CN115150110A - Method for access authentication, related device, equipment and readable storage medium - Google Patents

Method for access authentication, related device, equipment and readable storage medium Download PDF

Info

Publication number
CN115150110A
CN115150110A CN202110339645.8A CN202110339645A CN115150110A CN 115150110 A CN115150110 A CN 115150110A CN 202110339645 A CN202110339645 A CN 202110339645A CN 115150110 A CN115150110 A CN 115150110A
Authority
CN
China
Prior art keywords
client
authentication
authentication server
message
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110339645.8A
Other languages
Chinese (zh)
Inventor
江伟玉
张道德
萨拉·毕坦
杨飞
刘冰洋
艾迪·莫尔霍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN202110339645.8A priority Critical patent/CN115150110A/en
Publication of CN115150110A publication Critical patent/CN115150110A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application provides a method, a related device, equipment and a readable storage medium for access authentication; the method for access authentication comprises the following steps: the client updates the first key parameter based on the hash function and sends a user identity authentication message to the authentication server, and the authentication server obtains a session key based on the third key parameter, the random number of the authentication server and the user authentication message under the condition that the identity of the client is verified to be legal based on the user authentication message and under the condition that the second count value is judged not to need to be reset; then, a network authentication message and the encrypted session key are sent to the access terminal. The access terminal sends the network authentication message to the client terminal; and the client side generates a session key and deletes the first key parameter before updating under the condition that the identity of the authentication server is verified to be legal based on the network authentication message and the first count value does not need to be reset.

Description

Access authentication method, related device, equipment and readable storage medium
Technical Field
The present invention relates to the field of access authentication, and in particular, to a method, a related apparatus, a device, and a computer-readable storage medium for access authentication.
Background
When accessing a network, a terminal device generally performs an access authentication, which generally has two purposes: the first is to verify the identity of both parties, and the essence of identity verification is to prove that both parties possess a certain long-term shared key; the second is that the two parties negotiate a session key so that the subsequent communication uses the session key to encrypt the communication data.
In order to solve the authentication and security problems of the communication parties in the ethernet, the security protocol engineer proposes an 802.1X protocol, which is widely used in the ethernet as a common access mechanism for the lan port. Therefore, an 802.1X authentication system is generally employed for authentication of devices accessing the internet. In an 802.1X authentication system, there are three roles of a client, an access terminal, and an authentication server, and in order to exchange authentication information among the client, the access terminal, and the authentication server, the 802.1X authentication system usually employs an Extensible Authentication Protocol (EAP) to implement encapsulation and forwarding of the authentication information. Before the Authentication passes, the 802.1X Authentication system only allows data of an internet-based Extended Authentication Protocol (EAPOL) to pass through an access port of the device, an Extensible Authentication Protocol transparent transmission mode (EAP Over RADIUS, EAPOR) is generally adopted between the access port and the Authentication server to realize transparent transmission of an EAP message, after the Authentication passes, normal data can smoothly pass through the ethernet port, and communication data between the client and the access port is encrypted by using a negotiated session key.
Authentication schemes currently employed in 802.1X authentication protocols can be divided into two categories: one type is an asymmetric password based authentication protocol, such as EAP-TLS; another class is authentication protocols based on symmetric cryptography, such as EAP-AKA. With the continuous development of access authentication technology, how to solve the problem that the access authentication scheme based on the symmetric cryptosystem is difficult to realize the forward security is a problem that technicians pay attention to.
Disclosure of Invention
The embodiment of the application provides an access authentication method, which solves the problem that the forward security is difficult to realize in an access authentication scheme based on a pure symmetric password.
In a first aspect, an embodiment of the present application provides an access authentication method, including: the client sends a user authentication message to the authentication server; under the condition that the authentication server verifies that the identity of the client is legal based on the user authentication message, the client receives a network authentication message sent by the authentication server; under the condition that the client side verifies that the identity of the authentication server is legal based on the network authentication message, the client side obtains a session key based on the random number of the client side, the network authentication message and a first key parameter before the client side is updated; the client deletes the first key parameter before updating; the client stores a first key parameter updated based on a hash function. Therefore, after the client and the authentication server negotiate the session key based on the long-term key before updating (the first key parameter before updating), the long-term key before updating is deleted, and since the hash operation is difficult to invert, even if an attacker obtains the long-term key after updating, the long-term key before updating cannot be recovered, so that the session key after history negotiation cannot be obtained, the forward security of the session key is ensured, the historical communication data between the client and other network equipment cannot be decrypted, and the data security is ensured.
In a possible implementation manner, before the client deletes the first key parameter before the update, the method includes: the client obtains an updated first count value according to the formula Ic = Index + 1; what is neededIc is the updated first count value, and Index is the first count value before updating; the first count value is used for representing the number of times of updating a first key parameter of the client based on a hash function; the client side is according to formula S Ic =HASH(S Ic-1 ) Obtaining a first key parameter after updating; said S Ic The updated first key parameter of the client, S Ic-1 And updating the first key parameter for the client. Therefore, the client associates the first count value with the number of times of updating the first key parameter through the hash function, so that the number of times of hash operation required by the first key parameter is determined by taking the first count value as a reference when the first key parameter of the authentication server is updated, the consistency of long-term keys owned by the authentication server and the client is ensured (the first key parameters of the authentication server and the client are the same), and the success rate of negotiation of session keys between the client and the authentication server is improved.
In one possible implementation, the network authentication message includes a message parameter of the authentication server; the client obtains a session key based on the random number of the client, the network authentication message and a first key parameter before the client updates, and the method comprises the following steps: the client acquires a set identifier Re _ sync from the message parameters of the authentication server; if the Re _ sync =1, the client sets a first count value to zero, and executes a step of sending a user authentication message to an authentication server by the client; the first counting value is used for representing the times of updating of a first key parameter of the client based on a hash function; and if the Re _ sync =0, the client obtains a session key based on the random number of the client, the network authentication message and a first key parameter before the client is updated. In this way, under the condition that the counting capacity of the client counter reaches the threshold (such as the maximum counting capacity) and the first key parameter continues to be updated through the hash function, the first count value is set to be 0, so that the number of updating times of the first key parameter is favorably recorded within the counting capacity range of the counter, the first key parameters of the authentication server and the client are ensured to be the same, and the accuracy of the session key between the client and the authentication server is improved.
In one possible implementation manner, the sending, by the client, the user authentication message to the authentication server includes: the client obtains the message parameters of the client based on the identity of the client, a first count value before updating and the random number of the client; the client generates a message authentication code of the client based on the message parameter of the client and the second key parameter of the client; the message authentication code of the client is used for the authentication server to verify the validity of the identity of the client; the client side sends a user authentication message to the authentication server; the user authentication message comprises the message parameter of the client and the message authentication code of the client. Therefore, the authentication server can directly verify the validity of the client based on the message authentication code of the client in the user authentication message, and the computing resource of the authentication server is reduced, so that the working performance of the authentication server is improved.
In one possible implementation, the network authentication message includes a message parameter of the authentication server; before the client obtains a session key based on the random number of the client, the network authentication message and the first key parameter before the client updates, the method comprises the following steps: the client generates a first message authentication code based on the message parameter of the authentication server, the message parameter of the client and the second key parameter of the client; the client side judges whether the first message authentication code is consistent with the message authentication code of the authentication server or not; if the authentication server is judged to be legal, the client judges that the identity of the authentication server is legal; if not, the client side judges that the identity of the authentication server is illegal, and terminates the access authentication between the client side and the authentication server. Therefore, the client side verifies the validity of the identity of the authentication server through the generated first message authentication code, and compared with a mode of verifying the validity of the identity by using a digital certificate, the method saves a large amount of transmission overhead and calculation overhead, thereby improving the working performance of the client side.
In a second aspect, an embodiment of the present application provides an access authentication method, including: the authentication server receives a user authentication message sent by the client; under the condition that the identity of the client is verified to be legal based on the user authentication message, the authentication server obtains a session key based on a third key parameter, the random number of the authentication server and the user authentication message; the third key parameter is the same as the first key parameter before the client is updated; the authentication server deletes the first key parameter before updating; the authentication server stores a first key parameter updated based on a hash function; the authentication server sends a network authentication message and an encrypted session key to the access terminal; the network authentication message is used for the client to verify whether the identity of the authentication server is legal or not and to generate a session key. In this way, after the client and the authentication server negotiate the session key based on the long-term key before updating (the first key parameter before updating), the long-term key before updating is deleted, and since the hash operation is difficult to invert, even if an attacker obtains the long-term key after updating, the long-term key before updating cannot be recovered, and further the session key after history negotiation cannot be obtained, so that the historical communication data between the client and other network devices cannot be decrypted, and the data security front is ensured.
In one possible implementation, the user authentication message includes a message parameter of the client; the authentication server obtains a session key based on a third key parameter, the random number of the authentication server, and the user authentication message, including: the authentication server acquires a first count value before updating from the message parameter of the client; the first count value is used for representing the number of times of updating a first key parameter of the client based on a hash function; if the first count value before updating is larger than or equal to the count threshold value of the authentication server, the authentication server sets the second count value to 0, and executes the step that the authentication server receives the user authentication message sent by the client; and if the first count value before updating is smaller than the count threshold value of the authentication server, the authentication server obtains a session key based on the third key parameter, the random number of the authentication server and the user authentication message. In this way, under the condition that the counting capacity of the authentication server counter reaches the threshold (such as the maximum counting capacity) and the first key parameter continues to be updated through the hash function, the second count value is set to be 0, so that the updating times of the first key parameter are favorably recorded within the counting capacity range of the counter, the first key parameters of the authentication server and the client are ensured to be the same, and the accuracy of the session key between the client and the authentication server is improved.
