Nothing Special   »   [go: up one dir, main page]

CN108616350B - HTTP-Digest class AKA identity authentication system and method based on symmetric key pool - Google Patents

HTTP-Digest class AKA identity authentication system and method based on symmetric key pool Download PDF

Info

Publication number
CN108616350B
CN108616350B CN201810229963.7A CN201810229963A CN108616350B CN 108616350 B CN108616350 B CN 108616350B CN 201810229963 A CN201810229963 A CN 201810229963A CN 108616350 B CN108616350 B CN 108616350B
Authority
CN
China
Prior art keywords
key
message
authentication
random number
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810229963.7A
Other languages
Chinese (zh)
Other versions
CN108616350A (en
Inventor
富尧
钟一民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201810229963.7A priority Critical patent/CN108616350B/en
Publication of CN108616350A publication Critical patent/CN108616350A/en
Application granted granted Critical
Publication of CN108616350B publication Critical patent/CN108616350B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an HTTP-Digest type AKA identity authentication method and system based on a symmetric key pool, wherein a user side initiates a registration request to a server when authentication is implemented, and the registration request is provided with a first random number; receiving a question message from the server, wherein the question message is generated by the server in response to the registration request, the question message comprises a message authentication code, an AMF (advanced resource framework) and a second random number used for generating a negotiation key, the second random number is in a ciphertext form, and an anonymous key used for encrypting the second random number is generated by the server by using the first random number; sequentially verifying the question message by using a first random number and a message authentication code, and generating a response message after the verification is passed; and sending the response message to a server, and receiving a registration result of the response message from the server. The invention adopts bidirectional authentication, further improves the safety, simplifies the fussy message verification steps and reduces the risk of key decryption.

