×

Method, device, and system for identity authentication

  • US 10,291,614 B2
  • Filed: 03/12/2013
  • Issued: 05/14/2019
  • Est. Priority Date: 03/12/2012
  • Status: Active Grant
First Claim
Patent Images

1. An identity authentication method, comprising:

  • 1) transmitting, by a first authenticator, a first identity authentication message to a second authenticator, wherein the first identity authentication message comprises a first time-varying parameter which is generated by the first authenticator;

    2) transmitting, by the second authenticator, a second identity authentication message to an authentication server, wherein the second identity authentication message comprises an identification of a security domain in which the second authenticator is located, wherein the security domain is a logical partition with a boundary in which the second authenticator and at least one entity share certain public authentication information which is a public key, the second authenticator and the at least one entity in the security domain each has own private authentication information which is used to generate the identity authentication information for authenticating the entity by other authentication device, and the private authentication information is a private key or an anonymous signature secret key;

    3) verifying, by the authentication server, after having received the second identity authentication message, legality of the security domain in which the second authenticator is located according to the second identity authentication message, to generate a verification result for the security domain in which the second authenticator is located;

    4) returning, by the authentication server, a third identity authentication message to the second authenticator, wherein the third identity authentication message comprises the verification result for the security domain in which the second authenticator is located and the identity authentication information of the authentication server for the information including the verification result for the security domain in which the second authenticator is located;

    5) transmitting, by the second authenticator, after having received the third identity authentication message, a fourth identity authentication message to the first authenticator, wherein the fourth identity authentication message comprises the identification of the security domain in which the second authenticator is located, the verification result for the security domain in which the second authenticator is located, the identity authentication information of the authentication server for the information including the verification result for the security domain in which the second authenticator is located and the identity authentication information of the second authenticator for the information including an identifier of the first authenticator and the first time-varying parameter; and

    6) verifying, by the first authenticator, after having received the fourth identity authentication message, the fourth identity authentication message including verifying the first time-varying parameter in the fourth identity authentication message, and determining legality of an identity of the second authenticator according to the verification result, wherein the step

         6) comprises steps of;

    6.1) verifying, by the first authenticator, whether the identity authentication information of the authentication server is valid;

    proceeding to step 6.2) in a case that the identity authentication information of the authentication server is valid;

    or otherwise, determining that the second authenticator is illegal;

    6.2) proceeding to step 6.3) in a case that the security domain in which the second authenticator is located is determined by the first authenticator to be legal according to the verification result for the security domain in which the second authenticator is located;

    or otherwise determining that the second authenticator is illegal; and

    6.3) acquiring, by the first authenticator, the public authentication information of the security domain in which the second authenticator is located, verifying whether the identity authentication information of the second authenticator is valid according to the public authentication information, and checking whether the identifier of the first authenticator is the same as the identifier of the first authenticator included in the identity authentication information of the second authenticator;

    determining that the second authenticator is legal, in a case that the identity authentication information of the second authenticator is valid and the identifier of the first authenticator is the same as the identifier of the first authenticator included in the identity authentication information of the second authenticator;

    or otherwise, determining that the second authenticator is illegal.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×