In one possible implementation, the user authentication message includes a message parameter of the client; after receiving the user authentication message sent by the client, the authentication server includes: the authentication server acquires a first count value before updating from the message parameter of the client; the first count value is used for representing the number of times of updating a first key parameter of the client based on a hash function; the authentication server judges whether the first count value before updating is larger than or equal to the second count value before updating; the second count value is used for representing the number of times of updating the first key parameter of the authentication server based on a hash function; if not, the authentication server terminates the access authentication between the authentication server and the client; if yes, the authentication server generates a second message authentication code based on the message parameter of the client and a second key parameter of the authentication server; the authentication server judges whether the second message authentication code is consistent with the message authentication code of the client; if the client side is judged to be legal, the authentication server judges that the identity of the client side is legal; if not, the authentication server judges that the identity of the client is illegal and terminates the access authentication between the authentication server and the client. Therefore, the authentication server verifies the validity of the identity of the client by judging whether the first count value before updating is greater than or less than the second count value before updating and the second message authentication code, and compared with a mode of verifying the validity of the identity by using a digital certificate, the authentication server saves a large amount of transmission overhead and calculation overhead, thereby improving the working performance of the authentication server.
In one possible implementation manner, before the authentication server obtains the session key based on the third key parameter, the random number of the authentication server, and the user authentication message, the method includes: the authentication server is based on formula S Index =HASH (Index-Is) (S Is ) Obtaining a third key parameter; s is Index The Index is the first count value before updating, and the SIs is the first key parameter before updating of the authentication server; the authentication server obtains an updated second count value according to the formula Is = Index + 1; the Is the updated second count value; the authentication server is based on formula S Is =HASH(S Index ) Obtaining a first key parameter after updating; said S Is A first key parameter updated for the authentication server, the S Is The first key parameter S updated by the client Ic The same is true. Therefore, the authentication server can update the first key parameter of the authentication server through the hash function based on the third key parameter by calculating the third key parameter, and the problem that the first key parameter before the authentication server is updated is inconsistent with the first key parameter before the client is updated is solved, so that the session key calculated by the authentication server is the same as the session key calculated by the client, and the success rate of the client accessing authentication is improved.
In a third aspect, an embodiment of the present application provides an access authentication method, including: the access terminal receives a network authentication message and an encrypted session key sent by the authentication server; the network authentication message is used for the client to verify whether the identity of the authentication server is legal or not and to generate a session key; the access terminal decrypts the encrypted session key to obtain a decrypted session key; and the access terminal sends the network authentication message to the client terminal. Thus, the access terminal has a session key generated based on the first key parameter before updating, the random number of the client terminal and the random number of the authentication server; the first key parameter is updated based on the hash function, and the hash function is not invertible; therefore, even if an attacker obtains the updated long-term key, the attacker cannot recover the long-term key before updating, and further cannot obtain the historical negotiated session key, so that the forward security of the session key is ensured, the historical communication data of the client and other network equipment cannot be decrypted, and the data security is ensured.
In a fourth aspect, an embodiment of the present application provides an apparatus for access authentication, including:
an authentication message sending unit for sending a user authentication message to an authentication server;
an authentication message receiving unit, configured to receive a network authentication message sent by the authentication server when the authentication server verifies that the client identity is legitimate based on the user authentication message;
a session key generation unit, configured to obtain a session key based on the random number of the client, the network authentication message, and a first key parameter before update of the client;
and the deleting unit is used for deleting the first key parameter before updating.
In one possible implementation manner, the apparatus for access authentication further includes:
the first updating unit is used for obtaining an updated first count value according to a formula Ic = Index + 1;
a second updating unit for updating the formula S Ic =HASH(S Ic-1 ) And obtaining the updated first key parameter.
In one possible implementation manner, the session key generation unit includes:
the identification obtaining unit is used for obtaining a set identification Re _ sync from the message parameters of the authentication server;
a zero setting unit, configured to set a first count value to zero and perform a step in which the client sends a user authentication message to an authentication server, if Re _ sync = 1;
a generating unit, configured to obtain a session key based on the random number of the client, the network authentication message, and a first key parameter before the client update if Re _ sync = 0.
In one possible implementation manner, the authentication message sending unit includes:
a message parameter generating unit, configured to obtain a message parameter of the client based on the identity of the client, a first count value before updating, and a random number of the client;
a first authentication code generation unit, configured to generate a message authentication code of the client based on the message parameter of the client and the second key parameter of the client;
and the sending unit is used for sending the user authentication message to the authentication server.
In one possible implementation manner, the apparatus for access authentication further includes:
a second authentication code generating unit, configured to generate a first message authentication code based on the message parameter of the authentication server, the message parameter of the client, and the second key parameter of the client before the session key generating unit obtains the session key based on the random number of the client, the network authentication message, and the first key parameter before the client is updated;
the judging unit is used for judging whether the first message authentication code is consistent with the message authentication code of the authentication server or not;
and the terminating unit is used for terminating the access authentication between the client and the authentication server under the condition that the judging unit judges that the client is not the authentication server.
In a fifth aspect, an embodiment of the present application provides an apparatus for access authentication, including:
the authentication message receiving unit is used for receiving a user authentication message sent by the client;
a session key generation unit, configured to, in a case that the identity of the client is verified to be legitimate based on the user authentication message, obtain a session key based on a third key parameter, the random number of the authentication server, and the user authentication message;
a deleting unit for deleting the first key parameter before updating;
and the sending unit is used for sending the network authentication message and the encrypted session key to the access terminal.
In one possible implementation manner, the session key generation unit includes:
a first obtaining unit, configured to obtain a first count value before updating from a message parameter of the client;
a zero setting unit, configured to set a second count value to 0 if the first count value before updating is greater than or equal to the count threshold of the authentication server;
the execution unit is used for executing the step that the authentication server receives the user authentication message sent by the client;
a first generating unit, configured to, if the first count value before updating is smaller than the count threshold of the authentication server, obtain a session key based on the third key parameter, the random number of the authentication server, and the user authentication message.
In a possible implementation manner, the apparatus for access authentication further includes:
a second obtaining unit, configured to obtain a first count value before updating from the message parameter of the client;
the first judging unit is used for judging whether the first count value before updating is larger than or equal to the second count value before updating;
a termination unit, configured to terminate the access authentication between the authentication server and the client after the determination unit determines that the authentication is negative;
a second generating unit, configured to generate a second message authentication code based on the message parameter of the client and a second key parameter of the authentication server after the determining unit determines that the client is the authentication server;
and the second judging unit is used for judging whether the second message authentication code is consistent with the message authentication code of the client.
In one possible implementation manner, the apparatus for access authentication further includes:
a calculation unit for calculating S according to formula Index =HASH (Index-Is) (S Is ) Obtaining a third key parameter;
the first updating unit Is used for obtaining an updated second count value according to the formula Is = Index + 1;
a second updating unit for updating the formula S Is =HASH(S Index ) And obtaining the updated first key parameter.
In a sixth aspect, an embodiment of the present application provides an apparatus for access authentication, including:
a receiving unit, configured to receive a network authentication message and an encrypted session key sent by an authentication server;
the decryption unit is used for decrypting the encrypted session key to obtain a decrypted session key;
and the sending unit is used for sending the network authentication message to the client.
In a seventh aspect, the embodiment of the application provides a device for access authentication, comprising a memory and a processor;
the memory is configured to store program codes, and the processor is configured to call the program codes stored in the memory and execute the method for access authentication in the first aspect and various possible implementations thereof.
In an eighth aspect, an embodiment of the present application provides an access authentication device, including a memory and a processor;
the memory is configured to store a program code, and the processor is configured to call the program code stored in the memory and execute the method for access authentication in the second aspect and various possible implementations thereof.
In a ninth aspect, an embodiment of the present application provides an access authentication device, including a memory and a processor;
the memory is configured to store program codes, and the processor is configured to call the program codes stored in the memory and execute the method for access authentication in the third aspect and various possible implementations thereof.
In a tenth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the method for access authentication in any of the first to third aspects and various possible implementations thereof is implemented.
In an eleventh aspect, embodiments of the present application provide a computer program, where the computer program includes instructions, when the computer program is executed by a computer, so that a client may execute a procedure executed by a first client in the foregoing first aspect and various possible implementations thereof, or an authentication server may execute a procedure executed by an authentication server in the foregoing second aspect and various possible implementations thereof, or an access terminal may execute a procedure executed by an access terminal in the foregoing third aspect and various possible implementations thereof.
In a twelfth aspect, an embodiment of the present application provides a chip system, where the chip system includes a processor, configured to support a client to implement a function related to a method in the first aspect and various possible implementations thereof, or an authentication server to implement a function related to a method in the second aspect and various possible implementations thereof, or an access to implement a function related to a method in the third aspect and various possible implementations thereof.
In one possible design, the system-on-chip further includes a memory for storing program instructions and data necessary for the client or the authentication server or the access. The chip system may be formed by a chip, or may include a chip and other discrete devices.
Drawings
The drawings used in the embodiments of the present application are described below.
Fig. 1 is a schematic view of an access authentication scenario provided in an embodiment of the present application;
fig. 2 is a flowchart of an access authentication method based on an asymmetric cryptosystem according to an embodiment of the present application;
fig. 3 is a flowchart of a method for access authentication based on a symmetric cryptosystem according to an embodiment of the present application;
fig. 4 is a flowchart of another method for access authentication based on a symmetric cryptosystem according to an embodiment of the present application;
fig. 5 is a flowchart of a counter resetting mechanism of an access authentication system according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an access authentication apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of an access authentication apparatus according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an access authentication apparatus according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an access authentication device according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of an access authentication device according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of an access authentication device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those skilled in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," "third," and the like in the description and claims of this application and in the accompanying drawings are used differently than to describe a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process may comprise a sequence of steps or elements, or may alternatively comprise steps or elements not listed, or may alternatively comprise other steps or elements inherent to such process, method, article, or apparatus.
