Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party

US 8,751,792 B2
Filed: 12/14/2009
Issued: 06/10/2014
Est. Priority Date: 09/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the method comprises:

1) sending, by an entity B, a message 1 to an entity A, the message 1 comprising a random number R_B, an identity identifier ID_B, a request ReqB and optional text Text1, wherein the request ReqB indicates that the entity B requests a valid public key or a status of a public key certificate of the entity A;

2) sending, by the entity A on receipt of the message 1, a message 2 to a trusted third party TP, the message 2 comprising a request ReqAT and optional text Text2, wherein the request ReqAT comprises a content of the request ReqB, and the request ReqAT indicates that the entity A requests a valid public key or the status of a public key certificate of the entity B, and that the entity B requests a valid public key or the status of a public key certificate of the entity A;

3) checking, by the trusted third party TP on receipt of the message 2, a validity of public key certificates Cert_Aand Cert_B, according to identity identifiers ID_Aand ID_Bof the entity A and the entity B;

or searching, by the trusted third party TP on receipt of the message 2, for valid public keys of the entity A and the entity B through respective entity distinguishers of the entity A and the entity B, anddetermining, by the trusted third party TP, a response RepTA, wherein the response RepTA comprises the content of a response RepB, and the response RepTA indicates the valid public key or the status of the public key certificate of the entity A as well as the valid public key or the status of the public key certificate of the entity B determined by the trusted third party TP;

4) returning, by the trusted third party TP, a message 3 to the entity A, the message 3 comprising the response RepTA and optional text Text3;

5) returning, by the entity A on receipt of the message 3, a message 4 to the entity B, the message 4 comprising a random number R_A, an identity identifier ID_A, a token TokenAB, the response RepB and optional text Text5, wherein TokenAB=sS_A(RepB∥

R_A∥

R_B∥

B∥

A∥

Text4), sS_Ais a signature signed by the entity A, and the response RepB indicates the valid public key or the status of the public key certificate of the entity A determined by the trusted third party TP;

6) performing, by the entity B, the following steps on receipt of the message 4;

6.1) verifying the response RepB according to a public key verification protocol or distribution protocol that is used, and performing step 6.2) if the verification is passed;

6.2) obtaining the public key or the status of the public key certificate of the entity A,verifying whether the signature signed by the entity A in the token TokenAB is correct and checking whether an entity distinguisher of the entity B is consistent with an entity distinguisher of the entity B comprised in signature data of the entity A in the token TokenAB, andif so, checking whether the random number R_Bgenerated by the entity B in the message 1 is consistent with the random number R_Bcomprised in the signature data of the entity A in the token TokenAB, andif so, determining the authentication of the entity A by the entity B is passed and performing step

7);

7) sending, by the entity B, a message 5 to the entity A, the message 5 comprising a token TokenBA and optional text Text7, wherein TokenBA=sS_B(R_A∥

A∥

Text6), and sS_Bis a signature signed by the entity B;

8) performing, by the entity A, the following steps on receipt of the message 5;

8.1) verifying the response RepTA in the message 3 according to a public key verification protocol or distribution protocol that is used, and performing step 8.2) if the verification is passed;

8.2) obtaining the public key or the status of the public key certificate of the entity B,verifying whether the signature signed by the entity B in the token TokenBA is correct and checking whether an entity distinguisher of the entity A is consistent with an entity distinguisher of the entity A comprised in signature data of the entity B in the token TokenBA, andif so, checking whether the random number R_Agenerated by the entity A in the message 4 is consistent with the random number R_Acomprised in the signature data of the entity B in the token TokenBA, andif so, determining the authentication of the entity B by the entity A is passed; and

wherein the entity B resides on a user communication terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party is disclosed. The method includes the following steps: 1) an entity B transmits a message 1 to an entity A; 2) the entity A transmits a message 2 to a credible third party TP after receiving the message 1; 3) the credible third party TP determines the response RepTA after receiving the message 2; 4) the credible third party TP returns a message 3 to the entity A; 5) the entity A returns a message 4 to the entity B after receiving the message 3; 6) the entity B receives the message 4; 7) the entity B transmits a message 5 to the entity A; 8) the entity A receives the message 5. The present invention can achieve public key acquisition, certificate validation and authentication of the entity by integrating them in one protocol, thereby facilitate the execution efficiency and the effect of the protocol and facilitate the combination with various public key acquisition and public key certificate state enquiry protocols. The present invention suits with a “user-access point-server” access network structure to meet the authentication requirement of the access network.

