CN114760027A

CN114760027A - Identity authentication method and device

Info

Publication number: CN114760027A
Application number: CN202011569180.7A
Authority: CN
Inventors: 铁满霞; 曹军; 赵晓荣; 赖晓龙; 李琴; 张变玲; 黄振海; 芦亮
Original assignee: China Iwncomm Co Ltd
Current assignee: China Iwncomm Co Ltd
Priority date: 2020-12-26
Filing date: 2020-12-26
Publication date: 2022-07-15
Also published as: WO2022135384A1

Abstract

The application discloses an identity authentication method, which comprises the following steps: an authentication access controller AAC receives an identity ciphertext message sent by a request device REQ, AAC sends a first authentication request message to a trusted first authentication server, the first authentication request message comprises a digital certificate of REQ and an identity authentication code of AAC, the first authentication server verifies the identity authentication code of AAC, a trusted second authentication server of REQ verifies the validity of the digital certificate of REQ, AAC receives a first authentication response message which is sent by the first authentication server and carries the verification results of AAC and REQ, and AAC and REQ respectively obtain the verification results of an opposite entity to realize bidirectional identity authentication; and the entity sensitive information is transmitted between the REQ and the AAC in a ciphertext mode, so that the safety of the entity is guaranteed.

Description

Identity authentication method and device

Technical Field

The present application relates to the field of network communication security technologies, and in particular, to an identity authentication method and apparatus.

Background

At present, a communication network usually requires bidirectional identity authentication between a user and a network access point to ensure that only a legitimate user can communicate with a legitimate network, and in an existing entity authentication scheme, the identity of an entity is either uniformly made of a digital certificate or in a form of a pre-shared key between entities, but in some scenarios in practical application, a situation that one end of the entity uses the digital certificate as an identity credential and the other end of the entity uses the pre-shared key as an identity credential is encountered, which presents a challenge to an entity identity authentication mechanism.

In addition, in the process of identity authentication, identity information of an entity is directly exposed, and sometimes, the identity information of the entity contains a plurality of private or sensitive information of the entity, such as an identity card number, a home address, bank card information and the like.

Disclosure of Invention

In order to solve the above technical problem, the present application provides an identity authentication method and apparatus, which implement entity bidirectional identity authentication and entity identity protection under the condition that a requesting device adopts a digital certificate and an authentication access controller adopts a pre-shared key as an identity credential.

In view of the above, a first aspect of the present application provides an identity authentication method, including:

an authentication access controller receives an identity ciphertext message sent by a request device, wherein the identity ciphertext message comprises an identity information ciphertext of the request device, and the identity information ciphertext of the request device is generated by encrypting encrypted data including a digital certificate of the request device by using a message encryption key;

the authentication access controller decrypts the identity information ciphertext of the request device by using the message encryption key to obtain a digital certificate of the request device, and sends a first authentication request message to a trusted first authentication server, wherein the first authentication request message comprises the digital certificate of the request device and an identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is generated by the authentication access controller through calculation on information including the digital certificate of the request equipment by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server;

the authentication access controller receives a first authentication response message sent by the first authentication server, wherein the first authentication response message comprises first authentication result information, a first digital signature of a second authentication server trusted by the request device, second authentication result information and a first message authentication code of the first authentication server; the first authentication result information comprises a first verification result of an identity authentication code of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server through calculation on signature data comprising the first authentication result information, the second authentication result information comprises a second verification result of a digital certificate of the request device, and a first message authentication code of the first authentication server is generated by the first authentication server through calculation on information comprising the second authentication result information by using a pre-shared key with the authentication access controller and a cryptographic algorithm agreed with the authentication access controller;

the authentication access controller verifies a first message authentication code of the first authentication server by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server, and if the verification is passed, the authentication access controller determines an identity authentication result of the request device according to a second verification result in the second authentication result information; when the authentication access controller determines that the identity authentication result of the request equipment is legal, a third authentication response message is sent to the request equipment; or,

the authentication access controller verifies a first message authentication code of the first authentication server by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server, and if the verification is passed, the authentication access controller sends a third authentication response message to the request device and determines an identity authentication result of the request device according to a second verification result in the second authentication result information; or,

the authentication access controller verifies a first message authentication code of the first authentication server by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server; if the first message authentication code of the first authentication server passes the authentication, the authentication access controller determines the identity authentication result of the request device according to a second authentication result in the second authentication result information; the authentication access controller sends a third authentication response message to the requesting device;

wherein the third authentication response message includes an authentication result information ciphertext generated by the authentication access controller encrypting, with the message encryption key, encrypted data including the first authentication result information and the first digital signature;

and after receiving the third authentication response message, the requesting device decrypts the authentication result information ciphertext by using the message encryption key to obtain the first authentication result information and the first digital signature, verifies the first digital signature by using the public key of the second authentication server, and determines the identity authentication result of the authentication access controller according to the first verification result in the first authentication result information if the verification is passed.

A second aspect of the present application provides a requesting device, including:

a sending module, configured to send an identity ciphertext message to an authentication access controller, where the identity ciphertext message includes an identity information ciphertext of the requesting device, and the identity information ciphertext of the requesting device is generated by encrypting, by the requesting device, encrypted data that includes a digital certificate of the requesting device by using a message encryption key;

a receiving module, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an authentication result information ciphertext generated by the authentication access controller encrypting, by using the message encryption key, encrypted data that includes the first authentication result information and the first digital signature; the first authentication result information comprises a first verification result of an identity authentication code of the authentication access controller, and the first digital signature is a digital signature generated by a second authentication server through calculation on signature data comprising the first authentication result information;

the decryption module is used for decrypting the authentication result information ciphertext by using the message encryption key to obtain the first authentication result information and the first digital signature;

the verification module is used for verifying the first digital signature by utilizing the public key of the second authentication server;

and the determining module is used for determining the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information if the authentication is passed.

A third aspect of the present application provides an authentication access controller, comprising:

a receiving module, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes an identity information ciphertext of the requesting device, and the identity information ciphertext of the requesting device is generated by encrypting, by the requesting device, encrypted data that includes a digital certificate of the requesting device by using a message encryption key;

the decryption module is used for decrypting the identity information ciphertext of the request equipment by using the message encryption key to obtain the digital certificate of the request equipment;

a sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes a digital certificate of the requesting device and an identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is generated by the authentication access controller through calculation of information including the digital certificate of the request equipment by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server;

the receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information, a first digital signature of a second authentication server trusted by the requesting device, second authentication result information, and a first message authentication code of the first authentication server; the first authentication result information comprises a first verification result of an identity authentication code of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server through calculation on signature data comprising the first authentication result information, the second authentication result information comprises a second verification result of a digital certificate of the request device, and a first message authentication code of the first authentication server is generated by the first authentication server through calculation on information comprising the second authentication result information by using a pre-shared key with the authentication access controller and a cryptographic algorithm agreed with the authentication access controller;

a verification module, configured to verify a first message authentication code of the first authentication server by using a pre-shared key of the first authentication server and using a cryptographic algorithm agreed with the first authentication server; if the verification is passed, the determining module determines the identity authentication result of the request equipment according to a second verification result in the second authentication result information; when the determining module determines that the identity authentication result of the requesting device is legal, the sending module sends a third authentication response message to the requesting device; or,

the authentication module is used for verifying a first message authentication code of the first authentication server by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server, and if the authentication is passed, the sending module sends a third authentication response message to the request device and the determining module determines the identity authentication result of the request device according to a second authentication result in the second authentication result information; or,

a first message authentication code for verifying the first authentication server using a cryptographic algorithm agreed with the first authentication server using a pre-shared key with the first authentication server; if the first message authentication code of the first authentication server passes the authentication, the determining module determines the identity authentication result of the requesting device according to a second authentication result in the second authentication result information; the sending module sends a third authentication response message to the requesting device;

wherein the third authentication response message includes an authentication result information ciphertext generated by the authentication access controller encrypting, with the message encryption key, encrypted data including the first authentication result information and the first digital signature.

A fourth aspect of the present application provides a first authentication server, comprising:

a receiving module, configured to receive a first authentication request message sent by an authentication access controller, where the first authentication request message includes a digital certificate of a requesting device and an identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is generated by the authentication access controller through calculation on information including the digital certificate of the request equipment by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server;

a sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, a first digital signature of a second authentication server, second authentication result information, and a first message authentication code of the first authentication server; the first authentication result information includes a first verification result of an identity authentication code of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server through calculation of signature data including the first authentication result information, the second authentication result information includes a second verification result of a digital certificate of the requesting device, and the first message authentication code of the first authentication server is generated by the first authentication server through calculation of information including the second authentication result information through a pre-shared key with the authentication access controller through a cryptographic algorithm agreed with the authentication access controller.

A fifth aspect of the present application provides a second authentication server comprising:

a receiving module, configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device, and the second digital signature, or the second authentication request message includes the first authentication result information, the digital certificate of the requesting device, and the second message authentication code; the second digital signature is generated by the first authentication server through calculation of signature data including the first authentication result information and the digital certificate of the requesting device, or the second message authentication code is generated by the first authentication server through calculation of information including the first authentication result information and the digital certificate of the requesting device through a pre-shared key with the second authentication server by using a cryptographic algorithm agreed with the second authentication server;

a verification module, configured to verify the second digital signature using a public key of the first authentication server or verify the second message authentication code using a cryptographic algorithm agreed with the first authentication server using a pre-shared key of the first authentication server;

a generating module, configured to perform validity verification on the digital certificate of the requesting device to obtain a second verification result if the verification passes, generate second authentication result information according to information including the second verification result, calculate signature data including the first authentication result information to generate the first digital signature, calculate signature data including the second authentication result information to generate a third digital signature, or calculate information including the second authentication result information to generate a third message authentication code by using a cryptographic algorithm agreed with the first authentication server by using a pre-shared key of the first authentication server;

a sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information, and the third digital signature, or the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information, and the third message authentication code.

In the process of identity authentication, the request equipment firstly sends an identity ciphertext message to the authentication access controller, wherein the identity ciphertext message comprises an identity information ciphertext generated by the request equipment by encrypting encrypted data including the digital certificate of the request equipment by using a message encryption key; the authentication access controller decrypts the identity information ciphertext by using the message encryption key to obtain a digital certificate of the request device, calculates information including the digital certificate of the request device by using a pre-shared key of a first authentication server trusted by the authentication access controller and an agreed cryptographic algorithm to generate an identity authentication code of the authentication access controller, sends the digital certificate of the request device and the identity authentication code of the authentication access controller to the first authentication server, verifies the legality of the digital certificate of the request device by using a second authentication server trusted by the request device, verifies the identity authentication code of the authentication access controller by using the first authentication server trusted by the authentication access controller, sends a first authentication response message to the authentication access controller after verification is completed, and the authentication access controller obtains a verification result of the request device from the first authentication response message, and the requesting equipment acquires the verification result of the authentication access controller from the third authentication response message sent by the authentication access controller to determine whether the identity of the authentication access controller is legal, so that the bidirectional identity authentication between the authentication access controller and the requesting equipment is realized, and a foundation is laid for ensuring that only a legal user can communicate with a legal network. And moreover, the identity information and/or the identity authentication result information of the entity are transmitted in a ciphertext mode, so that the safety of private information in the transmission process is guaranteed, and the identity protection of the entity is realized.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the description below are only some embodiments of the present application, and for those skilled in the art, other drawings may be obtained according to these drawings without inventive labor.

Fig. 1 is a schematic diagram of an identity authentication method according to an embodiment of the present application;

fig. 2 is a schematic diagram of a method for requesting a device REQ and authenticating an AAC negotiation message encryption key of an access controller according to an embodiment of the present application;

fig. 3 is a schematic diagram of an identity authentication method provided in an embodiment of the present application, where "+" denotes an optional field or an optional operation;

fig. 4 is a schematic diagram of an identity authentication method provided in an embodiment of the present application, where "+" denotes an optional field or an optional operation;

fig. 5 is a block diagram illustrating a structure of a request device REQ according to an embodiment of the present disclosure;

fig. 6 is a block diagram of an architecture of an authentication access controller AAC according to an embodiment of the present application;

fig. 7 is a block diagram illustrating a structure of an AS-AAC server according to an embodiment of the present disclosure;

fig. 8 is a block diagram of a second authentication server AS-REQ according to an embodiment of the present disclosure.

Detailed Description

In a communication network, a requesting device may access a network through an Authentication access controller, and in order to ensure that the requesting device accessing the network belongs to a legitimate user and that the network accessed by the requesting device is a legitimate network, bidirectional Identity Authentication (MIA for short) needs to be performed between the Authentication access controller and the requesting device.

Taking the current wireless communication and mobile communication scenarios as examples, in a scenario where the requesting device accesses the wireless network through the authentication access controller, the requesting device may be a terminal device such as a mobile phone, a Personal Digital Assistant (PDA), a tablet computer, and the like, and the authentication access controller may be a network side device such as a wireless access point, a wireless router, and the like. Under the scene that the request device is accessed to the wired network through the authentication access controller, the request device can be terminal devices such as a desktop computer and a notebook computer, and the authentication access controller can be network side devices such as a switch or a router. In a scenario that the requesting device accesses a fourth/fifth Generation mobile communication technology (4 th/5th Generation mobile communication technology, abbreviated as 4G/5G) network through the authentication access controller, the requesting device may be a terminal device such as a mobile phone and a tablet computer, and the authentication access controller may be a network side device such as a base station. Of course, the method and the device are also applicable to various data communication scenes such as other wired networks, near field communication networks and the like.

However, in the existing entity authentication scheme, the identity credentials of the entity are either uniformly in the form of a digital certificate or a pre-shared key, and a simple and effective identity authentication mechanism is not proposed for the case that one end of the entity is used as the identity credentials and the other end of the entity is used as the identity credentials in practical application. And in the transmission process of the identity authentication message, the identity information of the entity is directly exposed, so that the security of the entity cannot be guaranteed.

In order to solve the above technical problem, an embodiment of the present application provides an identity authentication method, where a digital certificate is used for a requesting device, an authentication access controller uses an authentication method of pre-sharing a secret key, a first authentication server trusted by the authentication access controller verifies an identity authentication code of the authentication access controller to verify the identity validity of the authentication access controller to obtain a first verification result, a second authentication server trusted by the requesting device verifies the validity of the digital certificate of the requesting device to obtain a second verification result, and the requesting device and the authentication access controller determine whether an entity of an opposite party is legal according to the verification result of the entity of the opposite party, so as to implement bidirectional identity authentication between the authentication access controller and the requesting device, thereby laying a foundation for ensuring that only a legal user can communicate with a legal network. And the private information of the entity, such as the identity identification, the authentication result information and the like, is transmitted in a ciphertext mode, so that the security of the private information in the transmission process is ensured, and the identity protection of the entity is realized.

For convenience of introduction, in the embodiments of the present application, the identity Authentication method of the present application will be described by taking a request device (REQ), an Authentication Access Controller (AAC), and an Authentication Server (AS) AS examples.

Wherein, AAC trusted AS is called a first authentication server AS-AAC, and REQ trusted AS is called a second authentication server AS-REQ. The AS-REQ holds a digital certificate and a private key corresponding to the digital certificate, which are in accordance with ISO/IEC9594-8/ITU X.509, other standards or other technical systems, the AS-AAC can verify the identity validity of AAC, and the AS-REQ can verify the identity validity of REQ. The AS-AAC and the AS-REQ can be the same AS or different ASs, and when the AS-AAC and the AS-REQ are the same, namely the non-roaming condition exists; when the AS-AAC and the AS-REQ are different, namely in a roaming situation, a valid pre-shared key exists between the AS-AAC and the AS-REQ, or when the AS-AAC holds a digital certificate and a corresponding private key of the digital certificate, which are in accordance with ISO/IEC9594-8/ITU X.509, other standards or other technical systems, the AS-AAC and the AS-REQ know the digital certificate of each other or a public key in the digital certificate mutually.

The REQ may be an endpoint participating in an identity authentication process, establishes a connection with AAC, accesses a service provided by AAC, and accesses AS through AAC, and holds a digital certificate compliant with ISO/IEC9594-8/ITU x.509, other standards or other technical systems, and a corresponding private key of the digital certificate, and knows the digital certificate of AS-REQ or a public key in the digital certificate. AAC may be another endpoint participating in the authentication process, establishing a connection with, serving, and communicating with the REQ, and having direct access to AS-AAC with a valid pre-shared key between AAC and AS-AAC.

An identity authentication method provided in an embodiment of the present application is described below with reference to fig. 1, where the method includes:

s101, AAC receives the identity ciphertext message REQInit sent by REQ.

The REQInit includes identity information ciphertext EncData of REQ_REQ。EncData_REQIs that the REQ uses a message encryption key to adopt a symmetric encryption algorithm to a digital certificate Cert comprising the REQ_REQThe encrypted data inside is generated by encryption. The message encryption key may be obtained by negotiation between REQ and AAC, or may be pre-shared by REQ and AAC. The implementation of REQ and AAC negotiation messages encryption keys will be described later. In this application, an encrypted object is referred to as encrypted data.

S102, AAC sends a first authentication request message AACVeri to its trusted AS-AAC.

The AACVeri comprises Cert_REQAnd identity identifier MIC of AAC_AAC. Wherein, Cert_REQAAC uses message encryption key to adopt symmetric encryption algorithm to received EncData_REQThe result is obtained by decryption; MIC_AACIs pre-shared key K of AAC utilization and AS-AAC_{AAC_AS}Adopting a cryptographic algorithm pair agreed with AS-AAC to include the Cert_REQThe information inside is calculated and generated. As an example of the present application, the cryptographic algorithm agreed upon between AAC and AS-AAC may be a hash algorithm, AAC utilizing the K_{AAC_AS}In combination withMIC in AACVeri_AACOther fields preceding a field, e.g. including the Cert_REQCarrying out hash operation on the information to obtain a hash value, wherein the hash value is used as an identity authentication code MIC of the AAC_AAC. In the present application, AAC employs the MIC_AACREQ employs the Cert as identity information_REQAs identity information.

It should be noted that, when AAC trusted AS-AAC and REQ trusted AS-REQ are the same authentication server, REQ and AAC trusted authentication server can be represented by AS-AAC (or AS-REQ, of course). In this case, the Cert is verified by AS-AAC (which may also be denoted AS AS-REQ)_REQGet the second verification result Res_REQUsing pre-shared key K with AAC_{AAC_AS}Verifying the MIC using a cryptographic algorithm agreed with AAC_AACObtain a first verification result Res_AACAccording to the inclusion of the Res_AACThe information inside generates the first identification result information Pub_AACAccording to the inclusion of the Res_REQGenerates second authentication result information Pub from the included information_REQAnd use of said K_{AAC_AS}Using said cryptographic algorithm pair to include said Pub_REQInformation inside is calculated to generate first message authentication code MIC of AS-AAC_{AS_AAC}(first message authentication code MIC which may also be denoted AS AS-REQ)_{AS_REQ}) To include said Pub_AACComputing the signature data to generate a first digital signature Sig_{AS_AAC1}(also denoted Sig)_{AS_REQ1}) According to including said Pub_AACThe Sig_{AS_AAC1}(also denoted Sig)_{AS_REQ1}) The Pub_REQAnd the MIC_{AS_AAC}(may also be denoted MIC)_{AS_REQ}) The included information generates a first authentication response message ASVeri.

When AAC-trusted AS-AAC and REQ-trusted AS-REQ are two different authentication servers, in this case, pre-shared key K with AAC is utilized by AS-AAC_{AAC_AS}Verifying the MIC by adopting a cryptographic algorithm agreed with AAC_AACObtain a first verification result Res_AACAccording to including Res_AACIn whichInformation generation first authentication result information Pub_AACTo include said Pub_AACAnd the Cert_REQComputing the signature data to generate a second digital signature Sig_{AS_AAC2}And sending a second authentication request message AS-AACVeri to the AS-REQ, wherein the AS-AACVeri comprises the Pub_AACThe Cert_REQAnd said Sig_{AS_AAC2}. Therein, Sig_{AS_AAC2}Can be replaced by MIC_{AS_AAC2}，MIC_{AS_AAC2}The AS-AAC utilizes a pre-shared key of the AS-REQ, adopts a cryptographic algorithm agreed with the AS-REQ to the Pub_AACAnd said Cert_REQThe generated second message authentication code is calculated from the included information. The AS-REQ then verifies the Sig using the public key of the AS-AAC_{AS_AAC2}Or verifying the MIC by using a pre-shared key with the AS-AAC and adopting a cryptographic algorithm agreed with the AS-AAC_{AS_AAC2}After the verification is passed, the Cert is verified_REQCarrying out validity verification to obtain a second verification result Res_REQAccording to including Res_REQGenerates second authentication result information Pub from the included information_REQTo include said Pub_AACThe signature data inside is calculated to generate a first digital signature Sig_{AS_REQ1}To include said Pub_REQComputing the signature data to generate a third digital signature Sig_{AS_REQ3}And sending a second authentication response message AS-REQVeri to AS-AAC, wherein the AS-REQVeri comprises the Pub_AACThe Sig_{AS_REQ1}The Pub_REQAnd said Sig_{AS_REQ3}. Therein, Sig_{AS_REQ3}Can be replaced by MIC_{AS_REQ3}，MIC_{AS_REQ3}The AS-REQ uses a pre-shared key with the AS-AAC, adopts a cryptographic algorithm agreed with the AS-AAC to include the Pub_REQThe generated third message authentication code is calculated from the included information. Then, AS-AAC verifies the Sig with the public key of AS-REQ_{AS_REQ3}Or verifying the MIC by using a pre-shared key with the AS-REQ and adopting a cryptographic algorithm agreed with the AS-REQ_{AS_REQ3}After verification is passed, AS-AAC utilizes pre-shared key K with AAC_{AAC_AS}Adopting a cryptographic algorithm pair agreed with AAC to include the Pub_REQThe information in the content is calculated to generate AS-AACA message authentication code MIC_{AS_AAC}And according to inclusion of said Pub_AACThe Sig_{AS_REQ1}The Pub_REQAnd the MIC_{AS_AAC}The included information generates the first authentication response message ASVeri.

In the above process, the AS-AAC can be known in advance to have a valid pre-shared key K with AAC_{AAC_AS}And a cryptographic algorithm; in addition, AACVeri can also carry identity ID of AAC_AACThe AS-AAC can be based on ID_AACDetermined to have a significant K between AAC_{AAC_AS}And cryptographic algorithms. AS-AAC is verifying the MIC_AACWhen using said K_{AAC_AS}Adopting a cryptographic algorithm pair agreed with AAC to include MIC in AACVeri_AACInformation of other preceding fields, e.g. including the Cert_REQInformation therein, locally computing to generate MIC_AACThen calculating MIC_AACWith received MIC_AACPerforming a comparison to complete the MIC_AACAnd (4) verifying.

S103, AAC receives a first authentication response message ASVeri sent by AS-AAC.

The ASVeri comprises first identification result information Pub_AACFirst digital signature Sig of AS-REQ_{AS_REQ1}And second authentication result information Pub_REQAnd first message authentication code MIC of AS-AAC_{AS_AAC}. Wherein said Pub_AACIncluding a first verification result Res_AACThe Sig_{AS_REQ1}Is the AS-REQ pair including the Pub_AACThe generated digital signature is calculated by the signature data inside, and the Pub_REQIncluding a second verification result Res_REQThe MIC of_{AS_AAC}Is pre-shared key K of AS-AAC utilization and AAC_{AAC_AS}Adopting a cryptographic algorithm pair agreed with AAC to include the Pub_REQThe information inside is calculated and generated.

S104, verifying the MIC by using a pre-shared key of the AS-AAC and a cryptographic algorithm agreed with the AS-AAC_{AS_AAC}。

Wherein AAC utilizes a pre-shared key K with AS-AAC_{AAC_AS}By reaction with AS-AAC agreed cryptographic algorithm pair comprising said Pub_REQWith information therein computed locally to generate MIC_{AS_AAC}And calculating MIC_{AS_AAC}With received MIC_{AS_AAC}Performing a comparison to complete the MIC_{AS_AAC}And (4) verifying.

S105, AAC according to the Pub_REQRes in (1)_REQThe identity authentication result of the REQ is determined.

Due to Res_REQCan reflect whether REQ is legal or not, therefore AAC can be based on Pub_REQRes in (1)_REQIt is determined whether the REQ is legitimate.

S106, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth comprises an authentication result information ciphertext EncData_AAC. Wherein, EncData_AACIs that AAC uses a message encryption key to adopt a symmetric encryption algorithm to pair including the Pub_AACAnd the first digital signature Sig_{AS_REQ1}The encrypted data inside is generated by encryption.

It should be noted that the execution sequence of S104 to S106 does not affect the specific implementation of the present application, and in practical applications, the execution sequence of S104 to S106 may be set according to requirements. Preferably, S104 is executed first, when AAC is corresponding to the MIC_{AS_AAC}If the verification is not passed, discarding the ASVeri of S103, and when AAC is matched with the MIC_{AS_AAC}And after the verification is passed, executing S105 again, executing S106 again when the REQ is determined to be legal by AAC, and selecting whether to execute S106 by AAC according to a local strategy when the REQ is determined to be illegal by AAC, wherein in consideration of efficiency, the scheme is preferably not executed and the authentication process is ended.