Description

HTTP-Digest class AKA identity authentication system and method based on symmetric key pool
Technical Field
The invention relates to the technical field of secure communication, in particular to an end-to-end authentication and key agreement algorithm, namely a mechanism for how two communication parties perform bidirectional identity authentication and take out the same key from a symmetric key pool.
Background
Authentication, namely identity authentication, is a basic technology for realizing information security, a system checks the identity of a user to confirm whether the user has access and use rights to certain resources, and identity authentication between the system and the system can also be performed.
Security issues for mobile communications are facing serious challenges and are receiving increasing attention. As a relatively independent security architecture, the communication between the ue and the server must be protected from the security at all times, and all ues must be authenticated before using the services of the network core control platform. How to ensure the safe access of the user side to the network and complete the bidirectional identity authentication with the server has very important practical significance. With the development of quantum computers, classical asymmetric encryption algorithms are no longer secure, and symmetric key algorithms will make the best way no matter in the authentication or encryption and decryption fields. Such as the AKA mechanism, which is one of the server methods based on the symmetric key algorithm and is commonly used in the field of mobile communication. An access authentication mechanism based on Authentication and Key Agreement (AKA) is an authentication mechanism established by the IETF, adopted by the 3GPP, and widely used. The AKA mechanism performs key negotiation while performing identity authentication, and provides key guarantee for encryption of subsequent communication.
As a scheme for security upgrade, the manner of symmetric key pool will be an important scheme or even a mainstream scheme for ensuring key security. Meanwhile, all or part of the content in the symmetric key pool can be encrypted and stored, and the encrypted key can be stored in a security isolation device hosted by the symmetric key pool. When the key operation is subsequently performed on the symmetric key pool, the symmetric key pool needs to be decrypted by the security isolation device and then used. The invention patent document with the patent publication number of CN105337726A and the title of "end-to-end handheld device encryption method and system based on quantum cryptography" discloses an end-to-end handheld device encryption method based on quantum cryptography, wherein a pair of symmetric key pools are formed between two key distribution devices for quantum communication through QKD, and are used for quantum encryption communication between users of both sides of the QKD.
Also for example, the invention patent document, publication No. CN106452740A entitled "a quantum communication service station, a quantum key management device, and a key arrangement network and method", discloses a quantum communication service station and a quantum key management device that share a same quantum random number key data block between them, which data block pair can also be understood as a pair of symmetric key pools, for encrypted communication of quantum random number keys by users of both parties.
Patent document CN106357649A entitled "user identity authentication system and method" discloses an identity authentication method using a symmetric key system. The invention is based on the mobile quantum key storage device, adopts the true random number generated by the quantum true random number generator as the key seed, is used for multiple times in the identity authentication, and gives consideration to the key generation amount and the security problem. And includes authentication techniques for quantum communication at different places.
The problems existing in the prior art are as follows:
1. although the patent document CN106357649A uses a quantum key fob as a symmetric key pool, the identity authentication is one-way, and there is a large security risk. And the key used in the invention is not distinguished in communication mode, is too single, and can cause all messages to be cracked under the condition of key leakage.
2. The existing HTTP Digest identity authentication method using the AKA mechanism uses very limited keys and negotiated keys, and has low security performance. The random number RAND used for key agreement is exposed in the communication and poses a certain threat to the security of the encrypted communication.
Disclosure of Invention
The invention provides an identity authentication system and method based on a symmetric key pool, which ensure that key seeds used by key agreement are not leaked, and the key pool is large enough and difficult to predict, thereby ensuring the security of key generation.
An HTTP-Digest type AKA identity authentication method based on a symmetric key pool is implemented at a user side and comprises the following steps:
initiating a registration request to a server, wherein a nonce field of the registration request carries a first random number;
receiving a 401Unauthorized challenge message from the server, the 401Unauthorized challenge message being generated by the server in response to the registration request, a nonce field of the 401Unauthorized challenge message including a message authentication code, an AMF, and a second random number used for generating a negotiation key, the second random number being in a form of a ciphertext, an anonymity key used for encrypting the second random number being generated by the server using the first random number;
sequentially verifying the 401Unauthorized question message by using a first random number and a message authentication code, and generating a response message after the verification is passed; sending the response message to a server, and receiving a registration result of the response message from the server, wherein the registration result is a 200OK message or a 403Forbidden message.
The access authentication mechanism based on Authentication and Key Agreement (AKA) realizes mutual identity authentication and session key distribution between a server and a user side based on a 'challenge/response' mode, SIP messages carrying AKA parameters are interacted between the user side and the server, and transmission and agreement are carried out according to the AKA mechanism, so that bidirectional authentication between the user side and the server is realized, and a security key pair required by subsequent communication is negotiated.
The design based on the symmetric key pool has the significance that the key seeds used for key agreement are not leaked, the key pool is large enough and difficult to predict, and the security of key generation is further ensured.
The registration process includes both mutual authentication and negotiation of the keys used for subsequent encrypted communications, i.e., the negotiation keys, which include a message encryption key CK (i.e., a confidentiality key) and a message authentication key IK (i.e., an integrity key).
The first random number and the second random number are preferably quantum random numbers generated by a quantum true random number generator, and may be generated in advance and stored for calling, or may be generated as needed in an authentication process.
The user end and the server can be provided with a quantum true random number generator, can adopt a matching quantum key card or other external hardware forms, or can be obtained by a vector sub-network service station request.
Compared with the existing one-way authentication mode, the invention realizes the mutual authentication of both sides of the registered object, the updating of the authentication key further improves the safety of the authentication key in the authentication process, and meanwhile, the updating of the authentication key can be carried out in the registration process, thereby reducing unnecessary communication steps and reducing the communication pressure of equipment.
The invention is also improved according to the restriction of AKA communication key, the mode of taking key seed to calculate key is changed from the original mode of calculating key according to random number, the key seed is not exposed, and the random number used for generating secret key and integrity key in the original AKA mechanism is encrypted in the 401 Unroute question message, thereby reducing the risk of key cracking.
The invention adopts the first random number to replace the SQN in the registration mechanism of the classical AKA, thereby simplifying the fussy message freshness check steps. Meanwhile, a vulnerability of the SQN resynchronization is avoided, and when a replay question is encountered, the SQN can continuously perform resynchronization, so that the communication load is increased. In addition, the classical AKA server and the server transmit messages through the classical network, which is not secure in the current network environment, and the QKD network used in the present invention ensures the security of communication in the wide area network.
Correspondingly, the invention also provides an HTTP-Digest class AKA identity authentication method based on the symmetric key pool, which is implemented in a server and comprises the following steps:
receiving a registration request from a user terminal, wherein a nonce field of the registration request carries a first random number;