27 Citations

4 Claims

1. A method for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the method comprises:
- 1) sending, by an entity B, a message 1 to an entity A, the message 1 comprising a random number R_B, an identity identifier ID_B, a request ReqB and optional text Text1, wherein the request ReqB indicates that the entity B requests a valid public key or a status of a public key certificate of the entity A;
  
  2) sending, by the entity A on receipt of the message 1, a message 2 to a trusted third party TP, the message 2 comprising a request ReqAT and optional text Text2, wherein the request ReqAT comprises a content of the request ReqB, and the request ReqAT indicates that the entity A requests a valid public key or the status of a public key certificate of the entity B, and that the entity B requests a valid public key or the status of a public key certificate of the entity A;
  
  3) checking, by the trusted third party TP on receipt of the message 2, a validity of public key certificates Cert_Aand Cert_B, according to identity identifiers ID_Aand ID_Bof the entity A and the entity B;
  
  or searching, by the trusted third party TP on receipt of the message 2, for valid public keys of the entity A and the entity B through respective entity distinguishers of the entity A and the entity B, anddetermining, by the trusted third party TP, a response RepTA, wherein the response RepTA comprises the content of a response RepB, and the response RepTA indicates the valid public key or the status of the public key certificate of the entity A as well as the valid public key or the status of the public key certificate of the entity B determined by the trusted third party TP;
  
  4) returning, by the trusted third party TP, a message 3 to the entity A, the message 3 comprising the response RepTA and optional text Text3;
  
  5) returning, by the entity A on receipt of the message 3, a message 4 to the entity B, the message 4 comprising a random number R_A, an identity identifier ID_A, a token TokenAB, the response RepB and optional text Text5, wherein TokenAB=sS_A(RepB∥
  
  R_A∥
  
  R_B∥
  
  B∥
  
  A∥
  
  Text4), sS_Ais a signature signed by the entity A, and the response RepB indicates the valid public key or the status of the public key certificate of the entity A determined by the trusted third party TP;
  
  6) performing, by the entity B, the following steps on receipt of the message 4;
  
  6.1) verifying the response RepB according to a public key verification protocol or distribution protocol that is used, and performing step 6.2) if the verification is passed;
  
  6.2) obtaining the public key or the status of the public key certificate of the entity A,verifying whether the signature signed by the entity A in the token TokenAB is correct and checking whether an entity distinguisher of the entity B is consistent with an entity distinguisher of the entity B comprised in signature data of the entity A in the token TokenAB, andif so, checking whether the random number R_Bgenerated by the entity B in the message 1 is consistent with the random number R_Bcomprised in the signature data of the entity A in the token TokenAB, andif so, determining the authentication of the entity A by the entity B is passed and performing step
  
  7);
  
  7) sending, by the entity B, a message 5 to the entity A, the message 5 comprising a token TokenBA and optional text Text7, wherein TokenBA=sS_B(R_A∥
  
  A∥
  
  Text6), and sS_Bis a signature signed by the entity B;
  
  8) performing, by the entity A, the following steps on receipt of the message 5;
  
  8.1) verifying the response RepTA in the message 3 according to a public key verification protocol or distribution protocol that is used, and performing step 8.2) if the verification is passed;
  
  8.2) obtaining the public key or the status of the public key certificate of the entity B,verifying whether the signature signed by the entity B in the token TokenBA is correct and checking whether an entity distinguisher of the entity A is consistent with an entity distinguisher of the entity A comprised in signature data of the entity B in the token TokenBA, andif so, checking whether the random number R_Agenerated by the entity A in the message 4 is consistent with the random number R_Acomprised in the signature data of the entity B in the token TokenBA, andif so, determining the authentication of the entity B by the entity A is passed; and
  
  wherein the entity B resides on a user communication terminal.

2. A method for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the method comprises:
- 1) sending, by an entity B, a message 1 to an entity A, the message 1 comprising a random number R_B, a request ReqB and optional text Text1, wherein the request ReqB indicates that the entity B requests a valid public key or a status of a public key certificate of the entity A;
  
  2) sending, by the entity A on receipt of the message 1, a message 2 to a trusted third party TP, the message 2 comprising a request ReqAT and optional text Text2, wherein the request ReqAT equals to a content of the request ReqB, and the request ReqAT indicates that the entity B requests a valid public key or the status of a public key certificate of the entity A;
  
  3) checking, by the trusted third party TP on receipt of the message 2, the validity of a public key certificate Cert_Aaccording to an identity identifier ID_Aof the entity A;
  
  or searching, by the trusted third party TP on receipt of the message 2, for a valid public key of the entity A through an entity distinguisher of the entity A, anddetermining, by the trusted third party TP, a response RepTA, wherein the response RepTA equals to the content of a response RepB, and the response RepTA indicates the valid public key or the status of the public key certificate of the entity A determined by the trusted third party TP;
  
  4) returning, by the trusted third party TP, a message 3 to the entity A, the message 3 comprising the response RepTA and optional text Text3;
  
  5) returning, by the entity A on receipt of the message 3, a message 4 to the entity B, the message 4 comprising an identity identifier ID_A, a token TokenAB, the response RepB and optional text Text5, wherein TokenAB=sS_A(RepB∥
  
  R_B∥
  
  A∥
  
  Text4), and sS_Ais a signature signed by the entity A;
  
  6) performing, by the entity B, the following steps on receipt of the message 4;
  
  6.1) verifying the response RepB according to a public key verification protocol or distribution protocol that is used, and performing step 6.2) if the verification is passed;
  
  6.2) obtaining the public key or the status of the public key certificate of the entity A,verifying whether the signature signed by the entity A in the token TokenAB is correct and checking whether the random number R_Bgenerated by the entity B in the message 1 is consistent with the random number R_Bcomprised in signature data of the entity A in the token TokenAB, andif so, determining the authentication of the entity A by the entity B is passed; and
  
  wherein the entity B resides on a user communication terminal.

3. A system for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the system comprises an entity A, an entity B and the trusted third party,the trusted third party comprises a response RepTA generation unit, which is adapted to generate a response RepTA and send the response RepTA to the entity A;
- the entity A comprises a verification unit for verifying an identity of the entity B, which is adapted to verify the response RepTA according to a public key verification protocol or distribution protocol that is used;
  
  obtain a public key or a status of a public key certificate of the entity B if the verification is passed;
  
  verify whether a signature signed by the entity B in a token TokenBA is correct and check whether an entity distinguisher of the entity A is consistent with an entity distinguisher of the entity A comprised in signature data of the entity B in the token TokenBA; and
  
  if so, check whether a random number R_Agenerated by the entity A in a message 4 is consistent with a random number R_Acomprised in the signature data of the entity B in the token TokenBA; and
  
  if so, determine the verification of the identity of the entity B is passed;
  
  the entity B comprises a verification unit for verifying the identity of the entity A, which is adapted to verify a response RepB according to a public key verification protocol or distribution protocol that is used;
  
  obtain a public key or the status of a public key certificate of the entity A if the verification is passed;
  
  verify whether a signature signed by the entity A in a token TokenAB is correct and check whether an entity distinguisher of the entity B is consistent with an entity distinguisher of the entity B comprised in signature data of the entity A in the token TokenAB; and
  
  if so, check whether a random number R_Bgenerated by the entity B in a message 1 is consistent with a random number R_Bcomprised in the signature data of the entity A in the token TokenAB; and
  
  if so, determine the verification of the identity of the entity A is passed; and
  
  wherein the entity B resides on a user communication terminal.

4. A system for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the system comprises an entity A, an entity B and the trusted third party,the trusted third party comprises a response RepTA generation unit, which is adapted to generate a response RepTA and send the response RepTA to the entity A, wherein the response RepTA indicates a valid public key or a status of a public key certificate;
- the entity B comprises a verification unit for verifying an identity of the entity A, which is adapted to verify a response RepB according to a public key verification protocol or distribution protocol that is used;
  
  obtain a public key or the status of a public key certificate of the entity A if the verification is passed;
  
  verify whether a signature signed by the entity A in a token TokenAB is correct and check whether a random number R_Bgenerated by the entity B in a message 1 is consistent with a random number R_Bcomprised in signature data of the entity A in the token TokenAB; and
  
  if so, determine the verification of the identity of the entity A is passed; and
  
  wherein the entity B resides on a user communication terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
China Iwncomm Co., Ltd
Original Assignee
China Iwncomm Co., Ltd
Inventors
Tie, Manxia, Cao, Jun, Huang, Zhenhai, Lai, Xiaolong
Primary Examiner(s)
Parthasarathy, Pramila

Application Number

US13/499,126
Publication Number

US 20120198240A1
Time in Patent Office

1,639 Days
Field of Search

None
US Class Current

713/155
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3268   using certificate validatio...

Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links