S107, REQ decrypts the EncData by using message encryption key_AACObtaining Pub_AACAnd Sig_{AS_REQ1}Verifying the Sig with the public key of the AS-REQ_{AS_REQ1}If the verification is passed, then the method is carried out according to the Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC.

Wherein REQ can decrypt EncData by using symmetric encryption algorithm using message encryption key_AACObtaining Pub_AACAnd Sig_{AS_REQ1}. Due to Res_AACMay reflect whether AAC is legal, so REQ applies to the Sig_{AS_REQ1}After the verification is passed, the method can be used according to Pub_AACRes in (1)_AACDetermining whether AAC is legitimate; if REQ is to the Sig_{AS_REQ1}If the verification is not passed, discarding AACAuth.

It can be seen from the above that, the embodiment of the present application provides an identity authentication method, where an authentication server is introduced, a digital certificate is adopted for a requesting device, an authentication access controller adopts an application scenario of an authentication manner of a pre-shared key, a first authentication server trusted by authentication access control verifies an identity authentication code of the authentication access controller by using the pre-shared key of the authentication access controller to obtain a first verification result, a second authentication server trusted by the requesting device verifies the validity of the digital certificate of the requesting device to obtain a second verification result, and the requesting device and the authentication access controller respectively obtain verification results of an opposite entity, so as to determine whether the opposite entity is valid, implement bidirectional identity authentication between the authentication access controller and the requesting device, and lay a foundation for ensuring that only a valid user can communicate with a valid network. And the private information of the entity, such as the identity identification, the authentication result information and the like, is transmitted in a ciphertext form, so that the security of the private information in the transmission process is ensured, and the identity protection of the entity is realized.

In some embodiments, to ensure the authenticity of the authentication result, AAC may generate a message integrity check code. For example, the AACAuth of S106 may further include a message integrity check code MacTag_AAC，MacTag_AACIs that AAC utilizes the message integrity check key pair including MacTag divided in AACAuth_AACAnd other fields except the field are calculated and generated. Accordingly, in S107 according to Pub_AACRes in (1)_AACREQ also needs to verify MacTag with message integrity check key before determining the identity authentication result of AAC_AACAfter the verification is passed, according to Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC. Among them, REQ verifies MacTag_AACWhen the message integrity check key pair is used, the MacTag in AACAuth is divided_AACOther fields except the field are locally calculated to generate MacTag_AACAnd comparing themLocally computed MacTag_AACAnd Mactag in received AACAuth_AACAnd if the two are consistent, the verification is passed, and if the two are not consistent, the verification is not passed.

AAC may also determine the digital signature Sig of the REQ before determining the identity of the REQ_REQWhether or not the authentication is passed, when Sig is determined_REQAfter verification, AAC is again based on Pub_REQRes in (1)_REQThe identity authentication result of the REQ is determined. Referring to fig. 1, the REQInit of S101 may further include a digital signature Sig of REQ_REQ，Sig_REQThe signature data includes Sig in REQInit_REQOther previous fields, AAC also determines Sig before S105_REQIf the verification is passed, if Sig is determined_REQIf the verification is passed, S105 is executed again. Wherein AAC determines Sig_REQWhether to verify the verification comprises the following ways:

as a way of verifying the Sig by an authentication server_REQIn the case where the AS-REQ and AS-AAC are the same authentication server (i.e., non-roaming), when the AS-AAC (which may also be denoted AS AS-REQ) verifies the Sig_REQTime, Sig_REQCan be carried in AACVeri of S102 to be delivered to AS-AAC (also denoted AS AS-REQ), which utilizes Cert in AACVeri_REQVerifying the Sig_REQIf the authentication is passed, continuing to generate and send a first authentication response message ASVeri and other steps; if the authentication fails, the steps of generating and sending the first authentication response message ASVeri and the like are not executed. Thus, AAC may determine Sig based on whether the first authentication response message ASVeri can be received_REQWhether verification is passed or not, if AAC can receive ASVeri of S103, AAC can determine Sig_REQAnd (5) passing the verification.

As a way of verifying the Sig by an authentication server_REQIn another embodiment, in the case where the AS-REQ and AS-AAC are two different authentication servers (i.e., roaming), when the AS-REQ verifies the Sig_REQTime, Sig_REQMay be carried in a second authentication request message AS-AACVeri sent by AACVeri, AS-AAC of S102 to AS-REQ, delivered to AS-REQ, AS-REQ-utilization of Cert in AS-AACVeri_REQVerifying the Sig_REQIf the verification is passed, the AS-REQ executes the steps of generating and sending a second authentication response message AS-REQVeri and generating and sending a subsequent first authentication response message ASVeri by the AS-AAC, and the like, and if the verification is not passed, the AS-REQ does not execute the steps of generating and sending the second authentication response message AS-REQVeri and generating and sending the subsequent first authentication response message ASVeri by the AS-AAC, and the like. Thus, AAC may determine Sig based on whether the first authentication response message ASVeri can be received_REQWhether verification is passed or not, if AAC can receive ASVeri of S103, AAC can determine Sig_REQAnd (5) passing the verification.

As a kind of authentication of the Sig by AAC_REQIn the embodiment of (1), after AAC receives REQInit of S101, it can decrypt EncData in REQInit_REQThe obtained Cert_REQVerifying the Sig_REQDetermining Sig from the verification result_REQAnd if the verification is passed, discarding REQInit. Or, when the authentication server generates the second authentication result information Pub_REQAlso includes Cert_REQWhen AAC receives ASVeri of S103, Pub in ASVeri can be used_REQIncluding Cert_REQVerifying the Sig_REQTo thereby determine Sig_REQAnd if the verification is not passed, discarding the ASVeri. Or, when Pub in ASVeri_REQAlso includes Cert_REQIn time, AAC checks Pub_REQCert in (1)_REQWhether or not to decrypt the EncData_REQObtained Cert_REQIf the same, Cert is used_REQVerifying the Sig_REQDetermining Sig according to the verification result_REQAnd if the verification is not passed, discarding the ASVeri.

It should be noted that the information such as the random number, the identity identifier, etc. generated by the requesting device and/or the authentication access controller may be transmitted in a message exchanged in the authentication process. Under normal conditions, the random number and/or the identity carried in the received message and the random number and/or the identity carried in the sent message should be the same, but when network jitter or attacks and other conditions are encountered, parameter information in the message may be lost or tampered. Therefore, in some embodiments of the present application, the reliability of the authentication result may also be ensured by comparing whether the random numbers and/or the identities in the transmitted and received messages are consistent. The method comprises the following specific steps:

referring to fig. 1, the AACVeri of S102 may further include an identification ID of AAC_AACAnd/or AAC generated first random number Nonce_AACCorrespondingly, the ASVeri of S103 also includes ID_AACAnd/or Nonce_AACThen AAC may first match the ID in ASVeri before S105_AACAnd AAC's own identity ID_AAC(i.e., ID of AAC sent by AACVeri)_AAC) Is verified and/or a Nonce in ASVeri_AACAnd AAC generated Nonce_AAC(i.e., Nonce in AAC by AACVeri_AAC) The consistency of (a) is verified, and if the verification is passed, the AAC re-executes S105.

In other embodiments, the Pub_AACMay also include an ID_AACAnd EncData in AACAuth of S106_AACFurther includes an ID_AACThen in S107 according to Pub_AACRes in_AACREQ also decrypts EncData before determining the identity of AAC_AACObtained Pub_AACID of (1)_AACAnd decrypting EncData_AACThe obtained ID_AACIf the consistency passes the verification, the REQ is again according to the Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC.

Of course, the REQ may also be the second random number Nonce generated by the REQ in order to ensure the reliability of the authentication result_REQAnd/or identity ID of REQ_REQAnd carrying out consistency verification.

Referring to fig. 1, the AACVeri of S102 may further include Nonce_REQAnd/or ID_REQWherein, Nonce_REQID, which may be obtained from REQInit of S101 by AAC_REQMay be EncData in AAC versus REQInit_REQDecrypted, i.e. EncData_REQFurther includes an ID_REQ(ii) a Correspondingly, the ASVeri of S103 further includes Nonce_REQAnd/or ID_REQEncData in AACAuth of S106_AACFurther includes a Nonce_REQAnd/or ID_REQThen in S107 according to Pub_AACRes in (1)_AACREQ may decrypt EncData before determining the identity of AAC_AACThe obtained Nonce_REQAnd REQ generated Nonce_REQAnd/or, verify the consistency of the decrypted EncData_AACThe obtained ID_REQAnd identity ID of REQ itself_REQVerifying the consistency of the data; if the verification passes, REQ is again based on Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC.

In the above embodiment, the message encryption key used by REQ and AAC may be obtained by negotiation between REQ and AAC, so this embodiment further provides a method for negotiating a message encryption key between REQ and AAC, see fig. 2, where the method includes:

s201, AAC sends a key request message AACInit to REQ.

The AACInit comprises a key exchange parameter KeyInfo of AAC_AAC，KeyInfo_AACIncluding the temporary public key of AAC. The key exchange refers to a key exchange algorithm such as Diffie-Hellman (DH). The AACInit can also comprise a first random number Nonce generated by AAC_AAC。

The AACInit can also comprise Security capabilities_AAC，Security capabilities_AACThe parameter information indicating the Security capability supported by AAC includes an identity authentication suite (the identity authentication suite includes one or more identity authentication methods), a symmetric encryption algorithm, an integrity check algorithm and/or a key derivation algorithm, etc. supported by AAC, so that the REQ can select a specific Security policy to use, and then the REQ can be selected according to Security capabilities_AACSelecting a particular Security policy Security capabilities for use with REQ_REQ。Security capabilities_REQIndicating the identity authentication method, symmetric encryption algorithm, integrity check algorithm and/or key derivation algorithm, etc., which the REQ is determined to use accordingly.

S202、REQ exchanges parameters KeyInfo according to a key including REQ_REQCorresponding temporary private key and KeyInfo_AACAnd carrying out key exchange calculation on the included temporary public key to generate a first key, and calculating a message encryption key by using a key derivation algorithm according to information including the first key.

If AACInit of S201 also includes the Nonce of AAC generation_AACREQ may be based on the inclusion of KeyInfo_REQCorresponding temporary private key and KeyInfo_AACThe included temporary public key is subjected to key exchange calculation to generate a first key K1, and K1 is combined to include Nonce_AACAnd a second random number Nonce generated by REQ_REQAnd the message encryption key is calculated by using a negotiated or preset key derivation algorithm. The negotiated key derivation algorithm may be Security capabilities sent by REQ according to AAC_AACBut the key derivation algorithm used is selected. Among them, KeyInfo_REQIs a key exchange parameter generated by the REQ, including the temporary public key of the REQ. KeyInfo_REQThe corresponding ephemeral private key is the ephemeral private key generated by the REQ that corresponds to the ephemeral public key of the REQ, i.e., the ephemeral public key and the ephemeral private key are a pair of ephemeral public and private keys.

S203, REQ sends an identity ciphertext message REQInit to AAC.

KeyInfo is also included in the REQInit_REQSo that AAC includes KeyInfo_AACCorresponding temporary private key and KeyInfo_REQThe information including the temporary public key is calculated to obtain the message encryption key. Among them, KeyInfo_AACThe corresponding temporary private key is an AAC-generated temporary private key that corresponds to the AAC's temporary public key, i.e., the temporary public key and temporary private key are a pair of temporary public and private keys.

The REQInit can also comprise Security capabilities_REQ. Nonces may also be included in the REQInit_REQSo that AAC includes said KeyInfo_AACCorresponding temporary private key, the KeyInfo_REQIncluded temporary public key, the Nonce_AACAnd said Nonce_REQThe message encryption key is calculated from the included information.

The REQInit may also beTo include Nonce_AACFurther, AAC may be applied to Nonce in REQInit before calculating the message encryption key_AACAnd the Nonce for AAC generation_AACIs verified to ensure that the REQInit received by AAC is a response message to AACInit.

S204, AAC according to KeyInfo_AACCorresponding temporary private key and KeyInfo_REQAnd carrying out key exchange calculation on the included temporary public key to generate the first key, and calculating a message encryption key by using the key derivation algorithm according to the information including the first key.

If the Nonce is also included in the REQInit_REQAAC may then be based on including the KeyInfo_AACCorresponding temporary private key and the KeyInfo_REQPerforming a key exchange calculation on the included temporary public key to generate the first key K1, combining K1 to include the Nonce_AACAnd said Nonce_REQThe message encryption key is calculated using a negotiated or preset key derivation algorithm. Wherein, the negotiated key derivation algorithm may be Security capabilities sent by AAC according to REQ_REQAnd the key derivation algorithm used is selected.