responding to the registration request to generate a 401Unauthorized challenge message and sending the message to the user side, wherein a nonce field of the 401Unauthorized challenge message comprises a message authentication code, an AMF (advanced metering framework) and a second random number used for generating a negotiation key, the second random number is in a ciphertext form, and an anonymous key used for encrypting the second random number is generated by using the first random number;
receiving a response message from the user side, wherein the response message is generated after the 401 Unautered question message is verified by the user side and passes the verification;
and authenticating the response message to obtain a registration result, and sending the registration result to the user side, wherein the registration result is a 200OK message or a 403Forbidden message.
Correspondingly, the invention also provides an HTTP-Digest type AKA identity authentication method based on the symmetric key pool, which is implemented between the user side and the server and comprises the following steps:
a user side initiates a registration request to a server, and a nonce field of the registration request carries a first random number;
the server responds to the registration request to generate a 401 Unauturized question message and sends the message to the user side, a nonce field of the 401 Unauturized question message comprises a message authentication code, an AMF and a second random number used for generating a negotiation key, the second random number adopts a ciphertext form, and an anonymous key used for encrypting the second random number is generated by utilizing the first random number;
the method comprises the steps that a user side receives a 401 Unautered question message from a server, the 401 Unautered question message is sequentially verified by using a first random number and a message authentication code, and a response message is generated and sent to the server after verification is passed;
the server receives the response message from the user side and authenticates the response message to obtain a registration result, and then the registration result is sent to the user side, wherein the registration result is a 200OK message or a 403Forbidden message;
the user side receives the registration result from the server.
Correspondingly, the invention also provides an HTTP-Digest type AKA identity authentication system based on the symmetric key pool, which comprises a user side, wherein the user side is provided with a processor and a memory, and the memory is provided with the following instruction modules for the processor to call and operate:
the first module is used for initiating a registration request to the server, and a nonce field of the registration request carries a first random number;
a second module, configured to receive a 401Unauthorized challenge message from the server, where the 401Unauthorized challenge message is generated by the server in response to the registration request, a nonce field of the 401Unauthorized challenge message includes a message authentication code, an AMF, and a second random number used for generating a negotiation key, and the second random number is in a form of a ciphertext, and an anonymous key used for encrypting the second random number is generated by the server using the first random number;
a third module, configured to sequentially verify the 401Unauthorized challenge message by using the first random number and the message authentication code, and generate a response message after the verification is passed;
a fourth module, configured to send the response message to a server, and receive a registration result of the response message from the server, where the registration result is a 200OK message or a 403Forbidden message.
Correspondingly, the invention also provides an HTTP-Digest type AKA identity authentication system based on the symmetric key pool, which comprises a server, wherein the server is provided with a processor and a memory, and the memory is provided with the following instruction modules for the processor to call and operate:
a fifth module, configured to receive a registration request from a user side, where a nonce field of the registration request carries a first random number;
a sixth module, configured to generate a 401Unauthorized challenge message in response to the registration request, and send the message to the user side, where a nonce field of the 401Unauthorized challenge message includes a message authentication code, an AMF, and a second random number used for generating a negotiation key, and the second random number is in a ciphertext form, where an anonymous key used for encrypting the second random number is generated by using the first random number;
a seventh module, configured to receive a response message from the user side, where the response message is generated after the 401Unauthorized question message is verified by the user side and the verification is passed;
and an eighth module, configured to authenticate the response message to obtain a registration result, and send the registration result to the user side, where the registration result is a 200OK message or a 403Forbidden message.
The invention also provides an HTTP-Digest type AKA identity authentication system based on the symmetric key pool, which comprises the user side and the server.
Preferably, both parties participating in the identity authentication are configured with a symmetric key pool and a corresponding authentication key, and the specified key seed in the key pool is operated through the second random number and the authentication key to obtain the negotiation key; and the authentication key is updated according to a preset life cycle.
The update time of the authentication key is as follows:
before initiating a registration request, a user side judges whether an authentication key is in a life cycle or not, and if the life cycle is exceeded, the user side initiates an authentication key updating request when initiating the registration request; or
When both parties participating in identity authentication use the authentication key, judging whether the authentication key is in a life cycle, and if the authentication key exceeds the life cycle, initiating an authentication key updating request; or
The two parties participating in identity authentication regularly check whether the authentication key is in the life cycle, and if the life cycle is exceeded, the two parties initiate an authentication key updating request.
When the authentication key is updated, one party initiating the request for updating the authentication key is an active party, the other party is a passive party, at least the authentication key used last time and the currently used authentication key are stored in the passive party, and the updating is sequentially covered forward.
Therefore, when the registration exception is processed, the authentication key used last time can be called to recover the registration process.
In the invention, the authentication key can be updated in the registration process, thereby reducing unnecessary communication steps and reducing the communication pressure of equipment.
The registration request is provided with identification codes of a user side and a server and the first random number; before responding to the registration request and generating 401Unauthorized challenge message, the server performs matching identification and positioning of a symmetric key pool based on the identity identification code, and then generates an authentication vector containing the message authentication code, the AMF and the second random number.
The AMF adds a timestamp, a message encryption key and a life cycle of a message authentication key which are adopted in subsequent encryption communication, and a message encryption algorithm ID and a message authentication algorithm ID in subsequent encryption communication on the basis of the prior art.
In the invention, the second random number used for generating the negotiation key in the 401Unauthorized question message is encrypted in a ciphertext mode, namely by an anonymous key.
The anonymous key is obtained by the server through operation through an authentication key and a first random number.
The 401Unauthorized challenge message comprises the first random number and a network authentication token, and the network authentication token comprises the AMF, a message authentication code and the second random number encrypted by an anonymous key;
after receiving the 401Unauthorized question message from the server, the user side performs first verification on the 401Unauthorized question message by comparing a first random number in the 401Unauthorized question message with a local first random number;
the client also verifies the 401Unauthorized challenge message a second time by comparing the message authentication code in the 401Unauthorized challenge message with the locally generated message authentication code.
Preferably, the response field of the response message includes an authentication response, and the authentication response is calculated by the user side by using the second random number and the currently used authentication key;
the server compares the authentication response with a corresponding authentication response generated locally to obtain a registration result, and then sends the registration result to the user side.
Preferably, the authentication response further includes a negotiation key.
