METHOD AND SYSTEM FOR AUTHENTICATING ENTITY BASED ON SYMMETRIC ENCRYPTION ALGORITHM

US 20130212390A1
Filed: 12/22/2010
Published: 08/15/2013
Est. Priority Date: 10/15/2010
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating an entity based on a symmetric encryption algorithm, comprising:

sending, by an entity A, an authentication request message to an entity B;

sending, by the entity B, an authentication response message to the entity A after receiving the authentication request message; and

determining, by the entity A, the validity of the entity B according to the received authentication response message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for authenticating an entity based on a symmetric encryption algorithm are provided. The method includes the following steps: 1) an entity A sends an authentication request message to an entity B; 2) after receiving the authentication request message, the entity B sends an authentication response message to the entity A; 3) the entity A determines the validity of the entity B according to the received authentication response message. The implementation cost of the system can be reduced by using the authentication according to the invention.

42 Citations

View as Search Results

28 Claims

1. A method for authenticating an entity based on a symmetric encryption algorithm, comprising:
- sending, by an entity A, an authentication request message to an entity B;
  
  sending, by the entity B, an authentication response message to the entity A after receiving the authentication request message; and
  
  determining, by the entity A, the validity of the entity B according to the received authentication response message.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 10, 12, 13, 15, 16, 18, 20, 22, 23)
- - 2. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 1, wherein after determining, by the entity A, the validity of the entity B according to the received authentication response message, the method further comprising:
    - sending, by the entity A, an authentication result message to the entity B, wherein if the entity A determines that the entity B is valid, the authentication result message contains authentication success information;
      
      otherwise the authentication result message contains authentication failure information.
  - 3. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 2, wherein the step of sending, by the entity B, the authentication response message to the entity A after receiving the authentication request message further comprising:
    - setting a message timeout processing threshold T3, thenif the entity B does not correctly receive the authentication result message within time T3 after sending the authentication response message, the entity B resends the authentication response message to the entity A;
      
      further, if the entity B still does not correctly receive the authentication result message after the authentication response message has been resent n times and the time by which the authentication result message is waited to be received is T3 each time, the entity B determines that the authentication fails, wherein n is a preset number of times of resending the authentication response message.
  - 4. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 1, wherein after determining, by the entity A, the validity of the entity B according to the received authentication response message, the entity A sends an authentication response acknowledge message to the entity B if the entity B is determined as valid, or the entity A discards the authentication response message if the entity B is determined as invalid, and then the entity B determines the validity of the entity A according to the received authentication response acknowledge message, if the entity A is valid, a mutual identity authentication between the entity A and the entity B is successful, and if the entity A is invalid, the authentication response acknowledge message is discarded.
  - 6. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 4, wherein after receiving the authentication response acknowledge message by the entity B, the method further comprising:
    - sending, by the entity B, an authentication result message to the entity A, wherein if the entity B determines that the entity A is valid, the authentication result message contains authentication success information;
      
      otherwise the authentication result message contains authentication failure information.
  - 7. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 6, wherein a message timeout processing threshold T4 is further set in the step of sending, by the entity A, the authentication response acknowledge message to the entity B, thenif the entity A does not correctly receive the authentication result message within time T4 after sending the authentication response acknowledge message, the entity A resends the authentication response acknowledge message to the entity B;
    - further, if the entity A still does not correctly receive the authentication result message after the authentication response acknowledge message has been resent q times and the time by which the authentication result message is waited to be received is T4 each time, the entity A determines that the authentication fails, wherein q is a preset number of times of resending the authentication response acknowledge message.
  - 8. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 1, wherein a Pre-Shared key (PSK) has been shared between the entity A and the entity B, and the authentication request message comprises N1, which is a random number generated by the entity A.
  - 10. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 8, wherein sending, by the entity B, the authentication response message to the entity A after receiving the authentication request message sent by the entity A comprising:
    - after receiving the authentication request message (10) sent by the entity A, generating, by the entity B, a random number N3 and calculating a message authentication code MAC1=E(N1∥
      
      N3,PSK), wherein “
      
      ∥
      
      ”
      
      represents series connection of messages, E is a symmetric encryption algorithm, and MAC1 contains an integrity check code ACC1 calculated on N1∥
      
      N3 with the PSK and a ciphertext formed after an encryption;
      
      orafter receiving the authentication request message (10) sent by the entity A, generating, by the entity B, a random number N3 and deriving, by the entity B, an integrity check key PSK1 and an encryption key PSK2 according to the PSK, calculating the integrity check code ACC1 using PSK1, and performing encryption using PSK2 to form a ciphertext, then MAC1=E(N1∥
      