It should be noted that, in the embodiment of fig. 2, REQ and AAC may also generate a message integrity check key. The embodiment in which REQ and AAC each generate a message integrity check key is the same as the embodiment in which REQ and AAC each generate a message encryption key, which is exemplified in the embodiment of fig. 2. For example, AAC may derive a string of key data by using a key derivation algorithm in the manner of the embodiment in fig. 2, where the key data may serve as both a message encryption key and a message integrity check key, or a part of the key data may serve as a message encryption key and another part of the key data may serve as a message integrity check key; AAC may also derive two strings of the same or different key data in several times by using a key derivation algorithm in the manner of the embodiment of fig. 2, one string being used as a message encryption key and one string being used as a message integrity check key. REQ may derive a string of key data by using a key derivation algorithm in the manner of the embodiment of fig. 2, where the key data may serve as both a message encryption key and a message integrity check key, or may use a part of the key data as a message encryption key and another part of the key data as a message integrity check key; the REQ may also derive two strings of the same or different key data in several times by using a key derivation algorithm in the manner of the embodiment of fig. 2, one string being used as a message encryption key and one string being used as a message integrity check key.

The embodiment of the present application further provides a method for determining a first authentication server and/or a second authentication server used in the authentication process by using information interaction between AAC and REQ:

referring to fig. 2, AAC adds the identity ID of at least one authentication server trusted by AAC to AACInit of S201_{AS_AAC}REQ according to the ID_{AS_AAC}Identification ID of at least one authentication server determining self trust_{AS_REQ}. In particular implementation, REQ Slave ID_{AS_AAC}Wherein at least one authentication server is selected as ID and is self-trusted_{AS_REQ}If the selection fails, the REQ takes at least one authentication server trusted by the REQ as an ID_{AS_REQ}(wherein, the successful selection corresponds to the non-roaming condition, and the failed selection corresponds to the roaming condition), and the ID is used_{AS_REQ}REQInit added to S203 is sent to AAC. Further, AAC may be based on ID_{AS_AAC}And ID_{AS_REQ}Determining a first authentication Server, e.g. AAC, can judge the ID_{AS_REQ}Neutralization ID_{AS_AAC}If the identity of the authentication server exists, the authentication server is in a non-roaming condition, and the AAC determines a first authentication server participating in identity authentication from the identity of the at least one REQ and AAC jointly-trusted authentication server; if not, the roaming is the case, AAC needs to be according to ID_{AS_AAC}Determining a first authentication server AS-AAC participating in identity authentication, and adding ID_{AS_REQ}Is sent to AS-AAC so that AS-AAC is based on ID_{AS_REQ}A second authentication server AS-REQ is determined.

As another implementation, AAC may not necessarily send an ID to REQ_{AS_AAC}And adds itself in REQInit of S203 by REQIdentity ID of at least one trusted authentication server_{AS_REQ}. According to ID_{AS_REQ}And identity ID of AAC self-trusted authentication server_{AS_AAC}The implementation of determining the first authentication server and/or the second authentication server to participate in identity authentication is as in the previous embodiment.

Because the authentication servers trusted by REQ and AAC can be the same or different, when the authentication servers trusted by REQ and AAC are the same, the non-roaming condition is obtained; when REQ and AAC trusted authentication servers are different, this is the roaming case. Based on the foregoing embodiment, the identity authentication method provided by the embodiment of the present application is described below with reference to the following two cases in combination with non-roaming and roaming application scenarios: firstly, in the non-roaming condition, REQ identity protection identity authentication method; (II) REQ identity protection identity authentication method under roaming condition.

Referring to fig. 3, it is an embodiment of the identity authentication method in the above (a) case, wherein the AS-AAC (or AS-REQ, of course) can be used to represent the authentication server that REQ and AAC trust together. In this embodiment, the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, which is more convenient for engineering implementation. The identity authentication method comprises the following steps:

s301, AAC Generation Nonce_AACAnd KeyInfo_AACGenerating Security capabilities as required_AAC。

S302, AAC sends a key request message AACInit to REQ.

The AACInit comprises a Nonce_AAC、KeyInfo_AACAnd Security capabilities_AAC. Wherein Security capabilities are provided_AACAnd optional fields represent AAC-supported security capability parameter information, including AAC-supported identity authentication kits, symmetric encryption algorithms, integrity verification algorithms, key derivation algorithms and the like (the same applies below).

After receiving the AACInit, the S303, REQ performs the following operations (unless otherwise specified or logically related, the actions numbered (1) and (2) … … in this document do not have a certain order due to the numbering, and are the same throughout), including:

(1) and generating the Nonce_REQAnd KeyInfo_REQ；

(2) Generating Security capabilities as required_REQ；

(3) According to the formula including KeyInfo_REQCorresponding temporary private key and KeyInfo_AACThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information employed by REQ and AAC are the same and optional, such as a specific string, etc.) calculate a message encryption key and a message integrity check key using a negotiated or preset key derivation algorithm; wherein, the calculation of the message integrity check key can be executed when the message integrity check key is needed to be used.

(4) And calculating and generating identity information ciphertext EncData of REQ by using message encryption key_REQ；

(5) Calculating the digital signature Sig of the REQ_REQ。

S304, REQ sends an identity ciphertext message REQInit to AAC.

The REQInit comprises Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、EncData_REQAnd Sig_REQ. Wherein, Nonce_AACIs an optional field and should be equal to the corresponding field in aacini; security capabilities_REQWhether REQ generates Security capabilities for optional fields_REQDepending on whether Security capabilities are carried in AACInit sent from AAC to REQ_AAC，Security capabilities_REQIndicating REQ according to Security capabilities_AACThe selection of a particular security policy to be made, i.e. the identity authentication method, symmetric encryption algorithm, integrity check algorithm and/or key derivation algorithm, etc. (see below) that REQ determines to use; EncData_REQIncludes ID_REQAnd Cert_REQ；Sig_REQThe signature data includes Sig in REQInit_REQOther previous fields, when Nonce is not included in REQInit_AACWhen a field, Sig_REQSignature data of (2) further includes a Nonce in AACInit_AACA field. In this application, the signed object is referred to as signature data.

S305, receiving REQInit by AAC, and executing the following operations comprising:

(1) if any Nonce is present in REQInit_AACCheck the Nonce_AACNonce whether or not to be associated with AAC Generation_AACIf the two are consistent, discarding REQInit;

(2) according to the KeyInfo_AACCorresponding temporary private key and the KeyInfo_REQThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information employed by AAC and REQ are the same and optional, such as a specific string, etc.) calculate a message encryption key and a message integrity check key using a negotiated or preset key derivation algorithm; wherein, the calculation of the message integrity check key can be executed when the message integrity check key is needed to be used.

(3) Decrypting EncData using a message encryption key_REQGet ID_REQAnd Cert_REQ；

(4) And calculating to generate identity authentication code MIC of AAC_AAC。

S306, AAC sends a first authentication request message AACVeri to AS-AAC.

Including an ID in the AACVeri_REQ、Cert_REQ、Nonce_REQ、ID_AAC、Nonce_AACAnd MIC_AAC. Wherein, ID_REQ、Cert_REQ、Nonce_REQShould equal the corresponding field in REQInit, Nonce_AACShould equal the Nonce for AAC generation_AAC；MIC_AACIs pre-shared key K of AAC utilization and AS-AAC_{AAC_AS}Adopting a hashing algorithm pair agreed with AS-AAC to include MIC in AACVeri_AACHash values calculated from other preceding fields, e.g. when the ID is included in sequence in AACVeri_REQ、Cert_REQ、Nonce_REQ、ID_AAC、Nonce_AACAnd MIC_AACWhen AAC utilizes said K_{AAC_AS}Including an ID with the hash algorithm pair_REQ、Cert_REQ、Nonce_REQ、ID_AACAnd Nonce_AACCarrying out hash operation on the included information to obtain MIC_AAC。

S307, after the AS-AAC receives the AACVeri, executing the following operations including:

(1) using pre-shared key K with AAC_{AAC_AS}Verifying MIC by adopting hash algorithm agreed with AAC_AACTo obtain Res_AACAccording to including Res_AACAnd ID_AACGeneration of information in Pub_AAC；

Wherein AS-AAC is based on ID in AACVeri_AACDetermining pre-shared key K agreed with AAC_{AAC_AS}And a hashing algorithm, using said K_{AAC_AS}Adopting the hashing algorithm pair to include MIC in AACVeri_AACThe previous other fields compute the MIC locally_AACAnd adds it to the received MIC_AACComparing, if the two are the same, then MIC_AACThe AS-AAC judges the AAC identity authentication result to be legal after verification, and if the AAC identity authentication result is different, the MIC is determined to be legal_AACIf the verification fails, the AS-AAC can have the following processing modes according to the local policy, including: discarding AACVeri or judging the identification result of AAC as illegal.

(2) Cert verification_REQGet Res_REQAccording to including Cert_REQAnd Res_REQGeneration of information in Pub_REQ；

(3) And calculating a first message identification code MIC of the AS-AAC_{AS_AAC}And a first digital signature Sig_{AS_AAC1}。

S308, the AS-AAC sends a first authentication response message ASVeri to the AAC.

The ASVeri comprises an ID_REQ、Nonce_REQ、Pub_AAC、Sig_{AS_AAC1}、ID_AAC、Nonce_AAC、Pub_REQAnd MIC_{AS_AAC}. Wherein, ID_REQ、Nonce_REQ、ID_AAC、Nonce_AACShould be equal to the corresponding field in AACVeri; sig_{AS_AAC1}Is formed by the AS-AAC pair including ID_REQ、Nonce_REQ、Pub_AACNumber of signatures inGenerated according to calculation; MIC_{AS_AAC}Is a pre-shared secret key K utilized by AS-AAC with AAC_{AAC_AS}Including ID with hash algorithm agreed with AAC_AAC、Nonce_AAC、Pub_REQThe resulting hash value is computed over the included information.

After receiving ASVeri, S309 and AAC perform the following operations, including:

(1) check ID in ASVeri_AAC、Nonce_AACIdentity ID of whether to respectively correspond to AAC_AACAnd Nonce for AAC generation_AACThe same;

(2) utilizing the K_{AAC_AS}Verifying MIC by adopting hash algorithm agreed with AS-AAC_{AS_AAC}；

MIC_{AS_AAC}The verification process comprises the following steps: AAC utilizing said K_{AAC_AS}Including an ID with the hash algorithm pair_AAC、Nonce_AAC、Pub_REQCarrying out hash operation on the internal information to obtain MIC_{AS_AAC}And compares it with the received MIC_{AS_AAC}And comparing, wherein if the two are consistent, the verification is passed, and if the two are not consistent, the verification is not passed.

(3) Checking Pub_REQCert in (1)_REQWhether to decrypt EncData_REQObtained Cert_REQThe same;

(4) by Cert_REQVerifying the digital signature Sig of the REQ_REQ；

(5) If any step of the checking and the verification is not passed, immediately discarding the ASVeri; after the above checks and verifications are passed, according to Pub_REQRes in_REQDetermining the identity authentication result of the REQ; if REQ is determined to be illegal, ending the authentication process;

(6) calculating EncData_AACAnd Mactag_AAC。

S310, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth comprises EncData_AACAnd MacTag_AAC. Wherein EncData_AACIs AAC includes an ID with a message encryption key pair_REQ、Nonce_REQ、Pub_AAC、Sig_{AS_AAC1}And ID_AACThe encrypted data inside is generated by encryption; mactag_AACThe calculation process of (2) is as follows: using message integrity check key to adopt integrity check algorithm to divide MacTag in AACAuth_AACMactag is generated by calculating information in other fields except for the field_AAC。

S311, after receiving AACAuth, REQ performs the following operations including:

(1) verification of MacTag_AAC；

The verification process comprises the following steps: using message integrity check key to adopt integrity check algorithm to divide MacTag in AACAuth_AACThe MacTag is calculated locally by information in other fields except the field_AAC(this calculation method is similar to the AAC calculation MacTag_AACIn the same manner), the calculated MacTag is calculated_AACAnd the received MacTag_AACA comparison is made.

(2) Decrypting EncData using message encryption key_AACGet ID_REQ、Nonce_REQ、Pub_AAC、Sig_{AS_AAC1}And ID_AAC；

(3) Checking the ID obtained by decryption_REQ、Nonce_REQWhether or not to respectively identify with REQ's own identity ID_REQREQ generated Nonce_REQThe same;

(4) checking the ID obtained by decryption_AACAnd Pub_AACID of (1)_AACWhether they are the same;

(5) public key verification Sig using AS-AAC_{AS_AAC1}；

(6) If any step of the checking and the verification fails, immediately discarding the AACAuth; if the above checks and verifications are passed, then the method is based on Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC.