Since the generation mode and usage of the negotiation key have been completed after the user side and the server interact with the registration request and the 401Unauthorized challenge message, the user side can participate in the generation of the authentication response by using the negotiation key when generating the response message in order to further improve the security and the complexity.
The invention adopts bidirectional authentication, further improves the safety, and utilizes the first random number to replace SQN in a registration mechanism of the classical AKA, simplifies the complicated message verification steps, and adopts a ciphertext mode in the 401 Unauuthorized question message by the random number used for generating the confidentiality key and the integrity key in the original AKA mechanism, thereby reducing the risk of key cracking.
Drawings
Fig. 1a is a schematic diagram of a partial data structure of a user side;
FIG. 1b is a partial data structure diagram of a server;
FIG. 2 is a schematic flow chart of example 1;
FIG. 3 is a schematic flow chart of example 2;
Detailed Description
Description of the System
The identity authentication process of the embodiment is implemented between the user terminal and the server. The notation of each parameter in the present invention is for convenience of description only and does not set any particular limitation to the present invention.
As shown in fig. 1a and fig. 1b, the IDs of the user side and the server are ID-ID respectivelyAAnd ID ═ IDBAt the same time, the ID code PID of the other party is recorded, i.e. the PID of the user end contains IDB(ii) a The PID of the server contains the IDA. The user side and the server hold corresponding key pools, various algorithms and authentication key arrays. The length of the authentication key group is 2, the first is the previous authentication key, and the second is the currently used authentication key. The symbolic representation of each key is detailed in fig. 1a and1 b. In addition, the user terminal and the server have corresponding algorithms to support the whole registration process. In this embodiment, the same key pool is stored in the security isolation devices of the client and the server, respectively. In this embodiment, the keys finally negotiated after registration are a message encryption key CK (i.e., a confidentiality key) and a message authentication key IK (i.e., an integrity key).
Example 1
Description of the flow
Referring to fig. 2, a schematic diagram of a registration process of the present embodiment includes:
step 1: user end initiates registration request
The user side initiates a registration request to the server according to the requirement, and the main header fields and the fields have the following contents:
REGISTER sip:home.mobile.biz SIP/2.0
Authenticate:Digest
username="jon.dough@home.mobile.biz",
realm="home.mobile.biz",
nonce="",
uri="sip:home.mobile.biz",
response="",
……
the values of the "response" and "nonce" fields are both set to null in the initial registration request message. The request contains the ID of the user terminalAAnd the identity ID of the serverBAnd a random number RAND1 generated by the user terminal, which has the function of the identifier of the message.
The random number RAND1 is preferably a quantum random number generated by a quantum true random number generator to improve security, either generated in advance and stored for invocation or generated as required to initiate a registration request.
Step 2: the server receives the confirmation request and generates a question message
2.1, identifying the message by the server, finding the corresponding authentication key group: after the server receives the registration request from the user terminal, the server analyzes the identity identifier ID of the user terminal in the request messageA', identity ID of serverB' and a random number RAND 1. Server authentication IDB' compare with own identification code, match and then according to IDA' find the corresponding authentication key set, take out the second authentication key KB2(i.e. the authentication key now used).
2.2, the server generates an authentication vector: the server generates an unpredictable random number RAND2 by means of a quantum true random number generator. The random number RAND2 is preferably a quantum random number generated using a quantum true random number generator to improve security. The random number RAND2 may be generated and stored for invocation in advance or may be generated as needed to generate an authentication vector.
The server will also generate a parameter AMF, which adds the message encryption algorithm ID and the message authentication algorithm ID used for subsequent data encryption, as well as the time stamp and the lifetime of CK and IK, based on the AMF in the existing AKA technology.
Device for use as a privacy keyCK has a key seed (i.e., random number) of N1 and a pointer address of PCLength of LC
The key seed (i.e., random number) used as the integrity key IK is N2, and the pointer address is PILength of LI
N1 and N2 are taken from the key pool of the corresponding user side, respectively. Let the total number of key pools be PA. CK and IK can be directly N1 and N2, or can be calculated by a specified key generation algorithm as N1 and N2, respectively.
For simplicity of expression, K is given in the following formulaB2Simplified to K. The specific calculation formula is as follows (∈ indicates bitwise xor, and | | indicates concatenation):
compute Message Authentication Code (MAC): MAC f1(K, RAND1| | RAND2| | | AMF);
calculate expected authentication response (XRES): XRES ═ f2(K, RAND 2);
calculating the pointer Address (P) of CKC):PC=f3(K,RAND2,PA);
Calculating pointer Address (P) of IKI):PI=f4(K,RAND2,PA);
Calculating an Anonymity Key (AK): AK ═ f5(K, RAND 1);
network authentication token (AUTN): AUTN RAND2 AK AMF MAC;
authentication Vector (AV): AV ═ RAND1| | | XRES | | CK | | | | IK | | AUTN;
(Note: algorithms f1 and f2 are message authentication algorithms, f3 and f4 are specific pointer address algorithms, and f5 is a designated anonymous key generation algorithm.)
In the present invention, n authentication vectors can be generated at a time, and the size of n depends on the situation, for example, according to the number of the user terminals.
2.3, the server sends a question message: the server removes and retains XRES, CK and IK in the authentication vector AV, and the authentication vector AV from which XRES, CK and IK are removed is contained in a WWW-authentication header field of a 401Unauthorized question message to ask a user side. The nonce field is filled with a string obtained by concatenating the RAND1 in the authentication vector AV and the AUTN parameter and then performing Base64 encoding, and the algorithm field is filled with a value "AKAv 1-MD 5", which indicates that the 3GPP AKA authentication mechanism is used.
The contents of the main header fields and fields of the 401 response are as follows:
SIP/2.0401 Unauthorized
WWW-Authenticate:Digest
realm="RoamingUsers@mobile.biz",
nonce="CjPk9mRqNuT25eRkajM09uTl9nM09uTl9nMz5OX25PZz==",
algorithm=AKAv1-MD5,
……
and step 3: REGISTER comprising an authentication response RES
3.1, the user side analyzes the question message of the server: after receiving the 401 response message from the server, the user side resolves the RAND1 and the AUTN from the 'nonce'. To facilitate differentiation of the RAND1 local to the user terminal, RAND1 parsed from the challenge message is hereinafter denoted as RAND 1'.
Next, the ue compares RAND 1' with RAND1, and if they are the same, proceeds to the next step; if not, the message is not the question message of the current service.
The user side splits AUTN into RAND2 ≦ AK, AMF, and MAC. User end takes out K from authentication key groupA2And RAND1 'as parameter inputs, and AK is calculated by using the f 5' algorithm corresponding to f 5. And the user terminal obtains RAND2 by XOR between RAND2 and AK.
3.2, user side authentication question message: the user side concatenates RAND 1', RAND2 and AMF together, and uses the secret key KA2And f 1' algorithm corresponding to f1 is calculated to obtain XMAC. And comparing the XMAC with the MAC obtained by analyzing the message, if the XMAC is different from the MAC obtained by analyzing the message, failing to authenticate the server identity, and sending a REGISTER message which does not carry a response field to the server by the user side so as to inform that the network question is invalid. The reason for the failure may be that the message was tampered with or the server was an illegal identity, etc. And if the identity is consistent, the user end successfully authenticates the server identity.
3.3, the user side generates a response message: after MAC passes the check, the ue uses RAND2 and KA2Calculating the pointer address P of the secret key CK and the integrity key IK according to the same methodC' and PI'. Taking out corresponding random numbers N1 'and N2' from the symmetric key pool according to the pointer address and the length, and then passing N1 'and N2' through a key generation algorithm and a key KA2The confidentiality key CK and the integrity key IK are calculated.
The key generation method can generate the keys CK and IK without exposing the parameters required by the keys CK and IK to the outside, and improves the safety of the CK and the IK. The CK and IK life cycles are derived in the AMF and the algorithm for encryption of the following data is also parsed from the AMF.
The user terminal uses K for RAND2A2And calculating by a message authentication algorithm to obtain an authentication response RES. The calculation is the same as the authentication response (XRES) in 2.2.