      N3,PSK1∥
      
      PSK2);
      
      constructing, by the entity B, the authentication response message which comprises N1 and MAC1, sending the authentication response message to the entity A, and taking N3 as a session key with the entity A.
  - 12. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 10, wherein determining, by the entity A, the validity of the entity B according to the received authentication response message comprising:
    - after receiving the authentication response message sent by the entity B, determining, by the entity A, whether N1 is equal to N1 generated when the entity A sends the authentication request message to the entity B, wherein if not equal, the entity A discards the authentication response message; and
      
      if equal, the entity A decrypts a ciphertext in MAC1 to obtain N1 and N3, calculates an integrity check code ACC1′
      
      , and compares whether the integrity check codes ACC1 and ACC1′
      
      are equal to each other;
      
      if ACC1′ and
      
      ACC1 are not equal to each other, the entity A discards the authentication response message;
      
      if ACC1′ and
      
      ACC1 are equal to each other, the entity A determines whether N1 obtained by decryption is equal to N1 generated when the entity A sends the authentication request message to the entity B;
      
      if equal, the entity A determines that the entity B is valid, which indicates that the entity A performs a successful authentication on the entity B, and the entity A takes N3 obtained by decryption as a session key with the entity B;
      
      if not equal, the entity A determines that the entity B is invalid.
  - 13. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 8, wherein sending, by the entity B, the authentication response message to the entity A after receiving the authentication request message comprising:
    - after receiving the authentication request message sent by the entity A, generating, by the entity B, random numbers N2 and N3, and calculating a message authentication code MAC1=E(N1∥
      
      N2∥
      
      N3,PSK), wherein “
      
      ∥
      
      ”
      
      represents series connection of messages, E is a symmetric encryption algorithm, and MAC1 contains an integrity check code ACC1 calculated on N1∥
      
      N2∥
      
      N3 with the PSK and a ciphertext formed after an encryption;
      
      orafter receiving the authentication request message sent by the entity A, generating, by the entity B, random numbers N2 and N3, deriving, by the entity B, an integrity check key PSK1 and an encryption key PSK2 according to the PSK, calculating the integrity check code ACC1 using PSK1, and performing encryption using PSK2 to form a ciphertext, then MAC1=E(N1∥
      
      N2∥
      
      N3, PSK1∥
      
      PSK2);
      
      constructing, by the entity B, the authentication response message which comprises N1 and MAC1, and sending the authentication response message to the entity A.
  - 15. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 13, wherein determining, by the entity A, the validity of the entity B according to the received authentication response message comprising:
    - after receiving the authentication response message sent by the entity B, determining, by the entity A, whether N1 is equal to N1 generated when the entity A sends the authentication request message to the entity B, wherein if not equal, the entity A discards the authentication response message; and
      
      if equal, the entity A decrypts a ciphertext in MAC1 to obtain N1, N2 and N3, calculates an integrity check code ACC1′
      
      , and compares whether the integrity check codes ACC1′ and
      
      ACC 1 are equal to each other;
      
      if ACC1′ and
      
      ACC1 are not equal to each other, the entity A discards the authentication response message;
      
      if ACC1′ and
      
      ACC1 are equal to each other, the entity A determines whether N1 obtained by decryption is equal to N1 generated when the entity A sends the authentication request message to the entity B;
      
      if equal, the entity A determines that the entity B is valid, which indicates that the entity A performs a successful authentication on the entity B, and the entity A takes N3 obtained by decryption as a session key with the entity B;
      
      if not equal, the entity A determines that the entity B is invalid.
  - 16. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 15, further comprising:
    - after performing a successful authentication on the entity B, constructing, by the entity A, the authentication response acknowledge message which comprises N2 and sending the authentication response acknowledge message to the entity B; and
      
      after receiving the authentication response acknowledge message sent by the entity A, determining, by the entity B, whether N2 is equal to N2 generated when the entity B sends the authentication response message to the entity A, wherein if not equal, the entity B discards the authentication response acknowledge message; and
      
      if equal, the entity B determines that the entity A is valid, which indicates that the entity B performs a successful authentication on the entity A, and the entity B takes N3 as a session key with the entity A.
  - 18. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 15, further comprising:
    - after performing a successful authentication on the entity B, calculating, by the entity A, MAC2=E(N2,N3), constructing the authentication response acknowledge message which comprises N2 and MAC2, and sending the authentication response acknowledge message to the entity B, wherein E is a symmetric encryption algorithm, MAC2 contains an integrity check code ACC2 calculated on N2 with N3 and a ciphertext formed after an encryption;
      
      orafter performing a successful authentication on the entity B, deriving, by the entity A, an integrity check key N31 and an encryption key N32 according to N3, calculating the integrity check code ACC2 using N31, and performing encryption using N32 to form a ciphertext, then MAC2=E(N2, N31∥
      
      N32).
  - 20. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 18, wherein determining, by the entity B, the validity of the entity A according to the received authentication response acknowledge message comprising:
    - after receiving the authentication response acknowledge message sent by the entity A, determining, by the entity B, whether N2 is equal to N2 generated when the entity B sends the authentication response message to the entity A, wherein if not equal, the entity B discards the authentication response acknowledge message; and
      
      if equal, the entity B decrypts a ciphertext in MAC2 using N3 to obtain N2, calculates an integrity check code ACC2′
      
      , and compares whether the integrity check codes ACC2′ and
      
      ACC2 are equal to each other; and
      
      if ACC2′ and
      
      ACC2 are not equal to each other, the entity B discards the authentication response acknowledge message;
      
      if ACC2′ and
      
      ACC2 are equal to each other, the entity B determines whether N2 obtained by decryption is equal to N2 generated when the entity B sends the authentication response message to the entity A;
      
      if equal, the entity B determines that the entity A is valid, which indicates that the entity B performs a successful authentication on the entity A, and the entity B takes N3 obtained by decryption as a session key with the entity A; and
      
      if not equal, the entity B determines that the entity A is invalid and discards the authentication response acknowledge message.
  - 22. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 1, wherein a message timeout processing threshold T1 of the entity A is further set in the step of sending, by the entity A, the authentication request message to the entity B, thenif the entity A does not correctly receive the authentication response message within time T1 after sending the authentication request message, the entity A resends the authentication request message to the entity B;
    - further, if the entity A still does not correctly receive the authentication response message after the authentication request message has been resent m times and the time by which the authentication response message is waited to be received is Ti each time, the entity A determines that the authentication fails, wherein m is a preset number of times of resending the authentication request message.
  - 23. The method for authenticating an entity based on a symmetric encryption algorithm according to claim 1, wherein a message timeout processing threshold T2 of the entity B is further set in the step of sending, by the entity B, the authentication response message to the entity A after receiving the authentication request message, thenif the entity B does not correctly receive the authentication response acknowledge message within time T2 after sending the authentication response message, the entity B resends the authentication response message to the entity A;
    - further, if the entity B still does not correctly receive the authentication response acknowledge message after the authentication response message has been resent p times and the time by which the authentication response acknowledge message is waited to be received is T2 each time, the entity B determines that the authentication fails, wherein p is a preset number of times of resending the authentication response message.

5. (canceled)

9. (canceled)

11. (canceled)

14. (canceled)

17. (canceled)

19. (canceled)

21. (canceled)

24. (canceled)

25. An authenticating entity based on a symmetric encryption algorithm, wherein the authenticating entity has shared a Pre-Shared Key (PSK) with an entity to be authenticated;
- the authenticating entity comprising;
  
  a first sending module, configured to send an authentication request message to the entity to be authenticated;
  
  a first receiving module, configured to receive an authentication response message which is returned by the entity to be authenticated after having received the authentication request message; and
  
  a first authenticating module, configured to determine the validity of the entity to be authenticated according to the received authentication response message.
- View Dependent Claims (26)
- - 26. The authenticating entity according to claim 25, further comprising:
    - a second sending module, configured to send an authentication response acknowledge message to the entity to be authenticated when the entity to be authenticated is valid, so that the entity to be authenticated determines the validity of the authenticating entity after receiving the authentication response acknowledge message.

27. An entity to be authenticated based on a symmetric encryption algorithm, wherein the entity to be authenticated has shared a Pre-Shared Key (PSK) with an authenticating entity;
- the entity to be authenticated comprising;
  
  a second receiving module, configured to receive an authentication request message sent by the authenticating entity; and
  
  a third sending module, configured to send an authentication response message to the authenticating entity, so that the authenticating entity determines the validity of the entity to be authenticated according to the authentication response message.
- View Dependent Claims (28)
- - 28. The authenticated entity according to claim 27, further comprising:
    - a third receiving module, configured to receive an authentication response acknowledge message sent by the authenticating entity; and
      
      a second authenticating module, configured to determine the validity of the authenticating entity after receiving the authentication response acknowledge message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
China Iwncomm Co., Ltd
Original Assignee
China Iwncomm Co., Ltd
Inventors
Du, Zhiqiang, Tie, Manxia, Li, Qin, Zhang, Guoqiang

Granted Patent

US 9,450,756 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 9/32   including means for verifyi...

H04L 9/3271   using challenge-response

H04W 12/069   using certificates or pre-s...

METHOD AND SYSTEM FOR AUTHENTICATING ENTITY BASED ON SYMMETRIC ENCRYPTION ALGORITHM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR AUTHENTICATING ENTITY BASED ON SYMMETRIC ENCRYPTION ALGORITHM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links