Thus, identity authentication for REQ and AAC, i.e., bidirectional identity authentication for REQ and AAC, is achieved at S309 and S311, respectively, and identity information and identity authentication result information are transmitted in ciphertext between REQ and AAC, thereby achieving identity protection.

In S309, Sig is verified_REQCan also operateInstead, it is performed in advance in S305, that is, in S305, AAC uses decrypted EncData_REQObtained Cert_REQVerification Sig_REQIn this case, no Sig verification is required in S309_REQThen Pub_REQMay not include Cert_REQ. Alternatively, Sig is verified in S309_REQMay be performed in advance in S307, in which case Sig is performed_REQCan be delivered to AS-AAC through AACVeri, i.e., in S307, AS-AAC utilizes Cert_REQVerification Sig_REQVerifying Cert after the verification is passed_REQIn this case, no Sig verification is required in S309_REQThen Pub_REQMay not include Cert_REQ。

Referring to fig. 4, it is an embodiment of the identity authentication method in the case (two), in which the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, which is more convenient for engineering implementation. The identity authentication method comprises the following steps:

s401, AAC Generation Nonce_AACAnd KeyInfo_AACGenerating Security capabilities as required_AAC。

S402, AAC sends a key request message AACInit to REQ.

The AACInit comprises a Nonce_AAC、KeyInfo_AAC、Security capabilities_AACAnd ID_{AS_AAC}. Wherein, Security capabilities_AACAnd ID_{AS_AAC}Is an optional field, and ID_{AS_AAC}Identity of at least one authentication server representing AAC trust for enabling REQ according to ID_{AS_AAC}It is determined whether there is a co-trusted authentication server (see below).

S403, after receiving AACInit, REQ performs the following operations, including:

(1) and generating the Nonce_REQAnd KeyInfo_REQ；

(2) Generating an ID as required_{AS_REQ}And Security capabilities_REQ；

(3) According to the list including KeyInfo_REQCorresponding temporary private key and KeyInfo_AACIncluding temporary public keys for encryptionThe key exchange calculation generates a first key K1, and combines K1 with Nonce_AAC、Nonce_REQAnd other information (other information used for REQ and AAC is the same and optional, such as a specific string, etc.) calculate a message encryption key and a message integrity check key using a negotiated or preset key derivation algorithm; wherein, the calculation of the message integrity check key can be executed when the message integrity check key is needed.

(4) Generating identity information ciphertext EncData of REQ by utilizing message encryption key calculation_REQ；

(5) Calculating the digital signature Sig of the REQ_REQ。

S404, REQ sends an identity ciphertext message REQInit to AAC.

The REQInit comprises Nonce_AAC、Nonce_REQ、KeyInfo_REQ、Security capabilities_REQ、ID_{AS_REQ}、EncData_REQAnd Sig_REQ. Wherein EncData_REQIncludes ID_REQAnd Cert_REQ；Nonce_AACIs an optional field and should be equal to the corresponding field in aacini; security capabilities_REQAnd ID_{AS_REQ}Is an optional field, and ID_{AS_REQ}Identity of at least one authentication server representing REQ trust, when ID exists in AACInit_{AS_AAC}When the REQ tries to select at least one ID from its trusted authentication server_{AS_AAC}Wherein the same authentication server is used as ID_AS _REQIf the selection fails, at least one authentication server trusted by the authentication server is used as the ID_AS _REQ(ii) a When no ID exists in AACInit_{AS_AAC}When the REQ has at least one authentication server trusted by itself as ID_{AS_REQ}(the same applies hereinafter); sig_REQThe signature data includes Sig in REQInit_REQOther previous fields, when Nonce is not included in REQInit_AACWhen field, Sig_REQSignature data of (2) further includes a Nonce in AACInit_AACA field.

S405, after the AAC receives REQInit, the following operations are executed, including:

(1) ifThe existence of a Nonce in REQInit_AACThen check the Nonce_AACNonce whether or not to be associated with AAC Generation_AACIf the two are consistent, discarding REQInit;

(3) If REQInit carries ID_{AS_REQ}And the AACInit carries the ID_{AS_AAC}Then AAC judgment ID_{AS_REQ}And ID_{AS_AAC}Whether at least one identity mark of the same authentication server exists or not, if so, the authentication server is in a non-roaming condition, and the AAC determines a first authentication server participating in identity authentication from the identity marks of the at least one REQ and AAC jointly trusted authentication server; if not, roaming is the case, AAC needs ID_{AS_AAC}Determining a first authentication server AS-AAC participating in identity authentication, and identifying the ID_{AS_REQ}Is sent to AS-AAC so that AS-AAC is based on ID_{AS_REQ}Determining a second authentication server AS-REQ; or,

if REQInit carries ID_{AS_REQ}But no ID is carried in AACInit_{AS_AAC}Then AAC judgment ID_{AS_REQ}Whether the identity identification of at least one identical authentication server exists in the authentication server trusted by AAC, if so, namely, the authentication server is in a non-roaming condition, the AAC determines a first authentication server participating in identity authentication from the identity identification of the at least one REQ and AAC jointly trusted authentication server; if the ID does not exist, the roaming situation is achieved, the AAC needs to determine a first authentication server AS-AAC participating in identity authentication according to an authentication server trusted by the AAC, and the ID is used_{AS_REQ}Is sent to AS-AAC so that AS-AAC is based on ID_{AS_REQ}Determining a second authentication server AS-REQ；

It should be noted that the result of the determination in this embodiment is a roaming condition.

(4) Decrypting EncData using message encryption key_REQGet ID_REQAnd Cert_REQ；

(5) And calculating to generate identity identification code MIC of AAC_AAC。

S406, AAC sends a first authentication request message AACVeri to AS-AAC.

The AACVeri comprises a Nonce_REQ、ID_{AS_REQ}、ID_REQ、Cert_REQ、ID_AAC、Nonce_AACAnd MIC_AAC. Wherein, ID_{AS_REQ}As an optional field, in case the AS-AAC is known AS AS-REQ, this field may not be carried in AACVeri, otherwise it is carried in AACVeri, so that AS-AAC is according to ID_{AS_REQ}Determining the AS-REQ; MIC_AACPre-shared key K for AAC utilization and AS-AAC_{AAC_AS}Adopting a hashing algorithm pair agreed with AS-AAC to include MIC in AACVeri_AACThe resulting hash value is computed over the other preceding fields.

S407, after receiving the AACVeri, the AS-AAC executes the following operations:

(1) verifying MIC_AACTo obtain Res_AACAccording to including Res_AACAnd ID_AACGeneration of information in Pub_AAC(ii) a Verification process see fig. 3 for related content of the embodiment;

(2) if there is an ID in AACVeri_{AS_REQ}Then AS-AAC according to ID_{AS_REQ}Determining a second authentication server AS-REQ; if not, the AS-AAC is known AS the AS-REQ;

(3) calculating a second digital signature Sig_{AS_AAC2}。

S408, the AS-AAC sends a second authentication request message AS-AACVeri to the AS-REQ.

The AS-AACVeri comprises a Nonce_REQ、ID_REQ、Cert_REQ、ID_AAC、Nonce_AAC、Pub_AACAnd Sig_{AS_AAC2}. Wherein Sig_{AS_AAC2}The signature data comprises Sig in AS-AACVeri_{AS_AAC2}Other fields before.

S409, after the AS-REQ receives the AS-AACVeri, the following operations are executed, including:

(1) public key verification Sig using AS-AAC_{AS_AAC2}；

(3) Calculating a first digital signature Sig_{AS_REQ1}And a third digital signature Sig_{AS_REQ3}。

S410, the AS-REQ sends a second authentication response message AS-REQVeri to the AS-AAC.

The AS-REQVeri comprises ID_REQ、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}、ID_AAC、Nonce_AAC、Pub_REQAnd Sig_{AS_REQ3}. Wherein, ID_REQ、Nonce_REQ、Pub_AAC、ID_AAC、Nonce_AACShould be equal to the corresponding field in the AS-AACVeri respectively; sig_{AS_REQ1}Is formed by the AS-REQ pair including the ID_REQ、Nonce_REQ、Pub_AACThe signature data inside is generated by calculation; sig_{AS_REQ3}Is formed by the AS-REQ pair including the ID_AAC、Nonce_AAC、Pub_REQThe signature data inside is calculated and generated.

After S411 and AS-AAC receive AS-REQVeri, the following operations are executed, including:

(1) public key verification Sig with AS-REQ_{AS_REQ3}(ii) a If the verification fails, discarding the AS-REQVeri;

(2) calculating a first message authentication code MIC of the AS-AAC_{AS_AAC}。

S412, the AS-AAC sends a first authentication response message ASVeri to the AAC.

The ASVeri comprises an ID_REQ、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}、ID_AAC、Nonce_AAC、Pub_REQAnd MIC_{AS_AAC}. Wherein, ID_REQ、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}、ID_AAC、Nonce_AAC、Pub_REQShould be equal to the corresponding field in AS-REQVeri, respectively; MIC_{AS_AAC}Is a pre-shared secret key K utilized by AS-AAC with AAC_{AAC_AS}Including ID with hash algorithm agreed with AAC_AAC、Nonce_AAC、Pub_REQThe resulting hash value is computed over the included information.

After receiving ASVeri, S413 and AAC execute the following operations, including:

(1) check ID in ASVeri_AAC、Nonce_AACWhether or not to respectively identify with AAC own identity ID_AACAnd Nonce for AAC generation_AACThe same;

(2) verifying MIC_{AS_AAC}(ii) a Verification process see the relevant contents of the embodiment of fig. 3;

(3) checking Pub_REQCert in (1)_REQAnd decrypting EncData_REQThe obtained Cert_REQWhether they are the same;

(4) by use of Cert_REQVerifying Sig_REQ；

(5) If any step of the checking and the verification fails, immediately discarding the ASVeri; after the above checks and verifications are passed, according to Pub_REQRes in (1)_REQDetermining the identity authentication result of the REQ; if the REQ is determined to be illegal, the authentication process is ended;

(6) calculating EncData_AACAnd Mactag_AAC。

S414, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth comprises EncData_AACAnd Mactag_AAC. Wherein EncData_AACIs AAC includes an ID with a message encryption key pair_REQ、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}And ID_AACThe encrypted data inside is generated by encryption; mactag_AACAs described in the embodiment of fig. 3.

After S415 and REQ receive AACAuth, the following operations are performed, including:

(1) verification of MacTag_AAC(ii) a AuthenticationThe process is as described in the embodiment of FIG. 3;

(2) decrypting EncData using message encryption key_AACObtaining the ID_REQ、Nonce_REQ、Pub_AAC、Sig_{AS_REQ1}And ID_AAC；

(3) Checking the ID obtained by decryption_REQ、Nonce_REQWhether or not to respectively identify with REQ's own ID_REQREQ generated Nonce_REQThe same;

(4) checking the ID obtained by decryption_AACAnd Pub_AACID of (1)_AACWhether the two are consistent;

(5) public key verification Sig using AS-REQ_{AS_REQ1}；

(6) After the check and the verification are passed, according to the Pub_AACRes in_AACDetermining the identity authentication result of the AAC; if any step of the checking and the verification is not passed, the AACAuth is immediately discarded.

Thus, identity authentication for REQ and for AAC, i.e., bidirectional identity authentication for REQ and AAC, is achieved at S413 and S415, respectively, and identity information of REQ is transmitted in ciphertext between REQ and AAC, thereby achieving identity protection of REQ.

In addition, the verification Sig in (1) and S413 is_REQMay be performed in advance in S405, that is, in S405, AAC decrypts EncData using decrypted EncData_REQThe obtained Cert_REQVerifying Sig_REQIn this case, verification Sig is not required in S413_REQThen Pub_REQMay not include Cert_REQ. Alternatively, Sig is verified in S413_REQMay be performed in advance in S409, in which case Sig_REQMay be delivered to the AS-REQ via AACVeri, AS-AACVeri, i.e., in S409, the AS-REQ utilizes Cert_REQFor Sig_REQVerifying, and after the verification is passed, verifying the Cert_REQIn this case, no sigs needs to be verified in S413_REQThen Pub_REQMay not include Cert_REQ. (2) Second digital signature Sig in S407, S408_{AS_AAC2}Can be replaced by a second message authentication code MIC_{AS_AAC2}In which MIC_{AS_AAC2}The AS-AAC utilizes a pre-shared key with the AS-REQ and adopts a hash algorithm agreed with the AS-REQ to carry out MIC in AS-AACVeri_{AS_AAC2}The hash value of the previous other field calculation; s409, AS-REQ verifies Sig_{AS_AAC2}Replace with verifying MIC_{AS_AAC2}. Third digital signature Sig in S409, S410_{AS_REQ3}Can be replaced by a third message authentication code MIC_{AS_REQ3}Wherein MIC_{AS_REQ3}The ID included in the AS-REQVeri is subjected to hash algorithm agreed with the AS-AAC by using a pre-shared key of the AS-REQ_AAC、Nonce_AAC、Pub_REQA hash value computed over the inner field; in S411, AS-AAC verifies Sig_{AS_REQ3}Replace with verifying MIC_{AS_REQ3}。

In the above embodiments, each message may also carry a HASH value HASH_{X_Y}The HASH value HASH_{X_Y}The message is obtained by calculating the latest preamble message sent by the opposite terminal entity Y by the sender entity X of the message by using a hash algorithm, and the calculation result is used for verifying whether the entity X receives the complete latest preamble message by the opposite terminal entity Y. Wherein, HASH_{REQ_AAC}HASH value, HASH, indicating the calculation of REQ on the latest preamble message received from AAC transmission_{AAC_REQ}HASH value, HASH, representing the calculation of AAC on the latest preamble message received from REQ_{AAC_AS-AAC}HASH value, HASH, representing the calculation of AAC on the latest preamble message sent by the AS-AAC received_{AS-AAC_AAC}HASH value, HASH, representing the calculation of AS-AAC of the latest preamble message of a received AAC transmission_{AS-AAC_AS-REQ}HASH value, HASH, representing the calculation of AS-AAC on the latest preamble message sent by the AS-REQ_{AS-REQ_AS-AAC}Indicating the hash value calculated by the AS-REQ on the latest preamble message received from the AS-AAC transmission. If the message currently sent by the entity X at the sending party is the first message interacted between the entity X and the entity Y, which means that the entity X does not receive the preamble message sent by the entity Y at the opposite end, the HASH in the message_{X_Y}May be absent or meaningless.

Correspondingly, after the opposite terminal entity Y receives the message sent by the entity X, if the message contains HASH_{X_Y}Then whenEntity Y ignores HASH when entity Y has not sent a preamble to entity X_{X_Y}(ii) a When entity Y has sent a preamble message to entity X, entity Y locally calculates the HASH value of the latest preamble message sent to entity X before by using the HASH algorithm, and compares the HASH value with the HASH value HASH carried in the received message_{X_Y}And comparing, if the comparison result is consistent with the comparison result, executing the subsequent steps, otherwise discarding or ending the authentication process.

In the present invention, for an entity X, a preamble message sent from an opposite end entity Y to the entity X means: before the entity X sends the message M to the opposite end entity Y, the received message sent from the opposite end entity Y to the entity X; the latest preamble message sent by the correspondent entity Y to the entity X means: before the entity X sends the message M to the opposite end entity Y, the latest message sent by the opposite end entity Y to the entity X is received. If the message M sent by the entity X to the opposite terminal entity Y is the first message interacted between the entity X and the entity Y, no preamble message sent by the opposite terminal entity Y to the entity X exists before the entity X sends the message M to the opposite terminal entity Y.

The optional fields and optional operations in the embodiments corresponding to fig. 3 to 4 are denoted by "+" in fig. 3 to 4 of the drawings in the specification. The content included in the message according to all the above embodiments is not limited in sequence, and in a case that no particular description is given, the operation sequence of the relevant message after the message is received by the message receiver and the processing sequence of the content included in the message are not limited.

Based on the method embodiments corresponding to fig. 1 to fig. 4, referring to fig. 5, an embodiment of the present application further provides a requesting device 500, including:

a sending module 510, configured to send an identity ciphertext message to an authentication access controller, where the identity ciphertext message includes an identity information ciphertext of the requesting device, and the identity information ciphertext of the requesting device is generated by the requesting device encrypting, by using a message encryption key, encrypted data that includes a digital certificate of the requesting device;

a receiving module 520, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an authentication result information ciphertext generated by the authentication access controller encrypting, by using the message encryption key, encrypted data that includes the first authentication result information and the first digital signature; the first authentication result information comprises a first verification result of an identity authentication code of the authentication access controller, and the first digital signature is a digital signature generated by a second authentication server through calculation on signature data comprising the first authentication result information;

a decryption module 530, configured to decrypt the authentication result information ciphertext with the message encryption key to obtain the first authentication result information and the first digital signature;

a verification module 540, configured to verify the first digital signature with a public key of the second authentication server;

a determining module 550, configured to determine, if the authentication passes, an identity authentication result of the authentication access controller according to a first authentication result in the first authentication result information.

Optionally, the receiving module 520 is further configured to: before the sending module 510 sends the identity ciphertext message, receiving a key request message sent by the authentication access controller, where the key request message includes a key exchange parameter of the authentication access controller; the requesting device further includes:

a calculation module, configured to perform key exchange calculation according to a temporary private key corresponding to a key exchange parameter of the requesting device and a temporary public key included in a key exchange parameter of the authentication access controller to generate a first key, and calculate the message encryption key according to information including the first key by using a key derivation algorithm;

the identity cryptogram message also includes the key exchange parameters of the requesting device.

Optionally, the key request message further includes a first random number generated by the authentication access controller; the calculation module is specifically configured to: calculating the message encryption key from information including the first key, the first random number, and a second random number generated by the requesting device; correspondingly, the identity ciphertext message further includes the second random number.

Optionally, the identity ciphertext message sent by the sending module further includes the first random number.

Optionally, the key request message further includes security capability parameter information supported by the authentication access controller; the determination module 550 is further configured to: determining a specific security policy used by the requesting device according to the security capability parameter information; the particular security policy is also included in the identity ciphertext message.

Optionally, the key request message further includes an identity of at least one authentication server trusted by the authentication access controller; the determination module 550 is further configured to: determining the identity of at least one authentication server trusted by the request equipment according to the identity of at least one authentication server trusted by the authentication access controller; the identity cryptogram message further includes an identity of at least one authentication server trusted by the requesting device.

Optionally, the identity ciphertext message sent by the sending module further includes an identity of at least one authentication server trusted by the requesting device.

Optionally, the encrypted data of the identity information ciphertext of the requesting device further includes an identity of the requesting device, and the identity ciphertext message further includes a second random number generated by the requesting device; correspondingly, the encrypted data of the authentication result information ciphertext in the third authentication response message further includes the identity of the requesting device and/or the second random number;

correspondingly, the decryption module decrypts the authentication result information ciphertext in the third authentication response message to obtain the identity identifier of the requesting device and/or the second random number;

the verification module is further configured to: before the determining module determines the identity authentication result of the authentication access controller, verifying the consistency between the identity identifier of the request device obtained by decrypting the authentication result information ciphertext and the identity identifier of the request device, and/or verifying the consistency between the second random number obtained by decrypting the authentication result information ciphertext and the second random number generated by the request device; and if the authentication is passed, the determining module determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

Optionally, the third authentication response message further includes a message integrity check code; the verification module is further to: before the determining module determines the identity authentication result of the authentication access controller, verifying the message integrity check code by using a message integrity check key; if the authentication is passed, the determining module determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information; the message integrity check key is generated in the same manner as the message encryption key.

Optionally, the message sent by the requesting device to the authentication access controller further includes a hash value calculated by the requesting device for the latest preamble message sent by the authentication access controller.

Referring to fig. 6, an embodiment of the present application further provides an authentication access controller 600, including:

a receiving module 610, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes an identity information ciphertext of the requesting device, and the identity information ciphertext of the requesting device is generated by encrypting, by the requesting device, encrypted data that includes a digital certificate of the requesting device by using a message encryption key;

a decryption module 620, configured to decrypt, using the message encryption key, the identity information ciphertext of the requesting device to obtain a digital certificate of the requesting device;

a sending module 630, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes a digital certificate of the requesting device and an identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is generated by the authentication access controller through calculation on information including the digital certificate of the request equipment by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server;

the receiving module 610 is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information, a first digital signature of a second authentication server trusted by the requesting device, second authentication result information, and a first message authentication code of the first authentication server; the first authentication result information comprises a first verification result of an identity authentication code of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server through calculation on signature data comprising the first authentication result information, the second authentication result information comprises a second verification result of a digital certificate of the request device, and a first message authentication code of the first authentication server is generated by the first authentication server through calculation on information comprising the second authentication result information by using a pre-shared key with the authentication access controller and a cryptographic algorithm agreed with the authentication access controller;

a verification module 640, configured to verify a first message authentication code of the first authentication server by using a pre-shared key of the first authentication server and using a cryptographic algorithm agreed with the first authentication server, and if the verification is passed, the determining module 650 determines an identity authentication result of the requesting device according to a second verification result in the second authentication result information; when the determining module 650 determines that the identity authentication result of the requesting device is legal, the sending module 630 sends a third authentication response message to the requesting device; or,

a first message authentication code for verifying the first authentication server by using a pre-shared key of the first authentication server and using a cryptographic algorithm agreed with the first authentication server, if the first message authentication code passes the verification, the sending module 630 sends a third authentication response message to the requesting device, and the determining module 650 determines the identity authentication result of the requesting device according to a second verification result in the second authentication result information; or,

a first message authentication code for verifying the first authentication server using a cryptographic algorithm agreed with the first authentication server using a pre-shared key with the first authentication server; if the first message authentication code of the first authentication server passes the authentication, the determining module 650 determines the authentication result of the requesting device according to the second authentication result in the second authentication result information; the sending module 630 sends a third authentication response message to the requesting device;

Optionally, the sending module 630 is further configured to: before the receiving module 610 receives the identity ciphertext message, sending a key request message to the requesting device, where the key request message includes a key exchange parameter of the authentication access controller; the identity ciphertext message further comprises a key exchange parameter of the request device; the authentication access controller further comprises:

and the calculation module is used for performing key exchange calculation according to a temporary private key corresponding to the key exchange parameters of the authentication access controller and a temporary public key included in the key exchange parameters of the request equipment to generate a first key, and calculating the message encryption key by using a key derivation algorithm according to information including the first key.

Optionally, the key request message further includes a first random number generated by the authentication access controller; the identity ciphertext message further comprises a second random number generated by the request device;

the calculation module is specifically configured to: calculating the message encryption key from information including the first key, the first random number, and the second random number.

Optionally, the identity ciphertext message further includes the first random number; the verification module 640 is further configured to: before the calculation module calculates the message encryption key, verifying the consistency of a first random number in the identity ciphertext message and a first random number generated by the authentication access controller; and if the verification is passed, the calculation module recalculates the message encryption key.

Optionally, the key request message further includes an identity of at least one authentication server trusted by the authentication access controller; the identity ciphertext message also comprises an identity of at least one authentication server trusted by the request equipment; the determination module 650 is further operable to: and determining the first authentication server according to the identity of the at least one authentication server trusted by the request equipment in the identity ciphertext message and the identity of the at least one authentication server trusted by the authentication access controller in the key request message.

Optionally, the identity ciphertext message further includes an identity of at least one authentication server trusted by the requesting device; the determination module 650 is further operable to: and determining the first authentication server according to the identity of at least one authentication server trusted by the request equipment and the identity of an authentication server trusted by the authentication access controller.

Optionally, the first authentication request message further includes an identity of the authentication access controller and/or a first random number generated by the authentication access controller; correspondingly, the first authentication response message further includes an identity of the authentication access controller and/or the first random number;

the verification module 640 is further configured to: verifying the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller, and/or verifying the identity of the first random number in the first authentication response message and the first random number generated by the authentication access controller; if the verification is passed, the determining module 650 determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information.

Optionally, when the identity ciphertext message further includes the digital signature of the requesting device, the determining module 650 is further configured to: and determining whether the digital signature of the request equipment passes the verification, and if the digital signature of the request equipment passes the verification, determining the identity authentication result of the request equipment according to a second verification result in the second authentication result information.

Optionally, the determining module 650 determines whether the digital signature of the requesting device is verified to pass the verification specifically includes:

the second authentication server verifies the digital signature of the requesting device by using the acquired digital certificate of the requesting device, and if the receiving module 610 receives the first authentication response message, the determining module 650 determines that the digital signature of the requesting device is verified; or,

the verification module 640 verifies the digital signature of the requesting device by using the digital certificate of the requesting device obtained by decrypting the identity information ciphertext, and the determination module 650 determines whether the digital signature of the requesting device passes the verification according to the verification result; or,

when the second authentication result information further includes the digital certificate of the requesting device, the verifying module 640 verifies the digital signature of the requesting device by using the digital certificate of the requesting device in the second authentication result information, and the determining module 650 determines whether the digital signature of the requesting device passes verification according to the verification result; or,

when the second authentication result information further includes the digital certificate of the requesting device, the verifying module 640 verifies the consistency between the digital certificate of the requesting device in the second authentication result information and the digital certificate of the requesting device obtained by decrypting the identity information ciphertext, if the consistency is met, the digital certificate of the requesting device is used to verify the digital signature of the requesting device, and the determining module 650 determines whether the digital signature of the requesting device passes the verification according to the verification result.

