ENTITY AUTHENTICATION METHOD AND DEVICE

摘要

Disclosed are an entity authentication method and device, involving: sending, by an entity A, a first identity authentication message to an entity B; inspecting, by the entity B after receiving the first message, the validity of a certificate of the entity A; sending, by the entity B, a second identity authentication message to the entity A; inspecting, by the entity A after receiving the second message, the correctness of field data therein; calculating, by the entity A, a secret information and message authentication code using a private key thereof and a temporary public key of the entity B, and sending a third message to the entity B; inspecting, by the entity B after receiving the third message, the correctness of field data therein; calculating, by the entity B, a secret information and message authentication code using a private key thereof and a public key of the entity A.

主权项

1. A method for authenticating an entity, the method comprising:
the operation 1 of transmitting, by an entity A, a first identity authentication message comprising NA∥CertA to an entity B, wherein NA represents a random number generated by the entity A, and CertA represents a certificate of the entity A; the operation 2 of checking, by the entity B, for validity of the certificate CertA in the first identity authentication message from the entity A upon reception of the first identity authentication message, and if the certificate is invalid, then terminating the authentication; the operation 3 of generating, by the entity B, a random number NB, and calculating a digital signature SigB=SIG(CSB, IDA∥IDB∥NA∥NB∥QB) using its own private key CSB, wherein SIG represents a digital signature algorithm, IDA and IDB represent identification information of the entity A and the entity B respectively, QB represents a temporary public key of the entity B, and transmitting, by the entity B, a second identity authentication message comprising NA∥NB∥CertB∥QB∥SigB to the entity A, wherein CertB represents a certificate of the entity B; the operation 4 of checking, by the entity A, for correctness of field data in the second identity authentication message comprising NA∥NB∥CertB∥QB∥SigB from the entity B upon reception of the second identity authentication message, and if the field data are incorrect as a result of the check, then terminating the authentication; the operation 5 of calculating, by the entity A, a digital signature SigA=SIG(CSA, IDA∥IDB∥NA∥NB∥QA) of the entity A using its own private key CSA, wherein QA represents a temporary public key of the entity A; and checking, by the entity A, to see whether the temporary public key QB of the entity B has been stored, and if so, then using the stored QB; otherwise, checking QB in the received second identity authentication message for validity, and if QB is valid, then using QB in the received second identity authentication message; if QB is invalid, then terminating the authentication; the operation 6 of calculating, by the entity A, secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QB of the entity B based on the ECDH key exchange protocol, wherein f represents a key calculation function, and if the secret information is calculated in error, then terminating, by the entity A, the authentication; otherwise, converting the calculated secret information z into a string of characters Z, and calculating a key MK=KDF(NA, NB, Z, IDA, IDB), wherein KDF represents a key derivation algorithm, calculating, by the entity A, a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), wherein MAC1 represents a message authentication code calculation function, and transmitting, by the entity A, a third identity authentication message comprising NA∥NB∥QA∥SigA∥MacTagA to the entity B; the operation 7 of checking, by the entity B, for correctness of field data in the third identity authentication message comprising NA∥NB∥QA∥SigA∥MacTagA from the entity A upon reception of the third identity authentication message, and if the field data are incorrect as a result of the check, then terminating the authentication; the operation 8 of checking, by the entity B, to see whether the temporary public key QA of the entity A has been stored, and if so, then using the stored QA; otherwise, checking QA in the received third identity authentication message for validity, and if QA is valid, then using QA in the received third identity authentication message; if QA is invalid, then terminating the authentication; the operation 9 of calculating, by the entity B, secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then terminating the authentication; otherwise, converting the calculated secret information z into a string of characters Z, calculating a key MK=KDF(NA, NB, Z, IDA, IDB), calculating a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), and comparing it with MacTagA in the received third identity authentication message transmitted by the entity A, and if they are not consistent, then terminating the authentication; otherwise, determining that the entity A is legal, calculating a message authentication code MacTagB=MAC1(MK, IDB, IDA, QB, QA), and transmitting a fourth identity authentication message comprising MacTagB to the entity A; and the operation 10 of calculating, by the entity A, MacTagB=MAC1(MK, IDB, IDA, QB, QA) upon reception of the fourth identity authentication message from the entity B, and comparing it with MacTagB in the received fourth identity authentication message, and if they are not consistent, then determining that the entity B is illegal; if they are consistent, then determining that the entity B is legal.