Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party
First Claim
1. A method for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the method comprises:
- 1) sending, by an entity B, a message 1 to an entity A, the message 1 comprising a random number RB, an identity identifier IDB, a request ReqB and optional text Text1, wherein the request ReqB indicates that the entity B requests a valid public key or a status of a public key certificate of the entity A;
2) sending, by the entity A on receipt of the message 1, a message 2 to a trusted third party TP, the message 2 comprising a request ReqAT and optional text Text2, wherein the request ReqAT comprises a content of the request ReqB, and the request ReqAT indicates that the entity A requests a valid public key or the status of a public key certificate of the entity B, and that the entity B requests a valid public key or the status of a public key certificate of the entity A;
3) checking, by the trusted third party TP on receipt of the message 2, a validity of public key certificates CertA and CertB, according to identity identifiers IDA and IDB of the entity A and the entity B;
or searching, by the trusted third party TP on receipt of the message 2, for valid public keys of the entity A and the entity B through respective entity distinguishers of the entity A and the entity B, anddetermining, by the trusted third party TP, a response RepTA, wherein the response RepTA comprises the content of a response RepB, and the response RepTA indicates the valid public key or the status of the public key certificate of the entity A as well as the valid public key or the status of the public key certificate of the entity B determined by the trusted third party TP;
4) returning, by the trusted third party TP, a message 3 to the entity A, the message 3 comprising the response RepTA and optional text Text3;
5) returning, by the entity A on receipt of the message 3, a message 4 to the entity B, the message 4 comprising a random number RA, an identity identifier IDA, a token TokenAB, the response RepB and optional text Text5, wherein TokenAB=sSA(RepB∥
RA∥
RB∥
B∥
A∥
Text4), sSA is a signature signed by the entity A, and the response RepB indicates the valid public key or the status of the public key certificate of the entity A determined by the trusted third party TP;
6) performing, by the entity B, the following steps on receipt of the message 4;
6.1) verifying the response RepB according to a public key verification protocol or distribution protocol that is used, and performing step 6.2) if the verification is passed;
6.2) obtaining the public key or the status of the public key certificate of the entity A,verifying whether the signature signed by the entity A in the token TokenAB is correct and checking whether an entity distinguisher of the entity B is consistent with an entity distinguisher of the entity B comprised in signature data of the entity A in the token TokenAB, andif so, checking whether the random number RB generated by the entity B in the message 1 is consistent with the random number RB comprised in the signature data of the entity A in the token TokenAB, andif so, determining the authentication of the entity A by the entity B is passed and performing step
7);
7) sending, by the entity B, a message 5 to the entity A, the message 5 comprising a token TokenBA and optional text Text7, wherein TokenBA=sSB(RA∥
A∥
Text6), and sSB is a signature signed by the entity B;
8) performing, by the entity A, the following steps on receipt of the message 5;
8.1) verifying the response RepTA in the message 3 according to a public key verification protocol or distribution protocol that is used, and performing step 8.2) if the verification is passed;
8.2) obtaining the public key or the status of the public key certificate of the entity B,verifying whether the signature signed by the entity B in the token TokenBA is correct and checking whether an entity distinguisher of the entity A is consistent with an entity distinguisher of the entity A comprised in signature data of the entity B in the token TokenBA, andif so, checking whether the random number RA generated by the entity A in the message 4 is consistent with the random number RA comprised in the signature data of the entity B in the token TokenBA, andif so, determining the authentication of the entity B by the entity A is passed; and
wherein the entity B resides on a user communication terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party is disclosed. The method includes the following steps: 1) an entity B transmits a message 1 to an entity A; 2) the entity A transmits a message 2 to a credible third party TP after receiving the message 1; 3) the credible third party TP determines the response RepTA after receiving the message 2; 4) the credible third party TP returns a message 3 to the entity A; 5) the entity A returns a message 4 to the entity B after receiving the message 3; 6) the entity B receives the message 4; 7) the entity B transmits a message 5 to the entity A; 8) the entity A receives the message 5. The present invention can achieve public key acquisition, certificate validation and authentication of the entity by integrating them in one protocol, thereby facilitate the execution efficiency and the effect of the protocol and facilitate the combination with various public key acquisition and public key certificate state enquiry protocols. The present invention suits with a “user-access point-server” access network structure to meet the authentication requirement of the access network.
27 Citations
4 Claims
-
1. A method for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the method comprises:
-
1) sending, by an entity B, a message 1 to an entity A, the message 1 comprising a random number RB, an identity identifier IDB, a request ReqB and optional text Text1, wherein the request ReqB indicates that the entity B requests a valid public key or a status of a public key certificate of the entity A; 2) sending, by the entity A on receipt of the message 1, a message 2 to a trusted third party TP, the message 2 comprising a request ReqAT and optional text Text2, wherein the request ReqAT comprises a content of the request ReqB, and the request ReqAT indicates that the entity A requests a valid public key or the status of a public key certificate of the entity B, and that the entity B requests a valid public key or the status of a public key certificate of the entity A; 3) checking, by the trusted third party TP on receipt of the message 2, a validity of public key certificates CertA and CertB, according to identity identifiers IDA and IDB of the entity A and the entity B;
or searching, by the trusted third party TP on receipt of the message 2, for valid public keys of the entity A and the entity B through respective entity distinguishers of the entity A and the entity B, anddetermining, by the trusted third party TP, a response RepTA, wherein the response RepTA comprises the content of a response RepB, and the response RepTA indicates the valid public key or the status of the public key certificate of the entity A as well as the valid public key or the status of the public key certificate of the entity B determined by the trusted third party TP; 4) returning, by the trusted third party TP, a message 3 to the entity A, the message 3 comprising the response RepTA and optional text Text3; 5) returning, by the entity A on receipt of the message 3, a message 4 to the entity B, the message 4 comprising a random number RA, an identity identifier IDA, a token TokenAB, the response RepB and optional text Text5, wherein TokenAB=sSA(RepB∥
RA∥
RB∥
B∥
A∥
Text4), sSA is a signature signed by the entity A, and the response RepB indicates the valid public key or the status of the public key certificate of the entity A determined by the trusted third party TP;6) performing, by the entity B, the following steps on receipt of the message 4; 6.1) verifying the response RepB according to a public key verification protocol or distribution protocol that is used, and performing step 6.2) if the verification is passed; 6.2) obtaining the public key or the status of the public key certificate of the entity A, verifying whether the signature signed by the entity A in the token TokenAB is correct and checking whether an entity distinguisher of the entity B is consistent with an entity distinguisher of the entity B comprised in signature data of the entity A in the token TokenAB, and if so, checking whether the random number RB generated by the entity B in the message 1 is consistent with the random number RB comprised in the signature data of the entity A in the token TokenAB, and if so, determining the authentication of the entity A by the entity B is passed and performing step
7);7) sending, by the entity B, a message 5 to the entity A, the message 5 comprising a token TokenBA and optional text Text7, wherein TokenBA=sSB(RA∥
A∥
Text6), and sSB is a signature signed by the entity B;8) performing, by the entity A, the following steps on receipt of the message 5; 8.1) verifying the response RepTA in the message 3 according to a public key verification protocol or distribution protocol that is used, and performing step 8.2) if the verification is passed; 8.2) obtaining the public key or the status of the public key certificate of the entity B, verifying whether the signature signed by the entity B in the token TokenBA is correct and checking whether an entity distinguisher of the entity A is consistent with an entity distinguisher of the entity A comprised in signature data of the entity B in the token TokenBA, and if so, checking whether the random number RA generated by the entity A in the message 4 is consistent with the random number RA comprised in the signature data of the entity B in the token TokenBA, and if so, determining the authentication of the entity B by the entity A is passed; and wherein the entity B resides on a user communication terminal.
-
-
2. A method for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the method comprises:
-
1) sending, by an entity B, a message 1 to an entity A, the message 1 comprising a random number RB, a request ReqB and optional text Text1, wherein the request ReqB indicates that the entity B requests a valid public key or a status of a public key certificate of the entity A; 2) sending, by the entity A on receipt of the message 1, a message 2 to a trusted third party TP, the message 2 comprising a request ReqAT and optional text Text2, wherein the request ReqAT equals to a content of the request ReqB, and the request ReqAT indicates that the entity B requests a valid public key or the status of a public key certificate of the entity A; 3) checking, by the trusted third party TP on receipt of the message 2, the validity of a public key certificate CertA according to an identity identifier IDA of the entity A;
or searching, by the trusted third party TP on receipt of the message 2, for a valid public key of the entity A through an entity distinguisher of the entity A, anddetermining, by the trusted third party TP, a response RepTA, wherein the response RepTA equals to the content of a response RepB, and the response RepTA indicates the valid public key or the status of the public key certificate of the entity A determined by the trusted third party TP; 4) returning, by the trusted third party TP, a message 3 to the entity A, the message 3 comprising the response RepTA and optional text Text3; 5) returning, by the entity A on receipt of the message 3, a message 4 to the entity B, the message 4 comprising an identity identifier IDA, a token TokenAB, the response RepB and optional text Text5, wherein TokenAB=sSA(RepB∥
RB∥
A∥
Text4), and sSA is a signature signed by the entity A;6) performing, by the entity B, the following steps on receipt of the message 4; 6.1) verifying the response RepB according to a public key verification protocol or distribution protocol that is used, and performing step 6.2) if the verification is passed; 6.2) obtaining the public key or the status of the public key certificate of the entity A, verifying whether the signature signed by the entity A in the token TokenAB is correct and checking whether the random number RB generated by the entity B in the message 1 is consistent with the random number RB comprised in signature data of the entity A in the token TokenAB, and if so, determining the authentication of the entity A by the entity B is passed; and wherein the entity B resides on a user communication terminal.
-
-
3. A system for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the system comprises an entity A, an entity B and the trusted third party,
the trusted third party comprises a response RepTA generation unit, which is adapted to generate a response RepTA and send the response RepTA to the entity A; -
the entity A comprises a verification unit for verifying an identity of the entity B, which is adapted to verify the response RepTA according to a public key verification protocol or distribution protocol that is used;
obtain a public key or a status of a public key certificate of the entity B if the verification is passed;
verify whether a signature signed by the entity B in a token TokenBA is correct and check whether an entity distinguisher of the entity A is consistent with an entity distinguisher of the entity A comprised in signature data of the entity B in the token TokenBA; and
if so, check whether a random number RA generated by the entity A in a message 4 is consistent with a random number RA comprised in the signature data of the entity B in the token TokenBA; and
if so, determine the verification of the identity of the entity B is passed;the entity B comprises a verification unit for verifying the identity of the entity A, which is adapted to verify a response RepB according to a public key verification protocol or distribution protocol that is used;
obtain a public key or the status of a public key certificate of the entity A if the verification is passed;
verify whether a signature signed by the entity A in a token TokenAB is correct and check whether an entity distinguisher of the entity B is consistent with an entity distinguisher of the entity B comprised in signature data of the entity A in the token TokenAB; and
if so, check whether a random number RB generated by the entity B in a message 1 is consistent with a random number RB comprised in the signature data of the entity A in the token TokenAB; and
if so, determine the verification of the identity of the entity A is passed; andwherein the entity B resides on a user communication terminal.
-
-
4. A system for obtaining entity public key, certificate verification and authentication with an online trusted third party, wherein the system comprises an entity A, an entity B and the trusted third party,
the trusted third party comprises a response RepTA generation unit, which is adapted to generate a response RepTA and send the response RepTA to the entity A, wherein the response RepTA indicates a valid public key or a status of a public key certificate; -
the entity B comprises a verification unit for verifying an identity of the entity A, which is adapted to verify a response RepB according to a public key verification protocol or distribution protocol that is used;
obtain a public key or the status of a public key certificate of the entity A if the verification is passed;
verify whether a signature signed by the entity A in a token TokenAB is correct and check whether a random number RB generated by the entity B in a message 1 is consistent with a random number RB comprised in signature data of the entity A in the token TokenAB; and
if so, determine the verification of the identity of the entity A is passed; andwherein the entity B resides on a user communication terminal.
-
Specification