Optionally, the third authentication response message sent by the sending module 630 further includes a message integrity check code, where the message integrity check code is generated by the authentication access controller through calculation of a message integrity check key on fields including the third authentication response message except the message integrity check code; the message integrity check key is generated in the same manner as the message encryption key.

Optionally, the message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller for the latest preamble message sent by the requesting device; the message sent by the authentication access controller to the first authentication server further comprises a hash value calculated by the authentication access controller on the received latest preamble message sent by the first authentication server.

Referring to fig. 7, an embodiment of the present application further provides a first authentication server 700, including:

a receiving module 710, configured to receive a first authentication request message sent by an authentication access controller, where the first authentication request message includes a digital certificate of a requesting device and an identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is generated by the authentication access controller through calculation on information including the digital certificate of the request equipment by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server;

a sending module 720, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, a first digital signature of a second authentication server, second authentication result information, and a first message authentication code of the first authentication server; the first authentication result information includes a first verification result of an identity authentication code of the authentication access controller, the first digital signature is a digital signature generated by the second authentication server through calculation of signature data including the first authentication result information, the second authentication result information includes a second verification result of a digital certificate of the requesting device, and the first message authentication code of the first authentication server is generated by the first authentication server through calculation of information including the second authentication result information through a pre-shared key with the authentication access controller through a cryptographic algorithm agreed with the authentication access controller.

Optionally, the first authentication server 700 further includes:

the first verification module is used for verifying the identity authentication code of the authentication access controller to obtain a first verification result and verifying the validity of the digital certificate of the request equipment to obtain a second verification result;

a first generation module, configured to generate the first authentication result information according to information including the first verification result, generate the second authentication result information according to information including the second verification result, calculate and generate a first message authentication code of a first authentication server for the information including the second authentication result information, and calculate and generate the first digital signature for signature data including the first authentication result information;

a second generating module, configured to calculate and generate the first authentication response message according to information including the first authentication result information, the first digital signature, the second authentication result information, and a first message authentication code of the first authentication server.

Optionally, the first authentication server 700 further includes:

the second verification module is used for verifying the identity authentication code of the authentication access controller to obtain a first verification result;

a third generating module, configured to generate the first authentication result information according to information including the first verification result, calculate and generate a second digital signature for signature data including the first authentication result information and the digital certificate of the requesting device, or calculate and generate a second message authentication code for information including the first authentication result information and the digital certificate of the requesting device by using a cryptographic algorithm agreed with the second authentication server by using a pre-shared key of the second authentication server;

the sending module is further configured to send a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device, and the second digital signature, or the second authentication request message includes the first authentication result information, the digital certificate of the requesting device, and the second message authentication code;

the receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information, and the third digital signature, or the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information, and the third message authentication code; the second authentication result information is generated by the second authentication server according to information including a second verification result, and the second verification result is obtained by performing validity verification on the digital certificate of the requesting device by the second authentication server; the first digital signature is generated by the second authentication server through calculation of signature data including the first authentication result information; the third digital signature is generated by the second authentication server through calculation of signature data including the second authentication result information, or the third message authentication code is generated by the second authentication server through calculation of information including the second authentication result information by using a cryptographic algorithm agreed with the first authentication server by using a pre-shared key of the first authentication server;

a third verification module, configured to verify the third digital signature using the public key of the second authentication server or verify the third message authentication code using a cryptographic algorithm agreed with the second authentication server using a pre-shared key of the second authentication server;

and a fourth generating module, configured to calculate, if the verification passes, a first message authentication code of the first authentication server from information including the second authentication result information, and generate the first authentication response message according to information including the first authentication result information, the first digital signature, the second authentication result information, and the first message authentication code of the first authentication server.

Optionally, the message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest preamble message sent by the authentication access controller; the message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server for the received latest preamble message sent by the second authentication server.

Referring to fig. 8, an embodiment of the present application further provides a second authentication server 800, including:

a receiving module 810, configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device, and the second digital signature, or the second authentication request message includes the first authentication result information, the digital certificate of the requesting device, and the second message authentication code; the second digital signature is generated by the first authentication server through calculation of signature data including the first authentication result information and the digital certificate of the requesting device, or the second message authentication code is generated by the first authentication server through calculation of information including the first authentication result information and the digital certificate of the requesting device through a pre-shared key with the second authentication server by using a cryptographic algorithm agreed with the second authentication server;

a verification module 820, configured to verify the second digital signature using a public key of the first authentication server or verify the second message authentication code using a cryptographic algorithm agreed with the first authentication server using a pre-shared key of the first authentication server;

a generating module 830, configured to, if the verification passes, perform validity verification on the digital certificate of the requesting device to obtain a second verification result, generate second authentication result information according to information including the second verification result, calculate signature data including the first authentication result information to generate the first digital signature, calculate signature data including the second authentication result information to generate a third digital signature, or calculate information including the second authentication result information to generate a third message authentication code by using a cryptographic algorithm agreed with the first authentication server by using a pre-shared key of the first authentication server;

a sending module 840, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information, and the third digital signature, or the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information, and the third message authentication code.

Optionally, the message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest preamble message sent by the first authentication server.

Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium may be at least one of the following media: various media capable of storing program codes, such as Read-Only Memory (ROM), RAM, magnetic disk, or optical disk.

It should be noted that, in the present specification, all the embodiments are described in a progressive manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the apparatus and system embodiments are described in a relatively simple manner since they correspond to and are consistent with the method embodiments, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described embodiments of the apparatus and system are only illustrative, and the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one position, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

The above description is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method of identity authentication, the method comprising:

the authentication access controller decrypts the identity information ciphertext of the request device by using the message encryption key to obtain a digital certificate of the request device, and sends a first authentication request message to a trusted first authentication server, wherein the first authentication request message comprises the digital certificate of the request device and an identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is generated by the authentication access controller through calculation of information including the digital certificate of the request equipment by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server;

2. The method of claim 1, wherein before the authenticating access controller receives an identity ciphertext message sent by a requesting device, the method further comprises:

the authentication access controller sends a key request message to the request device, wherein the key request message comprises a key exchange parameter of the authentication access controller;

the request equipment performs key exchange calculation according to a temporary private key corresponding to key exchange parameters of the request equipment and a temporary public key included in the key exchange parameters of the authentication access controller to generate a first key, and calculates the message encryption key by using a key derivation algorithm according to information including the first key;

the identity ciphertext message further includes a key exchange parameter of the requesting device;

and the authentication access controller performs key exchange calculation according to a temporary private key corresponding to key exchange parameters of the authentication access controller and a temporary public key included in the key exchange parameters of the request equipment to generate the first key, and calculates the message encryption key by using the key derivation algorithm according to information including the first key.

3. The method of claim 2, wherein the key request message further includes a first random number generated by the authentication access controller;

the step of calculating, by the requesting device, the message encryption key specifically includes:

the request device calculates the message encryption key according to information including the first key, the first random number and a second random number generated by the request device;

correspondingly, the identity ciphertext message further comprises the second random number;

the calculating, by the authentication access controller, the message encryption key specifically includes:

the authentication access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.

4. The method of claim 3, wherein the identity ciphertext message further comprises the first nonce;

before the authenticating access controller calculates the message encryption key, the method further comprises:

the authentication access controller verifies the consistency of the first random number in the identity ciphertext message and the first random number generated by the authentication access controller;

and if the verification is passed, the authentication access controller calculates the message encryption key again.

5. The method according to claim 2, wherein the key request message further includes security capability parameter information supported by the authentication access controller; the method further comprises the following steps:

the request equipment determines a specific security policy used by the request equipment according to the security capability parameter information;

the particular security policy is also included in the identity ciphertext message.

6. The method according to claim 2, wherein the key request message further includes an identity of at least one authentication server trusted by the authentication access controller; the method further comprises:

the request equipment determines the identity of at least one authentication server trusted by the request equipment according to the identity of at least one authentication server trusted by the authentication access controller;

the identity cryptograph message further includes an identity of at least one authentication server trusted by the requesting device; the method further comprises the following steps:

and the authentication access controller determines the first authentication server according to the identity of the at least one authentication server trusted by the request equipment in the identity ciphertext message and the identity of the at least one authentication server trusted by the authentication access controller in the key request message.

7. The method according to claim 1, wherein the identity ciphertext message further includes an identity of at least one authentication server trusted by the requesting device; the method further comprises:

and the authentication access controller determines the first authentication server according to the identity of at least one authentication server trusted by the request equipment and the identity of an authentication server trusted by the authentication access controller.

8. The method according to claim 1, wherein the first authentication request message further includes an identity of the authentication access controller and/or a first random number generated by the authentication access controller;

correspondingly, the first authentication response message further includes an identity of the authentication access controller and/or the first random number;

before the authenticating access controller determines the identity authentication result of the requesting device, the method further comprises:

the authentication access controller verifies the consistency of the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller; and/or verifying the consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller;

and if the authentication is passed, the authentication access controller determines the identity authentication result of the request equipment according to a second authentication result in the second authentication result information.

9. The method according to claim 1, wherein the first authentication request message further includes an identity of the requesting device, and/or a second random number generated by the requesting device; the identity of the requesting device is obtained by the access controller decrypting the identity information ciphertext of the requesting device, and the second random number is obtained by the authentication access controller from the identity ciphertext message;

correspondingly, the first authentication response message further includes the identity of the requesting device and/or the second random number; and the encrypted data of the authentication result information ciphertext in the third authentication response message further comprises the identity of the requesting device and/or the second random number;

correspondingly, the requesting device decrypts the authentication result information ciphertext in the third authentication response message to obtain the identity of the requesting device and/or the second random number;

before the requesting device determines the result of the authentication of the identity of the authenticated access controller, the method further comprises:

the request equipment verifies the consistency of the identity of the request equipment obtained by decrypting the authentication result information ciphertext and the identity of the request equipment, and/or verifies the consistency of the second random number obtained by decrypting the authentication result information ciphertext and the second random number generated by the request equipment;

and if the authentication is passed, the requesting equipment determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

10. The method of claim 1, wherein when the identity cryptogram message further includes a digital signature of the requesting device, before the authenticating access controller determines the identity authentication result of the requesting device, the method further comprises:

and the authentication access controller determines whether the digital signature of the request equipment passes the verification, and if the digital signature of the request equipment passes the verification, the authentication access controller determines the identity authentication result of the request equipment according to a second verification result in the second authentication result information.

11. The method of claim 10, wherein the authenticating access controller determining whether the digital signature of the requesting device is verified comprises:

the second authentication server verifies the digital signature of the request device by using the acquired digital certificate of the request device, and if the authentication access controller receives the first authentication response message, the second authentication server determines that the digital signature of the request device is verified; or,

the authentication access controller verifies the digital signature of the request equipment by using the digital certificate of the request equipment obtained by decrypting the identity information ciphertext, and determines whether the digital signature of the request equipment passes the verification according to a verification result; or,

when the second authentication result information further comprises the digital certificate of the request device, the authentication access controller verifies the digital signature of the request device by using the digital certificate of the request device in the second authentication result information, and determines whether the digital signature of the request device passes the verification according to the verification result; or,

when the second authentication result information further comprises the digital certificate of the requesting device, the authentication access controller verifies the consistency of the digital certificate of the requesting device in the second authentication result information and the digital certificate of the requesting device obtained by decrypting the identity information ciphertext; and if so, the authentication access controller verifies the digital signature of the request equipment by using the digital certificate of the request equipment, and determines whether the digital signature of the request equipment passes the verification according to the verification result.

12. The method according to claim 1, wherein the third authentication response message further includes a message integrity check code, and the message integrity check code is calculated by the authentication access controller using a message integrity check key for fields including the third authentication response message except the message integrity check code; the generation mode of the message integrity check key used by the authentication access controller is the same as the generation mode of the message encryption key by the authentication access controller;

before the requesting device determines the authentication result of the authenticating access controller, the method further comprises:

the request equipment verifies the message integrity check code by using a message integrity check key; if the authentication is passed, the step of determining the identity authentication result of the authentication access controller is executed again; the message integrity check key utilized by the requesting device is generated in the same manner as the message encryption key generated by the requesting device.

