Light access authentication method and system

US 8,560,847 B2
Filed: 12/02/2008
Issued: 10/15/2013
Est. Priority Date: 12/03/2007
Status: Active Grant

First Claim

Patent Images

1. A light access authentication method, comprising:

enciphering, by a third processing apparatus of a trusted third party, an MSG to obtain a MSG cipher text, and writing, by the third processing apparatus of the trusted third party, the MSG cipher text into a first entity;

obtaining, by a second processing apparatus of a second entity, the MSG cipher text from a first processing apparatus of the first entity, and obtaining, by the second processing apparatus of the second entity, a key from the trusted third party on obtaining the MSG cipher text; and

deciphering, by the second processing apparatus of the second entity, the MSG cipher text with the key, and determining that the authentication is successful if a MSG plain text is obtained or determining that the authentication fails if a MSG plain text is not obtained.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A light access authentication method and system, the method includes: the trustful third party writes the MSG cipher text formed by enciphering MSG into the first entity; the second entity attains the MSG cipher text from the first entity, and attains the key from the trustful third party after attaining the MSG cipher text; the MSG cipher text is deciphered according to the key, and the MSG plaintext is attained. The embodiment of the present invention can be widely applied at a condition limited by the equipment and environment, and the access authentication is simplified and lightened.

18 Citations

View as Search Results

10 Claims

1. A light access authentication method, comprising:
- enciphering, by a third processing apparatus of a trusted third party, an MSG to obtain a MSG cipher text, and writing, by the third processing apparatus of the trusted third party, the MSG cipher text into a first entity;
  
  obtaining, by a second processing apparatus of a second entity, the MSG cipher text from a first processing apparatus of the first entity, and obtaining, by the second processing apparatus of the second entity, a key from the trusted third party on obtaining the MSG cipher text; and
  
  deciphering, by the second processing apparatus of the second entity, the MSG cipher text with the key, and determining that the authentication is successful if a MSG plain text is obtained or determining that the authentication fails if a MSG plain text is not obtained.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein before the trusted third party writes the MSG cipher text into the first entity, the method further comprises:
    - creating system parameters which comprises two qth-order cyclic groups (G₁,+) and (G₂,·
      
      ), a generator of G₁P, a private key S_TTPε
      
      Z_q*, a public key Q_TTP=S_TTPPε
      
      G₁and an encipher key K.
  - 3. The method according to claim 2, wherein the writing, by the trusted third party, the MSG cipher text into the first entity comprises:
    - randomly selecting a key identifier, PKeyID, as a public key, calculating a corresponding private key, SKeyID=PKeyID·
      
      S_TTP, and securely storing the private key;
      
      selecting a secret random number, r, and calculating the K=r·
      
      Q_TTP·
      
      PKeyID;
      
      enciphering the MSG with the K to obtain a corresponding cipher text, CMSG; and
      
      calculating CP=r·
      
      P, and writing the MSG cipher text composed of the CP, the PKeyID and the CMSG into the first entity.
  - 4. The method according to claim 3, wherein obtaining, by the second entity, the MSG cipher text from the first entity comprises:
    - sending, by the second entity, a data request message to the first entity; and
      
      sending, by the first entity, a data response message including the MSG cipher text to the second entity in response to the data request.
  - 5. The method according to claim 4, wherein the data request message is a message with empty content.
  - 6. The method according to claim 4, wherein obtaining, by the second entity, the key from the trusted third party comprises:
    - sending, by the second entity, a key request message to the trusted third party, the key request message carrying a requested key identifier and a one-time random number;
      
      sending, by the trusted third party, a key response message to the second entity in response to the key request message, the key response message carrying a cipher text of a key SKeyID corresponding to the key identifier, a CP1, a Nonce field and a MIC field carrying a message integrity code, wherein the cipher text of the key SKeyID is obtained by enciphering the SKeyID with an encipher key EK, the EK is educed from the K1, and K1=r1·
      
      Q_TTP·
      
      ID2, where r1 is a secret random number, ID2 is identity information of the second entity, and Q_TTPis a public key of the third entity itself; and
      
      On receiving the key response message, recalculating, by the second entity, the K1=CP1·
      
      S₂, where S₂denotes a private key of the second entity, if a one-time random number in the Nonce field is determined to be the random number selected by itself, reducing an encipher key EK and an integrity check key IK from K1, recalculating the MIC from IK, and comparing the recalculated MIC with a received MIC, and deciphering the CSKeyID with EK to obtain a SKeyID plain text if the recalculated MIC is consistent with the received MIC, or ending the procedure if the recalculated MIC is inconsistent with the received MIC.
  - 7. The method according to claim 6, wherein obtaining, by the second entity, the key from the trusted third party further comprises:
    - ending the procedure if the one-time random number in the Nonce field is determined to be not the random number selected by the second entity.
  - 8. The method according to claim 6, wherein sending, by the trusted third party, the key response message to the second entity in response to the key request message comprises:
    - receiving, by the trusted third party, the key request message from the second entity, authenticating the validity of the identity of the second entity, and sending the key response message to the second entity if the authentication is successful.

9. A light access authentication system, comprising:
- a first entity, a second entity and a third entity which is a trusted third party, wherein;
  
  the first entity comprises a first processing apparatus adapted to receive an MSG cipher text from the third entity and supply the MSG cipher text to the second entity on receiving a data request from the second entity, the MSG cipher text carrying a CP, a PKeyID and a CMSG, where the PKeyID is a key identifier selected randomly, the CMSG is obtained by enciphering the MSG with K, where K=r·
  
  Q_TTP·
  
  PKeyID, r is a secret random number, Q_TTPis a public key of the third entity, and CP=r·
  
  P, where P is a generator;
  
  the second entity comprises a second processing apparatus adapted to obtain the MSG cipher text from the first entity, to obtain a key response message from the third entity and to determine a key, to decipher the MSG cipher text with the key, and to determine that the authentication is successful if a MSG plain text is obtained, or to determine that the authentication fails if a MSG plain text is not obtained; and
  
  the third entity comprises a third processing apparatus adapted to generate the MSG cipher text, to transmit the MSG cipher text to the first entity, and to transmit the key response message to the second entity in response to the request from the second entity.
- View Dependent Claims (10)
- - 10. The system according to claim 9, wherein the first entity is an electronic label and the second entity is a reader/writer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
China Iwncomm Co., Ltd
Original Assignee
China Iwncomm Co., Ltd
Inventors
Pang, Liaojun, Cao, Jun, Tie, Manxia, Huang, Zhenhai
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US12/745,288
Publication Number

US 20100313012A1
Time in Patent Office

1,778 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

H04L 2209/805 Lightweight hardware, e.g. ...

H04L 9/321 involving a third party or ...

Light access authentication method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Light access authentication method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links