And 3.4, the user side returns a response message: the user end returns a challenge response RES in a second REGISTER request sent to the server, and the character string coded by Base64 is put into the response field. The contents of the main header fields and fields are as follows:
REGISTER sip:home.mobile.biz SIP/2.0
Authorization:Digest
username="jon.dough@mobile.biz",
realm="RoamingUsers@mobile.biz",
nonce="CjPk9mRqNuT25eRkajM09uTl9nM09uTl9nMz5OX25PZz==",
uri="sip:home.mobile.biz",
response="6629fae49393a05397450978507c4ef1",
……
and 4, step 4: completion of identity authentication
4.1, server authentication response message: after receiving the response message of the user side, the server analyzes the response message and takes out the corresponding parameters from the authentication header field Authorization: if the response field in the Authorization header field is empty, then check if the resynchronization parameters field auth is empty: if AUTS parameter is not null, it shows that RAND1 authentication is checked to be failed, server uses this re-synchronization parameter AUTS to request authentication data again, and when downloading authentication data is successful, it uses new authentication vector to ask question again. If the AUTS parameter is also null, the question is invalid, and the server will select the next authentication vector and ask again with the 401 message. If all the authentication vectors are used up and the authentication still cannot be completed, the authentication is considered to be failed, the authentication process is abandoned, and a 403Forbidden message is sent to inform the user side.
If the response field in the Authorization header field is not empty, the authentication response RES parameter is taken out of it and compared with the retained authentication response XRES. If the answer is consistent with the answer, the server considers that the user side answers the question correctly, the user side identity is authenticated successfully, and meanwhile, a 200OK message is sent to the user side; if the two authentication methods are not consistent, the user side is considered to answer the question incorrectly, and the authentication of the user side fails, then the server should send a 403Forbidden response message to the user side to inform the user side of the failure of the authentication, and abandon the authentication process.
4.2, the server returns a registration result: the server returns the registration result to the user side, and if the registration result is successful, the CK and the IK generated by the registration are reserved; and if the registration fails, clearing the CK and the IK generated by the registration.
And 5: the user end receives the verification registration result
The user side receives the verification registration result: the user end receives the return message of the server to judge whether the identity authentication is successful. If the registration request fails, the registration request is reinitiated; if successful, the subsequent message transmissions can be encrypted and decrypted.
Updating of authentication keys
The updating method of the authentication key is similar to the generation method of CK and IK in the server method described above. Namely: and using f3 or f4 to generate the address of the authentication key so as to obtain the authentication key.
At the first time, a random number at the beginning of the key pool is taken as an authentication key by default. When updating the authentication key, the current authentication key is covered with the previous authentication key group, and the synchronous authentication key group is covered with the current authentication key group.
The server is updated after the identity of the user side is successfully authenticated in the step 4;
the user side updating is carried out after receiving the return message of the server in the step 5 and judging that the identity authentication is successful.
Registration and authentication key update combination
When the update of the authentication key needs to be bound to the registration, the user end, i.e. the user end, may declare in the registration request of step 1, e.g. set an identifier in the registration request. Please refer to the "update of the authentication key" in this embodiment.
Handling of registration exceptions
The message sent and received between the active server and the passive server can be a registration request, a 401Unauthorized question message, a response message or a registration result.
Referring to fig. 2, the registration request, the 401Unauthorized question message, the response message, and the registration result are referred to as messages (i) to (iv), respectively.
If light packet loss occurs between the user terminal and the server in the message transmission process, the receiving and sending of the message are not influenced generally through respective signaling retransmission mechanisms. For example, the user side can not receive the question message from the server after sending the registration request to the server, and can regenerate the unique identifier packaging request message and send the unique identifier packaging request message to the server until the maximum sending times of the request are reached; the server can not receive the response message after sending the question message, and can also resend the response message to the maximum sending times.
If the packet loss between the user side and the server is severe and even the network is disconnected in the registration process, the registration process is terminated, and the next registration request of the lower application layer is waited. The various abnormal conditions are handled as follows:
in case 1, if only registration and key agreement are performed in the process, no matter any one of the messages (i), (ii), (iii) and (iv) is lost, the key pool and the authentication key set are not affected. The only effect is registration failure and key agreement failure, which can be re-registered according to the application layer request.
And2, if the authentication key is updated, the packet loss of the messages I and II has no influence on the synchronization of the authentication key group. And when the messages (c) and (d) are lost, the user side cannot receive the return message from the server, and the updating of the authentication key fails. The user end will make the initiation request again and declare the last failure of the updating of the authentication key. After receiving the updating request, the server judges whether to use the first or second key in the authentication key group to calculate the authentication vector according to the last updating message.
If the last update received message (c), it means that the server has completed the update, but the user side has not, the server uses the first key in the authentication key set to calculate the authentication vector.
If the last update does not receive the message (c), it means that neither the server nor the client has been updated, the server uses the second key in the authentication key set to calculate the authentication vector.
Case 3, if the combination of registration and authentication key update is used, the processing mode may refer to the exception handling in case 2.
Example 2
Description of the flow
Please refer to fig. 3for a schematic diagram of a registration process in this embodiment. The point of difference from embodiment 1 is the manner of generation of the authentication response. The method comprises the following steps:
step 1: user end initiates registration request
The user side initiates a registration request to the server according to the requirement, and the main header fields and the fields have the following contents:
REGISTER sip:home.mobile.biz SIP/2.0
Authenticate:Digest
username="jon.dough@home.mobile.biz",
realm="home.mobile.biz",
nonce="",
uri="sip:home.mobile.biz",
response="",
……
the values of the "response" and "nonce" fields are both set to null in the initial registration request message. The request contains the ID of the user terminalAAnd the identity ID of the serverBAnd a random number RAND1 generated by the user terminal, which has the function of the identifier of the message.
The random number RAND1 is preferably a quantum random number generated by a quantum true random number generator to improve security, either generated in advance and stored for invocation or generated as required to initiate a registration request.
Step 2: the server receives the confirmation request and generates a question message
2.1, identifying the message by the server, finding the corresponding authentication key group: after receiving the registration request from the user terminal, the server analyzes the identity identifier ID of the registration request active party in the request messageA', identity ID of passive party of registration requestB' and a random number RAND 1. Server authentication IDB' compare with own identification code, match and then according to IDA' find the corresponding authentication key set, take out the second authentication key KB2(i.e. the authentication key now used).
2.2, the server generates an authentication vector: the server generates an unpredictable random number RAND2 by means of a quantum true random number generator. The random number RAND2 is preferably a quantum random number generated using a quantum true random number generator to improve security. The random number RAND2 may be generated and stored for invocation in advance or may be generated as needed to generate an authentication vector.