13. The method according to any of claims 1 to 12, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server; the method further comprises:

the first authentication server verifies the identity authentication code of the authentication access controller to obtain a first verification result, the legality of the digital certificate of the requesting device is verified to obtain a second verification result, the first authentication result information is generated according to the information including the first verification result, generating the second authentication result information based on information including the second verification result, a first message authentication code of the first authentication server is generated by calculation for information including the second authentication result information, generating the first digital signature by computing signature data including the first authentication result information, generating the first authentication response message according to information including the first authentication result information, the first digital signature, the second authentication result information, and a first message authentication code of the first authentication server.

14. The method according to any of claims 1 to 12, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers; the method further comprises:

the first authentication server verifies the identity authentication code of the authentication access controller to obtain a first verification result, generates first authentication result information according to information including the first verification result, calculates and generates a second digital signature on signature data including the first authentication result information and the digital certificate of the requesting device or calculates and generates a second message authentication code on the information including the first authentication result information and the digital certificate of the requesting device by using a pre-shared key of the second authentication server and a cryptographic algorithm agreed with the second authentication server;

the first authentication server sends a second authentication request message to a second authentication server, wherein the second authentication request message comprises the first authentication result information, the digital certificate of the requesting device and the second digital signature, or the second authentication request message comprises the first authentication result information, the digital certificate of the requesting device and the second message authentication code; verifying the second digital signature by the second authentication server using the public key of the first authentication server or verifying the second message authentication code by the second authentication server using the pre-shared key with the first authentication server using the cryptographic algorithm agreed with the first authentication server, if the verification is passed, performing validity verification on the digital certificate of the requesting device by the second authentication server to obtain a second verification result, generating the second authentication result information according to information including the second verification result, calculating signature data including the first authentication result information to generate the first digital signature, calculating signature data including the second authentication result information to generate a third digital signature or using the pre-shared key with the first authentication server, and calculating the information including the second authentication result information using the cryptographic algorithm agreed with the first authentication server Calculating to generate a third message authentication code;

the first authentication server receives a second authentication response message sent by the second authentication server, wherein the second authentication response message comprises the first authentication result information, the first digital signature, the second authentication result information and the third digital signature, or the second authentication response message comprises the first authentication result information, the first digital signature, the second authentication result information and the third message authentication code;

the first authentication server verifies the third digital signature by using a public key of the second authentication server or verifies the third message authentication code by using a pre-shared key of the second authentication server through a cryptographic algorithm agreed with the second authentication server, if the third message authentication code passes the verification, a first message authentication code of the first authentication server is generated by calculating information including the second authentication result information, and the first authentication response message is generated according to the information including the first authentication result information, the first digital signature, the second authentication result information and the first message authentication code of the first authentication server.

15. The method according to any of claims 1 to 12, wherein the message sent by said requesting device to said authenticating access controller further comprises a hash value computed by said requesting device on the latest preamble message received from said authenticating access controller;

when the authentication access controller receives the message sent by the request device, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed;

the message sent by the authentication access controller to the request device also comprises a hash value calculated by the authentication access controller on the latest preamble message sent by the request device;

when the request device receives the message sent by the authentication access controller, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed;

the message sent by the authentication access controller to the first authentication server further comprises a hash value calculated by the authentication access controller on the received latest preorder message sent by the first authentication server;

when the first authentication server receives the message sent by the authentication access controller, the hash value in the received message is verified, and the subsequent operation is executed after the verification is passed;

the message sent by the first authentication server to the authentication access controller also comprises a hash value calculated by the first authentication server on the received latest preorder message sent by the authentication access controller;

when the authentication access controller receives the message sent by the first authentication server, the hash value in the received message is verified, and the subsequent operation is executed after the verification is passed;

the message sent by the first authentication server to the second authentication server also comprises a hash value calculated by the first authentication server on the received latest preorder message sent by the second authentication server;

when the second authentication server receives the message sent by the first authentication server, the hash value in the received message is verified, and the subsequent operation is executed after the verification is passed;

the message sent by the second authentication server to the first authentication server further comprises a hash value calculated by the second authentication server on the received latest preamble message sent by the first authentication server;

when the first authentication server receives the message sent by the second authentication server, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed.

16. A requesting device, the requesting device comprising:

17. The requesting device of claim 16, wherein the receiving module is further configured to: before the sending module sends the identity ciphertext message, receiving a key request message sent by the authentication access controller, wherein the key request message comprises a key exchange parameter of the authentication access controller; the requesting device further includes:

18. The requesting device of claim 17, wherein the key request message further includes a first random number generated by the authentication access controller;

the calculation module is specifically configured to: calculating the message encryption key from information including the first key, the first random number, and a second random number generated by the requesting device;

correspondingly, the identity ciphertext message further includes the second random number.

19. The requesting device of claim 18, wherein the identity ciphertext message sent by the sending module further comprises the first nonce.

20. The requesting device of claim 17, wherein the key request message further includes security capability parameter information supported by the authentication access controller;

the determination module is further to: determining a specific security policy used by the requesting device according to the security capability parameter information; the particular security policy is also included in the identity ciphertext message.

21. The requesting device of claim 17, wherein the key request message further includes an identity of at least one authentication server trusted by the authentication access controller;

the determination module is further to: determining the identity of at least one authentication server trusted by the request equipment according to the identity of at least one authentication server trusted by the authentication access controller; the identity cryptogram message further includes an identity of at least one authentication server trusted by the requesting device.

22. The requesting device of claim 17, wherein the identity ciphertext message sent by the sending module further includes an identity of at least one authentication server trusted by the requesting device.

23. The requesting device according to claim 16, wherein the encrypted data of the identity information ciphertext of the requesting device further includes an identity of the requesting device, and the identity ciphertext message further includes a second random number generated by the requesting device;

correspondingly, the encrypted data of the authentication result information ciphertext in the third authentication response message further includes the identity of the requesting device and/or the second random number;

correspondingly, the decryption module decrypts the authentication result information ciphertext in the third authentication response message to obtain the identity of the requesting device and/or the second random number;

the verification module is further configured to: before the determining module determines the identity authentication result of the authentication access controller, verifying the consistency between the identity identifier of the request device obtained by decrypting the authentication result information ciphertext and the identity identifier of the request device, and/or verifying the consistency between the second random number obtained by decrypting the authentication result information ciphertext and the second random number generated by the request device; if the authentication is passed, the determining module determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

24. The requesting device of claim 17, wherein the third authentication response message further includes a message integrity check code; the verification module is further to: before the determining module determines the identity authentication result of the authentication access controller, verifying the message integrity check code by using a message integrity check key; if the authentication is passed, the determining module determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information; the message integrity check key is generated in the same manner as the message encryption key.

25. The requesting device of any of claims 16-24, wherein the message sent by said requesting device to said authenticating access controller further comprises a hash value computed by said requesting device on the latest preamble message received from said authenticating access controller.

26. An authenticated access controller, characterized in that the authenticated access controller comprises:

a sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes a digital certificate of the requesting device and an identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is generated by the authentication access controller through calculation on information including the digital certificate of the request equipment by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server;

the verification module is used for verifying the first message authentication code of the first authentication server by using a pre-shared key of the first authentication server and a cryptographic algorithm agreed with the first authentication server, and if the verification is passed, the determining module determines the identity authentication result of the request equipment according to a second verification result in the second authentication result information; when the determining module determines that the identity authentication result of the requesting device is legal, the sending module sends a third authentication response message to the requesting device; or,

a first message authentication code for verifying the first authentication server using a cryptographic algorithm agreed with the first authentication server using a pre-shared key with the first authentication server; if the first message authentication code of the first authentication server passes the verification, the determining module determines the identity authentication result of the request device according to a second verification result in the second authentication result information; the sending module sends a third authentication response message to the requesting device;

27. The authenticated access controller of claim 26, wherein said sending module is further configured to: before the receiving module receives the identity ciphertext message, sending a key request message to the request device, wherein the key request message comprises a key exchange parameter of the authentication access controller; the identity ciphertext message further comprises a key exchange parameter of the request device;

the authentication access controller further comprises:

28. The authenticated access controller of claim 27, wherein the key request message further includes a first random number generated by the authenticated access controller; the identity ciphertext message further comprises a second random number generated by the request device;

29. The authentication access controller of claim 28, wherein the identity ciphertext message further comprises the first nonce; the verification module is further to: before the calculation module calculates the message encryption key, verifying the consistency of a first random number in the identity ciphertext message and a first random number generated by the authentication access controller; and if the verification is passed, the calculation module recalculates the message encryption key.

30. The authenticated access controller of claim 27, wherein the key request message further includes an identity of at least one authentication server trusted by the authenticated access controller; the identity ciphertext message also comprises an identity of at least one authentication server trusted by the request equipment;

the determining module is further configured to: and determining the first authentication server according to the identity of the at least one authentication server trusted by the requesting device in the identity ciphertext message and the identity of the at least one authentication server trusted by the authentication access controller in the key request message.

31. The authentication access controller of claim 26, wherein the identity ciphertext message further comprises an identity of at least one authentication server trusted by the requesting device; the determining module is further configured to: and determining the first authentication server according to the identity of at least one authentication server trusted by the request equipment and the identity of an authentication server trusted by the authentication access controller.

32. The authentication access controller according to claim 26, further comprising an identity of the authentication access controller and/or a first random number generated by the authentication access controller in the first authentication request message;

the verification module is further to: verifying the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller, and/or verifying the identity of the first random number in the first authentication response message and the first random number generated by the authentication access controller; and if the verification is passed, the determining module determines the identity authentication result of the request equipment according to the second verification result in the second authentication result information.

33. The authenticated access controller of claim 26, wherein when the identity ciphertext message further comprises a digital signature of the requesting device, the determining module is further configured to: and determining whether the digital signature of the request equipment passes the verification, and if the digital signature of the request equipment passes the verification, determining the identity authentication result of the request equipment according to a second authentication result in the second authentication result information.

34. The authenticated access controller of claim 33, wherein said means for determining whether the digital signature of the requesting device verifies specifically comprises:

the second authentication server verifies the digital signature of the request device by using the acquired digital certificate of the request device, and if the receiving module receives the first authentication response message, the determining module determines that the digital signature of the request device is verified; or,

the verification module verifies the digital signature of the request equipment by using the digital certificate of the request equipment obtained by decrypting the identity information ciphertext, and the determination module determines whether the digital signature of the request equipment passes the verification according to the verification result; or,

when the second authentication result information further includes the digital certificate of the requesting device, the verification module verifies the digital signature of the requesting device by using the digital certificate of the requesting device in the second authentication result information, and the determination module determines whether the digital signature of the requesting device passes the verification according to the verification result; or,

when the second authentication result information further includes the digital certificate of the request device, the verification module verifies the consistency between the digital certificate of the request device in the second authentication result information and the digital certificate of the request device obtained by decrypting the identity information ciphertext, if the consistency is consistent, the digital certificate of the request device is used for verifying the digital signature of the request device, and the determination module determines whether the digital signature of the request device passes verification according to the verification result.

35. The authentication access controller according to claim 27, wherein the third authentication response message sent by the sending module further includes a message integrity check code, and the message integrity check code is generated by the authentication access controller by calculating, by using a message integrity check key, fields included in the third authentication response message except for the message integrity check code; the message integrity check key is generated in the same manner as the message encryption key.

36. An authenticating access controller according to any one of claims 26 to 35, wherein the message sent by the authenticating access controller to the requesting device further includes a hash value calculated by the authenticating access controller on the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server further comprises a hash value calculated by the authentication access controller on the received latest preamble message sent by the first authentication server.

37. A first authentication server, the first authentication server comprising:

38. The first authentication server of claim 37, further comprising:

a second generating module, configured to calculate and generate the first authentication response message according to information that includes the first authentication result information, the first digital signature, the second authentication result information, and a first message authentication code of the first authentication server.

39. The first authentication server of claim 37, further comprising:

and a fourth generating module, configured to calculate, if the verification passes, a first message authentication code of the first authentication server for information including the second authentication result information, and generate the first authentication response message according to information including the first authentication result information, the first digital signature, the second authentication result information, and the first message authentication code of the first authentication server.

40. The first authentication server according to any of claims 37 to 39, wherein the message sent by the first authentication server to the authentication access controller further comprises a hash value calculated by the first authentication server on the received latest preamble message sent by the authentication access controller; the message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server for the received latest preamble message sent by the second authentication server.

41. A second authentication server, characterized in that the second authentication server comprises:

42. The second authentication server of claim 41, wherein the message sent by the second authentication server to the first authentication server further comprises a hash value calculated by the second authentication server on the latest preamble message received from the first authentication server.