Only some, but not all, of the material relevant to the present application is shown in the drawings. Before discussing exemplary embodiments in greater detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
As used in this specification, the terms "component," "module," "system," "unit," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a unit may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a distribution between two or more computers. In addition, these units may execute from various computer readable media having various data structures stored thereon. The units may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., from a second unit of data interacting with another unit in a local system, distributed system, and/or across a network.
The client in the embodiment of the application can be a terminal device and other electronic devices, servers, ethernet switches, access points, network access servers and other devices which can be connected with the internet or other LAN resources; an authentication server facilitates authentication of a network device by an entity attempting to access the network; the access terminal may be a network device having a function of connecting the client terminal and the authentication server.
Referring to fig. 1, fig. 1 is a schematic view of an access authentication scenario provided in an embodiment of the present application; in the access authentication scenario shown in fig. 1, the access terminal 100, the access terminal 200, the authentication server 300, and the internet 400 are included. Before the client 100 accesses the internet 400, authentication is performed with the authentication server. The client 100 and the authentication server 300 transmit authentication information through an EAP message, and transmit the EAP message to the other party through the access terminal 200, and negotiate a session key; finally, the authentication server 300 sends the session key to the access terminal 200, and the access authentication of the client 100 is completed.
The access authentication of the client 100 in the embodiment of fig. 1 mainly includes two schemes, one is an asymmetric-password authentication scheme, and the other is a symmetric-password authentication scheme. For the access authentication scheme of symmetric passwords, the embodiment of the present application is specifically described with reference to fig. 2. Referring to fig. 2, fig. 2 is a flowchart of an access authentication method based on an asymmetric cryptosystem according to an embodiment of the present application. Authentication schemes based on asymmetric cryptography are typically based on a digital certificate scheme. In the client-server communication mode, the server needs to have a digital certificate issued by an authority, and the client needs to have a root certificate capable of verifying the validity of the digital certificate. Because both the client and the authentication server have a common trust anchor point, the client and the authentication server can perform one-way access authentication or two-way access authentication. In some scenarios, such as open Web access, one-way access authentication is typically performed, namely: the client needs to verify the validity of the server identity; in other scenarios, such as access enterprise network scenarios, it is often necessary to perform two-way access authentication, namely: the server also needs to verify whether the client is a legal user client, and usually EAP-TLS is used to perform access authentication of the device. The embodiment of the present application takes a client as a terminal device to perform access authentication as an example for description. In this embodiment, the interaction of the authentication information among the terminal device, the authentication server, and the access end is sent through a data packet such as EAP, the transmission of the authentication information between the terminal device and the authentication server is transparently transmitted through the access end, and the transmission of the data packet between the authentication server and the access end and between the access end and the terminal device is supported by a transmission protocol such as EAPOL and EAPOR. The following will explain a specific procedure of performing access authentication on the terminal device with reference to fig. 2:
step S201: the terminal device sends an authentication request to the authentication server.
Specifically, the authentication request includes an algorithm list that can be implemented by the terminal device and a Client Random Value (Client Random Value); the Client Random Value is used for the authentication server to calculate a Master Key (MK). For example, the authentication request may be a Client Hello message (Client-Hello message) of the terminal device under the TLS protocol, and the embodiment of the present application is not limited. Exemplarily, the terminal device encapsulates the authentication request in an EAP packet for transmission, and the terminal device first sends the EAP packet to the access end, and then the access end transparently transmits the EAP packet to the authentication server; the protocol used for encapsulating the authentication request in the data packet by the terminal device may be an EAP protocol or other protocols, and this embodiment of the present application is only illustrated and not limited. For example, the terminal device may send the EAP packet to the access terminal based on the EAPOL protocol, or based on other protocols, which is not limited in this embodiment of the present application; the access end transparently transmits the EAP packet to the authentication server, which may be based on an EAPOR protocol or other communication protocols, and the embodiment of the present application is not limited.
Step S202: the authentication server sends a response message to the terminal device.
Specifically, the response message includes a digital Certificate (Server-Certificate) of the authentication Server, a Server Hello message (Server-Hello), a Server Key Exchange protocol (Server Key-Exchange), and an authentication Server random number (SreverRandom Value). Wherein the Server-Certificate is used for the terminalThe end equipment verifies whether the identity of the authentication server is legal or not; the Server-Hello is obtained based on the algorithm list which can be realized by the terminal equipment in the authentication request and is used for indicating the algorithm which is required by the terminal equipment in the access authentication; the Server Key-Exchange includes a Key parameter g of the authentication Server a Said key parameter g a For the authentication server and the terminal device to derive a premaster secret (PMK); the Server Random Value is used for the authentication Server to calculate a Master Key (MK).
Step S203: the terminal equipment verifies the digital certificate of the authentication server.
Specifically, the terminal device determines the validity of the identity of the authentication Server by verifying the Server-Certificate, and if the identity of the authentication Server is illegal, the terminal device terminates the authentication. In the embodiment of the present application, a terminal device and an authentication Server perform bidirectional identity authentication as an example, in the case of bidirectional authentication, the authentication Server needs to send a digital Certificate Server-Certificate to a Client, and the Client needs to send its own digital Certificate Client-Certificate to the authentication Server. Each Certificate contains two parts, one is the authority's signature on the "public signature key" that contains the identity information, and the other is the signature of the particular message with the corresponding "public signature key" held by the public signature key owner. Therefore, the signature public key of the self can be proved to be legal and the self has the signature key corresponding to the legal signature public key, so that the identity of the self can be proved to be legal. A digital Certificate is issued by a Certificate Authority (CA), where the Certificate server transmits a public key (public key) in a key pair generated by the Certificate server and partial identity information to the CA, and the CA sends a digital Certificate to the Certificate server after necessary operations such as verifying the identity of the Certificate server, where the digital Certificate includes the partial identity information of the Certificate server, the public key information, and a signature of the CA. And the terminal equipment compares and verifies the digital certificate at the root certificate corresponding to the local machine, and if the comparison is consistent, the identity of the authentication server is legal. For example, the terminal device compares the root certificate with the digital certificate for authentication, so that whether a public key in the root certificate is consistent with a public key in the digital certificate can be verified for the terminal device.
Step S204: and under the condition that the identity of the authentication server is legal, the terminal equipment sends a first feedback message to the authentication server.
Specifically, the first feedback message includes a digital Certificate (Client-Certificate) of the terminal device, a Client (terminal device) Key Exchange protocol (Client Key-Exchange), and a Cipher type (Change Cipher-Spec) supported by the terminal device. The Client-Certificate is used for authenticating whether the identity of the terminal equipment is legal or not by the authentication server; the Client Key-Exchange comprises a Key parameter g of the terminal equipment b Said key parameter g b For the authentication server and the terminal device to derive a premaster secret (PMK). Similar to step S201 and step S203, the first feedback message may be encapsulated in an EAP packet, and the transmission of the EAP packet between the terminal device and the access end may be based on an EAPOL protocol, and the transmission protocol of the EAP packet between the access end and the authentication server may be an EAPOR protocol.
Step S205: the authentication server verifies the digital certificate of the terminal device.
Specifically, the authentication server determines the validity of the identity of the terminal equipment by checking the Client-Certificate; if not, the authentication server terminates the authentication. The process of verifying the Client-Certificate by the authentication Server may refer to the process of verifying the Server-Certificate by the terminal device in step S203, which is not described in detail in this embodiment of the present application.
Step S206: and under the condition that the identity of the terminal equipment is legal, the authentication server sends second feedback information to the terminal equipment.
Specifically, the second feedback information comprises an encryption type (Change Cipher-Spec) of the client formulated by the authentication server and a Finish message; the Finish message is used to instruct the authentication server to send a TLS-ACK message to it. Like the above steps, the second feedback message is also encapsulated in a datagram such as EAP, and is transmitted to the authentication server through the access terminal.
Step S207: the terminal device derives a premaster secret.
Specifically, the terminal device uses the key parameter g based on the communication algorithm specified by the Server-Hello a And a key parameter g b Calculate a premaster Secret (PMK), which is g ab
Step S208: the terminal device derives a master key.
Specifically, the way for the terminal device to derive the master key MK is: and the terminal equipment uses the Client Random Value, the Srever Random Value and the PMK to derive and calculate MK based on a communication algorithm specified by the Server-Hello.
Step S209: the authentication server derives a premaster secret.
Specifically, the authentication Server uses the key parameter g based on the communication algorithm specified by the Server-Hello a And a key parameter g b Calculating a premaster Secret (PMK), said PMK being g ab
Step S210: the authentication server derives a master key.
Specifically, the authentication server derives the master key MK in the following manner: the authentication Server derives MK using Client Random Value, srever Random Value, and PMK based on a communication algorithm specified by Server-Hello.
Step S211: the terminal device sends a TLS-ACK message to the authentication server.
Specifically, the TLS-ACK message is sent based on the Finish message in the second feedback message, and the TLS-ACK message is used to instruct the authentication server to send an Access grant message (Access-Accept message) to the Access terminal.
Step S212: and the authentication server sends an Access-Accept message to the Access terminal.
Specifically, the Access-Access message is used to indicate that Access authentication of the Access terminal is successful, and the Access-Access message includes MK.
Step S213: the terminal equipment, the access terminal and the authentication server negotiate a session key.
Specifically, the terminal device, the access terminal, and the authentication server negotiate a session key using a related algorithm and MK based on a key agreement protocol.
Step S214: the access terminal sends EAP-Success message to the terminal equipment.
Specifically, the EAP-Success message is used to indicate the terminal device that the access authentication is successful, and the entire access authentication process is completed; after the access authentication is finished, the transmission of data between the terminal equipment and the access terminal can be encrypted by using the session key.
According to the embodiment of the application, the authentication server and the terminal equipment deduce the PMK and the MK through transmission calculation of relevant authentication information; and then, the terminal equipment, the authentication server and the access terminal obtain a session key through an MK and a related key agreement protocol. Due to the adoption of an asymmetric cryptographic mechanism, two communication parties can realize bidirectional authentication without presetting any information independently shared in pairs in advance by only maintaining a common trusted root certificate and establishing a secure channel, so that the method is flexible and expandable, and the negotiated session key has forward security; in addition, a premaster secret g ab Without transmission over the channel, an eavesdropper on the link cannot follow g a And g b Calculating to obtain g ab Therefore, the session key cannot be obtained, so that the security of the session key can be ensured. And due to the transmitted key parameter g a ,g b Are all signed, so that the signature cannot be tampered by a man-in-the-middle package; thus, the authenticity and forward security of the communication session key can be guaranteed.
In the embodiment of fig. 2, the access authentication method adopts an asymmetric cryptographic mechanism, two communication parties can implement bidirectional authentication without presetting any pair of independently shared information in advance by only maintaining a common trusted root certificate, and a secure channel is established, so that the method is flexible and extensible, and the session key negotiated by the scheme has forward security. However, the client in this method needs to verify multiple certificates and verify signatures, and the verification of a digital certificate not only brings about a large transmission overhead (at least 500B for a single x.509 certificate, the size of a certificate chain can reach several KB), a large calculation overhead (the average length of the certificate chain is 2-3 levels, multiple times of signature verification and one time of D-H key calculation are required, and the asymmetric calculation overhead is more than asymmetric thousands to tens of thousands of times), but also brings about a large chip cost, for example, the asymmetric cryptographic algorithm implementation code occupies 60% of the entire security algorithm code. Therefore, it is not applicable to Internet of Things (IoT) devices with limited resources, such as in a scenario with limited bandwidth (the maximum transmission unit of some IoT devices is 127B or 64B at most), the transmission of digital certificate may cause problems of unpacking and fragmentation, and delay of multi-packet transmission.
In order to solve the above problem, an embodiment of the present application provides another method for access authentication; referring to fig. 3, fig. 3 is a flowchart of a method for access authentication based on a symmetric cryptosystem according to an embodiment of the present application; the embodiment of the present application takes a client as a terminal device and an authentication end as an authentication server for example. In this embodiment, the interaction of the authentication information among the terminal device, the authentication server, and the access end is sent through a data packet such as EAP, the transmission of the authentication information between the terminal device and the authentication server is transparently transmitted through the access end, and the transmission of the data packet between the authentication server and the access end and between the access end and the terminal device is supported by a transmission protocol such as EAPOL and EAPOR. The following will explain a specific procedure of performing access authentication on the terminal device with reference to fig. 3:
step S301: the terminal device sends an authentication request to the authentication server.
Specifically, the authentication request is used to indicate an identity of the terminal device, and the authentication request includes a Network Access Identifier (NAI), where the NAI is a unique Identifier of the terminal device in Network authentication, and the authentication server may use the NAI to identify the terminal device. The request authentication is transmitted by encapsulating in an EAP packet, for example, in the following manner: the terminal device transmits the EAP datagram to the access terminal, and then the access terminal transmits the EAP datagram to the authentication server, where the datagram is transmitted based on a transmission protocol such as EAPOL or EAPOR.
Step S302: the authentication server obtains an authentication vector based on the authentication request.
Specifically, after receiving the NAI of the terminal device, the authentication server obtains the authentication vector of the terminal device through a specific process that:
1. the Authentication server sends a request for obtaining an Authentication vector to an Authentication center (AuC); the request for obtaining the authentication vector comprises the NAI of the terminal equipment.
2. The AuC uses the NAI of the terminal equipment and the shared key to derive and calculate an authentication vector based on a specific algorithm; the shared key is a long-term shared key shared by the terminal equipment and the AuC, and a specific algorithm for deriving and calculating the authentication vector is also determined in advance by the AuC and the terminal equipment.
3. The AuC sends the authentication vector to an authentication server.
The authentication vector comprises AT least a random number AT _ RAND and a network authentication token AT _ AUTH and an Expected Response (XRES); the AT _ RAND is used for generating a session key, the AT _ AUTH is used for verifying the validity of the identity of the authentication server by the terminal equipment, and the XRES is used for verifying the validity of the identity of the terminal equipment by the authentication server.
Step S303: the authentication server obtains a session key based on the authentication vector.
Specifically, the specific way for the authentication server to obtain the session key is as follows: the authentication server derives a computed session key using a shared key and the AT _ RAND based on a particular algorithm; wherein, the specific algorithm for deducing and calculating the session key is agreed by the authentication server and the communication equipment in advance; for example, the specific algorithm may be an algorithm such as Data Encryption Standard (DES), and the embodiment of the present application is not limited. In addition, the session Key includes a Cipher Key (CK) and an Integrity Key (IK), and the CK and the IK are obtained by performing different operations on a long-term Key and the AT _ RAND.
Step S304: the authentication server sends a first user identity verification request to the terminal device.
For example, the first User Authentication Request (User Authentication Request) may be sent to the terminal device in the form of an EAP and other data packets, which is not limited in the embodiment of the present application. The first user identity authentication request comprises the random number AT _ RAND, the network authentication token AT _ AUTH and a first message authentication code AT _ MAC; the first message authentication code AT _ MAC is obtained by the terminal device performing integrity operation on an EAP packet of the first user authentication request by using IK, and is used to indicate that a sender of the first user authentication request is an authentication server.
Step S305: the terminal device verifies the identity of the authentication server.
Specifically, after receiving a first user identity verification request, the terminal device judges whether a sender of the first user identity verification request is an authentication server or not through a first message verification code AT _ MAC; if not, the terminal equipment terminates the access authentication; if so, the terminal equipment verifies the validity of the identity of the authentication server. The specific method for verifying the identity validity of the authentication server by the terminal equipment comprises the following steps: the terminal equipment verifies the validity of the network authentication token AT _ AUTH in the user identity verification request through the long-term key; if the identity of the authentication server is legal, the identity of the authentication server is legal; if not, the identity of the authentication server is not legal, and the terminal equipment terminates the access authentication.
Step S306: and under the condition that the identity of the authentication server is legal, the terminal equipment sends a second user identity verification request to the authentication server.
Specifically, after the authentication server identity is verified to be legal, the client derives and calculates the identity token RES of the client based on the network authentication token AT _ AUTH and the long-term key in the first user identity verification request, and derives and calculates the session key through the AT _ RAND and the long-term key in the first user identity verification request. The session key is the same as the session key in step S303, and an algorithm used by the authentication server to derive the calculated session key is the same as an algorithm used by the authentication server to derive the calculated session key in step S303. And then, the terminal equipment sends a second user identity authentication request to the authentication server, wherein the second user identity authentication request comprises RES, and integrity operation is carried out on an EAP data packet of second user identity authentication by using IK in the deduced and calculated session key, so that a second message authentication code AT _ MAC of the second user identity authentication is obtained.
Step S307: the authentication server verifies the identity of the terminal device.
Specifically, after receiving a second user identity authentication request, the authentication server judges whether a sender of the second user identity authentication request is a terminal device or not through a second message authentication code AT _ MAC; if not, the authentication server terminates the access authentication; if so, the authentication server verifies the validity of the identity of the terminal equipment. The specific method for verifying the identity validity of the terminal equipment by the authentication server comprises the following steps: the authentication server compares whether the RES is equal to the stored XRES or not; if the identity of the terminal equipment is equal to the identity of the terminal equipment, the identity of the terminal equipment is legal; if not, the identity of the terminal equipment is not legal, and the authentication server terminates the access authentication.
Step S308: the authentication server sends an access agreement message to the access terminal.
Specifically, the grant Access message (Access-Accept message) includes the session key. In this way, the access terminal and the communication device (client) possess a session key with which the transmission of data between the terminal device and the access terminal can be encrypted and decrypted after the access authentication is completed.
Step S309: the access terminal sends an EAP-Success message to the communication equipment.
Specifically, the EAP-Success message is used to indicate the terminal device that the access authentication is successful, and the entire access authentication process is completed; after the access authentication is finished, the transmission of data between the terminal equipment and the access terminal can be encrypted and decrypted by using the session key.
In the embodiment of the application, the identity authentication of both the client (communication equipment) and the authentication server is realized through a long-term shared key owned by both the client and the authentication server, the client and the authentication server respectively derive and calculate the session key through the preset long-term shared key, and then the session key is sent to the access terminal through the authentication server, so that the access terminal and the client both have the same session key, and the process of accessing and authenticating the client is completed. Compared with the method for access authentication in the embodiment of fig. 2, the method for access authentication in this embodiment does not need to verify a plurality of digital certificates and a verification signature, thereby reducing the transmission overhead and the calculation overhead of the client and the authentication server, and improving the working performance of the client and the authentication server.
In the access authentication method based on the symmetric cryptosystem described in the above embodiment of fig. 3, the communication device and the authentication server do not need to verify a plurality of digital certificates and a signature, thereby reducing the transmission overhead and the calculation overhead of the communication device and the authentication server. However, this access authentication method does not have forward security, i.e.: an attacker acquires a long-term secret key shared by the communication equipment and the authentication server at a certain moment in the future, and can recover the session secret key through the long-term secret key, so that communication data of both communication parties are recovered, and the safety of communication data transmission is influenced.
In order to solve the above problem, an embodiment of the present application provides another method for access authentication. Referring to fig. 4, fig. 4 is a flowchart of another access authentication method based on a symmetric cryptosystem according to an embodiment of the present application; the embodiment of the present application takes a terminal device as a client and an authentication end as an authentication server for example. In the embodiment of the present application, the message or information transmission between the client and the authentication server is forwarded or transmitted through the network device of the access terminal, and the message or information transmission in the embodiment of the present application is based on a packet such as EAP, and the packet transmission is supported by a protocol such as EAPOR or EAPOL between the client and the access terminal or between the authentication server and the access terminal. The following describes a specific process with reference to the attached drawings:
step S401: the client updates its first key parameter based on the hash function.
In particular, in an access authentication system based on a symmetric cryptosystem, a clientThe terminal and the authentication server share a long-term key (sk, S); s is a first key parameter in the long-term key, sk is a second key parameter in the long-term key, the second key parameter sk is kept unchanged, and the first key parameter S can be updated through a hash function. In order to record the updating times of the first key parameter S, a counter Is respectively arranged on the device of the client and the authentication server to record the updating times of the S of the client and the authentication server, and the first count value Ic and the second count value Is are respectively used for representing the updating times of the first key parameter of the client and the first key parameter of the authentication server based on the hash function. Firstly, the device of the client obtains an updated first count value Ic based on a formula Ic = Index +1, where the Index is a first count value before updating, and the first count value is used for representing the number of times that the client updates the first key parameter based on the hash function; then according to formula S Ic =HASH(S Ic-1 ) Obtaining a first key parameter updated by a client; wherein, the S Ic The updated first key parameter of the client, S is Ic-1 And updating the first key parameter for the client. In this way, the S can be used when the client next generates a session key Ic A session key is generated.
It should be noted that, in this embodiment of the application, the process of updating the long-term key by the client may be performed before the step of sending the user identity authentication information to the authentication server by the client in step S402, or before the step of deleting the first key parameter before updating by the client in step S412, and as to the sequence arrangement of step S401, this embodiment of the application is merely illustrated by way of example, and is not limited.
Step S402: the client sends a user identity authentication message to the authentication server.
In particular, the client is based on the random number Rand of the client C ID of client C And calculating a message parameter M of the client by using the first count value Index before updating 1 (ii) a Illustratively, the message parameter M of the client 1 May be calculated in a manner of M 1 =ID C ||Index||Rand C The examples of the present application are illustrative only and not intended to be limitingAnd (5) limiting. Obtaining the message parameter M in the calculation 1 Thereafter, the client is based on the M 1 And the sk of the client calculates the message authentication code auth of the client C (ii) a Illustratively, the auth C The computing method of (a) can be obtained based on a hash algorithm, that is: auth C =HMAC(sk,M 1 ) The embodiments of the present application are only for illustration and are not intended to be limiting. Then, the client will calculate the auth C And M 1 The Authentication information is sent to the access end through a User Authentication message (User Authentication), and is transmitted to the Authentication server through the access end.
Step S403: and the authentication server verifies the validity of the identity of the client based on the user identity authentication message.
Specifically, the authentication server authenticates M in the message based on the user identity 1 Obtaining Index in the following manner: authentication server pass M 1 Obtaining Index by the calculation formula; illustratively, if M 1 =ID C ||Index||Rand C Due to M 1 The calculation formula is agreed in advance by the client and the authentication server, and the authentication server obtains Index and ID through the calculation formula C And Rand C . Then, the authentication server verifies the validity of the client identity, and the specific process is as follows: the authentication server firstly judges whether the Index Is greater than or equal to a second counting value Is; if not, the identity of the client is illegal, and the authentication server terminates the access authentication; if the judgment is yes, the authentication server is based on M 1 And the second key parameter sk is calculated to obtain a first authentication code auth' C (ii) a Wherein, auth' C Is calculated by auth C The same, the client and the authentication server are agreed in advance; exemplary, if auth C Has the calculation formula of auth C =HMAC(sk,M 1 ) The authentication server also uses the same calculation formula auth' C =HMAC(sk,M 1 ). Is calculated to obtain auth' C Then, the authentication server verifies auth' C =auth C If the identity is not established, the identity of the client is not legal, and the authentication server terminates the identityA secondary access authentication process; and if the identity of the client is legal, the identity of the client is legal.
Step S404: and under the condition that the identity of the client is verified to be legal based on the user authentication message, the authentication server judges that a first count value before updating is greater than or equal to a count threshold value of the authentication server.
Specifically, the process of the authentication server determining whether the second count value needs to be reset is: the authentication server judges whether the Index is greater than or equal to the counting threshold value of the authentication server; the count threshold is a threshold ThresholdValue of a counter stored by the authentication server; illustratively, the threshold value may be an integer which is 0.75 times the maximum length counted by the counter, and the embodiment of the present application is only illustrative and not limiting. If the Index is greater than or equal to the counting threshold value of the authentication server, the authentication server and the client enter a counter resetting process; if the Index is smaller than the counting threshold value of the authentication server, the counters of the authentication server and the client do not need to be reset.
Step S405: and under the condition that the authentication server judges that the second counting value does not need to be reset, the authentication server obtains the session key based on the third key parameter, the random number of the authentication server and the user authentication message.
Specifically, after the authentication server determines that the counter does not enter the reset process, i.e., the second count value does not need to be set to 0, the authentication server sets the value according to the formula S Index =HASH (Index-Is) (S Is ) Obtaining a third key parameter; s is Index Is the third key parameter, said S Is Updating a first key parameter for the authentication server; in this way, the third key parameter is the same as the first key parameter before the client updates, and the hash function calculated by the third key parameter is the same as the hash function calculated by the client updating for the first key parameter, which is agreed in advance by the authentication server and the client. In addition, the authentication server obtains the updated second count value according to the formula Is = Index +1, so that the updated second count value Is the same as the updated first count value, thereby ensuring the count values of the counters of the client and the authentication serverAnd in consistency, the Is the updated second counting value. The authentication server then passes the formula S Is =HASH(S Index ) Obtaining a first key parameter updated by the authentication server, so that the first key parameter updated by the authentication server and the client is the same, and ensuring that the long-term key shared by the client and the authentication server is the same; wherein S is Is The updated first key parameter for the authentication server. After calculating the updated first key parameter, the authentication server deletes the first key parameter before updating. The authentication server calculates S Index After, based on S Index Random number Rand of authentication server S And Rand C Obtaining a session key; the Sessionkey algorithm is negotiated in advance between the authentication server and the client; for example, the Sessionkey algorithm may be a key derivation function based on HMAC, namely: sessionkey = HKDF (S) Index ,Rand C ||Rand S ) The embodiments of the present application are only for illustration and are not intended to be limiting.
Step S406: the authentication server sends a network authentication message and the encrypted session key to the access terminal.
Specifically, the reset bit Re _ sync =0 is set, re _sync =0 is used to indicate that the counter of the client does not need to be set to 0; after Re _ sync =0 is set, the authentication server is based on the Re _ sync and Rand S Calculating to obtain a message parameter M2 of the authentication server; for example, the calculation formula of M2 may be M2= Re _ sync | | | Rand S The embodiments of the present application are only illustrative and not restrictive. After the authentication server calculates M2, the authentication server generates a message authentication code auth of the authentication server based on the message parameter M1 of the client, the message parameter M2 of the authentication server and the second key parameter sk of the authentication server S Auth, said S Is a calculation function of and auth c The same, the client and the authentication server are well agreed; exemplary, if auth C =HMAC(sk,M 1 ) Then auth S Is also HMAC, auth S =HMAC(sk,M 1 | M2). The authentication server will then contain M2 and auth S The Network Authentication message (Network Authentication) is sent to the access terminal, and the session Key is encrypted by the encryption algorithm and Key agreed in advance by the access terminal and the Authentication server to obtain the encrypted session Key] Key And will [ Session key] Key And sending the information to the access terminal.
Step S407: and the access terminal decrypts the encrypted session key to obtain a decrypted session key.
Step S408: the access terminal sends the network authentication message to the client terminal.
Step S409: the client verifies whether the identity of the authentication server is legal based on the network authentication message.
Specifically, the client generates a second message authentication code auth 'based on the network authentication message M2, the message parameter M1 of the client and the second key parameter sk of the client' S (ii) a The calculation function of the second message authentication code is the same as that of the message authentication code of the authentication server; illustratively, if the generating function of the message authentication code of the authentication server is auth S =HMAC(sk,M 1 | M2), the generation function of the second message authentication code is auth' S =HMAC(sk,M 1 | M2), the embodiments of the present application are only illustrative and not restrictive. Then, client compares auth' S And auth S Whether the identity is the same or not is judged, if so, the identity of the authentication server is legal; if the authentication server is different from the client, the identity of the authentication server is illegal, and the client terminates the access authentication between the authentication server and the client. Client compares auth' S And auth S And whether the first key parameter of the client is the same as the first key parameter of the authentication server is substantially compared with the first key parameter of the client, and whether the functions of the authentication server and the client for calculating the message authentication code are the same, so that the validity of the identity of the authentication server is verified through the consistency of the shared long-term keys of the client and the authentication server. Compared with the embodiment of fig. 2, the client and the authentication server verify the validity of the identity through the digital certificate, and this embodiment saves a large amount of transmission resources and calculation resources; compared with the aboveIn the embodiment of fig. 3, the authentication server verifies the validity of the identity by obtaining the network authentication token from the AuC, and the steps of this embodiment are simpler.
Step S410: the client judges whether to reset the first count value or not through the setting identifier.
Specifically, the client acquires a set identifier Re _ sync and a random number Rand of the authentication server based on M2 in the network authentication message S (ii) a Illustratively, if M2= Re _ sync | | Rand S M2 can be solved according to the formula to obtain Re _ sync and Rand S . The client judges whether the first count value needs to be set to 0 according to the value of Re _ sync; if Re _ sync =1, the client enters a flow of setting a counter to be 0; re _ sync =0, the first count value need not be set to 0.
Step S411: and under the condition that the first count value is not set to be 0, the client obtains a session key based on the random number of the client, the network authentication message and the first key parameter before the client is updated.
Specifically, after the client determines that the counter does not enter the set-0 flow, the client bases on Rand C Rand obtained from network authentication message S And a first key parameter S before client update Ic-1 Obtaining a session key; the access end, the client and the authentication server can obtain the same session key SessionKey. For example, the calculation formula of the session key may be SessionKey = HKDF (S) Ic-1 ,Rand C ||Rand S ) The embodiments of the present application are only for illustration and are not intended to be limiting.
Step S412: the client deletes the first key parameter before updating.
Specifically, after the session key SessionKey is obtained through calculation, the client deletes the first key parameter before updating and retains the updated first key parameter.
In the embodiment of the present application, an access authentication method in a symmetric cryptosystem is adopted in the embodiment of the present application, and compared with the access authentication method in the asymmetric cryptosystem in the embodiment of fig. 2, when an authentication server in an access authentication system in the embodiment of the present application performs identity authentication on a client, it is only necessary to judge whether a first count value before updating is greater than or equal to a second count value before updating and a second message authentication code generated by the authentication server is the same as a message authentication code of the client, so that the authentication of the client by the authentication server can be achieved; similarly, the client can verify the identity of the authentication server only by judging whether the first message authentication code generated by the client is the same as the message authentication code of the authentication server; compared with the embodiment of fig. 2 in which the verification of the identity validity between the authentication server and the client needs to verify a plurality of digital certificates and signatures thereof, the identity verification between the authentication server and the client in the embodiment of the present application does not have the transmission and verification of digital certificates, so that a large amount of transmission resources and calculation resources are saved, and thus the working performance of the access authentication system is improved. In addition, compared with the embodiment shown in fig. 3, in which an attacker can obtain a long-term shared key of a client or an authentication server, and then recover the previous communication data of the client through the key, thereby causing a security problem of data leakage, the embodiment updates the long-term key, and deletes the long-term key before updating after generating the session key each time, so that the long-term key has a forward direction, and thus the attacker cannot obtain the long-term key before updating in the past, and then recover the past session key, thereby stealing the past data, and avoiding the problem of data leakage.
In summary, in the access authentication system described in this embodiment of the present application, the client and the authentication server generate the hash node in a forward hash chain manner, that is: (Ic =0,S) 0 )→(Ic=1,S 1 )……→(Ic=i,S i )→(Ic=i+1,S i+1 ) → 8230, and 8230constitute a positive hash chain. Due to the irreversible nature of the hash function, according to the long-term key S i+1 And S i+1 =HASH(S i ) Cannot solve S by any attacker i (ii) a In addition, when the stage Ic = i is reached, S is used up i Then, S is immediately deleted i Therefore, even in the stage of Ic = i +1, the attacker cannot obtain S i Further, ic = i cannot be obtainedA corresponding session key; therefore, on the premise of ensuring smaller transmission overhead and calculation overhead, the security and the forward property of the session key are improved, so that the probability of data leakage of the equipment of the client is greatly reduced.
In step S404 and step S410 in the embodiment described in fig. 4, the client and the authentication server need to respectively determine whether the first count value and the second count value need to be reset, and if the first count value and the second count value need to be reset, the counters of the client and the authentication server enter a flow of a reset mechanism; next, a description will be given of a flow of entering the reset mechanism by the counters of the client and the authentication server with reference to fig. 5. Referring to fig. 5, fig. 5 is a flowchart illustrating a counter resetting mechanism of an access authentication system according to an embodiment of the present disclosure; in the embodiment of the present application, the message or information transmission between the client and the authentication server is forwarded or transmitted through the network device of the access terminal, and the message or information transmission in the embodiment of the present application is based on a packet such as EAP, and the packet transmission is supported by a protocol such as EAPOR or EAPOL between the client and the access terminal or between the authentication server and the access terminal. The flow is described in detail below with reference to the accompanying drawings;
step S501: the client updates its first key parameter based on the hash function.
Specifically, step S501 may refer to step S401 in the embodiment of fig. 4, which is not described again in this embodiment. It should be noted that, in step S501, before the step of sending the identity authentication information to the authentication server in step S502, or before the client deletes the updated first key parameter, the sequence of step S501 may be arranged, and this embodiment of the present application is only for illustration and is not limited.
Step S502: the client sends a user identity authentication message to the authentication server.
Step S503: and the authentication server verifies the validity of the identity of the client based on the user identity authentication message.
Step S504: and under the condition that the identity of the client is verified to be legal based on the user authentication message, the authentication server judges that a first count value before updating is greater than or equal to a count threshold value of the authentication server.
Please refer to steps S402 to S404 in the embodiment of fig. 4 from step S502 to step S504, which is not limited in the embodiment of the present application.
Step S505: and under the condition that the authentication server judges that the second value needs to be reset, the authentication server sends a network authentication message to the client.
Specifically, the authentication server determines that the counter needs to be reset according to the formula Is =0, such that the second count value is 0; the Is' Is the updated second counting value; then, the authentication server follows the formula new _ S Is =HASH (Index+1-Is) (S Is ) Obtaining a first key parameter (Is a second count value before updating) after the authentication server Is updated, and enabling new _ S to be obtained through the formula Is The key parameter is the same as the first key parameter after the client updates, so that the integrity of the long-term shared key of the client and the authentication server is ensured. In addition, the authentication server sets a reset bit Re _ sync =1, re _sync =1 is used to indicate that the counter of the client needs to be set to 0; then generating message parameter M of authentication server 2 And a message authentication code auth of the authentication server S ,M 2 And auth S The generating method may refer to step S406 in the embodiment of fig. 4, and details are not repeated in this embodiment. Then, the authentication server will include auth through the access terminal S And M 2 To the client.
Step S506: and the client verifies whether the identity of the authentication server is legal or not based on the network authentication message.
Step S507: the client judges whether to reset the first count value or not through the setting identifier.
Step S506 to step S507 may refer to step S409 to step S410 in the embodiment of fig. 4, which is not described again in this embodiment of the present application.
Step S508: and under the condition that the client judges that the first count value needs to be set to 0 through the setting identifier, the client updates the first key parameter.
Specifically, when the client determines that the first count value needs to be set to 0 through Re _ sync =1, the client sets the first count value to zero, and the first count value after being set to 0 is used for representing the number of updating times of the current first key parameter.
Step S509: the client deletes the first key parameter before updating.
In the embodiment of the application, the authentication server enters a counter resetting process on the premise that the first count value before updating is judged to be greater than or equal to the threshold value of the authentication server counter. In the case that the counters of the client and the authentication server reach the maximum counting capacity (counting threshold of the counter), the counter can periodically represent the updating times of the first key parameters of the authentication server and the client through the hash function by setting the counting value to 0; meanwhile, the first key parameters of the client and the authentication server are updated and are not stopped to be updated along with the zero setting of the first count value and the second count value, so that the forward security of the long-term key (the first key parameter) is ensured, even if the first count value and the second count value are set to be 0, an attacker cannot acquire the past long-term key and recover the historical session key, further cannot decrypt data transmitted by the historical session key, and the security of the data is ensured.
The method of the embodiment of the present application is explained in detail above, and the related apparatus, device, computer readable storage medium, computer program and chip system of the embodiment are provided below.
Referring to fig. 6, fig. 6 is a schematic structural diagram of an access authentication apparatus provided in an embodiment of the present application, where the access authentication apparatus 6 may be a device of a client in the foregoing embodiment, and the access authentication apparatus 6 may include an authentication message sending unit 601, an authentication message receiving unit 602, a session key generating unit 603, and a deleting unit 604, where details of each unit are as follows:
an authentication message sending unit 601 configured to send a user authentication message to an authentication server;
an authentication message receiving unit 602, configured to receive a network authentication message sent by the authentication server when the authentication server verifies that the identity of the client is legal based on the user authentication message;
a session key generation unit 603, configured to obtain a session key based on the random number of the client, the network authentication message, and a first key parameter before update of the client;
a deleting unit 604, configured to delete the first key parameter before updating.
In a possible implementation manner, the apparatus 6 for access authentication further includes:
the first updating unit is used for obtaining an updated first count value according to a formula Ic = Index + 1;
a second updating unit for updating the formula S Ic =HASH(S Ic-1 ) And obtaining the updated first key parameter.
In a possible implementation manner, the session key generation unit 603 includes:
the identification obtaining unit is used for obtaining a set identification Re _ sync from the message parameters of the authentication server;
a zero setting unit, configured to set a first count value to zero and perform a step in which the client sends a user authentication message to an authentication server, if Re _ sync = 1;
a generating unit, configured to obtain a session key based on the random number of the client, the network authentication message, and a first key parameter before the client update if Re _ sync = 0.
In a possible implementation manner, the authentication message sending unit 601 includes:
a message parameter generating unit, configured to obtain a message parameter of the client based on the identity of the client, a first count value before updating, and a random number of the client;
a first authentication code generation unit, configured to generate a message authentication code of the client based on the message parameter of the client and the second key parameter of the client;
and the sending unit is used for sending the user authentication message to the authentication server.
In a possible implementation manner, the apparatus 6 for access authentication further includes:
a second authentication code generating unit, configured to generate a first message authentication code based on the message parameter of the authentication server, the message parameter of the client, and the second key parameter of the client before the session key generating unit obtains the session key based on the random number of the client, the network authentication message, and the first key parameter before the client is updated;
the judging unit is used for judging whether the first message authentication code is consistent with the message authentication code of the authentication server or not;
and the terminating unit is used for terminating the access authentication between the client and the authentication server under the condition that the judging unit judges that the client is not the authentication server.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an access authentication apparatus provided in an embodiment of the present application, where the access authentication apparatus 7 may be a device of a client in the foregoing embodiment, and the access authentication apparatus 7 may include an authentication message receiving unit 701, a session key generating unit 702, a deleting unit 703, and a sending unit 704, where details of each unit are as follows:
an authentication message receiving unit 701, configured to receive a user authentication message sent by a client;
a session key generating unit 702, configured to, when the client identity is verified to be legitimate based on the user authentication message, obtain a session key based on a third key parameter, the random number of the authentication server, and the user authentication message;
a deleting unit 703, configured to delete the first key parameter before updating;
a sending unit 704, configured to send the network authentication message and the encrypted session key to the access end.
In a possible implementation manner, the session key generation unit 702 includes:
a first obtaining unit, configured to obtain a first count value before updating from a message parameter of the client;
a zero setting unit, configured to set a second count value to 0 if the first count value before updating is greater than or equal to the count threshold of the authentication server;
the execution unit is used for executing the step that the authentication server receives the user authentication message sent by the client;
a first generating unit, configured to obtain a session key based on the third key parameter, the random number of the authentication server, and the user authentication message, if the first count value before updating is smaller than the count threshold of the authentication server.
In a possible implementation manner, the apparatus for access authentication 7 further includes:
a second obtaining unit, configured to obtain a first count value before updating from the message parameter of the client;
a first judgment unit, configured to judge whether the first count value before update is greater than or equal to a second count value before update;
a termination unit, configured to terminate the access authentication between the authentication server and the client after the determination unit determines that the authentication is negative;
a second generating unit, configured to generate a second message authentication code based on the message parameter of the client and a second key parameter of the authentication server after the determining unit determines that the client is the authentication server;
a second determining unit, configured to determine whether the second message authentication code is consistent with the message authentication code of the client.
In a possible implementation manner, the apparatus 7 for access authentication further includes:
a calculation unit for calculating S according to formula Index =HASH (Index-Is) (S Is ) Obtaining a third key parameter;
the first updating unit Is used for obtaining an updated second count value according to the formula Is = Index + 1;
a second updating unit for updating the formula S Is =HASH(S Index ) And obtaining the updated first key parameter.
Referring to fig. 8, fig. 8 is a schematic structural diagram of an access authentication apparatus provided in an embodiment of the present application, where the access authentication apparatus 8 may be a device of a client in the foregoing embodiment, and the access authentication apparatus 8 may include a receiving unit 801, a decrypting unit 802, and a sending unit 803, where details of each unit are as follows:
a receiving unit 801, configured to receive a network authentication message and an encrypted session key sent by an authentication server;
a decryption unit 802, configured to decrypt the encrypted session key to obtain a decrypted session key;
a sending unit 803, configured to send the network authentication message to the client.
Referring to fig. 9, fig. 9 is a schematic structural diagram of an access authentication device provided in an embodiment of the present application, where the access authentication device 9 may be a terminal device of a client in the embodiments of fig. 4 and fig. 5, and the access authentication device 9 may include a memory 901, a communication module 902, and a processor 903, where details of each unit are as follows:
the memory 901 is used to store program codes.
The processor 903 is used to call the program code stored in the memory to perform the following steps:
sending a user authentication message to the authentication server through the communication module 902;
receiving, by the authentication server, a network authentication message sent by the authentication server through the communication module 902, when the authentication server verifies that the client identity is legitimate based on the user authentication message;
under the condition that the client side verifies that the identity of the authentication server is legal based on the network authentication message, a session key is obtained based on a random number of the client side, the network authentication message and a first key parameter before the client side is updated;
and deleting the first key parameter before updating.
In a possible implementation manner, before the processor 903 deletes the first key parameter before updating, the method includes:
obtaining an updated first count value according to the formula Ic = Index + 1;
according to the formula S Ic =HASH(S Ic-1 ) And obtaining the updated first key parameter.
In one possible implementation manner, the obtaining, by the processor 903, a session key based on the random number of the client, the network authentication message, and the first key parameter before the client update includes:
acquiring a set identifier Re _ sync from the message parameters of the authentication server;
if the Re _ sync =1, setting a first count value to zero, and executing the step of sending a user authentication message to an authentication server by the client;
and if the Re _ sync =0, obtaining a session key based on the random number of the client, the network authentication message and a first key parameter before the client is updated.
In one possible implementation, the processor 903 sends the user authentication message to the authentication server through the communication module 902, including:
obtaining a message parameter of the client based on the identity of the client, a first counting value before updating and a random number of the client;
generating a message authentication code of the client based on the message parameter of the client and a second key parameter of the client;
the user authentication message is sent to the authentication server through the communication module 902.
In one possible implementation manner, before the processor 903 obtains the session key based on the random number of the client, the network authentication message, and the first key parameter before the client updates, the method includes:
generating a first message authentication code based on the message parameter of the authentication server, the message parameter of the client and the second key parameter of the client;
judging whether the first message authentication code is consistent with a message authentication code of the authentication server or not;
if the authentication server is judged to be legal, judging that the identity of the authentication server is legal;
if not, the identity of the authentication server is judged to be illegal, and the access authentication between the client and the authentication server is terminated.
Referring to fig. 10, fig. 10 is a schematic structural diagram of an access authentication device provided in an embodiment of the present application, where the access authentication device 10 may be an authentication server in the embodiments of fig. 4 and fig. 5, and the access authentication device 10 may include a memory 1001, a communication module 1002, and a processor 1003, where details of each unit are as follows:
the memory 1001 is used to store program codes.
The processor 1003 is configured to call the program code stored in the memory to perform the following steps:
receiving a user authentication message sent by a client through a communication module 1002;
under the condition that the identity of the client is verified to be legal based on the user authentication message, a session key is obtained based on a third key parameter, the random number of the authentication server and the user authentication message;
deleting the first key parameter before updating;
and sending the network authentication message and the encrypted session key to the access terminal.
In one possible implementation manner, the processor 1003 obtains the session key based on the third key parameter, the random number of the authentication server, and the user authentication message, and includes:
acquiring a first count value before updating from the message parameter of the client;
if the first count value before updating is larger than or equal to the count threshold value of the authentication server, setting a second count value to be 0, and executing the step that the authentication server receives a user authentication message sent by a client;
and if the first count value before updating is smaller than the count threshold value of the authentication server, obtaining a session key based on the third key parameter, the random number of the authentication server and the user authentication message.
In a possible implementation manner, after the processor 1003 receives the user authentication message sent by the client through the communication module 1002, the method includes:
acquiring a first count value before updating from the message parameter of the client;
judging whether the first count value before updating is larger than or equal to the second count value before updating;
if not, terminating the access authentication between the authentication server and the client;
if the client side sends a first message authentication code to the authentication server, the authentication server sends a first key parameter to the authentication server;
judging whether the second message authentication code is consistent with the message authentication code of the client;
if so, judging that the identity of the client is legal;
if not, the identity of the client is judged to be illegal, and the access authentication between the authentication server and the client is terminated.
In one possible implementation manner, before the processor 1003 obtains the session key based on the third key parameter, the random number of the authentication server, and the user authentication message, the method includes:
according to the formula S Index =HASH (Index-Is) (S Is ) Obtaining a third key parameter;
the authentication server obtains an updated second count value according to the formula Is = Index + 1;
the authentication server is based on formula S Is =HASH(S Index ) And obtaining the updated first key parameter.
Referring to fig. 11, fig. 11 is a schematic structural diagram of an access authentication device provided in an embodiment of the present application, where the access authentication device 11 may be an authentication server in the embodiments of fig. 4 and fig. 5, and the access authentication device 11 may include a memory 1101, a communication module 1102, and a processor 1103, where details of each unit are as follows:
the memory 1101 is used for storing program codes.
The processor 1103 is configured to call the program code stored in the memory to perform the following steps:
receiving a network authentication message and an encrypted session key sent by an authentication server through a communication module 1102;
decrypting the encrypted session key to obtain a decrypted session key;
the network authentication message is sent to the client through the communication module 1102.
The present application provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the method for access authentication in the foregoing embodiments and various possible implementations thereof.
Embodiments of the present application provide a computer program, where the computer program includes instructions, and when the computer program is executed by a computer, the client may execute a process executed by the client in the foregoing embodiments and various possible implementations thereof, or the authentication server may execute a process executed by the authentication server in the foregoing embodiments and various possible implementations thereof, or the access terminal may execute a process executed by the access terminal in the foregoing embodiments and various possible implementations thereof.
An embodiment of the present application provides a chip system, where the chip system includes a processor, configured to support a client to implement functions related to methods in the foregoing embodiment and various possible implementations thereof, or an authentication server to implement functions related to methods in the foregoing embodiment and various possible implementations thereof, or an access terminal to implement functions related to methods in the foregoing embodiment and various possible implementations thereof.
In one possible design, the system-on-chip further includes a memory for storing necessary program instructions and data for the first device or the second device. The chip system may be formed by a chip, or may include a chip and other discrete devices.
It should be noted that the Memory in the above embodiments may be a Read-Only Memory (ROM) or other types of static storage devices that can store static information and instructions, a Random Access Memory (RAM) or other types of dynamic storage devices that can store information and instructions, an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc Read-Only Memory (CD-ROM) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage devices, or any other medium that can be used to carry or store desired program codes in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto. The memory may be self-contained and coupled to the processor via a bus. The memory can be the processors are integrated together.
The processor in the above embodiments may be a general purpose Central Processing Unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more ics for controlling the execution of the program according to the above schemes.
For simplicity of explanation, the foregoing method embodiments are presented as a series of acts or combination, but those skilled in the art will appreciate that the present application is not limited by the order of acts, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the above-described units is only one type of logical functional division, and other divisions may be realized in practice, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit may be stored in a computer-readable storage medium if it is implemented in the form of a software functional unit and sold or used as a separate product. Based on such understanding, the technical solution of the present application may be essentially or partially contributed by the prior art, or all or part of the technical solution may be embodied in the form of software, where the computer software product is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, a network device, or the like, and may specifically be a processor in the computer device) to execute all or part of the steps of the above-mentioned method of the embodiments of the present application. Among them, the aforementioned storage medium may include: a U disk, a removable hard disk, a magnetic disk, an optical disk, a read-only memory (ROM ) or Random Access Memory (RAM) to store program code.
The above-mentioned embodiments are only used to illustrate the technical solutions of the present application, and not by way of limitation; although the present application has been described in detail with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (13)

1. A method of access authentication, comprising:
the client sends a user authentication message to the authentication server;
under the condition that the authentication server verifies that the identity of the client is legal based on the user authentication message, the client receives a network authentication message sent by the authentication server;
under the condition that the client side verifies that the identity of the authentication server is legal based on the network authentication message, the client side obtains a session key based on the random number of the client side, the network authentication message and a first key parameter before the client side is updated;
the client deletes the first key parameter before updating; the client stores a first key parameter updated based on a hash function.
2. The method of claim 1, wherein prior to the client deleting the pre-update first key parameter, comprising:
the client obtains an updated first count value according to the formula Ic = Index + 1; the Ic is the updated first count value, and the Index is the first count value before updating; the first count value is used for representing the number of times of updating a first key parameter of the client based on a hash function;
the client side is according to formula S Ic =HASH(S Ic-1 ) Obtaining a first key parameter after updating;said S Ic The updated first key parameter of the client, S Ic-1 And updating the first key parameter for the client.
3. The method of any of claims 1-2, wherein the network authentication message includes a message parameter of the authentication server; the client obtains a session key based on the random number of the client, the network authentication message and a first key parameter before the client updates, and the method comprises the following steps:
the client acquires a set identifier Re _ sync from the message parameters of the authentication server;
if the Re _ sync =1, the client sets a first count value to zero, and executes a step of sending a user authentication message to an authentication server by the client; the first counting value is used for representing the times of updating of a first key parameter of the client based on a hash function;
and if the Re _ sync =0, the client obtains a session key based on the random number of the client, the network authentication message and a first key parameter before the client is updated.
4. The method of any of claims 1-3, wherein the client sends a user authentication message to an authentication server, comprising:
the client obtains the message parameters of the client based on the identity of the client, a first count value before updating and the random number of the client;
the client generates a message authentication code of the client based on the message parameter of the client and the second key parameter of the client; the message authentication code of the client is used for the authentication server to verify the validity of the identity of the client;
the client side sends a user authentication message to the authentication server; the user authentication message comprises the message parameter of the client and the message authentication code of the client.
5. The method of any of claims 1-4, wherein the network authentication message includes message parameters of the authentication server; before the client obtains a session key based on the random number of the client, the network authentication message and the first key parameter before the client updates, the method comprises the following steps:
the client generates a first message authentication code based on the message parameter of the authentication server, the message parameter of the client and the second key parameter of the client;
the client side judges whether the first message authentication code is consistent with the message authentication code of the authentication server or not;
if the authentication server is judged to be legal, the client judges that the identity of the authentication server is legal;
if not, the client side judges that the identity of the authentication server is illegal, and terminates the access authentication between the client side and the authentication server.
6. A method of access authentication, comprising:
the authentication server receives a user authentication message sent by the client;
under the condition that the identity of the client is verified to be legal based on the user authentication message, the authentication server obtains a session key based on a third key parameter, the random number of the authentication server and the user authentication message; the third key parameter is the same as the first key parameter before the client is updated;
the authentication server deletes the first key parameter before updating; the authentication server stores a first key parameter updated based on a hash function;
the authentication server sends a network authentication message and an encrypted session key to the access terminal; the network authentication message is used for the client to verify whether the identity of the authentication server is legal and to generate a session key.
7. The method of claim 6, wherein the user authentication message comprises a message parameter of the client; the authentication server obtains a session key based on a third key parameter, the random number of the authentication server, and the user authentication message, including:
the authentication server acquires a first count value before updating from the message parameter of the client; the first count value is used for representing the number of times of updating a first key parameter of the client based on a hash function;
if the first count value before updating is larger than or equal to the count threshold value of the authentication server, the authentication server sets the second count value to 0, and executes the step that the authentication server receives the user authentication message sent by the client;
and if the first count value before updating is smaller than the count threshold value of the authentication server, the authentication server obtains a session key based on the third key parameter, the random number of the authentication server and the user authentication message.
8. The method of any of claims 6-7, wherein the user authentication message includes a message parameter of the client; after receiving the user authentication message sent by the client, the authentication server includes:
the authentication server acquires a first count value before updating from the message parameter of the client; the first count value is used for representing the number of times of updating a first key parameter of the client based on a hash function;
the authentication server judges whether the first count value before updating is larger than or equal to the second count value before updating; the second counting value is used for representing the times of updating the first key parameter of the authentication server based on a hash function;
if not, the authentication server terminates the access authentication between the authentication server and the client;
if the client side sends a first message authentication code to the authentication server, the authentication server generates a second message authentication code based on the message parameter of the client side and a second key parameter of the authentication server;
the authentication server judges whether the second message authentication code is consistent with the message authentication code of the client;
if the client side is judged to be legal, the authentication server judges that the identity of the client side is legal;
if not, the authentication server judges that the identity of the client is illegal and terminates the access authentication between the authentication server and the client.
9. The method according to any of claims 6-8, wherein before the authentication server deriving a session key based on a third key parameter, the random number of the authentication server and the user authentication message, comprising:
the authentication server is based on formula S Index =HASH (Index-Is) (S Is ) To obtain the third a key parameter; s is Index As the third key parameter, the Index is a first count value before updating, and S Is Updating a first key parameter for the authentication server;
the authentication server obtains an updated second count value according to the formula Is = Index + 1; the Is the updated second count value;
the authentication server is based on formula S Is =HASH(S Index ) Obtaining a first key parameter after updating; said S Is A first key parameter updated for the authentication server, the S Is The first key parameter S updated by the client Ic The same is true.
10. A method of access authentication, comprising:
the access terminal receives a network authentication message and an encrypted session key sent by an authentication server; the network authentication message is used for the client to verify whether the identity of the authentication server is legal or not and to generate a session key;
the access terminal decrypts the encrypted session key to obtain a decrypted session key;
and the access terminal sends the network authentication message to the client terminal.
11. An apparatus for access authentication, comprising means for performing the method of any one of claims 1-10.
12. An apparatus for access authentication, comprising a memory and a processor, wherein: the memory for storing a computer program, the computer program comprising program instructions;
the processor is configured to invoke the program instructions to cause the data synchronization device to perform the method of any of claims 1-10.
13. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, carries out the method according to any one of claims 1-10.
CN202110339645.8A 2021-03-30 2021-03-30 Method for access authentication, related device, equipment and readable storage medium Pending CN115150110A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110339645.8A CN115150110A (en) 2021-03-30 2021-03-30 Method for access authentication, related device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110339645.8A CN115150110A (en) 2021-03-30 2021-03-30 Method for access authentication, related device, equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN115150110A true CN115150110A (en) 2022-10-04

Family

ID=83403550

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110339645.8A Pending CN115150110A (en) 2021-03-30 2021-03-30 Method for access authentication, related device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN115150110A (en)

Similar Documents

Publication Publication Date Title
JP4842831B2 (en) Certificate-protected dynamic provisioning
JP5579872B2 (en) Secure multiple UIM authentication and key exchange
US7171555B1 (en) Method and apparatus for communicating credential information within a network device authentication conversation
US9197411B2 (en) Protocol and method for client-server mutual authentication using event-based OTP
CN111314072B (en) Extensible identity authentication method and system based on SM2 algorithm
JP2007511167A5 (en)
CN108886468A (en) System and method for distributing the keying material and certificate of identity-based
KR102017758B1 (en) Health device, gateway device and method for securing protocol using the same
CN112165386B (en) Data encryption method and system based on ECDSA
CN111756528A (en) Quantum session key distribution method and device and communication architecture
WO2022135391A1 (en) Identity authentication method and apparatus, and storage medium, program and program product
CN112235108A (en) 802.1X-based EAP-TLS authentication system
CN114024672A (en) Safety protection method and system for low-voltage power line carrier communication system
WO2022135394A1 (en) Identity authentication method and apparatus, storage medium, program, and program product
US20240064011A1 (en) Identity authentication method and apparatus, device, chip, storage medium, and program
WO2022135379A1 (en) Identity authentication method and apparatus
CN115150110A (en) Method for access authentication, related device, equipment and readable storage medium
WO2022135386A1 (en) Method and device for identity authentication
EP4270866A1 (en) Identity authentication method and apparatus, device, chip, storage medium, and program
WO2022135387A1 (en) Identity authentication method and apparatus
US20240129115A1 (en) Generating post-quantum pre-shared keys
WO2022135384A1 (en) Identity authentication method and apparatus
WO2022135404A1 (en) Identity authentication method and device, storage medium, program, and program product
WO2023151427A1 (en) Quantum key transmission method, device and system
WO2022135385A1 (en) Identity authentication method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination