WO2022135384A1

WO2022135384A1 - Identity authentication method and apparatus

Info

Publication number: WO2022135384A1
Application number: PCT/CN2021/140036
Authority: WO
Inventors: 铁满霞; 曹军; 赵晓荣; 赖晓龙; 李琴; 张变玲; 黄振海; 芦亮
Original assignee: 西安西电捷通无线网络通信股份有限公司
Priority date: 2020-12-26
Filing date: 2021-12-21
Publication date: 2022-06-30
Also published as: CN114760027A

Abstract

Disclosed are an identity authentication method and apparatus. The method comprises: an authentication access controller (AAC) receiving an identity ciphertext message sent by a requesting device REQ; the AAC sending a first authentication request message to a first authentication server trusted thereby, wherein the first authentication request message comprises a digital certificate of the REQ and an identity authentication code of the AAC; the first authentication server verifying the identity authentication code of the AAC; a second authentication server trusted by the REQ performing validity verification on the digital certificate of the REQ; the AAC receiving a first authentication response message which is sent by the first authentication server and carries verification results of the AAC and the REQ; and the AAC and the REQ respectively acquiring verification results of each other, thereby realizing bidirectional identity authentication. Sensitive information of entities is transmitted between the REQ and the AAC in the form of ciphertext, thereby ensuring the security of the entities.

Description

A kind of identity authentication method and device

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the priority of the Chinese patent application with the application number 202011569180.7 and the application title "An identity authentication method and device" filed with the China Patent Office on December 26, 2020, the entire contents of which are incorporated into this application by reference .

technical field

The present application relates to the technical field of network communication security, and in particular, to an identity authentication method and device.

Background technique

At present, communication networks usually require two-way identity authentication between users and network access points to ensure that only legitimate users can communicate with legitimate networks. The form of pre-shared key is used between them, but in some scenarios in practical applications, one end uses a digital certificate as an identity credential, and the other end uses a pre-shared key as an identity credential. challenge.

In addition, in the process of identity authentication, the identity information of the entity is directly exposed, and sometimes, the identity information of the entity contains some private or sensitive information of the entity, such as ID number, home address, bank card information, etc. If someone intercepted and then used it to engage in illegal activities, the consequences would be unimaginable. How to complete entity identification without exposing sensitive identity information has become a top priority.

SUMMARY OF THE INVENTION

In order to solve the above-mentioned technical problems, the present application provides an identity authentication method and device, which can realize the two-way identity authentication of the entity and the identity of the entity when the requesting device adopts a digital certificate and the authentication access controller adopts a pre-shared key as the identity credential. Protect.

In view of this, the first aspect of the present application provides an identity authentication method, including:

The authentication access controller receives the identity ciphertext message sent by the requesting device, the identity ciphertext message includes the identity information ciphertext of the requesting device, and the identity information ciphertext of the requesting device is encrypted by the requesting device using the message The key is generated by encrypting the encrypted data including the digital certificate of the requesting device;

The authentication access controller decrypts the ciphertext of the identity information of the requesting device by using the message encryption key to obtain the digital certificate of the requesting device, and sends a first authentication request message to the first authentication server trusted by the authentication access controller. The first authentication request message includes the digital certificate of the requesting device and the identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is used by the authentication access controller with the The pre-shared key of the first authentication server is calculated and generated by adopting the cryptographic algorithm agreed with the first authentication server on the information including the digital certificate of the requesting device;

The authentication access controller receives a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and the first authentication result of the second authentication server trusted by the requesting device. The digital signature, the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the identity authentication code of the authentication access controller, so The first digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the second authentication result information includes information about the digital certificate of the requesting device. In the second verification result, the first message authentication code of the first authentication server is that the first authentication server uses the pre-shared key with the authentication access controller and adopts the pre-shared key agreed with the authentication access controller. The cryptographic algorithm calculates and generates the information including the second authentication result information;

The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , then the authentication access controller determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; when the authentication access controller determines the identity authentication result of the requesting device When it is valid, send a third authentication response message to the requesting device; or,

The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , then the authentication access controller sends a third authentication response message to the requesting device and determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; or,

The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server; if the If the first message authentication code of the first authentication server passes the authentication, the authentication access controller determines the identity authentication result of the requesting device according to the second authentication result in the second authentication result information; the authentication access controller the controller sends a third authentication response message to the requesting device;

Wherein, the third authentication response message includes authentication result information ciphertext, and the authentication result information ciphertext is the authentication access controller using the message encryption key to include the first authentication result information and all The encrypted data including the first digital signature is encrypted and generated;

After receiving the third authentication response message, the requesting device decrypts the ciphertext of the authentication result information by using the message encryption key to obtain the first authentication result information and the first digital signature, and uses the third authentication result information to obtain the first authentication result information and the first digital signature. The public key of the second authentication server verifies the first digital signature, and if the verification is passed, the identity authentication result of the authentication access controller is determined according to the first verification result in the first authentication result information.

A second aspect of the present application provides a requesting device, including:

The sending module is configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the ciphertext of the identity information of the requesting device, and the ciphertext of the identity information of the requesting device is the ciphertext of the identity information of the requesting device used by the requesting device. The message encryption key is generated by encrypting the encrypted data including the digital certificate of the requesting device;

a receiving module, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an authentication result information ciphertext, and the authentication result information ciphertext is the authentication access control The device uses the message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature; the first authentication result information includes the identity authentication code for the authentication access controller. The first verification result, the first digital signature is the digital signature generated by the second authentication server to the signature data including the first authentication result information;

a decryption module for decrypting the authentication result information ciphertext using the message encryption key to obtain the first authentication result information and the first digital signature;

a verification module, configured to verify the first digital signature by using the public key of the second authentication server;

A determining module, configured to determine the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information if the authentication is passed.

A third aspect of the present application provides an authentication access controller, including:

A receiving module, configured to receive an identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the ciphertext of the identity information of the requesting device, and the ciphertext of the identity information of the requesting device is encrypted by the requesting device using the message The key is generated by encrypting the encrypted data including the digital certificate of the requesting device;

a decryption module, configured to decrypt the ciphertext of the identity information of the requesting device by using the message encryption key to obtain a digital certificate of the requesting device;

A sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the digital certificate of the requesting device and the authentication access controller The identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the cryptographic algorithm agreed with the first authentication server. Calculated and generated from the information including the digital certificate of the requesting device;

The receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and the first authentication result of the second authentication server trusted by the requesting device. The digital signature, the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the identity authentication code of the authentication access controller, so The first digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the second authentication result information includes information about the digital certificate of the requesting device. In the second verification result, the first message authentication code of the first authentication server is that the first authentication server uses the pre-shared key with the authentication access controller and adopts the pre-shared key agreed with the authentication access controller. The cryptographic algorithm calculates and generates the information including the second authentication result information;

A verification module, configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting the cryptographic algorithm agreed with the first authentication server; if the verification is passed, then The determination module determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; when the determining module determines that the identity authentication result of the requesting device is legal, the sending module sends the request to the requesting device. The device sends a third authentication response message; or,

It is used to verify the first message authentication code of the first authentication server by using the pre-shared key with the first authentication server and adopt the cryptographic algorithm agreed with the first authentication server. The module sends a third authentication response message to the requesting device, and the determining module determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; or,

It is used to verify the first message authentication code of the first authentication server by using the pre-shared key with the first authentication server and adopt the cryptographic algorithm agreed with the first authentication server; If the verification of the first message authentication code is passed, the determination module determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; the sending module sends a third authentication response message to the requesting device ;

Wherein, the third authentication response message includes authentication result information ciphertext, and the authentication result information ciphertext is the authentication access controller using the message encryption key to include the first authentication result information and all generated by encrypting the encrypted data including the first digital signature.

A fourth aspect of the present application provides a first authentication server, including:

The receiving module is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the digital certificate of the requesting device and the identity authentication code of the authentication access controller; the authentication access controller; The identity authentication code of the access controller is the authentication access controller uses the pre-shared key with the first authentication server, and adopts the cryptographic algorithm agreed with the first authentication server to verify the digital certificate including the requesting device. generated by the calculation of the information included;

A sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes the first authentication result information, the first digital signature of the second authentication server, and the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the identity authentication code of the authentication access controller, and the first digital signature is the The second authentication server calculates the digital signature generated by the signature data including the first authentication result information, the second authentication result information includes the second verification result of the digital certificate of the requesting device, the first authentication result information The first message authentication code of an authentication server is that the first authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to pair the data including the second authentication access controller. The information including the authentication result information is calculated and generated.

A fifth aspect of the present application provides a second authentication server, including:

A receiving module, configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device and the second digital signature or the second authentication request The message includes the first authentication result information, the digital certificate of the requesting device and the second message authentication code; the second digital signature is the digital signature of the first authentication server including the first authentication result information and the requesting device. The signature data including the certificate is calculated and generated, or the second message authentication code is the password agreed with the second authentication server by the first authentication server using the pre-shared key with the second authentication server. The algorithm calculates and generates the information including the first authentication result information and the digital certificate of the requesting device;

A verification module for verifying the second digital signature by using the public key of the first authentication server or using the pre-shared key with the first authentication server, and using the cryptographic algorithm agreed with the first authentication server to verify the second message authentication code;

The generating module is configured to, if the verification is passed, perform legality verification on the digital certificate of the requesting device to obtain a second verification result, generate second authentication result information according to information including the second verification result, and The signature data including the first authentication result information is calculated to generate the first digital signature, and the signature data including the second authentication result information is calculated and generated to generate a third digital signature or a Pre-shared key, using the cryptographic algorithm agreed with the first authentication server to calculate the information including the second authentication result information to generate a third message authentication code;

A sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information and the third digital signature or the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information and the third message authentication code.

A sixth aspect of the present application provides a requesting device, including:

memory for storing program instructions;

The processor is configured to call the program instructions stored in the memory, and execute the method steps on the requesting device side in the identity authentication method provided in the first aspect according to the obtained program.

A seventh aspect of the present application provides an authentication access controller, including:

memory for storing program instructions;

The processor is configured to invoke the program instructions stored in the memory, and execute the method steps for authenticating the access controller side in the identity authentication method provided in the first aspect according to the obtained program.

An eighth aspect of the present application provides a first authentication server, including:

memory for storing program instructions;

The processor is configured to invoke the program instructions stored in the memory, and execute the method steps on the first authentication server side in the identity authentication method provided in the first aspect according to the obtained program.

A ninth aspect of the present application provides a second authentication server, including:

memory for storing program instructions;

The processor is configured to call the program instructions stored in the memory, and execute the method steps on the second authentication server side in the identity authentication method provided in the first aspect according to the obtained program.

A tenth aspect of the present application provides a computer storage medium, where the computer storage medium stores computer-executable instructions, and the computer-executable instructions are used to cause the computer to execute the method steps of the identity authentication method provided in the first aspect. .

It can be seen from the above that the requesting device uses a digital certificate as its identity credential, and the authentication access controller uses a pre-shared key as its identity credential. During the identity authentication process, the requesting device first sends an identity ciphertext message to the authentication access controller, The identity ciphertext message includes the identity information ciphertext generated by the requesting device using the message encryption key to encrypt the encrypted data including the digital certificate of the requesting device; the authentication access controller uses the message encryption key to decrypt the identity information ciphertext to obtain Request the digital certificate of the device, and then use the pre-shared key with the first authentication server trusted by itself and the agreed cryptographic algorithm to calculate the information including the digital certificate of the requesting device to generate an identity authentication code that authenticates the access controller, and Send the digital certificate of the requesting device and the identity authentication code of the access controller to the first authentication server, the second authentication server trusted by the requesting device verifies the legality of the digital certificate of the requesting device, and the second authentication server trusted by the authentication access controller An authentication server verifies the identity authentication code of the authentication access controller. After completing the verification, the first authentication server sends a first authentication response message to the authentication access controller, and the authentication access controller obtains the request from the first authentication response message. The verification result of the device is used to determine whether the identity of the requesting device is legal, and the requesting device obtains the verification result of the authentication access controller from the third authentication response message sent by the authentication access controller to determine whether the identity of the authentication access controller is Legal, so as to realize the two-way identity authentication between the authentication access controller and the requesting device, and lay the foundation for ensuring that only legal users can communicate with the legal network. In addition, the entity's identity information and/or the identity authentication result information are transmitted in the form of cipher text, which ensures the security of the private information during the transmission process and realizes the entity's identity protection.

Description of drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the following briefly introduces the accompanying drawings that are used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments of the present application, and for those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.

1 is a schematic diagram of an identity authentication method provided by an embodiment of the present application;

2 is a schematic diagram of a method for requesting a device REQ and an authentication access controller AAC to negotiate a message encryption key according to an embodiment of the present application;

3 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;

4 is a schematic diagram of an identity authentication method provided by an embodiment of the present application, wherein "*" represents an optional field or an optional operation;

5 is a structural block diagram of a requesting device REQ provided by an embodiment of the present application;

FIG. 6 is a structural block diagram of an authentication access controller AAC according to an embodiment of the present application;

FIG. 7 is a structural block diagram of a first authentication server AS-AAC according to an embodiment of the present application;

8 is a structural block diagram of a second authentication server AS-REQ according to an embodiment of the present application;

FIG. 9 is a structural block diagram of another requesting device REQ provided by an embodiment of the present application;

10 is a structural block diagram of another authentication access controller AAC provided by an embodiment of the present application;

11 is a structural block diagram of another first authentication server AS-AAC provided by an embodiment of the present application;

FIG. 12 is a structural block diagram of another second authentication server AS-REQ provided by an embodiment of the present application.

Detailed ways

In a communication network, the requesting device can access the network through the authentication access controller. In order to ensure that the requesting device accessing the network belongs to a legitimate user and the network that the requesting device accesses is a legitimate network, the authentication between the access controller and the requesting device needs to be performed. Mutual Identity Authentication (MIA for short).

Taking the current wireless communication and mobile communication scenarios as an example, in the scenario where the requesting device accesses the wireless network through the authentication access controller, the requesting device can be a mobile phone, a personal digital assistant (PDA), a tablet computer, etc. The terminal device, the authentication access controller can be a network side device such as a wireless access point and a wireless router. In the scenario where the requesting device accesses the wired network through the authentication access controller, the requesting device may be a terminal device such as a desktop computer or a notebook computer, and the authentication access controller may be a network-side device such as a switch or a router. In the scenario where the requesting device accesses the 4th/5th Generation mobile communication technology (4G/5G) network through the authentication access controller, the requesting device may be a terminal device such as a mobile phone and a tablet computer. The authentication access controller may be a network side device such as a base station. Of course, the present application is also applicable to various data communication scenarios such as other wired networks and short-range communication networks.

However, in the existing entity authentication scheme, the identity certificate of the entity is either in the form of a digital certificate or a pre-shared key. When the pre-shared key is used as an identity certificate, no concise and effective authentication mechanism is proposed. In addition, in the transmission process of the identity authentication message, the identity information of the entity is directly exposed, so that its security cannot be guaranteed.

In order to solve the above technical problem, an embodiment of the present application provides an identity authentication method. For the application scenario in which the requesting device adopts a digital certificate and the authentication access controller adopts the pre-shared key authentication method, the authentication access controller trusts the application scenario. The first authentication server verifies the identity authentication code of the authentication access controller to verify the legitimacy of the identity of the authentication access controller to obtain a first verification result, and the second authentication server trusted by the requesting device verifies the digital certificate of the requesting device. to verify the legality of the identity of the requesting device to obtain a second verification result, the requesting device and the authentication access controller determine whether the counterparty entity is legal based on the verification result of the counterparty entity respectively, and realize the authentication between the access controller and the requesting device. Two-way authentication provides the basis for ensuring that only legitimate users can communicate with legitimate networks. In addition, the private information of the entity, such as identity identification, authentication result information, etc., is transmitted in the form of cipher text, which ensures the security of the private information during the transmission process and realizes the identity protection of the entity.

For ease of introduction, in the embodiments of the present application, a request device (REQuester, referred to as REQ), an authentication access controller (Authentication Access Controller, referred to as AAC) and an authentication server (Authentication Server, referred to as AS) will be used as examples to describe the requirements of the present application. The identification method is introduced.

The AS trusted by AAC is called the first authentication server AS-AAC, and the AS trusted by REQ is called the second authentication server AS-REQ. AS-REQ holds digital certificates and private keys corresponding to digital certificates that comply with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems. AS-AAC can verify the legitimacy of AAC's identity. AS-REQ Able to verify the legitimacy of REQ's identity. AS-AAC and AS-REQ can be the same AS or different ASs. When AS-AAC is the same as AS-REQ, it is a non-roaming situation; when AS-AAC is different from AS-REQ, it is a roaming situation. At this time, there is a valid pre-shared key between AS-AAC and AS-REQ, or, when AS-AAC holds a number that complies with ISO/IEC 9594-8/ITU X.509, other standards or other technical systems When the certificate and the private key corresponding to the digital certificate are used, AS-AAC and AS-REQ know each other's digital certificate or the public key in the digital certificate.

REQ can be an endpoint participating in the authentication process, establish a connection with AAC, access services provided by AAC, and access AS through AAC, and REQ holds ISO/IEC 9594-8/ITU X.509, other standards or other technologies The digital certificate specified by the system and the private key corresponding to the digital certificate know the digital certificate of AS-REQ or the public key in the digital certificate. The AAC can be another endpoint participating in the authentication process, establish a connection with the REQ, provide services, and communicate with the REQ, and can directly access the AS-AAC, and there is a valid pre-shared key between the AAC and the AS-AAC.

1, an identity authentication method provided by the embodiment of the present application is described, and the method includes:

S101. The AAC receives the identity ciphertext message REQInit sent by the REQ.

The REQInit includes the ciphertext EncData REQ of the identity information of _REQ . EncData _REQ is generated by REQ by encrypting the encrypted data including REQ's digital certificate Cert _REQ by using a message encryption key and a symmetric encryption algorithm. The message encryption key may be obtained through negotiation between REQ and AAC, or may be pre-shared by REQ and AAC. The implementation of the negotiated message encryption key between REQ and AAC will be introduced later. In this application, the encrypted object is called encrypted data.

S102. The AAC sends a first authentication request message AACVeri to the AS-AAC it trusts.

The AACVeri includes the identification code MIC _AAC of Cert _REQ and AAC. Among them, Cert _REQ is obtained by AAC using the message encryption key to decrypt the received EncData _REQ using a symmetric encryption algorithm; MIC _AAC is AAC using the pre-shared key K _{AAC_AS} with AS-AAC, using the password agreed with AS-AAC The algorithm calculates and generates the information including the Cert _REQ . As an example of this application, the cryptographic algorithm agreed by AAC and AS-AAC may be a hash algorithm. AAC uses the K _{AAC_AS} in combination with the hash algorithm to include other fields before the MIC _AAC field in AACVeri, such as including the Cert _REQ in the The hash value is obtained by hash operation, and the hash value is used as the identity authentication code MIC AAC of _AAC . In this application, the AAC uses the MIC _AAC as the identity information, and the REQ uses the Cert _REQ as the identity information.

It should be noted that when the AS-AAC trusted by AAC and the AS-REQ trusted by REQ are the same authentication server, the authentication server trusted by REQ and AAC can be represented by AS-AAC (of course, AS-REQ can also be used) . In this case, the validity of the Cert _REQ is verified by AS-AAC (which can also be expressed as AS-REQ) to obtain the second verification result Res _REQ , and the pre-shared key K _{AAC_AS} with AAC is used, and the password agreed with AAC is adopted. The algorithm verifies that the MIC _AAC obtains the first verification result Res _AAC , generates the first identification result information Pub _AAC according to the information including the Res _AAC , and generates the second identification result information Pub according to the information including the Res _REQ _REQ , and use the K _{AAC_AS} to calculate the information including the Pub _REQ using the cryptographic algorithm to generate the first message authentication code MIC _{AS_AAC} of AS-AAC (which can also be expressed as the first message authentication code of AS-REQ code MIC _{AS_REQ} ), calculate and generate the first digital signature Sig _{AS_AAC1} (also can be expressed as Sig _{AS_REQ1} ) for the signature data including the Pub _AAC , _according _to the _{AS_REQ1} ), the Pub _REQ and the MIC _{AS_AAC} (which may also be expressed as MIC _{AS_REQ} ), generate a first authentication response message ASVeri.

When the AS-AAC trusted by AAC and the AS-REQ trusted by REQ are two different authentication servers, in this case, AS-AAC uses the pre-shared key K _{AAC_AS} with AAC, and uses the cryptographic algorithm agreed with AAC to verify The MIC _AAC obtains the first verification result Res _AAC , generates the first authentication result information Pub _AAC according to the information including the Res _AAC , and calculates and generates the second number for the signature data including the Pub _AAC and the Cert _REQ Sign Sig _{AS_AAC2} , and send a second authentication request message AS-AACVeri to AS-REQ, where the AS-AACVeri includes the Pub _AAC , the Cert _REQ and the Sig _{AS_AAC2} . Wherein, Sig _{AS_AAC2} can be replaced with MIC _{AS_AAC2} , MIC _{AS_AAC2} is that AS-AAC uses the pre-shared key with AS-REQ, adopts the cryptographic algorithm agreed with AS-REQ to pair the Pub _AAC and the Cert _REQ . The message calculates the generated second message authentication code. Then, AS-REQ uses the public key of AS-AAC to verify the Sig _{AS_AAC2} , or uses the pre-shared key with AS-AAC to verify the MIC _{AS_AAC2} using the cryptographic algorithm agreed with AS-AAC. The Cert _REQ performs legality verification to obtain the second verification result Res _REQ , generates the second authentication result information Pub _REQ according to the information including the Res _REQ , and calculates the signature data including the Pub _AAC to generate the first digital signature Sig _{AS_REQ1} , calculate and generate a third digital signature Sig _{AS_REQ3} on the signature data including the Pub _REQ , and send a second authentication response message AS-REQVeri to the AS-AAC, where the AS-REQVeri includes the Pub _AAC , The Sig _{AS_REQ1} , the Pub _REQ and the Sig _{AS_REQ3} . Wherein, Sig _{AS_REQ3} can be replaced with MIC _{AS_REQ3} , and MIC _{AS_REQ3} is the first result calculated by AS-REQ using the pre-shared key with AS-AAC and using the cryptographic algorithm agreed with AS-AAC to calculate the information including the Pub _REQ . Three message authentication codes. Then, AS-AAC uses the public key of AS-REQ to verify the Sig _{AS_REQ3} , or uses the pre-shared key with AS-REQ to verify the MIC _{AS_REQ3} using the cryptographic algorithm agreed with AS-REQ. -AAC uses the pre-shared key K _{AAC_AS} with AAC, and uses the cryptographic algorithm agreed with AAC to calculate and generate the first message authentication code MIC _{AS_AAC} of AS-AAC for the information including the Pub _REQ , and according to including the Pub REQ The information including the _AAC , the Sig _{AS_REQ1} , the Pub _REQ and the MIC _{AS_AAC} generates the first authentication response message ASVeri.

In the above process, AS-AAC can know in advance that it has a valid pre-shared key K _{AAC_AS} and a cryptographic algorithm with AAC; in addition, AACVeri can also carry AAC's identity ID _AAC , AS-AAC can use ID AAC according to ID _AAC Make sure you have a valid K _{AAC_AS} and cipher algorithm with AAC. When AS-AAC verifies the MIC _AAC , it uses the K _{AAC_AS} and adopts the cryptographic algorithm agreed with the AAC to pair the information including other fields before the MIC _AAC in the AACVeri, such as the Cert _REQ . information, calculate and generate MIC _AAC locally, and then compare the calculated MIC _AAC with the received MIC _AAC , thereby completing the verification of the MIC _AAC .

S103. The AAC receives the first authentication response message ASVeri sent by the AS-AAC.

The ASVeri includes the first authentication result information Pub _AAC , the first digital signature Sig _{AS_REQ1} of the AS-REQ, the second authentication result information Pub _REQ and the first message authentication code MIC _{AS_AAC} of the AS-AAC. Wherein, the Pub _AAC includes the first verification result Res _AAC , the Sig _{AS_REQ1} is a digital signature calculated and generated by AS-REQ on the signature data including the Pub _AAC , and the Pub _REQ includes the second verification result Res _REQ , the MIC _{AS_AAC} is calculated and generated by the AS-AAC using the pre-shared key K _{AAC_AS} with the AAC and the cryptographic algorithm agreed with the AAC on the information including the Pub _REQ .

S104, the AAC uses the pre-shared key with the AS-AAC, and uses the cryptographic algorithm agreed with the AS-AAC to verify the MIC _{AS_AAC} .

Wherein, AAC utilizes the pre-shared key K _{AAC_AS} with AS-AAC, adopts the cryptographic algorithm agreed with AS-AAC to locally calculate and generate MIC _{AS_AAC} for the information including the Pub _REQ , and combines the calculated MIC _{AS_AAC} with The received MIC _{AS_AAC} is compared to complete the verification of the MIC _{AS_AAC} .

S105. The AAC determines the identity authentication result of the REQ according to the Res _REQ in the Pub _REQ .

Since the Res _REQ can reflect whether the REQ is legal, the AAC can determine whether the REQ is legal based on the Res _REQ in the Pub _REQ .

S106, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth includes the authentication result information ciphertext EncData _AAC . The EncData _AAC is generated by the AAC using a message encryption key and a symmetric encryption algorithm to encrypt the encrypted data including the Pub _AAC and the first digital signature Sig _{AS_REQ1} .

It should be noted that the execution sequence of S104 to S106 does not affect the specific implementation of the present application. In practical applications, the execution sequence of S104 to S106 may be set according to requirements. Preferably, it is recommended to perform S104 first, and when the AAC fails to verify the MIC _{AS_AAC} , discard the ASVeri of S103, and then perform S105 after the AAC has passed the verification of the MIC _{AS_AAC} , and perform S106 when the AAC determines that the REQ is valid. , when the AAC determines that the REQ is invalid, the AAC selects whether to execute S106 according to the local policy. Considering the efficiency, the preferred solution is not to execute and end the current authentication process.

S107, REQ decrypts the EncData _AAC with the message encryption key to obtain Pub _AAC and Sig _{AS_REQ1} , and uses the public key of AS-REQ to verify the Sig _{AS_REQ1} , if the verification is passed, then determine the AAC according to the Res _AAC in the Pub _AAC Identification result.

Wherein, REQ can use the message encryption key to decrypt the EncData _AAC by using the symmetric encryption algorithm to obtain Pub _AAC and Sig _{AS_REQ1} . Since the Res _AAC can reflect whether the AAC is legal, after the REQ verifies the Sig _{AS_REQ1} successfully, it can determine whether the AAC is legal according to the Res _AAC in the Pub _AAC ; if the REQ does not pass the Sig _{AS_REQ1} verification, the AACAuth is discarded.

It can be seen from the above that the embodiment of the present application provides an identity authentication method. By introducing an authentication server, a digital certificate is used for the requesting device, and the authentication access controller adopts the application scenario of the pre-shared key authentication method. The trusted first authentication server uses the pre-shared key with the authentication access controller to verify the identity authentication code of the authentication access controller to obtain the first verification result, and the second authentication server trusted by the requesting device verifies the digital certificate of the requesting device. The legality obtains the second verification result, and the requesting device and the authentication access controller obtain the verification results of the other entity respectively, so as to determine whether the other entity is legal, and realize the two-way identity authentication between the authentication access controller and the requesting device. In order to ensure that only legal users are This lays the groundwork for communicating with legitimate networks. In addition, the private information of the entity, such as identity identification, authentication result information, etc., is transmitted in the form of cipher text, which ensures the security of the private information during the transmission process and realizes the identity protection of the entity.

In some embodiments, to ensure the reliability of the authentication result, the AAC may generate a message integrity check code. For example, the AACAuth of S106 may further include a message integrity check code MacTag _AAC , where MacTag _AAC is calculated and generated by AAC using a message integrity check key pair including other fields in AACAuth except MacTag _AAC . Correspondingly, before determining the identity authentication result of the AAC according to the Res _AAC in the Pub _AAC in S107, the REQ also needs to use the message integrity check key to verify the MacTag _AAC , and then determine the AAC according to the Res _AAC in the Pub _AAC after the verification is passed. Identification result. Wherein, when REQ verifies MacTag _AAC , it should use the message integrity check key pair to include other fields in AACAuth except MacTag _AAC to generate MacTag _AAC locally, and compare the locally calculated MacTag _AAC with the received AACAuth Whether the _MacTag AACs are consistent. If they are consistent, the verification passes. If they are inconsistent, the verification fails.

Before determining the identity authentication result of the REQ, the AAC can also determine whether the digital signature Sig _REQ of the REQ has passed the verification. After determining that the Sig _REQ has passed the verification, the AAC will determine the identity authentication result of the REQ according to the Res _REQ in the Pub _REQ . Referring to FIG. 1, REQInit in S101 may also include the digital signature Sig _REQ of REQ, and the signature data of Sig _REQ includes other fields before Sig _REQ in REQInit, then before S105, the AAC also determines whether the Sig _REQ passes the verification , if it is determined that the Sig _REQ verification is passed, perform S105 again. Among them, AAC determines whether the Sig _REQ is verified through the following methods:

As an example of verifying the Sig _REQ by the authentication server, in the case that AS-REQ and AS-AAC are the same authentication server (that is, non-roaming), when AS-AAC (which can also be expressed as AS-REQ) ) When verifying the Sig _REQ , the Sig _REQ can be carried in the AACVeri of S102 and passed to AS-AAC (also expressed as AS-REQ), and AS-AAC (also expressed as AS-REQ) utilizes the Cert in AACVeri _REQ verifies the Sig _REQ , if the verification is passed, the steps such as generating and sending the first authentication response message ASVeri are continued; if the verification fails, the steps such as generating and sending the first authentication response message ASVeri will not be performed. Therefore, the AAC can determine whether the Sig _REQ verification is passed according to whether the first authentication response message ASVeri can be received. If the AAC can receive the ASVeri of S103, the AAC can determine that the Sig _REQ verification has passed.

As another embodiment of verifying the Sig _REQ by the authentication server, in the case that AS-REQ and AS-AAC are two different authentication servers (ie roaming), when AS-REQ verifies the Sig _REQ , Sig _REQ can be carried in the second authentication request message AS-AACVeri sent by AACVeri of S102 and AS-AAC to AS-REQ to AS-REQ, and AS-REQ uses Cert _REQ in AS-AACVeri to verify the Sig _REQ , if the verification is passed, the AS-REQ performs the steps of generating and sending the second identification response message AS-REQVeri and AS-AAC generating and sending the subsequent first identification response message ASVeri, if the verification fails, then the AS-REQ The steps of generating and sending the second authentication response message AS-REQVeri and AS-AAC not generating and sending the subsequent first authentication response message ASVeri are not performed. Therefore, the AAC can determine whether the Sig _REQ verification is passed according to whether the first authentication response message ASVeri can be received. If the AAC can receive the ASVeri of S103, the AAC can determine that the Sig _REQ verification has passed.

As an embodiment of verifying the Sig _REQ by the AAC, after receiving the REQInit of S101, the AAC can verify the Sig _REQ by using the Cert _REQ obtained by decrypting the EncData _REQ in the REQInit, and determine whether the Sig _REQ has passed the verification according to the verification result, If the verification fails, REQInit is discarded. Or, when the second authentication result information Pub _REQ generated by the authentication server also includes Cert _REQ , then after AAC receives the ASVeri of S103, the Sig _REQ can be verified using the Cert _REQ included in the Pub _REQ in the AAC, thereby determining Whether the Sig _REQ is verified, and if the verification fails, the ASVeri is discarded. Or, when the Pub _REQ in the ASVeri also includes the Cert _REQ , the AAC checks whether the Cert _REQ in the Pub _REQ is the same as the Cert _REQ obtained by decrypting the EncData _REQ , if it is the same, then use the Cert _REQ to verify the Sig _REQ , according to The verification result determines whether the Sig _REQ is verified successfully. If the verification fails, the ASVeri is discarded.

It should be noted that information such as random numbers and identity identifiers generated by the requesting device and/or the authentication access controller may be transmitted in messages exchanged in the identity authentication process. Under normal circumstances, the random number and/or ID carried in the received message should be the same as the random number and/or ID carried in the sent message. Loss or tampering of parameter information. Therefore, in some embodiments of the present application, the reliability of the authentication result can also be ensured by comparing whether the random numbers and/or identity identifiers in the sent and received messages are consistent. details as follows:

Please refer to FIG. 1, the AACVeri of S102 may also include the ID _{AAC of the AAC} and/or the first random number Nonce _{AAC generated by the AAC} , correspondingly, the ASVeri of S103 also includes the ID _AAC and/or the Nonce _AAC , then in Before S105, the AAC can first verify the consistency of the ID _AAC in the ASVeri and the ID _AAC of the AAC itself (that is, the ID _AAC sent by the AAC through the AACVeri), and/or, the Nonce _AAC and AAC in the ASVeri The consistency of the generated Nonce _AAC (that is, the Nonce _AAC sent by the AAC through the AACVeri) is verified, and if the verification is passed, the AAC executes S105 again.

In other embodiments, the Pub _AAC may further include ID _AAC , and the encrypted data of EncData _AAC in AACAuth of S106 also includes ID _AAC , then in S107, the identity authentication of AAC is determined according to Res _AAC in Pub _AAC Before the result, REQ also verifies the consistency of the ID _{AAC in the Pub AAC} _obtained by decrypting the EncData _AAC and the ID _AAC obtained by decrypting the EncData _AAC . If the verification is passed, the REQ determines the AAC according to the Res _AAC in the Pub _AAC . identification results.

Of course, in order to ensure the reliability of the authentication result, the REQ may also verify the consistency of the second random number Nonce REQ generated by the _REQ and/or the identity ID _REQ of the REQ.

Please refer to FIG. 1, the AACVeri of S102 may also include Nonce _REQ and/or ID _REQ , wherein, Nonce _REQ may be obtained by AAC from REQInit of S101, and ID _REQ may be obtained by AAC decrypting EncData _REQ in REQInit, That is to say, the encrypted data of EncData _REQ also includes ID _REQ ; correspondingly, the ASVeri of S103 also includes Nonce _REQ and/or ID _REQ , and the encrypted data of EncData _AAC in AACAuth of S106 also includes Nonce _REQ and/or ID _REQ , then Before determining the identity authentication result of the AAC according to the Res _AAC in the Pub _AAC in S107, the REQ can first verify the consistency of the Nonce REQ obtained by decrypting the EncData _AAC and the Nonce _REQ generated by the REQ, and/or, verifying the consistency of the Nonce _REQ obtained by decrypting the EncData _AAC . The consistency of the ID _REQ and the ID _REQ of the REQ itself is verified; if the verification is passed, the REQ determines the identity authentication result of the AAC according to the Res _AAC in the Pub _AAC .

In the above embodiment, the message encryption key used by REQ and AAC can be obtained through negotiation between the two. Therefore, this embodiment also provides a method for REQ and AAC to negotiate a message encryption key. Referring to FIG. 2, the method includes:

S201. The AAC sends a key request message AACInit to the REQ.

The AACInit includes the key exchange parameter KeyInfo _AAC of the AAC, and the KeyInfo _AAC includes the temporary public key of the AAC. The key exchange refers to a key exchange algorithm such as Diffie-Hellman (DH for short). The AACInit may also include the first random number Nonce AAC generated by _AAC .

The AACInit may also include Security capabilities _AAC , Security capabilities _AAC represents the security capability parameter information supported by AAC, including the identity authentication suite supported by AAC (the identity authentication suite includes one or more identity authentication methods), symmetric encryption algorithm, Integrity verification algorithm and/or key derivation algorithm, etc., for REQ to select and use a specific security policy, REQ can select the specific security policy Security capabilities _REQ used by REQ according to Security capabilities _AAC . Security capabilities _REQ means that REQ determines the identity authentication method, symmetric encryption algorithm, integrity check algorithm and/or key derivation algorithm to be used accordingly.

S202, REQ performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter KeyInfo _REQ including REQ and the temporary public key included in KeyInfo _AAC to generate a first key, and according to the information including the first key The message encryption key is calculated using a key derivation algorithm.

If the AACInit of S201 also includes the Nonce AAC generated by the _AAC , the REQ can perform the key exchange calculation according to the temporary private key corresponding to the KeyInfo _REQ and the temporary public key included in the KeyInfo _AAC to generate the first key K1, and combine K1 to include Information including Nonce _AAC and the second random number Nonce _REQ generated by REQ, use the negotiated or preset key derivation algorithm to calculate the message encryption key. The negotiated key derivation algorithm may be the key derivation algorithm selected by the REQ according to the Security capabilities _AAC sent by the AAC. Among them, KeyInfo _REQ is the key exchange parameter generated by REQ, including the temporary public key of REQ. The temporary private key corresponding to KeyInfo _REQ is a temporary private key generated by REQ and corresponding to the temporary public key of REQ, that is, the temporary public key and the temporary private key are a pair of temporary public and private keys.

S203, REQ sends an identity ciphertext message REQInit to the AAC.

The REQInit also includes KeyInfo _REQ , so that the AAC calculates and obtains the message encryption key according to the information including the temporary private key corresponding to the KeyInfo _AAC and the temporary public key included in the KeyInfo _REQ . The temporary private key corresponding to the KeyInfo _AAC is a temporary private key generated by the AAC and corresponding to the temporary public key of the AAC, that is, the temporary public key and the temporary private key are a pair of temporary public and private keys.

The REQInit may also include Security capabilities _REQ . The REQInit may also include the Nonce _REQ , so that the AAC can be calculated according to the information including the temporary private key corresponding to the KeyInfo _AAC , the temporary public key included in the KeyInfo _REQ , the Nonce _AAC and the Nonce _REQ . The message encryption key.

The REQInit may also include the Nonce _AAC , and the AAC may verify the consistency of the Nonce _AAC in the REQInit and the Nonce _AAC generated by the AAC before calculating the message encryption key, to ensure that the REQInit received by the AAC is a response to AACInit information.

S204. AAC performs key exchange calculation according to the temporary private key corresponding to the KeyInfo _AAC and the temporary public key included in the KeyInfo _REQ to generate the first key, and uses the encrypted key according to the information including the first key. The key derivation algorithm computes the message encryption key.

If the REQInit also includes the Nonce _REQ , the AAC may perform key exchange calculation according to the temporary private key corresponding to the KeyInfo _AAC and the temporary public key included in the KeyInfo _REQ to generate the first key K1 , combine K1 with the information including the Nonce _AAC and the Nonce _REQ , and use the negotiated or preset key derivation algorithm to calculate the message encryption key. The negotiated key derivation algorithm may be the key derivation algorithm selected and used by the AAC according to the Security capabilities _REQ sent by the REQ.

It should be noted that, in the embodiment of FIG. 2, REQ and AAC can also generate a message integrity check key. The implementation manner in which the REQ and the AAC each generate the message integrity check key is the same as the implementation manner in which the REQ and the AAC each generate the message encryption key exemplified in the embodiment of FIG. 2 . For example, AAC can use the key derivation algorithm to derive a string of key data in the manner of the embodiment in FIG. 2, and the key data can be used as both a message encryption key and a message integrity check key, or, the key data can be used as a message encryption key and a message integrity check key. A part of the key data in the key data is used as the message encryption key, and the other part of the key data is used as the message integrity check key; AAC can also use the key derivation algorithm to derive two strings of the same value in stages by using the key derivation algorithm in the embodiment of FIG. 2 Or different key data, one string is used as the message encryption key, and the other string is used as the message integrity check key. REQ can use the key derivation algorithm to derive a string of key data in the manner of the embodiment of FIG. 2, and the key data can be used as both a message encryption key and a message integrity check key, or the key data can be used as A part of the key data is used as the message encryption key, and the other part of the key data is used as the message integrity check key; The key data, one string is used as the message encryption key, and the other string is used as the message integrity check key.

The embodiment of the present application also provides a method for determining the first authentication server and/or the second authentication server used in this authentication process by utilizing the information exchange between the AAC and the REQ:

Referring to FIG. 2, AAC adds ID _{AS_AAC} of at least one authentication server trusted by AAC in AACInit of S201, and REQ determines ID _{AS_REQ} of at least one authentication server trusted by itself according to the ID _{AS_AAC} . During concrete realization, REQ selects at least one authentication server from ID _{AS_AAC} and is an authentication server trusted by itself as ID _{AS_REQ} , if the selection fails, then REQ uses at least one authentication server trusted by itself as ID _{AS_REQ} (wherein, the selection is successful corresponding to non-roaming case, select the failure corresponding to the roaming situation), add the ID _{AS_REQ} to the REQInit of S203 and send it to the AAC. Further, AAC can determine the first authentication server according to ID _{AS_AAC} and ID _{AS_REQ} . For example, AAC can determine whether there is at least one identical authentication server identity in ID _{AS_REQ} and ID _{AS_AAC} . In the identity identifier of the authentication server trusted by the above-mentioned at least one REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication server AS participating in identity authentication according to ID _{AS_AAC} -AAC, and send ID _{AS_REQ} to AS-AAC, so that AS-AAC can determine the second authentication server AS-REQ according to ID _{AS_REQ} .

As another implementation manner, the AAC may not need to send the ID _{AS_AAC} to the REQ, but the REQ adds the identity ID _{AS_REQ} of at least one authentication server trusted by itself in the REQInit of S203 . The implementation manner of determining the first authentication server and/or the second authentication server participating in the identity authentication according to the ID _{AS_REQ} and the identity ID _{AS_AAC} of the authentication server trusted by the AAC itself is as in the previous embodiment.

Since the authentication servers trusted by REQ and AAC can be the same or different, when the authentication servers trusted by REQ and AAC are the same, it is a non-roaming situation; when the authentication servers trusted by REQ and AAC are different, it is a roaming situation. Based on the foregoing embodiments, the following describes the identity authentication method provided by the embodiments of the present application for the following two situations in combination with the application scenarios of non-roaming and roaming: (1) the identity authentication method for REQ identity protection in the case of non-roaming; (2) In the case of roaming, the identity authentication method of REQ identity protection.

Referring to FIG. 3, it is an embodiment of the identity authentication method in the above-mentioned situation (1), in which AS-AAC (of course, AS-REQ) can be used to represent the authentication server jointly trusted by REQ and AAC. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation. The identification method includes:

S301, AAC generates Nonce _AAC and KeyInfo _AAC , and generates Security capabilites _AAC as required.

S302. The AAC sends a key request message AACInit to the REQ.

The AACInit includes Nonce _AAC , KeyInfo _AAC and Security capabilites _AAC . Among them, Security capabilites _AAC is an optional field, indicating the security capability parameter information supported by AAC, including the identity authentication suite, symmetric encryption algorithm, integrity check algorithm and/or key derivation algorithm supported by AAC (the same below).

S303. After REQ receives AACInit, perform the following operations (if there is no special description or logical relationship, the actions numbered in (1), (2)... The same as the full text), including:

(1), generate Nonce _REQ and KeyInfo _REQ ;

(2), generate Security capabilities _REQ as needed;

(3), according to including the temporary private key corresponding to KeyInfo _REQ and the temporary public key included in KeyInfo _AAC , perform key exchange calculation to generate the first key K1, combine K1 with Nonce _AAC , Nonce _REQ and other information (REQ and AAC adopt other information is the same and optional, such as a specific character string, etc.) use the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; wherein, the message integrity check key The calculation of the key can be performed when the message integrity check key is required.

(4), utilize the message encryption key to calculate and generate the identity information ciphertext EncData REQ of _REQ ;

(5), calculate the digital signature Sig REQ of _REQ .

S304, REQ sends an identity ciphertext message REQInit to the AAC.

The REQInit includes Nonce _AAC , Nonce _REQ , Security capabilities _REQ , KeyInfo _REQ , EncData _REQ and Sig _REQ . Among them, Nonce _AAC is an optional field and should be equal to the corresponding field in AACInit; Security capabilities _REQ is an optional field, whether REQ generates Security capabilities _REQ depends on whether the AACInit sent by AAC to REQ carries Security capabilities _AAC , Security capabilities _REQ Indicates the choice of a specific security policy made by REQ according to Security capabilites _AAC , that is, the identity authentication method, symmetric encryption algorithm, integrity check algorithm and/or key derivation algorithm determined by REQ (the same below); EncData _REQ encrypted data Including ID _REQ and Cert _REQ ; the signature data of Sig _REQ includes other fields before Sig _REQ in REQInit, when REQInit does not include the Nonce _AAC field, the signature data of Sig _REQ also includes the Nonce _AAC field in AACInit. In this application, the object to be signed is called signature data.

S305, AAC receives REQInit, and performs the following operations, including:

(1) If there is a Nonce _AAC in REQInit, check whether the Nonce _AAC is consistent with the Nonce AAC generated by _AAC , if not, discard REQInit;

(2), according to including the temporary private key corresponding to the KeyInfo _AAC and the temporary public key included in the KeyInfo _REQ , perform key exchange calculation to generate the first key K1, combine K1 with Nonce _AAC , Nonce _REQ and other information ( Other information used by AAC and REQ is the same and optional, such as a specific string, etc.) using the negotiated or preset key derivation algorithm to calculate the message encryption key and the message integrity check key; wherein, the message integrity The computation of the integrity check key can be performed only when the message integrity check key needs to be used.

(3), utilize message encryption key to decrypt EncData _REQ to obtain ID _REQ and Cert _REQ ;

(4), calculate and generate the identity authentication code MIC AAC of the _AAC .

S306. The AAC sends a first authentication request message AACVeri to the AS-AAC.

The AACVeri includes ID _REQ , Cert _REQ , Nonce _REQ , ID _AAC , Nonce _AAC and MIC _AAC . Among them, ID _REQ , Cert _REQ , Nonce _REQ should be equal to the corresponding fields in REQInit, Nonce _AAC should be equal to Nonce AAC generated by _AAC ; MIC _AAC is AAC using the pre-shared key K _{AAC_AS} with AS-AAC, using the same as AS-AAC The hash value calculated by the agreed hash algorithm includes other fields before MIC _AAC in AACVeri. For example, when AACVeri includes ID _REQ , Cert _REQ , Nonce _REQ , ID _AAC , Nonce _AAC and MIC _AAC in sequence, AAC uses the K _{AAC_AS} uses the hash algorithm to perform hash operation on information including ID _REQ , Cert _REQ , Nonce _REQ , ID _AAC and Nonce _AAC to obtain MIC _AAC .

S307. After receiving the AACVeri, AS-AAC performs the following operations, including:

(1), utilize the pre-shared key K _{AAC_AS} with AAC, adopt the hash algorithm agreed with AAC to verify MIC _AAC to obtain Res _AAC , and generate Pub _AAC according to the information including Res _AAC and ID _AAC ;

Wherein, AS-AAC determines the pre-shared key K _{AAC_AS} and the hash algorithm agreed with AAC according to the ID _AAC in AACVeri, and uses the K _{AAC_AS} to calculate the value of other fields before the MIC _AAC in AACVeri by using the hash algorithm locally. MIC _AAC , and compare it with the received MIC _AAC , if it is the same, then the MIC _AAC verification is passed, AS-AAC determines that the AAC's identity authentication result is legal, if not, then the MIC _AAC verification fails, AS-AAC according to The local policy may have the following processing methods, including: discarding the AACVeri or determining that the identity authentication result of the AAC is invalid, etc.

(2), verify the legitimacy of Cert _REQ to obtain Res _REQ , and generate Pub _REQ according to the information including Cert _REQ and Res _REQ ;

(3) Calculate the first message authentication code MIC _{AS_AAC} and the first digital signature Sig _{AS_AAC1} of the AS-AAC.

S308, the AS-AAC sends the first authentication response message ASVeri to the AAC.

The ASVeri includes ID _REQ , Nonce _REQ , Pub _AAC , Sig _{AS_AAC1} , ID _AAC , Nonce _AAC , Pub _REQ and MIC _{AS_AAC} . Among them, ID _REQ , Nonce _REQ , ID _AAC , and Nonce _AAC should be equal to the corresponding fields in AACVeri respectively; Sig _{AS_AAC1} is generated by AS-AAC on signature data including ID _REQ , Nonce _REQ , and Pub _AAC ; MIC _{AS_AAC} It is a hash value generated by AS-AAC using the pre-shared key K _{AAC_AS} with AAC and using the hash algorithm agreed with AAC to calculate and generate the information including ID _AAC , Nonce _AAC , and Pub _REQ .

S309. After AAC receives ASVeri, it performs the following operations, including:

(1), check whether ID _AAC and Nonce _AAC in ASVeri are the same as the Nonce _AAC generated by AAC's own identity ID _AAC and AAC respectively;

(2), utilize the described K _{AAC_AS} , adopt the hash algorithm agreed with AS-AAC to verify MIC _{AS_AAC} ;

The verification process of MIC _{AS_AAC} is: AAC uses the K _{AAC_AS} to perform hash operation on the information including ID _AAC , Nonce _AAC , and Pub _REQ using the hash algorithm to obtain MIC _{AS_AAC} , and compares it with the received MIC _{AS_AAC} , if they are consistent, the verification passes; if they are inconsistent, the verification fails.

(3), check whether the Cert _REQ in the Pub _REQ is the same as the Cert _REQ obtained by decrypting the EncData _REQ ;

(4), utilize Cert _REQ to verify the digital signature Sig REQ of _REQ ;

(5), if any one step in the above-mentioned inspection and verification fails, then discard ASVeri immediately; after the above-mentioned inspection and verification pass, determine the identity authentication result of REQ according to Res _REQ in Pub _REQ ; if it is determined that REQ is illegal, then end the identification process;

(6), calculate EncData _AAC and MacTag _AAC .

S310. AAC sends a third authentication response message AACAuth to REQ.

The AACAuth includes EncData _AAC and MacTag _AAC . Among them, EncData _AAC is generated by AAC using message encryption key to encrypt encrypted data including ID _REQ , Nonce _REQ , Pub _AAC , Sig _{AS_AAC1} and ID _AAC ; the calculation process of MacTag _AAC is: using message integrity check key The key uses an integrity check algorithm to calculate and generate MacTag _{AAC from information including other fields in AACAuth except MacTag AAC} _.

S311. After receiving the AACAuth, REQ performs the following operations, including:

(1), verify MacTag _AAC ;

The verification process is: use the message integrity check key and use the integrity check algorithm to calculate the MacTag _{AAC locally for the information including the other fields in AACAuth except the MacTag AAC} ₍ this calculation method is the same as the way AAC calculates the MacTag _AAC . ), compare the calculated MacTag _AAC with the received MacTag _AAC .

(2), utilize message encryption key to decrypt EncData _AAC to obtain ID _REQ , Nonce _REQ , Pub _AAC , Sig _{AS_AAC1} and ID _AAC ;

(3), check whether the ID _REQ and Nonce _REQ obtained by decryption are the same as the Nonce _REQ generated by the ID _REQ of REQ itself and REQ respectively;

(4), check whether the ID _AAC obtained by decryption is the same as the ID _AAC in Pub _AAC ;

(5), utilize the public key of AS-AAC to verify Sig _{AS_AAC1} ;

(6) If any one of the above checks and verifications fails, the AACAuth will be discarded immediately; if both of the above checks and verifications pass, the AAC's identity authentication result will be determined according to the Res _AAC in the Pub _AAC .

Thus, the identification of REQ and AAC is realized in S309 and S311 respectively, that is, the two-way identification of REQ and AAC is realized, and the identification information and identification result information are transmitted between REQ and AAC in cipher text, realizing the identification of identity. Protect.

It should be noted that the operation of verifying the Sig _REQ in S309 can also be changed to be performed first in S305, that is, in S305, AAC uses the Cert _REQ obtained by decrypting the EncData _REQ to verify the Sig _REQ . In this case, there is no need to verify the Sig _REQ in S309. Then the Cert _{REQ may not be included in the Pub REQ} _. Alternatively, the operation of verifying the Sig _REQ in S309 can also be changed to be performed first in S307. At this time, the Sig _REQ can be passed to the AS-AAC through AACVeri, that is, in S307, the AS-AAC uses the Cert _REQ to verify the Sig _REQ . After the verification is passed The validity of the Cert _REQ is then verified. In this case, the Sig _REQ does not need to be verified in S309, and the Cert _{REQ may not be included in the Pub REQ} _.

Referring to FIG. 4, it is an embodiment of the identity authentication method in the above (2) situation. In this embodiment, the message encryption key negotiation process between REQ and AAC is integrated into the identity authentication process in parallel, which is more convenient for engineering implementation. . The identification method includes:

S401, AAC generates Nonce _AAC and KeyInfo _AAC , and generates Security capabilities _AAC as required.

S402. The AAC sends a key request message AACInit to the REQ.

The AACInit includes Nonce _AAC , KeyInfo _AAC , Security capabilities _AAC and ID _{AS_AAC} . Among them, Security capabilities _AAC and ID _{AS_AAC} are optional fields, and ID _{AS_AAC} represents the identity of at least one authentication server trusted by AAC, which is used to make REQ determine whether there is a mutually trusted authentication server (the same below) according to ID _{AS_AAC} .

S403. After REQ receives AACInit, the following operations are performed, including:

(1), generate Nonce _REQ and KeyInfo _REQ ;

(2), generate ID _{AS_REQ} and Security capabilities _REQ as needed;

(5), calculate the digital signature Sig REQ of _REQ .

S404, REQ sends an identity ciphertext message REQInit to the AAC.

The REQInit includes Nonce _AAC , Nonce _REQ , KeyInfo _REQ , Security capabilities _REQ , ID _{AS_REQ} , EncData _REQ and Sig _REQ . Wherein, the encrypted data of EncData _REQ includes ID _REQ and Cert _REQ ; Nonce _AAC is an optional field, and should be equal to the corresponding field in AACInit; Security capabilities _REQ and ID _{AS_REQ} are optional fields, and ID _{AS_REQ} represents at least one of REQ trust. The identity of the authentication server. When ID _{AS_AAC} exists in AACInit, REQ tries to select at least one authentication server that is the same as ID _{AS_AAC} as ID _{AS_REQ} from the authentication servers it trusts. If the selection fails, at least one authentication server it trusts will be used for authentication Server as ID _{AS_REQ} ; When ID _{AS_AAC} does not exist in AACInit, REQ uses at least one authentication server trusted by itself as ID _{AS_REQ} (the same below); The signature data of Sig _REQ includes other fields before Sig _REQ in REQInit, when REQInit does not When the Nonce _AAC field is included, the signature data of the Sig _REQ also includes the Nonce _AAC field in AACInit.

S405. After receiving REQInit, AAC performs the following operations, including:

(3) If REQInit carries ID _{AS_REQ} and AACInit carries ID _{AS_AAC} , then AAC judges whether ID _{AS_REQ} and ID _{AS_AAC} have at least one identical identification server identity. In the identity of an authentication server trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication server AS-AAC participating in identity authentication according to ID _{AS_AAC} , and send the ID _{AS_REQ} to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID _{AS_REQ} ; or,

If the ID _{AS_REQ} is carried in REQInit but the ID AS_AAC is not carried in _AACInit , the AAC determines whether the ID _{AS_REQ} and the authentication server trusted by the AAC have at least one identical ID of the authentication server. If so, it is a non-roaming situation. In the identification of at least one authentication server mutually trusted by REQ and AAC, determine the first authentication server participating in identity authentication; if it does not exist, it is a roaming situation, and AAC needs to determine the first authentication participating in identity authentication according to the authentication server trusted by itself. The server AS-AAC sends the ID _{AS_REQ} to the AS-AAC, so that the AS-AAC determines the second authentication server AS-REQ according to the ID _{AS_REQ} ;

It should be noted that the result determined in this embodiment should be a roaming situation.

(4), utilize message encryption key to decrypt EncData _REQ to obtain ID _REQ and Cert _REQ ;

(5), calculate and generate the identity authentication code MIC AAC of the _AAC .

S406. The AAC sends a first authentication request message AACVeri to the AS-AAC.

The AACVeri includes Nonce _REQ , ID _{AS_REQ} , ID _REQ , Cert _REQ , ID _AAC , Nonce _AAC and MIC _AAC . Among them, ID _{AS_REQ} is an optional field. In the case that AS-AAC knows AS-REQ, this field may not be carried in AACVeri, otherwise, this field is carried in AACVeri, so that AS-AAC determines AS-REQ according to ID _{AS_REQ} ; MIC _AAC is a hash value calculated by AAC using the pre-shared key K _{AAC_AS} with AS-AAC, and using the hash algorithm agreed with AS-AAC, including other fields before MIC _AAC in AACVeri.

S407. After receiving the AACVeri, AS-AAC performs the following operations, including:

(1), verify MIC _AAC and obtain Res _AAC , generate Pub _AAC according to the information including Res _AAC and ID _AAC ; The verification process is referring to the relevant content of the embodiment of Fig. 3;

(2), if there is ID _{AS_REQ} in AACVeri, then AS-AAC determines the second authentication server AS-REQ according to ID _{AS_REQ} ; if it does not exist, it means that AS-AAC has confirmed AS-REQ;

(3), calculate the second digital signature Sig _{AS_AAC2} .

S408, AS-AAC sends a second authentication request message AS-AACVeri to AS-REQ.

The AS-AACVeri includes Nonce _REQ , ID _REQ , Cert _REQ , ID _AAC , Nonce _AAC , Pub _AAC and Sig _{AS_AAC2} . The signature data of Sig _{AS_AAC2} includes other fields before Sig _{AS_AAC2} in AS-AACVeri.

S409. After the AS-REQ receives the AS-AACVeri, the following operations are performed, including:

(1), utilize the public key of AS-AAC to verify Sig _{AS_AAC2} ;

(3) Calculate the first digital signature Sig _{AS_REQ1} and the third digital signature Sig _{AS_REQ3} .

S410. The AS-REQ sends a second authentication response message AS-REQVeri to the AS-AAC.

The AS-REQVeri includes ID _REQ , Nonce _REQ , Pub _AAC , Sig _{AS_REQ1} , ID _AAC , Nonce _AAC , Pub _REQ and Sig _{AS_REQ3} . Among them, ID _REQ , Nonce _REQ , Pub _AAC , ID _AAC , and Nonce _AAC should be equal to the corresponding fields in AS-AACVeri respectively; Sig _{AS_REQ1} is calculated by AS-REQ on the signature data including ID _REQ , Nonce _REQ , and Pub _AAC Generated; Sig _{AS_REQ3} is calculated and generated by AS-REQ on signature data including ID _AAC , Nonce _AAC , and Pub _REQ .

S411. After receiving the AS-REQVeri, the AS-AAC performs the following operations, including:

(1), utilize the public key of AS-REQ to verify Sig _{AS_REQ3} ; If the verification fails, then discard AS-REQVeri;

(2) Calculate the first message authentication code MIC _{AS_AAC} of the AS-AAC.

S412. The AS-AAC sends the first authentication response message ASVeri to the AAC.

The ASVeri includes ID _REQ , Nonce _REQ , Pub _AAC , Sig _{AS_REQ1} , ID _AAC , Nonce _AAC , Pub _REQ and MIC _{AS_AAC} . Among them, ID _REQ , Nonce _REQ , Pub _AAC , Sig _{AS_REQ1} , ID _AAC , Nonce _AAC , and Pub _REQ should be respectively equal to the corresponding fields in AS-REQVeri; MIC _{AS_AAC} is used by AS-AAC and AAC pre-shared key K _{AAC_AS} , using the hash algorithm agreed with AAC to calculate the hash value generated by the information including ID _AAC , Nonce _AAC , and Pub _REQ .

S413. After AAC receives ASVeri, it performs the following operations, including:

(2), verify MIC _{AS_AAC} ; The verification process is referring to the relevant content of the embodiment of Fig. 3;

(4), utilize Cert _REQ to verify Sig _REQ ;

(5), if any step in the above-mentioned inspection and verification fails, then discard ASVeri immediately; after the above-mentioned inspection and verification pass, determine the identity authentication result of REQ according to the Res _REQ in the Pub _REQ ; if it is determined that REQ is illegal, end This identification process;

(6), calculate EncData _AAC and MacTag _AAC .

S414, AAC sends a third authentication response message AACAuth to REQ.

The AACAuth includes EncData _AAC and MacTag _AAC . Wherein, EncData _AAC is generated by AAC using a message encryption key to encrypt encrypted data including ID _REQ , Nonce _REQ , Pub _AAC , Sig _{AS_REQ1} and ID _AAC ; the calculation of MacTag _AAC is as shown in the relevant content of the embodiment in FIG. 3 .

S415. After receiving the AACAuth, REQ performs the following operations, including:

(1), verify MacTag _AAC ; Verify the relevant content of the embodiment as shown in Figure 3;

(2), utilize message encryption key to decrypt EncData _AAC to obtain ID _REQ , Nonce _REQ , Pub _AAC , Sig _{AS_REQ1} and ID _AAC ;

(4), check whether the ID _AAC obtained by decryption is consistent with the ID _AAC in Pub _AAC ;

(5), utilize the public key of AS-REQ to verify Sig _{AS_REQ1} ;

(6) After the above checks and verifications are passed, the identity authentication result of AAC is determined according to Res _AAC in Pub _AAC ; if any step of the above checks and verifications fails, AACAuth is immediately discarded.

As a result, at S413 and S415, the identification of the REQ and the AAC are respectively realized, that is, the two-way identification of the REQ and the AAC is realized, and the identity information of the REQ is transmitted between the REQ and the AAC in cipher text, realizing the identity protection of the REQ. .

It should be noted that (1), the operation of verifying the Sig _REQ in S413 can also be changed to be performed first in S405, that is, in S405, AAC uses the Cert _REQ obtained by decrypting the EncData _REQ to verify the Sig _REQ . In this case, in S413 There is no need to verify the Sig _REQ , and the Cert _{REQ may not be included in the Pub REQ} _. Alternatively, the operation of verifying Sig _REQ in S413 can also be changed to be performed first in S409. At this time, Sig _REQ can be passed to AS-REQ through AACVeri and AS-AACVeri, that is, in S409, AS-REQ uses Cert _REQ to verify Sig _REQ Verification is performed, and after the verification is passed, the legality of the Cert _REQ is verified. In this case, the Sig _REQ does not need to be verified in S413, and the Cert _{REQ may not be included in the Pub REQ} _. (2) The second digital signature Sig _{AS_AAC2} in S407 and S408 can be replaced by the second message authentication code MIC _{AS_AAC2} , wherein MIC _{AS_AAC2} is the pre-shared key that AS-AAC uses with AS-REQ, and adopts the agreement with AS-REQ The hash algorithm includes the hash value calculated by other fields before MIC _{AS_AAC2} in AS-AACVeri; in S409, the AS-REQ verification Sig _{AS_AAC2} is replaced by the verification MIC _{AS_AAC2} . The third digital signature Sig _{AS_REQ3} in S409 and S410 can be replaced with a third message authentication code MIC _{AS_REQ3} , where MIC _{AS_REQ3} is the hash algorithm that AS-REQ uses the pre-shared key with AS-AAC and adopts the hash algorithm agreed with AS-AAC. The hash value calculated by the fields including ID _AAC , Nonce _AAC , and Pub _REQ in AS-REQVeri; in S411, the AS-AAC verification Sig _{AS_REQ3} is replaced by the verification MIC _{AS_REQ3} .

In each of the above embodiments, each message may also carry a hash value HASH _{X_Y} , and the hash value HASH _{X_Y} is calculated by the sender entity X of the message using the hash algorithm on the latest pre-order message sent by the peer entity Y received. obtained, which is used by the peer entity Y to verify whether the entity X has received the complete latest pre-order message. Among them, HASH _{REQ_AAC} represents the hash value calculated by REQ on the latest pre-order message sent by the received AAC, HASH _{AAC_REQ} represents the hash value calculated by AAC on the latest pre-order message sent by the received REQ, and HASH _{AAC_AS-AAC} represents the hash value calculated by AAC on the received Hash value calculated by the latest pre-order message sent by the received AS-AAC, HASH _{AS-AAC_AAC} represents the hash value calculated by AS-AAC for the latest pre-order message sent by the received AAC, HASH _{AS-AAC_AS-REQ} represents the AS-AAC Hash value calculated for the latest pre-order message sent by AS-REQ received, HASH _{AS-REQ_AS-AAC} indicates the hash value calculated by AS-REQ for the latest pre-order message sent by AS-AAC received. If the message currently sent by the sender entity X is the first message in the interaction between entity X and entity Y, it means that entity X has not received the pre-order message sent by the peer entity Y, then HASH _{X_Y} may not exist in the message or meaningless.

Correspondingly, after the peer entity Y receives the message sent by the entity X, if the message contains HASH _{X_Y} , then when the entity Y has not sent the preorder message to the entity X, the entity Y ignores the HASH _{X_Y} ; When sending a pre-order message to entity X, entity Y uses the hash algorithm to calculate the hash value locally for the latest pre-order message previously sent to entity X, and compares it with the hash value HASH _{X_Y} carried in the received message. If they are consistent, Then execute the following steps, otherwise discard or end the current authentication process.

In the present invention, for the entity X, the pre-order message sent by the peer entity Y to the entity X refers to the received message M sent by the peer entity Y to the entity X before the entity X sends the message M to the peer entity Y. Message; the latest pre-order message sent by peer entity Y to entity X refers to the latest message sent by peer entity Y to entity X before entity X sends message M to peer entity Y. If the message M sent by entity X to its peer entity Y is the first message exchanged between entity X and entity Y, then there is no peer entity Y to the entity before entity X sends message M to its peer entity Y The preorder message sent by X.

The optional fields and optional operations in the above-mentioned embodiments corresponding to FIG. 3 to FIG. 4 are represented by “*” in FIG. 3 to FIG. 4 of the accompanying drawings. The contents included in the messages involved in all the above embodiments are not limited in order, and unless otherwise specified, the order of operations performed by the message receiver on the related messages after receiving the message and the content included in the message are not limited. order of processing.

Based on the method embodiments corresponding to FIGS. 1 to 4 , and referring to FIG. 5 , an embodiment of the present application further provides a requesting device 500 , including:

The sending module 510 is configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the ciphertext of the identity information of the requesting device, and the ciphertext of the identity information of the requesting device is the ciphertext of the identity information of the requesting device Generated by encrypting encrypted data including the digital certificate of the requesting device using a message encryption key;

The receiving module 520 is configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an authentication result information ciphertext, and the authentication result information ciphertext is the authentication access The controller uses the message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature; the first authentication result information includes the identity authentication of the authentication access controller. The first verification result of the code, the first digital signature is a digital signature generated by the second authentication server on the signature data including the first authentication result information;

Decryption module 530, configured to decrypt the authentication result information ciphertext using the message encryption key to obtain the first authentication result information and the first digital signature;

a verification module 540, configured to use the public key of the second authentication server to verify the first digital signature;

The determining module 550 is configured to determine the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information if the authentication is passed.

Optionally, before the sending module 510 sends the identity ciphertext message, the receiving module 520 is further configured to: receive a key request message sent by the authentication access controller, where the key request message includes the authentication access controller. key exchange parameters of the controller; the requesting device further includes:

A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller , calculate the message encryption key by using a key derivation algorithm according to the information including the first key;

Then, the identity ciphertext message also includes the key exchange parameter of the requesting device.

Optionally, the key request message further includes a first random number generated by the authentication access controller; the calculation module is specifically configured to: and the information including the second random number generated by the requesting device to calculate the message encryption key; correspondingly, the identity ciphertext message also includes the second random number.

Optionally, the identity ciphertext message sent by the sending module further includes the first random number.

Optionally, the key request message further includes security capability parameter information supported by the authentication access controller; the determining module 550 is further configured to: determine the specific security capability used by the requesting device according to the security capability parameter information. policy; then the identity ciphertext message also includes the specific security policy.

Optionally, the key request message further includes an identity identifier of at least one authentication server trusted by the authentication access controller; the determining module 550 is further configured to: according to the at least one authentication server trusted by the authentication access controller The identity identifier of the server determines the identity identifier of at least one authentication server trusted by the requesting device; the identity ciphertext message also includes the identity identifier of at least one authentication server trusted by the requesting device.

Optionally, the identity ciphertext message sent by the sending module further includes an identity identifier of at least one authentication server trusted by the requesting device.

Optionally, the encrypted data of the ciphertext of the identity information of the requesting device further includes the identity identifier of the requesting device, and the identity ciphertext message also includes a second random number generated by the requesting device; The encrypted data of the authentication result information ciphertext in the third authentication response message also includes the identity identifier of the requesting device and/or the second random number;

Correspondingly, the decryption module decrypts the ciphertext of the authentication result information in the third authentication response message to obtain the identity of the requesting device and/or the second random number;

Before the determination module determines the identity authentication result of the authentication access controller, the verification module is further configured to: compare the identity of the requesting device obtained by decrypting the ciphertext of the authentication result information with the requesting device verifying the consistency of its own identity identifier, and/or verifying the consistency of the second random number obtained by decrypting the ciphertext of the authentication result information and the second random number generated by the requesting device; and determining Consistency verification passed.

Optionally, the third authentication response message further includes a message integrity check code; before the determination module determines the identity authentication result of the authentication access controller, the verification module is further configured to: use the message The integrity check key verifies the message integrity check code; and it is determined that the verification passes; the message integrity check key is generated in the same manner as the message encryption key.

Optionally, the message sent by the requesting device to the authentication access controller further includes a hash value calculated by the requesting device on the received latest pre-order message sent by the authentication access controller.

Referring to FIG. 6, an embodiment of the present application further provides an authentication access controller 600, including:

The receiving module 610 is configured to receive the identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the ciphertext of the identity information of the requesting device, and the ciphertext of the identity information of the requesting device is the ciphertext of the identity information of the requesting device. The encryption key is generated by encrypting the encrypted data including the digital certificate of the requesting device;

A decryption module 620, configured to decrypt the ciphertext of the identity information of the requesting device by using the message encryption key to obtain a digital certificate of the requesting device;

A sending module 630, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the digital certificate of the requesting device and the authentication access control The identity authentication code of the authentication access controller; the authentication access controller's identity authentication code is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the password agreed with the first authentication server. The algorithm calculates and generates the information including the digital certificate of the requesting device;

The receiving module 610 is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and the first number of the second authentication server trusted by the requesting device. signature, the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the identity authentication code of the authentication access controller, the The first digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the second authentication result information includes the first authentication result of the digital certificate of the requesting device. The second verification result, the first message authentication code of the first authentication server is that the first authentication server uses the pre-shared key with the authentication access controller, and adopts the password agreed with the authentication access controller. The algorithm calculates and generates the information including the second identification result information;

The verification module 640 is configured to use the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting the cryptographic algorithm agreed with the first authentication server, if the verification is passed, Then the determination module 650 determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; when the determination module 650 determines that the authentication result of the requesting device is legal, the sending module 630 sends the request device to the requesting device. The requesting device sends a third authentication response message; or,

For using the pre-shared key with the first authentication server, adopt the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server, if the verification is passed, the sending module 630 Send a third authentication response message to the requesting device and the determining module 650 determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; or,

It is used to verify the first message authentication code of the first authentication server by using the pre-shared key with the first authentication server and adopt the cryptographic algorithm agreed with the first authentication server; If the first message authentication code is verified, the determination module 650 determines the identity authentication result of the requesting device according to the second authentication result in the second authentication result information; the sending module 630 sends a third authentication response message to the requesting device ;

Optionally, before the receiving module 610 receives the identity ciphertext message, the sending module 630 is further configured to: send a key request message to the requesting device, where the key request message includes the password for authenticating the access controller. key exchange parameters; the identity ciphertext message also includes the key exchange parameters of the requesting device; the authentication access controller further includes:

A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device , and calculate the message encryption key by using a key derivation algorithm according to the information including the first key.

Optionally, the key request message further includes a first random number generated by the authentication access controller; the identity ciphertext message also includes a second random number generated by the requesting device;

The calculation module is specifically configured to calculate the message encryption key according to information including the first key, the first random number and the second random number.

Optionally, the identity ciphertext message further includes the first random number; before the computing module calculates the message encryption key, the verification module 640 is further configured to: The consistency of the first random number and the first random number generated by the authentication access controller is verified; and it is determined that the consistency verification is passed.

Optionally, the key request message further includes the identity of at least one authentication server trusted by the authentication access controller; the identity ciphertext message also includes the identity of the at least one authentication server trusted by the requesting device. then the determining module 650 is further configured to: according to the identity of at least one authentication server trusted by the requesting device in the identity ciphertext message and at least one authentication server trusted by the authentication access controller in the key request message An identity identifier of an authentication server to determine the first authentication server.

Optionally, the identity ciphertext message also includes the identity of the at least one authentication server trusted by the requesting device; then the determining module 650 is further configured to: according to the identity of the at least one authentication server trusted by the requesting device and The identity identifier of the authentication server trusted by the authentication access controller determines the first authentication server.

Optionally, the first authentication request message further includes the identity of the authentication access controller and/or the first random number generated by the authentication access controller; correspondingly, the first authentication response The message also includes the identity identification of the authentication access controller and/or the first random number;

Before the determination module 650 determines the identity authentication result of the requesting device, the verification module 640 is further configured to: verify the identity of the authentication access controller and the authentication access controller in the first authentication response message verifying the consistency of its own identity identifier, and/or verifying the consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller; And confirm that the consistency verification is passed.

Optionally, when the identity ciphertext message further includes the digital signature of the requesting device, the determining module 650 is further configured to: determine that the verification of the digital signature of the requesting device has passed.

Optionally, the determining module 650 determines whether the digital signature of the requesting device is verified according to the following manner:

The second authentication server verifies the digital signature of the requesting device by using the obtained digital certificate of the requesting device, and if the receiving module 610 receives the first authentication response message, the determining module 650 determines the request The digital signature of the device has been verified; or,

The verification module 640 verifies the digital signature of the requesting device by using the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information, and the determining module 650 determines whether the digital signature of the requesting device is verified according to the verification result; or ,

When the second authentication result information further includes the digital certificate of the requesting device, the verification module 640 verifies the digital signature of the requesting device by using the digital certificate of the requesting device in the second authentication result information , the determination module 650 determines whether the digital signature of the requesting device is verified according to the verification result; or,

When the second authentication result information further includes the digital certificate of the requesting device, the verification module 640 verifies the digital certificate of the requesting device in the second authentication result information and the digital certificate obtained by decrypting the ciphertext of the identity information. The digital certificate of the requesting device is consistent, if it is consistent, the digital signature of the requesting device is verified by using the digital certificate of the requesting device, and the determination module 650 determines whether the digital signature of the requesting device is verified according to the verification result. pass.

Optionally, the third authentication response message sent by the sending module 630 further includes a message integrity check code. The third authentication response message is generated by calculating other fields except the message integrity check code; the message integrity check key is generated in the same manner as the message encryption key.

Optionally, the message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the requesting device; the authentication The message sent by the access controller to the first authentication server further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the first authentication server.

Referring to FIG. 7, an embodiment of the present application further provides a first authentication server 700, including:

The receiving module 710 is configured to receive a first authentication request message sent by the authentication access controller, where the first authentication request message includes the digital certificate of the requesting device and the identity authentication code of the authentication access controller; the authentication The identity authentication code of the access controller is that the authentication access controller uses the pre-shared key with the first authentication server, and adopts the cryptographic algorithm agreed with the first authentication server to pair the number including the requesting device. The information including the certificate is calculated and generated;

The sending module 720 is configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes the first authentication result information, the first digital signature of the second authentication server, and the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the identity authentication code of the authentication access controller, and the first digital signature is the The second authentication server calculates the digital signature generated by the signature data including the first authentication result information, the second authentication result information includes the second verification result of the digital certificate of the requesting device, the The first message authentication code of the first authentication server is that the first authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to pair the messages including the first authentication access controller. 2. The information including the identification result information is calculated and generated.

Optionally, the first authentication server 700 further includes:

a first verification module, configured to verify the identity authentication code of the authentication access controller to obtain a first verification result, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;

The first generation module is configured to generate the first identification result information according to the information including the first verification result, generate the second identification result information according to the information including the second verification result, The information including the second authentication result information is calculated to generate the first message authentication code of the first authentication server, and the signature data including the first authentication result information is calculated to generate the first digital signature;

The second generating module is configured to calculate and generate according to the information including the first authentication result information, the first digital signature, the second authentication result information and the first message authentication code of the first authentication server the first authentication response message.

Optionally, the first authentication server 700 further includes:

a second verification module, configured to verify the identity authentication code of the authentication access controller to obtain a first verification result;

a third generation module, configured to generate the first authentication result information according to the information including the first verification result, and to generate the signature data including the first authentication result information and the digital certificate of the requesting device Calculate and generate a second digital signature or use the pre-shared key with the second authentication server, and use the cryptographic algorithm agreed with the second authentication server to pair the digital certificate including the first authentication result information and the requesting device generating a second message authentication code by calculating the information inside;

The sending module is further configured to send a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device and the first authentication request message. The second digital signature or the second authentication request message includes the first authentication result information, the digital certificate of the requesting device and the second message authentication code;

The receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information and the third digital signature or the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information and the third message authentication code; the second authentication result information is the The second authentication server is generated according to the information including the second verification result, and the second verification result is obtained by validating the digital certificate of the requesting device by the second authentication server; the first digital signature It is generated by the second authentication server on the signature data including the first authentication result information; the third digital signature is generated by the second authentication server on the signature data including the second authentication result information. The signature data is calculated and generated, or the third message authentication code is generated by the second authentication server using the pre-shared key with the first authentication server and using the cryptographic algorithm agreed with the first authentication server to pair all messages including all messages. The information including the second authentication result information is calculated and generated;

The third verification module is used to verify the third digital signature by using the public key of the second authentication server or use the pre-shared key with the second authentication server, and use the password agreed with the second authentication server an algorithm verifies the third message authentication code;

The fourth generation module is used to calculate and generate the first message authentication code of the first authentication server for the information including the second authentication result information, if the verification is passed, according to the information including the first authentication result information, Information including the first digital signature, the second authentication result information, and the first message authentication code of the first authentication server generates the first authentication response message.

Optionally, the message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the authentication access controller. ; The message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server for the latest pre-order message sent by the second authentication server received.

Referring to FIG. 8, an embodiment of the present application further provides a second authentication server 800, including:

The receiving module 810 is configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device and the second digital signature or the second authentication The request message includes the first authentication result information, the digital certificate of the requesting device and the second message authentication code; the second digital signature is the first authentication server's signature of the first authentication result information and the requesting device. The signature data including the digital certificate is calculated and generated, or the second message authentication code is the first authentication server using the pre-shared key with the second authentication server, using the pre-shared key agreed with the second authentication server. The cryptographic algorithm is calculated and generated by the information including the first authentication result information and the digital certificate of the requesting device;

The verification module 820 is configured to use the public key of the first authentication server to verify the second digital signature or use the pre-shared key with the first authentication server, and use the cryptographic algorithm agreed with the first authentication server verifying the second message authentication code;

The generating module 830 is configured to, if the verification is passed, perform legality verification on the digital certificate of the requesting device to obtain a second verification result, generate second authentication result information according to the information including the second verification result, and The signature data including the first authentication result information is calculated to generate the first digital signature, and the signature data including the second authentication result information is calculated to generate a third digital signature, or a third digital signature is generated by using the first authentication server. the pre-shared key, adopt the cryptographic algorithm agreed with the first authentication server to calculate the information including the second authentication result information to generate a third message authentication code;

The sending module 840 is configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result The information and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the second authentication result information and the third message authentication code.

Optionally, the message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest pre-order message sent by the first authentication server.

Referring to FIG. 9 , an embodiment of the present application further provides a requesting device, including:

a memory 901 for storing program instructions;

The processor 902 is configured to call the program instructions stored in the memory 901, and execute the obtained program to realize the steps of REQ execution in the foregoing embodiment.

It should be understood that the requesting device may implement the corresponding processes implemented by REQ in each method of the embodiments of the present application, which will not be repeated here for brevity.

Referring to FIG. 10 , an embodiment of the present application further provides an authentication access controller, including:

a memory 1001 for storing program instructions;

The processor 1002 is configured to call the program instructions stored in the memory 1001, and execute according to the obtained program to implement the steps performed by the AAC in the foregoing embodiment.

It should be understood that the authentication access controller may implement the corresponding processes implemented by the AAC in the various methods in the embodiments of the present application, which will not be repeated here for brevity.

Referring to FIG. 11 , an embodiment of the present application further provides a first authentication server, including:

a memory 1101 for storing program instructions;

The processor 1102 is configured to call the program instructions stored in the memory 1101, and execute the obtained program to realize the steps performed by the AS-AAC in the foregoing embodiment.

It should be understood that the first authentication server may implement the corresponding processes implemented by the AS-AAC in each method in the embodiments of the present application, and for brevity, details are not described herein again.

Referring to FIG. 12 , an embodiment of the present application further provides a second authentication server, including:

a memory 1201 for storing program instructions;

The processor 1202 is configured to call the program instructions stored in the memory 1201, and execute according to the obtained program to realize the steps performed by the AS-REQ in the foregoing embodiment.

It should be understood that the second authentication server may implement the corresponding processes implemented by the AS-REQ in each method in the embodiments of the present application, which will not be repeated here for brevity.

Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments may be completed by program instructions related to hardware, the foregoing program may be stored in a computer-readable storage medium, and when the program is executed, the execution includes the above The steps of the method embodiment; and the aforementioned storage medium may be at least one of the following media: read-only memory (English: Read-Only Memory, abbreviation: ROM), RAM, magnetic disk or optical disk and other various programs that can store programs medium of code.

It should be noted that each embodiment in this specification is described in a progressive manner, and the same and similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. place. In particular, for the device and system embodiments, since they are consistent with and correspond to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for related parts. The device and system embodiments described above are only schematic, wherein the modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, they may be located in One place, or it can be distributed over multiple network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution in this embodiment. Those of ordinary skill in the art can understand and implement it without creative effort.

The above is only a specific embodiment of the present application, but the protection scope of the present application is not limited to this. Substitutions should be covered within the protection scope of this application. Therefore, the protection scope of the present application should be subject to the protection scope of the claims.

Claims

An identity authentication method, characterized in that the method comprises:

The authentication access controller receives the identity ciphertext message sent by the requesting device, the identity ciphertext message includes the identity information ciphertext of the requesting device, and the identity information ciphertext of the requesting device is encrypted by the requesting device using the message The key is generated by encrypting the encrypted data including the digital certificate of the requesting device;

The authentication access controller decrypts the ciphertext of the identity information of the requesting device by using the message encryption key to obtain the digital certificate of the requesting device, and sends a first authentication request message to the first authentication server trusted by the authentication access controller. The first authentication request message includes the digital certificate of the requesting device and the identity authentication code of the authentication access controller; the identity authentication code of the authentication access controller is used by the authentication access controller with the The pre-shared key of the first authentication server is calculated and generated by adopting the cryptographic algorithm agreed with the first authentication server on the information including the digital certificate of the requesting device;

The authentication access controller receives a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and the first authentication result of the second authentication server trusted by the requesting device. The digital signature, the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the identity authentication code of the authentication access controller, so The first digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the second authentication result information includes information about the digital certificate of the requesting device. In the second verification result, the first message authentication code of the first authentication server is that the first authentication server uses the pre-shared key with the authentication access controller and adopts the pre-shared key agreed with the authentication access controller. The cryptographic algorithm calculates and generates the information including the second authentication result information;

The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , then the authentication access controller determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; when the authentication access controller determines the identity authentication result of the requesting device When it is valid, send a third authentication response message to the requesting device; or,

The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server. If the verification passes , then the authentication access controller sends a third authentication response message to the requesting device and determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; or,

The authentication access controller uses the pre-shared key with the first authentication server, and uses the cryptographic algorithm agreed with the first authentication server to verify the first message authentication code of the first authentication server; if the If the first message authentication code of the first authentication server passes the authentication, the authentication access controller determines the identity authentication result of the requesting device according to the second authentication result in the second authentication result information; the authentication access controller the controller sends a third authentication response message to the requesting device;

Wherein, the third authentication response message includes authentication result information ciphertext, and the authentication result information ciphertext is the authentication access controller using the message encryption key to include the first authentication result information and all The encrypted data including the first digital signature is encrypted and generated;

After receiving the third authentication response message, the requesting device decrypts the ciphertext of the authentication result information by using the message encryption key to obtain the first authentication result information and the first digital signature, and uses the third authentication result information to obtain the first authentication result information and the first digital signature. The public key of the second authentication server verifies the first digital signature, and if the verification is passed, the identity authentication result of the authentication access controller is determined according to the first verification result in the first authentication result information.
The method according to claim 1, wherein before the authentication access controller receives the identity ciphertext message sent by the requesting device, the method further comprises:

The authentication access controller sends a key request message to the requesting device, where the key request message includes key exchange parameters of the authentication access controller;

The requesting device performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller to generate the first key, Calculate the message encryption key using a key derivation algorithm according to the information including the first key;

Then the identity ciphertext message also includes the key exchange parameter of the requesting device;

The authentication access controller performs key exchange calculation according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device to generate the said authentication access controller. a first key, and the message encryption key is calculated using the key derivation algorithm according to the information including the first key.
The method according to claim 2, wherein the key request message further includes a first random number generated by the authentication access controller;

Then the requesting device to calculate the message encryption key specifically includes:

The requesting device calculates the message encryption key according to information including the first key, the first random number and the second random number generated by the requesting device;

Correspondingly, the identity ciphertext message also includes the second random number;

Then, calculating the message encryption key by the authentication access controller specifically includes:

The authenticated access controller calculates the message encryption key based on information including the first key, the first random number, and the second random number.
The method according to claim 3, wherein the identity ciphertext message further includes the first random number;

Then, before the authentication access controller calculates the message encryption key, the method further includes:

The authentication access controller verifies the consistency between the first random number in the identity ciphertext message and the first random number generated by the authentication access controller, and determines that the consistency verification passes.
The method according to claim 2, wherein the key request message further includes security capability parameter information supported by the authentication access controller; the method further includes:

The requesting device determines, according to the security capability parameter information, a specific security policy used by the requesting device;

Then, the identity ciphertext message also includes the specific security policy.
The method according to claim 2, wherein the key request message further includes the identity of at least one authentication server trusted by the authentication access controller; then the method further includes:

The requesting device determines the identity of at least one authentication server trusted by the requesting device according to the identity of at least one authentication server trusted by the authentication access controller;

Then, the identity ciphertext message also includes the identity identifier of at least one authentication server trusted by the requesting device; the method further includes:

the authentication access controller according to the identity ciphertext message of the identity of at least one authentication server trusted by the requesting device and at least one authentication server trusted by the authentication access controller in the key request message The identity identifier is determined to determine the first authentication server.
The method according to claim 1, wherein the identity ciphertext message further includes an identity identifier of at least one authentication server trusted by the requesting device; then the method further includes:

The authentication access controller determines the first authentication server according to the identity of at least one authentication server trusted by the requesting device and the identity of the authentication server trusted by the authentication access controller.
The method according to claim 1, wherein the first authentication request message further includes the identity of the authentication access controller and/or the first random number generated by the authentication access controller;

Correspondingly, the first authentication response message further includes the identity identifier of the authentication access controller and/or the first random number;

Then, before the authentication access controller determines the identity authentication result of the requesting device, the method further includes:

The authentication access controller verifies the consistency of the identity identifier of the authentication access controller in the first authentication response message and the identity identifier of the authentication access controller itself; and/or, The consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller is verified, and it is determined that the consistency verification passes.
The method according to claim 1, wherein the first authentication request message further includes an identity of the requesting device, and/or a second random number generated by the requesting device; the requesting device The identity identifier is obtained by the access controller decrypting the ciphertext of the identity information of the requesting device, and the second random number is obtained by the authentication access controller from the identity ciphertext message;

Correspondingly, the first authentication response message further includes the identity identifier of the requesting device and/or the second random number; and, the encrypted data of the authentication result information ciphertext in the third authentication response message also includes: Including the identity of the requesting device and/or the second random number;

Correspondingly, the requesting device decrypts the ciphertext of the authentication result information in the third authentication response message to obtain the identity of the requesting device and/or the second random number;

Then, before the requesting device determines the identity authentication result of the authentication access controller, the method further includes:

The requesting device verifies the consistency of the identity of the requesting device obtained by decrypting the ciphertext of the authentication result information and the identity of the requesting device itself, and/or decrypts the ciphertext of the authentication result information. The consistency of the obtained second random number and the second random number generated by the requesting device is verified; and it is determined that the consistency verification passes.
The method according to claim 1, wherein when the identity ciphertext message further includes the digital signature of the requesting device, before the authentication access controller determines the identity authentication result of the requesting device , the method also includes:

The authentication access controller determines that the digital signature verification of the requesting device passes.
The method according to claim 10, wherein the authentication access controller determines whether the digital signature of the requesting device is verified according to the following manner:

The second authentication server verifies the digital signature of the requesting device by using the obtained digital certificate of the requesting device, and if the authentication access controller receives the first authentication response message, determines that the The digital signature of the requesting device has been verified; or,

The authentication access controller verifies the digital signature of the requesting device by using the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information, and determines whether the digital signature of the requesting device is verified according to the verification result; or,

When the digital certificate of the requesting device is further included in the second authentication result information, the authentication access controller uses the digital certificate of the requesting device in the second authentication result information to verify the digital certificate of the requesting device. The digital signature is verified, and whether the digital signature of the requesting device is verified is determined according to the verification result; or,

When the second authentication result information further includes the digital certificate of the requesting device, the authentication access controller verifies the digital certificate of the requesting device in the second authentication result information and decrypts the identity information Consistency of the digital certificate of the requesting device obtained by the ciphertext; if they are consistent, the authentication access controller will then use the digital certificate of the requesting device to verify the digital signature of the requesting device, and determine according to the verification result. Whether the digital signature of the requesting device is verified.
The method according to claim 1, wherein the third authentication response message further includes a message integrity check code, and the message integrity check code is the authentication access controller using the message integrity The verification key pair is calculated and generated by including other fields in the third authentication response message except the message integrity check code; the generation method of the message integrity check key used by the authentication access controller In the same manner as the authentication access controller generates a message encryption key;

Then, before the requesting device determines the identity authentication result of the authentication access controller, the method further includes:

The requesting device verifies the message integrity check code by using the message integrity check key, and determines that the verification is passed; the generation method of the message integrity check key used by the requesting device is the same as that of the requesting device. The message encryption key is generated in the same way.
The method according to any one of claims 1 to 12, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are the same authentication server; The method also includes:

The first authentication server verifies the identity authentication code of the authentication access controller to obtain a first verification result, and performs legality verification on the digital certificate of the requesting device to obtain a second verification result. The information including the verification result generates the first identification result information, generates the second identification result information according to the information including the second verification result, and calculates the information including the second identification result information Generate the first message authentication code of the first authentication server, calculate and generate the first digital signature on the signature data including the first authentication result information, and generate the first digital signature according to the first authentication result information, the first digital signature The information including the signature, the second authentication result information and the first message authentication code of the first authentication server generates the first authentication response message.
The method according to any one of claims 1 to 12, wherein the first authentication server trusted by the authentication access controller and the second authentication server trusted by the requesting device are two different authentication servers; Then the method further includes:

The first authentication server verifies the identity authentication code of the authentication access controller to obtain a first authentication result, generates the first authentication result information according to the information including the first authentication result, and verifies the information including the first authentication result. The signature data including the first authentication result information and the digital certificate of the requesting device is calculated to generate a second digital signature or the pre-shared key with the second authentication server is used, and the agreement with the second authentication server is used. The cryptographic algorithm calculates the information including the first authentication result information and the digital certificate of the requesting device to generate a second message authentication code;

The first authentication server sends a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device, and the second digital signature or The second authentication request message includes the first authentication result information, the digital certificate of the requesting device and the second message authentication code; the second authentication server uses the public key of the first authentication server verifying the second digital signature or verifying the second message authentication code by the second authentication server using a pre-shared key with the first authentication server using a cryptographic algorithm agreed with the first authentication server, If the verification is passed, the second verification server performs legality verification on the digital certificate of the requesting device to obtain a second verification result, and generates the second verification result information according to the information including the second verification result, Calculate the signature data including the first authentication result information to generate the first digital signature, and calculate the signature data including the second authentication result information to generate a third digital signature or use the same as the first authentication result information. The pre-shared key of the authentication server, using the cryptographic algorithm agreed with the first authentication server to calculate the information including the second authentication result information to generate a third message authentication code;

The first authentication server receives a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication The result information and the third digital signature or the second authentication response message include the first authentication result information, the first digital signature, the second authentication result information and the third message authentication code;

The first authentication server uses the public key of the second authentication server to verify the third digital signature or uses the pre-shared key with the second authentication server, and adopts the cryptographic algorithm agreed with the second authentication server Verifying the third message authentication code, if the verification is passed, calculating the information including the second authentication result information to generate the first message authentication code of the first authentication server, according to the information including the first authentication result. Information including the information, the first digital signature, the second authentication result information, and the first message authentication code of the first authentication server generates the first authentication response message.
The method according to any one of claims 1 to 12, wherein the method further comprises:

The message sent by the requesting device to the authentication access controller also includes a hash value calculated by the requesting device to the latest pre-order message sent by the authentication access controller received;

Then, when the authentication access controller receives the message sent by the requesting device, it verifies the hash value in the received message, and determines that the verification is passed;

The message sent by the authentication access controller to the requesting device further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the requesting device;

Then, when the requesting device receives the message sent by the authentication access controller, it verifies the hash value in the received message, and determines that the verification is passed;

The message sent by the authentication access controller to the first authentication server further includes a hash value calculated by the authentication access controller on the received latest pre-order message sent by the first authentication server;

Then, when the first authentication server receives the message sent by the authentication access controller, it verifies the hash value in the received message, and determines that the verification is passed;

The message sent by the first authentication server to the authentication access controller further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the authentication access controller;

Then, when the authentication access controller receives the message sent by the first authentication server, it verifies the hash value in the received message, and determines that the verification is passed;

The message sent by the first authentication server to the second authentication server further includes a hash value calculated by the first authentication server on the received latest pre-order message sent by the second authentication server;

Then, when the second authentication server receives the message sent by the first authentication server, it verifies the hash value in the received message, and determines that the verification is passed;

The message sent by the second authentication server to the first authentication server further includes a hash value calculated by the second authentication server on the received latest pre-order message sent by the first authentication server;

Then, when the first authentication server receives the message sent by the second authentication server, it verifies the hash value in the received message, and determines that the verification is passed.
A requesting device, characterized in that the requesting device comprises:

The sending module is configured to send an identity ciphertext message to the authentication access controller, where the identity ciphertext message includes the ciphertext of the identity information of the requesting device, and the ciphertext of the identity information of the requesting device is the ciphertext of the identity information of the requesting device used by the requesting device. The message encryption key is generated by encrypting the encrypted data including the digital certificate of the requesting device;

a receiving module, configured to receive a third authentication response message sent by the authentication access controller, where the third authentication response message includes an authentication result information ciphertext, and the authentication result information ciphertext is the authentication access control The device uses the message encryption key to encrypt and generate encrypted data including the first authentication result information and the first digital signature; the first authentication result information includes the identity authentication code for the authentication access controller. The first verification result, the first digital signature is the digital signature generated by the second authentication server to the signature data including the first authentication result information;

a decryption module for decrypting the authentication result information ciphertext using the message encryption key to obtain the first authentication result information and the first digital signature;

a verification module, configured to verify the first digital signature by using the public key of the second authentication server;

A determining module, configured to determine the identity authentication result of the authentication access controller according to the first authentication result in the first authentication result information if the authentication is passed.
The requesting device according to claim 16, wherein before the sending module sends the identity ciphertext message, the receiving module is further configured to: receive a key request message sent by the authentication access controller, the The key request message includes the key exchange parameters of the authentication access controller; the requesting device further includes:

A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the requesting device and the temporary public key included in the key exchange parameter of the authentication access controller , calculate the message encryption key by using a key derivation algorithm according to the information including the first key;

Then, the identity ciphertext message also includes the key exchange parameter of the requesting device.
The requesting device according to claim 17, wherein the key request message further includes a first random number generated by the authentication access controller;

The calculation module is specifically configured to: calculate the message encryption key according to information including the first key, the first random number and the second random number generated by the requesting device;

Correspondingly, the identity ciphertext message further includes the second random number.
The requesting device according to claim 18, wherein the identity ciphertext message sent by the sending module further includes the first random number.
The requesting device according to claim 17, wherein the key request message further includes security capability parameter information supported by the authentication access controller;

The determining module is further configured to: determine a specific security policy used by the requesting device according to the security capability parameter information; then the identity ciphertext message further includes the specific security policy.
The requesting device according to claim 17, wherein the key request message further includes an identity identifier of at least one authentication server trusted by the authentication access controller;

The determining module is further configured to: determine the identity of the at least one authentication server trusted by the requesting device according to the identity of the at least one authentication server trusted by the authentication access controller; then the identity ciphertext message also includes: Including the identity of at least one authentication server trusted by the requesting device.
The requesting device according to claim 17, wherein the identity ciphertext message sent by the sending module further includes an identity identifier of at least one authentication server trusted by the requesting device.
The requesting device according to claim 16, wherein the encrypted data of the ciphertext of the identity information of the requesting device further includes the identity of the requesting device, and the identity ciphertext message further includes the ciphertext generated by the requesting device. the second random number;

Correspondingly, the encrypted data of the authentication result information ciphertext in the third authentication response message further includes the identity identifier of the requesting device and/or the second random number;

Correspondingly, the decryption module decrypts the ciphertext of the authentication result information in the third authentication response message to obtain the identity of the requesting device and/or the second random number;

Before the determination module determines the identity authentication result of the authentication access controller, the verification module is further configured to: compare the identity of the requesting device obtained by decrypting the ciphertext of the authentication result information with the requesting device verifying the consistency of its own identity identifier, and/or verifying the consistency of the second random number obtained by decrypting the ciphertext of the authentication result information and the second random number generated by the requesting device; and determining Consistency verification passed.
The requesting device according to claim 17, wherein the third authentication response message further includes a message integrity check code; before the determining module determines the identity authentication result of the authentication access controller, The verification module is further configured to: verify the message integrity check code with a message integrity check key; and determine that the verification is passed; the message integrity check key and the message encryption key have a difference. Generated in the same way.
The requesting device according to any one of claims 16 to 24, wherein the message sent by the requesting device to the authentication access controller further comprises the requesting device's response to the authentication access control received by the requesting device. The hash value calculated by the latest preorder message sent by the server.
An authentication access controller, characterized in that the authentication access controller comprises:

A receiving module, configured to receive an identity ciphertext message sent by the requesting device, where the identity ciphertext message includes the ciphertext of the identity information of the requesting device, and the ciphertext of the identity information of the requesting device is encrypted by the requesting device using the message The key is generated by encrypting the encrypted data including the digital certificate of the requesting device;

a decryption module, configured to decrypt the ciphertext of the identity information of the requesting device by using the message encryption key to obtain a digital certificate of the requesting device;

A sending module, configured to send a first authentication request message to a first authentication server trusted by the authentication access controller, where the first authentication request message includes the digital certificate of the requesting device and the authentication access controller The identity authentication code of the authentication access controller is that the authentication access controller uses the pre-shared key with the first authentication server and adopts the cryptographic algorithm agreed with the first authentication server. Calculated and generated from the information including the digital certificate of the requesting device;

The receiving module is further configured to receive a first authentication response message sent by the first authentication server, where the first authentication response message includes first authentication result information and the first authentication result of the second authentication server trusted by the requesting device. The digital signature, the second authentication result information, and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the identity authentication code of the authentication access controller, so The first digital signature is a digital signature calculated and generated by the second authentication server on the signature data including the first authentication result information, and the second authentication result information includes information about the digital certificate of the requesting device. In the second verification result, the first message authentication code of the first authentication server is that the first authentication server uses the pre-shared key with the authentication access controller and adopts the pre-shared key agreed with the authentication access controller. The cryptographic algorithm calculates and generates the information including the second authentication result information;

The verification module is used for using the pre-shared key with the first authentication server to verify the first message authentication code of the first authentication server by adopting the cryptographic algorithm agreed with the first authentication server, if the verification is passed, then The determination module determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; when the determining module determines that the identity authentication result of the requesting device is legal, the sending module sends the request to the requesting device. The device sends a third authentication response message; or,

It is used to verify the first message authentication code of the first authentication server by using the pre-shared key with the first authentication server and adopt the cryptographic algorithm agreed with the first authentication server. The module sends a third authentication response message to the requesting device, and the determining module determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; or,

It is used to verify the first message authentication code of the first authentication server by using the pre-shared key with the first authentication server and adopt the cryptographic algorithm agreed with the first authentication server; If the verification of the first message authentication code is passed, the determination module determines the identity authentication result of the requesting device according to the second verification result in the second authentication result information; the sending module sends a third authentication response message to the requesting device ;

Wherein, the third authentication response message includes authentication result information ciphertext, and the authentication result information ciphertext is the authentication access controller using the message encryption key to include the first authentication result information and all generated by encrypting the encrypted data including the first digital signature.
The authentication access controller according to claim 26, wherein before the receiving module receives the identity ciphertext message, the sending module is further configured to: send a key request message to the requesting device, the The key request message includes the key exchange parameter of the authentication access controller; the identity ciphertext message also includes the key exchange parameter of the requesting device;

The authentication access controller also includes:

A calculation module, configured to perform key exchange calculation and generate a first key according to the temporary private key corresponding to the key exchange parameter of the authentication access controller and the temporary public key included in the key exchange parameter of the requesting device , and calculate the message encryption key by using a key derivation algorithm according to the information including the first key.
The authentication access controller according to claim 27, wherein the key request message further includes the first random number generated by the authentication access controller; the identity ciphertext message further includes the the second random number generated by the requesting device;

The calculation module is specifically configured to calculate the message encryption key according to information including the first key, the first random number and the second random number.
The authentication access controller according to claim 28, wherein the identity ciphertext message further includes the first random number; before the calculation module calculates the message encryption key, the verification The module is further configured to: verify the consistency between the first random number in the identity ciphertext message and the first random number generated by the authentication access controller; and determine that the consistency verification is passed.
The authentication access controller according to claim 27, wherein the key request message further includes an identity identifier of at least one authentication server trusted by the authentication access controller; Also includes the identity identifier of at least one authentication server trusted by the requesting device;

Then the determining module is further configured to: according to the identity of at least one authentication server trusted by the requesting device in the identity ciphertext message and at least one authentication trusted by the authentication access controller in the key request message; The identity identifier of the server determines the first authentication server.
The authentication access controller according to claim 26, wherein the identity ciphertext message further includes an identity identifier of at least one authentication server trusted by the requesting device; then the determining module is further configured to: The identity of at least one authentication server trusted by the requesting device and the identity of the authentication server trusted by the authentication access controller determine the first authentication server.
The authentication access controller according to claim 26, wherein the first authentication request message further includes the identity of the authentication access controller and/or the first authentication generated by the authentication access controller. a random number;

Correspondingly, the first authentication response message further includes the identity identifier of the authentication access controller and/or the first random number;

The verification module is further configured to: verify the consistency of the identity of the authentication access controller in the first authentication response message and the identity of the authentication access controller itself, and/or, The consistency of the first random number in the first authentication response message and the first random number generated by the authentication access controller is verified; and it is determined that the consistency verification is passed.
The authentication access controller according to claim 26, wherein when the identity ciphertext message further includes the digital signature of the requesting device, the determining module is further configured to: determine the digital signature of the requesting device. Digital signature verification passed.
The authentication access controller according to claim 33, wherein the determining module determines whether the digital signature of the requesting device is verified according to the following manner:

The second authentication server verifies the digital signature of the requesting device by using the obtained digital certificate of the requesting device, and if the receiving module receives the first authentication response message, the determining module determines the The digital signature of the requesting device has been verified; or,

The verification module verifies the digital signature of the requesting device by using the digital certificate of the requesting device obtained by decrypting the ciphertext of the identity information, and the determining module determines whether the digital signature of the requesting device is verified according to the verification result. ;or,

When the second authentication result information further includes the digital certificate of the requesting device, the verification module uses the digital certificate of the requesting device in the second authentication result information to perform a digital signature on the requesting device Verification, the determining module determines whether the digital signature of the requesting device is verified according to the verification result; or,

When the second authentication result information further includes the digital certificate of the requesting device, the verification module verifies the digital certificate of the requesting device in the second authentication result information and decrypts the ciphertext of the identity information to obtain If the digital certificate of the requesting device is consistent, the digital signature of the requesting device is verified by the digital certificate of the requesting device, and the determining module determines the digital signature of the requesting device according to the verification result. Whether the verification is passed.
The authentication access controller according to claim 27, wherein the third authentication response message sent by the sending module further includes a message integrity check code, and the message integrity check code is the authentication code. The access controller uses the message integrity check key to calculate and generate other fields including the third authentication response message except the message integrity check code; the message integrity check key is the same as the The message encryption key is generated in the same way.
The authenticated access controller according to any one of claims 26 to 35, wherein the message sent by the authenticated access controller to the requesting device further includes the received The hash value calculated by the latest pre-order message sent by the requesting device; the message sent by the authentication access controller to the first authentication server also includes the first authentication received by the authentication access controller. The hash value calculated by the latest preorder message sent by the server.
A first authentication server, characterized in that the first authentication server comprises:

The receiving module is configured to receive the first authentication request message sent by the authentication access controller, where the first authentication request message includes the digital certificate of the requesting device and the identity authentication code of the authentication access controller; the authentication access controller; The identity authentication code of the access controller is the authentication access controller uses the pre-shared key with the first authentication server, and adopts the cryptographic algorithm agreed with the first authentication server to verify the digital certificate including the requesting device. generated by the calculation of the information included;

A sending module, configured to send a first authentication response message to the authentication access controller, where the first authentication response message includes the first authentication result information, the first digital signature of the second authentication server, and the second authentication result information and the first message authentication code of the first authentication server; the first authentication result information includes the first verification result of the identity authentication code of the authentication access controller, and the first digital signature is the The second authentication server calculates the digital signature generated by the signature data including the first authentication result information, the second authentication result information includes the second verification result of the digital certificate of the requesting device, the first authentication result information The first message authentication code of an authentication server is that the first authentication server uses the pre-shared key with the authentication access controller, and adopts the cryptographic algorithm agreed with the authentication access controller to pair the data including the second authentication access controller. The information including the authentication result information is calculated and generated.
The first authentication server of claim 37, wherein the first authentication server further comprises:

a first verification module, configured to verify the identity authentication code of the authentication access controller to obtain a first verification result, and perform legality verification on the digital certificate of the requesting device to obtain a second verification result;

The first generation module is configured to generate the first identification result information according to the information including the first verification result, generate the second identification result information according to the information including the second verification result, The information including the second authentication result information is calculated to generate the first message authentication code of the first authentication server, and the signature data including the first authentication result information is calculated to generate the first digital signature;

The second generating module is configured to calculate and generate according to the information including the first authentication result information, the first digital signature, the second authentication result information and the first message authentication code of the first authentication server the first authentication response message.
The first authentication server of claim 37, wherein the first authentication server further comprises:

a second verification module, configured to verify the identity authentication code of the authentication access controller to obtain a first verification result;

a third generation module, configured to generate the first authentication result information according to the information including the first verification result, and to generate the signature data including the first authentication result information and the digital certificate of the requesting device Calculate and generate a second digital signature or use the pre-shared key with the second authentication server, and use the cryptographic algorithm agreed with the second authentication server to pair the digital certificate including the first authentication result information and the requesting device generating a second message authentication code by calculating the information inside;

The sending module is further configured to send a second authentication request message to the second authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device and the first authentication request message. The second digital signature or the second authentication request message includes the first authentication result information, the digital certificate of the requesting device and the second message authentication code;

The receiving module is further configured to receive a second authentication response message sent by the second authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information and the third digital signature or the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information and the third message authentication code; the second authentication result information is the The second authentication server is generated according to the information including the second verification result, and the second verification result is obtained by validating the digital certificate of the requesting device by the second authentication server; the first digital signature It is generated by the second authentication server on the signature data including the first authentication result information; the third digital signature is generated by the second authentication server on the signature data including the second authentication result information. The signature data is calculated and generated, or the third message authentication code is generated by the second authentication server using the pre-shared key with the first authentication server and using the cryptographic algorithm agreed with the first authentication server to pair all messages including all messages. The information including the second authentication result information is calculated and generated;

The third verification module is used to verify the third digital signature by using the public key of the second authentication server or use the pre-shared key with the second authentication server, and use the password agreed with the second authentication server an algorithm verifies the third message authentication code;

The fourth generation module is used to calculate and generate the first message authentication code of the first authentication server for the information including the second authentication result information, if the verification is passed, according to the information including the first authentication result information, Information including the first digital signature, the second authentication result information, and the first message authentication code of the first authentication server generates the first authentication response message.
The first authentication server according to any one of claims 37 to 39, characterized in that the message sent by the first authentication server to the authentication access controller further includes the message received by the first authentication server on the received The hash value calculated by the latest pre-order message sent by the authentication access controller; the message sent by the first authentication server to the second authentication server also includes the second authentication server received by the first authentication server. The hash value calculated by the latest preorder message sent by the authentication server.
A second authentication server, characterized in that the second authentication server comprises:

A receiving module, configured to receive a second authentication request message sent by the first authentication server, where the second authentication request message includes the first authentication result information, the digital certificate of the requesting device and the second digital signature or the second authentication request The message includes the first authentication result information, the digital certificate of the requesting device and the second message authentication code; the second digital signature is the digital signature of the first authentication server including the first authentication result information and the requesting device. The signature data including the certificate is calculated and generated, or the second message authentication code is the password agreed with the second authentication server by the first authentication server using the pre-shared key with the second authentication server. The algorithm calculates and generates the information including the first authentication result information and the digital certificate of the requesting device;

A verification module for verifying the second digital signature by using the public key of the first authentication server or using the pre-shared key with the first authentication server, and using the cryptographic algorithm agreed with the first authentication server to verify the second message authentication code;

The generating module is configured to, if the verification is passed, perform legality verification on the digital certificate of the requesting device to obtain a second verification result, generate second authentication result information according to information including the second verification result, and The signature data including the first authentication result information is calculated to generate the first digital signature, and the signature data including the second authentication result information is calculated and generated to generate a third digital signature or a Pre-shared key, using the cryptographic algorithm agreed with the first authentication server to calculate the information including the second authentication result information to generate a third message authentication code;

A sending module, configured to send a second authentication response message to the first authentication server, where the second authentication response message includes the first authentication result information, the first digital signature, and the second authentication result information and the third digital signature or the second authentication response message includes the first authentication result information, the first digital signature, the second authentication result information and the third message authentication code.
The second authentication server according to claim 41, characterized in that, the message sent by the second authentication server to the first authentication server further includes the message received by the second authentication server to the first authentication server. The hash value computed by the latest preorder message sent.
A requesting device, characterized in that the requesting device comprises:

memory for storing program instructions;

The processor is configured to call the program instructions stored in the memory, and execute the method steps on the requesting device side in the identity authentication method according to any one of claims 1 to 15 according to the obtained program.
An authentication access controller, characterized in that the authentication access controller comprises:

memory for storing program instructions;

The processor is configured to call the program instructions stored in the memory, and execute the method steps of authenticating the access controller side in the identity authentication method according to any one of claims 1 to 15 according to the obtained program.
A first authentication server, characterized in that the first authentication server comprises:

memory for storing program instructions;

The processor is configured to call the program instructions stored in the memory, and execute the method steps on the first authentication server side in the identity authentication method according to any one of claims 1 to 15 according to the obtained program.
A second authentication server, characterized in that the second authentication server comprises:

memory for storing program instructions;

The processor is configured to invoke the program instructions stored in the memory, and execute the method steps on the second authentication server side in the identity authentication method according to any one of claims 1 to 15 according to the obtained program.
A computer storage medium, characterized in that the computer storage medium stores computer-executable instructions, and the computer-executable instructions are used to make the computer execute the method for the identity authentication method of any one of claims 1 to 15 step.