再将资源端会话密钥K’的用户部分K2'首位处进行填充,使其与资源端会话密钥K’的认证服务器部分K1'的位数相同,然后对资源端会话密钥K’的认证服务器部分K1'和填充后的用户部分K2'进行异或处理得到完整的资源端会话密钥K’;再用资源端会话密钥K’解密收到的身份标识密文S-ID,从而得到PKI域内资源S的提取身份标识IDS’,将提取身份标识IDS’和PKI域的资源S的身份标识IDS进行验证,若二者不一致,则跳转至步骤E;否则,PKI域内的资源S用资源端会话密钥K’对其身份标识IDS进行加密,得到PKI域内的资源S的资源端身份标识密文MA3S->U,并将其发送给IBC域的用户U;C3. The resource S in the PKI domain decrypts the received user ciphertext Sk 2 with its own private key SK S , and obtains the user part K 2 ' of the session key K' at the resource end; decrypts and extracts the access authorization ticket Ticket 1 , and obtains The authentication server part K 1 ' of the resource-side session key K'; then fill the first place of the user part K 2 ' of the resource-side session key K', so that it is identical to the authentication server part K of the resource-side session key K' 1 ' have the same number of digits, and then perform XOR processing on the authentication server part K 1 ' of the resource - side session key K' and the filled user part K2' to obtain the complete resource-side session key K'; The terminal session key K' decrypts the received identity ciphertext S-ID, thereby obtaining the extracted identity IDS' of the resource S in the PKI domain, and verifies the extracted identity IDS' and the identity ID S of the resource S in the PKI domain , if the two are inconsistent, then jump to step E; otherwise, the resource S in the PKI domain uses the resource-side session key K' to encrypt its identity ID S , and obtain the resource-side identity ciphertext of the resource S in the PKI domain M A3S->U , and send it to user U in the IBC domain;

C4、IBC域的用户U用会话密钥K对收到的资源端身份标识密文MA3S->U进行解密,得到PKI域内的资源S的用户端身份标识IDS”,并验证PKI域内的资源S的用户端身份标识IDS”的有效性,若验证未通过,则跳转至步骤E;否则IBC域的用户U与PKI域的资源S的认证密钥协商完成,IBC域的用户U利用会话密钥K对PKI域的资源S进行安全访问;C4. The user U in the IBC domain uses the session key K to decrypt the received resource identity ciphertext M A3S->U , obtains the user identity IDS" of the resource S in the PKI domain, and verifies the resources in the PKI domain If the verification of the validity of S’s client identity IDS” fails, skip to step E; otherwise, the authentication key negotiation between the user U in the IBC domain and the resource S in the PKI domain is completed, and the user U in the IBC domain utilizes the session The key K securely accesses the resource S of the PKI domain;

D、重认证D. Re-authentication

当会话密钥K的认证服务器部分K1超出其生命周期时,若IBC域的用户U不再访问PKI域的资源S时,则跳转至步骤E;若IBC域的用户U仍需访问PKI域的资源S,则跳转至步骤A;When the authentication server part K 1 of the session key K exceeds its life cycle, if the user U in the IBC domain no longer accesses the resource S in the PKI domain, then jump to step E; if the user U in the IBC domain still needs to access the PKI domain resource S, jump to step A;

当会话密钥K的用户部分K2超出其生命周期,但会话密钥K的认证服务器部分K1仍在其生命周期中时;若IBC域的用户U不再访问PKI域的资源S时,则跳转至步骤E;若IBC域的用户U仍需访问PKI域的资源S,则跳转至步骤A或者进行快速重认证;When the user part K 2 of the session key K exceeds its life cycle, but the authentication server part K 1 of the session key K is still in its life cycle; if the user U of the IBC domain no longer accesses the resource S of the PKI domain, Then jump to step E; if the user U in the IBC domain still needs to access the resource S in the PKI domain, then jump to step A or perform fast re-authentication;

E、中止会话。E. Terminate the session.

本例的A步骤中所述的IBC域的用户U向IBC域的认证服务器TA发出访问PKI域的资源S的请求的具体做法是:In step A of this example, the user U in the IBC domain sends a request to the authentication server TA in the IBC domain to access the resource S in the PKI domain:

IBC域的用户U选取随机整数r1,r1∈Zq;式中,Zq表示小于q的所有整数组成的集合,q为超过32位二进制位的素数;然后将随机整数r1与系统的公钥Ppub进行基于椭圆曲线的点乘运算得到公钥点参数R3,再将公钥点参数R3与IBC域的认证服务器TA的公钥QTA作双线性对映射得到映射点参数R1,R1=e(R3,QTA),其中e()表示双线性对映射;同时,随机整数r1再与椭圆曲线的生成元P,进行基于椭圆曲线的点乘运算得到生成元点参数R2;对映射点参数R1做哈希运算得到映射点参数的哈希值H(R1),对得到的哈希值求逆运算得到映射点参数的哈希值逆元H(R1)-1,再将映射点参数的哈希值逆元H(R1)-1与IBC域的用户U的私钥SU做点乘运算得到用户的临时身份TidU;将IBC域的用户U的身份标识IDU,PKI域的资源S的身份标识IDS和消息发出时的时间戳T1组成身份信息明文段m1,m1={IDU,IDS,T1},再利用IBC域的认证服务器TA的公钥QTA对身份信息明文段m1进行基于身份算法的加密操作,得到的身份信息密文段c1,c1=IBE{IDU,IDS,T1}QTA,其中IBE{…}QTA表示利用IBC域的认证服务器TA的公钥QTA进行基于身份算法的加密操作;The user U in the IBC domain selects a random integer r 1 , r 1 ∈ Z q ; where Z q represents the set of all integers smaller than q, and q is a prime number exceeding 32 bits; then the random integer r 1 is combined with the system The public key P pub of the public key P pub performs the point multiplication operation based on the elliptic curve to obtain the public key point parameter R 3 , and then performs bilinear pairing mapping between the public key point parameter R 3 and the public key Q TA of the authentication server TA in the IBC domain to obtain the mapping point Parameters R 1 , R 1 = e(R 3 , Q TA ), where e() represents bilinear pairing mapping; at the same time, the random integer r 1 and the generator P of the elliptic curve perform point multiplication operations based on the elliptic curve Obtain the generating element point parameter R 2 ; do a hash operation on the mapping point parameter R 1 to obtain the hash value H(R 1 ) of the mapping point parameter, and obtain the hash value inverse of the mapping point parameter by inverting the obtained hash value element H(R 1 ) -1 , and then do dot multiplication between the hash value inverse element H(R 1 ) -1 of the mapping point parameter and the private key S U of user U in the IBC domain to obtain the temporary identity Tid U of the user; The identity information plaintext segment m 1 , m 1 = { ID U , ID S , T 1 }, then use the public key Q TA of the authentication server TA in the IBC domain to perform an encryption operation based on the identity algorithm on the identity information plaintext segment m 1 , and obtain the identity information ciphertext segment c 1 , c 1 = IBE{ID U , ID S ,T 1 }Q TA , where IBE{…}Q TA means to use the public key Q TA of the authentication server TA in the IBC domain to perform encryption operations based on identity algorithms;

随后,IBC域的用户U将用户的临时身份TidU、生成元点参数R2和身份信息密文段c1组成请求消息MA1,MA1=TidU,R2,c1;并将其发送给IBC域的认证服务器TA;Subsequently, the user U in the IBC domain composes the user's temporary identity Tid U , the generated element point parameter R 2 and the identity information ciphertext segment c 1 to form a request message M A1 , M A1 =Tid U , R 2 , c 1 ; Sent to the authentication server TA of the IBC domain;

本例的A步骤中所述的IBC域认证服务器TA对发出请求的IBC域的用户U的身份合法性进行认证的具体做法是:The specific method for the IBC domain authentication server TA in step A of this example to authenticate the legality of the identity of the user U in the IBC domain that sends the request is as follows:

IBC域认证服务器TA将收到的请求消息MA1中的生成元点参数R2和IBC域的认证服务器TA的私钥STA做双线性对映射重新算出映射点参数R1,R1=e(R2,STA);再对重新算出的映射点参数R1做哈希运算得到映射点参数的哈希值H(R1),再与椭圆曲线的生成元P做基于椭圆曲线的点乘运算,得到哈希值生成元点参数R4,再将其与收到的IBC域的用户U的临时身份TidU做双线性对映射,得出IBC域的用户U在IBC域的认证服务器TA的检索号IndU,IndU=e(TidU,R4);通过所述的检索号IndU得到IBC域的用户U存储在IBC域的认证服务器TA端的身份IDU,;再利用IBC域的认证服务器TA的私钥STA对请求消息MA1中的身份信息密文段c1进行解密操作,得到身份信息明文段m1中的IBC域用户的身份IDU;若时间戳T1新鲜,并且IBC域的用户U存储在IBC域的认证服务器TA的身份ID’U和身份信息明文段m1中的IBC域的用户U的身份IDU一致,则身份合法性认证通过;否则,认证不通过;The authentication server TA in the IBC domain performs bilinear pairwise mapping on the generated element point parameter R 2 in the request message MA1 received and the private key S TA of the authentication server TA in the IBC domain to recalculate the mapping point parameter R 1 , R 1 = e(R 2 , S TA ); and then perform hash operation on the recalculated mapping point parameter R 1 to obtain the hash value H(R 1 ) of the mapping point parameter, and then perform elliptic curve-based Dot multiplication operation to get the hash value generation element point parameter R 4 , and then do bilinear mapping between it and the received temporary identity Tid U of the user U in the IBC domain, and obtain the user U in the IBC domain The retrieval number Ind U of the authentication server TA, Ind U =e(Tid U , R 4 ); obtain the identity ID U of the user U of the IBC domain stored in the authentication server TA end of the IBC domain through the retrieval number Ind U ; then Utilize the private key S TA of the authentication server TA of the IBC domain to decrypt the identity information ciphertext segment c1 in the request message MA1 , and obtain the identity ID U of the IBC domain user in the identity information plaintext segment m1 ; T 1 is fresh, and the identity ID' U of the user U of the IBC domain stored in the authentication server TA of the IBC domain is consistent with the identity ID U of the user U of the IBC domain in the plain text segment m1 of the identity information, then the identity legality authentication is passed; Otherwise, the authentication fails;

本例的A步骤中IBC域的认证服务器TA向IBC域的用户U发送PKI域认证服务器CA的公钥PKCA作法是:In step A of this example, the authentication server TA of the IBC domain sends the public key PK of the PKI domain authentication server CA to the user U of the IBC domain. The CA method is as follows:

将PKI域认证服务器CA的公钥PKCA、身份标识IDCA和发送消息时的时间戳T3一起进行签名、加密操作后组成公钥密文c2,再将公钥密文c2发送给PKI域认证服务器CA。The public key PK CA of the PKI domain authentication server CA, the identity ID CA and the time stamp T 3 when sending the message are signed and encrypted to form a public key ciphertext c 2 , and then the public key ciphertext c 2 is sent to PKI domain authentication server CA.

本例的B步骤中的会话密钥K的认证服务器部分K1的位数为128位;本例的C1步骤中,IBC域的用户U生成会话密钥K的用户部分K2的长度为80位。In the B step of this example, the authentication server part K1 of the session key K has 128 digits ; in the C1 step of this example, the user U of the IBC domain generates the user part K2 of the session key K, and the length is 80 bit.

本例的D步骤中的快速重认证的具体做法是:The specific method of fast re-authentication in step D of this example is:

IBC域内的用户U生成重认证会话密钥K″的用户部分K2″,并将重认证会话密钥K″的用户部分K2″首位处进行填充,使其与重认证会话密钥K″的认证服务器部分K1的位数相同,然后对重认证会话密钥K″的认证服务器部分K1和填充后的用户部分K2″进行异或处理得到完整的重认证会话密钥K″;然后,跳转至C2步骤。The user U in the IBC domain generates the user part K 2 ″ of the re-authentication session key K ″, and fills the first bit of the user part K 2 ″ of the re-authentication session key K ″ so that it is identical to the re-authentication session key K ″ The number of digits of the authentication server part K 1 is the same, and then the authentication server part K 1 of the re-authentication session key K ″ and the filled user part K 2 ″ are XOR-processed to obtain the complete re-authentication session key K ″; Then, jump to step C2.

Claims (5)

1. An authentication key negotiation method for a user in an IBC domain to access resources in a PKI domain comprises the following operation steps:
A. application access
A user U of the IBC domain sends a request for accessing a resource S of the PKI domain to an authentication server TA of the IBC domain, and the identity legitimacy of the user U of the IBC domain is authenticated by the IBC domain authentication server TA; if the authentication is not passed, jumping to the step E; otherwise, forwarding the access request of the user U of the IBC domain to a PKI domain authentication server CA, and sending the public key PK of the PKI domain authentication server CA to the user UCA
B. Generating and sending access authorization ticket
The PKI domain authentication server CA performs identity authentication on the IBC domain authentication server TA, and if the authentication fails, the step E is skipped; otherwise, the PKI domain authentication server CA generates an authentication server part K of a session key K for accessing the resources S in the PKI domain by the user U of the IBC domain1And encrypts and generates a corresponding access authorization Ticket1(ii) a Meanwhile, the PKI domain authentication server CA sends the identity ID of the user U of the IBC domain in the access request through the IBC domain authentication server TAUCalculating the public key Q of the user U in the IBC domainU
PKI domain authentication server CA utilizes its own private key SKCAPublic key PK for resources S in PKI domainSAuthentication server part K of a session key K1And access authorization Ticket1Performing signature processing to obtain a signed message MsignAnd then the public key Q of the user U of the IBC domain is utilizedUFor signed message MsignEncrypting to obtain an encrypted message MA2CA->UAnd sending the user U to the IBC domain;
C. bidirectional identity authentication and negotiation session key
C1, user U of IBC domain utilizes self private key SUFor the encrypted message M sent by the PKI domain authentication server CAA2CA->UDecrypting to obtain the public key PK of the resource S in the PKI domainSAuthentication server part K of a session key K1And access authorization Ticket1Reuse the public key PK of the PKI domain authentication server CACAVerifying the validity of the signature, and if the verification fails, jumping to the step E; otherwise, the user U of the IBC domain generates the user part K of the session key K2And a user part K of the session key K2Padding the first place to make it and the authentication server part K of the session key K1Is the same, and then the authentication server part K for the session key K1And a filled user part K2Carrying out XOR processing to obtain a complete session key K;
c2, user U of IBC domain reusing public key PK of resource S in PKI domainSFor the user part K of the session key K2Encrypting to obtain user ciphertext S-k2(ii) a At the same time, the ID of the resource S in the PKI domain is identified by the session key KSEncrypting to obtain an identity identification ciphertext S-ID; then the user cipher text S-k is processed2And identity identification ciphertext S-ID together with access authorization Ticket Ticket in step B1Together sent to the resource S in the PKI domain;
c3, resource S in PKI domain uses its own private key SKSFor received user cipher text S-k2Decrypting to obtain the user part K of the resource end session key K2' of a compound of formula I; ticket for authorizing access1Decrypting and extracting to obtain the authentication server part K of the resource terminal session key K1' of a compound of formula I; then the user part K of the resource end session key K' is divided into two parts2The first place is filled with the authentication server part K of the resource side session key K1'the number of bits is the same, and then the authentication server part K of the resource side session key K' is applied1' and the populated user part K2Performing XOR processing to obtain a complete resource end session key K'; then, the received identity identification ciphertext S-ID is decrypted by using the resource-side session key K', so that the PKI is obtainedThe ID of the resource S in the domain is extracted, and the ID of the resource S in the PKI domain and the ID of the resource S in the domain are extractedSB, verifying, and if the two are not consistent, skipping to the step E; otherwise, the resource S in the PKI domain uses the resource end session key K' to identify the IDSEncrypting to obtain a resource end identity identification ciphertext M of the resource S in the PKI domainA3S->UAnd sending the user U to the IBC domain;
c4, IBC domain user U uses session key K to identify cipher text M for received resource end identityA3S->UDecrypting to obtain a user side identity IDS 'of the resource S in the PKI domain, verifying the validity of the user side identity IDS' of the resource S in the PKI domain, and jumping to the step E if the verification fails; otherwise, the user U of the IBC domain completes the authentication key negotiation with the resource S of the PKI domain, and the user U of the IBC domain utilizes the session key K to safely access the resource S of the PKI domain;
D. re-authentication
Authentication server part K when session key K1When the life cycle of the user U exceeds the life cycle of the user U, if the user U of the IBC domain does not access the resource S of the PKI domain any more, jumping to the step E; if the user U of the IBC domain still needs to access the resource S of the PKI domain, jumping to the step A;
when the user part K of the session key K2Authentication server part K beyond its life cycle, but for the session key K1Still in the life cycle, if the user U of the IBC domain does not access the resource S of the PKI domain any more, jumping to the step E; if the user U of the IBC domain still needs to access the resource S of the PKI domain, skipping to the step A or carrying out quick re-authentication;
the specific method of the quick re-authentication is as follows: user U in IBC domain generates user part K of re-authentication session key K ″2And will re-authenticate the user part K of the session key K ″2"fill-in first place with authentication server part K re-authenticating session key K1Is the same, and then re-authenticates the authentication server portion K of the session key K ″1And a filled user part K2Performing XOR processing to obtain a complete re-authentication session key K'; then jump toC2;
E. the session is aborted.
2. The method as claimed in claim 1, wherein in step a, the user U in the IBC domain sends a request to the authentication server TA in the IBC domain to access the resource S in the PKI domain, specifically:
user U of IBC domain selects random integer r1,r1∈Zq(ii) a In the formula, ZqRepresents a set of all integers smaller than q, q being a prime number exceeding 32 bits of binary bits; then random integer r1With the public key P of the systempubCarrying out point multiplication operation based on elliptic curve to obtain public key point parameter R3Then the public key point parameter R is used3Public key Q of authentication server TA with IBC domainTAMapping bilinear pairings to obtain mapping point parameters R1,R1=e(R3,QTA) Where e () represents a bilinear pairwise map; at the same time, a random integer r1Then, the elliptic curve generating element P is subjected to point multiplication operation based on the elliptic curve to obtain a generating element point parameter R2(ii) a Mapping point parameter R1Performing hash operation to obtain hash value of mapping point parameter, and performing hash operation on the obtained hash value H (R) of mapping point parameter1) Obtaining the hash value inverse H (R) of the mapping point parameter by the inversion operation1)-1Then, the hash value of the mapping point parameter is inverted to H (R)1)-1Private key S of user U with IBC domainUObtaining the temporary identity Tid of the user by performing dot product operationU(ii) a Identify ID of user U of IBC domainUIdentity ID of a resource S of a PKI domainSAnd timestamp T at the time of message issuance1Form identity information plaintext segment m1,m1={IDU,IDS,T1And then, a public key Q of an authentication server TA of the IBC domain is utilizedTAFor identity information plaintext segment m1Carrying out encryption operation based on identity algorithm to obtain identity information encrypted segment c1,c1=IBE{IDU,IDS,T1}QTAWherein IBE { … } QTAPublic key Q representing an authentication server TA utilizing IBC domainsTACarrying out encryption operation based on an identity algorithm;
subsequently, the user U of the IBC domain assigns the temporary identity Tid of the userUGenerating a meta-point parameter R2And identity information ciphertext section c1Composing request messages MA1,MA1=TidU,R2,c1(ii) a And sends it to the authentication server TA of the IBC domain.
3. The method as claimed in claim 1, wherein in step a, the specific way for the IBC domain authentication server TA to authenticate the validity of the identity of the user U of the requesting IBC domain is:
IBC domain authentication server TA will receive the request message MA1Generating meta-point parameter R in (1)2And private key S of authentication server TA of IBC domainTADoing bilinear mapping to recalculate mapping point parameter R1,R1=e(R2,STA) (ii) a Then the recalculated mapping point parameter R is repeated1Performing hash operation to obtain hash value H (R) of mapping point parameter1) Then, the point multiplication operation based on the elliptic curve is carried out with the generating element P of the elliptic curve to obtain a hash value generating element point parameter R4Then, the user U temporary identity Tid of the IBC domain is receivedUCarrying out bilinear pairwise mapping to obtain a retrieval number Ind of a user U of the IBC domain in an authentication server TA of the IBC domainU,IndU=e(TidU,R4) (ii) a By said search number IndUObtaining the identity of the user U of the IBC domain stored in the TA end of the authentication server of the IBC domain
IDU'; private key S of authentication server TA of IBC domain is reusedTAFor request message MA1Identity information encrypted segment c in1Carrying out decryption operation to obtain the identity information plaintext segment m1Identity ID of IBC domain user in (1)U(ii) a If the time stamp T1Fresh and user U of IBC Domain stores identity ID of authentication Server TA of IBC DomainU' and identity information declarationSegment m1Identity ID of user U of IBC domain in (1)UIf the identity is consistent with the identity, the identity validity authentication is passed; otherwise, the authentication is not passed.
4. The method as claimed in claim 1, wherein the authentication server TA of the IBC domain in step a sends the public key PK of the PKI domain authentication server CA to the user U of the IBC domainCAThe specific method comprises the following steps:
public key PK of PKI domain authentication server CACAID, IDCAAnd a time stamp T at the time of sending the message3Signing and encrypting together to form a public key ciphertext c2Then, the public key cryptograph c is used2Sent to the PKI domain authentication server CA.
5. The authenticated key agreement method for users in IBC domain to access resources in PKI domain as claimed in claim 1, wherein: the authentication server part K of the session key K in the step B1The number of bits of (2) is 128 bits; in the step C1, the user U in the IBC domain generates the user part K of the session key K2Is 80 bits in length.
CN201710081516.7A 2017-02-15 2017-02-15 Authentication key agreement method for users in the IBC domain to access resources in the PKI domain Active CN106789042B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710081516.7A CN106789042B (en) 2017-02-15 2017-02-15 Authentication key agreement method for users in the IBC domain to access resources in the PKI domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710081516.7A CN106789042B (en) 2017-02-15 2017-02-15 Authentication key agreement method for users in the IBC domain to access resources in the PKI domain

Publications (2)

Publication Number Publication Date
CN106789042A CN106789042A (en) 2017-05-31
CN106789042B true CN106789042B (en) 2019-12-31

Family

ID=58957291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710081516.7A Active CN106789042B (en) 2017-02-15 2017-02-15 Authentication key agreement method for users in the IBC domain to access resources in the PKI domain

Country Status (1)

Country Link
CN (1) CN106789042B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109873699B (en) * 2017-12-05 2021-09-28 南京师范大学 Revocable identity public key encryption method
CN108737436B (en) * 2018-05-31 2020-02-21 西安电子科技大学 Cross-domain server identity authentication method based on trust alliance blockchain
CN111106931B (en) * 2018-10-26 2022-08-02 中国电信股份有限公司 Authentication method, authentication device, terminal and computer-readable storage medium
CN109327309A (en) * 2018-11-08 2019-02-12 北京中电华大电子设计有限责任公司 A kind of domain traversal key management method based on IBC Yu PKI mixed system
CN109714167B (en) * 2019-03-15 2020-08-25 北京邮电大学 Identity authentication and key agreement method and equipment suitable for mobile application signature
CN109981289B (en) * 2019-03-26 2020-03-31 电子科技大学 Batch Authentication Method of Elliptic Curve Digital Signature Algorithm under Implicit Certificate
CN111654366B (en) * 2020-05-09 2023-04-07 中南民族大学 Secure bidirectional heterogeneous strong-designated verifier signature method between PKI and IBC
CN114024749B (en) * 2021-11-05 2022-11-29 西北工业大学 Industrial equipment logic cross-domain access authentication method based on inter-domain cooperation of central nodes
CN114024757B (en) * 2021-11-09 2024-02-02 国网山东省电力公司电力科学研究院 Electric power internet of things edge terminal access method and system based on identification password algorithm
CN114221796A (en) * 2021-12-02 2022-03-22 北京八分量信息科技有限公司 Anonymous identity authentication method, device and related products in heterogeneous network
CN114500040B (en) * 2022-01-24 2023-09-19 北京金数信安科技有限公司 Safe and efficient communication method based on cryptographic algorithm and implementation thereof
CN115567268A (en) * 2022-09-19 2023-01-03 国网上海市电力公司 Cross-domain credible authentication method based on multi-layer block chain
CN116321159B (en) * 2023-01-14 2024-01-02 国网湖北省电力有限公司荆门供电公司 Distributed station data transmission method based on Beidou communication service

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101431415A (en) * 2008-12-12 2009-05-13 天柏宽带网络科技(北京)有限公司 Bidirectional authentication method
CN101610153A (en) * 2008-06-20 2009-12-23 航天信息股份有限公司 Electronic signature authentication method based on ellipse curve signature algorithm
CN102624528A (en) * 2012-03-02 2012-08-01 中国人民解放军总参谋部第六十一研究所 IBAKA (Identity Based Authentication and Key Agreement) method
CN102970144A (en) * 2012-12-20 2013-03-13 四川长虹电器股份有限公司 Identity-based authentication method
CN103780618A (en) * 2014-01-22 2014-05-07 西南交通大学 Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
CN105187205A (en) * 2015-08-05 2015-12-23 北京航空航天大学 Certificateless authentication key negotiation method and system based on hierarchical identities

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10205598B2 (en) * 2015-05-03 2019-02-12 Ronald Francis Sulpizio, JR. Temporal key generation and PKI gateway

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610153A (en) * 2008-06-20 2009-12-23 航天信息股份有限公司 Electronic signature authentication method based on ellipse curve signature algorithm
CN101431415A (en) * 2008-12-12 2009-05-13 天柏宽带网络科技(北京)有限公司 Bidirectional authentication method
CN102624528A (en) * 2012-03-02 2012-08-01 中国人民解放军总参谋部第六十一研究所 IBAKA (Identity Based Authentication and Key Agreement) method
CN102970144A (en) * 2012-12-20 2013-03-13 四川长虹电器股份有限公司 Identity-based authentication method
CN103780618A (en) * 2014-01-22 2014-05-07 西南交通大学 Method for cross-isomerism domain identity authentication and session key negotiation based on access authorization ticket
CN105187205A (en) * 2015-08-05 2015-12-23 北京航空航天大学 Certificateless authentication key negotiation method and system based on hierarchical identities

Also Published As

Publication number Publication date
CN106789042A (en) 2017-05-31

Similar Documents

Publication Publication Date Title
CN106789042B (en) Authentication key agreement method for users in the IBC domain to access resources in the PKI domain
CN103780618B (en) A Cross-Heterogeneous Domain Identity Authentication and Session Key Agreement Method Based on Access Authorization Ticket
CN104811450B (en) The date storage method and integrity verification method of a kind of identity-based in cloud computing
CN103095696B (en) A kind of authentication and cryptographic key negotiation method being applicable to power information acquisition system
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
CN104754581B (en) A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem
CN108768608B (en) Privacy protection identity authentication method supporting thin client under block chain PKI
CN105871869B (en) Hash function and false identity anonymous bidirectional authentication method are based in mobile social networking
KR20190073472A (en) Method, apparatus and system for transmitting data
CN110601838A (en) Identity authentication method, device and system based on quantum key
CN110932870A (en) Secret sharing and timestamp based quantum communication service station key negotiation system and method
CN103414559B (en) A kind of identity identifying method of based on class IBE system under cloud computing environment
CN113704736A (en) Lightweight access authentication method and system for power Internet of things equipment based on IBC system
CN106301788A (en) A kind of group key management method supporting authenticating user identification
CN105610773A (en) Communication encryption method of electric energy meter remote meter reading
CN106790064A (en) The method that both sides are communicated in credible root server cloud computing server model
CN103929745A (en) A wireless MESH network access authentication system and method based on privacy protection
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
CN117278330A (en) Lightweight networking and secure communication method for electric power Internet of things equipment network
CN106850584B (en) Anonymous authentication method facing client/server network
CN107248997B (en) Authentication method based on smart card in multi-server environment
CN118540163B (en) Anti-quantum security enhancement method for national secret SSL VPN protocol
CN115174209A (en) Cloud-assisted identity-based group key exchange method
GB2543359A (en) Methods and apparatus for secure communication
CN106877996B (en) User in the domain PKI accesses the authentication key agreement method of the resource in the domain IBC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230322

Address after: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Patentee after: Yami Technology (Guangzhou) Co.,Ltd.

Address before: 610031 No. two, section 111, ring road, Chengdu, Sichuan, China

Patentee before: SOUTHWEST JIAOTONG University

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240622

Address after: 3501-2, 35th Floor, Life Insurance Building, No. 1001 Fuzhong 1st Road, Fuzhong Community, Lianhua Street, Futian District, Shenzhen City, Guangdong Province, 518000

Patentee after: Yinshang Quanwang (Shenzhen) Technology Co.,Ltd.

Country or region after: China

Patentee after: Dongfang Huaxia Technology (Shenzhen) Group Co.,Ltd.

Address before: Room 801, 85 Kefeng Road, Huangpu District, Guangzhou City, Guangdong Province

Patentee before: Yami Technology (Guangzhou) Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20240716

Address after: Room 708, 6th Floor, Building 1, No. 4 Guanghua Road, Chaoyang District, Beijing, 100020

Patentee after: Zhongfu Qiyue (Beijing) Technology Co.,Ltd.

Country or region after: China

Address before: 3501-2, 35th Floor, Life Insurance Building, No. 1001 Fuzhong 1st Road, Fuzhong Community, Lianhua Street, Futian District, Shenzhen City, Guangdong Province, 518000

Patentee before: Yinshang Quanwang (Shenzhen) Technology Co.,Ltd.

Country or region before: China

Patentee before: Dongfang Huaxia Technology (Shenzhen) Group Co.,Ltd.