The server will also generate a parameter AMF, which adds the message encryption algorithm ID and the message authentication algorithm ID used for subsequent data encryption, as well as the time stamp and the lifetime of CK and IK, based on the AMF in the existing AKA technology.
Let the key seed (i.e., random number) used as the secret key CK be N1 with a pointer address of PCLength of LC
The key seed (i.e., random number) used as the integrity key IK is N2, and the pointer address is PILength ofIs LI
N1 and N2 are taken from the key pool of the corresponding user side, respectively. Let the total number of key pools be PA. CK and IK can be directly N1 and N2, or can be calculated by a specified key generation algorithm as N1 and N2, respectively.
For simplicity of expression, K is given in the following formulaB2Simplified to K. The specific calculation formula is as follows (∈ indicates bitwise xor, and | | indicates concatenation):
compute Message Authentication Code (MAC): MAC f1(K, RAND1| | RAND2| | | AMF);
calculate expected authentication response (XRES): XRES ═ f2(K, RAND 2);
calculating the pointer Address (P) of CKC):PC=f3(K,RAND2,PA);
Calculating pointer Address (P) of IKI):PI=f4(K,RAND2,PA);
Calculating an Anonymity Key (AK): AK ═ f5(K, RAND 1);
network authentication token (AUTN): AUTN RAND2 AK AMF MAC;
authentication Vector (AV): AV ═ RAND1| | | XRES | | CK | | | | IK | | AUTN;
(Note: algorithms f1 and f2 are message authentication algorithms, f3 and f4 are specific pointer address algorithms, and f5 is a designated anonymous key generation algorithm.)
In the present invention, n authentication vectors can be generated at a time, and the size of n depends on the situation, for example, according to the number of the user terminals.
2.3, the server sends a question message: the server removes and retains XRES, CK and IK in the authentication vector AV, and calculates xpansway ═ PRF using PRF (XRES | | | IK | | CK, "http-digest-akav 2-passshift"). PRF is a pseudo-random function used to construct the cipher for AKAv2 and the associated session keys IK 'and CK'.
In the present invention, PRF appears in the format of KD (secret), indicating that an encrypted digest algorithm (KD) is performed on data ("data") using a secret key ("secret"). If the algorithm is AKAv2-MD5, then the PRF is HMAC _ MD 5. The authentication vector AV with the XRES, CK and IK removed is contained in a WWW-authentication header field of a 401Unauthorized question message to ask the user terminal. The nonce field is filled with a string obtained by concatenating the RAND1 in the authentication vector AV and the AUTN parameter and then performing Base64 encoding, and the algorithm field is filled with a value "AKAv 2-MD 5", which indicates that the 3GPP AKA authentication mechanism is used. The contents of the main header fields and fields of the 401 response are as follows:
SIP/2.0401 Unauthorized
WWW-Authenticate:Digest
realm="RoamingUsers@mobile.biz",
nonce="CjPk9mRqNuT25eRkajM09uTl9nM09uTl9nMz5OX25PZz==",
algorithm=AKAv2-MD5,
……
and step 3: REGISTER INCLUDING AUTHENTICATION RESPONSE PASSWORD
3.1, the user side analyzes the question message of the server: after receiving the challenge message from the server, the user side analyzes the RAND1 and the AUTN from the 'nonce'. To facilitate differentiation of the RAND1 local to the user terminal, RAND1 parsed from the challenge message is hereinafter denoted as RAND 1'.
Next, the ue compares RAND 1' with RAND1, and if they are the same, proceeds to the next step; if not, the message is not the question message of the current service.
The user side splits AUTN into RAND2 ≦ AK, AMF, and MAC. User end takes out K from authentication key groupA2And RAND1 'as parameter inputs, and AK is calculated by using the f 5' algorithm corresponding to f 5. And the user terminal obtains RAND2 by XOR between RAND2 and AK.
3.2, user side authentication question message: the user side concatenates RAND 1', RAND2 and AMF together, and uses the secret key KA2And f 1' algorithm corresponding to f1 is calculated to obtain XMAC. Comparing the XMAC with the MAC obtained by analyzing the message, if the XMAC is different from the MAC obtained by analyzing the message, the identity authentication of the server by the user side fails, and the user side sends a message which does not carry a response field to the server
REGISTER message, whereby the network is informed that the challenge is invalid. The reason for the failure may be that the message was tampered with or the server was an illegal identity, etc. And if the identity is consistent, the user end successfully authenticates the server identity.
3.3, the user side generates a response message: after MAC passes the check, the ue uses RAND2 and KA2Calculating the pointer address P of the secret key CK and the integrity key IKC' and PI'. Taking out corresponding random numbers N1 'and N2' from the symmetric key pool according to the pointer address and the length, and then passing N1 'and N2' through a key generation algorithm and a key KA2The confidentiality key CK and the integrity key IK are calculated.
The key generation method can generate the keys CK and IK without exposing the parameters required by the keys CK and IK to the outside, and improves the safety of the CK and the IK. The CK and IK life cycles are derived in the AMF and the algorithm for encryption of the following data is also parsed from the AMF.
The user terminal uses K for RAND2A2And calculating by a message authentication algorithm to obtain a message authentication code RES. Passwerd ═ PRF (RES | | IK | | CK, "http-digest-akav 2-passwerd") was calculated using a pseudorandom function PRF. The calculation method is the same as the authentication response (xpanswed) in 2.3.
And 3.4, the user side returns a response message: the client returns an authentication challenge response password in a second REGISTER request to the server, and the string encoded by Base64 is placed in the response field. The contents of the main header fields and fields are as follows:
REGISTER sip:home.mobile.biz SIP/2.0
Authorization:Digest
username="jon.dough@mobile.biz",
realm="RoamingUsers@mobile.biz",
nonce="CjPk9mRqNuT25eRkajM09uTl9nM09uTl9nMz5OX25PZz==",
uri="sip:home.mobile.biz",
response="6629fae49393a05397450978507c4ef1",
……
and 4, step 4: completion of identity authentication
4.1, server authentication response message: after receiving the response message of the user side, the server analyzes the response message and takes out the corresponding parameters from the authentication header field Authorization: if the response field in the Authorization header field is empty, then check if the resynchronization parameters field auth is empty: if AUTS parameter is not null, it shows that RAND1 authentication is checked to be failed, server uses this re-synchronization parameter AUTS to request authentication data again, and when downloading authentication data is successful, it uses new authentication vector to ask question again. If the AUTS parameter is also null, the question is invalid, and the server will select the next authentication vector and ask again with the 401 message. If all the authentication vectors are used up and the authentication still cannot be completed, the authentication is considered to be failed, the authentication process is abandoned, and a 403Forbidden message is sent to inform the user side.
If the response field in the Authorization header field is not empty, the authentication response password parameter therein is fetched and compared to the retained authentication response Xpassword. If the answer is consistent with the answer, the server considers that the user side answers the question correctly, the user side identity is authenticated successfully, and meanwhile, a 200OK message is sent back to the user side; if the two authentication methods are not consistent, the user side is considered to answer the question incorrectly, and the authentication of the user side fails, then the server should send a 403Forbidden response message to the user side to inform the user side of the failure of the authentication, and abandon the authentication process.
4.2, the server returns a registration result: the server returns the authentication result to the user side, and if the authentication result is successful, the CK and the IK generated by the registration are reserved; and if the registration fails, clearing the CK and the IK generated by the registration.
And 5: the user end receives the verification registration result
The user side receives the verification registration result: the user end receives the return message of the server to judge whether the identity authentication is successful. If the registration request fails, the registration request is reinitiated; if successful, the subsequent message transmissions can be encrypted and decrypted.
Updating of authentication keys
The method for updating the authentication key can refer to the method for updating the authentication key in embodiment 1.
Combination method for updating registration and authentication key
The present combination method can be performed by referring to example 1. Please refer to the "update of the authentication key" in this embodiment.
Handling of registration exceptions
The exception handling case can be referred to as the processing in embodiment 1.
The above disclosure is only an embodiment of the present invention, but the present invention is not limited thereto, and those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. It is to be understood that such changes and modifications are intended to be included within the scope of the appended claims. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims (9)

