CN114760040A - Identity authentication method and device - Google Patents

Abstract

The application discloses an identity authentication method, which comprises the following steps: the method comprises the steps that an authentication access controller AAC receives an identity ciphertext message which is sent by a request device REQ and comprises a REQ identity identification ciphertext and an identity authentication code, a message encryption key is used for decrypting the identity identification ciphertext to obtain the identity identification of the REQ, a first authentication request message is sent to a first authentication server which is trusted by the REQ, a first authentication response message which is sent by the first authentication server and comprises first authentication result information, a first message authentication code of a second authentication server, second authentication result information and a first digital signature of the first authentication server is received, the AAC obtains the identity authentication result of the REQ according to the message, a third authentication response message which comprises the authentication result information of the AAC is sent to the REQ, and the REQ obtains the identity authentication result of the AAC according to the message, so that bidirectional identity authentication is realized.

Description

Identity authentication method and device

Technical Field

The present application relates to the field of network communication security technologies, and in particular, to an identity authentication method and apparatus.

Background

Currently, communication networks typically require two-way authentication between a user and a network access point to ensure that a legitimate user can communicate with a legitimate network. In the existing entity authentication scheme, the identity of the entity is uniformly in the form of either a digital certificate or a pre-shared key, but in some scenarios in practical application, a situation that one end uses the digital certificate as an identity credential and the other end uses the pre-shared key as an identity credential is encountered, which provides a challenge to an entity identity authentication mechanism.

In addition, in the process of identity authentication message transmission, the identity information of the entity is often directly exposed, and the identity information of the entity usually includes private or sensitive information, such as an identity card number, a home address, bank card information, geographic location information or affiliated institution information, and the consequences are unreasonable if an attacker intercepts and captures the information for illegal activities, and how to complete the identity authentication of the entity on the premise of not exposing the identity sensitive information becomes a preoccupation.

Disclosure of Invention

In order to solve the above technical problem, the present application provides an identity authentication method and apparatus, which can implement bidirectional identity authentication between entities and identity protection of the entities under the condition that a requesting device adopts a pre-shared key and an authentication access controller adopts a digital certificate as an identity credential.

In view of the above, a first aspect of the present application provides an identity authentication method, including:

an authentication access controller receives an identity ciphertext message sent by a request device, wherein the identity ciphertext message comprises an identity identification ciphertext of the request device and an identity authentication code of the request device; the identity authentication code of the request equipment is generated by the request equipment through calculation of information including an identity identification ciphertext of the request equipment by using a pre-shared key of a second authentication server trusting with the request equipment and adopting a cryptographic algorithm agreed with the second authentication server; the identity identification ciphertext of the request equipment is generated by utilizing a message encryption key to calculate information including the identity identification of the request equipment;

the authentication access controller decrypts the identity identification ciphertext of the request device by using the message encryption key to obtain the identity identification of the request device, and sends a first authentication request message to a trusted first authentication server, wherein the first authentication request message comprises the identity ciphertext message, the identity identification of the request device and the identity information of the authentication access controller, and the identity information of the authentication access controller is generated according to information comprising a digital certificate of the authentication access controller;

the authentication access controller receives a first authentication response message sent by the first authentication server, the first authentication response message being generated according to information including first authentication result information, a first message authentication code of the second authentication server, second authentication result information, and a first digital signature of the first authentication server; the first authentication result information comprises a first verification result of a digital certificate of the authentication access controller, and a first message authentication code of the second authentication server is generated by the second authentication server through calculation of information comprising the first authentication result information by using a pre-shared key of the second authentication server and the request device and adopting a cryptographic algorithm agreed with the request device; the second authentication result information includes a second verification result for the requesting device, and the first digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information;

the authentication access controller verifies the first digital signature by using a public key of the first authentication server, and if the first digital signature passes the verification, the authentication access controller determines an identity authentication result of the request device according to a second verification result in the second authentication result information; when the authentication access controller determines that the identity authentication result of the request equipment is legal, a third authentication response message is sent to the request equipment; or,

the authentication access controller verifies the first digital signature by using a public key of the first authentication server, and if the first digital signature passes the verification, the authentication access controller sends a third authentication response message to the request device and determines the identity authentication result of the request device according to a second verification result in the second authentication result information; or,

the authentication access controller verifies the first digital signature by using a public key of the first authentication server; if the first digital signature passes the verification, the authentication access controller determines the identity authentication result of the request equipment according to a second verification result in the second authentication result information; the authentication access controller sends a third authentication response message to the requesting device;

wherein, the third authentication response message comprises an identity authentication result information ciphertext; the identity authentication result information ciphertext is generated by encrypting encrypted data including the first authentication result information and a first message authentication code of the second authentication server by using the message encryption key;

after receiving the third authentication response message, the requesting device decrypts the identity authentication result information ciphertext by using the message encryption key to obtain the first authentication result information and a first message authentication code of the second authentication server, and verifies the first message authentication code of the second authentication server by using a pre-shared key of the second authentication server and a cryptographic algorithm agreed with the second authentication server; and if the authentication is passed, the requesting device determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

A second aspect of the present application provides a requesting device, comprising:

the generating module is used for calculating and generating an identity identification ciphertext of the request equipment by utilizing a message encryption key for information comprising the identity identification of the request equipment, and calculating and generating an identity identification code of the request equipment by utilizing a pre-shared key of a second authentication server trusting with the request equipment and a cryptographic algorithm agreed with the second authentication server for the information comprising the identity identification ciphertext of the request equipment;

a sending module, configured to send an identity ciphertext message to an authentication access controller, where the identity ciphertext message includes an identity identifier ciphertext of the requesting device and an identity authentication code of the requesting device;

a receiving module, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext; the identity authentication result information ciphertext is generated by encrypting encryption data including first authentication result information and a first message authentication code of the second authentication server by using the message encryption key;

the decryption module is used for decrypting the identity authentication result information ciphertext by using the message encryption key to obtain the first authentication result information and a first message authentication code of the second authentication server; the first message authentication code of the second authentication server is generated by the second authentication server through calculation of information including the first authentication result information by using a pre-shared key of the request device and a cryptographic algorithm agreed with the request device;

the verification module is used for verifying the first message authentication code of the second authentication server by using a pre-shared key of the second authentication server and a cryptographic algorithm agreed with the second authentication server;

and the determining module is used for determining the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information if the authentication is passed.

A third aspect of the present application provides an authentication access controller, comprising:

a receiving module, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes an identity ciphertext of the requesting device and an identity authentication code of the requesting device, the identity ciphertext of the requesting device is generated by the requesting device through calculation of information including an identity of the requesting device using a message encryption key, and the identity authentication code of the requesting device is generated by the requesting device through calculation of information including the identity ciphertext of the requesting device using a pre-shared key of a second authentication server trusted by the requesting device using a cryptographic algorithm agreed with the second authentication server;

the decryption module is used for decrypting the identity identification ciphertext of the request equipment by using the message encryption key to obtain the identity identification of the request equipment;

a sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the identity ciphertext message, an identity of the requesting device, and identity information of the authentication access controller, and the identity information of the authentication access controller is generated according to information including a digital certificate of the authentication access controller;

the receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message is generated according to information including first authentication result information, a first message authentication code of the second authentication server, second authentication result information, and a first digital signature of the first authentication server; the first authentication result information comprises a first verification result of the digital certificate of the authentication access controller, and a first message authentication code of the second authentication server is generated by the second authentication server through calculation of information comprising the first authentication result information by using a pre-shared key of the request equipment and a cryptographic algorithm agreed with the request equipment; a second verification result including the requesting device in the second authentication result information, the first digital signature being a digital signature calculated by the first authentication server on signature data including the second authentication result information;

the verification module is used for verifying the first digital signature by using the public key of the first authentication server, and if the verification is passed, the determining module determines the identity authentication result of the request device according to a second verification result in the second authentication result information; when the determining module determines that the identity authentication result of the requesting device is legal, the sending module sends a third authentication response message to the requesting device; or,

the public key of the first authentication server is used for verifying the first digital signature, if the first digital signature passes the verification, the sending module sends a third authentication response message to the request device, and the determining module determines the identity authentication result of the request device according to a second verification result in the second authentication result information; or,

for verifying the first digital signature with a public key of the first authentication server; if the first digital signature passes the verification, the determining module determines the identity authentication result of the request device according to a second verification result in the second authentication result information; the sending module sends a third authentication response message to the requesting device;

wherein, the third authentication response message comprises an identity authentication result information ciphertext; the identity authentication result information ciphertext is generated by encrypting encrypted data including the first authentication result information and a first message authentication code of the second authentication server using the message encryption key.

A fourth aspect of the present application provides a first authentication server, comprising:

a receiving module, configured to receive a first authentication request message sent by an authentication access controller, where the first authentication request message includes an identity ciphertext message sent by a requesting device, an identity of the requesting device, and identity information of the authentication access controller, the identity ciphertext message includes an identity ciphertext and an identity authentication code of the requesting device, the identity authentication code of the requesting device is generated by the requesting device through calculation using a pre-shared key of a second authentication server trusted by the requesting device and using a cryptographic algorithm agreed with the second authentication server, the identity of the requesting device is obtained by the authentication access controller through decryption of the identity ciphertext of the requesting device using the message encryption key, and the identity information of the authentication access controller is generated according to information including a digital certificate of the authentication access controller Of (1);

a sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information, and a first digital signature of the first authentication server; the first authentication result information comprises a first verification result of a digital certificate of the authentication access controller, and a first message authentication code of the second authentication server is generated by the second authentication server through calculation of information comprising the first authentication result information by using a pre-shared key of the second authentication server and the request device and adopting a cryptographic algorithm agreed with the request device; the second authentication result information includes a second verification result of the requesting device, and the first digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information.

A fifth aspect of the present application provides a second authentication server comprising:

a receiving module, configured to receive a second authentication request message sent by a first authentication server, where the second authentication request message includes first authentication result information, an identity ciphertext message, an identity identifier of the requesting device, and a second digital signature, or the second authentication request message includes the first authentication result information, the identity ciphertext message, the identity identifier of the requesting device, and a second message authentication code; the first authentication result information is generated according to information including a first authentication result obtained by the first authentication server performing validity authentication on a digital certificate of an authentication access controller; the identity ciphertext message comprises an identity ciphertext of the requesting device and an identity authentication code of the requesting device, wherein the identity authentication code of the requesting device is generated by the requesting device through calculation of information including the identity ciphertext of the requesting device by using a pre-shared key of a second authentication server trusted by the requesting device and by adopting a cryptographic algorithm agreed with the second authentication server; the second digital signature is generated by the first authentication server through calculation of signature data including the first authentication result information, the identification of the requesting device and the identity ciphertext message, or the second message authentication code is generated by the first authentication server through calculation of information including the first authentication result information, the identification of the requesting device and the identity ciphertext message;

the verification module is used for verifying the second digital signature by using a public key of the first authentication server or verifying the second message authentication code by using a pre-shared key of the first authentication server, and if the verification is passed, verifying the identity authentication code of the request device in the identity ciphertext message to obtain a second verification result;

a generation module, configured to generate the second authentication result information according to information including the second verification result, calculate and generate a first message authentication code of a second authentication server for information including the first authentication result information, calculate and generate a third digital signature for signature data including the second authentication result information, or calculate and generate a third message authentication code for information including the second authentication result information;

a sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information, and a third digital signature, or the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information, and a third message authentication code.

In view of the above, in the identity authentication method provided by the present application, a requesting device uses a pre-shared key as its identity credential, and an authentication access controller uses a digital certificate as its identity credential, and during the identity authentication process, the requesting device first sends an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes an identity identification ciphertext of the requesting device and an identity authentication code of the requesting device generated by using the pre-shared key; the authentication access controller decrypts the identity identification ciphertext to obtain the identity identification of the request device, then sends a first authentication request message to a first authentication server trusted by the authentication access controller according to information including the identity ciphertext message, the identity identification of the request device and the identity information of the authentication access controller, a second authentication server trusted by the request device verifies the identity validity of the request device according to the identity authentication code of the request device, the first authentication server verifies the identity validity of the authentication access controller according to the identity information of the authentication access controller, after the verification is completed, the first authentication server sends a first authentication response message to the authentication access controller, and the authentication access controller obtains a verification result corresponding to the request device from the first authentication response message to determine whether the identity of the request device is legal or not; the request equipment acquires the verification result corresponding to the authentication access controller from the third authentication response message sent by the authentication access controller, and determines whether the identity of the authentication access controller is legal or not, so that the bidirectional identity authentication between the authentication access controller and the request equipment is realized, and a foundation is laid for ensuring that only a legal user can communicate with a legal network. And moreover, the identity information and/or the identity authentication result information of the entity are transmitted in a ciphertext mode, so that the safety of private information in the transmission process is guaranteed, and the identity protection of the entity is realized.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the description below are only some embodiments of the present application, and for those skilled in the art, other drawings may be obtained according to these drawings without inventive labor.

Fig. 1 is a schematic diagram of an identity authentication method according to an embodiment of the present application;

fig. 2 is a schematic diagram of a method for requesting a device REQ and authenticating an access controller AAC to negotiate an encryption key of a message according to an embodiment of the present application;

fig. 3 is a schematic diagram of an identity authentication method provided in an embodiment of the present application, where "+" denotes an optional field or an optional operation;

fig. 4 is a schematic diagram of an identity authentication method provided in an embodiment of the present application, where "+" denotes an optional field or an optional operation;

fig. 5 is a schematic diagram of an identity authentication method provided in an embodiment of the present application, where "+" denotes an optional field or an optional operation;

fig. 6 is a schematic diagram of an identity authentication method provided in an embodiment of the present application, where "+" denotes an optional field or an optional operation;

fig. 7 is a block diagram illustrating a structure of a request device REQ according to an embodiment of the present disclosure;

fig. 8 is a block diagram illustrating an architecture of an AAC according to an embodiment of the present disclosure;

fig. 9 is a block diagram illustrating a structure of an AS-AAC server according to an embodiment of the present disclosure;

fig. 10 is a block diagram of a second authentication server AS-REQ according to an embodiment of the present disclosure.

Detailed Description

In a communication network, a requesting device may access a network through an Authentication access controller, and in order to ensure that the requesting device accessing the network belongs to a legitimate user and that the network accessed by the requesting device is a legitimate network, bidirectional Identity Authentication (MIA for short) needs to be performed between the Authentication access controller and the requesting device.

Taking the current wireless communication and mobile communication scenarios as examples, in a scenario where the requesting device accesses the wireless network through the authentication access controller, the requesting device may be a terminal device such as a mobile phone, a Personal Digital Assistant (PDA), a tablet computer, and the like, and the authentication access controller may be a network side device such as a wireless access point, a wireless router, and the like. Under the scene that the request device is accessed to the wired network through the authentication access controller, the request device can be terminal devices such as a desktop computer and a notebook computer, and the authentication access controller can be network side devices such as a switch or a router. In a scenario that the requesting device accesses a fourth/fifth Generation mobile communication technology (the 4th/5th Generation mobile communication technology, abbreviated as 4G/5G) network through the authentication access controller, the requesting device may be a terminal device such as a mobile phone and a tablet computer, and the authentication access controller may be a network side device such as a base station. Of course, the method and the device are also applicable to various data communication scenes such as other wired networks, near field communication networks and the like.

However, in the existing entity authentication scheme, the identity credentials of the entity are either uniformly in the form of a digital certificate or a pre-shared key, and for the situation that in practical application, one end of the entity employs the digital certificate as the identity credentials and the other end employs the pre-shared key as the identity credentials, a simple and effective identity authentication mechanism is not provided, and the identity information of the entity is directly exposed in the transmission process of the identity authentication message, which may result in that the security cannot be guaranteed.

In order to solve the above technical problem, an embodiment of the present application provides an identity authentication method, where a pre-shared key is used for a requesting device, an authentication access controller is used in an application scenario where an authentication manner of a digital certificate is used for authentication, a first authentication server trusted by the authentication access controller verifies validity of the digital certificate of the authentication access controller to obtain a first verification result, a second authentication server trusted by the requesting device verifies an identity authentication code of the requesting device by using the pre-shared key of the requesting device to obtain a second verification result, and the requesting device and the authentication access controller respectively determine whether an entity of an opposite party is legal according to the verification results corresponding to the entity of the opposite party, so as to implement bidirectional identity authentication between the authentication access controller and the requesting device, and lay a foundation for ensuring that only a legal user can communicate with a legal network. And the private information of the entity, such as the identity identification, the authentication result information and the like, is transmitted in a ciphertext mode, so that the safety of the private information in the transmission process is ensured, and the identity protection of the entity is realized.

For convenience of introduction, in the embodiments of the present application, the identity Authentication method of the present application will be described by taking a request device (REQ), an Authentication Access Controller (AAC), and an Authentication Server (AS) AS examples.

Wherein, AAC trusted AS is called a first authentication server AS-AAC, REQ trusted AS is called a second authentication server AS-REQ. The AS-AAC holds a digital certificate and a corresponding private key of the digital certificate, which are in accordance with the ISO/IEC9594-8/ITU X.509, other standards or other technical systems. The AS-AAC can verify the identity validity of AAC, and the AS-REQ can verify the identity validity of REQ. The AS-AAC and the AS-REQ can be the same AS or different ASs, and when the AS-AAC and the AS-REQ are the same, namely the non-roaming condition exists; when the AS-AAC is different from the AS-REQ, namely a roaming situation, a valid pre-shared key exists between the AS-AAC and the AS-REQ, or when the AS-REQ holds a digital certificate and a corresponding private key of the digital certificate which are in accordance with ISO/IEC9594-8/ITU X.509, other standards or other technical systems, the AS-AAC and the AS-REQ trust each other and know the digital certificate of the other party or the public key in the digital certificate. The Certificate decryption server (CS-DEC) holds an encryption Certificate and a private key corresponding to the encryption Certificate which are in accordance with ISO/IEC9594-8/ITU X.509 and specified by other standards or other technical systems, and the CS-DEC can be an independent server or can reside in the AS-AAC.

The REQ may be an endpoint participating in the authentication process, establishing a connection with AAC, accessing the services provided by AAC, and accessing the AS through AAC with a valid pre-shared key with the AS-REQ. AAC can be another endpoint participating in the identity authentication process, establishes a connection with the REQ, provides a service, communicates with the REQ, and can directly access AS-AAC, AAC holds a digital certificate and a corresponding private key of the digital certificate, which are in accordance with ISO/IEC9594-8/ITU X.509, other standards or other technical systems, and knows the digital certificate of AS-AAC or a public key in the digital certificate trusted by AAC, and in some application scenarios, the public key in the encryption certificate or the encryption certificate of CS-DEC.

An identity authentication method provided in an embodiment of the present application is described below with reference to fig. 1, where the method includes:

s101, AAC receives the identity ciphertext message REQInit sent by REQ.

The REQInit comprises identity identification ciphertext EncData of REQ_REQAnd identity identifier MIC of REQ_REQ. Wherein EncData_REQIs that the REQ uses a message encryption key to apply a symmetric encryption algorithm to the identity ID comprising the REQ_REQThe information inside is generated by calculation; MIC_REQPre-shared secret K that is an AS-REQ with which the REQ utilizes trust_{REQ_AS}The cryptographic algorithm pair agreed with AS-REQ is adopted to comprise EncData_REQThe information inside is calculated and generated. The message encryption key may be shared in advance by REQ and AAC, or obtained by negotiation between REQ and AAC, and the manner of negotiating the message encryption key by REQ and AAC will be described later.

As an example of this application, the cryptographic algorithm agreed upon by REQ and AS-REQ may be a hash algorithm, using a pre-shared key K_{REQ_AS}Using a hash algorithm to match MICs in REQInit_REQOther fields preceding the field, e.g. including EncData_REQCarrying out hash operation on the internal information to obtain a hash value, wherein the hash value is used as the identity identification code MIC of the REQ_REQ。

In this embodiment, REQ employs an authentication code MIC_REQAs identity information, AAC adopts its own digital certificate Cert_AACAs identity information, the AS-REQ may be paired with the MIC_REQVerification to determine the validity of REQ identity, AS-AAC can be on Cert_AACValidity verification is performed to determine the validity of the AAC identity.

S102, AAC utilizes message encryption keyFor EncData_REQDecrypting to obtain ID_REQ。

Due to EncData_REQIs REQ using a message encryption key to include ID using a symmetric encryption algorithm_REQThe information in the AAC is encrypted, so that AAC receives EncData sent by REQ_REQThe symmetric encryption algorithm can then be used to encrypt EncData using the message encryption key_REQDecrypting to obtain ID_REQ。

S103, AAC sends a first authentication request message AACVeri to its trusted AS-AAC.

The AACVeri comprises REQInit and ID_REQAnd identity information of AAC. Wherein the identity information of AAC is that AAC includes Cert_AACGenerated by information within, which may be a Cert_AACMay also be Cert_AACThe ciphertext of (1). To secure the security of AAC identity information, AAC may include Cert with a public key pair of an encryption certificate_AACEncryption of internal encrypted data to generate identity information EncPub of AAC_ASCorrespondingly, the AS-AAC can decrypt the EncPub by utilizing a private key corresponding to an encryption certificate of CS-DEC residing in the AS-AAC_ASObtaining Cert_AACOr AS-AAC converts the EncPub_ASSending to CS-DEC with interaction and trust relationship, decrypting, and obtaining Cert obtained by decryption_AAC。

It should be noted that, when AAC trusted AS-AAC and REQ trusted AS-REQ are the same authentication server, REQ and AAC trusted authentication server can be represented by AS-AAC (or AS-REQ, of course). In this case, the Cert is paired by AS-AAC (which may also be denoted AS AS-REQ)_AACAnd MIC in the REQInit_REQAnd (6) carrying out verification. Wherein AS-AAC (also denoted AS AS-REQ) verifies Cert_AACGet the first verification result Res_AACAccording to ID in AACVeri_REQDetermining a Pre-shared Key K with a REQ_{REQ_AS}And a contracted cryptographic algorithm, and using said K_{REQ_AS}Verifying MIC using said cryptographic algorithm_REQObtain a second verification result Res_REQAccording to the inclusion of the Res_AACThe information in the first authentication result information is generatedPub_AACAccording to the inclusion of the Res_REQGenerates second authentication result information Pub from the included information_REQReuse the K_{REQ_AS}Using said cryptographic algorithm pair to include Pub_AACCalculating and generating first message authentication code MIC of AS-AAC by using intrinsic information_{AS_AAC}(first message authentication code MIC, which may also be denoted AS AS-REQ)_{AS_REQ}) For including Pub_REQComputing the signature data to generate a first digital signature Sig_{AS_AAC1}(also denoted Sig)_{AS_REQ1}) According to the inclusion of said Pub_AACThe MIC_{AS_AAC}(may also be denoted MIC)_{AS_REQ}) The Pub_REQAnd said Sig_{AS_AAC1}(also denoted Sig)_{AS_REQ1}) The included information generates a first authentication response message ASVeri.

Cert is verified by AS-AAC when AAC-trusted AS-AAC and REQ-trusted AS-REQ are two different authentication servers_AACGet the first verification result Res_AACAccording to the inclusion of the Res_AACThe information inside generates the first authentication result information Pub_AACTo include said Pub_AACThe ID_REQAnd calculating the signature data including REQInit to generate a second digital signature Sig_{AS_AAC2}And sending a second authentication request message AS-AACVeri to the AS-REQ, wherein the AS-AACVeri comprises the Pub_AACThe ID_REQThe REQInit and the Sig_{AS_AAC2}Wherein, Sig_{AS_AAC2}Can be replaced by MIC_{AS_AAC2}，MIC_{AS_AAC2}The AS-AAC utilizes a pre-shared key with the AS-REQ, and adopts a cryptographic algorithm agreed with the AS-REQ to include the Pub_AACThe ID_REQAnd the information including REQInit calculates the second message authentication code generated; AS-REQ verifies the Sig with the public key of AS-AAC_{AS_AAC2}Or verifying the MIC by using a pre-shared key with the AS-AAC and adopting a cryptographic algorithm agreed with the AS-AAC_{AS_AAC2}After the verification is passed, according to the ID_REQDetermining a Pre-shared Key K with REQ_{REQ_AS}And a contracted cryptographic algorithm, using said K_{REQ_AS}Verifying said RE using said cryptographic algorithmMIC in QInit_REQObtain a second verification result Res_REQAccording to including Res_REQGenerates second authentication result information Pub from the included information_REQUsing said K_{REQ_AS}Adopting the cryptographic algorithm pair to include the Pub_AACCalculating first message authentication code MIC for generating AS-REQ by using information in_{AS_REQ}To include said Pub_REQComputing the signature data to generate a third digital signature Sig_{AS_REQ3}Sending a second authentication response message AS-REQVeri to AS-AAC, wherein the AS-REQVeri comprises the Pub_AACThe MIC_{AS_REQ}The Pub_REQAnd said Sig_{AS_REQ3}Wherein Sig_{AS_REQ3}Can be replaced by MIC_{AS_REQ3}，MIC_{AS_REQ3}The AS-REQ uses a pre-shared key with the AS-AAC and adopts a cryptographic algorithm agreed with the AS-AAC to include the Pub_REQCalculating a generated third message authentication code by the included information; AS-AAC verifies the Sig with the public key of AS-REQ_{AS_REQ3}Or verifying the MIC by using a pre-shared key with the AS-REQ and adopting a cryptographic algorithm agreed with the AS-REQ_{AS_REQ3}After the verification is passed, the method includes the Pub_REQThe signature data inside is calculated to generate a first digital signature Sig_{AS_AAC1}According to including said Pub_AACThe MIC_{AS_REQ}The Pub_REQAnd said Sig_{AS_AAC1}The included information generates the first authentication response message ASVeri.

S104, AAC receives a first authentication response message ASVeri sent by AS-AAC.

The ASVeri is based on the information including the first identification result Pub_AACFirst message authentication code MIC of AS-REQ_{AS_REQ}Second discrimination result information Pub_REQAnd first digital signature Sig of AS-AAC_{AS_AAC1}The information in it is generated.

According to whether identity protection is performed on AAC, the method can be divided into two cases, wherein in one case, identity information of AAC is transmitted in plain text in the whole process, and in the other case, identity information of AAC is transmitted in ciphertext in the whole process.

When AAC identity information is encrypted certificate utilized by AACIncludes a public key pair of Cert_AACAnd a second key Nonce_AACPubWhen the inner encrypted data is generated by encryption, wherein, the Nonce_AACPubFor pairs including Pub_AACEncrypting the information inside; accordingly, the first authentication result information included in ASVeri is in the form of ciphertext (e.g., Nonce utilized by AS-AAC)_AACPubFor including Pub_AACThe information in the content is encrypted and generated simply, and can be AS-AAC utilizing Nonce_AACPubFor including Pub_AACThe information of the inner is processed by XOR operation to generate Pub_AAC⊕Nonce_AACPub)。

Further, the encrypted data for generating the identity information of AAC may further include the identity ID of AAC_AACAnd a third key Nonce_AACIDThat is, the identity information of AAC is obtained by AAC using a public key pair of an encryption certificate including Cert_AAC、ID_AAC、Nonce_AACPubAnd Nonce_AACIDCryptographic generation of encrypted data within, Nonce_AACIDFor including ID_AACEncrypting the information inside; correspondingly, the ASVeri also comprises an identity identification ciphertext of the AAC; the identity identification ciphertext of AAC can be used by AS-AAC to utilize Nonce_AACIDFor including ID_AACThe information in the content is encrypted and generated simply by using the Nonce of AS-AAC_AACIDFor including ID_AACThe information inside is XOR-generated as ID_AAC⊕Nonce_AACID. AAC also needs to identify ID according to its own identity_AACAnd said Nonce_AACIDVerifying the identity identification ciphertext of the AAC in the ASVeri, wherein the specific verification comprises the following steps: AAC utilizes Nonce_AACIDFor identity ID comprising AAC itself_AACEncrypting the internal information to generate an AAC identity identification ciphertext, and performing consistency verification on the generated AAC identity identification ciphertext and the AAC identity identification ciphertext in the ASVeri; alternatively, AAC utilizes Nonce_AACIDDecrypting identity identification ciphertext of AAC to obtain ID_AACAnd will decrypt the ID_AACIdentity ID with AAC itself_AACThe consistency of AAC is verified, and after the consistency is verified, the AAC executes the subsequent flow.

S105, AAC utilization APublic key pair of S-AAC to Sig_{AS_AAC1}And (6) carrying out verification.

S106, AAC according to the Pub_REQRes in_REQThe identity authentication result of the REQ is determined.

Due to Res_REQCan reflect whether REQ is legal or not, therefore AAC can be based on Pub_REQRes in_REQDetermining whether the REQ is legitimate lays the foundation for ensuring that only legitimate REQs can access the network. In some cases, if AAC is identity protected, then an ID may be included in ASVeri_AAC⊕Nonce_AACIDTherefore AAC can also utilize the third key Nonce_AACIDFor ID_AAC⊕Nonce_AACIDDecrypting to obtain ID_AACAnd check the ID_AACIdentity ID with AAC itself_AACIf yes, then according to said Pub_REQRes in (1)_REQThe identity authentication result of the REQ is determined.

S107, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth comprises identity authentication result information ciphertext EncData_AAC. Wherein if the AAC is not identity protected, the AAC uses a message encryption key pair to include the Pub_AACAnd the MIC_{AS_REQ}Encryption of information within to generate encData_AAC. If AAC is identity protected, AAC utilizes a message encryption key pair to include Pub_AAC⊕Nonce_AACPub、MIC_{AS_REQ}、Nonce_AACPubEncryption of information within to generate encData_AAC。

It should be noted that the execution sequence of S105 to S107 does not affect the specific implementation of the present application, and in practical applications, the execution sequence of S105 to S107 may be set according to requirements. Preferably, S105 is executed first, when AAC is applied to Sig_{AS_AAC1}If the verification is not passed, discarding the ASVeri, and when AAC is not passed to the Sig_{AS_AAC1}And after the verification is passed, executing S106 again, executing S107 again when the REQ is determined to be legal by AAC, and selecting whether to execute S107 or not by AAC according to a local strategy when the REQ is determined to be illegal by AAC, wherein in consideration of efficiency, the authentication process is preferably not executed and ended.

S108, REQ uses message encryption key to encrypt identity authentication result information ciphertext EncData_AACDecrypting to obtain Pub_AACAnd MIC_{AS_REQ}Using a pre-shared secret K with AS-REQ_{REQ_AS}Verifying MIC by adopting cryptographic algorithm agreed with AS-REQ_{AS_REQ}If the verification is passed, then the verification is carried out according to Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC.

It should be noted that, in the case of identity protection of AAC, REQ corresponds to EncData_AACDecrypting to obtain Pub_AACAnd MIC_{AS_REQ}The method comprises the following steps: REQ first uses the message encryption key pair EncData_AACDecrypting to obtain Pub_AAC⊕Nonce_AACPub、MIC_{AS_REQ}And Nonce_AACPubReuse of Nonce_AACPubAnd Pub_AAC⊕Nonce_AACPubPerforming XOR operation to obtain Pub_AAC。

Due to Res_AACCan reflect whether AAC is legal or not, so REQ is opposite to MIC_{AS_REQ}After the verification is passed, the method can be used according to Pub_AACRes in (1)_AACDetermining whether AAC is legal, thereby laying a foundation for ensuring that REQ can access a legal network; if REQ is to MIC_{AS_REQ}If the verification is not passed, discarding AACAuth.

It can be seen from the above that, in the identity authentication method provided in this embodiment of the present application, an authentication server is introduced, a pre-shared key is used for a requesting device, an authentication access controller is used in an application scenario in which an authentication manner of a digital certificate is used for authentication, a first authentication result is obtained by performing validity verification on the digital certificate of the authentication access controller by a first authentication server trusted by the authentication access controller, a second authentication result is obtained by performing verification on an identity authentication code of the requesting device by a second authentication server trusted by the requesting device through the pre-shared key of the requesting device, the requesting device and the authentication access controller respectively obtain verification results corresponding to an opposite entity, and determine whether the opposite entity is legal, thereby implementing bidirectional identity authentication between the authentication access controller and the requesting device. And the private information of the entity, such as the identity identification, the authentication result information and the like, is transmitted in a ciphertext mode, so that the safety of the private information in the transmission process is ensured, and the identity protection of the entity is realized.

Referring to fig. 1, to ensure the authenticity of the authentication result, REQ determines the digital signature Sig of AAC before REQ determines the identity of AAC in S108_AACIf the verification is passed, if the Sig is determined_AACIf the verification is passed, REQ is again according to the Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC. Wherein REQ determines Sig_AACWhether to verify the verification comprises the following ways:

one way of realizing this is that when AACVeri of S103 also includes digital signature Sig of AAC_AACThen, the Sig_AACIs Sig in AAC pair including AACVeri_AACThe other previous fields are calculated and generated; then AS-AAC utilizes Cert in AACVeri_AACVerifying the Sig_AACAnd the subsequent operation is executed after the verification is passed, so if the REQ can receive AACAuth of S107, the REQ determines the Sig_AACAnd the verification is passed.

In another implementation manner, when the AACAuth of S107 further includes the digital signature Sig of AAC_AACThen, the Sig_AACIs AAC pair includes Sig in AACAuth_AACCalculated from other preceding fields, and, correspondingly, said Pub_AACAlso includes Cert_AAC(ii) a Then in S108 the REQ still utilizes said Pub_AACCert in (1)_AACVerifying the Sig_AACDetermining said Sig based on the verification result_AACAnd whether the verification is passed.

It should be noted that the information such as the random number, the identity identifier, etc. generated by the requesting device and/or the authentication access controller may be transmitted in a message exchanged in the authentication process. Normally, the random number and/or the identity carried in the received message and the random number and/or the identity carried in the sent message should be the same, but when network jitter or attacks and other situations are encountered, parameter information in the message may be lost or tampered. Therefore, in some embodiments of the present application, the reliability of the authentication result can also be ensured by comparing whether the random numbers and/or the identities in the transmitted and received messages are consistent. The method comprises the following specific steps:

referring to fig. 1, the identity ID of AAC may also be included in the AACVeri of S103_AACAnd/or AAC generated first random number Nonce_AACCorrespondingly, the ASVeri of S104 also includes ID_AACAnd/or Nonce_AAC. Thus, AAC may first determine the ID in ASVeri before AAC determines the identity of REQ in S106_AACAnd AAC's own identity ID_AAC(i.e., ID transmitted by AAC through AACVeri)_AAC) And/or, the Nonce in ASVeri is verified_AACAnd the Nonce for AAC generation_AAC(i.e., the Nonce the AAC sent by AACVeri_AAC) If the consistency is verified, AAC is verified according to Pub_REQRes in (1)_REQThe identity authentication result of the REQ is determined.

In other embodiments, the Pub_REQMay also include an ID_REQBefore AAC determines REQ' S identity in S106, AAC adds said Pub_REQID of (1)_REQAnd decrypting EncData in S101_REQThe obtained ID_REQIf the consistency of the AAC is verified, the AAC is verified according to the Pub_REQRes in (1)_REQThe identity authentication result of the REQ is determined.

Of course, to ensure the reliability of the authentication result, the REQ may also be the second random number Nonce generated by the REQ_REQAnd/or identity ID of REQ_REQAnd carrying out consistency verification. The method comprises the following specific steps:

referring to fig. 1, Nonce may also be included in the REQInit of S101_REQThe AACVeri of S103 may further include a Nonce_REQCorrespondingly, the ASVeri of S104 also includes ID_REQAnd/or Nonce_REQEncData in AACAuth of S107_AACFurther includes an ID_REQAnd/or Nonce_REQ. Thus, before the REQ determines the authentication result of AAC in S108, the REQ may decrypt EncData in AACAuth_AACThe obtained ID_REQAnd identity ID of REQ itself_REQAnd/or, verifying the consistency of the EncData in the decrypted AACAuth_AACThe obtained Nonce_REQAnd REQ rawCheng Nonce_REQVerifying the consistency of the data; if the verification is passed, REQ is again based on Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC.

In the above embodiment, the message encryption key used by REQ and AAC may be obtained by negotiation between REQ and AAC, so this embodiment further provides a method for negotiating a message encryption key between REQ and AAC, see fig. 2, where the method includes:

s201, AAC sends a key request message AACInit to REQ.

The AACInit comprises a key exchange parameter KeyInfo of AAC_AAC，KeyInfo_AACIncluding AAC generated temporary public keys, where key exchange refers to a key exchange algorithm such as Diffie-Hellman (DH). The AACInit can also comprise a first random number Nonce generated by AAC_AAC。

In addition, Security capabilities can be included in the AACInit_AAC，Security capabilities_AACThe Security capability parameter information indicating AAC support includes an AAC-supported identity authentication suite (the identity authentication suite includes one or more identity authentication methods), a symmetric encryption algorithm and/or a key derivation algorithm, etc., so as to select a specific Security policy for use by the REQ, which may be according to Security capabilities_AACSelecting a particular Security policy for use with REQ_REQ。Security capabilities_REQIndicating the identity authentication method, symmetric encryption algorithm and/or key derivation algorithm, etc., that REQ is used accordingly.

S202, REQ exchanges parameters KeyInfo according to the key comprising REQ_REQCorresponding temporary private key and KeyInfo_AACAnd carrying out key exchange calculation on the included temporary public key to generate a first key, and calculating a message encryption key by using a key derivation algorithm according to information including the first key.

If AACInit of S201 also includes the Nonce of AAC generation_AACREQ may be based on the inclusion of KeyInfo_REQCorresponding temporary private key and KeyInfo_AACThe temporary public key is subjected to key exchange calculation to generate a first key K1, and K is transmitted1 binding includes Nonce_AACAnd a second random number Nonce generated by REQ_REQAnd the message encryption key is calculated by using a negotiated or preset key derivation algorithm. The negotiated key derivation algorithm may be Security capabilities sent by REQ according to AAC_AACBut the key derivation algorithm used is selected. Among them, KeyInfo_REQIs a key exchange parameter generated by the REQ, including the temporary public key generated by the REQ. Keyinfo_REQThe corresponding ephemeral private key is the ephemeral private key generated by the REQ that corresponds to the ephemeral public key of the REQ, i.e., the ephemeral public key and the ephemeral private key are a pair of ephemeral public and private keys.

S203, REQ sends an identity ciphertext message REQInit to AAC.

KeyInfo is included in REQInit_REQSo that AAC includes KeyInfo_AACCorresponding temporary private key and KeyInfo_REQThe information including the temporary public key is calculated to obtain the message encryption key. Among them, KeyInfo_AACThe corresponding temporary private key is the temporary private key generated by AAC corresponding to the temporary public key of AAC, i.e. the temporary public key and the temporary private key are a pair of temporary public and private keys.

Security capabilities can also be included in the REQInit_REQ. Nonces may also be included in the REQInit_REQSo that AAC includes said KeyInfo_AACCorresponding temporary private key, the KeyInfo_REQIncluded temporary public key, the Nonce_AACAnd said Nonce_REQThe message encryption key is calculated from the included information.

Nonces may also be included in the REQInit_AACFurther, AAC may be applied to Nonce in REQInit before calculating the message encryption key_AACAnd AAC generated Nonce_AACIs verified to ensure that the REQInit received by AAC is a response message to AACInit.

S204, AAC according to KeyInfo_AACCorresponding temporary private key and KeyInfo_REQPerforming a key exchange calculation on the included temporary public key to generate the first key, and calculating message encryption by using the key derivation algorithm according to information including the first keyA key.

If the Nonce is also included in the REQInit_REQAAC may then be based on including the KeyInfo_AACCorresponding temporary private key and the KeyInfo_REQPerforming a key exchange calculation on the included temporary public key to generate the first key K1, combining K1 to include the Nonce_AACAnd said Nonce_REQThe message encryption key is calculated using a negotiated or preset key derivation algorithm. Wherein, the negotiated key derivation algorithm may be Security capabilities sent by AAC according to REQ_REQBut the key derivation algorithm used is selected.

The embodiment of the application also provides a method for determining a first authentication server and/or a second authentication server used in the authentication process by using information interaction between AAC and REQ, which comprises the following steps:

referring to fig. 2, AAC adds the identity ID of at least one AAC trusted authentication server to the AAC in S201_{AS_AAC}REQ according to the ID_{AS_AAC}Identification ID of at least one authentication server determining self trust_{AS_REQ}. In particular implementation, REQ is from ID_{AS_AAC}At least one authentication server which is trusted by the authentication server is selected as the ID_{AS_REQ}If the selection fails, the REQ takes at least one authentication server trusted by itself as the ID_{AS_REQ}(wherein, the successful selection corresponds to the non-roaming condition, and the failed selection corresponds to the roaming condition), and the ID is used_{AS_REQ}REQInit added to S203 is transmitted to AAC. Further, AAC may be based on ID_{AS_AAC}And ID_{AS_REQ}Determining a first authentication server AS-AAC, e.g. AAC can determine ID_{AS_REQ}And ID_{AS_AAC}If the identity identification of at least one identical authentication server exists, namely the roaming condition exists, the AAC determines a first authentication server participating in identity authentication from the identity identification of the at least one REQ and AAC commonly-trusted authentication server; if not, roaming is the case, AAC needs ID_{AS_AAC}Determining a first authentication server AS-AAC participating in identity authentication, and adding ID_{AS_REQ}Is sent to AS-AAC so that AS-AAC is based on ID_{AS_REQ}A second authentication server AS-REQ is determined.

As another embodiment, AAC may not necessarily send an ID to REQ_{AS_AAC}And the identity ID of at least one authentication server trusted by itself is added by the REQ in REQInit of S203_{AS_REQ}. According to ID_{AS_REQ}Identity ID of at least one authentication server trusted by AAC itself_{AS_AAC}The specific implementation manner of determining the first authentication server and/or the second authentication server participating in identity authentication is as in the previous embodiment.

Because the authentication servers trusted by REQ and AAC can be the same or different, when the authentication servers trusted by REQ and AAC are the same, the non-roaming condition is obtained; when REQ and AAC trusted authentication servers are different, this is the roaming case. The identity authentication method provided by the embodiment of the present application is introduced below with reference to non-roaming and roaming application scenarios, which includes the following four cases: firstly, in the non-roaming condition, REQ identity protection identity authentication method; (II) identity authentication methods for REQ and AAC identity protection under the non-roaming condition; (III) in roaming condition, REQ identity protection identity authentication method; and (IV) in case of roaming, REQ and AAC identity protection identity authentication methods.

Referring to fig. 3, it is an embodiment of the identity authentication method in the case (a), where AS-AAC (also, AS-REQ) can be used to represent an authentication server that REQ and AAC trust together. In this embodiment, the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, which is more convenient for engineering implementation. The identity authentication method comprises the following steps:

s301, AAC Generation Nonce_AACAnd KeyInfo_AACGenerating Security capabilities as required_AAC。

S302, AAC sends a key request message AACInit to REQ.

The AACInit comprises a Nonce_AAC、KeyInfo_AACAnd Security capabilities_AAC. Wherein, Security capabilities_AACIs an optional field and represents AAC supported safety capability parameter information, including AAC supported identity authentication suite and pairEncryption algorithms and/or key derivation algorithms, etc. (see below).

After receiving the AACInit, the S303, REQ performs the following operations (unless otherwise specified or logically related, the actions numbered (1) and (2) … … in this document do not have a certain order due to the numbering, and are the same throughout), including:

(1) and generating the Nonce_REQAnd KeyInfo_REQ；

(2) Generating Security capabilities as required_REQ；

(3) According to the formula including KeyInfo_REQCorresponding temporary private key and KeyInfo_AACThe included temporary public key is subjected to key exchange calculation to generate a first key K1, and K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information employed by REQ and AAC are the same and optional, such as a specific string, etc.) calculate a message encryption key using a negotiated or preset key derivation algorithm;

(4) generating an identity identification ciphertext EncData by utilizing the calculation of the message encryption key_REQ；

(5) Calculating identity identification code MIC of REQ_REQ。

S304, REQ sends an identity ciphertext message REQInit to AAC.

The REQInit comprises Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、EncData_REQAnd MIC_REQ. Wherein, Nonce_AACShould equal the corresponding field in AACInit; EncData_REQIncludes ID_REQ(ii) a In the present application, an encrypted object is referred to as encrypted data; security capabilities_REQWhether REQ generates Security capabilities for optional fields_REQDepending on whether Security capabilities are carried in AACInit sent from AAC to REQ_AAC。Security capabilities_REQIndicating REQ according to Security capabilities_AACThe choice of the particular security policy to be made, i.e. the identity authentication method, the symmetric encryption algorithm and/or the key derivation algorithm, etc. (see below) that the REQ determines to use. The MIC_REQIs REQ utilization andpre-shared secret key K of AS-AAC_{REQ_AS}Adopting a cryptographic algorithm pair agreed with AS-AAC to include MIC in REQInit_REQThe other previous fields are generated by calculation, specifically, for example, when REQInit includes Nonce in turn_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、EncData_REQAnd MIC_REQREQ utilizes said K_{REQ_AS}The cryptographic algorithm (which may be a hash algorithm) pair is used to include Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、EncData_REQCarrying out hash operation on the information to obtain a hash value, wherein the hash value is used as an identification code MIC of the REQ_REQ。

S305, receiving REQInit, the AAC performs the following operations including:

(1) check for Nonce in REQInit_AACNonce generated with AAC_AACIf the two are consistent, discarding REQInit;

(2) according to the KeyInfo_AACCorresponding temporary private key and the KeyInfo_REQThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information used by AAC and REQ are the same and optional, such as a specific string, etc.) calculate a message encryption key using a negotiated or preset key derivation algorithm;

(3) decrypting EncData using message encryption key_REQGet ID_REQ。

S306, AAC sends a first authentication request message AACVeri to AS-AAC.

The AACVeri comprises REQInit and ID_REQ、ID_AACAnd Cert_AAC。

S307, after the AS-AAC receives the AACVeri, performing the following operations including:

(1) and verifying Cert_AACGet Res_AACAccording to including Res_AACAnd Cert_AACGeneration of information in Pub_AAC；

(2) And experimentEvidence of MIC in REQInit_REQTo obtain Res_REQAccording to inclusion of ID_REQAnd Res_REQGeneration of information in Pub_REQ；

Wherein AS-AAC is based on ID in AACVeri_REQDetermining a Pre-shared Key K with a REQ_{REQ_AS}And a contracted cryptographic algorithm, using said K_{REQ_AS}The cryptographic algorithm is adopted to carry out MIC in REQInit_REQThe previous other fields compute the MIC locally_REQAnd adds it to the received MIC_REQComparing, if the two are the same, then MIC_REQThe AS-AAC judges the REQ identity authentication result to be legal after verification, and if the REQ identity authentication result is different, the MIC is determined to be legal_REQIf the verification fails, the AS-AAC can have the following processing modes according to the local policy, including: discard AACVeri or determine the identity discrimination result of REQ as illegal, etc.

(3) Calculating a first message authentication code MIC of the AS-AAC_{AS_AAC}And a first digital signature Sig_{AS_AAC1}。

S308, the AS-AAC sends a first authentication response message ASVeri to the AAC.

The ASVeri comprises an ID_REQ、Nonce_REQ、Pub_AAC、MIC_{AS_AAC}、ID_AAC、Nonce_AAC、Pub_REQAnd Sig_{AS_AAC1}. Wherein, ID_REQ、Nonce_REQ、ID_AAC、Nonce_AACShould be equal to the corresponding field in AACVeri, respectively; MIC_{AS_AAC}Is a pre-shared secret key K utilized by AS-AAC with REQ_{REQ_AS}Including ID with cryptographic algorithm agreed on REQ_REQ、Nonce_REQ、Pub_AACThe information inside is generated by calculation; sig_{AS_AAC1}Is formed by the AS-AAC pair including an ID_AAC、Nonce_AAC、Pub_REQThe signature data is generated by calculation, and the signed object is referred to as signature data in the present application.

After receiving ASVeri, S309 and AAC perform the following operations, including:

(1) check ID in ASVeri_AAC、Nonce_AACWhether or not to respectively identify with own identity ID_AACSelf-generation ofNonce (A)_AACThe same;

(2) public key verification Sig using AS-AAC_{AS_AAC1}；

(3) Checking Pub_REQID of (1)_REQWhether or not to match the ID in AACVeri sent to AS-AAC_REQThe same;

(4) if any step of the checking and the verification is not passed, immediately discarding the ASVeri; after the above checks and verifications are passed, according to Pub_REQRes in (1)_REQDetermining the identity authentication result of the REQ; if the REQ is determined to be illegal, the authentication process is ended;

(5) calculating identity authentication result information ciphertext EncData by using the message encryption key_AAC；

(6) And calculating digital signature Sig of AAC_AAC。

S310, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth comprises EncData_AACAnd Sig_AAC. Wherein EncData_AACIncludes ID_REQ、Nonce_REQ、Pub_AACAnd MIC_{AS_AAC}(ii) a Wherein, ID_REQ、Nonce_REQ、Pub_AAC、MIC_{AS_AAC}From ASVeri; sig_AACIncludes Sig in the AACAuth_AACOther fields before, including, for example, EncData_AAC。

S311, after receiving AACAuth, REQ performs the following operations including:

(1) decrypting EncData using message encryption key_AACGet ID_REQ、Nonce_REQ、Pub_AAC、MIC_{AS_AAC}；

(2) Checking ID_REQ、Nonce_REQWhether or not to respectively identify with REQ's own ID_REQREQ-generated Nonce_REQThe same;

(3) verifying Sig_AACAnd MIC_{AS_AAC}。

Among these, REQ utilizes Pub_AACCert in (1)_AACFor Sig_AACVerification is performed using pre-authentication with AS-AACShared secret key K_{REQ_AS}The ID is included in AACAuth by adopting a cryptographic algorithm agreed with AS-AAC_REQ、Nonce_REQ、Pub_AACWith information therein, locally computing MIC_{AS_AAC}And then it is combined with MIC in received AACAuth_{AS_AAC}Comparing, if the result is the same, the verification is passed, and if the result is different, the verification is not passed, thereby realizing the MIC_{AS_AAC}The verification of (1).

(4) After the above checks and verifications are passed, according to Pub_AACRes in_AACDetermining the identity authentication result of the AAC; if any step of the checking and the verification is not passed, the AACAuth is immediately discarded.

Thus, identity authentication of REQ and AAC, namely bidirectional identity authentication of REQ and AAC, is realized in S309 and S311 respectively, and identity identification of REQ is transmitted in ciphertext between REQ and AAC, so that identity protection of REQ is realized.

In S309, Sig is calculated_AACMay be performed in advance in S305, that is, in S305, the AAC pair includes REQInit and ID_REQ、ID_AACAnd Cert_AACSig is generated by signature data calculation_AACThen Sig is also included in AACVeri in S306_AACIn S307, the AS-AAC also needs to be paired with Sig_AACVerifying, and executing subsequent operation after the verification is passed; in this case, in S309, AAC may not calculate Sig_AACAccordingly, Sig is not included in AACAuth of S310_AACREQ also no longer verifies Sig in S311_AACAt this time Pub_AACMay not include Cert_AAC。

Referring to fig. 4, it is an embodiment of the identity authentication method in the above (two) cases, where AS-AAC (or AS-REQ) may be used to represent the authentication server that REQ and AAC trust together. In the embodiment, the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, so that the engineering implementation is facilitated. The identity authentication method comprises the following steps:

s401, AAC Generation Nonce_AACAnd KeyInfo_AACGenerating Security capabilities as required_AAC。

S402, AAC sends a key request message AACInit to REQ.

The AACInit comprises a Nonce_AAC、KeyInfo_AACAnd Security capabilities_AAC. Wherein, Security capabilities_AACIs an optional field.

S403, after receiving AACInit, REQ performs the following operations, including:

(1) and generating the Nonce_REQAnd KeyInfo_REQ；

(2) Generating Security capabilities as required_REQ；

(3) According to the list including KeyInfo_REQCorresponding temporary private key and KeyInfo_AACThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information employed by REQ and AAC are the same and optional, such as a specific string, etc.) calculate a message encryption key using a negotiated or preset key derivation algorithm;

(4) generating an identity identification ciphertext EncData by utilizing the calculation of the message encryption key_REQ；

(5) Calculating identity identification code MIC of REQ_REQ。

S404, REQ sends an identity ciphertext message REQInit to AAC.

The REQInit comprises Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、EncData_REQAnd MIC_REQ. Wherein EncData_REQIncludes ID_REQ；Security capabilities_REQWhether REQ generates Security capabilities for optional fields_REQDepending on whether Security capabilities are carried in AACInit sent from AAC to REQ_AAC(ii) a The MIC_REQSee the relevant description in the embodiment of fig. 3 for a generation process of (a).

S405, after receiving REQInit, the AAC executes the following operations, including:

(1) check for Nonce in REQInit_AACWith self-generated Nonce_AACIf the two are consistent, discarding REQInit;

(2) according to the KeyInfo_AACCorresponding temporary private key and the KeyInfo_REQThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information employed by AAC and REQ are the same and optional, such as a specific string, etc.) calculate a message encryption key using a negotiated or preset key derivation algorithm;

(3) decrypting EncData using message encryption key_REQGet ID_REQ；

(4) Generating a second key Nonce_AACPubAnd a third key Nonce_AACID；

(5) And calculating and generating identity information EncPub of AAC by using public key of encryption certificate_AS。

S406, AAC sends a first authentication request message AACVeri to AS-AAC.

The AACVeri comprises REQInit and ID_REQAnd EncPub_AS. Wherein, ID_REQShould equal EncData in AAC decryption REQInit_REQThe obtained ID_REQ，EncPub_ASIncludes ID_AAC、Cert_AAC、Nonce_AACIDAnd Nonce_AACPub。

S407, after the AS-AAC receives the AACVeri, the following operations are executed, including:

(1) decrypting EncPub by using private key corresponding to encryption certificate_ASGet ID_AAC、Cert_AAC、Nonce_AACIDAnd Nonce_AACPub；

(2) And verifying Cert_AACGet Res_AACAccording to including Res_AACAnd Cert_AACGeneration of information in Pub_AAC；

(3) Verifying MIC in REQInit_REQTo obtain Res_REQAccording to inclusion of ID_REQAnd Res_REQGeneration of information in Pub_REQ；MIC_REQSee the description relating to the embodiment of fig. 3;

(4) the general equation (Nonce)_AACPubAnd Pub_AACPerforming exclusive-or operation to generate Pub_AAC⊕Nonce_AACPubChange of Nonce_AACIDAnd ID_AACIdentity identification ciphertext (ID) for generating AAC (advanced audio coding) by carrying out XOR (exclusive OR) operation_AAC⊕Nonce_AACID；

(5) Calculating a first message authentication code MIC of the AS-AAC_{AS_AAC}And a first digital signature Sig_{AS_AAC1}。

S408, the AS-AAC sends a first authentication response message ASVeri to the AAC.

The ASVeri comprises an ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_AAC}、ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQAnd Sig_{AS_AAC1}. Wherein, ID_REQ、Nonce_REQ、Nonce_AACShould be equal to the corresponding field in AACVeri, respectively; MIC_{AS_AAC}Is a pre-shared secret key K utilized by AS-AAC with REQ_{REQ_AS}Including ID with the cryptographic algorithm pair agreed upon with REQ_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPubThe information inside is generated by calculation; sig_{AS_AAC1}Is formed by the AS-AAC pair including ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQThe signature data inside is calculated and generated.

S409, after the AAC receives the ASVeri, executing the following operations including:

(1) and use of the Nonce_AACIDFor ID_AAC⊕Nonce_AACIDRecovering ID by performing XOR operation_AACChecking the recovered ID_AACIdentity ID of AAC_AACThe same;

(2) and examination Nonce_AACNonce whether or not to be associated with AAC Generation_AACThe same;

(3) public key verification Sig using AS-AAC_{AS_AAC1}；

(4) Checking Pub_REQID of (1)_REQWhether or not to match the ID in AACVeri sent to AS-AAC_REQThe same;

(5) if atIf any step of the checking and the verification fails, immediately discarding the ASVeri; after the check and the verification are passed, according to Pub_REQRes in (1)_REQDetermining the identity authentication result of the REQ; if the REQ is determined to be illegal, the authentication process is ended;

(6) calculating identity authentication result information ciphertext EncData by using message encryption key_AAC；

(7) And calculating digital signature Sig of AAC_AAC。

S410, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth comprises EncData_AACAnd Sig_AAC. Wherein EncData_AACIncludes ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_AAC}And Nonce_AACPub(ii) a Wherein, ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_AAC}Derived from ASVeri; nonce_AACPubShould equal the second key Nonce generated by AAC_AACPub。Sig_AACIncludes Sig in the AACAuth_AACOther fields before, e.g. including EncData_AAC。

After receiving the AACAuth, the S411, REQ performs the following operations, including:

(1) decrypting EncData using message encryption key_AACObtaining the ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_AAC}And Nonce_AACPub；

(2) Checking the ID obtained by decryption_REQ、Nonce_REQIdentity ID with REQ itself_REQREQ-generated Nonce_REQWhether they are the same;

(3) and use of the Nonce_AACPubFor Pub_AAC⊕Nonce_AACPubRecovering Pub by XOR operation_AAC；

(4) Verifying Sig_AACAnd MIC_{AS_AAC}；

Among these, REQ utilizes Pub_AACCert in (1)_AACFor Sig_AACCarrying out verification; using pre-shared secret key K with AS-AAC_{REQ_AS}The ID is included in AACAuth by adopting a cryptographic algorithm agreed with AS-AAC_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPubWith information therein, locally computing MIC_{AS_AAC}And adding it to MIC in AACAuth_{AS_AAC}Comparing, if the result is the same, the verification is passed, and if the result is different, the verification is not passed, thereby realizing the MIC_{AS_AAC}The verification of (1).

(5) If any step of the checking and the verification fails, immediately discarding the AACAuth; after the above checks and verifications are passed, according to Pub_AACRes in (1)_AACAnd determining the identity authentication result of the AAC.

Therefore, identity authentication of REQ and identity authentication of AAC are respectively realized in S409 and S411, namely, bidirectional identity authentication of REQ and AAC is realized, and identity identification of REQ, identity identification of AAC and identity authentication result information are transmitted in ciphertext, so that identity protection of REQ and AAC is realized.

In S409, Sig is calculated_AACMay be performed in advance in S405, that is, in S405, AAC pair includes REQInit and ID_REQAnd EncPub_ASGeneration of Sig by computation of signature data_AACThen Sig is also included in AACVeri of S406_AACIn S407, the AS-AAC also needs to verify Sig_AACAfter the verification is passed, the subsequent operation is executed; in this case, in S409, AAC does not calculate Sig_AACAccordingly, Sig is not included in AACAuth of S410_AACREQ also no longer verifies Sig in S411_AACAt this time Pub_AACMay not include Cert_AAC。

Referring to fig. 5, it is an embodiment of the identity authentication method in the (three) cases, where REQ trusted AS-REQ and AAC trusted AS-AAC are two different authentication servers. In the embodiment, the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, so that the engineering implementation is facilitated. The identity authentication method comprises the following steps:

s501, AAC generation Nonce_AACAnd KeyInfo_AACGenerating Security capabilities as required_AAC。

S502, AAC sends a key request message AACInit to REQ.

The AACInit comprises a Nonce_AAC、Security capabilities_AAC、ID_{AS_AAC}And KeyInfo_AAC. Wherein, Security capabilities_AACAnd ID_{AS_AAC}Is an optional field, ID_{AS_AAC}Identity of at least one authentication server representing AAC trust for enabling REQ according to ID_{AS_AAC}It is determined whether there is a co-trusted authentication server (see below).

S503, after receiving AACInit, REQ performs the following operations including:

(1) and generating the Nonce_REQAnd KeyInfo_REQ；

(2) Generating an ID as required_{AS_REQ}And Security capabilities_REQ；

Wherein, ID_{AS_REQ}Identity of at least one authentication server representing REQ trust, when ID exists in AACInit_{AS_AAC}When the REQ tries to select at least one from its trusted authentication server with the ID_{AS_AAC}Wherein the same authentication server is used as ID_{AS_REQ}If the selection fails, at least one authentication server trusted by the authentication server is used as the ID_{AS_REQ}(ii) a When no ID exists in AACInit_{AS_AAC}When the REQ has at least one authentication server trusted by itself as ID_{AS_REQ}(the same applies hereinafter).

(3) According to the list including KeyInfo_REQCorresponding temporary private key and KeyInfo_AACThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information employed by REQ and AAC are the same and optional, such as a specific string, etc.) calculate a message encryption key using a negotiated or preset key derivation algorithm;

(4) and generating an identity identification ciphertext EncData by utilizing the calculation of the message encryption key_REQ；

(5) Calculating identity identification code MIC of REQ_REQ。

S504, REQ sends an identity ciphertext message REQInit to AAC.

The REQInit comprises Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、ID_{AS_REQ}、EncData_REQAnd MIC_REQ. Wherein EncData_REQIncludes ID_REQ；Nonce_AACShould equal the corresponding field in AACInit; security capabilities_REQAnd ID_{AS_REQ}Is an optional field. The MIC_REQIs a pre-shared secret key K of REQ utilization and AS-REQ_{REQ_AS}Using a cryptographic algorithm pair agreed with AS-REQ to include MIC in REQInit_REQThe other previous field calculations are generated. Specifically, REQ utilizes the K_{REQ_AS}Using said cryptographic algorithm (which may be a hash algorithm) pair to include the MIC in REQInit_REQOther fields before, e.g. for including Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、ID_{AS_REQ}、EncData_REQCarrying out hash operation on the information to obtain a hash value, wherein the hash value is used as an identification code MIC of the REQ_REQ。

S505, after receiving REQInit, the AAC executes the following operations, including:

(1) checking the Nonce in REQInit_AACWith self-generated Nonce_AACIf not, discarding REQInit;

(2) according to the system comprising the KeyInfo_AACCorresponding temporary private key and the KeyInfo_REQThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information used by AAC and REQ are the same and optional, such as a specific string, etc.) calculate a message encryption key using a negotiated or preset key derivation algorithm;

(3) decrypting EncData using message encryption key_REQGet ID_REQ；

(4) If REQInit carries ID_{AS_REQ}And the AACInit carries the ID_{AS_AAC}Then AAC judgment ID_{AS_REQ}And ID_{AS_AAC}Whether at least one identity mark of the same authentication server exists or not, if so, the authentication server is in a non-roaming condition, and the AAC determines a first authentication server participating in identity authentication from the identity marks of the at least one REQ and AAC jointly trusted authentication server; if not, roaming is the case, AAC needs ID_{AS_AAC}Determining a first authentication server AS-AAC participating in identity authentication, and identifying the ID_{AS_REQ}Is sent to AS-AAC so that AS-AAC is based on ID_{AS_REQ}Determining a second authentication server AS-REQ; or,

if REQInit carries ID_{AS_REQ}But no ID is carried in AACInit_{AS_AAC}Then AAC judgment ID_{AS_REQ}Whether the identity identification of at least one identical authentication server exists in the authentication server trusted by AAC, if so, namely, the authentication server is in a non-roaming condition, the AAC determines a first authentication server participating in identity authentication from the identity identification of the at least one REQ and AAC jointly trusted authentication server; if the ID does not exist, the roaming situation is achieved, the AAC needs to determine a first authentication server AS-AAC participating in identity authentication according to an authentication server trusted by the AAC, and the ID is used_{AS_REQ}Is sent to AS-AAC so that AS-AAC is based on ID_{AS_REQ}Determining a second authentication server AS-REQ;

it should be noted that the result of the determination in this embodiment is a roaming condition.

S506, AAC sends a first authentication request message AACVeri to AS-AAC.

The AACVeri comprises REQInit and ID_REQ、ID_AACAnd Cert_AAC。

S507, after the AS-AAC receives the AACVeri, the following operations are executed, including:

(1) cert verification_AACGet Res_AACAccording to including Res_AACAnd Cert_AACGeneration of information in Pub_AAC；

(2) If the ID is present in REQInit in AACVeri_{AS_REQ}Then AS-AAC according to ID_{AS_REQ}Determining a second authentication server AS-REQ; if not, then the tableShows AS-AAC known AS AS-REQ;

(3) calculating a second digital signature Sig_{AS_AAC2}。

S508, the AS-AAC sends a second authentication request message AS-AACVeri to the AS-REQ.

The AS-AACVeri comprises REQInit and ID_REQ、ID_AAC、Pub_AACAnd Sig_{AS_AAC2}。Sig_{AS_AAC2}The signature data comprises Sig in AS-AACVeri_{AS_AAC2}Other preceding fields, e.g. including REQInit, ID_REQ、ID_AAC、Pub_AAC。

After the AS-REQ receives the AS-AACVeri, the S509 executes the following operations, including:

(1) public key verification Sig using AS-AAC_{AS_AAC2}If the verification fails, discarding the AS-AACVeri;

(2) verifying MIC in REQInit_REQTo obtain Res_REQAccording to inclusion of ID_REQAnd Res_REQGeneration of information in Pub_REQ；

Wherein the AS-REQ is based on the ID in the AS-AACVeri_REQDetermining a Pre-shared Key K with a REQ_{REQ_AS}And a contracted cryptographic algorithm, using said K_{REQ_AS}The cryptographic algorithm is adopted to carry out MIC in REQInit_REQThe previous other fields compute the MIC locally_REQAnd adds it to the received MIC_REQComparing, if the two are the same, then MIC_REQThe AS-REQ judges the identity authentication result of the REQ to be legal after verification, and if the identity authentication result of the REQ is different, the MIC is determined to be legal_REQIf the verification fails, the AS-REQ can have the following processing modes according to the local policy, including: discard the AS-AACVeri or determine the identity authentication result of REQ AS illegal, etc.

(3) Calculating the first message authentication code MIC of the AS-REQ_{AS_REQ}And a third digital signature Sig_{AS_REQ3}。

S510, the AS-REQ sends a second authentication response message AS-REQVeri to the AS-AAC.

The AS-REQVeri comprises ID_REQ、Nonce_REQ、Pub_AAC、MIC_{AS_REQ}、ID_AAC、Nonce_AAC、Pub_REQAnd Sig_{AS_REQ3}. Wherein, ID_REQ、Nonce_REQ、Pub_AAC、ID_AAC、Nonce_AACShould be equal to the corresponding field in the AS-AACVeri, respectively; MIC_{AS_REQ}Is a pre-shared secret key K utilized by the AS-REQ with the REQ_{REQ_AS}Including ID with the cryptographic algorithm pair agreed upon with REQ_REQ、Nonce_REQ、Pub_AACThe information inside is generated by calculation; sig_{AS_REQ3}Is formed by the AS-REQ pair including the ID_AAC、Nonce_AAC、Pub_REQThe signature data inside is calculated and generated.

S511, after the AS-AAC receives the AS-REQVeri, the following operations are executed, including:

(1) public key verification Sig using AS-REQ_{AS_REQ3}(ii) a If the verification fails, discarding the AS-REQVeri;

(2) calculating a first digital signature Sig_{AS_AAC1}。

S512, the AS-AAC sends a first authentication response message ASVeri to the AAC.

The ASVeri comprises an ID_REQ、Nonce_REQ、Pub_AAC、MIC_{AS_REQ}、ID_AAC、Nonce_AAC、Pub_REQAnd Sig_{AS_AAC1}. Wherein, ID_REQ、Nonce_REQ、Pub_AAC、MIC_{AS_REQ}、ID_AAC、Nonce_AAC、Pub_REQShould be equal to the corresponding field in AS-REQVeri, respectively; sig_{AS_AAC1}Is formed by the AS-AAC pair including ID_AAC、Nonce_AAC、Pub_REQThe signature data inside is calculated and generated.

S513, after receiving ASVeri, the AAC performs the following operations including:

(1) check ID in ASVeri_AAC、Nonce_AACIdentity ID of whether to respectively correspond to AAC_AACAnd Nonce for AAC generation_AACThe same;

(2) public key verification Sig using AS-AAC_{AS_AAC1}；

(3) Checking Pub_REQID of (1)_REQWhether or not to decrypt EncD in REQInitata_REQThe obtained ID_REQThe same;

(4) if any step of the checking and the verification fails, immediately discarding the ASVeri; after the above checks and verifications are passed, according to Pub_REQRes in (1)_REQDetermining the identity authentication result of the REQ; if the REQ is determined to be illegal, the authentication process is ended;

(5) calculating identity authentication result information ciphertext EncData by using the message encryption key_AAC；

(6) And calculating digital signature Sig of AAC_AAC。

S514, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth comprises EncData_AACAnd Sig_AAC. Wherein EncData_AACIncludes ID_REQ、Nonce_REQ、Pub_AACAnd MIC_{AS_REQ}；ID_REQ、Nonce_REQ、Pub_AAC、MIC_{AS_REQ}Derived from ASVeri. Sig_AACIncludes Sig in the AACAuth_AACOther fields before, including, for example, EncData_AAC。

After receiving the AACAuth, the S515, REQ performs the following operations, including:

(1) decrypting EncData using message encryption key_AACGet ID_REQ、Nonce_REQ、Pub_AAC、MIC_{AS_REQ}；

(2) Checking ID_REQ、Nonce_REQWhether or not to respectively identify with REQ's own ID_REQREQ-generated Nonce_REQThe same;

(3) verifying Sig_AACAnd MIC_{AS_REQ}；

Among these, REQ utilizes Pub_AACCert in (1)_AACVerifying Sig_AACUsing pre-shared secret key K with AS-REQ_{REQ_AS}The AACAuth comprises ID by adopting a cryptographic algorithm agreed with AS-REQ_REQ、Nonce_REQ、Pub_AACWith information therein, locally computing MIC_{AS_REQ}And adding it to MIC in AACAuth_{AS_REQ}Comparing, if the result is the same, the verification is passed, and if the result is different, the verification is not passed, thereby realizing the MIC_{AS_REQ}And (4) verifying.

(4) After the above checks and verifications are passed, according to Pub_AACRes in (1)_AACDetermining the identity authentication result of the AAC; if any step of the check and the verification fails, the AACAuth is immediately discarded.

Thus, identity authentication for REQ and AAC, i.e., bidirectional identity authentication for REQ and AAC, is achieved at S513 and S515, respectively, and identity of REQ is transmitted in ciphertext between REQ and AAC, thereby achieving identity protection for REQ.

In addition, (1) in S513, Sig is calculated_AACMay be performed in advance in S505, that is, in S505, the AAC pair includes REQInit and ID_REQ、ID_AACAnd Cert_AACGeneration of Sig by computation of signature data_AACThen Sig is also included in AACVeri in S506_AACIn S507, the AS-AAC also needs to verify Sig_AACAfter the verification is passed, performing subsequent operation; in this case, in S513 AAC does not calculate Sig_AACAccordingly, S514 AACAuth does not include Sig_AACREQ also no longer verifies Sig in S515_AACAt this time Pub_AACMay not include Cert_AAC. (2) Second digital signature Sig in S507, S508_{AS_AAC2}May be replaced by a second message authentication code MIC_{AS_AAC2}Wherein, MIC_{AS_AAC2}The AS-AAC utilizes a pre-shared key with the AS-REQ and adopts a hash algorithm agreed with the AS-REQ to carry out MIC in AS-AACVeri_{AS_AAC2}The hash value of the previous other field calculation; the AS-REQ verifies Sig in S509_{AS_AAC2}Replace with verifying MIC_{AS_AAC2}. Third digital signature Sig in S509, S510_{AS_REQ3}May be replaced by a third message authentication code MIC_{AS_REQ3}Wherein, MIC_{AS_REQ3}The ID included in the AS-REQVeri is subjected to hash algorithm agreed with the AS-AAC by using a pre-shared key of the AS-REQ_AAC、Nonce_AAC、Pub_REQA hash value computed over the inner field; the AS-AAC verification Sig in S511_{AS_REQ3}Replace with verifying MIC_{AS_REQ3}。

Referring to fig. 6, it is an embodiment of the identity authentication method in the (four) cases, where REQ trusted AS-REQ and AAC trusted AS-AAC are two different authentication servers. In this embodiment, the message encryption key negotiation process between REQ and AAC is merged into the identity authentication process in parallel, which is more convenient for engineering implementation. The identity authentication method comprises the following steps:

s601, AAC generation Nonce_AACAnd KeyInfo_AACGenerating Security capabilities as required_AAC。

S602, AAC sends a key request message AACInit to REQ.

The AACInit comprises a Nonce_AAC、Security capabilities_AAC、ID_{AS_AAC}And KeyInfo_AAC. Wherein Security capabilities are provided_AACAnd ID_{AS_AAC}Is an optional field.

S603, after receiving AACInit, REQ performs the following operations including:

(1) and generating the Nonce_REQAnd KeyInfo_REQ；

(2) And generating an ID as required_{AS_REQ}And Security capabilities_REQ；

(3) According to the formula including KeyInfo_REQCorresponding temporary private key and KeyInfo_AACThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information employed by REQ and AAC are the same and optional, such as a specific string, etc.) calculate a message encryption key using a negotiated or preset key derivation algorithm;

(4) and generating an identity identification ciphertext EncData by utilizing the calculation of the message encryption key_REQ；

(5) Calculating identity identification code MIC of REQ_REQ。

S604, REQ sends an identity ciphertext message REQInit to AAC.

The REQInit comprises Nonce_AAC、Nonce_REQ、Security capabilities_REQ、KeyInfo_REQ、ID_{AS_REQ}、EncData_REQAnd MIC_REQ. Wherein, Nonce_AACShould equal the corresponding field in AACInit; security capabilities_REQAnd ID_{AS_REQ}Is an optional field; EncData_REQIncludes ID_REQ(ii) a The MIC_REQSee the associated description in the embodiment of fig. 5.

After receiving REQInit, S605 and AAC execute the following operations, including:

(1) check for Nonce in REQInit_AACWith self-generated Nonce_AACIf the operation is consistent, continuing to execute the subsequent operation, and if the operation is inconsistent, discarding REQInit;

(2) according to the KeyInfo_AACCorresponding temporary private key and the KeyInfo_REQThe included temporary public key is subjected to key exchange calculation to generate a first key K1, K1 is combined with Nonce_AAC、Nonce_REQAnd other information (other information employed by AAC and REQ are the same and optional, such as a specific string, etc.) calculate a message encryption key using a negotiated or preset key derivation algorithm;

(3) decrypting EncData using message encryption key_REQGet ID_REQ；

(4) Generating a second key Nonce_AACPubAnd a third key Nonce_AACID；

(5) And calculating and generating identity information EncPub of AAC by using public key of encryption certificate_AS；

(6) The procedure for determining the first authentication server AS-AAC is described in connection with example 5; it should be noted that the result of the determination in this embodiment is a roaming condition.

S606, AAC sends a first authentication request message AACVeri to AS-AAC.

The AACVeri comprises REQInit and ID_REQAnd EncPub_AS. Wherein EncPub_ASIncludes ID_AAC、Cert_AAC、Nonce_AACIDAnd Nonce_AACPub。

S607, after the AS-AAC receives the AACVeri, the following operations are executed, including:

(1) decrypting EncPub by using private key corresponding to encryption certificate_ASGet ID_AAC、Cert_AAC、Nonce_AACIDAnd Nonce_AACPub；

(2) Cert verification_AACGet Res_AACAccording to including Res_AACAnd Cert_AACGeneration of information in Pub_AAC；

(3) The general equation (Nonce)_AACPubAnd Pub_AACPerforming exclusive-or operation to generate Pub_AAC⊕Nonce_AACPubChange of Nonce_AACIDAnd ID_AACGenerating identity identification ciphertext ID of AAC by carrying out XOR operation_AAC⊕Nonce_AACID；

(4) The method for determining the second authentication server AS-REQ is described in connection with embodiment 5;

(5) calculating a second digital signature Sig_{AS_AAC2}。

S608, the AS-AAC sends a second authentication request message AS-AACVeri to the AS-REQ.

The AS-AACVeri comprises REQInit and ID_REQ、ID_AAC⊕Nonce_AACID、Pub_AAC⊕Nonce_AACPubAnd Sig_{AS_AAC2}. Therein, Sig_{AS_AAC2}The signature data comprises Sig in AS-AACVeri_{AS_AAC2}Other preceding fields, e.g. including REQInit, ID_REQ、ID_AAC⊕Nonce_AACID、Pub_AAC⊕Nonce_AACPub。

And S609, after the AS-REQ receives the AS-AACVeri, executing the following operations comprising:

(1) public key verification Sig using AS-AAC_{AS_AAC2}If the verification fails, discarding the AS-AACVeri;

(2) verifying MIC in REQInit_REQTo obtain Res_REQAccording to inclusion of ID_REQAnd Res_REQGeneration of information in Pub_REQ；MIC_REQThe verification process in fig. 5 can be referred to the related description in the embodiment;

(3) calculating the first message authentication code MIC of the AS-REQ_{AS_REQ}And a third digital signature Sig_{AS_REQ3}。

S610, the AS-REQ sends a second authentication response message AS-REQVeri to the AS-AAC.

The AS-REQVeri comprises ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_REQ}、ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQAnd Sig_{AS_REQ3}. Wherein, ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、ID_AAC⊕Nonce_AACID、Nonce_AACShould be equal to the corresponding field in the AS-AACVeri, respectively; MIC_{AS_REQ}Is a pre-shared secret key K utilized by the AS-REQ with the REQ_{REQ_AS}Including ID with the cryptographic algorithm pair agreed upon with REQ_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPubThe information inside is generated by calculation; sig_{AS_REQ3}Is formed by the AS-REQ pair including the ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQThe signature data inside is calculated and generated.

S611, after the AS-AAC receives the AS-REQVeri, the following operations are executed, including:

(1) public key verification Sig using AS-REQ_{AS_REQ3}(ii) a If the verification fails, discarding the AS-REQVeri;

(2) calculating a first digital signature Sig_{AS_AAC1}。

S612, the AS-AAC sends a first authentication response message ASVeri to the AAC.

The ASVeri comprises an ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_REQ}、ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQAnd Sig_{AS_AAC1}. Wherein, ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_REQ}、ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQShould be equal to the corresponding field in AS-REQVeri, respectively. Sig_{AS_AAC1}Is formed by the AS-AAC pair including ID_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQThe signature data inside is calculated and generated.

S613, after the AAC receives the ASVeri, executing the following operations including:

(1) use of the Nonce_AACIDFor ID_AAC⊕Nonce_AACIDRecovering ID by performing XOR operation_AACChecking the recovered ID_AACNonce in ASVeri_AACWhether or not to respectively identify with AAC own identity ID_AACAnd Nonce for AAC generation_AACThe same;

(2) public key verification Sig using AS-AAC_{AS_AAC1}；

(3) Checking Pub_REQID of (1)_REQWhether or not to be associated with ID in AACVeri sent to AS-AAC_REQThe same;

(4) if any step of the checking and the verification is not passed, immediately discarding the ASVeri; after the above checks and verifications are passed, according to Pub_REQRes in (1)_REQDetermining the identity authentication result of the REQ; if the REQ is determined to be illegal, the authentication process is ended;

(5) calculating identity authentication result information ciphertext EncData by using message encryption key_AAC；

(6) And calculating the digital signature Sig of the AAC_AAC。

S614, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth comprises EncData_AACAnd Sig_AAC. Wherein EncData_AACIncludes ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_REQ}And Nonce_AACPub；ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_REQ}Derived from ASVeri; nonce_AACPubShould equal the second key Nonce generated by AAC_AACPub。Sig_AACIncludes Sig in the AACAuth_AACOther fields before, e.g. including EncData_AAC。

S615, after receiving the AACAuth, the REQ performs the following operations including:

(1) decrypting EncData using message encryption key_AACObtaining the ID_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPub、MIC_{AS_REQ}And Nonce_AACPub；

(2) Checking the ID obtained by decryption_REQ、Nonce_REQWhether or not to respectively identify with REQ's own identity ID_REQREQ-generated Nonce_REQThe same;

(3) and use of the Nonce_AACPubFor Pub_AAC⊕Nonce_AACPubRecovering Pub by XOR operation_AAC；

(4) Verifying Sig_AACAnd MIC_{AS_REQ}；

Among these, REQ utilizes Pub_AACCert in (1)_AACVerifying Sig_AACUsing pre-shared secret key K with AS-REQ_{REQ_AS}The AACAuth comprises ID by adopting a cryptographic algorithm agreed with AS-REQ_REQ、Nonce_REQ、Pub_AAC⊕Nonce_AACPubWith information therein, locally computing MIC_{AS_REQ}And adding it to MIC in AACAuth_{AS_REQ}Comparing, if the result is the same, the verification is passed, and if the result is different, the verification is not passed, thereby realizing the MIC_{AS_REQ}And (4) verifying.

(5) After the check and the verification are passed, according to the Pub_AACRes in_AACDetermining the identity authentication result of the AAC; if any step of the checking and the verification is not passed, the AACAuth is immediately discarded.

Therefore, identity authentication of REQ and AAC is realized in S613 and S615, that is, bidirectional identity authentication of REQ and AAC is realized, and identity of REQ, identity of AAC, and identity authentication result information are transmitted in ciphertext, so that identity protection of REQ and AAC is realized.

In addition, (1) in S613, Sig is calculated_AACMay be performed in advance in S605, that is, in S605, AAC pair includes REQInit and ID_REQAnd EncPub_ASGeneration of Sig by computation of signature data_AACThen AACVeri of S606Also includes Sig_AACIn S607, the AS-AAC also verifies Sig_AACAfter the verification is passed, the subsequent operation is executed; in this case, in S613 AAC does not calculate Sig_AACAccordingly, Sig is not included in AACAuth of S614_AACREQ also no longer verifies Sig in S615_AACAt this time Pub_AACMay not include Cert_AAC. (2) Second digital signature Sig in S607, S608_{AS_AAC2}May be replaced by a second message authentication code MIC_{AS_AAC2}Wherein, MIC_{AS_AAC2}The AS-AAC utilizes a pre-shared key with the AS-REQ and adopts a hash algorithm agreed with the AS-REQ to carry out MIC in AS-AACVeri_{AS_AAC2}The hash value of the previous other field calculation; the AS-REQ verifies Sig in S609_{AS_AAC2}Replace with verifying MIC_{AS_AAC2}. Third digital signature Sig in S609 and S610_{AS_REQ3}May be replaced by a third message authentication code MIC_{AS_REQ3}Wherein, MIC_{AS_REQ3}The ID included in the AS-REQVeri is subjected to hash algorithm agreed with the AS-AAC by using a pre-shared key of the AS-REQ_AAC⊕Nonce_AACID、Nonce_AAC、Pub_REQA hash value computed over the inner field; the AS-AAC verification Sig in S611_{AS_REQ3}Replace with verifying MIC_{AS_REQ3}。

In the above embodiments, each message may also carry a HASH value HASH_{X_Y}The HASH value HASH_{X_Y}The message is obtained by calculating the latest preamble message sent by the opposite terminal entity Y by the sender entity X of the message by using a hash algorithm, and the hash algorithm is used for verifying whether the entity X receives the complete latest preamble message by the opposite terminal entity Y. Wherein, HASH_{REQ_AAC}HASH value, HASH, indicating the calculation of REQ on the latest preamble message received from AAC transmission_{AAC_REQ}HASH value, HASH, representing the calculation of AAC on the latest preamble message sent by a received REQ_{AAC_AS-AAC}HASH value, HASH, representing the calculation of AAC on the latest preamble message received from AS-AAC transmission_{AS-AAC_AAC}HASH value, HASH, representing the calculation of the latest preamble of an AS-AAC transmission to a received AAC transmission_{AS-AAC_AS-REQ}Indicating the latest AS-AAC transmission to the received AS-REQHASH value, HASH, of a preamble calculation_{AS-REQ_AS-AAC}Represents the hash value calculated by the AS-REQ on the latest preamble message sent by the received AS-AAC. If the message currently sent by the entity X at the sending party is the first message interacted between the entity X and the entity Y, which means that the entity X does not receive the preamble message sent by the entity Y at the opposite end, the HASH in the message_{X_Y}May be absent or meaningless.

Correspondingly, after the opposite terminal entity Y receives the message sent by the entity X, if the message contains HASH_{X_Y}Entity Y ignores HASH when entity Y has not sent a preamble to entity X_{X_Y}(ii) a When entity Y has sent the preamble message to entity X, entity Y uses the HASH algorithm to locally calculate the HASH value of the latest preamble message sent to entity X before and the HASH value HASH carried in the received message_{X_Y}And comparing, if the comparison result is consistent with the comparison result, executing the subsequent steps, otherwise discarding or ending the authentication process.

In the present invention, for an entity X, a preamble message sent from an opposite end entity Y to the entity X means: before the entity X sends the message M to the opposite end entity Y, the received message sent from the opposite end entity Y to the entity X; the latest preamble message sent by the correspondent entity Y to the entity X means: before the entity X sends the message M to the opposite end entity Y, the latest message sent by the opposite end entity Y to the entity X is received. If the message M sent by the entity X to the opposite terminal entity Y is the first message interacted between the entity X and the entity Y, no preamble message sent by the opposite terminal entity Y to the entity X exists before the entity X sends the message M to the opposite terminal entity Y.

The optional fields and optional operations in the embodiments corresponding to fig. 3 to 6 are denoted by "") in fig. 3 to 6 of the drawings in the specification. The content included in the message according to all the above embodiments is not limited in sequence, and in a case that no particular description is given, the sequence of operations on the relevant message and the sequence of processing the content included in the message after the message is received by the message recipient are not limited.

Based on the embodiments corresponding to fig. 1 to fig. 6, referring to fig. 7, an embodiment of the present application further provides a requesting device 700, including:

a generating module 710, configured to calculate, by using a message encryption key, information including an identity of the requesting device to generate an identity ciphertext of the requesting device, and calculate, by using a pre-shared key of a second authentication server trusted by the requesting device, an identity authentication code of the requesting device for the information including the identity ciphertext of the requesting device by using a cryptographic algorithm agreed with the second authentication server;

a sending module 720, configured to send an identity ciphertext message to an authentication access controller, where the identity ciphertext message includes an identity identifier ciphertext of the requesting device and an identity authentication code of the requesting device;

a receiving module 730, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext; the identity authentication result information ciphertext is generated by encrypting encrypted data including first authentication result information and a first message authentication code of the second authentication server by using the message encryption key;

a decryption module 740, configured to decrypt the identity authentication result information ciphertext with the message encryption key to obtain the first authentication result information and the first message authentication code of the second authentication server; the first message authentication code of the second authentication server is generated by the second authentication server through calculation of information including the first authentication result information by using a pre-shared key of the request device and a cryptographic algorithm agreed with the request device;

a verification module 750, configured to verify the first message authentication code of the second authentication server by using a pre-shared key of the second authentication server and using a cryptographic algorithm agreed with the second authentication server;

a determining module 760, configured to determine, if the authentication passes, an identity authentication result of the authenticated access controller according to a first authentication result in the first authentication result information.

Optionally, the receiving module 730 is further configured to: receiving a key request message sent by the authentication access controller, wherein the key request message comprises a key exchange parameter of the authentication access controller;

the generation module 710 is further configured to: performing key exchange calculation according to a temporary private key corresponding to the key exchange parameter of the request device and a temporary public key included in the key exchange parameter of the authentication access controller to generate a first key, and calculating the message encryption key by using a key derivation algorithm according to information including the first key; correspondingly, the identity ciphertext message further includes a key exchange parameter of the requesting device.

Optionally, the key request message further includes a first random number generated by the authentication access controller; the generating module 710 is specifically configured to: calculating the message encryption key from information including the first key, the first random number, and a second random number generated by the requesting device; correspondingly, the identity ciphertext message further includes the second random number.

Optionally, the identity ciphertext message sent by the sending module 720 further includes the first random number generated by the authentication access controller.

Optionally, the key request message further includes security capability parameter information supported by the authentication access controller; the determining module 760 is further configured to determine a specific security policy used by the requesting device according to the security capability parameter information; the particular security policy is also included in the identity ciphertext message.

Optionally, the key request message further includes an identity of at least one authentication server trusted by the authentication access controller; the determining module 760 is further configured to determine, according to the identity of the at least one authentication server trusted by the authentication access controller in the key request message, the identity of the at least one authentication server trusted by the requesting device; the identity cryptogram message further includes an identity of at least one authentication server trusted by the requesting device.

Optionally, the identity ciphertext message sent by the sending module 720 further includes an identity of at least one authentication server trusted by the requesting device.

Optionally, the identity ciphertext message further includes a second random number generated by the requesting device, and the encrypted data of the identity authentication result information ciphertext in the third authentication response message further includes an identity of the requesting device and/or the second random number;

the verification module 750 is further configured to: verifying the consistency of the identity identifier of the requesting device obtained by decrypting the identity authentication result information ciphertext in the third authentication response message and the identity identifier of the requesting device, and/or verifying the consistency of a second random number obtained by decrypting the identity authentication result information ciphertext in the third authentication response message and a second random number generated by the requesting device; if the authentication is passed, the determining module 760 determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

Optionally, the determining module 760 is further configured to: and determining whether the digital signature of the authentication access controller passes the verification, and if the digital signature of the authentication access controller passes the verification, determining the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

Optionally, the determining module 760 for determining whether the digital signature of the authenticated access controller is verified to pass specifically includes:

when a first authentication request message sent by the authentication access controller to a first authentication server trusted by the authentication access controller also comprises a digital signature of the authentication access controller, the first authentication server verifies the digital signature of the authentication access controller by using a digital certificate of the authentication access controller in the first authentication request message, and if the receiving module receives the third authentication response message, the digital signature of the authentication access controller is determined to be verified;

when the third authentication response message further includes the digital signature of the authentication access controller, correspondingly, the first authentication result information further includes the digital certificate of the authentication access controller; and verifying the digital signature of the authentication access controller by using the digital certificate of the authentication access controller, and determining whether the digital signature of the authentication access controller passes the verification according to a verification result.

Optionally, the first authentication result information is generated by encrypting information including the first authentication result by using a second key; the encrypted data of the identity authentication result information ciphertext in the third authentication response message further comprises the second key; the decryption module 740 is specifically configured to: and decrypting the identity authentication result information ciphertext by using the message encryption key to obtain the second key, and decrypting the first authentication result information by using the second key to obtain the first authentication result.

Optionally, the message sent by the requesting device to the authentication access controller further includes a hash value calculated by the requesting device for the latest preamble message sent by the authentication access controller.

Referring to fig. 8, an embodiment of the present application further provides an authentication access controller 800, including:

a receiving module 810, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes an identity ciphertext of the requesting device and an identity authentication code of the requesting device, the identity ciphertext of the requesting device is generated by the requesting device through calculation of information including an identity of the requesting device using a message encryption key, and the identity authentication code of the requesting device is generated by the requesting device through calculation of information including the identity ciphertext of the requesting device using a pre-shared key of a second authentication server trusted by the requesting device using a cryptographic algorithm agreed with the second authentication server;

a decryption module 820, configured to decrypt the identity ciphertext of the requesting device using the message encryption key to obtain the identity of the requesting device;

a sending module 830, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the identity ciphertext message, an identity of the requesting device, and identity information of the authentication access controller, and the identity information of the authentication access controller is generated according to information including a digital certificate of the authentication access controller;

the receiving module 810 is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message is generated according to information including first authentication result information, a first message authentication code of the second authentication server, second authentication result information, and a first digital signature of the first authentication server; the first authentication result information comprises a first verification result of the digital certificate of the authentication access controller, and a first message authentication code of the second authentication server is generated by the second authentication server through calculation of information comprising the first authentication result information by using a pre-shared key of the request equipment and a cryptographic algorithm agreed with the request equipment; the second authentication result information includes a second verification result for the requesting device, and the first digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information;

a verification module 840, configured to verify the first digital signature by using the public key of the first authentication server, and if the first digital signature passes the verification, the determination module 850 determines the identity authentication result of the requesting device according to a second verification result in the second authentication result information; when the determining module 850 determines that the identity authentication result of the requesting device is legal, the sending module 830 sends a third authentication response message to the requesting device; or,

a verifying module 840, configured to verify the first digital signature by using the public key of the first authentication server, if the first digital signature passes the verification, the sending module 830 sends a third authentication response message to the requesting device, and the determining module 850 determines the identity authentication result of the requesting device according to a second verification result in the second authentication result information; or,

a verification module 840, configured to verify the first digital signature by using a public key of the first authentication server; if the first digital signature passes the verification, the determining module 850 determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; the sending module 830 sends a third authentication response message to the requesting device;

wherein, the third authentication response message comprises an identity authentication result information ciphertext; the identity authentication result information ciphertext is generated by encrypting encrypted data including the first authentication result information and a first message authentication code of the second authentication server using the message encryption key.

Optionally, the sending module 830 is further configured to: a key request message sent to the requesting device, the key request message including a key exchange parameter of the authentication access controller;

correspondingly, the identity ciphertext message further comprises a key exchange parameter of the request device;

the authentication access controller 800 further comprises:

and the generation module is used for performing key exchange calculation according to a temporary private key corresponding to the key exchange parameters of the authentication access controller and a temporary public key included in the key exchange parameters of the request equipment to generate a first key, and calculating the message encryption key by using a key derivation algorithm according to information including the first key.

Optionally, the key request message further includes a first random number generated by the authentication access controller; correspondingly, the identity ciphertext message further comprises a second random number generated by the request device; the generating module is specifically configured to: calculating the message encryption key from information including the first key, the first random number, and the second random number.

Optionally, the identity ciphertext message further includes the first random number; the verification module 840 is further operable to: verifying the consistency of the first random number in the identity ciphertext message and the first random number generated by the authentication access controller; and if the verification is passed, the generation module recalculates the message encryption key.

Optionally, the key request message further includes an identity of at least one authentication server trusted by the authentication access controller; correspondingly, the identity ciphertext message further includes an identity of at least one authentication server trusted by the requesting device;

the determination module 850 is further configured to: and determining the first authentication server according to the identity of the at least one authentication server trusted by the request equipment in the identity ciphertext message and the identity of the at least one authentication server trusted by the authentication access controller in the key request message.

Optionally, the identity ciphertext message further includes an identity of at least one authentication server trusted by the requesting device; the determination module 850 is further configured to: and determining the first authentication server according to the identity of at least one authentication server trusted by the request equipment and the identity of at least one authentication server trusted by the authentication access controller.

Optionally, the first authentication request message further includes an identity of the authentication access controller, and/or a first random number generated by the authentication access controller;

correspondingly, the first authentication response message further includes an identity of the authentication access controller, and/or the first random number;

the verification module 840 is further configured to: verifying the consistency of the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller; and/or verifying the consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller; if the verification is passed, the determining module 850 determines the identity authentication result of the requesting device according to the second verification result.

Optionally, the second authentication result information further includes an identity of the requesting device; the verification module 840 is further configured to: verifying the consistency of the identity of the request equipment in the second authentication result information and the identity of the request equipment obtained by decrypting the identity ciphertext of the request equipment; if the verification passes, the determining module 850 determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information.

Optionally, the identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data including a digital certificate and a second key of the authentication access controller by using a public key of an encryption certificate;

correspondingly, the first authentication result information is generated by encrypting information including the first authentication result by using the second key;

correspondingly, the encrypted data of the identity authentication result information ciphertext in the third authentication response message further includes the second key.

Optionally, the encrypted data of the identity information of the authentication access controller further includes an identity of the authentication access controller and a third key; correspondingly, the first authentication response message further comprises an identity identification ciphertext of the authentication access controller; the identity identification ciphertext of the authentication access controller is generated by encrypting information including the identity identification of the authentication access controller by using the third key;

the verification module 840 is further configured to: and verifying the identity identification ciphertext of the authentication access controller according to the identity identification of the authentication access controller and the third key.

Optionally, the message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller for the received latest preamble message sent by the requesting device; the message sent by the authentication access controller to the first authentication server further comprises a hash value calculated by the authentication access controller on the received latest preamble message sent by the first authentication server.

Referring to fig. 9, an embodiment of the present application further provides a first authentication server 900, including:

a receiving module 910, configured to receive a first authentication request message sent by an authentication access controller, where the first authentication request message includes an identity ciphertext message sent by a requesting device, an identity of the requesting device, and identity information of the authentication access controller, the identity ciphertext message includes an identity ciphertext and an identity authentication code of the requesting device, the identity authentication code of the requesting device is generated by the requesting device through calculation using a pre-shared key of a second authentication server trusted by the requesting device and using a cryptographic algorithm agreed with the second authentication server to perform computation on information including the identity ciphertext of the requesting device, the identity of the requesting device is obtained by the authentication access controller decrypting the identity ciphertext of the requesting device by using the message encryption key, and the identity information of the authentication access controller is generated according to information including a digital certificate of the authentication access controller The preparation method comprises the following steps of (1);

a sending module 920, configured to send a first authentication response message to the authentication access controller, where the first authentication response message is generated according to information including first authentication result information, a first message authentication code of the second authentication server, second authentication result information, and a first digital signature of the first authentication server; the first authentication result information comprises a first verification result of the digital certificate of the authentication access controller, and a first message authentication code of the second authentication server is generated by the second authentication server through calculation of information comprising the first authentication result information by using a pre-shared key of the request equipment and a cryptographic algorithm agreed with the request equipment; the second authentication result information includes a second verification result for the requesting device, and the first digital signature is a digital signature that is calculated by the first authentication server for signature data including the second authentication result information.

Optionally, the identity information of the authentication access controller is generated by encrypting, by the authentication access controller, encrypted data including a digital certificate of the authentication access controller by using a public key of an encryption certificate; the first authentication server 900 further comprises:

and the first decryption module is used for acquiring the digital certificate of the authentication access controller, which is obtained by decrypting the identity information by using the private key corresponding to the encrypted certificate.

Optionally, the identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data including a digital certificate and a second key of the authentication access controller by using a public key of an encryption certificate; the first authentication server 900 further includes:

the second decryption module is used for acquiring the digital certificate of the authentication access controller and the second secret key, which are obtained by decrypting the identity information by using the private key corresponding to the encrypted certificate;

and the encryption module is used for encrypting information including the first verification result by using the second key to generate the first authentication result information.

Optionally, the first authentication server 900 further includes:

the verification module is used for verifying the legality of the digital certificate of the authentication access controller to obtain a first verification result and verifying the identity authentication code of the request equipment to obtain a second verification result;

a first generation module, configured to generate the first authentication result information according to information including the first verification result, generate the second authentication result information according to information including the second verification result, calculate and generate a first message authentication code of a first authentication server for the information including the first authentication result information, and calculate and generate a first digital signature for signature data including the second authentication result information;

a second generating module, configured to calculate and generate the first authentication response message according to information that includes the first authentication result information, a first message authentication code of the first authentication server, the second authentication result information, and the first digital signature.

Optionally, the first authentication server 900 further includes:

the second verification module is used for carrying out validity verification on the digital certificate of the authentication access controller to obtain a first verification result;

a third generating module, configured to generate the first authentication result information according to information including the first verification result, and calculate and generate a second digital signature for signature data including the first authentication result information, the identity identifier of the requesting device, and the identity ciphertext message, or calculate and generate a second message authentication code for information including the first authentication result information, the identity identifier of the requesting device, and the identity ciphertext message;

the sending module is further configured to send a second authentication request message to a second authentication server, where the second authentication request message includes the first authentication result information, the identity ciphertext message, the identity identifier of the requesting device, and the second digital signature, or the second authentication request message includes the first authentication result information, the identity ciphertext message, the identity identifier of the requesting device, and the second message authentication code;

the receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, a first message authentication code of the second authentication server, the second authentication result information, and a third digital signature, or the second authentication response message includes the first authentication result information, a first message authentication code of the second authentication server, the second authentication result information, and a third message authentication code; the third digital signature is generated by the second authentication server through calculation of signature data including the second authentication result information; the third message authentication code is generated by the second authentication server through calculation of information including the second authentication result information;

the second verification module is further configured to verify the third digital signature using a public key of the second authentication server or verify the third message authentication code using a pre-shared key with the second authentication server;

the third generating module is further configured to calculate and generate a first digital signature for signature data including the second authentication result information if the verification passes, and generate the first authentication response message according to information including the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information, and the first digital signature.

Optionally, the message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest preamble message sent by the authentication access controller; the message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server for the received latest preamble message sent by the second authentication server.

Referring to fig. 10, an embodiment of the present application further provides a second authentication server 1000, including:

a receiving module 1010, configured to receive a second authentication request message sent by a first authentication server, where the second authentication request message includes first authentication result information, an identity ciphertext message, an identity identifier of the requesting device and a second digital signature, or the second authentication request message includes the first authentication result information, the identity ciphertext message, the identity identifier of the requesting device and a second message authentication code; the first authentication result information is generated according to information including a first authentication result obtained by the first authentication server performing validity authentication on a digital certificate of an authentication access controller; the identity ciphertext message comprises an identity ciphertext of the requesting device and an identity authentication code of the requesting device, wherein the identity authentication code of the requesting device is generated by the requesting device through calculation of information including the identity ciphertext of the requesting device by using a pre-shared key of a second authentication server trusted by the requesting device and by adopting a cryptographic algorithm agreed with the second authentication server; the second digital signature is generated by the first authentication server through calculation of signature data including the first authentication result information, the identification of the requesting device and the identity ciphertext message, or the second message authentication code is generated by the first authentication server through calculation of information including the first authentication result information, the identification of the requesting device and the identity ciphertext message;

a verification module 1020, configured to verify the second digital signature using a public key of the first authentication server or verify the second message authentication code using a pre-shared key of the first authentication server, and if the verification passes, verify the identity authentication code of the requesting device in the identity ciphertext message to obtain a second verification result;

a generating module 1030, configured to generate the second authentication result information according to information including the second verification result, calculate and generate a first message authentication code of a second authentication server for information including the first authentication result information, calculate and generate a third digital signature for signature data including the second authentication result information, or calculate and generate a third message authentication code for information including the second authentication result information;

a sending module 1040, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information, and the third digital signature, or the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information, and the third message authentication code.

Optionally, the message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest preamble message sent by the first authentication server.

Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium may be at least one of the following media: various media capable of storing program codes, such as Read-Only Memory (ROM), RAM, magnetic disk, or optical disk.

It should be noted that, in the present specification, each embodiment is described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the apparatus and system embodiments, which are consistent and corresponding to the method embodiments, are described in a relatively simple manner, and reference may be made to the method embodiments for relevant points. The above-described embodiments of the apparatus and system are merely illustrative, and the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.

The above description is only one specific embodiment of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present application should be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (49)

1. A method of identity authentication, the method comprising:

the authentication access controller receives an identity ciphertext message sent by a request device, wherein the identity ciphertext message comprises an identity identification ciphertext of the request device and an identity authentication code of the request device; the identity authentication code of the request equipment is generated by the request equipment through calculation of information including an identity identification ciphertext of the request equipment by using a pre-shared key of a second authentication server trusted by the request equipment and a cryptographic algorithm agreed with the second authentication server; the identity identification ciphertext of the request equipment is generated by utilizing a message encryption key to calculate information including the identity identification of the request equipment;

the authentication access controller decrypts the identity identification ciphertext of the request device by using the message encryption key to obtain the identity identification of the request device, and sends a first authentication request message to a trusted first authentication server, wherein the first authentication request message comprises the identity ciphertext message, the identity identification of the request device and the identity information of the authentication access controller, and the identity information of the authentication access controller is generated according to information comprising a digital certificate of the authentication access controller;

the authentication access controller receiving a first authentication response message transmitted from the first authentication server, the first authentication response message being generated based on information including first authentication result information, a first message authentication code of the second authentication server, second authentication result information, and a first digital signature of the first authentication server; the first authentication result information comprises a first verification result of the digital certificate of the authentication access controller, and a first message authentication code of the second authentication server is generated by the second authentication server through calculation of information comprising the first authentication result information by using a pre-shared key of the request equipment and a cryptographic algorithm agreed with the request equipment; the second authentication result information includes a second verification result for the requesting device, and the first digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information;

the authentication access controller verifies the first digital signature by using a public key of the first authentication server, and if the first digital signature passes the verification, the authentication access controller determines an identity authentication result of the request device according to a second verification result in the second authentication result information; when the authentication access controller determines that the identity authentication result of the request equipment is legal, a third authentication response message is sent to the request equipment; or,

the authentication access controller verifies the first digital signature by using a public key of the first authentication server, and if the first digital signature passes the verification, the authentication access controller sends a third authentication response message to the request device and determines the identity authentication result of the request device according to a second verification result in the second authentication result information; or,

the authentication access controller verifies the first digital signature by using a public key of the first authentication server; if the first digital signature passes the verification, the authentication access controller determines the identity authentication result of the request equipment according to a second verification result in the second authentication result information; the authentication access controller sends a third authentication response message to the requesting device;

wherein, the third authentication response message comprises an identity authentication result information ciphertext; the identity authentication result information ciphertext is generated by encrypting encryption data including the first authentication result information and a first message authentication code of the second authentication server by using the message encryption key;

after receiving the third authentication response message, the requesting device decrypts the identity authentication result information ciphertext by using the message encryption key to obtain the first authentication result information and the first message authentication code of the second authentication server, verifies the first message authentication code of the second authentication server by using a pre-shared key of the second authentication server and a cryptographic algorithm agreed with the second authentication server, and if the verification is passed, the requesting device determines the identity authentication result of the authentication access controller according to the first verification result in the first authentication result information.

2. The method of claim 1, wherein before the authenticating access controller receives an identity ciphertext message sent by a requesting device, the method further comprises:

the authentication access controller sends a key request message to the request device, wherein the key request message comprises a key exchange parameter of the authentication access controller;

the request equipment performs key exchange calculation according to a temporary private key corresponding to key exchange parameters of the request equipment and a temporary public key included in the key exchange parameters of the authentication access controller to generate a first key, and calculates the message encryption key by using a key derivation algorithm according to information including the first key;

correspondingly, the identity ciphertext message further comprises a key exchange parameter of the request device;

and the authentication access controller performs key exchange calculation according to a temporary private key corresponding to key exchange parameters of the authentication access controller and a temporary public key included in the key exchange parameters of the request equipment to generate the first key, and calculates the message encryption key by using the key derivation algorithm according to information including the first key.

3. The method of claim 2, wherein the key request message further includes a first random number generated by the authentication access controller;

the step of calculating, by the requesting device, the message encryption key specifically includes:

the request device calculates the message encryption key according to information including the first key, the first random number and a second random number generated by the request device;

correspondingly, the identity ciphertext message further comprises the second random number;

the calculating, by the authentication access controller, the message encryption key specifically includes:

the authentication access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.

4. The method of claim 3, wherein the identity ciphertext message further comprises the first nonce;

before the authenticating access controller calculates the message encryption key, the method further comprises:

the authentication access controller verifies the consistency of the first random number in the identity ciphertext message and the first random number generated by the authentication access controller;

and if the authentication is passed, the authentication access controller calculates the message encryption key again.

5. The method according to claim 2, wherein the key request message further includes security capability parameter information supported by the authentication access controller; the method further comprises the following steps:

the request equipment determines a specific security policy used by the request equipment according to the security capability parameter information;

the particular security policy is also included in the identity ciphertext message.

6. The method according to claim 2, wherein the key request message further includes an identity of at least one authentication server trusted by the authentication access controller;

the method further comprises:

the request equipment determines the identity of at least one authentication server trusted by the request equipment according to the identity of at least one authentication server trusted by the authentication access controller;

the identity cryptograph message further includes an identity of at least one authentication server trusted by the requesting device;

the method further comprises:

and the authentication access controller determines the first authentication server according to the identity of the at least one authentication server trusted by the request equipment in the identity ciphertext message and the identity of the at least one authentication server trusted by the authentication access controller in the key request message.

7. The method according to claim 1, wherein the identity ciphertext message further includes an identity of at least one authentication server trusted by the requesting device;

the method further comprises:

and the authentication access controller determines the first authentication server according to the identity of at least one authentication server trusted by the request equipment and the identity of at least one authentication server trusted by the authentication access controller.

8. The method according to claim 1, wherein the first authentication request message further includes an identity of the authentication access controller, and/or a first random number generated by the authentication access controller;

correspondingly, the first authentication response message further includes an identity of the authentication access controller, and/or the first random number;

before the authenticating access controller determines the identity authentication result of the requesting device, the method further comprises:

the authentication access controller verifies the consistency of the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller; and/or verifying the consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller;

and if the verification is passed, the authentication access controller determines the identity authentication result of the request equipment according to the second verification result.

9. The method of claim 1, wherein the second authentication result information further includes an identity of the requesting device, and before the authenticating access controller determines the authentication result of the requesting device, the method further comprises:

the authentication access controller verifies the consistency of the identity of the request equipment in the second authentication result information and the identity of the request equipment obtained by decrypting the identity ciphertext of the request equipment;

and if the authentication is passed, the authentication access controller determines the identity authentication result of the request equipment according to a second authentication result in the second authentication result information.

10. The method according to claim 1, wherein the identity cryptogram message further includes a second random number generated by the requesting device, and the first authentication request message further includes the second random number;

correspondingly, the first authentication response message further includes the identity of the requesting device and/or the second random number; the encrypted data of the identity authentication result information ciphertext in the third authentication response message further comprises the identity of the requesting device and/or the second random number;

before the requesting device determines the result of the authentication of the identity of the authenticated access controller, the method further comprises:

the request equipment verifies the consistency of the identity identifier of the request equipment obtained by decrypting the identity authentication result information ciphertext in the third authentication response message and the identity identifier of the request equipment, and/or verifies the consistency of a second random number obtained by decrypting the identity authentication result information ciphertext in the third authentication response message and a second random number generated by the request equipment;

and if the authentication is passed, the request equipment determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

11. The method of claim 1, wherein prior to the requesting device determining the authentication result of authenticating the access controller, the method further comprises:

and the request equipment determines whether the digital signature of the authentication access controller passes the verification, and if the digital signature of the authentication access controller passes the verification, the identity authentication result of the authentication access controller is determined according to the first authentication result in the first authentication result information.

12. The method of claim 11, wherein the requesting device determining whether the digital signature of the authenticated access controller verifies specifically comprises:

when the first authentication request message further includes the digital signature of the authentication access controller, the first authentication server verifies the digital signature of the authentication access controller by using the digital certificate of the authentication access controller in the first authentication request message, and if the requesting device receives the third authentication response message, the requesting device determines that the digital signature of the authentication access controller is verified; or,

when the third authentication response message further includes the digital signature of the authentication access controller, correspondingly, the first authentication result information further includes the digital certificate of the authentication access controller; the requesting device verifies the digital signature of the authentication access controller by using the digital certificate of the authentication access controller in the first authentication result information, and determines whether the digital signature of the authentication access controller passes the verification according to the verification result.

13. The method of claim 1, wherein the identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data including a digital certificate of the authentication access controller with a public key of an encryption certificate;

correspondingly, the first authentication server obtains the digital certificate of the authentication access controller, which is obtained by decrypting the identity information by using the private key corresponding to the encrypted certificate.

14. The method of claim 1, wherein the identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data including a digital certificate and a second key of the authentication access controller by using a public key of an encryption certificate;

correspondingly, the first authentication result information is generated by encrypting information including the first authentication result by using the second key;

correspondingly, the encrypted data of the identity authentication result information ciphertext in the third authentication response message further comprises the second key;

after the requesting device receives the third authentication response message, the method further comprises:

the request equipment decrypts the identity authentication result information ciphertext by using the message encryption key to obtain the second key, and decrypts the first authentication result information by using the second key to obtain the first authentication result.

15. The method of claim 14, wherein the encrypted data of the identity information of the authenticated access controller further comprises an identity of the authenticated access controller and a third key;

correspondingly, the first authentication response message further comprises an identity identification ciphertext of the authentication access controller; the identity identification ciphertext of the authentication access controller is generated by encrypting information including the identity identification of the authentication access controller by using the third key;

the authenticating access controller, after receiving the first authentication response message, the method further comprises:

and the authentication access controller verifies the identity identification ciphertext of the authentication access controller according to the identity identification of the authentication access controller and the third key.

16. The method according to any of claims 1 to 15, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server, the method further comprising:

the first authentication server carries out validity verification on the digital certificate of the authentication access controller to obtain a first verification result, verifying the identity authentication code of the request equipment to obtain a second verification result, generating the first authentication result information according to the information including the first verification result, generating the second authentication result information based on information including the second verification result, calculating a first message authentication code of the first authentication server for information including the first authentication result information, a first digital signature is generated by calculation for signature data including the second authentication result information, and calculating to generate the first authentication response message according to the information including the first authentication result information, the first message authentication code of the first authentication server, the second authentication result information and the first digital signature.

17. The method according to any of claims 1 to 15, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers; the method further comprises:

the first authentication server carries out validity verification on a digital certificate of the authentication access controller to obtain a first verification result, generates first authentication result information according to information including the first verification result, calculates signature data including the first authentication result information, the identity of the request device and the identity ciphertext message to generate a second digital signature or calculates information including the first authentication result information, the identity of the request device and the identity ciphertext message to generate a second message authentication code;

the first authentication server sends a second authentication request message to a second authentication server, wherein the second authentication request message comprises the first authentication result information, the identity ciphertext message, the identity of the requesting device and the second digital signature, or the second authentication request message comprises the first authentication result information, the identity ciphertext message, the identity of the requesting device and the second message authentication code; verifying, by the second authentication server, the second digital signature using the public key of the first authentication server or verifying, by the second authentication server, the second message authentication code using a pre-shared key with the first authentication server, and if the verification passes, the second authentication server verifies the identity authentication code of the requesting device in the identity ciphertext message to obtain a second verification result, generating the second authentication result information based on information including the second verification result, calculating a first message authentication code of a second authentication server for information including the first authentication result information, calculating and generating a third digital signature for signature data including the second authentication result information or calculating and generating a third message authentication code for information including the second authentication result information;

the first authentication server receives a second authentication response message sent by the second authentication server, wherein the second authentication response message comprises the first authentication result information, a first message authentication code of the second authentication server, the second authentication result information and a third digital signature, or the second authentication response message comprises the first authentication result information, a first message authentication code of the second authentication server, the second authentication result information and a third message authentication code;

the first authentication server verifies the third digital signature by using a public key of the second authentication server or the first authentication server verifies the third message authentication code by using a pre-shared key of the second authentication server, if the third message authentication code passes the verification, the first authentication server calculates and generates a first digital signature for signature data including the second authentication result information, and generates the first authentication response message according to information including the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information and the first digital signature.

18. The method according to any of claims 1 to 15, wherein the message sent by said requesting device to said authenticating access controller further comprises a hash value computed by said requesting device on the latest preamble message received from said authenticating access controller;

when the authentication access controller receives the message sent by the request device, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed;

the message sent by the authentication access controller to the request device also comprises a hash value calculated by the authentication access controller on the latest preamble message sent by the request device;

when the request device receives the message sent by the authentication access controller, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed;

the message sent by the authentication access controller to the first authentication server further comprises a hash value calculated by the authentication access controller on the received latest preorder message sent by the first authentication server;

when the first authentication server receives the message sent by the authentication access controller, the hash value in the received message is verified, and the subsequent operation is executed after the verification is passed;

the message sent by the first authentication server to the authentication access controller also comprises a hash value calculated by the first authentication server on the received latest preorder message sent by the authentication access controller;

when the authentication access controller receives the message sent by the first authentication server, the hash value in the received message is verified, and the subsequent operation is executed after the verification is passed;

the message sent by the first authentication server to the second authentication server also comprises a hash value calculated by the first authentication server on the received latest preorder message sent by the second authentication server;

when the second authentication server receives the message sent by the first authentication server, the hash value in the received message is verified, and the subsequent operation is executed after the verification is passed;

the message sent by the second authentication server to the first authentication server further comprises a hash value calculated by the second authentication server on the received latest preamble message sent by the first authentication server;

when the first authentication server receives the message sent by the second authentication server, the hash value in the received message is verified first, and the subsequent operation is executed after the verification is passed.

19. A requesting device, characterized in that the requesting device comprises:

the generating module is used for calculating and generating an identity identification ciphertext of the request equipment by utilizing a message encryption key for information comprising the identity identification of the request equipment, and calculating and generating an identity identification code of the request equipment by utilizing a pre-shared key of a second authentication server trusting with the request equipment and a cryptographic algorithm agreed with the second authentication server for the information comprising the identity identification ciphertext of the request equipment;

a sending module, configured to send an identity ciphertext message to an authentication access controller, where the identity ciphertext message includes an identity identifier ciphertext of the requesting device and an identity authentication code of the requesting device;

a receiving module, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an identity authentication result information ciphertext; the identity authentication result information ciphertext is generated by encrypting encrypted data including first authentication result information and a first message authentication code of the second authentication server by using the message encryption key;

the decryption module is used for decrypting the identity authentication result information ciphertext by using the message encryption key to obtain the first authentication result information and a first message authentication code of the second authentication server; the first message authentication code of the second authentication server is generated by the second authentication server through calculation of information including the first authentication result information by using a pre-shared key of the requesting device and a cryptographic algorithm agreed with the requesting device;

the verification module is used for verifying the first message authentication code of the second authentication server by using a pre-shared key of the second authentication server and a cryptographic algorithm agreed with the second authentication server;

and the determining module is used for determining the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information if the authentication is passed.

20. The requesting device of claim 19, wherein the receiving module is further configured to: receiving a key request message sent by the authentication access controller, wherein the key request message comprises a key exchange parameter of the authentication access controller;

the generation module is further configured to: performing key exchange calculation according to a temporary private key corresponding to the key exchange parameter of the request device and a temporary public key included in the key exchange parameter of the authentication access controller to generate a first key, and calculating the message encryption key by using a key derivation algorithm according to information including the first key;

correspondingly, the identity ciphertext message further includes a key exchange parameter of the requesting device.

21. The requesting device of claim 20, wherein the key request message further includes a first random number generated by the authentication access controller;

the generating module is specifically configured to: calculating the message encryption key from information including the first key, the first random number, and a second random number generated by the requesting device;

correspondingly, the identity ciphertext message further includes the second random number.

22. The requesting device of claim 21, wherein the identity ciphertext message sent by the sending module further comprises the first random number generated by the authentication access controller.

23. The requesting device of claim 20, wherein the key request message further includes security capability parameter information supported by the authentication access controller;

the determination module is further configured to: determining a specific security policy used by the requesting device according to the security capability parameter information;

the particular security policy is also included in the identity ciphertext message.

24. The requesting device of claim 20, wherein the key request message further includes an identity of at least one authentication server trusted by the authentication access controller;

the determination module is further configured to: determining the identity of at least one authentication server trusted by the requesting device according to the identity of at least one authentication server trusted by the authentication access controller;

the identity cryptogram message further includes an identity of at least one authentication server trusted by the requesting device.

25. The requesting device of claim 19, wherein the identity ciphertext message sent by the sending module further comprises an identity of at least one authentication server trusted by the requesting device.

26. The requesting device of claim 19, wherein the identity ciphertext message further includes a second random number generated by the requesting device, and wherein the encrypted data of the identity authentication result information ciphertext in the third authentication response message further includes an identity of the requesting device and/or the second random number;

the verification module is further to: verifying the consistency of the identity identifier of the requesting device obtained by decrypting the identity authentication result information ciphertext in the third authentication response message and the identity identifier of the requesting device, and/or verifying the consistency of a second random number obtained by decrypting the identity authentication result information ciphertext in the third authentication response message and a second random number generated by the requesting device; and if the authentication is passed, the determining module determines the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

27. The requesting device of claim 19, wherein the determining module is further configured to: and determining whether the digital signature of the authentication access controller passes the verification, and if the digital signature of the authentication access controller passes the verification, determining the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information.

28. The requesting device of claim 27, wherein the determining module determines whether the digital signature of the authenticated access controller verifies specifically comprises:

when a first authentication request message sent by the authentication access controller to a first authentication server trusted by the authentication access controller also comprises a digital signature of the authentication access controller, the first authentication server verifies the digital signature of the authentication access controller by using a digital certificate of the authentication access controller in the first authentication request message, and if the receiving module receives the third authentication response message, the digital signature of the authentication access controller is determined to be verified;

when the third authentication response message further includes the digital signature of the authentication access controller, correspondingly, the first authentication result information further includes the digital certificate of the authentication access controller; and verifying the digital signature of the authentication access controller by using the digital certificate of the authentication access controller, and determining whether the digital signature of the authentication access controller passes the verification according to a verification result.

29. The requesting device according to claim 19, wherein the first authentication result information is generated by encrypting information including the first authentication result with a second key; the encrypted data of the identity authentication result information ciphertext in the third authentication response message further comprises the second key;

the decryption module is specifically configured to: and decrypting the identity authentication result information ciphertext by using the message encryption key to obtain the second key, and decrypting the first authentication result information by using the second key to obtain the first authentication result.

30. The requesting device of any of claims 19-29, wherein the message sent by said requesting device to said authenticating access controller further comprises a hash value computed by said requesting device on the latest preamble message received from said authenticating access controller.

31. An authentication access controller, characterized in that the authentication access controller comprises:

a receiving module, configured to receive an identity ciphertext message sent by a requesting device, where the identity ciphertext message includes an identity ciphertext of the requesting device and an identity authentication code of the requesting device, the identity ciphertext of the requesting device is generated by the requesting device through calculation of information including an identity of the requesting device using a message encryption key, and the identity authentication code of the requesting device is generated by the requesting device through calculation of information including the identity ciphertext of the requesting device using a pre-shared key of a second authentication server trusted by the requesting device using a cryptographic algorithm agreed with the second authentication server;

the decryption module is used for decrypting the identity identification ciphertext of the request equipment by using the message encryption key to obtain the identity identification of the request equipment;

a sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the identity ciphertext message, an identity of the requesting device, and identity information of the authentication access controller, and the identity information of the authentication access controller is generated according to information including a digital certificate of the authentication access controller;

the receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message is generated according to information including first authentication result information, a first message authentication code of the second authentication server, second authentication result information, and a first digital signature of the first authentication server; the first authentication result information comprises a first verification result of the digital certificate of the authentication access controller, and a first message authentication code of the second authentication server is generated by the second authentication server through calculation of information comprising the first authentication result information by using a pre-shared key of the request equipment and a cryptographic algorithm agreed with the request equipment; the second authentication result information includes a second verification result for the requesting device, and the first digital signature is a digital signature calculated by the first authentication server on signature data including the second authentication result information;

the verification module is used for verifying the first digital signature by using the public key of the first authentication server, and if the verification is passed, the determining module determines the identity authentication result of the request device according to a second verification result in the second authentication result information; when the determining module determines that the identity authentication result of the requesting device is legal, the sending module sends a third authentication response message to the requesting device; or,

the public key of the first authentication server is used for verifying the first digital signature, if the first digital signature passes the verification, the sending module sends a third authentication response message to the request device, and the determining module determines the identity authentication result of the request device according to a second verification result in the second authentication result information; or,

for verifying the first digital signature with a public key of the first authentication server; if the first digital signature passes the verification, the determining module determines the identity authentication result of the request device according to a second verification result in the second authentication result information; the sending module sends a third authentication response message to the requesting device;

wherein, the third authentication response message comprises an identity authentication result information ciphertext; the identity authentication result information ciphertext is generated by encrypting encrypted data including the first authentication result information and a first message authentication code of the second authentication server using the message encryption key.

32. The authenticated access controller of claim 31, wherein said sending module is further configured to: a key request message sent to the requesting device, the key request message including a key exchange parameter of the authentication access controller;

correspondingly, the identity ciphertext message further comprises a key exchange parameter of the request device;

the authentication access controller further comprises:

and the generation module is used for performing key exchange calculation according to a temporary private key corresponding to the key exchange parameters of the authentication access controller and a temporary public key included in the key exchange parameters of the request equipment to generate a first key, and calculating the message encryption key by using a key derivation algorithm according to information including the first key.

33. The controller according to claim 32, wherein said key request message further includes a first random number generated by said controller; correspondingly, the identity ciphertext message further includes a second random number generated by the requesting device;

the generating module is specifically configured to: calculating the message encryption key according to information including the first key, the first random number, and the second random number.

34. The authentication access controller of claim 33, wherein the identity ciphertext message further comprises the first nonce;

the verification module is further configured to: verifying the consistency of the first random number in the identity ciphertext message and the first random number generated by the authentication access controller; and if the verification is passed, the generation module recalculates the message encryption key.

35. The authentication access controller of claim 32, wherein the key request message further comprises an identity of at least one authentication server trusted by the authentication access controller; correspondingly, the identity ciphertext message further includes an identity of at least one authentication server trusted by the requesting device;

the determination module is further to: and determining the first authentication server according to the identity of the at least one authentication server trusted by the request equipment in the identity ciphertext message and the identity of the at least one authentication server trusted by the authentication access controller in the key request message.

36. The authentication access controller of claim 31, wherein the identity ciphertext message further comprises an identity of at least one authentication server trusted by the requesting device;

the determination module is further to: and determining the first authentication server according to the identity of at least one authentication server trusted by the requesting device and the identity of at least one authentication server trusted by the authentication access controller.

37. The controller according to claim 31, wherein the first authentication request message further comprises an identity of the authentication access controller, and/or a first random number generated by the authentication access controller;

correspondingly, the first authentication response message further includes an identity of the authentication access controller, and/or the first random number;

the verification module is further configured to: verifying the consistency of the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller; and/or verifying the consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller; and if the verification is passed, the determining module determines the identity authentication result of the request equipment according to the second verification result.

38. The authentication access controller of claim 31, wherein the second authentication result information further comprises an identity of the requesting device;

the verification module is further to: verifying the consistency of the identity of the requesting equipment obtained by decrypting the identity ciphertext of the requesting equipment and the identity of the requesting equipment in the second authentication result information; and if the verification is passed, the determining module determines the identity authentication result of the request equipment according to the second verification result in the second authentication result information.

39. The controller according to claim 31, wherein the identity information of the authenticated access controller is generated by the authenticated access controller encrypting encrypted data including a digital certificate and a second key of the authenticated access controller using a public key of an encryption certificate;

correspondingly, the first authentication result information is generated by encrypting information including the first authentication result by using the second key;

correspondingly, the encrypted data of the identity authentication result information ciphertext in the third authentication response message further includes the second key.

40. The authenticated access controller of claim 39, wherein the encrypted data of the identity information of the authenticated access controller further comprises an identity of the authenticated access controller and a third key;

correspondingly, the first authentication response message further comprises an identity identification ciphertext of the authentication access controller; the identity identification ciphertext of the authentication access controller is generated by encrypting information including the identity identification of the authentication access controller by using the third key;

the verification module is further to: and verifying the identity identification ciphertext of the authentication access controller according to the identity identification of the authentication access controller and the third key.

41. An authenticating access controller according to any one of claims 31 to 40, wherein the message sent by the authenticating access controller to the requesting device further includes a hash value calculated by the authenticating access controller on the latest preamble message received from the requesting device; the message sent by the authentication access controller to the first authentication server further comprises a hash value calculated by the authentication access controller on the received latest preamble message sent by the first authentication server.

42. A first authentication server, the first authentication server comprising:

a receiving module, configured to receive a first authentication request message sent by an authentication access controller, where the first authentication request message includes an identity ciphertext message sent by a requesting device, an identity of the requesting device, and identity information of the authentication access controller, the identity ciphertext message includes an identity ciphertext and an identity authentication code of the requesting device, the identity authentication code of the requesting device is generated by the requesting device through calculation using a pre-shared key of a second authentication server trusted by the requesting device and using a cryptographic algorithm agreed with the second authentication server, the identity of the requesting device is obtained by the authentication access controller through decryption of the identity ciphertext of the requesting device using the message encryption key, and the identity information of the authentication access controller is generated according to information including a digital certificate of the authentication access controller The method (1);

a sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes first authentication result information, a first message authentication code of the second authentication server, second authentication result information, and a first digital signature of the first authentication server; the first authentication result information comprises a first verification result of the digital certificate of the authentication access controller, and a first message authentication code of the second authentication server is generated by the second authentication server through calculation of information comprising the first authentication result information by using a pre-shared key of the request equipment and a cryptographic algorithm agreed with the request equipment; the second authentication result information includes a second verification result for the requesting device, and the first digital signature is a digital signature that is calculated by the first authentication server for signature data including the second authentication result information.

43. The first authentication server of claim 42, wherein the identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data including a digital certificate of the authentication access controller with a public key of an encryption certificate; the first authentication server further comprises:

and the first decryption module is used for acquiring the digital certificate of the authentication access controller, which is obtained by decrypting the identity information by using the private key corresponding to the encrypted certificate.

44. The first authentication server of claim 42, wherein the identity information of the authentication access controller is generated by the authentication access controller encrypting encrypted data including a digital certificate and a second key of the authentication access controller by using a public key of an encryption certificate; the first authentication server further comprises:

the second decryption module is used for acquiring the digital certificate of the authentication access controller and the second secret key, which are obtained by decrypting the identity information by using the private key corresponding to the encrypted certificate;

and the encryption module is used for encrypting information including the first verification result by using the second key to generate the first authentication result information.

45. The first authentication server of claim 42, further comprising:

the verification module is used for verifying the legality of the digital certificate of the authentication access controller to obtain a first verification result and verifying the identity authentication code of the request equipment to obtain a second verification result;

a first generation module, configured to generate the first authentication result information according to information including the first verification result, generate the second authentication result information according to information including the second verification result, calculate and generate a first message authentication code of a first authentication server for the information including the first authentication result information, and calculate and generate a first digital signature for signature data including the second authentication result information;

and a second generation module, configured to calculate and generate the first authentication response message according to information including the first authentication result information, the first message authentication code of the first authentication server, the second authentication result information, and the first digital signature.

46. The first authentication server of claim 42, further comprising:

the second verification module is used for carrying out validity verification on the digital certificate of the authentication access controller to obtain a first verification result;

a third generating module, configured to generate the first authentication result information according to information including the first verification result, and calculate and generate a second digital signature for signature data including the first authentication result information, the identity identifier of the requesting device, and the identity ciphertext message, or calculate and generate a second message authentication code for information including the first authentication result information, the identity identifier of the requesting device, and the identity ciphertext message;

the sending module is further configured to send a second authentication request message to a second authentication server, where the second authentication request message includes the first authentication result information, the identity ciphertext message, the identity identifier of the requesting device, and the second digital signature, or the second authentication request message includes the first authentication result information, the identity ciphertext message, the identity identifier of the requesting device, and the second message authentication code;

the receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, a first message authentication code of the second authentication server, the second authentication result information, and a third digital signature, or the second authentication response message includes the first authentication result information, a first message authentication code of the second authentication server, the second authentication result information, and a third message authentication code; the third digital signature is generated by the second authentication server through calculation of signature data including the second authentication result information; the third message authentication code is generated by the second authentication server through calculation of information including the second authentication result information;

the second verification module is further configured to verify the third digital signature using a public key of the second authentication server or verify the third message authentication code using a pre-shared key of the second authentication server;

the third generating module is further configured to calculate and generate a first digital signature for signature data including the second authentication result information if the verification passes, and generate the first authentication response message according to information including the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information, and the first digital signature.

47. The first authentication server according to any of claims 42 to 46, wherein the message sent by the first authentication server to the authentication access controller further comprises a hash value computed by the first authentication server on the received latest preamble message sent by the authentication access controller; the message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server for the received latest preamble message sent by the second authentication server.

48. A second authentication server, characterized in that the second authentication server comprises:

a receiving module, configured to receive a second authentication request message sent by a first authentication server, where the second authentication request message includes first authentication result information, an identity ciphertext message, an identity identifier of the requesting device, and a second digital signature, or the second authentication request message includes the first authentication result information, the identity ciphertext message, the identity identifier of the requesting device, and a second message authentication code; the first authentication result information is generated according to information including a first authentication result obtained by the first authentication server performing validity authentication on a digital certificate of an authentication access controller; the identity ciphertext message comprises an identity ciphertext of the requesting device and an identity authentication code of the requesting device, wherein the identity authentication code of the requesting device is generated by the requesting device through calculation of information including the identity ciphertext of the requesting device by using a pre-shared key of a second authentication server trusted by the requesting device and by adopting a cryptographic algorithm agreed with the second authentication server; the second digital signature is generated by the first authentication server by calculation for signature data including the first authentication result information, the identification of the requesting device, and the identity ciphertext message, or the second message authentication code is generated by the first authentication server by calculation for information including the first authentication result information, the identification of the requesting device, and the identity ciphertext message;

the verification module is used for verifying the second digital signature by using a public key of the first authentication server or verifying the second message authentication code by using a pre-shared key of the first authentication server, and if the verification is passed, verifying the identity authentication code of the request device in the identity ciphertext message to obtain a second verification result;

a generating module, configured to generate the second authentication result information according to information including the second verification result, calculate and generate a first message authentication code of a second authentication server for information including the first authentication result information, calculate and generate a third digital signature for signature data including the second authentication result information, or calculate and generate a third message authentication code for information including the second authentication result information;

a sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information, and a third digital signature, or the second authentication response message includes the first authentication result information, the first message authentication code of the second authentication server, the second authentication result information, and a third message authentication code.

49. The second authentication server of claim 48, wherein the message sent by the second authentication server to the first authentication server further comprises a hash value computed by the second authentication server on the received latest preamble message sent by the first authentication server.

Images