ENTITY BIDIRECTIONAL-IDENTIFICATION METHOD FOR SUPPORTING FAST HANDOFF
First Claim
1. A mutual entity authentication method supporting rapid handoff, the method involving three security elements comprising two authentication elements A and B and a Trusted third Party TP, wherein the trusted third party TP is a trusted third party of the authentication elements A and B;
- the authentication element A comprises n authentication entities A1, A2, . . . , An, and the authentication element B comprises m authentication entities B1, B2, . . . , Bm, among which synchronization information is provided; and
all of the authentication entities in the same authentication element share one public key certificate or possess one public key, and for any pair of authentication entities Ai (i=1, 2, . . . , n) and Bj (j=1, 2, . . . , m), the authentication method comprises the steps of;
1) transmitting, by the authentication entity Bj, an authentication activation message INIBj to the authentication entity Ai, whereinINIBj=RBj∥
IDB∥
Text1, wherein RBj denotes a random number generated by the authentication entity Bj, IDB denotes an identifier of the authentication element B, and Text1 denotes a first optional text;
2) transmitting, by the authentication entity Ai, an access authentication request message AREQAi to the authentication entity Bj upon reception of the authentication activation message INIBj, wherein
AREQAi=RBj∥
RAi∥
IDA∥
Text2∥
TokenAB TokenAB=sSA(RBj∥
RAi∥
IDAText2), wherein RAi denotes a random number generated by the authentication entity Ai, IDA denotes an identifier of the authentication element A, Text2 denotes a second optional text, TokenAB denotes a token transmitted from the authentication entity Ai to the authentication entity Bj, and sSA denotes a signature of the authentication element A;
3) on receiving the access authentication request message AREQAi, verifying, by the authentication entity Bj, RBj in AREQAi and RBj in INIBj for consistency, and if RBj in AREQAi is consistent with RBj in INIBj, searching, by the authentication entity Bj, for a locally stored authentication result of the authentication element A;
if there is stored an authentication result of the authentication element A, going to step
4);
4) transmitting, by the authentication entity Bj, an access authentication response message ARESBj to the authentication entity Ai, and calculating a shared master key between the authentication entities Ai and Bj, wherein
ARESBj=IRESTP∥
RAi∥
Text5∥
TokenBA TokenBA=sSB(TokenAB∥
RBj∥
Text5), wherein Text5 denotes a fifth optional text, IRESTP denotes an identity authentication response message stored locally at the authentication entity Bj which comprises the authentication result of the authentication element A, TokenBA denotes a token transmitted from the authentication entity Bj to the authentication entity Ai, and sSB denotes a signature of the authentication element B; and
5) verifying, by the authentication entity Ai, the access authentication response message ARESBj upon reception thereof.
2 Assignments
0 Petitions
Accused Products
Abstract
An entity bidirectional-identification method for supporting fast handoff involves three security elements, which includes two identification elements A and B and a trusted third party (TP). All identification entities of a same element share a public key certification or own a same public key. When any identification entity in identification element A and any identification entity in identification element B need to identify each other, if identification protocol has never been operated between the two identification elements that they belong to respectively, the whole identification protocol process will be operated; otherwise, interaction of identification protocol will be acted only between the two identification entities. Application of the present invention not only centralizes management of public key and simplifies protocol operation condition, but also utilizes the concept of security domain so as to reduce management complexity of public key, shorten identification time and satisfy fast handoff requirements on the premises of guaranteeing security characteristics such as one key for every pair of identification entities, one secret key for every identification and forward secrecy.
32 Citations
9 Claims
-
1. A mutual entity authentication method supporting rapid handoff, the method involving three security elements comprising two authentication elements A and B and a Trusted third Party TP, wherein the trusted third party TP is a trusted third party of the authentication elements A and B;
- the authentication element A comprises n authentication entities A1, A2, . . . , An, and the authentication element B comprises m authentication entities B1, B2, . . . , Bm, among which synchronization information is provided; and
all of the authentication entities in the same authentication element share one public key certificate or possess one public key, and for any pair of authentication entities Ai (i=1, 2, . . . , n) and Bj (j=1, 2, . . . , m), the authentication method comprises the steps of;1) transmitting, by the authentication entity Bj, an authentication activation message INIBj to the authentication entity Ai, wherein INIBj=RBj∥
IDB∥
Text1, wherein RBj denotes a random number generated by the authentication entity Bj, IDB denotes an identifier of the authentication element B, and Text1 denotes a first optional text;2) transmitting, by the authentication entity Ai, an access authentication request message AREQAi to the authentication entity Bj upon reception of the authentication activation message INIBj, wherein
AREQAi=RBj∥
RAi∥
IDA∥
Text2∥
TokenABTokenAB=sSA(RBj∥
RAi∥
IDAText2), wherein RAi denotes a random number generated by the authentication entity Ai, IDA denotes an identifier of the authentication element A, Text2 denotes a second optional text, TokenAB denotes a token transmitted from the authentication entity Ai to the authentication entity Bj, and sSA denotes a signature of the authentication element A;3) on receiving the access authentication request message AREQAi, verifying, by the authentication entity Bj, RBj in AREQAi and RBj in INIBj for consistency, and if RBj in AREQAi is consistent with RBj in INIBj, searching, by the authentication entity Bj, for a locally stored authentication result of the authentication element A;
if there is stored an authentication result of the authentication element A, going to step
4);4) transmitting, by the authentication entity Bj, an access authentication response message ARESBj to the authentication entity Ai, and calculating a shared master key between the authentication entities Ai and Bj, wherein
ARESBj=IRESTP∥
RAi∥
Text5∥
TokenBATokenBA=sSB(TokenAB∥
RBj∥
Text5), wherein Text5 denotes a fifth optional text, IRESTP denotes an identity authentication response message stored locally at the authentication entity Bj which comprises the authentication result of the authentication element A, TokenBA denotes a token transmitted from the authentication entity Bj to the authentication entity Ai, and sSB denotes a signature of the authentication element B; and5) verifying, by the authentication entity Ai, the access authentication response message ARESBj upon reception thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- the authentication element A comprises n authentication entities A1, A2, . . . , An, and the authentication element B comprises m authentication entities B1, B2, . . . , Bm, among which synchronization information is provided; and
Specification