1. An HTTP-Digest type AKA identity authentication method based on a symmetric key pool is implemented at a user side and is characterized by comprising the following steps:
initiating a registration request to a server, wherein a nonce field of the registration request carries a first random number;
receiving a 401Unauthorized challenge message from the server, the 401Unauthorized challenge message being generated by the server in response to the registration request, a nonce field of the 401Unauthorized challenge message including a message authentication code, an AMF, and a second random number used for generating a negotiation key, the second random number being in a form of a ciphertext, an anonymity key used for encrypting the second random number being generated by the server using the first random number; both parties participating in identity authentication are configured with a symmetric key pool and a corresponding authentication key, and the appointed key seed in the key pool is operated through the second random number and the authentication key to obtain the negotiation key, wherein the negotiation key comprises a confidentiality key CK and an integrity key IK;
the key seed of the confidentiality key CK is N1, the pointer address is Pc, and the length is Lc;
the integrity key IK has a key seed of N2 and a pointer address of PILength of LI
N1 and N2 are respectively taken from the key pool of the own party;
pointer address P of secret key CKC:PC=f3(K,RAND2,PA);
Pointer address P of integrity key IKI:PI=f4(K,RAND2,PA);
In the formula:
f3 and f4 are pointer address algorithms;
k is an authentication key of the server;
RAND2 is a second random number generated by the server;
PAthe total number of the key pools is the symmetric key pool;
the confidentiality key CK and the integrity key IK are N1 and N2, or respectively calculated by a specified key generation algorithm, and are N1 and N2;
and the authentication key is updated according to a preset life cycle;
sequentially verifying the 401Unauthorized question message by using a first random number and a message authentication code, and generating a response message after the verification is passed; sending the response message to a server, and receiving a registration result of the response message from the server, wherein the registration result is a 200OK message or a 403Forbidden message.
2. An HTTP-Digest type AKA identity authentication method based on a symmetric key pool is implemented in a server, and is characterized by comprising the following steps:
receiving a registration request from a user terminal, wherein a nonce field of the registration request carries a first random number;
responding to the registration request to generate a 401Unauthorized challenge message and sending the message to the user side, wherein a nonce field of the 401Unauthorized challenge message comprises a message authentication code, an AMF (advanced metering framework) and a second random number used for generating a negotiation key, the second random number is in a ciphertext form, and an anonymous key used for encrypting the second random number is generated by using the first random number; both parties participating in identity authentication are configured with a symmetric key pool and a corresponding authentication key, and the appointed key seed in the key pool is operated through the second random number and the authentication key to obtain the negotiation key, wherein the negotiation key comprises a confidentiality key CK and an integrity key IK;
the key seed of the confidentiality key CK is N1, the pointer address is Pc, and the length is Lc;
the integrity key IK has a key seed of N2 and a pointer address of PILength of LI
N1 and N2 are respectively taken from the key pool of the own party;
pointer address P of secret key CKC:PC=f3(K,RAND2,PA);
Pointer address P of integrity key IKI:PI=f4(K,RAND2,PA);
In the formula:
f3 and f4 are pointer address algorithms;
k is an authentication key of the server;
RAND2 is a second random number generated by the server;
PAthe total number of the key pools is the symmetric key pool;
the confidentiality key CK and the integrity key IK are N1 and N2, or respectively calculated by a specified key generation algorithm, and are N1 and N2;
and the authentication key is updated according to a preset life cycle;
receiving a response message from the user side, wherein the response message is generated after the 401 Unautered question message is verified by the user side and passes the verification;
and authenticating the response message to obtain a registration result, and sending the registration result to the user side, wherein the registration result is a 200OK message or a 403Forbidden message.
3. An HTTP-Digest type AKA identity authentication method based on a symmetric key pool is implemented between a user side and a server, and is characterized by comprising the following steps:
a user side initiates a registration request to a server, and a nonce field of the registration request carries a first random number;
the server responds to the registration request to generate a 401 Unauturized question message and sends the message to the user side, a nonce field of the 401 Unauturized question message comprises a message authentication code, an AMF and a second random number used for generating a negotiation key, the second random number adopts a ciphertext form, and an anonymous key used for encrypting the second random number is generated by utilizing the first random number; both parties participating in identity authentication are configured with a symmetric key pool and a corresponding authentication key, and the appointed key seed in the key pool is operated through the second random number and the authentication key to obtain the negotiation key, wherein the negotiation key comprises a confidentiality key CK and an integrity key IK;
the key seed of the confidentiality key CK is N1, the pointer address is Pc, and the length is Lc;
the integrity key IK has a key seed of N2 and a pointer address of PILength of LI
N1 and N2 are respectively taken from the key pool of the own party;
pointer address P of secret key CKC:PC=f3(K,RAND2,PA);
Pointer address P of integrity key IKI:PI=f4(K,RAND2,PA);
In the formula:
f3 and f4 are pointer address algorithms;
k is an authentication key of the server;
RAND2 is a second random number generated by the server;
PAthe total number of the key pools is the symmetric key pool;
the confidentiality key CK and the integrity key IK are N1 and N2, or respectively calculated by a specified key generation algorithm, and are N1 and N2;
and the authentication key is updated according to a preset life cycle;
the method comprises the steps that a user side receives a 401 Unautered question message from a server, the 401 Unautered question message is sequentially verified by using a first random number and a message authentication code, and a response message is generated and sent to the server after verification is passed;
the server receives the response message from the user side and authenticates the response message to obtain a registration result, and then the registration result is sent to the user side, wherein the registration result is a 200OK message or a 403Forbidden message;
the user side receives the registration result from the server.
4. The symmetric key pool-based HTTP-Digest class AKA authentication method of claim 3, wherein the registration request includes ids of the client and the server and the first random number; before responding to the registration request and generating 401Unauthorized challenge message, the server performs matching identification and positioning of a symmetric key pool based on the identity identification code, and then generates an authentication vector containing the message authentication code, the AMF and the second random number.
5. The symmetric key pool-based HTTP-Digest class AKA identity authentication method as claimed in claim 3, wherein said 401 Unauuthorized challenge message includes said first random number and a network authentication token, said network authentication token includes AMF, a message authentication code, and said second random number encrypted by an anonymous key;
after receiving the 401Unauthorized question message from the server, the user side performs first verification on the 401Unauthorized question message by comparing a first random number in the 401Unauthorized question message with a local first random number;
the client also verifies the 401Unauthorized challenge message a second time by comparing the message authentication code in the 401Unauthorized challenge message with the locally generated message authentication code.
6. The symmetric key pool-based HTTP-Digest-like AKA identity authentication method according to claim 3, wherein a response field of said response message contains an authentication response calculated by said user side using said second random number and a currently used authentication key;
the server compares the authentication response with a corresponding authentication response generated locally to obtain a registration result, and then sends the registration result to the user side.
7. The symmetric key pool-based HTTP-Digest class AKA identity authentication method of claim 6, wherein the authentication response further comprises a negotiation key.
8. The HTTP-Digest type AKA identity authentication system based on the symmetric key pool comprises a user side, wherein a processor and a memory are arranged on the user side, and the HTTP-Digest type AKA identity authentication system is characterized in that the memory is provided with the following instruction modules for the processor to call and run:
the first module is used for initiating a registration request to the server, and a nonce field of the registration request carries a first random number;
a second module, configured to receive a 401Unauthorized challenge message from the server, where the 401Unauthorized challenge message is generated by the server in response to the registration request, a nonce field of the 401Unauthorized challenge message includes a message authentication code, an AMF, and a second random number used for generating a negotiation key, and the second random number is in a form of a ciphertext, and an anonymous key used for encrypting the second random number is generated by the server using the first random number; both parties participating in identity authentication are configured with a symmetric key pool and a corresponding authentication key, and the appointed key seed in the key pool is operated through the second random number and the authentication key to obtain the negotiation key, wherein the negotiation key comprises a confidentiality key CK and an integrity key IK;
the key seed of the confidentiality key CK is N1, the pointer address is Pc, and the length is Lc;
the integrity key IK has a key seed of N2 and a pointer address of PILength of LI
N1 and N2 are respectively taken from the key pool of the own party;
pointer address P of secret key CKC:PC=f3(K,RAND2,PA);
Pointer address P of integrity key IKI:PI=f4(K,RAND2,PA);
In the formula:
f3 and f4 are pointer address algorithms;
k is an authentication key of the server;
RAND2 is a second random number generated by the server;
PAthe total number of the key pools is the symmetric key pool;
the confidentiality key CK and the integrity key IK are N1 and N2, or respectively calculated by a specified key generation algorithm, and are N1 and N2;
and the authentication key is updated according to a preset life cycle;
a third module, configured to sequentially verify the 401Unauthorized challenge message by using the first random number and the message authentication code, and generate a response message after the verification is passed;
a fourth module, configured to send the response message to a server, and receive a registration result of the response message from the server, where the registration result is a 200OK message or a 403Forbidden message.
9. The HTTP-Digest type AKA identity authentication system based on the symmetric key pool comprises a server, wherein the server is provided with a processor and a memory, and is characterized in that the memory is provided with the following instruction modules for the processor to call and operate:
a fifth module, configured to receive a registration request from a user side, where a nonce field of the registration request carries a first random number;
a sixth module, configured to generate a 401Unauthorized challenge message in response to the registration request, and send the message to the user side, where a nonce field of the 401Unauthorized challenge message includes a message authentication code, an AMF, and a second random number used for generating a negotiation key, and the second random number is in a ciphertext form, where an anonymous key used for encrypting the second random number is generated by using the first random number;
a seventh module, configured to receive a response message from the user side, where the response message is generated after the 401Unauthorized question message is verified by the user side and the verification is passed; both parties participating in identity authentication are configured with a symmetric key pool and a corresponding authentication key, and the appointed key seed in the key pool is operated through the second random number and the authentication key to obtain the negotiation key, wherein the negotiation key comprises a confidentiality key CK and an integrity key IK;
the key seed of the confidentiality key CK is N1, the pointer address is Pc, and the length is Lc;
the integrity key IK has a key seed of N2 and a pointer address of PILength of LI
N1 and N2 are respectively taken from the key pool of the own party;
pointer address P of secret key CKC:PC=f3(K,RAND2,PA);
Pointer address P of integrity key IKI:PI=f4(K,RAND2,PA);
In the formula:
f3 and f4 are pointer address algorithms;
k is an authentication key of the server;
RAND2 is a second random number generated by the server;
PAthe total number of the key pools is the symmetric key pool;
the confidentiality key CK and the integrity key IK are N1 and N2, or respectively calculated by a specified key generation algorithm, and are N1 and N2;
and the authentication key is updated according to a preset life cycle;
and an eighth module, configured to authenticate the response message to obtain a registration result, and send the registration result to the user side, where the registration result is a 200OK message or a 403Forbidden message.
CN201810229963.7A 2018-03-20 2018-03-20 HTTP-Digest class AKA identity authentication system and method based on symmetric key pool Active CN108616350B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810229963.7A CN108616350B (en) 2018-03-20 2018-03-20 HTTP-Digest class AKA identity authentication system and method based on symmetric key pool

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810229963.7A CN108616350B (en) 2018-03-20 2018-03-20 HTTP-Digest class AKA identity authentication system and method based on symmetric key pool

Publications (2)

Publication Number Publication Date
CN108616350A CN108616350A (en) 2018-10-02
CN108616350B true CN108616350B (en) 2021-08-10

Family

ID=63659157

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810229963.7A Active CN108616350B (en) 2018-03-20 2018-03-20 HTTP-Digest class AKA identity authentication system and method based on symmetric key pool

Country Status (1)

Country Link
CN (1) CN108616350B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495244A (en) * 2018-10-16 2019-03-19 如般量子科技有限公司 Anti- quantum calculation cryptographic key negotiation method based on pool of symmetric keys
CN111641498B (en) * 2019-03-01 2022-12-20 中兴通讯股份有限公司 Key determination method and device
WO2020198991A1 (en) * 2019-03-29 2020-10-08 Telefonaktiebolaget Lm Ericsson (Publ) Methods and apparatus relating to authentication of a wireless device
CN113922952B (en) * 2021-09-30 2024-03-01 恒众创美(深圳)发展合伙企业(有限合伙) Access request response method, device, computer equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571409A (en) * 2003-07-25 2005-01-26 华为技术有限公司 A method of safety authentication between media gateway and media gateway controller
CN101194529A (en) * 2005-06-10 2008-06-04 西门子公司 Method for agreeing on a security key between at least one first and one second communications station for securing a communications link
CN101710900A (en) * 2009-12-24 2010-05-19 公安部第一研究所 Method for interacting signaling safely in session ignition protocol (SIP) registration domain
CN103188080A (en) * 2011-12-31 2013-07-03 中兴通讯股份有限公司 Method and system for secret key certification consultation of terminal to terminal based on identify label
WO2018047120A1 (en) * 2016-09-10 2018-03-15 Singanamala Prahlad P A system and method for data block modification detection and authentication codes

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7434050B2 (en) * 2003-12-11 2008-10-07 International Business Machines Corporation Efficient method for providing secure remote access
CN103166931A (en) * 2011-12-15 2013-06-19 华为技术有限公司 Method, device and system of transmitting data safely

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1571409A (en) * 2003-07-25 2005-01-26 华为技术有限公司 A method of safety authentication between media gateway and media gateway controller
CN101194529A (en) * 2005-06-10 2008-06-04 西门子公司 Method for agreeing on a security key between at least one first and one second communications station for securing a communications link
CN101710900A (en) * 2009-12-24 2010-05-19 公安部第一研究所 Method for interacting signaling safely in session ignition protocol (SIP) registration domain
CN103188080A (en) * 2011-12-31 2013-07-03 中兴通讯股份有限公司 Method and system for secret key certification consultation of terminal to terminal based on identify label
WO2018047120A1 (en) * 2016-09-10 2018-03-15 Singanamala Prahlad P A system and method for data block modification detection and authentication codes

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种基于口令与对称密钥体制的双向身份认证方案;李纯等;《信息安全与技术》;20150710;正文第26-28页 *

Also Published As

Publication number Publication date
CN108616350A (en) 2018-10-02

Similar Documents

Publication Publication Date Title
Banerjee et al. A provably secure and lightweight anonymous user authenticated session key exchange scheme for Internet of Things deployment
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
CN109347809B (en) Application virtualization secure communication method oriented to autonomous controllable environment
US20240243907A1 (en) Internet of things security with multi-party computation (mpc)
US7607012B2 (en) Method for securing a communication
CN108599926B (en) HTTP-Digest improved AKA identity authentication system and method based on symmetric key pool
US8793497B2 (en) Puzzle-based authentication between a token and verifiers
CN108616350B (en) HTTP-Digest class AKA identity authentication system and method based on symmetric key pool
US8595501B2 (en) Network helper for authentication between a token and verifiers
Guo et al. FogHA: An efficient handover authentication for mobile devices in fog computing
CN108712252B (en) Symmetric key pool and relay-crossing based AKA identity authentication system and method
JP2000083018A (en) Method for transmitting information needing secrecy by first using communication that is not kept secret
Nikooghadam et al. A secure and robust elliptic curve cryptography‐based mutual authentication scheme for session initiation protocol
CN110493162A (en) Identity identifying method and system based on wearable device
CN108768632B (en) AKA identity authentication system and method based on symmetric key pool and relay communication
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN108964888B (en) Improved AKA identity authentication system and method based on symmetric key pool and relay communication
Sammoud et al. A secure and lightweight three-factor authentication and key generation scheme for direct communication between healthcare professionals and patient’s WMSN
Perez et al. EDHOC Is a New Security Handshake Standard: An Overview of Security Analysis
Majumder et al. ESOTP: ECC‐based secure object tracking protocol for IoT communication
Bala et al. Separate session key generation approach for network and application flows in LoRaWAN
CN114386020A (en) Quick secondary identity authentication method and system based on quantum security
CN108768661B (en) Improved AKA identity authentication system and method based on symmetric key pool and cross-relay
Bresciani The ZRTP Protocol-Analysis on the Diffie-Hellman mode
CN108965243B (en) Symmetric key pool and cross-relay based AKA-like identity authentication system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant